flasn4nt
/
grpc-java
mirror of https://github.com/grpc/grpc-java.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

xds: import envoy proto for WRR (#9898)

This commit is contained in:
yifeizhuang 2023-02-16 15:23:28 -08:00 committed by GitHub
parent e3bd5baeda
commit 4ef0200f6b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
64 changed files with 1836 additions and 904 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
xds/src/test/java/io/grpc/xds/XdsClientImplDataTest.java
View File

@ -802,6 +802,7 @@ public class XdsClientImplDataTest {
}
@Test
@SuppressWarnings("deprecation")
public void parseRouteAction_withHashPolicies() {
io.envoyproxy.envoy.config.route.v3.RouteAction proto =
io.envoyproxy.envoy.config.route.v3.RouteAction.newBuilder()

7
xds/third_party/envoy/import.sh vendored
View File

@ -18,7 +18,7 @@
set -e
BRANCH=main
# import VERSION from the google internal copybara_version.txt for Envoy
VERSION=2f99e0c9f83b6c91b42d215a148ed49ce0f174fd
VERSION=8affda4b71b05c9b272dbd031b7810418fb26211
GIT_REPO="https://github.com/envoyproxy/envoy.git"
GIT_BASE_DIR=envoy
SOURCE_PROTO_BASE_DIR=envoy/api
@ -26,6 +26,7 @@ TARGET_PROTO_BASE_DIR=src/main/proto
# Sorted alphabetically.
FILES=(
envoy/admin/v3/config_dump.proto
envoy/admin/v3/config_dump_shared.proto
envoy/annotations/deprecation.proto
envoy/annotations/resource.proto
envoy/api/v2/auth/cert.proto
@ -120,6 +121,7 @@ envoy/config/trace/v3/dynamic_ot.proto
envoy/config/trace/v3/http_tracer.proto
envoy/config/trace/v3/lightstep.proto
envoy/config/trace/v3/opencensus.proto
envoy/config/trace/v3/opentelemetry.proto
envoy/config/trace/v3/service.proto
envoy/config/trace/v3/trace.proto
envoy/config/trace/v3/zipkin.proto
@ -129,6 +131,8 @@ envoy/extensions/filters/http/fault/v3/fault.proto
envoy/extensions/filters/http/rbac/v3/rbac.proto
envoy/extensions/filters/http/router/v3/router.proto
envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto
envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.proto
envoy/extensions/load_balancing_policies/common/v3/common.proto
envoy/extensions/load_balancing_policies/least_request/v3/least_request.proto
envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.proto
envoy/extensions/load_balancing_policies/round_robin/v3/round_robin.proto
@ -151,6 +155,7 @@ envoy/type/matcher/number.proto
envoy/type/matcher/path.proto
envoy/type/matcher/regex.proto
envoy/type/matcher/string.proto
envoy/type/matcher/v3/filter_state.proto
envoy/type/matcher/v3/metadata.proto
envoy/type/matcher/v3/node.proto
envoy/type/matcher/v3/number.proto

377
xds/third_party/envoy/src/main/proto/envoy/admin/v3/config_dump.proto vendored
View File

@ -2,6 +2,7 @@ syntax = "proto3";
package envoy.admin.v3;
import "envoy/admin/v3/config_dump_shared.proto";
import "envoy/config/bootstrap/v3/bootstrap.proto";
import "google/protobuf/any.proto";
@ -18,31 +19,6 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
// [#protodoc-title: ConfigDump]
// Resource status from the view of a xDS client, which tells the synchronization
// status between the xDS client and the xDS server.
enum ClientResourceStatus {
// Resource status is not available/unknown.
UNKNOWN = 0;
// Client requested this resource but hasn't received any update from management
// server. The client will not fail requests, but will queue them until update
// arrives or the client times out waiting for the resource.
REQUESTED = 1;
// This resource has been requested by the client but has either not been
// delivered by the server or was previously delivered by the server and then
// subsequently removed from resources provided by the server. For more
// information, please refer to the :ref:`"Knowing When a Requested Resource
// Does Not Exist" <xds_protocol_resource_not_existed>` section.
DOES_NOT_EXIST = 2;
// Client received this resource and replied with ACK.
ACKED = 3;
// Client received this resource and replied with NACK.
NACKED = 4;
}
// The :ref:`/config_dump <operations_admin_interface_config_dump>` admin endpoint uses this wrapper
// message to maintain and serve arbitrary configuration information from any component in Envoy.
message ConfigDump {
@ -54,15 +30,20 @@ message ConfigDump {
// The following configurations are currently supported and will be dumped in the order given
// below:
//
// * *bootstrap*: :ref:`BootstrapConfigDump <envoy_v3_api_msg_admin.v3.BootstrapConfigDump>`
// * *clusters*: :ref:`ClustersConfigDump <envoy_v3_api_msg_admin.v3.ClustersConfigDump>`
// * *endpoints*: :ref:`EndpointsConfigDump <envoy_v3_api_msg_admin.v3.EndpointsConfigDump>`
// * *listeners*: :ref:`ListenersConfigDump <envoy_v3_api_msg_admin.v3.ListenersConfigDump>`
// * *scoped_routes*: :ref:`ScopedRoutesConfigDump <envoy_v3_api_msg_admin.v3.ScopedRoutesConfigDump>`
// * *routes*: :ref:`RoutesConfigDump <envoy_v3_api_msg_admin.v3.RoutesConfigDump>`
// * *secrets*: :ref:`SecretsConfigDump <envoy_v3_api_msg_admin.v3.SecretsConfigDump>`
// * ``bootstrap``: :ref:`BootstrapConfigDump <envoy_v3_api_msg_admin.v3.BootstrapConfigDump>`
// * ``clusters``: :ref:`ClustersConfigDump <envoy_v3_api_msg_admin.v3.ClustersConfigDump>`
// * ``ecds_filter_http``: :ref:`EcdsConfigDump <envoy_v3_api_msg_admin.v3.EcdsConfigDump>`
// * ``ecds_filter_tcp_listener``: :ref:`EcdsConfigDump <envoy_v3_api_msg_admin.v3.EcdsConfigDump>`
// * ``endpoints``: :ref:`EndpointsConfigDump <envoy_v3_api_msg_admin.v3.EndpointsConfigDump>`
// * ``listeners``: :ref:`ListenersConfigDump <envoy_v3_api_msg_admin.v3.ListenersConfigDump>`
// * ``scoped_routes``: :ref:`ScopedRoutesConfigDump <envoy_v3_api_msg_admin.v3.ScopedRoutesConfigDump>`
// * ``routes``: :ref:`RoutesConfigDump <envoy_v3_api_msg_admin.v3.RoutesConfigDump>`
// * ``secrets``: :ref:`SecretsConfigDump <envoy_v3_api_msg_admin.v3.SecretsConfigDump>`
//
// EDS Configuration will only be dumped by using parameter `?include_eds`
// EDS Configuration will only be dumped by using parameter ``?include_eds``
//
// Currently ECDS is supported in HTTP and listener filters. Note, ECDS configuration for
// either HTTP or listener filter will only be dumped if it is actually configured.
//
// You can filter output with the resource and mask query parameters.
// See :ref:`/config_dump?resource={} <operations_admin_interface_config_dump_by_resource>`,
@ -72,25 +53,6 @@ message ConfigDump {
repeated google.protobuf.Any configs = 1;
}
message UpdateFailureState {
option (udpa.annotations.versioning).previous_message_type =
"envoy.admin.v2alpha.UpdateFailureState";
// What the component configuration would have been if the update had succeeded.
// This field may not be populated by xDS clients due to storage overhead.
google.protobuf.Any failed_configuration = 1;
// Time of the latest failed update attempt.
google.protobuf.Timestamp last_update_attempt = 2;
// Details about the last failed update attempt.
string details = 3;
// This is the version of the rejected resource.
// [#not-implemented-hide:]
string version_info = 4;
}
// This message describes the bootstrap configuration that Envoy was started with. This includes
// any CLI overrides that were merged. Bootstrap configuration information can be used to recreate
// the static portions of an Envoy configuration by reusing the output as the bootstrap
@ -105,273 +67,6 @@ message BootstrapConfigDump {
google.protobuf.Timestamp last_updated = 2;
}
// Envoy's listener manager fills this message with all currently known listeners. Listener
// configuration information can be used to recreate an Envoy configuration by populating all
// listeners as static listeners or by returning them in a LDS response.
message ListenersConfigDump {
option (udpa.annotations.versioning).previous_message_type =
"envoy.admin.v2alpha.ListenersConfigDump";
// Describes a statically loaded listener.
message StaticListener {
option (udpa.annotations.versioning).previous_message_type =
"envoy.admin.v2alpha.ListenersConfigDump.StaticListener";
// The listener config.
google.protobuf.Any listener = 1;
// The timestamp when the Listener was last successfully updated.
google.protobuf.Timestamp last_updated = 2;
}
message DynamicListenerState {
option (udpa.annotations.versioning).previous_message_type =
"envoy.admin.v2alpha.ListenersConfigDump.DynamicListenerState";
// This is the per-resource version information. This version is currently taken from the
// :ref:`version_info <envoy_v3_api_field_service.discovery.v3.DiscoveryResponse.version_info>` field at the time
// that the listener was loaded. In the future, discrete per-listener versions may be supported
// by the API.
string version_info = 1;
// The listener config.
google.protobuf.Any listener = 2;
// The timestamp when the Listener was last successfully updated.
google.protobuf.Timestamp last_updated = 3;
}
// Describes a dynamically loaded listener via the LDS API.
// [#next-free-field: 7]
message DynamicListener {
option (udpa.annotations.versioning).previous_message_type =
"envoy.admin.v2alpha.ListenersConfigDump.DynamicListener";
// The name or unique id of this listener, pulled from the DynamicListenerState config.
string name = 1;
// The listener state for any active listener by this name.
// These are listeners that are available to service data plane traffic.
DynamicListenerState active_state = 2;
// The listener state for any warming listener by this name.
// These are listeners that are currently undergoing warming in preparation to service data
// plane traffic. Note that if attempting to recreate an Envoy configuration from a
// configuration dump, the warming listeners should generally be discarded.
DynamicListenerState warming_state = 3;
// The listener state for any draining listener by this name.
// These are listeners that are currently undergoing draining in preparation to stop servicing
// data plane traffic. Note that if attempting to recreate an Envoy configuration from a
// configuration dump, the draining listeners should generally be discarded.
DynamicListenerState draining_state = 4;
// Set if the last update failed, cleared after the next successful update.
// The *error_state* field contains the rejected version of this particular
// resource along with the reason and timestamp. For successfully updated or
// acknowledged resource, this field should be empty.
UpdateFailureState error_state = 5;
// The client status of this resource.
// [#not-implemented-hide:]
ClientResourceStatus client_status = 6;
}
// This is the :ref:`version_info <envoy_v3_api_field_service.discovery.v3.DiscoveryResponse.version_info>` in the
// last processed LDS discovery response. If there are only static bootstrap listeners, this field
// will be "".
string version_info = 1;
// The statically loaded listener configs.
repeated StaticListener static_listeners = 2;
// State for any warming, active, or draining listeners.
repeated DynamicListener dynamic_listeners = 3;
}
// Envoy's cluster manager fills this message with all currently known clusters. Cluster
// configuration information can be used to recreate an Envoy configuration by populating all
// clusters as static clusters or by returning them in a CDS response.
message ClustersConfigDump {
option (udpa.annotations.versioning).previous_message_type =
"envoy.admin.v2alpha.ClustersConfigDump";
// Describes a statically loaded cluster.
message StaticCluster {
option (udpa.annotations.versioning).previous_message_type =
"envoy.admin.v2alpha.ClustersConfigDump.StaticCluster";
// The cluster config.
google.protobuf.Any cluster = 1;
// The timestamp when the Cluster was last updated.
google.protobuf.Timestamp last_updated = 2;
}
// Describes a dynamically loaded cluster via the CDS API.
// [#next-free-field: 6]
message DynamicCluster {
option (udpa.annotations.versioning).previous_message_type =
"envoy.admin.v2alpha.ClustersConfigDump.DynamicCluster";
// This is the per-resource version information. This version is currently taken from the
// :ref:`version_info <envoy_v3_api_field_service.discovery.v3.DiscoveryResponse.version_info>` field at the time
// that the cluster was loaded. In the future, discrete per-cluster versions may be supported by
// the API.
string version_info = 1;
// The cluster config.
google.protobuf.Any cluster = 2;
// The timestamp when the Cluster was last updated.
google.protobuf.Timestamp last_updated = 3;
// Set if the last update failed, cleared after the next successful update.
// The *error_state* field contains the rejected version of this particular
// resource along with the reason and timestamp. For successfully updated or
// acknowledged resource, this field should be empty.
// [#not-implemented-hide:]
UpdateFailureState error_state = 4;
// The client status of this resource.
// [#not-implemented-hide:]
ClientResourceStatus client_status = 5;
}
// This is the :ref:`version_info <envoy_v3_api_field_service.discovery.v3.DiscoveryResponse.version_info>` in the
// last processed CDS discovery response. If there are only static bootstrap clusters, this field
// will be "".
string version_info = 1;
// The statically loaded cluster configs.
repeated StaticCluster static_clusters = 2;
// The dynamically loaded active clusters. These are clusters that are available to service
// data plane traffic.
repeated DynamicCluster dynamic_active_clusters = 3;
// The dynamically loaded warming clusters. These are clusters that are currently undergoing
// warming in preparation to service data plane traffic. Note that if attempting to recreate an
// Envoy configuration from a configuration dump, the warming clusters should generally be
// discarded.
repeated DynamicCluster dynamic_warming_clusters = 4;
}
// Envoy's RDS implementation fills this message with all currently loaded routes, as described by
// their RouteConfiguration objects. Static routes that are either defined in the bootstrap configuration
// or defined inline while configuring listeners are separated from those configured dynamically via RDS.
// Route configuration information can be used to recreate an Envoy configuration by populating all routes
// as static routes or by returning them in RDS responses.
message RoutesConfigDump {
option (udpa.annotations.versioning).previous_message_type =
"envoy.admin.v2alpha.RoutesConfigDump";
message StaticRouteConfig {
option (udpa.annotations.versioning).previous_message_type =
"envoy.admin.v2alpha.RoutesConfigDump.StaticRouteConfig";
// The route config.
google.protobuf.Any route_config = 1;
// The timestamp when the Route was last updated.
google.protobuf.Timestamp last_updated = 2;
}
// [#next-free-field: 6]
message DynamicRouteConfig {
option (udpa.annotations.versioning).previous_message_type =
"envoy.admin.v2alpha.RoutesConfigDump.DynamicRouteConfig";
// This is the per-resource version information. This version is currently taken from the
// :ref:`version_info <envoy_v3_api_field_service.discovery.v3.DiscoveryResponse.version_info>` field at the time that
// the route configuration was loaded.
string version_info = 1;
// The route config.
google.protobuf.Any route_config = 2;
// The timestamp when the Route was last updated.
google.protobuf.Timestamp last_updated = 3;
// Set if the last update failed, cleared after the next successful update.
// The *error_state* field contains the rejected version of this particular
// resource along with the reason and timestamp. For successfully updated or
// acknowledged resource, this field should be empty.
// [#not-implemented-hide:]
UpdateFailureState error_state = 4;
// The client status of this resource.
// [#not-implemented-hide:]
ClientResourceStatus client_status = 5;
}
// The statically loaded route configs.
repeated StaticRouteConfig static_route_configs = 2;
// The dynamically loaded route configs.
repeated DynamicRouteConfig dynamic_route_configs = 3;
}
// Envoy's scoped RDS implementation fills this message with all currently loaded route
// configuration scopes (defined via ScopedRouteConfigurationsSet protos). This message lists both
// the scopes defined inline with the higher order object (i.e., the HttpConnectionManager) and the
// dynamically obtained scopes via the SRDS API.
message ScopedRoutesConfigDump {
option (udpa.annotations.versioning).previous_message_type =
"envoy.admin.v2alpha.ScopedRoutesConfigDump";
message InlineScopedRouteConfigs {
option (udpa.annotations.versioning).previous_message_type =
"envoy.admin.v2alpha.ScopedRoutesConfigDump.InlineScopedRouteConfigs";
// The name assigned to the scoped route configurations.
string name = 1;
// The scoped route configurations.
repeated google.protobuf.Any scoped_route_configs = 2;
// The timestamp when the scoped route config set was last updated.
google.protobuf.Timestamp last_updated = 3;
}
// [#next-free-field: 7]
message DynamicScopedRouteConfigs {
option (udpa.annotations.versioning).previous_message_type =
"envoy.admin.v2alpha.ScopedRoutesConfigDump.DynamicScopedRouteConfigs";
// The name assigned to the scoped route configurations.
string name = 1;
// This is the per-resource version information. This version is currently taken from the
// :ref:`version_info <envoy_v3_api_field_service.discovery.v3.DiscoveryResponse.version_info>` field at the time that
// the scoped routes configuration was loaded.
string version_info = 2;
// The scoped route configurations.
repeated google.protobuf.Any scoped_route_configs = 3;
// The timestamp when the scoped route config set was last updated.
google.protobuf.Timestamp last_updated = 4;
// Set if the last update failed, cleared after the next successful update.
// The *error_state* field contains the rejected version of this particular
// resource along with the reason and timestamp. For successfully updated or
// acknowledged resource, this field should be empty.
// [#not-implemented-hide:]
UpdateFailureState error_state = 5;
// The client status of this resource.
// [#not-implemented-hide:]
ClientResourceStatus client_status = 6;
}
// The statically loaded scoped route configs.
repeated InlineScopedRouteConfigs inline_scoped_route_configs = 1;
// The dynamically loaded scoped route configs.
repeated DynamicScopedRouteConfigs dynamic_scoped_route_configs = 2;
}
// Envoys SDS implementation fills this message with all secrets fetched dynamically via SDS.
message SecretsConfigDump {
option (udpa.annotations.versioning).previous_message_type =
@ -437,47 +132,3 @@ message SecretsConfigDump {
// warming in preparation to service clusters or listeners.
repeated DynamicSecret dynamic_warming_secrets = 3;
}
// Envoy's admin fill this message with all currently known endpoints. Endpoint
// configuration information can be used to recreate an Envoy configuration by populating all
// endpoints as static endpoints or by returning them in an EDS response.
message EndpointsConfigDump {
message StaticEndpointConfig {
// The endpoint config.
google.protobuf.Any endpoint_config = 1;
// [#not-implemented-hide:] The timestamp when the Endpoint was last updated.
google.protobuf.Timestamp last_updated = 2;
}
// [#next-free-field: 6]
message DynamicEndpointConfig {
// [#not-implemented-hide:] This is the per-resource version information. This version is currently taken from the
// :ref:`version_info <envoy_v3_api_field_service.discovery.v3.DiscoveryResponse.version_info>` field at the time that
// the endpoint configuration was loaded.
string version_info = 1;
// The endpoint config.
google.protobuf.Any endpoint_config = 2;
// [#not-implemented-hide:] The timestamp when the Endpoint was last updated.
google.protobuf.Timestamp last_updated = 3;
// Set if the last update failed, cleared after the next successful update.
// The *error_state* field contains the rejected version of this particular
// resource along with the reason and timestamp. For successfully updated or
// acknowledged resource, this field should be empty.
// [#not-implemented-hide:]
UpdateFailureState error_state = 4;
// The client status of this resource.
// [#not-implemented-hide:]
ClientResourceStatus client_status = 5;
}
// The statically loaded endpoint configs.
repeated StaticEndpointConfig static_endpoint_configs = 2;
// The dynamically loaded endpoint configs.
repeated DynamicEndpointConfig dynamic_endpoint_configs = 3;
}

412
xds/third_party/envoy/src/main/proto/envoy/admin/v3/config_dump_shared.proto vendored Normal file
View File

@ -0,0 +1,412 @@
syntax = "proto3";
package envoy.admin.v3;
import "google/protobuf/any.proto";
import "google/protobuf/timestamp.proto";
import "udpa/annotations/status.proto";
import "udpa/annotations/versioning.proto";
option java_package = "io.envoyproxy.envoy.admin.v3";
option java_outer_classname = "ConfigDumpSharedProto";
option java_multiple_files = true;
option go_package = "github.com/envoyproxy/go-control-plane/envoy/admin/v3;adminv3";
option (udpa.annotations.file_status).package_version_status = ACTIVE;
// [#protodoc-title: ConfigDump]
// Resource status from the view of a xDS client, which tells the synchronization
// status between the xDS client and the xDS server.
enum ClientResourceStatus {
// Resource status is not available/unknown.
UNKNOWN = 0;
// Client requested this resource but hasn't received any update from management
// server. The client will not fail requests, but will queue them until update
// arrives or the client times out waiting for the resource.
REQUESTED = 1;
// This resource has been requested by the client but has either not been
// delivered by the server or was previously delivered by the server and then
// subsequently removed from resources provided by the server. For more
// information, please refer to the :ref:`"Knowing When a Requested Resource
// Does Not Exist" <xds_protocol_resource_not_existed>` section.
DOES_NOT_EXIST = 2;
// Client received this resource and replied with ACK.
ACKED = 3;
// Client received this resource and replied with NACK.
NACKED = 4;
}
message UpdateFailureState {
option (udpa.annotations.versioning).previous_message_type =
"envoy.admin.v2alpha.UpdateFailureState";
// What the component configuration would have been if the update had succeeded.
// This field may not be populated by xDS clients due to storage overhead.
google.protobuf.Any failed_configuration = 1;
// Time of the latest failed update attempt.
google.protobuf.Timestamp last_update_attempt = 2;
// Details about the last failed update attempt.
string details = 3;
// This is the version of the rejected resource.
// [#not-implemented-hide:]
string version_info = 4;
}
// Envoy's listener manager fills this message with all currently known listeners. Listener
// configuration information can be used to recreate an Envoy configuration by populating all
// listeners as static listeners or by returning them in a LDS response.
message ListenersConfigDump {
option (udpa.annotations.versioning).previous_message_type =
"envoy.admin.v2alpha.ListenersConfigDump";
// Describes a statically loaded listener.
message StaticListener {
option (udpa.annotations.versioning).previous_message_type =
"envoy.admin.v2alpha.ListenersConfigDump.StaticListener";
// The listener config.
google.protobuf.Any listener = 1;
// The timestamp when the Listener was last successfully updated.
google.protobuf.Timestamp last_updated = 2;
}
message DynamicListenerState {
option (udpa.annotations.versioning).previous_message_type =
"envoy.admin.v2alpha.ListenersConfigDump.DynamicListenerState";
// This is the per-resource version information. This version is currently taken from the
// :ref:`version_info <envoy_v3_api_field_service.discovery.v3.DiscoveryResponse.version_info>` field at the time
// that the listener was loaded. In the future, discrete per-listener versions may be supported
// by the API.
string version_info = 1;
// The listener config.
google.protobuf.Any listener = 2;
// The timestamp when the Listener was last successfully updated.
google.protobuf.Timestamp last_updated = 3;
}
// Describes a dynamically loaded listener via the LDS API.
// [#next-free-field: 7]
message DynamicListener {
option (udpa.annotations.versioning).previous_message_type =
"envoy.admin.v2alpha.ListenersConfigDump.DynamicListener";
// The name or unique id of this listener, pulled from the DynamicListenerState config.
string name = 1;
// The listener state for any active listener by this name.
// These are listeners that are available to service data plane traffic.
DynamicListenerState active_state = 2;
// The listener state for any warming listener by this name.
// These are listeners that are currently undergoing warming in preparation to service data
// plane traffic. Note that if attempting to recreate an Envoy configuration from a
// configuration dump, the warming listeners should generally be discarded.
DynamicListenerState warming_state = 3;
// The listener state for any draining listener by this name.
// These are listeners that are currently undergoing draining in preparation to stop servicing
// data plane traffic. Note that if attempting to recreate an Envoy configuration from a
// configuration dump, the draining listeners should generally be discarded.
DynamicListenerState draining_state = 4;
// Set if the last update failed, cleared after the next successful update.
// The ``error_state`` field contains the rejected version of this particular
// resource along with the reason and timestamp. For successfully updated or
// acknowledged resource, this field should be empty.
UpdateFailureState error_state = 5;
// The client status of this resource.
// [#not-implemented-hide:]
ClientResourceStatus client_status = 6;
}
// This is the :ref:`version_info <envoy_v3_api_field_service.discovery.v3.DiscoveryResponse.version_info>` in the
// last processed LDS discovery response. If there are only static bootstrap listeners, this field
// will be "".
string version_info = 1;
// The statically loaded listener configs.
repeated StaticListener static_listeners = 2;
// State for any warming, active, or draining listeners.
repeated DynamicListener dynamic_listeners = 3;
}
// Envoy's cluster manager fills this message with all currently known clusters. Cluster
// configuration information can be used to recreate an Envoy configuration by populating all
// clusters as static clusters or by returning them in a CDS response.
message ClustersConfigDump {
option (udpa.annotations.versioning).previous_message_type =
"envoy.admin.v2alpha.ClustersConfigDump";
// Describes a statically loaded cluster.
message StaticCluster {
option (udpa.annotations.versioning).previous_message_type =
"envoy.admin.v2alpha.ClustersConfigDump.StaticCluster";
// The cluster config.
google.protobuf.Any cluster = 1;
// The timestamp when the Cluster was last updated.
google.protobuf.Timestamp last_updated = 2;
}
// Describes a dynamically loaded cluster via the CDS API.
// [#next-free-field: 6]
message DynamicCluster {
option (udpa.annotations.versioning).previous_message_type =
"envoy.admin.v2alpha.ClustersConfigDump.DynamicCluster";
// This is the per-resource version information. This version is currently taken from the
// :ref:`version_info <envoy_v3_api_field_service.discovery.v3.DiscoveryResponse.version_info>` field at the time
// that the cluster was loaded. In the future, discrete per-cluster versions may be supported by
// the API.
string version_info = 1;
// The cluster config.
google.protobuf.Any cluster = 2;
// The timestamp when the Cluster was last updated.
google.protobuf.Timestamp last_updated = 3;
// Set if the last update failed, cleared after the next successful update.
// The ``error_state`` field contains the rejected version of this particular
// resource along with the reason and timestamp. For successfully updated or
// acknowledged resource, this field should be empty.
// [#not-implemented-hide:]
UpdateFailureState error_state = 4;
// The client status of this resource.
// [#not-implemented-hide:]
ClientResourceStatus client_status = 5;
}
// This is the :ref:`version_info <envoy_v3_api_field_service.discovery.v3.DiscoveryResponse.version_info>` in the
// last processed CDS discovery response. If there are only static bootstrap clusters, this field
// will be "".
string version_info = 1;
// The statically loaded cluster configs.
repeated StaticCluster static_clusters = 2;
// The dynamically loaded active clusters. These are clusters that are available to service
// data plane traffic.
repeated DynamicCluster dynamic_active_clusters = 3;
// The dynamically loaded warming clusters. These are clusters that are currently undergoing
// warming in preparation to service data plane traffic. Note that if attempting to recreate an
// Envoy configuration from a configuration dump, the warming clusters should generally be
// discarded.
repeated DynamicCluster dynamic_warming_clusters = 4;
}
// Envoy's RDS implementation fills this message with all currently loaded routes, as described by
// their RouteConfiguration objects. Static routes that are either defined in the bootstrap configuration
// or defined inline while configuring listeners are separated from those configured dynamically via RDS.
// Route configuration information can be used to recreate an Envoy configuration by populating all routes
// as static routes or by returning them in RDS responses.
message RoutesConfigDump {
option (udpa.annotations.versioning).previous_message_type =
"envoy.admin.v2alpha.RoutesConfigDump";
message StaticRouteConfig {
option (udpa.annotations.versioning).previous_message_type =
"envoy.admin.v2alpha.RoutesConfigDump.StaticRouteConfig";
// The route config.
google.protobuf.Any route_config = 1;
// The timestamp when the Route was last updated.
google.protobuf.Timestamp last_updated = 2;
}
// [#next-free-field: 6]
message DynamicRouteConfig {
option (udpa.annotations.versioning).previous_message_type =
"envoy.admin.v2alpha.RoutesConfigDump.DynamicRouteConfig";
// This is the per-resource version information. This version is currently taken from the
// :ref:`version_info <envoy_v3_api_field_service.discovery.v3.DiscoveryResponse.version_info>` field at the time that
// the route configuration was loaded.
string version_info = 1;
// The route config.
google.protobuf.Any route_config = 2;
// The timestamp when the Route was last updated.
google.protobuf.Timestamp last_updated = 3;
// Set if the last update failed, cleared after the next successful update.
// The ``error_state`` field contains the rejected version of this particular
// resource along with the reason and timestamp. For successfully updated or
// acknowledged resource, this field should be empty.
// [#not-implemented-hide:]
UpdateFailureState error_state = 4;
// The client status of this resource.
// [#not-implemented-hide:]
ClientResourceStatus client_status = 5;
}
// The statically loaded route configs.
repeated StaticRouteConfig static_route_configs = 2;
// The dynamically loaded route configs.
repeated DynamicRouteConfig dynamic_route_configs = 3;
}
// Envoy's scoped RDS implementation fills this message with all currently loaded route
// configuration scopes (defined via ScopedRouteConfigurationsSet protos). This message lists both
// the scopes defined inline with the higher order object (i.e., the HttpConnectionManager) and the
// dynamically obtained scopes via the SRDS API.
message ScopedRoutesConfigDump {
option (udpa.annotations.versioning).previous_message_type =
"envoy.admin.v2alpha.ScopedRoutesConfigDump";
message InlineScopedRouteConfigs {
option (udpa.annotations.versioning).previous_message_type =
"envoy.admin.v2alpha.ScopedRoutesConfigDump.InlineScopedRouteConfigs";
// The name assigned to the scoped route configurations.
string name = 1;
// The scoped route configurations.
repeated google.protobuf.Any scoped_route_configs = 2;
// The timestamp when the scoped route config set was last updated.
google.protobuf.Timestamp last_updated = 3;
}
// [#next-free-field: 7]
message DynamicScopedRouteConfigs {
option (udpa.annotations.versioning).previous_message_type =
"envoy.admin.v2alpha.ScopedRoutesConfigDump.DynamicScopedRouteConfigs";
// The name assigned to the scoped route configurations.
string name = 1;
// This is the per-resource version information. This version is currently taken from the
// :ref:`version_info <envoy_v3_api_field_service.discovery.v3.DiscoveryResponse.version_info>` field at the time that
// the scoped routes configuration was loaded.
string version_info = 2;
// The scoped route configurations.
repeated google.protobuf.Any scoped_route_configs = 3;
// The timestamp when the scoped route config set was last updated.
google.protobuf.Timestamp last_updated = 4;
// Set if the last update failed, cleared after the next successful update.
// The ``error_state`` field contains the rejected version of this particular
// resource along with the reason and timestamp. For successfully updated or
// acknowledged resource, this field should be empty.
// [#not-implemented-hide:]
UpdateFailureState error_state = 5;
// The client status of this resource.
// [#not-implemented-hide:]
ClientResourceStatus client_status = 6;
}
// The statically loaded scoped route configs.
repeated InlineScopedRouteConfigs inline_scoped_route_configs = 1;
// The dynamically loaded scoped route configs.
repeated DynamicScopedRouteConfigs dynamic_scoped_route_configs = 2;
}
// Envoy's admin fill this message with all currently known endpoints. Endpoint
// configuration information can be used to recreate an Envoy configuration by populating all
// endpoints as static endpoints or by returning them in an EDS response.
message EndpointsConfigDump {
message StaticEndpointConfig {
// The endpoint config.
google.protobuf.Any endpoint_config = 1;
// [#not-implemented-hide:] The timestamp when the Endpoint was last updated.
google.protobuf.Timestamp last_updated = 2;
}
// [#next-free-field: 6]
message DynamicEndpointConfig {
// [#not-implemented-hide:] This is the per-resource version information. This version is currently taken from the
// :ref:`version_info <envoy_v3_api_field_service.discovery.v3.DiscoveryResponse.version_info>` field at the time that
// the endpoint configuration was loaded.
string version_info = 1;
// The endpoint config.
google.protobuf.Any endpoint_config = 2;
// [#not-implemented-hide:] The timestamp when the Endpoint was last updated.
google.protobuf.Timestamp last_updated = 3;
// Set if the last update failed, cleared after the next successful update.
// The ``error_state`` field contains the rejected version of this particular
// resource along with the reason and timestamp. For successfully updated or
// acknowledged resource, this field should be empty.
// [#not-implemented-hide:]
UpdateFailureState error_state = 4;
// The client status of this resource.
// [#not-implemented-hide:]
ClientResourceStatus client_status = 5;
}
// The statically loaded endpoint configs.
repeated StaticEndpointConfig static_endpoint_configs = 2;
// The dynamically loaded endpoint configs.
repeated DynamicEndpointConfig dynamic_endpoint_configs = 3;
}
// Envoy's ECDS service fills this message with all currently extension
// configuration. Extension configuration information can be used to recreate
// an Envoy ECDS listener and HTTP filters as static filters or by returning
// them in ECDS response.
message EcdsConfigDump {
option (udpa.annotations.versioning).previous_message_type = "envoy.admin.v2alpha.EcdsConfigDump";
// [#next-free-field: 6]
message EcdsFilterConfig {
option (udpa.annotations.versioning).previous_message_type =
"envoy.admin.v2alpha.EcdsConfigDump.EcdsFilterConfig";
// This is the per-resource version information. This version is currently
// taken from the :ref:`version_info
// <envoy_v3_api_field_service.discovery.v3.DiscoveryResponse.version_info>`
// field at the time that the ECDS filter was loaded.
string version_info = 1;
// The ECDS filter config.
google.protobuf.Any ecds_filter = 2;
// The timestamp when the ECDS filter was last updated.
google.protobuf.Timestamp last_updated = 3;
// Set if the last update failed, cleared after the next successful update.
// The ``error_state`` field contains the rejected version of this
// particular resource along with the reason and timestamp. For successfully
// updated or acknowledged resource, this field should be empty.
// [#not-implemented-hide:]
UpdateFailureState error_state = 4;
// The client status of this resource.
// [#not-implemented-hide:]
ClientResourceStatus client_status = 5;
}
// The ECDS filter configs.
repeated EcdsFilterConfig ecds_filters = 1;
}

6
xds/third_party/envoy/src/main/proto/envoy/api/v2/cluster/outlier_detection.proto vendored
View File

@ -24,9 +24,9 @@ option (udpa.annotations.file_status).package_version_status = FROZEN;
// more information on outlier detection.
// [#next-free-field: 21]
message OutlierDetection {
// The number of consecutive 5xx responses or local origin errors that are mapped
// to 5xx error codes before a consecutive 5xx ejection
// occurs. Defaults to 5.
// The number of consecutive server-side error responses (for HTTP traffic,
// 5xx responses; for TCP traffic, connection failures; for Redis, failure to
// respond PONG; etc.) before a consecutive 5xx ejection occurs. Defaults to 5.
google.protobuf.UInt32Value consecutive_5xx = 1;
// The time interval between ejection analysis sweeps. This can result in

2
xds/third_party/envoy/src/main/proto/envoy/api/v2/core/grpc_service.proto vendored
View File

@ -100,7 +100,7 @@ message GrpcService {
message StsService {
// URI of the token exchange service that handles token exchange requests.
// [#comment:TODO(asraa): Add URI validation when implemented. Tracked by
// https://github.com/envoyproxy/protoc-gen-validate/issues/303]
// https://github.com/bufbuild/protoc-gen-validate/issues/303]
string token_exchange_service_uri = 1;
// Location of the target service or resource where the client

7
xds/third_party/envoy/src/main/proto/envoy/api/v2/route/route_components.proto vendored
View File

@ -301,7 +301,7 @@ message WeightedCluster {
// An integer between 0 and :ref:`total_weight
// <envoy_api_field_route.WeightedCluster.total_weight>`. When a request matches the route,
// the choice of an upstream cluster is determined by its weight. The sum of weights across all
// entries in the clusters array must add up to the total_weight, which defaults to 100.
// entries in the clusters array must add up to the total_weight, if total_weight is greater than 0.
google.protobuf.UInt32Value weight = 2;
// Optional endpoint metadata match criteria used by the subset load balancer. Only endpoints in
@ -859,8 +859,9 @@ message RouteAction {
// Indicates that during forwarding, the host header will be swapped with
// the hostname of the upstream host chosen by the cluster manager. This
// option is applicable only when the destination cluster for a route is of
// type *strict_dns* or *logical_dns*. Setting this to true with other cluster
// types has no effect.
// type ``STRICT_DNS``, ``LOGICAL_DNS`` or ``STATIC``. For ``STATIC`` clusters, the
// hostname attribute of the endpoint must be configured. Setting this to true
// with other cluster types has no effect.
google.protobuf.BoolValue auto_host_rewrite = 7;
// Indicates that during forwarding, the host header will be swapped with the content of given

6
xds/third_party/envoy/src/main/proto/envoy/config/accesslog/v3/accesslog.proto vendored
View File

@ -151,7 +151,7 @@ message RuntimeFilter {
"envoy.config.filter.accesslog.v2.RuntimeFilter";
// Runtime key to get an optional overridden numerator for use in the
// *percent_sampled* field. If found in runtime, this value will replace the
// ``percent_sampled`` field. If found in runtime, this value will replace the
// default numerator.
string runtime_key = 1 [(validate.rules).string = {min_len: 1}];
@ -165,9 +165,9 @@ message RuntimeFilter {
// is present, the filter will consistently sample across multiple hosts based
// on the runtime key value and the value extracted from
// :ref:`x-request-id<config_http_conn_man_headers_x-request-id>`. If it is
// missing, or *use_independent_randomness* is set to true, the filter will
// missing, or ``use_independent_randomness`` is set to true, the filter will
// randomly sample based on the runtime key value alone.
// *use_independent_randomness* can be used for logging kill switches within
// ``use_independent_randomness`` can be used for logging kill switches within
// complex nested :ref:`AndFilter
// <envoy_v3_api_msg_config.accesslog.v3.AndFilter>` and :ref:`OrFilter
// <envoy_v3_api_msg_config.accesslog.v3.OrFilter>` blocks that are easier to

90
xds/third_party/envoy/src/main/proto/envoy/config/bootstrap/v3/bootstrap.proto vendored
View File

@ -41,7 +41,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
// <config_overview_bootstrap>` for more detail.
// Bootstrap :ref:`configuration overview <config_overview_bootstrap>`.
// [#next-free-field: 34]
// [#next-free-field: 38]
message Bootstrap {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.bootstrap.v2.Bootstrap";
@ -169,7 +169,7 @@ message Bootstrap {
// Optional duration between flushes to configured stats sinks. For
// performance reasons Envoy latches counters and only flushes counters and
// gauges at a periodic interval. If not specified the default is 5000ms (5
// seconds). Only one of `stats_flush_interval` or `stats_flush_on_admin`
// seconds). Only one of ``stats_flush_interval`` or ``stats_flush_on_admin``
// can be set.
// Duration must be at least 1ms and at most 5 min.
google.protobuf.Duration stats_flush_interval = 7 [
@ -182,14 +182,14 @@ message Bootstrap {
oneof stats_flush {
// Flush stats to sinks only when queried for on the admin interface. If set,
// a flush timer is not created. Only one of `stats_flush_on_admin` or
// `stats_flush_interval` can be set.
// a flush timer is not created. Only one of ``stats_flush_on_admin`` or
// ``stats_flush_interval`` can be set.
bool stats_flush_on_admin = 29 [(validate.rules).bool = {const: true}];
}
// Optional watchdog configuration.
// This is for a single watchdog configuration for the entire system.
// Deprecated in favor of *watchdogs* which has finer granularity.
// Deprecated in favor of ``watchdogs`` which has finer granularity.
Watchdog watchdog = 8
[deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
@ -249,7 +249,7 @@ message Bootstrap {
// when :ref:`dns_resolvers <envoy_v3_api_field_config.cluster.v3.Cluster.dns_resolvers>` and
// :ref:`use_tcp_for_dns_lookups <envoy_v3_api_field_config.cluster.v3.Cluster.use_tcp_for_dns_lookups>` are
// specified.
// This field is deprecated in favor of *dns_resolution_config*
// This field is deprecated in favor of ``dns_resolution_config``
// which aggregates all of the DNS resolver configuration in a single message.
bool use_tcp_for_dns_lookups = 20
[deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
@ -267,12 +267,12 @@ message Bootstrap {
// or any other DNS resolver types and the related parameters.
// For example, an object of
// :ref:`CaresDnsResolverConfig <envoy_v3_api_msg_extensions.network.dns_resolver.cares.v3.CaresDnsResolverConfig>`
// can be packed into this *typed_dns_resolver_config*. This configuration replaces the
// can be packed into this ``typed_dns_resolver_config``. This configuration replaces the
// :ref:`dns_resolution_config <envoy_v3_api_field_config.bootstrap.v3.Bootstrap.dns_resolution_config>`
// configuration.
// During the transition period when both *dns_resolution_config* and *typed_dns_resolver_config* exists,
// when *typed_dns_resolver_config* is in place, Envoy will use it and ignore *dns_resolution_config*.
// When *typed_dns_resolver_config* is missing, the default behavior is in place.
// During the transition period when both ``dns_resolution_config`` and ``typed_dns_resolver_config`` exists,
// when ``typed_dns_resolver_config`` is in place, Envoy will use it and ignore ``dns_resolution_config``.
// When ``typed_dns_resolver_config`` is missing, the default behavior is in place.
// [#extension-category: envoy.network.dns_resolver]
core.v3.TypedExtensionConfig typed_dns_resolver_config = 31;
@ -289,18 +289,18 @@ message Bootstrap {
// xdstp:// URL authority resolution. The algorithm is as
// follows:
// 1. The authority field is taken from the xdstp:// URL, call
// this *resource_authority*.
// 2. *resource_authority* is compared against the authorities in any peer
// *ConfigSource*. The peer *ConfigSource* is the configuration source
// this ``resource_authority``.
// 2. ``resource_authority`` is compared against the authorities in any peer
// ``ConfigSource``. The peer ``ConfigSource`` is the configuration source
// message which would have been used unconditionally for resolution
// with opaque resource names. If there is a match with an authority, the
// peer *ConfigSource* message is used.
// 3. *resource_authority* is compared sequentially with the authorities in
// each configuration source in *config_sources*. The first *ConfigSource*
// peer ``ConfigSource`` message is used.
// 3. ``resource_authority`` is compared sequentially with the authorities in
// each configuration source in ``config_sources``. The first ``ConfigSource``
// to match wins.
// 4. As a fallback, if no configuration source matches, then
// *default_config_source* is used.
// 5. If *default_config_source* is not specified, resolution fails.
// ``default_config_source`` is used.
// 5. If ``default_config_source`` is not specified, resolution fails.
// [#not-implemented-hide:]
repeated core.v3.ConfigSource config_sources = 22;
@ -330,6 +330,36 @@ message Bootstrap {
// Optional path to a file with performance tracing data created by "Perfetto" SDK in binary
// ProtoBuf format. The default value is "envoy.pftrace".
string perf_tracing_file_path = 33;
// Optional overriding of default regex engine.
// If the value is not specified, Google RE2 will be used by default.
// [#extension-category: envoy.regex_engines]
core.v3.TypedExtensionConfig default_regex_engine = 34;
// Optional XdsResourcesDelegate configuration, which allows plugging custom logic into both
// fetch and load events during xDS processing.
// If a value is not specified, no XdsResourcesDelegate will be used.
// TODO(abeyad): Add public-facing documentation.
// [#not-implemented-hide:]
core.v3.TypedExtensionConfig xds_delegate_extension = 35;
// Optional XdsConfigTracker configuration, which allows tracking xDS responses in external components,
// e.g., external tracer or monitor. It provides the process point when receive, ingest, or fail to
// process xDS resources and messages. If a value is not specified, no XdsConfigTracker will be used.
//
// .. note::
//
// There are no in-repo extensions currently, and the :repo:`XdsConfigTracker <envoy/config/xds_config_tracker.h>`
// interface should be implemented before using.
// See :repo:`xds_config_tracker_integration_test <test/integration/xds_config_tracker_integration_test.cc>`
// for an example usage of the interface.
core.v3.TypedExtensionConfig xds_config_tracker_extension = 36;
// [#not-implemented-hide:]
// This controls the type of listener manager configured for Envoy. Currently
// Envoy only supports ListenerManager for this field and Envoy Mobile
// supports ApiListenerManager.
core.v3.TypedExtensionConfig listener_manager = 37;
}
// Administration interface :ref:`operations documentation
@ -345,7 +375,7 @@ message Admin {
// The path to write the access log for the administration server. If no
// access log is desired specify /dev/null. This is only required if
// :ref:`address <envoy_v3_api_field_config.bootstrap.v3.Admin.address>` is set.
// Deprecated in favor of *access_log* which offers more options.
// Deprecated in favor of ``access_log`` which offers more options.
string access_log_path = 1
[deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
@ -387,7 +417,7 @@ message ClusterManager {
// Name of the local cluster (i.e., the cluster that owns the Envoy running
// this configuration). In order to enable :ref:`zone aware routing
// <arch_overview_load_balancing_zone_aware_routing>` this option must be set.
// If *local_cluster_name* is defined then :ref:`clusters
// If ``local_cluster_name`` is defined then :ref:`clusters
// <envoy_v3_api_msg_config.cluster.v3.Cluster>` must be defined in the :ref:`Bootstrap
// static cluster resources
// <envoy_v3_api_field_config.bootstrap.v3.Bootstrap.StaticResources.clusters>`. This is unrelated to
@ -403,7 +433,7 @@ message ClusterManager {
core.v3.BindConfig upstream_bind_config = 3;
// A management server endpoint to stream load stats to via
// *StreamLoadStats*. This must have :ref:`api_type
// ``StreamLoadStats``. This must have :ref:`api_type
// <envoy_v3_api_field_config.core.v3.ApiConfigSource.api_type>` :ref:`GRPC
// <envoy_v3_api_enum_value_config.core.v3.ApiConfigSource.ApiType.GRPC>`.
core.v3.ApiConfigSource load_stats_config = 4;
@ -449,15 +479,15 @@ message Watchdog {
}
// Register actions that will fire on given WatchDog events.
// See *WatchDogAction* for priority of events.
// See ``WatchDogAction`` for priority of events.
repeated WatchdogAction actions = 7;
// The duration after which Envoy counts a nonresponsive thread in the
// *watchdog_miss* statistic. If not specified the default is 200ms.
// ``watchdog_miss`` statistic. If not specified the default is 200ms.
google.protobuf.Duration miss_timeout = 1;
// The duration after which Envoy counts a nonresponsive thread in the
// *watchdog_mega_miss* statistic. If not specified the default is
// ``watchdog_mega_miss`` statistic. If not specified the default is
// 1000ms.
google.protobuf.Duration megamiss_timeout = 2;
@ -466,20 +496,20 @@ message Watchdog {
// kill behavior. If not specified the default is 0 (disabled).
google.protobuf.Duration kill_timeout = 3;
// Defines the maximum jitter used to adjust the *kill_timeout* if *kill_timeout* is
// Defines the maximum jitter used to adjust the ``kill_timeout`` if ``kill_timeout`` is
// enabled. Enabling this feature would help to reduce risk of synchronized
// watchdog kill events across proxies due to external triggers. Set to 0 to
// disable. If not specified the default is 0 (disabled).
google.protobuf.Duration max_kill_timeout_jitter = 6 [(validate.rules).duration = {gte {}}];
// If max(2, ceil(registered_threads * Fraction(*multikill_threshold*)))
// If ``max(2, ceil(registered_threads * Fraction(*multikill_threshold*)))``
// threads have been nonresponsive for at least this duration kill the entire
// Envoy process. Set to 0 to disable this behavior. If not specified the
// default is 0 (disabled).
google.protobuf.Duration multikill_timeout = 4;
// Sets the threshold for *multikill_timeout* in terms of the percentage of
// nonresponsive threads required for the *multikill_timeout*.
// Sets the threshold for ``multikill_timeout`` in terms of the percentage of
// nonresponsive threads required for the ``multikill_timeout``.
// If not specified the default is 0.
type.v3.Percent multikill_threshold = 5;
}
@ -490,7 +520,7 @@ message Watchdog {
// have an out of band system to terminate the process.
//
// The interface for the extension is ``Envoy::Server::Configuration::FatalAction``.
// *FatalAction* extensions live in the ``envoy.extensions.fatal_actions`` API
// ``FatalAction`` extensions live in the ``envoy.extensions.fatal_actions`` API
// namespace.
message FatalAction {
// Extension specific configuration for the action. It's expected to conform
@ -570,7 +600,7 @@ message RuntimeLayer {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.bootstrap.v2.RuntimeLayer.RtdsLayer";
// Resource to subscribe to at *rtds_config* for the RTDS layer.
// Resource to subscribe to at ``rtds_config`` for the RTDS layer.
string name = 1;
// RTDS configuration source.

158
xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/cluster.proto vendored
View File

@ -37,7 +37,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
// [#protodoc-title: Cluster configuration]
// Cluster list collections. Entries are *Cluster* resources or references.
// Cluster list collections. Entries are ``Cluster`` resources or references.
// [#not-implemented-hide:]
message ClusterCollection {
xds.core.v3.CollectionEntry entries = 1;
@ -170,7 +170,7 @@ message Cluster {
// Optional endpoint metadata match criteria.
// The connection to the endpoint with metadata matching what is set in this field
// will use the transport socket configuration specified here.
// The endpoint's metadata entry in *envoy.transport_socket_match* is used to match
// The endpoint's metadata entry in ``envoy.transport_socket_match`` is used to match
// against the values specified in this field.
google.protobuf.Struct match = 2;
@ -209,7 +209,7 @@ message Cluster {
// Optionally divide the endpoints in this cluster into subsets defined by
// endpoint metadata and selected by route and weighted cluster metadata.
// [#next-free-field: 8]
// [#next-free-field: 9]
message LbSubsetConfig {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.Cluster.LbSubsetConfig";
@ -225,6 +225,52 @@ message Cluster {
DEFAULT_SUBSET = 2;
}
enum LbSubsetMetadataFallbackPolicy {
// No fallback. Route metadata will be used as-is.
METADATA_NO_FALLBACK = 0;
// A special metadata key ``fallback_list`` will be used to provide variants of metadata to try.
// Value of ``fallback_list`` key has to be a list. Every list element has to be a struct - it will
// be merged with route metadata, overriding keys that appear in both places.
// ``fallback_list`` entries will be used in order until a host is found.
//
// ``fallback_list`` key itself is removed from metadata before subset load balancing is performed.
//
// Example:
//
// for metadata:
//
// .. code-block:: yaml
//
// version: 1.0
// fallback_list:
// - version: 2.0
// hardware: c64
// - hardware: c32
// - version: 3.0
//
// at first, metadata:
//
// .. code-block:: json
//
// {"version": "2.0", "hardware": "c64"}
//
// will be used for load balancing. If no host is found, metadata:
//
// .. code-block:: json
//
// {"version": "1.0", "hardware": "c32"}
//
// is next to try. If it still results in no host, finally metadata:
//
// .. code-block:: json
//
// {"version": "3.0"}
//
// is used.
FALLBACK_LIST = 1;
}
// Specifications for subsets.
message LbSubsetSelector {
option (udpa.annotations.versioning).previous_message_type =
@ -260,12 +306,9 @@ message Cluster {
// Selects a mode of operation in which each subset has only one host. This mode uses the same rules for
// choosing a host, but updating hosts is faster, especially for large numbers of hosts.
//
// If a match is found to a host, that host will be used regardless of priority levels, unless the host is unhealthy.
// If a match is found to a host, that host will be used regardless of priority levels.
//
// Currently, this mode is only supported if `subset_selectors` has only one entry, and `keys` contains
// only one entry.
//
// When this mode is enabled, configurations that contain more than one host with the same metadata value for the single key in `keys`
// When this mode is enabled, configurations that contain more than one host with the same metadata value for the single key in ``keys``
// will use only one of the hosts with the given key; no requests will be routed to the others. The cluster gauge
// :ref:`lb_subsets_single_host_per_subset_duplicate<config_cluster_manager_cluster_stats_subset_lb>` indicates how many duplicates are
// present in the current configuration.
@ -284,7 +327,7 @@ message Cluster {
// For any other fallback policy the parameter is not used and should not be set.
// Only values also present in
// :ref:`keys<envoy_v3_api_field_config.cluster.v3.Cluster.LbSubsetConfig.LbSubsetSelector.keys>` are allowed, but
// `fallback_keys_subset` cannot be equal to `keys`.
// ``fallback_keys_subset`` cannot be equal to ``keys``.
repeated string fallback_keys_subset = 3;
}
@ -297,14 +340,14 @@ message Cluster {
// fallback_policy is
// :ref:`DEFAULT_SUBSET<envoy_v3_api_enum_value_config.cluster.v3.Cluster.LbSubsetConfig.LbSubsetFallbackPolicy.DEFAULT_SUBSET>`.
// Each field in default_subset is
// compared to the matching LbEndpoint.Metadata under the *envoy.lb*
// compared to the matching LbEndpoint.Metadata under the ``envoy.lb``
// namespace. It is valid for no hosts to match, in which case the behavior
// is the same as a fallback_policy of
// :ref:`NO_FALLBACK<envoy_v3_api_enum_value_config.cluster.v3.Cluster.LbSubsetConfig.LbSubsetFallbackPolicy.NO_FALLBACK>`.
google.protobuf.Struct default_subset = 2;
// For each entry, LbEndpoint.Metadata's
// *envoy.lb* namespace is traversed and a subset is created for each unique
// ``envoy.lb`` namespace is traversed and a subset is created for each unique
// combination of key and value. For example:
//
// .. code-block:: json
@ -349,6 +392,16 @@ message Cluster {
// endpoint metadata if the endpoint metadata matches the value exactly OR it is a list value
// and any of the elements in the list matches the criteria.
bool list_as_any = 7;
// Fallback mechanism that allows to try different route metadata until a host is found.
// If load balancing process, including all its mechanisms (like
// :ref:`fallback_policy<envoy_v3_api_field_config.cluster.v3.Cluster.LbSubsetConfig.fallback_policy>`)
// fails to select a host, this policy decides if and how the process is repeated using another metadata.
//
// The value defaults to
// :ref:`METADATA_NO_FALLBACK<envoy_v3_api_enum_value_config.cluster.v3.Cluster.LbSubsetConfig.LbSubsetMetadataFallbackPolicy.METADATA_NO_FALLBACK>`.
LbSubsetMetadataFallbackPolicy metadata_fallback_policy = 8
[(validate.rules).enum = {defined_only: true}];
}
// Configuration for :ref:`slow start mode <arch_overview_load_balancing_slow_start>`.
@ -365,8 +418,8 @@ message Cluster {
// By tuning the parameter, is possible to achieve polynomial or exponential shape of ramp-up curve.
//
// During slow start window, effective weight of an endpoint would be scaled with time factor and aggression:
// `new_weight = weight * max(min_weight_percent, time_factor ^ (1 / aggression))`,
// where `time_factor=(time_since_start_seconds / slow_start_time_seconds)`.
// ``new_weight = weight * max(min_weight_percent, time_factor ^ (1 / aggression))``,
// where ``time_factor=(time_since_start_seconds / slow_start_time_seconds)``.
//
// As time progresses, more and more traffic would be sent to endpoint, which is in slow start window.
// Once host exits slow start, time_factor and aggression no longer affect its weight.
@ -397,18 +450,18 @@ message Cluster {
// The following formula is used to calculate the dynamic weights when hosts have different load
// balancing weights:
//
// `weight = load_balancing_weight / (active_requests + 1)^active_request_bias`
// ``weight = load_balancing_weight / (active_requests + 1)^active_request_bias``
//
// The larger the active request bias is, the more aggressively active requests will lower the
// effective weight when all host weights are not equal.
//
// `active_request_bias` must be greater than or equal to 0.0.
// ``active_request_bias`` must be greater than or equal to 0.0.
//
// When `active_request_bias == 0.0` the Least Request Load Balancer doesn't consider the number
// When ``active_request_bias == 0.0`` the Least Request Load Balancer doesn't consider the number
// of active requests at the time it picks a host and behaves like the Round Robin Load
// Balancer.
//
// When `active_request_bias > 0.0` the Least Request Load Balancer scales the load balancing
// When ``active_request_bias > 0.0`` the Least Request Load Balancer scales the load balancing
// weight by the number of active requests at the time it does a pick.
//
// The value is cached for performance reasons and refreshed whenever one of the Load Balancer's
@ -462,8 +515,8 @@ message Cluster {
// Specific configuration for the :ref:`Maglev<arch_overview_load_balancing_types_maglev>`
// load balancing policy.
message MaglevLbConfig {
// The table size for Maglev hashing. The Maglev aims for minimal disruption rather than an absolute guarantee.
// Minimal disruption means that when the set of upstreams changes, a connection will likely be sent to the same
// The table size for Maglev hashing. Maglev aims for "minimal disruption" rather than an absolute guarantee.
// Minimal disruption means that when the set of upstream hosts change, a connection will likely be sent to the same
// upstream as it was before. Increasing the table size reduces the amount of disruption.
// The table size must be prime number limited to 5000011. If it is not specified, the default is 65537.
google.protobuf.UInt64Value table_size = 1 [(validate.rules).uint64 = {lte: 5000011}];
@ -472,6 +525,7 @@ message Cluster {
// Specific configuration for the
// :ref:`Original Destination <arch_overview_load_balancing_types_original_destination>`
// load balancing policy.
// [#extension: envoy.clusters.original_dst]
message OriginalDstLbConfig {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.Cluster.OriginalDstLbConfig";
@ -493,6 +547,10 @@ message Cluster {
// The http header to override destination address if :ref:`use_http_header <envoy_v3_api_field_config.cluster.v3.Cluster.OriginalDstLbConfig.use_http_header>`.
// is set to true. If the value is empty, :ref:`x-envoy-original-dst-host <config_http_conn_man_headers_x-envoy-original-dst-host>` will be used.
string http_header_name = 2;
// The port to override for the original dst address. This port
// will take precedence over filter state and header override ports
google.protobuf.UInt32Value upstream_port_override = 3 [(validate.rules).uint32 = {lte: 65535}];
}
// Common configuration for all load balancer implementations.
@ -539,7 +597,7 @@ message Cluster {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.Cluster.CommonLbConfig.ConsistentHashingLbConfig";
// If set to `true`, the cluster will use hostname instead of the resolved
// If set to ``true``, the cluster will use hostname instead of the resolved
// address as the key to consistently hash to an upstream host. Only valid for StrictDNS clusters with hostnames which resolve to a single IP address.
bool use_hostname_for_hashing = 1;
@ -551,7 +609,7 @@ message Cluster {
// Applies to both Ring Hash and Maglev load balancers.
//
// This is implemented based on the method described in the paper https://arxiv.org/abs/1608.01350. For the specified
// `hash_balance_factor`, requests to any upstream host are capped at `hash_balance_factor/100` times the average number of requests
// ``hash_balance_factor``, requests to any upstream host are capped at ``hash_balance_factor/100`` times the average number of requests
// across the cluster. When a request arrives for an upstream host that is currently serving at its max capacity, linear probing
// is used to identify an eligible host. Further, the linear probe is implemented using a random jump in hosts ring/table to identify
// the eligible host (this technique is as described in the paper https://arxiv.org/abs/1908.08762 - the random jump avoids the
@ -559,7 +617,7 @@ message Cluster {
//
// If weights are specified on the hosts, they are respected.
//
// This is an O(N) algorithm, unlike other load balancers. Using a lower `hash_balance_factor` results in more hosts
// This is an O(N) algorithm, unlike other load balancers. Using a lower ``hash_balance_factor`` results in more hosts
// being probed, so use a higher value if you require better performance.
google.protobuf.UInt32Value hash_balance_factor = 2 [(validate.rules).uint32 = {gte: 100}];
}
@ -599,7 +657,7 @@ message Cluster {
// This will have no effect unless active health checking is also configured.
bool ignore_new_hosts_until_first_hc = 5;
// If set to `true`, the cluster manager will drain all existing
// If set to ``true``, the cluster manager will drain all existing
// connections to upstream hosts whenever hosts are added or removed from the cluster.
bool close_connections_on_host_set_change = 6;
@ -664,7 +722,7 @@ message Cluster {
// Indicates how many many streams (rounded up) can be anticipated across a cluster for each
// stream, useful for low QPS services. This is currently supported for a subset of
// deterministic non-hash-based load-balancing algorithms (weighted round robin, random).
// Unlike *per_upstream_preconnect_ratio* this preconnects across the upstream instances in a
// Unlike ``per_upstream_preconnect_ratio`` this preconnects across the upstream instances in a
// cluster, doing best effort predictions of what upstream would be picked next and
// pre-establishing a connection.
//
@ -692,7 +750,7 @@ message Cluster {
reserved "hosts", "tls_context", "extension_protocol_options";
// Configuration to use different transport sockets for different endpoints.
// The entry of *envoy.transport_socket_match* in the
// The entry of ``envoy.transport_socket_match`` in the
// :ref:`LbEndpoint.Metadata <envoy_v3_api_field_config.endpoint.v3.LbEndpoint.metadata>`
// is used to match against the transport sockets as they appear in the list. The first
// :ref:`match <envoy_v3_api_msg_config.cluster.v3.Cluster.TransportSocketMatch>` is used.
@ -712,16 +770,16 @@ message Cluster {
// transport_socket:
// name: envoy.transport_sockets.raw_buffer
//
// Connections to the endpoints whose metadata value under *envoy.transport_socket_match*
// Connections to the endpoints whose metadata value under ``envoy.transport_socket_match``
// having "acceptMTLS"/"true" key/value pair use the "enableMTLS" socket configuration.
//
// If a :ref:`socket match <envoy_v3_api_msg_config.cluster.v3.Cluster.TransportSocketMatch>` with empty match
// criteria is provided, that always match any endpoint. For example, the "defaultToPlaintext"
// socket match in case above.
//
// If an endpoint metadata's value under *envoy.transport_socket_match* does not match any
// *TransportSocketMatch*, socket configuration fallbacks to use the *tls_context* or
// *transport_socket* specified in this cluster.
// If an endpoint metadata's value under ``envoy.transport_socket_match`` does not match any
// ``TransportSocketMatch``, socket configuration fallbacks to use the ``tls_context`` or
// ``transport_socket`` specified in this cluster.
//
// This field allows gradual and flexible transport socket configuration changes.
//
@ -732,8 +790,8 @@ message Cluster {
//
// Then the xDS server can configure the CDS to a client, Envoy A, to send mutual TLS
// traffic for endpoints with "acceptMTLS": "true", by adding a corresponding
// *TransportSocketMatch* in this field. Other client Envoys receive CDS without
// *transport_socket_match* set, and still send plain text traffic to the same cluster.
// ``TransportSocketMatch`` in this field. Other client Envoys receive CDS without
// ``transport_socket_match`` set, and still send plain text traffic to the same cluster.
//
// This field can be used to specify custom transport socket configurations for health
// checks by adding matching key/value pairs in a health check's
@ -787,7 +845,7 @@ message Cluster {
// :ref:`STATIC<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.STATIC>`,
// :ref:`STRICT_DNS<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.STRICT_DNS>`
// or :ref:`LOGICAL_DNS<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.LOGICAL_DNS>` clusters.
// This field supersedes the *hosts* field in the v2 API.
// This field supersedes the ``hosts`` field in the v2 API.
//
// .. attention::
//
@ -856,7 +914,7 @@ message Cluster {
// set so that Envoy will assume that the upstream supports HTTP/2 when
// making new HTTP connection pool connections. Currently, Envoy only
// supports prior knowledge for upstream connections. Even if TLS is used
// with ALPN, `http2_protocol_options` must be specified. As an aside this allows HTTP/2
// with ALPN, ``http2_protocol_options`` must be specified. As an aside this allows HTTP/2
// connections to happen over plain text.
// This has been deprecated in favor of http2_protocol_options fields in the
// :ref:`http_protocol_options <envoy_v3_api_msg_extensions.upstreams.http.v3.HttpProtocolOptions>`
@ -920,13 +978,13 @@ message Cluster {
// :ref:`STRICT_DNS<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.STRICT_DNS>`
// and :ref:`LOGICAL_DNS<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.LOGICAL_DNS>`
// this setting is ignored.
// This field is deprecated in favor of *dns_resolution_config*
// This field is deprecated in favor of ``dns_resolution_config``
// which aggregates all of the DNS resolver configuration in a single message.
repeated core.v3.Address dns_resolvers = 18
[deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
// Always use TCP queries instead of UDP queries for DNS lookups.
// This field is deprecated in favor of *dns_resolution_config*
// This field is deprecated in favor of ``dns_resolution_config``
// which aggregates all of the DNS resolver configuration in a single message.
bool use_tcp_for_dns_lookups = 45
[deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
@ -941,12 +999,12 @@ message Cluster {
// or any other DNS resolver types and the related parameters.
// For example, an object of
// :ref:`CaresDnsResolverConfig <envoy_v3_api_msg_extensions.network.dns_resolver.cares.v3.CaresDnsResolverConfig>`
// can be packed into this *typed_dns_resolver_config*. This configuration replaces the
// can be packed into this ``typed_dns_resolver_config``. This configuration replaces the
// :ref:`dns_resolution_config <envoy_v3_api_field_config.cluster.v3.Cluster.dns_resolution_config>`
// configuration.
// During the transition period when both *dns_resolution_config* and *typed_dns_resolver_config* exists,
// when *typed_dns_resolver_config* is in place, Envoy will use it and ignore *dns_resolution_config*.
// When *typed_dns_resolver_config* is missing, the default behavior is in place.
// During the transition period when both ``dns_resolution_config`` and ``typed_dns_resolver_config`` exists,
// when ``typed_dns_resolver_config`` is in place, Envoy will use it and ignore ``dns_resolution_config``.
// When ``typed_dns_resolver_config`` is missing, the default behavior is in place.
// [#extension-category: envoy.network.dns_resolver]
core.v3.TypedExtensionConfig typed_dns_resolver_config = 55;
@ -1014,8 +1072,8 @@ message Cluster {
CommonLbConfig common_lb_config = 27;
// Optional custom transport socket implementation to use for upstream connections.
// To setup TLS, set a transport socket with name `envoy.transport_sockets.tls` and
// :ref:`UpstreamTlsContexts <envoy_v3_api_msg_extensions.transport_sockets.tls.v3.UpstreamTlsContext>` in the `typed_config`.
// To setup TLS, set a transport socket with name ``envoy.transport_sockets.tls`` and
// :ref:`UpstreamTlsContexts <envoy_v3_api_msg_extensions.transport_sockets.tls.v3.UpstreamTlsContext>` in the ``typed_config``.
// If no transport socket configuration is specified, new connections
// will be set up with plaintext.
core.v3.TransportSocket transport_socket = 24;
@ -1024,7 +1082,7 @@ message Cluster {
// cluster. It can be used for stats, logging, and varying filter behavior.
// Fields should use reverse DNS notation to denote which entity within Envoy
// will need the information. For instance, if the metadata is intended for
// the Router filter, the filter name should be specified as *envoy.filters.http.router*.
// the Router filter, the filter name should be specified as ``envoy.filters.http.router``.
core.v3.Metadata metadata = 25;
// Determines how Envoy selects the protocol used to speak to upstream hosts.
@ -1092,7 +1150,7 @@ message Cluster {
//
// .. attention::
//
// This field has been deprecated in favor of `timeout_budgets`, part of
// This field has been deprecated in favor of ``timeout_budgets``, part of
// :ref:`track_cluster_stats <envoy_v3_api_field_config.cluster.v3.Cluster.track_cluster_stats>`.
bool track_timeout_budgets = 47
[deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
@ -1103,7 +1161,7 @@ message Cluster {
// TCP upstreams.
//
// For HTTP traffic, Envoy will generally take downstream HTTP and send it upstream as upstream
// HTTP, using the http connection pool and the codec from `http2_protocol_options`
// HTTP, using the http connection pool and the codec from ``http2_protocol_options``
//
// For routes where CONNECT termination is configured, Envoy will take downstream CONNECT
// requests and forward the CONNECT payload upstream over raw TCP using the tcp connection pool.
@ -1123,7 +1181,7 @@ message Cluster {
// Preconnect configuration for this cluster.
PreconnectPolicy preconnect_policy = 50;
// If `connection_pool_per_downstream_connection` is true, the cluster will use a separate
// If ``connection_pool_per_downstream_connection`` is true, the cluster will use a separate
// connection pool for every downstream connection
bool connection_pool_per_downstream_connection = 51;
}
@ -1158,6 +1216,7 @@ message LoadBalancingPolicy {
reserved "config", "name", "typed_config";
// [#extension-category: envoy.load_balancing_policies]
core.v3.TypedExtensionConfig typed_extension_config = 4;
}
@ -1167,15 +1226,6 @@ message LoadBalancingPolicy {
repeated Policy policies = 1;
}
// An extensible structure containing the address Envoy should bind to when
// establishing upstream connections.
message UpstreamBindConfig {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.UpstreamBindConfig";
// The address Envoy should bind to when establishing upstream connections.
core.v3.Address source_address = 1;
}
message UpstreamConnectionOptions {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.UpstreamConnectionOptions";

6
xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/outlier_detection.proto vendored
View File

@ -24,9 +24,9 @@ message OutlierDetection {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.cluster.OutlierDetection";
// The number of consecutive 5xx responses or local origin errors that are mapped
// to 5xx error codes before a consecutive 5xx ejection
// occurs. Defaults to 5.
// The number of consecutive server-side error responses (for HTTP traffic,
// 5xx responses; for TCP traffic, connection failures; for Redis, failure to
// respond PONG; etc.) before a consecutive 5xx ejection occurs. Defaults to 5.
google.protobuf.UInt32Value consecutive_5xx = 1;
// The time interval between ejection analysis sweeps. This can result in

59
xds/third_party/envoy/src/main/proto/envoy/config/core/v3/address.proto vendored
View File

@ -6,6 +6,7 @@ import "envoy/config/core/v3/socket_option.proto";
import "google/protobuf/wrappers.proto";
import "envoy/annotations/deprecation.proto";
import "udpa/annotations/status.proto";
import "udpa/annotations/versioning.proto";
import "validate/validate.proto";
@ -32,15 +33,20 @@ message Pipe {
}
// The address represents an envoy internal listener.
// [#comment: TODO(lambdai): Make this address available for listener and endpoint.
// TODO(asraa): When address available, remove workaround from test/server/server_fuzz_test.cc:30.]
// [#comment: TODO(asraa): When address available, remove workaround from test/server/server_fuzz_test.cc:30.]
message EnvoyInternalAddress {
oneof address_name_specifier {
option (validate.required) = true;
// [#not-implemented-hide:] The :ref:`listener name <envoy_v3_api_field_config.listener.v3.Listener.name>` of the destination internal listener.
// Specifies the :ref:`name <envoy_v3_api_field_config.listener.v3.Listener.name>` of the
// internal listener.
string server_listener_name = 1;
}
// Specifies an endpoint identifier to distinguish between multiple endpoints for the same internal listener in a
// single upstream pool. Only used in the upstream addresses for tracking changes to individual endpoints. This, for
// example, may be set to the final destination IP for the target internal listener.
string endpoint_id = 2;
}
// [#next-free-field: 7]
@ -62,8 +68,8 @@ message SocketAddress {
// within an upstream :ref:`BindConfig <envoy_v3_api_msg_config.core.v3.BindConfig>`, the address
// controls the source address of outbound connections. For :ref:`clusters
// <envoy_v3_api_msg_config.cluster.v3.Cluster>`, the cluster type determines whether the
// address must be an IP (*STATIC* or *EDS* clusters) or a hostname resolved by DNS
// (*STRICT_DNS* or *LOGICAL_DNS* clusters). Address resolution can be customized
// address must be an IP (``STATIC`` or ``EDS`` clusters) or a hostname resolved by DNS
// (``STRICT_DNS`` or ``LOGICAL_DNS`` clusters). Address resolution can be customized
// via :ref:`resolver_name <envoy_v3_api_field_config.core.v3.SocketAddress.resolver_name>`.
string address = 2 [(validate.rules).string = {min_len: 1}];
@ -82,7 +88,7 @@ message SocketAddress {
// this is empty, a context dependent default applies. If the address is a concrete
// IP address, no resolution will occur. If address is a hostname this
// should be set for resolution other than DNS. Specifying a custom resolver with
// *STRICT_DNS* or *LOGICAL_DNS* will generate an error at runtime.
// ``STRICT_DNS`` or ``LOGICAL_DNS`` will generate an error at runtime.
string resolver_name = 5;
// When binding to an IPv6 address above, this enables `IPv4 compatibility
@ -110,17 +116,32 @@ message TcpKeepalive {
google.protobuf.UInt32Value keepalive_interval = 3;
}
message ExtraSourceAddress {
// The additional address to bind.
SocketAddress address = 1 [(validate.rules).message = {required: true}];
// Additional socket options that may not be present in Envoy source code or
// precompiled binaries. If specified, this will override the
// :ref:`socket_options <envoy_v3_api_field_config.core.v3.BindConfig.socket_options>`
// in the BindConfig. If specified with no
// :ref:`socket_options <envoy_v3_api_field_config.core.v3.SocketOptionsOverride.socket_options>`
// or an empty list of :ref:`socket_options <envoy_v3_api_field_config.core.v3.SocketOptionsOverride.socket_options>`,
// it means no socket option will apply.
SocketOptionsOverride socket_options = 2;
}
// [#next-free-field: 6]
message BindConfig {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.BindConfig";
// The address to bind to when creating a socket.
SocketAddress source_address = 1 [(validate.rules).message = {required: true}];
SocketAddress source_address = 1;
// Whether to set the *IP_FREEBIND* option when creating the socket. When this
// Whether to set the ``IP_FREEBIND`` option when creating the socket. When this
// flag is set to true, allows the :ref:`source_address
// <envoy_v3_api_field_config.cluster.v3.UpstreamBindConfig.source_address>` to be an IP address
// <envoy_v3_api_field_config.core.v3.BindConfig.source_address>` to be an IP address
// that is not configured on the system running Envoy. When this flag is set
// to false, the option *IP_FREEBIND* is disabled on the socket. When this
// to false, the option ``IP_FREEBIND`` is disabled on the socket. When this
// flag is not set (default), the socket is not modified, i.e. the option is
// neither enabled nor disabled.
google.protobuf.BoolValue freebind = 2;
@ -128,6 +149,21 @@ message BindConfig {
// Additional socket options that may not be present in Envoy source code or
// precompiled binaries.
repeated SocketOption socket_options = 3;
// Extra source addresses appended to the address specified in the `source_address`
// field. This enables to specify multiple source addresses. Currently, only one extra
// address can be supported, and the extra address should have a different IP version
// with the address in the `source_address` field. The address which has the same IP
// version with the target host's address IP version will be used as bind address. If more
// than one extra address specified, only the first address matched IP version will be
// returned. If there is no same IP version address found, the address in the `source_address`
// will be returned.
repeated ExtraSourceAddress extra_source_addresses = 5;
// Deprecated by
// :ref:`extra_source_addresses <envoy_v3_api_field_config.core.v3.BindConfig.extra_source_addresses>`
repeated SocketAddress additional_source_addresses = 4
[deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
}
// Addresses specify either a logical or physical address and port, which are
@ -143,7 +179,8 @@ message Address {
Pipe pipe = 2;
// [#not-implemented-hide:]
// Specifies a user-space address handled by :ref:`internal listeners
// <envoy_v3_api_field_config.listener.v3.Listener.internal_listener>`.
EnvoyInternalAddress envoy_internal_address = 3;
}
}

2
xds/third_party/envoy/src/main/proto/envoy/config/core/v3/backoff.proto vendored
View File

@ -14,7 +14,7 @@ option java_multiple_files = true;
option go_package = "github.com/envoyproxy/go-control-plane/envoy/config/core/v3;corev3";
option (udpa.annotations.file_status).package_version_status = ACTIVE;
// [#protodoc-title: Backoff Strategy]
// [#protodoc-title: Backoff strategy]
// Configuration defining a jittered exponential back off strategy.
message BackoffStrategy {

48
xds/third_party/envoy/src/main/proto/envoy/config/core/v3/base.proto vendored
View File

@ -103,7 +103,7 @@ message BuildVersion {
}
// Version and identification for an Envoy extension.
// [#next-free-field: 6]
// [#next-free-field: 7]
message Extension {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.Extension";
@ -121,7 +121,8 @@ message Extension {
// [#not-implemented-hide:] Type descriptor of extension configuration proto.
// [#comment:TODO(yanavlasov): Link to the doc with existing configuration protos.]
// [#comment:TODO(yanavlasov): Add tests when PR #9391 lands.]
string type_descriptor = 3;
string type_descriptor = 3
[deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
// The version is a property of the extension and maintained independently
// of other extensions and the Envoy API.
@ -130,6 +131,9 @@ message Extension {
// Indicates that the extension is present but was disabled via dynamic configuration.
bool disabled = 5;
// Type URLs of extension configuration protos.
repeated string type_urls = 6;
}
// Identifies a specific Envoy instance. The node identifier is presented to the
@ -197,7 +201,7 @@ message Node {
// Client feature support list. These are well known features described
// in the Envoy API repository for a given major version of an API. Client features
// use reverse DNS naming scheme, for example `com.acme.feature`.
// use reverse DNS naming scheme, for example ``com.acme.feature``.
// See :ref:`the list of features <client_features>` that xDS client may
// support.
repeated string client_features = 10;
@ -205,7 +209,7 @@ message Node {
// Known listening ports on the node as a generic hint to the management server
// for filtering :ref:`listeners <config_listeners>` to be returned. For example,
// if there is a listener bound to port 80, the list can optionally contain the
// SocketAddress `(0.0.0.0,80)`. The field is optional and just a hint.
// SocketAddress ``(0.0.0.0,80)``. The field is optional and just a hint.
repeated Address listening_addresses = 11
[deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
}
@ -235,20 +239,20 @@ message Node {
message Metadata {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.Metadata";
// Key is the reverse DNS filter name, e.g. com.acme.widget. The envoy.*
// Key is the reverse DNS filter name, e.g. com.acme.widget. The ``envoy.*``
// namespace is reserved for Envoy's built-in filters.
// If both *filter_metadata* and
// If both ``filter_metadata`` and
// :ref:`typed_filter_metadata <envoy_v3_api_field_config.core.v3.Metadata.typed_filter_metadata>`
// fields are present in the metadata with same keys,
// only *typed_filter_metadata* field will be parsed.
// only ``typed_filter_metadata`` field will be parsed.
map<string, google.protobuf.Struct> filter_metadata = 1;
// Key is the reverse DNS filter name, e.g. com.acme.widget. The envoy.*
// Key is the reverse DNS filter name, e.g. com.acme.widget. The ``envoy.*``
// namespace is reserved for Envoy's built-in filters.
// The value is encoded as google.protobuf.Any.
// If both :ref:`filter_metadata <envoy_v3_api_field_config.core.v3.Metadata.filter_metadata>`
// and *typed_filter_metadata* fields are present in the metadata with same keys,
// only *typed_filter_metadata* field will be parsed.
// and ``typed_filter_metadata`` fields are present in the metadata with same keys,
// only ``typed_filter_metadata`` field will be parsed.
map<string, google.protobuf.Any> typed_filter_metadata = 2;
}
@ -319,7 +323,7 @@ message HeaderValue {
//
// The same :ref:`format specifier <config_access_log_format>` as used for
// :ref:`HTTP access logging <config_access_log>` applies here, however
// unknown header values are replaced with the empty string instead of `-`.
// unknown header values are replaced with the empty string instead of ``-``.
string value = 2 [
(validate.rules).string = {max_bytes: 16384 well_known_regex: HTTP_HEADER_VALUE strict: false}
];
@ -352,11 +356,25 @@ message HeaderValueOption {
// Should the value be appended? If true (default), the value is appended to
// existing values. Otherwise it replaces any existing values.
google.protobuf.BoolValue append = 2;
// This field is deprecated and please use
// :ref:`append_action <envoy_v3_api_field_config.core.v3.HeaderValueOption.append_action>` as replacement.
//
// .. note::
// The :ref:`external authorization service <envoy_v3_api_msg_service.auth.v3.CheckResponse>` and
// :ref:`external processor service <envoy_v3_api_msg_service.ext_proc.v3.ProcessingResponse>` have
// default value (``false``) for this field.
google.protobuf.BoolValue append = 2
[deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
// [#not-implemented-hide:] Describes the action taken to append/overwrite the given value for an existing header
// or to only add this header if it's absent. Value defaults to :ref:`APPEND_IF_EXISTS_OR_ADD<envoy_v3_api_enum_value_config.core.v3.HeaderValueOption.HeaderAppendAction.APPEND_IF_EXISTS_OR_ADD>`.
// Describes the action taken to append/overwrite the given value for an existing header
// or to only add this header if it's absent.
// Value defaults to :ref:`APPEND_IF_EXISTS_OR_ADD
// <envoy_v3_api_enum_value_config.core.v3.HeaderValueOption.HeaderAppendAction.APPEND_IF_EXISTS_OR_ADD>`.
HeaderAppendAction append_action = 3 [(validate.rules).enum = {defined_only: true}];
// Is the header value allowed to be empty? If false (default), custom headers with empty values are dropped,
// otherwise they are added.
bool keep_empty_value = 4;
}
// Wrapper for a set of headers.
@ -469,7 +487,7 @@ message TransportSocket {
// :ref:`FractionalPercent <envoy_v3_api_msg_type.v3.FractionalPercent>` proto represented as JSON/YAML
// and may also be represented as an integer with the assumption that the value is an integral
// percentage out of 100. For instance, a runtime key lookup returning the value "42" would parse
// as a `FractionalPercent` whose numerator is 42 and denominator is HUNDRED.
// as a ``FractionalPercent`` whose numerator is 42 and denominator is HUNDRED.
message RuntimeFractionalPercent {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.core.RuntimeFractionalPercent";

24
xds/third_party/envoy/src/main/proto/envoy/config/core/v3/config_source.proto vendored
View File

@ -114,7 +114,7 @@ message ApiConfigSource {
// A list of config validators that will be executed when a new update is
// received from the ApiConfigSource. Note that each validator handles a
// specific xDS service type, and only the validators corresponding to the
// type url (in `:ref: DiscoveryResponse` or `:ref: DeltaDiscoveryResponse`)
// type url (in ``:ref: DiscoveryResponse`` or ``:ref: DeltaDiscoveryResponse``)
// will be invoked.
// If the validator returns false or throws an exception, the config will be rejected by
// the client, and a NACK will be sent.
@ -168,24 +168,24 @@ message PathConfigSource {
//
// .. note::
//
// If `watched_directory` is *not* configured, Envoy will watch the file path for *moves.*
// If ``watched_directory`` is *not* configured, Envoy will watch the file path for *moves*.
// This is because in general only moves are atomic. The same method of swapping files as is
// demonstrated in the :ref:`runtime documentation <config_runtime_symbolic_link_swap>` can be
// used here also. If `watched_directory` is configured, no watch will be placed directly on
// this path. Instead, the configured `watched_directory` will be used to trigger reloads of
// used here also. If ``watched_directory`` is configured, no watch will be placed directly on
// this path. Instead, the configured ``watched_directory`` will be used to trigger reloads of
// this path. This is required in certain deployment scenarios. See below for more information.
string path = 1 [(validate.rules).string = {min_len: 1}];
// If configured, this directory will be watched for *moves.* When an entry in this directory is
// moved to, the `path` will be reloaded. This is required in certain deployment scenarios.
// If configured, this directory will be watched for *moves*. When an entry in this directory is
// moved to, the ``path`` will be reloaded. This is required in certain deployment scenarios.
//
// Specifically, if trying to load an xDS resource using a
// `Kubernetes ConfigMap <https://kubernetes.io/docs/concepts/configuration/configmap/>`_, the
// following configuration might be used:
// 1. Store xds.yaml inside a ConfigMap.
// 2. Mount the ConfigMap to `/config_map/xds`
// 3. Configure path `/config_map/xds/xds.yaml`
// 4. Configure watched directory `/config_map/xds`
// 2. Mount the ConfigMap to ``/config_map/xds``
// 3. Configure path ``/config_map/xds/xds.yaml``
// 4. Configure watched directory ``/config_map/xds``
//
// The above configuration will ensure that Envoy watches the owning directory for moves which is
// required due to how Kubernetes manages ConfigMap symbolic links during atomic updates.
@ -203,7 +203,7 @@ message ConfigSource {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.ConfigSource";
// Authorities that this config source may be used for. An authority specified in a xdstp:// URL
// is resolved to a *ConfigSource* prior to configuration fetch. This field provides the
// is resolved to a ``ConfigSource`` prior to configuration fetch. This field provides the
// association between authority name and configuration source.
// [#not-implemented-hide:]
repeated xds.core.v3.Authority authorities = 7;
@ -211,7 +211,7 @@ message ConfigSource {
oneof config_source_specifier {
option (validate.required) = true;
// Deprecated in favor of `path_config_source`. Use that field instead.
// Deprecated in favor of ``path_config_source``. Use that field instead.
string path = 1 [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
// Local filesystem path configuration source.
@ -269,7 +269,7 @@ message ExtensionConfigSource {
// Optional default configuration to use as the initial configuration if
// there is a failure to receive the initial extension configuration or if
// `apply_default_config_without_warming` flag is set.
// ``apply_default_config_without_warming`` flag is set.
google.protobuf.Any default_config = 2;
// Use the default config as the initial configuration without warming and

6
xds/third_party/envoy/src/main/proto/envoy/config/core/v3/extension.proto vendored
View File

@ -23,9 +23,9 @@ message TypedExtensionConfig {
string name = 1 [(validate.rules).string = {min_len: 1}];
// The typed config for the extension. The type URL will be used to identify
// the extension. In the case that the type URL is *xds.type.v3.TypedStruct*
// (or, for historical reasons, *udpa.type.v1.TypedStruct*), the inner type
// URL of *TypedStruct* will be utilized. See the
// the extension. In the case that the type URL is ``xds.type.v3.TypedStruct``
// (or, for historical reasons, ``udpa.type.v1.TypedStruct``), the inner type
// URL of ``TypedStruct`` will be utilized. See the
// :ref:`extension configuration overview
// <config_overview_extension_configuration>` for further details.
google.protobuf.Any typed_config = 2 [(validate.rules).any = {required: true}];

4
xds/third_party/envoy/src/main/proto/envoy/config/core/v3/grpc_service.proto vendored
View File

@ -38,7 +38,7 @@ message GrpcService {
// <envoy_v3_api_field_config.cluster.v3.Cluster.transport_socket>`.
string cluster_name = 1 [(validate.rules).string = {min_len: 1}];
// The `:authority` header in the grpc request. If this field is not set, the authority header value will be `cluster_name`.
// The ``:authority`` header in the grpc request. If this field is not set, the authority header value will be ``cluster_name``.
// Note that this authority does not override the SNI. The SNI is provided by the transport socket of the cluster.
string authority = 2
[(validate.rules).string =
@ -142,7 +142,7 @@ message GrpcService {
// URI of the token exchange service that handles token exchange requests.
// [#comment:TODO(asraa): Add URI validation when implemented. Tracked by
// https://github.com/envoyproxy/protoc-gen-validate/issues/303]
// https://github.com/bufbuild/protoc-gen-validate/issues/303]
string token_exchange_service_uri = 1;
// Location of the target service or resource where the client

46
xds/third_party/envoy/src/main/proto/envoy/config/core/v3/health_check.proto vendored
View File

@ -30,7 +30,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
// Endpoint health status.
enum HealthStatus {
// The health status is not known. This is interpreted by Envoy as *HEALTHY*.
// The health status is not known. This is interpreted by Envoy as ``HEALTHY``.
UNKNOWN = 0;
// Healthy.
@ -43,11 +43,11 @@ enum HealthStatus {
// `<https://aws.amazon.com/blogs/aws/elb-connection-draining-remove-instances-from-service-with-care/>`_
// or
// `<https://cloud.google.com/compute/docs/load-balancing/enabling-connection-draining>`_.
// This is interpreted by Envoy as *UNHEALTHY*.
// This is interpreted by Envoy as ``UNHEALTHY``.
DRAINING = 3;
// Health check timed out. This is part of HDS and is interpreted by Envoy as
// *UNHEALTHY*.
// ``UNHEALTHY``.
TIMEOUT = 4;
// Degraded.
@ -75,12 +75,12 @@ message HealthCheck {
// Hex encoded payload. E.g., "000000FF".
string text = 1 [(validate.rules).string = {min_len: 1}];
// [#not-implemented-hide:] Binary payload.
// Binary payload.
bytes binary = 2;
}
}
// [#next-free-field: 13]
// [#next-free-field: 15]
message HttpHealthCheck {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.core.HealthCheck.HttpHealthCheck";
@ -96,15 +96,27 @@ message HealthCheck {
string host = 1 [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}];
// Specifies the HTTP path that will be requested during health checking. For example
// */healthcheck*.
// ``/healthcheck``.
string path = 2
[(validate.rules).string = {min_len: 1 well_known_regex: HTTP_HEADER_VALUE strict: false}];
// [#not-implemented-hide:] HTTP specific payload.
Payload send = 3;
// [#not-implemented-hide:] HTTP specific response.
Payload receive = 4;
// Specifies a list of HTTP expected responses to match in the first ``response_buffer_size`` bytes of the response body.
// If it is set, both the expected response check and status code determine the health check.
// When checking the response, fuzzy matching is performed such that each payload block must be found,
// and in the order specified, but not necessarily contiguous.
//
// .. note::
//
// It is recommended to set ``response_buffer_size`` based on the total Payload size for efficiency.
// The default buffer size is 1024 bytes when it is not set.
repeated Payload receive = 4;
// Specifies the size of response buffer in bytes that is used to Payload match.
// The default value is 1024. Setting to 0 implies that the Payload will be matched against the entire response.
google.protobuf.UInt64Value response_buffer_size = 14 [(validate.rules).uint64 = {gte: 0}];
// Specifies a list of HTTP headers that should be added to each request that is sent to the
// health checked cluster. For more information, including details on header value syntax, see
@ -145,6 +157,12 @@ message HealthCheck {
// <envoy_v3_api_msg_type.matcher.v3.StringMatcher>`. See the :ref:`architecture overview
// <arch_overview_health_checking_identity>` for more information.
type.matcher.v3.StringMatcher service_name_matcher = 11;
// HTTP Method that will be used for health checking, default is "GET".
// GET, HEAD, POST, PUT, DELETE, OPTIONS, TRACE, PATCH methods are supported, but making request body is not supported.
// CONNECT method is disallowed because it is not appropriate for health check request.
// If a non-200 response is expected by the method, it needs to be set in :ref:`expected_statuses <envoy_v3_api_field_config.core.v3.HealthCheck.HttpHealthCheck.expected_statuses>`.
RequestMethod method = 13 [(validate.rules).enum = {defined_only: true not_in: 6}];
}
message TcpHealthCheck {
@ -155,7 +173,7 @@ message HealthCheck {
Payload send = 1;
// When checking the response, fuzzy matching is performed such that each
// binary block must be found, and in the order specified, but not
// payload block must be found, and in the order specified, but not
// necessarily contiguous.
repeated Payload receive = 2;
}
@ -260,15 +278,15 @@ message HealthCheck {
google.protobuf.Duration interval_jitter = 3;
// An optional jitter amount as a percentage of interval_ms. If specified,
// during every interval Envoy will add interval_ms *
// interval_jitter_percent / 100 to the wait time.
// during every interval Envoy will add ``interval_ms`` *
// ``interval_jitter_percent`` / 100 to the wait time.
//
// If interval_jitter_ms and interval_jitter_percent are both set, both of
// them will be used to increase the wait time.
uint32 interval_jitter_percent = 18;
// The number of unhealthy health checks required before a host is marked
// unhealthy. Note that for *http* health checking if a host responds with a code not in
// unhealthy. Note that for ``http`` health checking if a host responds with a code not in
// :ref:`expected_statuses <envoy_v3_api_field_config.core.v3.HealthCheck.HttpHealthCheck.expected_statuses>`
// or :ref:`retriable_statuses <envoy_v3_api_field_config.core.v3.HealthCheck.HttpHealthCheck.retriable_statuses>`,
// this threshold is ignored and the host is considered immediately unhealthy.
@ -316,7 +334,7 @@ message HealthCheck {
// (including new hosts) when the cluster has received no traffic.
//
// This is useful for when we want to send frequent health checks with
// `no_traffic_interval` but then revert to lower frequency `no_traffic_healthy_interval` once
// ``no_traffic_interval`` but then revert to lower frequency ``no_traffic_healthy_interval`` once
// a host in the cluster is marked as healthy.
//
// Once a cluster has been used for traffic routing, Envoy will shift back to using the
@ -386,7 +404,7 @@ message HealthCheck {
// name: envoy.transport_sockets.tls
// config: { ... } # tls socket configuration
//
// If this field is set, then for health checks it will supersede an entry of *envoy.transport_socket* in the
// If this field is set, then for health checks it will supersede an entry of ``envoy.transport_socket`` in the
// :ref:`LbEndpoint.Metadata <envoy_v3_api_field_config.endpoint.v3.LbEndpoint.metadata>`.
// This allows using different transport socket capabilities for health checking versus proxying to the
// endpoint.

4
xds/third_party/envoy/src/main/proto/envoy/config/core/v3/http_uri.proto vendored
View File

@ -14,7 +14,7 @@ option java_multiple_files = true;
option go_package = "github.com/envoyproxy/go-control-plane/envoy/config/core/v3;corev3";
option (udpa.annotations.file_status).package_version_status = ACTIVE;
// [#protodoc-title: HTTP Service URI ]
// [#protodoc-title: HTTP service URI ]
// Envoy external URI descriptor
message HttpUri {
@ -30,7 +30,7 @@ message HttpUri {
//
string uri = 1 [(validate.rules).string = {min_len: 1}];
// Specify how `uri` is to be fetched. Today, this requires an explicit
// Specify how ``uri`` is to be fetched. Today, this requires an explicit
// cluster, but in the future we may support dynamic cluster creation or
// inline DNS resolution. See `issue
// <https://github.com/envoyproxy/envoy/issues/1606>`_.

60
xds/third_party/envoy/src/main/proto/envoy/config/core/v3/protocol.proto vendored
View File

@ -75,9 +75,9 @@ message QuicProtocolOptions {
google.protobuf.UInt32Value initial_stream_window_size = 2
[(validate.rules).uint32 = {lte: 16777216 gte: 1}];
// Similar to *initial_stream_window_size*, but for connection-level
// Similar to ``initial_stream_window_size``, but for connection-level
// flow-control. Valid values rage from 1 to 25165824 (24MB, maximum supported by QUICHE) and defaults to 65536 (2^16).
// window. Currently, this has the same minimum/default as *initial_stream_window_size*.
// window. Currently, this has the same minimum/default as ``initial_stream_window_size``.
//
// NOTE: 16384 (2^14) is the minimum window size supported in Google QUIC. We only support increasing the default
// window size now, so it's also the minimum.
@ -109,7 +109,7 @@ message UpstreamHttpProtocolOptions {
// Automatic validate upstream presented certificate for new upstream connections based on the
// downstream HTTP host/authority header or any other arbitrary header when :ref:`override_auto_sni_header <envoy_v3_api_field_config.core.v3.UpstreamHttpProtocolOptions.override_auto_sni_header>`
// is set, as seen by the :ref:`router filter <config_http_filters_router>`.
// This field is intended to be set with `auto_sni` field.
// This field is intended to be set with ``auto_sni`` field.
bool auto_san_validation = 2;
// An optional alternative to the host/authority header to be used for setting the SNI value.
@ -117,7 +117,7 @@ message UpstreamHttpProtocolOptions {
// :ref:`router filter <config_http_filters_router>`.
// If unset, host/authority header will be used for populating the SNI. If the specified header
// is not found or the value is empty, host/authority header will be used instead.
// This field is intended to be set with `auto_sni` and/or `auto_san_validation` fields.
// This field is intended to be set with ``auto_sni`` and/or ``auto_san_validation`` fields.
// If none of these fields are set then setting this would be a no-op.
string override_auto_sni_header = 3
[(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME ignore_empty: true}];
@ -127,6 +127,7 @@ message UpstreamHttpProtocolOptions {
// make an HTTP connection to an origin server. See https://tools.ietf.org/html/rfc7838 for
// HTTP Alternative Services and https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-svcb-https-04
// for the "HTTPS" DNS resource record.
// [#next-free-field: 6]
message AlternateProtocolsCacheOptions {
// Allows pre-populating the cache with HTTP/3 alternate protocols entries with a 7 day lifetime.
// This will cause Envoy to attempt HTTP/3 to those upstreams, even if the upstreams have not
@ -171,6 +172,17 @@ message AlternateProtocolsCacheOptions {
// Allows pre-populating the cache with entries, as described above.
repeated AlternateProtocolsCacheEntry prepopulated_entries = 4;
// Optional list of hostnames suffixes for which Alt-Svc entries can be shared. For example, if
// this list contained the value ``.c.example.com``, then an Alt-Svc entry for ``foo.c.example.com``
// could be shared with ``bar.c.example.com`` but would not be shared with ``baz.example.com``. On
// the other hand, if the list contained the value ``.example.com`` then all three hosts could share
// Alt-Svc entries. Each entry must start with ``.``. If a hostname matches multiple suffixes, the
// first listed suffix will be used.
//
// Since lookup in this list is O(n), it is recommended that the number of suffixes be limited.
// [#not-implemented-hide:]
repeated string canonical_suffixes = 5;
}
// [#next-free-field: 7]
@ -247,7 +259,7 @@ message HttpProtocolOptions {
google.protobuf.UInt32Value max_requests_per_connection = 6;
}
// [#next-free-field: 8]
// [#next-free-field: 9]
message Http1ProtocolOptions {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.core.Http1ProtocolOptions";
@ -282,18 +294,18 @@ message Http1ProtocolOptions {
// Handle HTTP requests with absolute URLs in the requests. These requests
// are generally sent by clients to forward/explicit proxies. This allows clients to configure
// envoy as their HTTP proxy. In Unix, for example, this is typically done by setting the
// *http_proxy* environment variable.
// ``http_proxy`` environment variable.
google.protobuf.BoolValue allow_absolute_url = 1;
// Handle incoming HTTP/1.0 and HTTP 0.9 requests.
// This is off by default, and not fully standards compliant. There is support for pre-HTTP/1.1
// style connect logic, dechunking, and handling lack of client host iff
// *default_host_for_http_10* is configured.
// ``default_host_for_http_10`` is configured.
bool accept_http_10 = 2;
// A default host for HTTP/1.0 requests. This is highly suggested if *accept_http_10* is true as
// A default host for HTTP/1.0 requests. This is highly suggested if ``accept_http_10`` is true as
// Envoy does not otherwise support HTTP/1.0 without a Host header.
// This is a no-op if *accept_http_10* is not true.
// This is a no-op if ``accept_http_10`` is not true.
string default_host_for_http_10 = 3;
// Describes how the keys for response headers should be formatted. By default, all header keys
@ -311,7 +323,7 @@ message Http1ProtocolOptions {
// - The content length header is not present.
bool enable_trailers = 5;
// Allows Envoy to process requests/responses with both `Content-Length` and `Transfer-Encoding`
// Allows Envoy to process requests/responses with both ``Content-Length`` and ``Transfer-Encoding``
// headers set. By default such messages are rejected, but if option is enabled - Envoy will
// remove Content-Length header and process message.
// See `RFC7230, sec. 3.3.3 <https://tools.ietf.org/html/rfc7230#section-3.3.3>`_ for details.
@ -319,6 +331,9 @@ message Http1ProtocolOptions {
// .. attention::
// Enabling this option might lead to request smuggling vulnerability, especially if traffic
// is proxied via multiple layers of proxies.
// [#comment:TODO: This field is ignored when the
// :ref:`header validation configuration <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.typed_header_validation_config>`
// is present.]
bool allow_chunked_length = 6;
// Allows invalid HTTP messaging. When this option is false, then Envoy will terminate
@ -328,6 +343,13 @@ message Http1ProtocolOptions {
// If set, this overrides any HCM :ref:`stream_error_on_invalid_http_messaging
// <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.stream_error_on_invalid_http_message>`.
google.protobuf.BoolValue override_stream_error_on_invalid_http_message = 7;
// Allows sending fully qualified URLs when proxying the first line of the
// response. By default, Envoy will only send the path components in the first line.
// If this is true, Envoy will create a fully qualified URI composing scheme
// (inferred if not present), host (from the host/:authority header) and path
// (from first line or :path header).
bool send_fully_qualified_url = 8;
}
message KeepaliveSettings {
@ -415,8 +437,8 @@ message Http2ProtocolOptions {
google.protobuf.UInt32Value initial_stream_window_size = 3
[(validate.rules).uint32 = {lte: 2147483647 gte: 65535}];
// Similar to *initial_stream_window_size*, but for connection-level flow-control
// window. Currently, this has the same minimum/maximum/default as *initial_stream_window_size*.
// Similar to ``initial_stream_window_size``, but for connection-level flow-control
// window. Currently, this has the same minimum/maximum/default as ``initial_stream_window_size``.
google.protobuf.UInt32Value initial_connection_window_size = 4
[(validate.rules).uint32 = {lte: 2147483647 gte: 65535}];
@ -456,11 +478,11 @@ message Http2ProtocolOptions {
// of PRIORITY frames received over the lifetime of connection exceeds the value calculated
// using this formula::
//
// max_inbound_priority_frames_per_stream * (1 + opened_streams)
// ``max_inbound_priority_frames_per_stream`` * (1 + ``opened_streams``)
//
// the connection is terminated. For downstream connections the `opened_streams` is incremented when
// the connection is terminated. For downstream connections the ``opened_streams`` is incremented when
// Envoy receives complete response headers from the upstream server. For upstream connection the
// `opened_streams` is incremented when Envoy send the HEADERS frame for a new stream. The
// ``opened_streams`` is incremented when Envoy send the HEADERS frame for a new stream. The
// ``http2.inbound_priority_frames_flood`` stat tracks
// the number of connections terminated due to flood mitigation. The default limit is 100.
google.protobuf.UInt32Value max_inbound_priority_frames_per_stream = 10;
@ -469,12 +491,12 @@ message Http2ProtocolOptions {
// of WINDOW_UPDATE frames received over the lifetime of connection exceeds the value calculated
// using this formula::
//
// 5 + 2 * (opened_streams +
// max_inbound_window_update_frames_per_data_frame_sent * outbound_data_frames)
// 5 + 2 * (``opened_streams`` +
// ``max_inbound_window_update_frames_per_data_frame_sent`` * ``outbound_data_frames``)
//
// the connection is terminated. For downstream connections the `opened_streams` is incremented when
// the connection is terminated. For downstream connections the ``opened_streams`` is incremented when
// Envoy receives complete response headers from the upstream server. For upstream connections the
// `opened_streams` is incremented when Envoy sends the HEADERS frame for a new stream. The
// ``opened_streams`` is incremented when Envoy sends the HEADERS frame for a new stream. The
// ``http2.inbound_priority_frames_flood`` stat tracks the number of connections terminated due to
// flood mitigation. The default max_inbound_window_update_frames_per_data_frame_sent value is 10.
// Setting this to 1 should be enough to support HTTP/2 implementations with basic flow control,

2
xds/third_party/envoy/src/main/proto/envoy/config/core/v3/proxy_protocol.proto vendored
View File

@ -10,7 +10,7 @@ option java_multiple_files = true;
option go_package = "github.com/envoyproxy/go-control-plane/envoy/config/core/v3;corev3";
option (udpa.annotations.file_status).package_version_status = ACTIVE;
// [#protodoc-title: Proxy Protocol]
// [#protodoc-title: Proxy protocol]
message ProxyProtocolConfig {
enum Version {

6
xds/third_party/envoy/src/main/proto/envoy/config/core/v3/socket_option.proto vendored
View File

@ -12,7 +12,7 @@ option java_multiple_files = true;
option go_package = "github.com/envoyproxy/go-control-plane/envoy/config/core/v3;corev3";
option (udpa.annotations.file_status).package_version_status = ACTIVE;
// [#protodoc-title: Socket Option ]
// [#protodoc-title: Socket option]
// Generic socket option message. This would be used to set socket options that
// might not exist in upstream kernels or precompiled Envoy binaries.
@ -75,3 +75,7 @@ message SocketOption {
// STATE_PREBIND is currently the only valid value.
SocketState state = 6 [(validate.rules).enum = {defined_only: true}];
}
message SocketOptionsOverride {
repeated SocketOption socket_options = 1;
}

6
xds/third_party/envoy/src/main/proto/envoy/config/core/v3/substitution_format_string.proto vendored
View File

@ -97,9 +97,9 @@ message SubstitutionFormatString {
// * for ``json_format`` the keys with null values are omitted in the output structure.
bool omit_empty_values = 3;
// Specify a *content_type* field.
// If this field is not set then ``text/plain`` is used for *text_format* and
// ``application/json`` is used for *json_format*.
// Specify a ``content_type`` field.
// If this field is not set then ``text/plain`` is used for ``text_format`` and
// ``application/json`` is used for ``json_format``.
//
// .. validated-code-block:: yaml
// :type-name: envoy.config.core.v3.SubstitutionFormatString

25
xds/third_party/envoy/src/main/proto/envoy/config/endpoint/v3/endpoint_components.proto vendored
View File

@ -44,6 +44,17 @@ message Endpoint {
// to a non-empty value allows overriding the cluster level configuration for a specific
// endpoint.
string hostname = 2;
// Optional alternative health check host address.
//
// .. attention::
//
// The form of the health check host address is expected to be a direct IP address.
core.v3.Address address = 3;
// Optional flag to control if perform active health check for this endpoint.
// Active health check is enabled by default if there is a health checker.
bool disable_active_health_check = 4;
}
// The upstream host address.
@ -91,8 +102,8 @@ message LbEndpoint {
// The endpoint metadata specifies values that may be used by the load
// balancer to select endpoints in a cluster for a given request. The filter
// name should be specified as *envoy.lb*. An example boolean key-value pair
// is *canary*, providing the optional canary status of the upstream host.
// name should be specified as ``envoy.lb``. An example boolean key-value pair
// is ``canary``, providing the optional canary status of the upstream host.
// This may be matched against in a route's
// :ref:`RouteAction <envoy_v3_api_msg_config.route.v3.RouteAction>` metadata_match field
// to subset the endpoints considered in cluster load balancing.
@ -104,9 +115,9 @@ message LbEndpoint {
// of the weights of all endpoints in the endpoint's locality to produce a
// percentage of traffic for the endpoint. This percentage is then further
// weighted by the endpoint's locality's load balancing weight from
// LocalityLbEndpoints. If unspecified, each host is presumed to have equal
// weight in a locality. The sum of the weights of all endpoints in the
// endpoint's locality must not exceed uint32_t maximal value (4294967295).
// LocalityLbEndpoints. If unspecified, will be treated as 1. The sum
// of the weights of all endpoints in the endpoint's locality must not
// exceed uint32_t maximal value (4294967295).
google.protobuf.UInt32Value load_balancing_weight = 4 [(validate.rules).uint32 = {gte: 1}];
}
@ -140,13 +151,13 @@ message LocalityLbEndpoints {
// The group of endpoints belonging to the locality specified.
// [#comment:TODO(adisuissa): Once LEDS is implemented this field needs to be
// deprecated and replaced by *load_balancer_endpoints*.]
// deprecated and replaced by ``load_balancer_endpoints``.]
repeated LbEndpoint lb_endpoints = 2;
// [#not-implemented-hide:]
oneof lb_config {
// The group of endpoints belonging to the locality.
// [#comment:TODO(adisuissa): Once LEDS is implemented the *lb_endpoints* field
// [#comment:TODO(adisuissa): Once LEDS is implemented the ``lb_endpoints`` field
// needs to be deprecated.]
LbEndpointList load_balancer_endpoints = 7;

6
xds/third_party/envoy/src/main/proto/envoy/config/endpoint/v3/load_report.proto vendored
View File

@ -161,8 +161,8 @@ message ClusterStats {
repeated DroppedRequests dropped_requests = 5;
// Period over which the actual load report occurred. This will be guaranteed to include every
// request reported. Due to system load and delays between the *LoadStatsRequest* sent from Envoy
// and the *LoadStatsResponse* message sent from the management server, this may be longer than
// the requested load reporting interval in the *LoadStatsResponse*.
// request reported. Due to system load and delays between the ``LoadStatsRequest`` sent from Envoy
// and the ``LoadStatsResponse`` message sent from the management server, this may be longer than
// the requested load reporting interval in the ``LoadStatsResponse``.
google.protobuf.Duration load_report_interval = 4;
}

96
xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener.proto vendored
View File

@ -5,6 +5,7 @@ package envoy.config.listener.v3;
import "envoy/config/accesslog/v3/accesslog.proto";
import "envoy/config/core/v3/address.proto";
import "envoy/config/core/v3/base.proto";
import "envoy/config/core/v3/extension.proto";
import "envoy/config/core/v3/socket_option.proto";
import "envoy/config/listener/v3/api_listener.proto";
import "envoy/config/listener/v3/listener_components.proto";
@ -32,13 +33,27 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
// [#protodoc-title: Listener configuration]
// Listener :ref:`configuration overview <config_listeners>`
// Listener list collections. Entries are *Listener* resources or references.
// The additional address the listener is listening on.
message AdditionalAddress {
core.v3.Address address = 1;
// Additional socket options that may not be present in Envoy source code or
// precompiled binaries. If specified, this will override the
// :ref:`socket_options <envoy_v3_api_field_config.listener.v3.Listener.socket_options>`
// in the listener. If specified with no
// :ref:`socket_options <envoy_v3_api_field_config.core.v3.SocketOptionsOverride.socket_options>`
// or an empty list of :ref:`socket_options <envoy_v3_api_field_config.core.v3.SocketOptionsOverride.socket_options>`,
// it means no socket option will apply.
core.v3.SocketOptionsOverride socket_options = 2;
}
// Listener list collections. Entries are ``Listener`` resources or references.
// [#not-implemented-hide:]
message ListenerCollection {
repeated xds.core.v3.CollectionEntry entries = 1;
}
// [#next-free-field: 33]
// [#next-free-field: 34]
message Listener {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.Listener";
@ -88,11 +103,15 @@ message Listener {
// If specified, the listener will use the exact connection balancer.
ExactBalance exact_balance = 1;
// The listener will use the connection balancer according to ``type_url``. If ``type_url`` is invalid,
// Envoy will not attempt to balance active connections between worker threads.
// [#extension-category: envoy.network.connection_balance]
core.v3.TypedExtensionConfig extend_balance = 2;
}
}
// Configuration for envoy internal listener. All the future internal listener features should be added here.
// [#not-implemented-hide:]
message InternalListenerConfig {
}
@ -106,12 +125,17 @@ message Listener {
// The address that the listener should listen on. In general, the address must be unique, though
// that is governed by the bind rules of the OS. E.g., multiple listeners can listen on port 0 on
// Linux as the actual port will be allocated by the OS.
// Required unless *api_listener* or *listener_specifier* is populated.
// Required unless ``api_listener`` or ``listener_specifier`` is populated.
core.v3.Address address = 2;
// The additional addresses the listener should listen on. The addresses must be unique across all
// listeners. Multiple addresses with port 0 can be supplied. When using multiple addresses in a single listener,
// all addresses use the same protocol, and multiple internal addresses are not supported.
repeated AdditionalAddress additional_addresses = 33;
// Optional prefix to use on listener stats. If empty, the stats will be rooted at
// `listener.<address as string>.`. If non-empty, stats will be rooted at
// `listener.<stat_prefix>.`.
// ``listener.<address as string>.``. If non-empty, stats will be rooted at
// ``listener.<stat_prefix>.``.
string stat_prefix = 28;
// A list of filter chains to consider for this listener. The
@ -142,7 +166,7 @@ message Listener {
xds.type.matcher.v3.Matcher filter_chain_matcher = 32
[(xds.annotations.v3.field_status).work_in_progress = true];
// If a connection is redirected using *iptables*, the port on which the proxy
// If a connection is redirected using ``iptables``, the port on which the proxy
// receives it might be different from the original destination address. When this flag is set to
// true, the listener hands off redirected connections to the listener associated with the
// original destination address. If there is no listener associated with the original destination
@ -180,7 +204,7 @@ message Listener {
// The timeout to wait for all listener filters to complete operation. If the timeout is reached,
// the accepted socket is closed without a connection being created unless
// `continue_on_listener_filters_timeout` is set to true. Specify 0 to disable the
// ``continue_on_listener_filters_timeout`` is set to true. Specify 0 to disable the
// timeout. If not specified, a default timeout of 15s is used.
google.protobuf.Duration listener_filters_timeout = 15;
@ -195,30 +219,33 @@ message Listener {
// Whether the listener should be set as a transparent socket.
// When this flag is set to true, connections can be redirected to the listener using an
// *iptables* *TPROXY* target, in which case the original source and destination addresses and
// ``iptables`` ``TPROXY`` target, in which case the original source and destination addresses and
// ports are preserved on accepted connections. This flag should be used in combination with
// :ref:`an original_dst <config_listener_filters_original_dst>` :ref:`listener filter
// <envoy_v3_api_field_config.listener.v3.Listener.listener_filters>` to mark the connections' local addresses as
// "restored." This can be used to hand off each redirected connection to another listener
// associated with the connection's destination address. Direct connections to the socket without
// using *TPROXY* cannot be distinguished from connections redirected using *TPROXY* and are
// using ``TPROXY`` cannot be distinguished from connections redirected using ``TPROXY`` and are
// therefore treated as if they were redirected.
// When this flag is set to false, the listener's socket is explicitly reset as non-transparent.
// Setting this flag requires Envoy to run with the *CAP_NET_ADMIN* capability.
// Setting this flag requires Envoy to run with the ``CAP_NET_ADMIN`` capability.
// When this flag is not set (default), the socket is not modified, i.e. the transparent option
// is neither set nor reset.
google.protobuf.BoolValue transparent = 10;
// Whether the listener should set the *IP_FREEBIND* socket option. When this
// Whether the listener should set the ``IP_FREEBIND`` socket option. When this
// flag is set to true, listeners can be bound to an IP address that is not
// configured on the system running Envoy. When this flag is set to false, the
// option *IP_FREEBIND* is disabled on the socket. When this flag is not set
// option ``IP_FREEBIND`` is disabled on the socket. When this flag is not set
// (default), the socket is not modified, i.e. the option is neither enabled
// nor disabled.
google.protobuf.BoolValue freebind = 11;
// Additional socket options that may not be present in Envoy source code or
// precompiled binaries.
// precompiled binaries. The socket options can be updated for a listener when
// :ref:`enable_reuse_port <envoy_v3_api_field_config.listener.v3.Listener.enable_reuse_port>`
// is `true`. Otherwise, if socket options change during a listener update the update will be rejected
// to make it clear that the options were not updated.
repeated core.v3.SocketOption socket_options = 13;
// Whether the listener should accept TCP Fast Open (TFO) connections.
@ -277,14 +304,16 @@ message Listener {
// enable the balance config in Y1 and Y2 to balance the connections among the workers.
ConnectionBalanceConfig connection_balance_config = 20;
// Deprecated. Use `enable_reuse_port` instead.
// Deprecated. Use ``enable_reuse_port`` instead.
bool reuse_port = 21 [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
// When this flag is set to true, listeners set the *SO_REUSEPORT* socket option and
// When this flag is set to true, listeners set the ``SO_REUSEPORT`` socket option and
// create one socket for each worker thread. This makes inbound connections
// distribute among worker threads roughly evenly in cases where there are a high number
// of connections. When this flag is set to false, all worker threads share one socket. This field
// defaults to true.
// defaults to true. The change of field will be rejected during an listener update when the
// runtime flag ``envoy.reloadable_features.enable_update_listener_socket_options`` is enabled.
// Otherwise, the update of this field will be ignored quietly.
//
// .. attention::
//
@ -317,24 +346,21 @@ message Listener {
google.protobuf.BoolValue bind_to_port = 26;
// The exclusive listener type and the corresponding config.
// TODO(lambdai): https://github.com/envoyproxy/envoy/issues/15372
// Will create and add TcpListenerConfig. Will add UdpListenerConfig and ApiListener.
// [#not-implemented-hide:]
oneof listener_specifier {
// Used to represent an internal listener which does not listen on OSI L4 address but can be used by the
// :ref:`envoy cluster <envoy_v3_api_msg_config.cluster.v3.Cluster>` to create a user space connection to.
// The internal listener acts as a tcp listener. It supports listener filters and network filter chains.
// The internal listener require :ref:`address <envoy_v3_api_field_config.listener.v3.Listener.address>` has
// field `envoy_internal_address`.
// The internal listener acts as a TCP listener. It supports listener filters and network filter chains.
// Upstream clusters refer to the internal listeners by their :ref:`name
// <envoy_v3_api_field_config.listener.v3.Listener.name>`. :ref:`Address
// <envoy_v3_api_field_config.listener.v3.Listener.address>` must not be set on the internal listeners.
//
// There are some limitations are derived from the implementation. The known limitations include
// There are some limitations that are derived from the implementation. The known limitations include:
//
// * :ref:`ConnectionBalanceConfig <envoy_v3_api_msg_config.listener.v3.Listener.ConnectionBalanceConfig>` is not
// allowed because both cluster connection and listener connection must be owned by the same dispatcher.
// allowed because both the cluster connection and the listener connection must be owned by the same dispatcher.
// * :ref:`tcp_backlog_size <envoy_v3_api_field_config.listener.v3.Listener.tcp_backlog_size>`
// * :ref:`freebind <envoy_v3_api_field_config.listener.v3.Listener.freebind>`
// * :ref:`transparent <envoy_v3_api_field_config.listener.v3.Listener.transparent>`
// [#not-implemented-hide:]
InternalListenerConfig internal_listener = 27;
}
@ -346,3 +372,21 @@ message Listener {
// :ref:`global_downstream_max_connections <config_overload_manager_limiting_connections>`.
bool ignore_global_conn_limit = 31;
}
// A placeholder proto so that users can explicitly configure the standard
// Listener Manager via the bootstrap's :ref:`listener_manager <envoy_v3_api_field_config.bootstrap.v3.Bootstrap.listener_manager>`.
// [#not-implemented-hide:]
message ListenerManager {
}
// A placeholder proto so that users can explicitly configure the standard
// Validation Listener Manager via the bootstrap's :ref:`listener_manager <envoy_v3_api_field_config.bootstrap.v3.Bootstrap.listener_manager>`.
// [#not-implemented-hide:]
message ValidationListenerManager {
}
// A placeholder proto so that users can explicitly configure the API
// Listener Manager via the bootstrap's :ref:`listener_manager <envoy_v3_api_field_config.bootstrap.v3.Bootstrap.listener_manager>`.
// [#not-implemented-hide:]
message ApiListenerManager {
}

16
xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener_components.proto vendored
View File

@ -11,8 +11,6 @@ import "google/protobuf/any.proto";
import "google/protobuf/duration.proto";
import "google/protobuf/wrappers.proto";
import "xds/annotations/v3/status.proto";
import "envoy/annotations/deprecation.proto";
import "udpa/annotations/status.proto";
import "udpa/annotations/versioning.proto";
@ -157,6 +155,7 @@ message FilterChainMatch {
// will be first matched against ``www.example.com``, then ``*.example.com``, then ``*.com``.
//
// Note that partial wildcards are not supported, and values like ``*w.example.com`` are invalid.
// The value ``*`` is also not supported, and ``server_names`` should be omitted instead.
//
// .. attention::
//
@ -229,6 +228,12 @@ message FilterChain {
// connections established with the listener. Order matters as the filters are
// processed sequentially as connection events happen. Note: If the filter
// list is empty, the connection will close by default.
//
// For QUIC listeners, network filters other than HTTP Connection Manager (HCM)
// can be created, but due to differences in the connection implementation compared
// to TCP, the onData() method will never be called. Therefore, network filters
// for QUIC listeners should only expect to do work at the start of a new connection
// (i.e. in onNewConnection()). HCM must be the last (or only) filter in the chain.
repeated Filter filters = 3;
// Whether the listener should expect a PROXY protocol V1 header on new
@ -248,8 +253,8 @@ message FilterChain {
core.v3.Metadata metadata = 5;
// Optional custom transport socket implementation to use for downstream connections.
// To setup TLS, set a transport socket with name `envoy.transport_sockets.tls` and
// :ref:`DownstreamTlsContext <envoy_v3_api_msg_extensions.transport_sockets.tls.v3.DownstreamTlsContext>` in the `typed_config`.
// To setup TLS, set a transport socket with name ``envoy.transport_sockets.tls`` and
// :ref:`DownstreamTlsContext <envoy_v3_api_msg_extensions.transport_sockets.tls.v3.DownstreamTlsContext>` in the ``typed_config``.
// If no transport socket configuration is specified, new connections
// will be set up with plaintext.
// [#extension-category: envoy.transport_sockets.downstream]
@ -264,7 +269,7 @@ message FilterChain {
// Note: :ref:`filter_chain_matcher
// <envoy_v3_api_field_config.listener.v3.Listener.filter_chain_matcher>`
// requires that filter chains are uniquely named within a listener.
string name = 7 [(xds.annotations.v3.field_status).work_in_progress = true];
string name = 7;
// [#not-implemented-hide:] The configuration to specify whether the filter chain will be built on-demand.
// If this field is not empty, the filter chain will be built on-demand.
@ -357,7 +362,6 @@ message ListenerFilter {
// Configuration source specifier for an extension configuration discovery
// service. In case of a failure and without the default configuration, the
// listener closes the connections.
// [#not-implemented-hide:]
core.v3.ExtensionConfigSource config_discovery = 5;
}

11
xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/quic_config.proto vendored
View File

@ -22,7 +22,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
// [#protodoc-title: QUIC listener config]
// Configuration specific to the UDP QUIC listener.
// [#next-free-field: 8]
// [#next-free-field: 9]
message QuicProtocolOptions {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.listener.QuicProtocolOptions";
@ -54,13 +54,18 @@ message QuicProtocolOptions {
google.protobuf.UInt32Value packets_to_read_to_connection_count_ratio = 5
[(validate.rules).uint32 = {gte: 1}];
// Configure which implementation of `quic::QuicCryptoClientStreamBase` to be used for this listener.
// Configure which implementation of ``quic::QuicCryptoClientStreamBase`` to be used for this listener.
// If not specified the :ref:`QUICHE default one configured by <envoy_v3_api_msg_extensions.quic.crypto_stream.v3.CryptoServerStreamConfig>` will be used.
// [#extension-category: envoy.quic.server.crypto_stream]
core.v3.TypedExtensionConfig crypto_stream_config = 6;
// Configure which implementation of `quic::ProofSource` to be used for this listener.
// Configure which implementation of ``quic::ProofSource`` to be used for this listener.
// If not specified the :ref:`default one configured by <envoy_v3_api_msg_extensions.quic.proof_source.v3.ProofSourceConfig>` will be used.
// [#extension-category: envoy.quic.proof_source]
core.v3.TypedExtensionConfig proof_source_config = 7;
// Config which implementation of ``quic::ConnectionIdGeneratorInterface`` to be used for this listener.
// If not specified the :ref:`default one configured by <envoy_v3_api_msg_extensions.quic.connection_id_generator.v3.DeterministicConnectionIdGeneratorConfig>` will be used.
// [#extension-category: envoy.quic.connection_id_generator]
core.v3.TypedExtensionConfig connection_id_generator_config = 8;
}

11
xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/udp_listener_config.proto vendored
View File

@ -2,6 +2,7 @@ syntax = "proto3";
package envoy.config.listener.v3;
import "envoy/config/core/v3/extension.proto";
import "envoy/config/core/v3/udp_socket_config.proto";
import "envoy/config/listener/v3/quic_config.proto";
@ -17,7 +18,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
// [#protodoc-title: UDP listener config]
// Listener :ref:`configuration overview <config_listeners>`
// [#next-free-field: 8]
// [#next-free-field: 9]
message UdpListenerConfig {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.listener.UdpListenerConfig";
@ -35,6 +36,14 @@ message UdpListenerConfig {
// Configuration for QUIC protocol. If empty, QUIC will not be enabled on this listener. Set
// to the default object to enable QUIC without modifying any additional options.
QuicProtocolOptions quic_options = 7;
// Configuration for the UDP packet writer. If empty, HTTP/3 will use GSO if available
// (:ref:`UdpDefaultWriterFactory <envoy_v3_api_msg_extensions.udp_packet_writer.v3.UdpGsoBatchWriterFactory>`)
// or the default kernel sendmsg if not,
// (:ref:`UdpDefaultWriterFactory <envoy_v3_api_msg_extensions.udp_packet_writer.v3.UdpDefaultWriterFactory>`)
// and raw UDP will use kernel sendmsg.
// [#extension-category: envoy.udp_packet_writer]
core.v3.TypedExtensionConfig udp_packet_packet_writer_config = 8;
}
message ActiveRawUdpListenerConfig {

49
xds/third_party/envoy/src/main/proto/envoy/config/metrics/v3/stats.proto vendored
View File

@ -48,10 +48,11 @@ message StatsConfig {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.metrics.v2.StatsConfig";
// Each stat name is iteratively processed through these tag specifiers.
// When a tag is matched, the first capture group is removed from the name so
// later :ref:`TagSpecifiers <envoy_v3_api_msg_config.metrics.v3.TagSpecifier>` cannot match that
// same portion of the match.
// Each stat name is independently processed through these tag specifiers. When a tag is
// matched, the first capture group is not immediately removed from the name, so later
// :ref:`TagSpecifiers <envoy_v3_api_msg_config.metrics.v3.TagSpecifier>` can also match that
// same portion of the match. After all tag matching is complete, a tag-extracted version of
// the name is produced and is used in stats sinks that represent tags, such as Prometheus.
repeated TagSpecifier stats_tags = 1;
// Use all default tag regexes specified in Envoy. These can be combined with
@ -120,7 +121,7 @@ message StatsMatcher {
// limited by either an exclusion or an inclusion list of :ref:`StringMatcher
// <envoy_v3_api_msg_type.matcher.v3.StringMatcher>` protos:
//
// * If `reject_all` is set to `true`, no stats will be instantiated. If `reject_all` is set to
// * If ``reject_all`` is set to `true`, no stats will be instantiated. If ``reject_all`` is set to
// `false`, all stats will be instantiated.
//
// * If an exclusion list is supplied, any stat name matching *any* of the StringMatchers in the
@ -186,7 +187,7 @@ message StatsMatcher {
oneof stats_matcher {
option (validate.required) = true;
// If `reject_all` is true, then all stats are disabled. If `reject_all` is false, then all
// If ``reject_all`` is true, then all stats are disabled. If ``reject_all`` is false, then all
// stats are enabled.
bool reject_all = 1;
@ -219,7 +220,11 @@ message TagSpecifier {
//
// .. note::
//
// It is invalid to specify the same tag name twice in a config.
// A stat name may be spelled in such a way that it matches two different
// tag extractors for the same tag name. In that case, all but one of the
// tag values will be dropped. It is not specified which tag value will be
// retained. The extraction will only occur for one of the extractors, and
// only the matched extraction will be removed from the tag name.
string tag_name = 1;
oneof tag_value {
@ -265,18 +270,18 @@ message TagSpecifier {
// }
// ]
//
// The two regexes of the specifiers will be processed in the definition order.
// The two regexes of the specifiers will be processed from the elaborated
// stat name.
//
// The first regex will remove ``ios.``, leaving the tag extracted name
// ``http.connection_manager_1.user_agent.downstream_cx_total``. The tag
// ``envoy.http_user_agent`` will be added with tag value ``ios``.
// The first regex will save ``ios.`` as the tag value for ``envoy.http_user_agent``. It will
// leave it in the name for potential matching with additional tag specifiers. After all tag
// specifiers are processed the tags will be removed from the name.
//
// The second regex will remove ``connection_manager_1.`` from the tag
// extracted name produced by the first regex
// ``http.connection_manager_1.user_agent.downstream_cx_total``, leaving
// ``http.user_agent.downstream_cx_total`` as the tag extracted name. The tag
// ``envoy.http_conn_manager_prefix`` will be added with the tag value
// ``connection_manager_1``.
// The second regex will populate tag ``envoy.http_conn_manager_prefix`` with value
// ``connection_manager_1.``, based on the original stat name.
//
// As a final step, the matched tags are removed, leaving
// ``http.user_agent.downstream_cx_total`` as the tag extracted name.
string regex = 2 [(validate.rules).string = {max_bytes: 1024}];
// Specifies a fixed tag value for the ``tag_name``.
@ -287,7 +292,7 @@ message TagSpecifier {
// Specifies a matcher for stats and the buckets that matching stats should use.
message HistogramBucketSettings {
// The stats that this rule applies to. The match is applied to the original stat name
// before tag-extraction, for example `cluster.exampleclustername.upstream_cx_length_ms`.
// before tag-extraction, for example ``cluster.exampleclustername.upstream_cx_length_ms``.
type.matcher.v3.StringMatcher match = 1 [(validate.rules).message = {required: true}];
// Each value is the upper bound of a bucket. Each bucket must be greater than 0 and unique.
@ -299,7 +304,7 @@ message HistogramBucketSettings {
}];
}
// Stats configuration proto schema for built-in *envoy.stat_sinks.statsd* sink. This sink does not support
// Stats configuration proto schema for built-in ``envoy.stat_sinks.statsd`` sink. This sink does not support
// tagged metrics.
// [#extension: envoy.stat_sinks.statsd]
message StatsdSink {
@ -348,7 +353,7 @@ message StatsdSink {
string prefix = 3;
}
// Stats configuration proto schema for built-in *envoy.stat_sinks.dog_statsd* sink.
// Stats configuration proto schema for built-in ``envoy.stat_sinks.dog_statsd`` sink.
// The sink emits stats with `DogStatsD <https://docs.datadoghq.com/guides/dogstatsd/>`_
// compatible tags. Tags are configurable via :ref:`StatsConfig
// <envoy_v3_api_msg_config.metrics.v3.StatsConfig>`.
@ -380,7 +385,7 @@ message DogStatsdSink {
google.protobuf.UInt64Value max_bytes_per_datagram = 4 [(validate.rules).uint64 = {gt: 0}];
}
// Stats configuration proto schema for built-in *envoy.stat_sinks.hystrix* sink.
// Stats configuration proto schema for built-in ``envoy.stat_sinks.hystrix`` sink.
// The sink emits stats in `text/event-stream
// <https://developer.mozilla.org/en-US/docs/Web/API/Server-sent_events/Using_server-sent_events>`_
// formatted stream for use by `Hystrix dashboard
@ -401,7 +406,7 @@ message HystrixSink {
// in the process). The sink then outputs the aggregate statistics across the
// current rolling window to the event stream(s).
//
// rolling_window(ms) = stats_flush_interval(ms) * num_of_buckets
// ``rolling_window(ms)`` = ``stats_flush_interval(ms)`` * ``num_of_buckets``
//
// More detailed explanation can be found in `Hystrix wiki
// <https://github.com/Netflix/Hystrix/wiki/Metrics-and-Monitoring#hystrixrollingnumber>`_.

2
xds/third_party/envoy/src/main/proto/envoy/config/overload/v3/overload.proto vendored
View File

@ -56,7 +56,7 @@ message ThresholdTrigger {
message ScaledTrigger {
// If the resource pressure is greater than this value, the trigger will be in the
// :ref:`scaling <arch_overview_overload_manager-triggers-state>` state with value
// `(pressure - scaling_threshold) / (saturation_threshold - scaling_threshold)`.
// ``(pressure - scaling_threshold) / (saturation_threshold - scaling_threshold)``.
double scaling_threshold = 1 [(validate.rules).double = {lte: 1.0 gte: 0.0}];
// If the resource pressure is greater than this value, the trigger will enter saturation.

74
xds/third_party/envoy/src/main/proto/envoy/config/rbac/v3/rbac.proto vendored
View File

@ -5,6 +5,7 @@ package envoy.config.rbac.v3;
import "envoy/config/core/v3/address.proto";
import "envoy/config/core/v3/extension.proto";
import "envoy/config/route/v3/route_components.proto";
import "envoy/type/matcher/v3/filter_state.proto";
import "envoy/type/matcher/v3/metadata.proto";
import "envoy/type/matcher/v3/path.proto";
import "envoy/type/matcher/v3/string.proto";
@ -28,21 +29,21 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
// [#protodoc-title: Role Based Access Control (RBAC)]
// Role Based Access Control (RBAC) provides service-level and method-level access control for a
// service. Requests are allowed or denied based on the `action` and whether a matching policy is
// service. Requests are allowed or denied based on the ``action`` and whether a matching policy is
// found. For instance, if the action is ALLOW and a matching policy is found the request should be
// allowed.
//
// RBAC can also be used to make access logging decisions by communicating with access loggers
// through dynamic metadata. When the action is LOG and at least one policy matches, the
// `access_log_hint` value in the shared key namespace 'envoy.common' is set to `true` indicating
// ``access_log_hint`` value in the shared key namespace 'envoy.common' is set to ``true`` indicating
// the request should be logged.
//
// Here is an example of RBAC configuration. It has two policies:
//
// * Service account "cluster.local/ns/default/sa/admin" has full access to the service, and so
// * Service account ``cluster.local/ns/default/sa/admin`` has full access to the service, and so
// does "cluster.local/ns/default/sa/superuser".
//
// * Any user can read ("GET") the service at paths with prefix "/products", so long as the
// * Any user can read (``GET``) the service at paths with prefix ``/products``, so long as the
// destination port is either 80 or 443.
//
// .. code-block:: yaml
@ -89,7 +90,7 @@ message RBAC {
// access control.
DENY = 1;
// The policies set the `access_log_hint` dynamic metadata key based on if requests match.
// The policies set the ``access_log_hint`` dynamic metadata key based on if requests match.
// All requests are allowed.
LOG = 2;
}
@ -99,13 +100,13 @@ message RBAC {
//
// Actions:
//
// * ALLOW: Allows the request if and only if there is a policy that matches
// * ``ALLOW``: Allows the request if and only if there is a policy that matches
// the request.
// * DENY: Allows the request if and only if there are no policies that
// * ``DENY``: Allows the request if and only if there are no policies that
// match the request.
// * LOG: Allows all requests. If at least one policy matches, the dynamic
// metadata key `access_log_hint` is set to the value `true` under the shared
// key namespace 'envoy.common'. If no policies match, it is set to `false`.
// * ``LOG``: Allows all requests. If at least one policy matches, the dynamic
// metadata key ``access_log_hint`` is set to the value ``true`` under the shared
// key namespace ``envoy.common``. If no policies match, it is set to ``false``.
// Other actions do not modify this key.
//
Action action = 1 [(validate.rules).enum = {defined_only: true}];
@ -124,12 +125,12 @@ message Policy {
// Required. The set of permissions that define a role. Each permission is
// matched with OR semantics. To match all actions for this policy, a single
// Permission with the `any` field set to true should be used.
// Permission with the ``any`` field set to true should be used.
repeated Permission permissions = 1 [(validate.rules).repeated = {min_items: 1}];
// Required. The set of principals that are assigned/denied the role based on
// action. Each principal is matched with OR semantics. To match all
// downstreams for this policy, a single Principal with the `any` field set to
// downstreams for this policy, a single Principal with the ``any`` field set to
// true should be used.
repeated Principal principals = 2 [(validate.rules).repeated = {min_items: 1}];
@ -152,7 +153,7 @@ message Policy {
message Permission {
option (udpa.annotations.versioning).previous_message_type = "envoy.config.rbac.v2.Permission";
// Used in the `and_rules` and `or_rules` fields in the `rule` oneof. Depending on the context,
// Used in the ``and_rules`` and ``or_rules`` fields in the ``rule`` oneof. Depending on the context,
// each are applied with the associated behavior.
message Set {
option (udpa.annotations.versioning).previous_message_type =
@ -175,7 +176,7 @@ message Permission {
// A header (or pseudo-header such as :path or :method) on the incoming HTTP request. Only
// available for HTTP request.
// Note: the pseudo-header :path includes the query and fragment string. Use the `url_path`
// Note: the pseudo-header :path includes the query and fragment string. Use the ``url_path``
// field if you want to match the URL path without the query and fragment string.
route.v3.HeaderMatcher header = 4;
@ -195,8 +196,8 @@ message Permission {
type.matcher.v3.MetadataMatcher metadata = 7;
// Negates matching the provided permission. For instance, if the value of
// `not_rule` would match, this permission would not match. Conversely, if
// the value of `not_rule` would not match, this permission would match.
// ``not_rule`` would match, this permission would not match. Conversely, if
// the value of ``not_rule`` would not match, this permission would match.
Permission not_rule = 8;
// The request server from the client's connection request. This is
@ -208,7 +209,7 @@ message Permission {
// as explained below.
//
// * If the :ref:`TLS Inspector <config_listener_filters_tls_inspector>`
// filter is not added, and if a `FilterChainMatch` is not defined for
// filter is not added, and if a ``FilterChainMatch`` is not defined for
// the :ref:`server name
// <envoy_v3_api_field_config.listener.v3.FilterChainMatch.server_names>`,
// a TLS connection's requested SNI server name will be treated as if it
@ -229,11 +230,11 @@ message Permission {
// Principal defines an identity or a group of identities for a downstream
// subject.
// [#next-free-field: 12]
// [#next-free-field: 13]
message Principal {
option (udpa.annotations.versioning).previous_message_type = "envoy.config.rbac.v2.Principal";
// Used in the `and_ids` and `or_ids` fields in the `identifier` oneof.
// Used in the ``and_ids`` and ``or_ids`` fields in the ``identifier`` oneof.
// Depending on the context, each are applied with the associated behavior.
message Set {
option (udpa.annotations.versioning).previous_message_type =
@ -294,7 +295,7 @@ message Principal {
// A header (or pseudo-header such as :path or :method) on the incoming HTTP
// request. Only available for HTTP request. Note: the pseudo-header :path
// includes the query and fragment string. Use the `url_path` field if you
// includes the query and fragment string. Use the ``url_path`` field if you
// want to match the URL path without the query and fragment string.
route.v3.HeaderMatcher header = 6;
@ -304,9 +305,38 @@ message Principal {
// Metadata that describes additional information about the principal.
type.matcher.v3.MetadataMatcher metadata = 7;
// Identifies the principal using a filter state object.
type.matcher.v3.FilterStateMatcher filter_state = 12;
// Negates matching the provided principal. For instance, if the value of
// `not_id` would match, this principal would not match. Conversely, if the
// value of `not_id` would not match, this principal would match.
// ``not_id`` would match, this principal would not match. Conversely, if the
// value of ``not_id`` would not match, this principal would match.
Principal not_id = 8;
}
}
// Action defines the result of allowance or denial when a request matches the matcher.
message Action {
// The name indicates the policy name.
string name = 1 [(validate.rules).string = {min_len: 1}];
// The action to take if the matcher matches. Every action either allows or denies a request,
// and can also carry out action-specific operations.
//
// Actions:
//
// * ``ALLOW``: If the request gets matched on ALLOW, it is permitted.
// * ``DENY``: If the request gets matched on DENY, it is not permitted.
// * ``LOG``: If the request gets matched on LOG, it is permitted. Besides, the
// dynamic metadata key ``access_log_hint`` under the shared key namespace
// ``envoy.common`` will be set to the value ``true``.
// * If the request cannot get matched, it will fallback to ``DENY``.
//
// Log behavior:
//
// If the RBAC matcher contains at least one LOG action, the dynamic
// metadata key ``access_log_hint`` will be set based on if the request
// get matched on the LOG action.
//
RBAC.Action action = 2;
}

32
xds/third_party/envoy/src/main/proto/envoy/config/route/v3/route.proto vendored
View File

@ -6,6 +6,7 @@ import "envoy/config/core/v3/base.proto";
import "envoy/config/core/v3/config_source.proto";
import "envoy/config/route/v3/route_components.proto";
import "google/protobuf/any.proto";
import "google/protobuf/wrappers.proto";
import "udpa/annotations/status.proto";
@ -22,7 +23,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
// * Routing :ref:`architecture overview <arch_overview_http_routing>`
// * HTTP :ref:`router filter <config_http_filters_router>`
// [#next-free-field: 15]
// [#next-free-field: 17]
message RouteConfiguration {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.RouteConfiguration";
@ -36,10 +37,10 @@ message RouteConfiguration {
repeated VirtualHost virtual_hosts = 2;
// An array of virtual hosts will be dynamically loaded via the VHDS API.
// Both *virtual_hosts* and *vhds* fields will be used when present. *virtual_hosts* can be used
// for a base routing table or for infrequently changing virtual hosts. *vhds* is used for
// Both ``virtual_hosts`` and ``vhds`` fields will be used when present. ``virtual_hosts`` can be used
// for a base routing table or for infrequently changing virtual hosts. ``vhds`` is used for
// on-demand discovery of virtual hosts. The contents of these two fields will be merged to
// generate a routing table for a given RouteConfiguration, with *vhds* derived configuration
// generate a routing table for a given RouteConfiguration, with ``vhds`` derived configuration
// taking precedence.
Vhds vhds = 9;
@ -90,7 +91,6 @@ message RouteConfiguration {
// To allow setting overrides at the route or virtual host level, this order can be reversed
// by setting this option to true. Defaults to false.
//
// [#next-major-version: In the v3 API, this will default to true.]
bool most_specific_header_mutations_wins = 10;
// An optional boolean that specifies whether the clusters that the route
@ -123,7 +123,7 @@ message RouteConfiguration {
// A list of plugins and their configurations which may be used by a
// :ref:`cluster specifier plugin name <envoy_v3_api_field_config.route.v3.RouteAction.cluster_specifier_plugin>`
// within the route. All *extension.name* fields in this list must be unique.
// within the route. All ``extension.name`` fields in this list must be unique.
repeated ClusterSpecifierPlugin cluster_specifier_plugins = 12;
// Specify a set of default request mirroring policies which apply to all routes under its virtual hosts.
@ -135,6 +135,26 @@ message RouteConfiguration {
// NOTE: this option will not strip the port number (if any) contained in route config
// :ref:`envoy_v3_api_msg_config.route.v3.VirtualHost`.domains field.
bool ignore_port_in_host_matching = 14;
// Ignore path-parameters in path-matching.
// Before RFC3986, URI were like(RFC1808): <scheme>://<net_loc>/<path>;<params>?<query>#<fragment>
// Envoy by default takes ":path" as "<path>;<params>".
// For users who want to only match path on the "<path>" portion, this option should be true.
bool ignore_path_parameters_in_path_matching = 15;
// The typed_per_filter_config field can be used to provide RouteConfiguration level per filter config.
// The key should match the :ref:`filter config name
// <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpFilter.name>`.
// The canonical filter name (e.g., ``envoy.filters.http.buffer`` for the HTTP buffer filter) can also
// be used for the backwards compatibility. If there is no entry referred by the filter config name, the
// entry referred by the canonical filter name will be provided to the filters as fallback.
//
// Use of this field is filter specific;
// see the :ref:`HTTP filter documentation <config_http_filters>` for if and how it is utilized.
// [#comment: An entry's value may be wrapped in a
// :ref:`FilterConfig<envoy_v3_api_msg_config.route.v3.FilterConfig>`
// message to specify additional options.]
map<string, google.protobuf.Any> typed_per_filter_config = 16;
}
message Vhds {

378
xds/third_party/envoy/src/main/proto/envoy/config/route/v3/route_components.proto vendored
View File

@ -41,7 +41,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
// host header. This allows a single listener to service multiple top level domain path trees. Once
// a virtual host is selected based on the domain, the routes are processed in order to see which
// upstream cluster to route to or whether to perform a redirect.
// [#next-free-field: 23]
// [#next-free-field: 24]
message VirtualHost {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.VirtualHost";
@ -91,11 +91,11 @@ message VirtualHost {
// The list of routes that will be matched, in order, for incoming requests.
// The first route that matches will be used.
// Only one of this and `matcher` can be specified.
// Only one of this and ``matcher`` can be specified.
repeated Route routes = 3;
// [#next-major-version: This should be included in a oneof with routes wrapped in a message.]
// The match tree to use when resolving route actions for incoming requests. Only one of this and `routes`
// The match tree to use when resolving route actions for incoming requests. Only one of this and ``routes``
// can be specified.
xds.type.matcher.v3.Matcher matcher = 21
[(xds.annotations.v3.field_status).work_in_progress = true];
@ -142,14 +142,26 @@ message VirtualHost {
items {string {min_len: 1 well_known_regex: HTTP_HEADER_NAME strict: false}}
}];
// Indicates that the virtual host has a CORS policy.
CorsPolicy cors = 8;
// Indicates that the virtual host has a CORS policy. This field is ignored if related cors policy is
// found in the
// :ref:`VirtualHost.typed_per_filter_config<envoy_v3_api_field_config.route.v3.VirtualHost.typed_per_filter_config>`.
//
// .. attention::
//
// This option has been deprecated. Please use
// :ref:`VirtualHost.typed_per_filter_config<envoy_v3_api_field_config.route.v3.VirtualHost.typed_per_filter_config>`
// to configure the CORS HTTP filter.
CorsPolicy cors = 8 [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
// The per_filter_config field can be used to provide virtual host-specific
// configurations for filters. The key should match the filter name, such as
// *envoy.filters.http.buffer* for the HTTP buffer filter. Use of this field is filter
// specific; see the :ref:`HTTP filter documentation <config_http_filters>`
// for if and how it is utilized.
// The per_filter_config field can be used to provide virtual host-specific configurations for filters.
// The key should match the :ref:`filter config name
// <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpFilter.name>`.
// The canonical filter name (e.g., ``envoy.filters.http.buffer`` for the HTTP buffer filter) can also
// be used for the backwards compatibility. If there is no entry referred by the filter config name, the
// entry referred by the canonical filter name will be provided to the filters as fallback.
//
// Use of this field is filter specific;
// see the :ref:`HTTP filter documentation <config_http_filters>` for if and how it is utilized.
// [#comment: An entry's value may be wrapped in a
// :ref:`FilterConfig<envoy_v3_api_msg_config.route.v3.FilterConfig>`
// message to specify additional options.]
@ -194,6 +206,10 @@ message VirtualHost {
// independently (e.g.: values are not inherited).
HedgePolicy hedge_policy = 17;
// Decides whether to include the :ref:`x-envoy-is-timeout-retry <config_http_filters_router_x-envoy-is-timeout-retry>`
// request header in retries initiated by per try timeouts.
bool include_is_timeout_retry_header = 23;
// The maximum bytes which will be buffered for retries and shadowing.
// If set and a route-specific limit is not set, the bytes actually buffered will be the minimum
// value of this and the listener per_connection_buffer_limit_bytes.
@ -212,6 +228,13 @@ message FilterAction {
google.protobuf.Any action = 1;
}
// This can be used in route matcher :ref:`VirtualHost.matcher <envoy_v3_api_field_config.route.v3.VirtualHost.matcher>`.
// When the matcher matches, routes will be matched and run.
message RouteList {
// The list of routes that will be matched and run, in order. The first route that matches will be used.
repeated Route routes = 1;
}
// A route is both a specification of how to match a request as well as an indication of what to do
// next (e.g., redirect, forward, rewrite, etc.).
//
@ -219,7 +242,7 @@ message FilterAction {
//
// Envoy supports routing on HTTP method via :ref:`header matching
// <envoy_v3_api_msg_config.route.v3.HeaderMatcher>`.
// [#next-free-field: 19]
// [#next-free-field: 20]
message Route {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.Route";
@ -263,17 +286,21 @@ message Route {
// about the route. It can be used for configuration, stats, and logging.
// The metadata should go under the filter namespace that will need it.
// For instance, if the metadata is intended for the Router filter,
// the filter name should be specified as *envoy.filters.http.router*.
// the filter name should be specified as ``envoy.filters.http.router``.
core.v3.Metadata metadata = 4;
// Decorator for the matched route.
Decorator decorator = 5;
// The typed_per_filter_config field can be used to provide route-specific
// configurations for filters. The key should match the filter name, such as
// *envoy.filters.http.buffer* for the HTTP buffer filter. Use of this field is filter
// specific; see the :ref:`HTTP filter documentation <config_http_filters>` for
// if and how it is utilized.
// The per_filter_config field can be used to provide route-specific configurations for filters.
// The key should match the :ref:`filter config name
// <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpFilter.name>`.
// The canonical filter name (e.g., ``envoy.filters.http.buffer`` for the HTTP buffer filter) can also
// be used for the backwards compatibility. If there is no entry referred by the filter config name, the
// entry referred by the canonical filter name will be provided to the filters as fallback.
//
// Use of this field is filter specific;
// see the :ref:`HTTP filter documentation <config_http_filters>` for if and how it is utilized.
// [#comment: An entry's value may be wrapped in a
// :ref:`FilterConfig<envoy_v3_api_msg_config.route.v3.FilterConfig>`
// message to specify additional options.]
@ -317,6 +344,21 @@ message Route {
// If set, the bytes actually buffered will be the minimum value of this and the
// listener per_connection_buffer_limit_bytes.
google.protobuf.UInt32Value per_request_buffer_limit_bytes = 16;
// The human readable prefix to use when emitting statistics for this endpoint.
// The statistics are rooted at vhost.<virtual host name>.route.<stat_prefix>.
// This should be set for highly critical
// endpoints that one wishes to get per-route statistics on.
// If not set, endpoint statistics are not generated.
//
// The emitted statistics are the same as those documented for :ref:`virtual clusters <config_http_filters_router_vcluster_stats>`.
//
// .. warning::
//
// We do not recommend setting up a stat prefix for
// every application endpoint. This is both not easily maintainable and
// statistics use a non-trivial amount of memory(approximately 1KiB per route).
string stat_prefix = 19;
}
// Compared to the :ref:`cluster <envoy_v3_api_field_config.route.v3.RouteAction.cluster>` field that specifies a
@ -337,13 +379,13 @@ message WeightedCluster {
reserved "per_filter_config";
// Only one of *name* and *cluster_header* may be specified.
// Only one of ``name`` and ``cluster_header`` may be specified.
// [#next-major-version: Need to add back the validation rule: (validate.rules).string = {min_len: 1}]
// Name of the upstream cluster. The cluster must exist in the
// :ref:`cluster manager configuration <config_cluster_manager>`.
string name = 1 [(udpa.annotations.field_migrate).oneof_promotion = "cluster_specifier"];
// Only one of *name* and *cluster_header* may be specified.
// Only one of ``name`` and ``cluster_header`` may be specified.
// [#next-major-version: Need to add back the validation rule: (validate.rules).string = {min_len: 1 }]
// Envoy will determine the cluster to route to by reading the value of the
// HTTP header named by cluster_header from the request headers. If the
@ -352,8 +394,8 @@ message WeightedCluster {
//
// .. attention::
//
// Internally, Envoy always uses the HTTP/2 *:authority* header to represent the HTTP/1
// *Host* header. Thus, if attempting to match on *Host*, match on *:authority* instead.
// Internally, Envoy always uses the HTTP/2 ``:authority`` header to represent the HTTP/1
// ``Host`` header. Thus, if attempting to match on ``Host``, match on ``:authority`` instead.
//
// .. note::
//
@ -363,17 +405,18 @@ message WeightedCluster {
(udpa.annotations.field_migrate).oneof_promotion = "cluster_specifier"
];
// An integer between 0 and :ref:`total_weight
// <envoy_v3_api_field_config.route.v3.WeightedCluster.total_weight>`. When a request matches the route,
// the choice of an upstream cluster is determined by its weight. The sum of weights across all
// entries in the clusters array must add up to the total_weight, which defaults to 100.
// The weight of the cluster. This value is relative to the other clusters'
// weights. When a request matches the route, the choice of an upstream cluster
// is determined by its weight. The sum of weights across all
// entries in the clusters array must be greater than 0, and must not exceed
// uint32_t maximal value (4294967295).
google.protobuf.UInt32Value weight = 2;
// Optional endpoint metadata match criteria used by the subset load balancer. Only endpoints in
// the upstream cluster with metadata matching what is set in this field will be considered for
// load balancing. Note that this will be merged with what's provided in
// :ref:`RouteAction.metadata_match <envoy_v3_api_field_config.route.v3.RouteAction.metadata_match>`, with
// values here taking precedence. The filter name should be specified as *envoy.lb*.
// values here taking precedence. The filter name should be specified as ``envoy.lb``.
core.v3.Metadata metadata_match = 3;
// Specifies a list of headers to be added to requests when this cluster is selected
@ -408,11 +451,16 @@ message WeightedCluster {
items {string {well_known_regex: HTTP_HEADER_NAME strict: false}}
}];
// The per_filter_config field can be used to provide weighted cluster-specific
// configurations for filters. The key should match the filter name, such as
// *envoy.filters.http.buffer* for the HTTP buffer filter. Use of this field is filter
// specific; see the :ref:`HTTP filter documentation <config_http_filters>`
// for if and how it is utilized.
// The per_filter_config field can be used to provide weighted cluster-specific configurations
// for filters.
// The key should match the :ref:`filter config name
// <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpFilter.name>`.
// The canonical filter name (e.g., ``envoy.filters.http.buffer`` for the HTTP buffer filter) can also
// be used for the backwards compatibility. If there is no entry referred by the filter config name, the
// entry referred by the canonical filter name will be provided to the filters as fallback.
//
// Use of this field is filter specific;
// see the :ref:`HTTP filter documentation <config_http_filters>` for if and how it is utilized.
// [#comment: An entry's value may be wrapped in a
// :ref:`FilterConfig<envoy_v3_api_msg_config.route.v3.FilterConfig>`
// message to specify additional options.]
@ -430,14 +478,17 @@ message WeightedCluster {
repeated ClusterWeight clusters = 1 [(validate.rules).repeated = {min_items: 1}];
// Specifies the total weight across all clusters. The sum of all cluster weights must equal this
// value, which must be greater than 0. Defaults to 100.
google.protobuf.UInt32Value total_weight = 3 [(validate.rules).uint32 = {gte: 1}];
// value, if this is greater than 0.
// This field is now deprecated, and the client will use the sum of all
// cluster weights. It is up to the management server to supply the correct weights.
google.protobuf.UInt32Value total_weight = 3
[deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
// Specifies the runtime key prefix that should be used to construct the
// runtime keys associated with each cluster. When the *runtime_key_prefix* is
// runtime keys associated with each cluster. When the ``runtime_key_prefix`` is
// specified, the router will look for weights associated with each upstream
// cluster under the key *runtime_key_prefix* + "." + *cluster[i].name* where
// *cluster[i]* denotes an entry in the clusters array field. If the runtime
// cluster under the key ``runtime_key_prefix`` + ``.`` + ``cluster[i].name`` where
// ``cluster[i]`` denotes an entry in the clusters array field. If the runtime
// key for the cluster does not exist, the value specified in the
// configuration file will be used as the default weight. See the :ref:`runtime documentation
// <operations_runtime>` for how key names map to the underlying implementation.
@ -449,7 +500,8 @@ message WeightedCluster {
// If header is not present or invalid, Envoy will fall back to use the internally generated random value.
// This header is expected to be single-valued header as we only want to have one selected value throughout
// the process for the consistency. And the value is a unsigned number between 0 and UINT64_MAX.
string header_name = 4;
string header_name = 4
[(validate.rules).string = {well_known_regex: HTTP_HEADER_NAME strict: false}];
}
}
@ -466,7 +518,7 @@ message ClusterSpecifierPlugin {
bool is_optional = 2;
}
// [#next-free-field: 15]
// [#next-free-field: 16]
message RouteMatch {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.RouteMatch";
@ -500,17 +552,17 @@ message RouteMatch {
option (validate.required) = true;
// If specified, the route is a prefix rule meaning that the prefix must
// match the beginning of the *:path* header.
// match the beginning of the ``:path`` header.
string prefix = 1;
// If specified, the route is an exact path rule meaning that the path must
// exactly match the *:path* header once the query string is removed.
// exactly match the ``:path`` header once the query string is removed.
string path = 2;
// If specified, the route is a regular expression rule meaning that the
// regex must match the *:path* header once the query string is removed. The entire path
// regex must match the ``:path`` header once the query string is removed. The entire path
// (without the query string) must match the regex. The rule will not match if only a
// subsequence of the *:path* header matches the regex.
// subsequence of the ``:path`` header matches the regex.
//
// [#next-major-version: In the v3 API we should redo how path specification works such
// that we utilize StringMatcher, and additionally have consistent options around whether we
@ -542,6 +594,9 @@ message RouteMatch {
//
// Expect the value to not contain ``?`` or ``#`` and not to end in ``/``
string path_separated_prefix = 14 [(validate.rules).string = {pattern: "^[^?#]+[^?#/]$"}];
// [#extension-category: envoy.path.match]
core.v3.TypedExtensionConfig path_match_policy = 15;
}
// Indicates that prefix/path matching should be case sensitive. The default
@ -574,9 +629,9 @@ message RouteMatch {
repeated HeaderMatcher headers = 6;
// Specifies a set of URL query parameters on which the route should
// match. The router will check the query string from the *path* header
// match. The router will check the query string from the ``path`` header
// against all the specified query parameters. If the number of specified
// query parameters is nonzero, they all must match the *path* header's
// query parameters is nonzero, they all must match the ``path`` header's
// query string for a match to occur.
//
// .. note::
@ -606,7 +661,15 @@ message RouteMatch {
repeated type.matcher.v3.MetadataMatcher dynamic_metadata = 13;
}
// [#next-free-field: 12]
// Cors policy configuration.
//
// .. attention::
//
// This message has been deprecated. Please use
// :ref:`CorsPolicy in filter extension <envoy_v3_api_msg_extensions.filters.http.cors.v3.CorsPolicy>`
// as as alternative.
//
// [#next-free-field: 13]
message CorsPolicy {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.CorsPolicy";
@ -618,16 +681,16 @@ message CorsPolicy {
// string matchers match.
repeated type.matcher.v3.StringMatcher allow_origin_string_match = 11;
// Specifies the content for the *access-control-allow-methods* header.
// Specifies the content for the ``access-control-allow-methods`` header.
string allow_methods = 2;
// Specifies the content for the *access-control-allow-headers* header.
// Specifies the content for the ``access-control-allow-headers`` header.
string allow_headers = 3;
// Specifies the content for the *access-control-expose-headers* header.
// Specifies the content for the ``access-control-expose-headers`` header.
string expose_headers = 4;
// Specifies the content for the *access-control-max-age* header.
// Specifies the content for the ``access-control-max-age`` header.
string max_age = 5;
// Specifies whether the resource allows credentials.
@ -652,11 +715,17 @@ message CorsPolicy {
//
// If :ref:`runtime_key <envoy_v3_api_field_config.core.v3.RuntimeFractionalPercent.runtime_key>` is specified,
// Envoy will lookup the runtime key to get the percentage of requests for which it will evaluate
// and track the request's *Origin* to determine if it's valid but will not enforce any policies.
// and track the request's ``Origin`` to determine if it's valid but will not enforce any policies.
core.v3.RuntimeFractionalPercent shadow_enabled = 10;
// Specify whether allow requests whose target server's IP address is more private than that from
// which the request initiator was fetched.
//
// More details refer to https://developer.chrome.com/blog/private-network-access-preflight.
google.protobuf.BoolValue allow_private_network_access = 12;
}
// [#next-free-field: 40]
// [#next-free-field: 42]
message RouteAction {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.RouteAction";
@ -666,6 +735,9 @@ message RouteAction {
// HTTP status code - 404 Not Found.
NOT_FOUND = 1;
// HTTP status code - 500 Internal Server Error.
INTERNAL_SERVER_ERROR = 2;
}
// Configures :ref:`internal redirect <arch_overview_internal_redirects>` behavior.
@ -682,12 +754,16 @@ message RouteAction {
// respond before returning the response from the primary cluster. All normal statistics are
// collected for the shadow cluster making this feature useful for testing.
//
// During shadowing, the host/authority header is altered such that *-shadow* is appended. This is
// useful for logging. For example, *cluster1* becomes *cluster1-shadow*.
// During shadowing, the host/authority header is altered such that ``-shadow`` is appended. This is
// useful for logging. For example, ``cluster1`` becomes ``cluster1-shadow``.
//
// .. note::
//
// Shadowing will not be triggered if the primary cluster does not exist.
//
// .. note::
//
// Shadowing doesn't support Http CONNECT and upgrades.
// [#next-free-field: 6]
message RequestMirrorPolicy {
option (udpa.annotations.versioning).previous_message_type =
@ -697,13 +773,13 @@ message RouteAction {
reserved "runtime_key";
// Only one of *cluster* and *cluster_header* can be specified.
// Only one of ``cluster`` and ``cluster_header`` can be specified.
// [#next-major-version: Need to add back the validation rule: (validate.rules).string = {min_len: 1}]
// Specifies the cluster that requests will be mirrored to. The cluster must
// exist in the cluster manager configuration.
string cluster = 1 [(udpa.annotations.field_migrate).oneof_promotion = "cluster_specifier"];
// Only one of *cluster* and *cluster_header* can be specified.
// Only one of ``cluster`` and ``cluster_header`` can be specified.
// Envoy will determine the cluster to route to by reading the value of the
// HTTP header named by cluster_header from the request headers. Only the first value in header is used,
// and no shadow request will happen if the value is not found in headers. Envoy will not wait for
@ -711,8 +787,8 @@ message RouteAction {
//
// .. attention::
//
// Internally, Envoy always uses the HTTP/2 *:authority* header to represent the HTTP/1
// *Host* header. Thus, if attempting to match on *Host*, match on *:authority* instead.
// Internally, Envoy always uses the HTTP/2 ``:authority`` header to represent the HTTP/1
// ``Host`` header. Thus, if attempting to match on ``Host``, match on ``:authority`` instead.
//
// .. note::
//
@ -724,7 +800,7 @@ message RouteAction {
// If not specified, all requests to the target cluster will be mirrored.
//
// If specified, this field takes precedence over the `runtime_key` field and requests must also
// If specified, this field takes precedence over the ``runtime_key`` field and requests must also
// fall under the percentage of matches indicated by this field.
//
// For some fraction N/D, a random number in the range [0,D) is selected. If the
@ -908,11 +984,11 @@ message RouteAction {
// If present, and the request contains a `grpc-timeout header
// <https://github.com/grpc/grpc/blob/master/doc/PROTOCOL-HTTP2.md>`_, use that value as the
// *max_stream_duration*, but limit the applied timeout to the maximum value specified here.
// If set to 0, the `grpc-timeout` header is used without modification.
// ``max_stream_duration``, but limit the applied timeout to the maximum value specified here.
// If set to 0, the ``grpc-timeout`` header is used without modification.
google.protobuf.Duration grpc_timeout_header_max = 2;
// If present, Envoy will adjust the timeout provided by the `grpc-timeout` header by
// If present, Envoy will adjust the timeout provided by the ``grpc-timeout`` header by
// subtracting the provided duration from the header. This is useful for allowing Envoy to set
// its global timeout to be less than that of the deadline imposed by the calling client, which
// makes it more likely that Envoy will handle the timeout instead of having the call canceled
@ -939,8 +1015,8 @@ message RouteAction {
//
// .. attention::
//
// Internally, Envoy always uses the HTTP/2 *:authority* header to represent the HTTP/1
// *Host* header. Thus, if attempting to match on *Host*, match on *:authority* instead.
// Internally, Envoy always uses the HTTP/2 ``:authority`` header to represent the HTTP/1
// ``Host`` header. Thus, if attempting to match on ``Host``, match on ``:authority`` instead.
//
// .. note::
//
@ -975,7 +1051,7 @@ message RouteAction {
// in the upstream cluster with metadata matching what's set in this field will be considered
// for load balancing. If using :ref:`weighted_clusters
// <envoy_v3_api_field_config.route.v3.RouteAction.weighted_clusters>`, metadata will be merged, with values
// provided there taking precedence. The filter name should be specified as *envoy.lb*.
// provided there taking precedence. The filter name should be specified as ``envoy.lb``.
core.v3.Metadata metadata_match = 4;
// Indicates that during forwarding, the matched prefix (or path) should be
@ -984,16 +1060,16 @@ message RouteAction {
// place the original path before rewrite into the :ref:`x-envoy-original-path
// <config_http_filters_router_x-envoy-original-path>` header.
//
// Only one of *prefix_rewrite* or
// :ref:`regex_rewrite <envoy_v3_api_field_config.route.v3.RouteAction.regex_rewrite>`
// may be specified.
// Only one of :ref:`regex_rewrite <envoy_v3_api_field_config.route.v3.RouteAction.regex_rewrite>`
// :ref:`path_rewrite_policy <envoy_v3_api_field_config.route.v3.RouteAction.path_rewrite_policy>`,
// or :ref:`prefix_rewrite <envoy_v3_api_field_config.route.v3.RouteAction.prefix_rewrite>` may be specified.
//
// .. attention::
//
// Pay careful attention to the use of trailing slashes in the
// :ref:`route's match <envoy_v3_api_field_config.route.v3.Route.match>` prefix value.
// Stripping a prefix from a path requires multiple Routes to handle all cases. For example,
// rewriting */prefix* to */* and */prefix/etc* to */etc* cannot be done in a single
// rewriting ``/prefix`` to ``/`` and ``/prefix/etc`` to ``/etc`` cannot be done in a single
// :ref:`Route <envoy_v3_api_msg_config.route.v3.Route>`, as shown by the below config entries:
//
// .. code-block:: yaml
@ -1007,8 +1083,8 @@ message RouteAction {
// route:
// prefix_rewrite: "/"
//
// Having above entries in the config, requests to */prefix* will be stripped to */*, while
// requests to */prefix/etc* will be stripped to */etc*.
// Having above entries in the config, requests to ``/prefix`` will be stripped to ``/``, while
// requests to ``/prefix/etc`` will be stripped to ``/etc``.
string prefix_rewrite = 5
[(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}];
@ -1021,8 +1097,10 @@ message RouteAction {
// before the rewrite into the :ref:`x-envoy-original-path
// <config_http_filters_router_x-envoy-original-path>` header.
//
// Only one of :ref:`prefix_rewrite <envoy_v3_api_field_config.route.v3.RouteAction.prefix_rewrite>`
// or *regex_rewrite* may be specified.
// Only one of :ref:`regex_rewrite <envoy_v3_api_field_config.route.v3.RouteAction.regex_rewrite>`,
// :ref:`prefix_rewrite <envoy_v3_api_field_config.route.v3.RouteAction.prefix_rewrite>`, or
// :ref:`path_rewrite_policy <envoy_v3_api_field_config.route.v3.RouteAction.path_rewrite_policy>`]
// may be specified.
//
// Examples using Google's `RE2 <https://github.com/google/re2>`_ engine:
//
@ -1042,6 +1120,9 @@ message RouteAction {
// ``/aaa/yyy/bbb``.
type.matcher.v3.RegexMatchAndSubstitute regex_rewrite = 32;
// [#extension-category: envoy.path.rewrite]
core.v3.TypedExtensionConfig path_rewrite_policy = 41;
oneof host_rewrite_specifier {
// Indicates that during forwarding, the host header will be swapped with
// this value. Using this option will append the
@ -1054,7 +1135,7 @@ message RouteAction {
// Indicates that during forwarding, the host header will be swapped with
// the hostname of the upstream host chosen by the cluster manager. This
// option is applicable only when the destination cluster for a route is of
// type *strict_dns* or *logical_dns*. Setting this to true with other cluster types
// type ``strict_dns`` or ``logical_dns``. Setting this to true with other cluster types
// has no effect. Using this option will append the
// :ref:`config_http_conn_man_headers_x-forwarded-host` header if
// :ref:`append_x_forwarded_host <envoy_v3_api_field_config.route.v3.RouteAction.append_x_forwarded_host>`
@ -1097,7 +1178,7 @@ message RouteAction {
// regex: "^/(.+)/.+$"
// substitution: \1
//
// Would rewrite the host header to `envoyproxy.io` given the path `/envoyproxy.io/some/path`.
// Would rewrite the host header to ``envoyproxy.io`` given the path ``/envoyproxy.io/some/path``.
type.matcher.v3.RegexMatchAndSubstitute host_rewrite_path_regex = 35;
}
@ -1147,6 +1228,11 @@ message RouteAction {
// :ref:`HTTP_DOWNSTREAM_STREAM_IDLE <envoy_v3_api_enum_value_config.overload.v3.ScaleTimersOverloadActionConfig.TimerType.HTTP_DOWNSTREAM_STREAM_IDLE>`.
google.protobuf.Duration idle_timeout = 24;
// Specifies how to send request over TLS early data.
// If absent, allows `safe HTTP requests <https://www.rfc-editor.org/rfc/rfc7231#section-4.2.1>`_ to be sent on early data.
// [#extension-category: envoy.route.early_data_policy]
core.v3.TypedExtensionConfig early_data_policy = 40;
// Indicates that the route has a retry policy. Note that if this is set,
// it'll take precedence over the virtual host level retry policy entirely
// (e.g.: policies are not merged, most internal one becomes the enforced policy).
@ -1194,8 +1280,17 @@ message RouteAction {
// ignoring the rest of the hash policy list.
repeated HashPolicy hash_policy = 15;
// Indicates that the route has a CORS policy.
CorsPolicy cors = 17;
// Indicates that the route has a CORS policy. This field is ignored if related cors policy is
// found in the :ref:`Route.typed_per_filter_config<envoy_v3_api_field_config.route.v3.Route.typed_per_filter_config>` or
// :ref:`WeightedCluster.ClusterWeight.typed_per_filter_config<envoy_v3_api_field_config.route.v3.WeightedCluster.ClusterWeight.typed_per_filter_config>`.
//
// .. attention::
//
// This option has been deprecated. Please use
// :ref:`Route.typed_per_filter_config<envoy_v3_api_field_config.route.v3.Route.typed_per_filter_config>` or
// :ref:`WeightedCluster.ClusterWeight.typed_per_filter_config<envoy_v3_api_field_config.route.v3.WeightedCluster.ClusterWeight.typed_per_filter_config>`
// to configure the CORS HTTP filter.
CorsPolicy cors = 17 [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
// Deprecated by :ref:`grpc_timeout_header_max <envoy_v3_api_field_config.route.v3.RouteAction.MaxStreamDuration.grpc_timeout_header_max>`
// If present, and the request is a gRPC request, use the
@ -1203,7 +1298,7 @@ message RouteAction {
// or its default value (infinity) instead of
// :ref:`timeout <envoy_v3_api_field_config.route.v3.RouteAction.timeout>`, but limit the applied timeout
// to the maximum value specified here. If configured as 0, the maximum allowed timeout for
// gRPC requests is infinity. If not configured at all, the `grpc-timeout` header is not used
// gRPC requests is infinity. If not configured at all, the ``grpc-timeout`` header is not used
// and gRPC requests time out like any other requests using
// :ref:`timeout <envoy_v3_api_field_config.route.v3.RouteAction.timeout>` or its default.
// This can be used to prevent unexpected upstream request timeouts due to potentially long
@ -1221,7 +1316,7 @@ message RouteAction {
[deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
// Deprecated by :ref:`grpc_timeout_header_offset <envoy_v3_api_field_config.route.v3.RouteAction.MaxStreamDuration.grpc_timeout_header_offset>`.
// If present, Envoy will adjust the timeout provided by the `grpc-timeout` header by subtracting
// If present, Envoy will adjust the timeout provided by the ``grpc-timeout`` header by subtracting
// the provided duration from the header. This is useful in allowing Envoy to set its global
// timeout to be less than that of the deadline imposed by the calling client, which makes it more
// likely that Envoy will handle the timeout instead of having the call canceled by the client.
@ -1324,8 +1419,8 @@ message RetryPolicy {
}];
// Specifies the maximum interval between retries. This parameter is optional, but must be
// greater than or equal to the `base_interval` if set. The default is 10 times the
// `base_interval`. See :ref:`config_http_filters_router_x-envoy-max-retries` for a discussion
// greater than or equal to the ``base_interval`` if set. The default is 10 times the
// ``base_interval``. See :ref:`config_http_filters_router_x-envoy-max-retries` for a discussion
// of Envoy's back-off algorithm.
google.protobuf.Duration max_interval = 2 [(validate.rules).duration = {gt {}}];
}
@ -1470,7 +1565,7 @@ message RetryPolicy {
// Specifies parameters that control exponential retry back off. This parameter is optional, in which case the
// default base interval is 25 milliseconds or, if set, the current value of the
// `upstream.base_retry_backoff_ms` runtime parameter. The default maximum interval is 10 times
// ``upstream.base_retry_backoff_ms`` runtime parameter. The default maximum interval is 10 times
// the base interval. The documentation for :ref:`config_http_filters_router_x-envoy-max-retries`
// describes Envoy's back-off algorithm.
RetryBackOff retry_back_off = 8;
@ -1480,7 +1575,7 @@ message RetryPolicy {
// return a response header like ``Retry-After`` or ``X-RateLimit-Reset`` to
// provide feedback to the client on how long to wait before retrying. If
// configured, this back-off strategy will be used instead of the
// default exponential back off strategy (configured using `retry_back_off`)
// default exponential back off strategy (configured using ``retry_back_off``)
// whenever a response includes the matching headers.
RateLimitedRetryBackOff rate_limited_retry_back_off = 11;
@ -1547,10 +1642,10 @@ message RedirectAction {
}
// When the scheme redirection take place, the following rules apply:
// 1. If the source URI scheme is `http` and the port is explicitly
// set to `:80`, the port will be removed after the redirection
// 2. If the source URI scheme is `https` and the port is explicitly
// set to `:443`, the port will be removed after the redirection
// 1. If the source URI scheme is ``http`` and the port is explicitly
// set to ``:80``, the port will be removed after the redirection
// 2. If the source URI scheme is ``https`` and the port is explicitly
// set to ``:443``, the port will be removed after the redirection
oneof scheme_rewrite_specifier {
// The scheme portion of the URL will be swapped with "https".
bool https_redirect = 4;
@ -1644,7 +1739,7 @@ message DirectResponseAction {
//
// .. note::
//
// Headers can be specified using *response_headers_to_add* in the enclosing
// Headers can be specified using ``response_headers_to_add`` in the enclosing
// :ref:`envoy_v3_api_msg_config.route.v3.Route`, :ref:`envoy_v3_api_msg_config.route.v3.RouteConfiguration` or
// :ref:`envoy_v3_api_msg_config.route.v3.VirtualHost`.
core.v3.DataSource body = 2;
@ -1733,7 +1828,7 @@ message VirtualCluster {
reserved "pattern", "method";
// Specifies a list of header matchers to use for matching requests. Each specified header must
// match. The pseudo-headers `:path` and `:method` can be used to match the request path and
// match. The pseudo-headers ``:path`` and ``:method`` can be used to match the request path and
// method, respectively.
repeated HeaderMatcher headers = 4;
@ -1748,7 +1843,7 @@ message VirtualCluster {
message RateLimit {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.RateLimit";
// [#next-free-field: 11]
// [#next-free-field: 12]
message Action {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.route.RateLimit.Action";
@ -1787,7 +1882,7 @@ message RateLimit {
}
// The following descriptor entry is appended when a header contains a key that matches the
// *header_name*:
// ``header_name``:
//
// .. code-block:: cpp
//
@ -1831,14 +1926,14 @@ message RateLimit {
message MaskedRemoteAddress {
// Length of prefix mask len for IPv4 (e.g. 0, 32).
// Defaults to 32 when unset.
// For example, trusted address from x-forwarded-for is `192.168.1.1`,
// For example, trusted address from x-forwarded-for is ``192.168.1.1``,
// the descriptor entry is ("masked_remote_address", "192.168.1.1/32");
// if mask len is 24, the descriptor entry is ("masked_remote_address", "192.168.1.0/24").
google.protobuf.UInt32Value v4_prefix_mask_len = 1 [(validate.rules).uint32 = {lte: 32}];
// Length of prefix mask len for IPv6 (e.g. 0, 128).
// Defaults to 128 when unset.
// For example, trusted address from x-forwarded-for is `2001:abcd:ef01:2345:6789:abcd:ef01:234`,
// For example, trusted address from x-forwarded-for is ``2001:abcd:ef01:2345:6789:abcd:ef01:234``,
// the descriptor entry is ("masked_remote_address", "2001:abcd:ef01:2345:6789:abcd:ef01:234/128");
// if mask len is 64, the descriptor entry is ("masked_remote_address", "2001:abcd:ef01:2345::/64").
google.protobuf.UInt32Value v6_prefix_mask_len = 2 [(validate.rules).uint32 = {lte: 128}];
@ -1870,7 +1965,7 @@ message RateLimit {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.route.RateLimit.Action.HeaderValueMatch";
// The key to use in the descriptor entry. Defaults to `header_match`.
// The key to use in the descriptor entry. Defaults to ``header_match``.
string descriptor_key = 4;
// The value to use in the descriptor entry.
@ -1907,7 +2002,7 @@ message RateLimit {
// only happen if the value in the dynamic metadata is of type string.
type.metadata.v3.MetadataKey metadata_key = 2 [(validate.rules).message = {required: true}];
// An optional value to use if *metadata_key* is empty. If not set and
// An optional value to use if ``metadata_key`` is empty. If not set and
// no value is present under the metadata_key then no descriptor is generated.
string default_value = 3;
}
@ -1917,6 +2012,7 @@ message RateLimit {
// .. code-block:: cpp
//
// ("<descriptor_key>", "<value_queried_from_metadata>")
// [#next-free-field: 6]
message MetaData {
enum Source {
// Query :ref:`dynamic metadata <well_known_dynamic_metadata>`
@ -1933,12 +2029,45 @@ message RateLimit {
// only happen if the value in the metadata is of type string.
type.metadata.v3.MetadataKey metadata_key = 2 [(validate.rules).message = {required: true}];
// An optional value to use if *metadata_key* is empty. If not set and
// no value is present under the metadata_key then no descriptor is generated.
// An optional value to use if ``metadata_key`` is empty. If not set and
// no value is present under the metadata_key then ``skip_if_absent`` is followed to
// skip calling the rate limiting service or skip the descriptor.
string default_value = 3;
// Source of metadata
Source source = 4 [(validate.rules).enum = {defined_only: true}];
// If set to true, Envoy skips the descriptor while calling rate limiting service
// when ``metadata_key`` is empty and ``default_value`` is not set. By default it skips calling the
// rate limiting service in that case.
bool skip_if_absent = 5;
}
// The following descriptor entry is appended to the descriptor:
//
// .. code-block:: cpp
//
// ("query_match", "<descriptor_value>")
message QueryParameterValueMatch {
// The key to use in the descriptor entry. Defaults to ``query_match``.
string descriptor_key = 4;
// The value to use in the descriptor entry.
string descriptor_value = 1 [(validate.rules).string = {min_len: 1}];
// If set to true, the action will append a descriptor entry when the
// request matches the headers. If set to false, the action will append a
// descriptor entry when the request does not match the headers. The
// default value is true.
google.protobuf.BoolValue expect_match = 2;
// Specifies a set of query parameters that the rate limit action should match
// on. The action will check the requests query parameters against all the
// specified query parameters in the config. A match will happen if all the
// query parameters in the config are present in the request with the same values
// (or based on presence if the value field is not in the config).
repeated QueryParameterMatcher query_parameters = 3
[(validate.rules).repeated = {min_items: 1}];
}
oneof action_specifier {
@ -1987,6 +2116,9 @@ message RateLimit {
// Rate limit on masked remote address.
MaskedRemoteAddress masked_remote_address = 10;
// Rate limit on the existence of query parameters.
QueryParameterValueMatch query_parameter_value_match = 11;
}
}
@ -2037,19 +2169,21 @@ message RateLimit {
// .. attention::
//
// Internally, Envoy always uses the HTTP/2 *:authority* header to represent the HTTP/1 *Host*
// header. Thus, if attempting to match on *Host*, match on *:authority* instead.
// Internally, Envoy always uses the HTTP/2 ``:authority`` header to represent the HTTP/1 ``Host``
// header. Thus, if attempting to match on ``Host``, match on ``:authority`` instead.
//
// .. attention::
//
// To route on HTTP method, use the special HTTP/2 *:method* header. This works for both
// To route on HTTP method, use the special HTTP/2 ``:method`` header. This works for both
// HTTP/1 and HTTP/2 as Envoy normalizes headers. E.g.,
//
// .. code-block:: json
//
// {
// "name": ":method",
// "exact_match": "POST"
// "string_match": {
// "exact": "POST"
// }
// }
//
// .. attention::
@ -2059,7 +2193,7 @@ message RateLimit {
// value.
//
// [#next-major-version: HeaderMatcher should be refactored to use StringMatcher.]
// [#next-free-field: 14]
// [#next-free-field: 15]
message HeaderMatcher {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.HeaderMatcher";
@ -2094,8 +2228,8 @@ message HeaderMatcher {
//
// Examples:
//
// * For range [-10,0), route will match for header value -1, but not for 0, "somestring", 10.9,
// "-1somestring"
// * For range [-10,0), route will match for header value -1, but not for 0, ``somestring``, 10.9,
// ``-1somestring``
type.v3.Int64Range range_match = 6;
// If specified as true, header match will be performed based on whether the header is in the
@ -2108,7 +2242,7 @@ message HeaderMatcher {
//
// Examples:
//
// * The prefix *abcd* matches the value *abcdxyz*, but not for *abcxyz*.
// * The prefix ``abcd`` matches the value ``abcdxyz``, but not for ``abcxyz``.
string prefix_match = 9 [
deprecated = true,
(validate.rules).string = {min_len: 1},
@ -2121,7 +2255,7 @@ message HeaderMatcher {
//
// Examples:
//
// * The suffix *abcd* matches the value *xyzabcd*, but not for *xyzbcd*.
// * The suffix ``abcd`` matches the value ``xyzabcd``, but not for ``xyzbcd``.
string suffix_match = 10 [
deprecated = true,
(validate.rules).string = {min_len: 1},
@ -2135,7 +2269,7 @@ message HeaderMatcher {
//
// Examples:
//
// * The value *abcd* matches the value *xyzabcdpqr*, but not for *xyzbcdpqr*.
// * The value ``abcd`` matches the value ``xyzabcdpqr``, but not for ``xyzbcdpqr``.
string contains_match = 12 [
deprecated = true,
(validate.rules).string = {min_len: 1},
@ -2150,9 +2284,37 @@ message HeaderMatcher {
//
// Examples:
//
// * The regex ``\d{3}`` does not match the value *1234*, so it will match when inverted.
// * The regex ``\d{3}`` does not match the value ``1234``, so it will match when inverted.
// * The range [-10,0) will match the value -1, so it will not match when inverted.
bool invert_match = 8;
// If specified, for any header match rule, if the header match rule specified header
// does not exist, this header value will be treated as empty. Defaults to false.
//
// Examples:
//
// * The header match rule specified header "header1" to range match of [0, 10],
// :ref:`invert_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.invert_match>`
// is set to true and :ref:`treat_missing_header_as_empty <envoy_v3_api_field_config.route.v3.HeaderMatcher.treat_missing_header_as_empty>`
// is set to true; The "header1" header is not present. The match rule will
// treat the "header1" as an empty header. The empty header does not match the range,
// so it will match when inverted.
// * The header match rule specified header "header2" to range match of [0, 10],
// :ref:`invert_match <envoy_v3_api_field_config.route.v3.HeaderMatcher.invert_match>`
// is set to true and :ref:`treat_missing_header_as_empty <envoy_v3_api_field_config.route.v3.HeaderMatcher.treat_missing_header_as_empty>`
// is set to false; The "header2" header is not present and the header
// matcher rule for "header2" will be ignored so it will not match.
// * The header match rule specified header "header3" to a string regex match
// ``^$`` which means an empty string, and
// :ref:`treat_missing_header_as_empty <envoy_v3_api_field_config.route.v3.HeaderMatcher.treat_missing_header_as_empty>`
// is set to true; The "header3" header is not present.
// The match rule will treat the "header3" header as an empty header so it will match.
// * The header match rule specified header "header4" to a string regex match
// ``^$`` which means an empty string, and
// :ref:`treat_missing_header_as_empty <envoy_v3_api_field_config.route.v3.HeaderMatcher.treat_missing_header_as_empty>`
// is set to false; The "header4" header is not present.
// The match rule for "header4" will be ignored so it will not match.
bool treat_missing_header_as_empty = 14;
}
// Query parameter matching treats the query string of a request's :path header
@ -2167,7 +2329,7 @@ message QueryParameterMatcher {
reserved "value", "regex";
// Specifies the name of a key that must be present in the requested
// *path*'s query string.
// ``path``'s query string.
string name = 1 [(validate.rules).string = {min_len: 1 max_bytes: 1024}];
oneof query_parameter_match_specifier {

2
xds/third_party/envoy/src/main/proto/envoy/config/route/v3/scoped_route.proto vendored
View File

@ -77,7 +77,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
// Host: foo.com
// X-Route-Selector: vip=172.10.10.20
//
// would result in the routing table defined by the `route-config1`
// would result in the routing table defined by the ``route-config1``
// RouteConfiguration being assigned to the HTTP request/stream.
//
// [#next-free-field: 6]

4
xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/datadog.proto vendored
View File

@ -27,4 +27,8 @@ message DatadogConfig {
// The name used for the service when traces are generated by envoy.
string service_name = 2 [(validate.rules).string = {min_len: 1}];
// Optional hostname to use when sending spans to the collector_cluster. Useful for collectors
// that require a specific hostname. Defaults to :ref:`collector_cluster <envoy_v3_api_field_config.trace.v3.DatadogConfig.collector_cluster>` above.
string collector_hostname = 3;
}

1
xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/lightstep.proto vendored
View File

@ -22,6 +22,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
// Configuration for the LightStep tracer.
// [#extension: envoy.tracers.lightstep]
// [#not-implemented-hide:]
message LightstepConfig {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.trace.v2.LightstepConfig";

28
xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/opentelemetry.proto vendored Normal file
View File

@ -0,0 +1,28 @@
syntax = "proto3";
package envoy.config.trace.v3;
import "envoy/config/core/v3/grpc_service.proto";
import "udpa/annotations/status.proto";
option java_package = "io.envoyproxy.envoy.config.trace.v3";
option java_outer_classname = "OpentelemetryProto";
option java_multiple_files = true;
option go_package = "github.com/envoyproxy/go-control-plane/envoy/config/trace/v3;tracev3";
option (udpa.annotations.file_status).package_version_status = ACTIVE;
// [#protodoc-title: OpenTelemetry tracer]
// Configuration for the OpenTelemetry tracer.
// [#extension: envoy.tracers.opentelemetry]
message OpenTelemetryConfig {
// The upstream gRPC cluster that will receive OTLP traces.
// Note that the tracer drops traces if the server does not read data fast enough.
// This field can be left empty to disable reporting traces to the collector.
core.v3.GrpcService grpc_service = 1;
// The name for the service. This will be populated in the ResourceSpan Resource attributes.
// If it is not provided, it will default to "unknown_service:envoy".
string service_name = 2;
}

1
xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/trace.proto vendored
View File

@ -7,6 +7,7 @@ import public "envoy/config/trace/v3/dynamic_ot.proto";
import public "envoy/config/trace/v3/http_tracer.proto";
import public "envoy/config/trace/v3/lightstep.proto";
import public "envoy/config/trace/v3/opencensus.proto";
import public "envoy/config/trace/v3/opentelemetry.proto";
import public "envoy/config/trace/v3/service.proto";
import public "envoy/config/trace/v3/zipkin.proto";

17
xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/zipkin.proto vendored
View File

@ -21,7 +21,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
// Configuration for the Zipkin tracer.
// [#extension: envoy.tracers.zipkin]
// [#next-free-field: 7]
// [#next-free-field: 8]
message ZipkinConfig {
option (udpa.annotations.versioning).previous_message_type = "envoy.config.trace.v2.ZipkinConfig";
@ -68,4 +68,19 @@ message ZipkinConfig {
// Optional hostname to use when sending spans to the collector_cluster. Useful for collectors
// that require a specific hostname. Defaults to :ref:`collector_cluster <envoy_v3_api_field_config.trace.v3.ZipkinConfig.collector_cluster>` above.
string collector_hostname = 6;
// If this is set to true, then Envoy will be treated as an independent hop in trace chain. A complete span pair will be created for a single
// request. Server span will be created for the downstream request and client span will be created for the related upstream request.
// This should be set to true in the following cases:
//
// * The Envoy Proxy is used as gateway or ingress.
// * The Envoy Proxy is used as sidecar but inbound traffic capturing or outbound traffic capturing is disabled.
// * Any case that the `start_child_span of router <envoy_v3_api_field_extensions.filters.http.router.v3.Router.start_child_span>` is set to true.
//
// .. attention::
//
// If this is set to true, then the
// :ref:`start_child_span of router <envoy_v3_api_field_extensions.filters.http.router.v3.Router.start_child_span>`
// SHOULD be set to true also to ensure the correctness of trace chain.
bool split_spans_for_request = 7;
}

10
xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/fault/v3/fault.proto vendored
View File

@ -65,7 +65,7 @@ message HTTPFault {
common.fault.v3.FaultDelay delay = 1;
// If specified, the filter will abort requests based on the values in
// the object. At least *abort* or *delay* must be specified.
// the object. At least ``abort`` or ``delay`` must be specified.
FaultAbort abort = 2;
// Specifies the name of the (destination) upstream cluster that the
@ -81,7 +81,7 @@ message HTTPFault {
// The filter will check the request's headers against all the specified
// headers in the filter config. A match will happen if all the headers in the
// config are present in the request with the same values (or based on
// presence if the *value* field is not in the config).
// presence if the ``value`` field is not in the config).
repeated config.route.v3.HeaderMatcher headers = 4;
// Faults are injected for the specified list of downstream hosts. If this
@ -96,9 +96,9 @@ message HTTPFault {
// filter. Note that because this setting can be overridden at the route level, it's possible
// for the number of active faults to be greater than this value (if injected via a different
// route). If not specified, defaults to unlimited. This setting can be overridden via
// `runtime <config_http_filters_fault_injection_runtime>` and any faults that are not injected
// due to overflow will be indicated via the `faults_overflow
// <config_http_filters_fault_injection_stats>` stat.
// ``runtime <config_http_filters_fault_injection_runtime>`` and any faults that are not injected
// due to overflow will be indicated via the ``faults_overflow
// <config_http_filters_fault_injection_stats>`` stat.
//
// .. attention::
// Like other :ref:`circuit breakers <arch_overview_circuit_break>` in Envoy, this is a fuzzy

30
xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/rbac/v3/rbac.proto vendored
View File

@ -4,6 +4,10 @@ package envoy.extensions.filters.http.rbac.v3;
import "envoy/config/rbac/v3/rbac.proto";
import "xds/annotations/v3/status.proto";
import "xds/type/matcher/v3/matcher.proto";
import "udpa/annotations/migrate.proto";
import "udpa/annotations/status.proto";
import "udpa/annotations/versioning.proto";
@ -18,6 +22,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
// [#extension: envoy.filters.http.rbac]
// RBAC filter config.
// [#next-free-field: 6]
message RBAC {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.filter.http.rbac.v2.RBAC";
@ -25,12 +30,33 @@ message RBAC {
// Specify the RBAC rules to be applied globally.
// If absent, no enforcing RBAC policy will be applied.
// If present and empty, DENY.
config.rbac.v3.RBAC rules = 1;
// If both rules and matcher are configured, rules will be ignored.
config.rbac.v3.RBAC rules = 1
[(udpa.annotations.field_migrate).oneof_promotion = "rules_specifier"];
// The match tree to use when resolving RBAC action for incoming requests. Requests do not
// match any matcher will be denied.
// If absent, no enforcing RBAC matcher will be applied.
// If present and empty, deny all requests.
xds.type.matcher.v3.Matcher matcher = 4 [
(udpa.annotations.field_migrate).oneof_promotion = "rules_specifier",
(xds.annotations.v3.field_status).work_in_progress = true
];
// Shadow rules are not enforced by the filter (i.e., returning a 403)
// but will emit stats and logs and can be used for rule testing.
// If absent, no shadow RBAC policy will be applied.
config.rbac.v3.RBAC shadow_rules = 2;
// If both shadow rules and shadow matcher are configured, shadow rules will be ignored.
config.rbac.v3.RBAC shadow_rules = 2
[(udpa.annotations.field_migrate).oneof_promotion = "shadow_rules_specifier"];
// The match tree to use for emitting stats and logs which can be used for rule testing for
// incoming requests.
// If absent, no shadow matcher will be applied.
xds.type.matcher.v3.Matcher shadow_matcher = 5 [
(udpa.annotations.field_migrate).oneof_promotion = "shadow_rules_specifier",
(xds.annotations.v3.field_status).work_in_progress = true
];
// If specified, shadow rules will emit stats with the given prefix.
// This is useful to distinguish the stat when there are more than 1 RBAC filter configured with

25
xds/third_party/envoy/src/main/proto/envoy/extensions/filters/http/router/v3/router.proto vendored
View File

@ -3,6 +3,7 @@ syntax = "proto3";
package envoy.extensions.filters.http.router.v3;
import "envoy/config/accesslog/v3/accesslog.proto";
import "envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto";
import "google/protobuf/wrappers.proto";
@ -20,7 +21,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
// Router :ref:`configuration overview <config_http_filters_router>`.
// [#extension: envoy.filters.http.router]
// [#next-free-field: 8]
// [#next-free-field: 9]
message Router {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.filter.http.router.v2.Router";
@ -41,10 +42,10 @@ message Router {
// requests may be made for each downstream (inbound) request.
repeated config.accesslog.v3.AccessLog upstream_log = 3;
// Do not add any additional *x-envoy-* headers to requests or responses. This
// only affects the :ref:`router filter generated *x-envoy-* headers
// Do not add any additional ``x-envoy-`` headers to requests or responses. This
// only affects the :ref:`router filter generated x-envoy- headers
// <config_http_filters_router_headers_set>`, other Envoy filters and the HTTP
// connection manager may continue to set *x-envoy-* headers.
// connection manager may continue to set ``x-envoy-`` headers.
bool suppress_envoy_headers = 4;
// Specifies a list of HTTP headers to strictly validate. Envoy will reject a
@ -89,4 +90,20 @@ message Router {
// :ref:`gRPC stats filter<config_http_filters_grpc_stats>` documentation
// for more details.
bool suppress_grpc_request_failure_code_stats = 7;
// .. note::
// Upstream HTTP filters are currently in alpha.
//
// Optional HTTP filters for the upstream filter chain.
//
// These filters will be applied for all requests that pass through the router.
// They will also be applied to shadowed requests.
// Upstream filters cannot change route or cluster.
// Upstream filters specified on the cluster will override these filters.
//
// If using upstream filters, please be aware that local errors sent by
// upstream filters will not trigger retries, and local errors sent by
// upstream filters will count as a final response if hedging is configured.
// [#extension-category: envoy.filters.http.upstream]
repeated network.http_connection_manager.v3.HttpFilter upstream_http_filters = 8;
}

126
xds/third_party/envoy/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto vendored
View File

@ -36,7 +36,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
// HTTP connection manager :ref:`configuration overview <config_http_conn_man>`.
// [#extension: envoy.filters.network.http_connection_manager]
// [#next-free-field: 50]
// [#next-free-field: 53]
message HttpConnectionManager {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager";
@ -187,7 +187,7 @@ message HttpConnectionManager {
// If not specified, no tracing will be performed.
//
// .. attention::
// Please be aware that *envoy.tracers.opencensus* provider can only be configured once
// Please be aware that ``envoy.tracers.opencensus`` provider can only be configured once
// in Envoy lifetime.
// Any attempts to reconfigure it or to use different configurations for different HCM filters
// will be rejected.
@ -280,13 +280,13 @@ message HttpConnectionManager {
// path will be visible internally if a transformation is enabled. Any path rewrites that the
// router performs (e.g. :ref:`regex_rewrite
// <envoy_v3_api_field_config.route.v3.RouteAction.regex_rewrite>` or :ref:`prefix_rewrite
// <envoy_v3_api_field_config.route.v3.RouteAction.prefix_rewrite>`) will apply to the *:path* header
// <envoy_v3_api_field_config.route.v3.RouteAction.prefix_rewrite>`) will apply to the ``:path`` header
// destined for the upstream.
//
// Note: access logging and tracing will show the original *:path* header.
// Note: access logging and tracing will show the original ``:path`` header.
message PathNormalizationOptions {
// [#not-implemented-hide:] Normalization applies internally before any processing of requests by
// HTTP filters, routing, and matching *and* will affect the forwarded *:path* header. Defaults
// HTTP filters, routing, and matching *and* will affect the forwarded ``:path`` header. Defaults
// to :ref:`NormalizePathRFC3986
// <envoy_v3_api_msg_type.http.v3.PathTransformation.Operation.NormalizePathRFC3986>`. When not
// specified, this value may be overridden by the runtime variable
@ -297,7 +297,7 @@ message HttpConnectionManager {
// [#not-implemented-hide:] Normalization only applies internally before any processing of
// requests by HTTP filters, routing, and matching. These will be applied after full
// transformation is applied. The *:path* header before this transformation will be restored in
// transformation is applied. The ``:path`` header before this transformation will be restored in
// the router filter and sent upstream unless it was mutated by a filter. Defaults to no
// transformations.
// Multiple actions can be applied in the same Transformation, forming a sequential
@ -320,36 +320,36 @@ message HttpConnectionManager {
// [#next-free-field: 7]
message ProxyStatusConfig {
// If true, the details field of the Proxy-Status header is not populated with stream_info.response_code_details.
// This value defaults to `false`, i.e. the `details` field is populated by default.
// This value defaults to ``false``, i.e. the ``details`` field is populated by default.
bool remove_details = 1;
// If true, the details field of the Proxy-Status header will not contain
// connection termination details. This value defaults to `false`, i.e. the
// `details` field will contain connection termination details by default.
// connection termination details. This value defaults to ``false``, i.e. the
// ``details`` field will contain connection termination details by default.
bool remove_connection_termination_details = 2;
// If true, the details field of the Proxy-Status header will not contain an
// enumeration of the Envoy ResponseFlags. This value defaults to `false`,
// i.e. the `details` field will contain a list of ResponseFlags by default.
// enumeration of the Envoy ResponseFlags. This value defaults to ``false``,
// i.e. the ``details`` field will contain a list of ResponseFlags by default.
bool remove_response_flags = 3;
// If true, overwrites the existing Status header with the response code
// recommended by the Proxy-Status spec.
// This value defaults to `false`, i.e. the HTTP response code is not
// This value defaults to ``false``, i.e. the HTTP response code is not
// overwritten.
bool set_recommended_response_code = 4;
// The name of the proxy as it appears at the start of the Proxy-Status
// header.
//
// If neither of these values are set, this value defaults to `server_name`,
// If neither of these values are set, this value defaults to ``server_name``,
// which itself defaults to "envoy".
oneof proxy_name {
// If `use_node_id` is set, Proxy-Status headers will use the Envoy's node
// If ``use_node_id`` is set, Proxy-Status headers will use the Envoy's node
// ID as the name of the proxy.
bool use_node_id = 5;
// If `literal_proxy_name` is set, Proxy-Status headers will use this
// If ``literal_proxy_name`` is set, Proxy-Status headers will use this
// value as the name of the proxy.
string literal_proxy_name = 6;
}
@ -403,6 +403,10 @@ message HttpConnectionManager {
[(udpa.annotations.security).configure_for_untrusted_downstream = true];
// Additional HTTP/1 settings that are passed to the HTTP/1 codec.
// [#comment:TODO: The following fields are ignored when the
// :ref:`header validation configuration <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.typed_header_validation_config>`
// is present:
// 1. :ref:`allow_chunked_length <envoy_v3_api_field_config.core.v3.Http1ProtocolOptions.allow_chunked_length>`]
config.core.v3.Http1ProtocolOptions http_protocol_options = 8;
// Additional HTTP/2 settings that are passed directly to the HTTP/2 codec.
@ -414,7 +418,7 @@ message HttpConnectionManager {
config.core.v3.Http3ProtocolOptions http3_protocol_options = 44;
// An optional override that the connection manager will write to the server
// header in responses. If not set, the default is *envoy*.
// header in responses. If not set, the default is ``envoy``.
string server_name = 10
[(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}];
@ -575,6 +579,15 @@ message HttpConnectionManager {
// [#extension-category: envoy.http.original_ip_detection]
repeated config.core.v3.TypedExtensionConfig original_ip_detection_extensions = 46;
// The configuration for the early header mutation extensions.
//
// When configured the extensions will be called before any routing, tracing, or any filter processing.
// Each extension will be applied in the order they are configured.
// If the same header is mutated by multiple extensions, then the last extension will win.
//
// [#extension-category: envoy.http.early_header_mutation]
repeated config.core.v3.TypedExtensionConfig early_header_mutation_extensions = 52;
// Configures what network addresses are considered internal for stats and header sanitation
// purposes. If unspecified, only RFC1918 IP addresses will be considered internal.
// See the documentation for :ref:`config_http_conn_man_headers_x-envoy-internal` for more
@ -587,7 +600,7 @@ message HttpConnectionManager {
// has mutated the request headers. While :ref:`use_remote_address
// <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.use_remote_address>`
// will also suppress XFF addition, it has consequences for logging and other
// Envoy uses of the remote address, so *skip_xff_append* should be used
// Envoy uses of the remote address, so ``skip_xff_append`` should be used
// when only an elision of XFF addition is intended.
bool skip_xff_append = 21;
@ -621,8 +634,8 @@ message HttpConnectionManager {
// <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.forward_client_cert_details>`
// is APPEND_FORWARD or SANITIZE_SET and the client connection is mTLS. It specifies the fields in
// the client certificate to be forwarded. Note that in the
// :ref:`config_http_conn_man_headers_x-forwarded-client-cert` header, *Hash* is always set, and
// *By* is always set when the client certificate presents the URI type Subject Alternative Name
// :ref:`config_http_conn_man_headers_x-forwarded-client-cert` header, ``Hash`` is always set, and
// ``By`` is always set when the client certificate presents the URI type Subject Alternative Name
// value.
SetCurrentClientCertDetails set_current_client_cert_details = 17;
@ -636,7 +649,7 @@ message HttpConnectionManager {
// :ref:`use_remote_address
// <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.use_remote_address>`
// is true and represent_ipv4_remote_address_as_ipv4_mapped_ipv6 is true and the remote address is
// an IPv4 address, the address will be mapped to IPv6 before it is appended to *x-forwarded-for*.
// an IPv4 address, the address will be mapped to IPv6 before it is appended to ``x-forwarded-for``.
// This is useful for testing compatibility of upstream services that parse the header value. For
// example, 50.0.0.1 is represented as ::FFFF:50.0.0.1. See `IPv4-Mapped IPv6 Addresses
// <https://tools.ietf.org/html/rfc4291#section-2.5.5.2>`_ for details. This will also affect the
@ -650,7 +663,7 @@ message HttpConnectionManager {
repeated UpgradeConfig upgrade_configs = 23;
// Should paths be normalized according to RFC 3986 before any processing of
// requests by HTTP filters or routing? This affects the upstream *:path* header
// requests by HTTP filters or routing? This affects the upstream ``:path`` header
// as well. For paths that fail this check, Envoy will respond with 400 to
// paths that are malformed. This defaults to false currently but will default
// true in the future. When not specified, this value may be overridden by the
@ -660,13 +673,19 @@ message HttpConnectionManager {
// for details of normalization.
// Note that Envoy does not perform
// `case normalization <https://tools.ietf.org/html/rfc3986#section-6.2.2.1>`_
// [#comment:TODO: This field is ignored when the
// :ref:`header validation configuration <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.typed_header_validation_config>`
// is present.]
google.protobuf.BoolValue normalize_path = 30;
// Determines if adjacent slashes in the path are merged into one before any processing of
// requests by HTTP filters or routing. This affects the upstream *:path* header as well. Without
// setting this option, incoming requests with path `//dir///file` will not match against route
// with `prefix` match set to `/dir`. Defaults to `false`. Note that slash merging is not part of
// requests by HTTP filters or routing. This affects the upstream ``:path`` header as well. Without
// setting this option, incoming requests with path ``//dir///file`` will not match against route
// with ``prefix`` match set to ``/dir``. Defaults to ``false``. Note that slash merging is not part of
// `HTTP spec <https://tools.ietf.org/html/rfc3986>`_ and is provided for convenience.
// [#comment:TODO: This field is ignored when the
// :ref:`header validation configuration <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.typed_header_validation_config>`
// is present.]
bool merge_slashes = 33;
// Action to take when request URL path contains escaped slash sequences (%2F, %2f, %5C and %5c).
@ -674,6 +693,9 @@ message HttpConnectionManager {
// runtime variable.
// The :ref:`http_connection_manager.path_with_escaped_slashes_action_sampling<config_http_conn_man_runtime_path_with_escaped_slashes_action_enabled>` runtime
// variable can be used to apply the action to a portion of all requests.
// [#comment:TODO: This field is ignored when the
// :ref:`header validation configuration <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.typed_header_validation_config>`
// is present.]
PathWithEscapedSlashesAction path_with_escaped_slashes_action = 45;
// The configuration of the request ID extension. This includes operations such as
@ -704,10 +726,10 @@ message HttpConnectionManager {
// local port. This affects the upstream host header unless the method is
// CONNECT in which case if no filter adds a port the original port will be restored before headers are
// sent upstream.
// Without setting this option, incoming requests with host `example:443` will not match against
// route with :ref:`domains<envoy_v3_api_field_config.route.v3.VirtualHost.domains>` match set to `example`. Defaults to `false`. Note that port removal is not part
// Without setting this option, incoming requests with host ``example:443`` will not match against
// route with :ref:`domains<envoy_v3_api_field_config.route.v3.VirtualHost.domains>` match set to ``example``. Defaults to ``false``. Note that port removal is not part
// of `HTTP spec <https://tools.ietf.org/html/rfc3986>`_ and is provided for convenience.
// Only one of `strip_matching_host_port` or `strip_any_host_port` can be set.
// Only one of ``strip_matching_host_port`` or ``strip_any_host_port`` can be set.
bool strip_matching_host_port = 39
[(udpa.annotations.field_migrate).oneof_promotion = "strip_port_mode"];
@ -716,10 +738,10 @@ message HttpConnectionManager {
// of request by HTTP filters or routing.
// This affects the upstream host header unless the method is CONNECT in
// which case if no filter adds a port the original port will be restored before headers are sent upstream.
// Without setting this option, incoming requests with host `example:443` will not match against
// route with :ref:`domains<envoy_v3_api_field_config.route.v3.VirtualHost.domains>` match set to `example`. Defaults to `false`. Note that port removal is not part
// Without setting this option, incoming requests with host ``example:443`` will not match against
// route with :ref:`domains<envoy_v3_api_field_config.route.v3.VirtualHost.domains>` match set to ``example``. Defaults to ``false``. Note that port removal is not part
// of `HTTP spec <https://tools.ietf.org/html/rfc3986>`_ and is provided for convenience.
// Only one of `strip_matching_host_port` or `strip_any_host_port` can be set.
// Only one of ``strip_matching_host_port`` or ``strip_any_host_port`` can be set.
bool strip_any_host_port = 42;
}
@ -737,14 +759,14 @@ message HttpConnectionManager {
// <envoy_v3_api_field_config.core.v3.Http1ProtocolOptions.override_stream_error_on_invalid_http_message>` or the new HTTP/2 option
// :ref:`override_stream_error_on_invalid_http_message
// <envoy_v3_api_field_config.core.v3.Http2ProtocolOptions.override_stream_error_on_invalid_http_message>`
// *not* the deprecated but similarly named :ref:`stream_error_on_invalid_http_messaging
// ``not`` the deprecated but similarly named :ref:`stream_error_on_invalid_http_messaging
// <envoy_v3_api_field_config.core.v3.Http2ProtocolOptions.stream_error_on_invalid_http_messaging>`
google.protobuf.BoolValue stream_error_on_invalid_http_message = 40;
// [#not-implemented-hide:] Path normalization configuration. This includes
// configurations for transformations (e.g. RFC 3986 normalization or merge
// adjacent slashes) and the policy to apply them. The policy determines
// whether transformations affect the forwarded *:path* header. RFC 3986 path
// whether transformations affect the forwarded ``:path`` header. RFC 3986 path
// normalization is enabled by default and the default policy is that the
// normalized header will be forwarded. See :ref:`PathNormalizationOptions
// <envoy_v3_api_msg_extensions.filters.network.http_connection_manager.v3.PathNormalizationOptions>`
@ -754,17 +776,45 @@ message HttpConnectionManager {
// Determines if trailing dot of the host should be removed from host/authority header before any
// processing of request by HTTP filters or routing.
// This affects the upstream host header.
// Without setting this option, incoming requests with host `example.com.` will not match against
// route with :ref:`domains<envoy_v3_api_field_config.route.v3.VirtualHost.domains>` match set to `example.com`. Defaults to `false`.
// Without setting this option, incoming requests with host ``example.com.`` will not match against
// route with :ref:`domains<envoy_v3_api_field_config.route.v3.VirtualHost.domains>` match set to ``example.com``. Defaults to ``false``.
// When the incoming request contains a host/authority header that includes a port number,
// setting this option will strip a trailing dot, if present, from the host section,
// leaving the port as is (e.g. host value `example.com.:443` will be updated to `example.com:443`).
// leaving the port as is (e.g. host value ``example.com.:443`` will be updated to ``example.com:443``).
bool strip_trailing_host_dot = 47;
// Proxy-Status HTTP response header configuration.
// If this config is set, the Proxy-Status HTTP response header field is
// populated. By default, it is not.
ProxyStatusConfig proxy_status_config = 49;
// Configuration options for Header Validation (UHV).
// UHV is an extensible mechanism for checking validity of HTTP requests as well as providing
// normalization for request attributes, such as URI path.
// If the typed_header_validation_config is present it overrides the following options:
// ``normalize_path``, ``merge_slashes``, ``path_with_escaped_slashes_action``
// ``http_protocol_options.allow_chunked_length``, ``common_http_protocol_options.headers_with_underscores_action``.
//
// The default UHV checks the following:
//
// #. HTTP/1 header map validity according to `RFC 7230 section 3.2<https://datatracker.ietf.org/doc/html/rfc7230#section-3.2>`_
// #. Syntax of HTTP/1 request target URI and response status
// #. HTTP/2 header map validity according to `RFC 7540 section 8.1.2<https://datatracker.ietf.org/doc/html/rfc7540#section-8.1.2`_
// #. Syntax of HTTP/2 pseudo headers
// #. HTTP/3 header map validity according to `RFC 9114 section 4.3 <https://www.rfc-editor.org/rfc/rfc9114.html>`_
// #. Syntax of HTTP/3 pseudo headers
// #. Syntax of ``Content-Length`` and ``Transfer-Encoding``
// #. Validation of HTTP/1 requests with both ``Content-Length`` and ``Transfer-Encoding`` headers
// #. Normalization of the URI path according to `Normalization and Comparison <https://datatracker.ietf.org/doc/html/rfc3986#section-6>`_
// without `case normalization <https://datatracker.ietf.org/doc/html/rfc3986#section-6.2.2.1>`_
//
// [#not-implemented-hide:]
// [#extension-category: envoy.http.header_validators]
config.core.v3.TypedExtensionConfig typed_header_validation_config = 50;
// Append the `x-forwarded-port` header with the port value client used to connect to Envoy. It
// will be ignored if the `x-forwarded-port` header has been set by any trusted proxy in front of Envoy.
bool append_x_forwarded_port = 51;
}
// The configuration to customize local reply returned by Envoy.
@ -823,11 +873,11 @@ message ResponseMapper {
// The new response status code if specified.
google.protobuf.UInt32Value status_code = 2 [(validate.rules).uint32 = {lt: 600 gte: 200}];
// The new local reply body text if specified. It will be used in the `%LOCAL_REPLY_BODY%`
// command operator in the `body_format`.
// The new local reply body text if specified. It will be used in the ``%LOCAL_REPLY_BODY%``
// command operator in the ``body_format``.
config.core.v3.DataSource body = 3;
// A per mapper `body_format` to override the :ref:`body_format <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.LocalReplyConfig.body_format>`.
// A per mapper ``body_format`` to override the :ref:`body_format <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.LocalReplyConfig.body_format>`.
// It will be used when this mapper is matched.
config.core.v3.SubstitutionFormatString body_format_override = 4;

59
xds/third_party/envoy/src/main/proto/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.proto vendored Normal file
View File

@ -0,0 +1,59 @@
syntax = "proto3";
package envoy.extensions.load_balancing_policies.client_side_weighted_round_robin.v3;
import "google/protobuf/duration.proto";
import "google/protobuf/wrappers.proto";
import "udpa/annotations/status.proto";
option java_package = "io.envoyproxy.envoy.extensions.load_balancing_policies.client_side_weighted_round_robin.v3";
option java_outer_classname = "ClientSideWeightedRoundRobinProto";
option java_multiple_files = true;
option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3;client_side_weighted_round_robinv3";
option (udpa.annotations.file_status).package_version_status = ACTIVE;
// [#protodoc-title: Client-Side Weighted Round Robin Load Balancing Policy]
// [#not-implemented-hide:]
// Configuration for the client_side_weighted_round_robin LB policy.
//
// This policy differs from the built-in ROUND_ROBIN policy in terms of
// how the endpoint weights are determined. In the ROUND_ROBIN policy,
// the endpoint weights are sent by the control plane via EDS. However,
// in this policy, the endpoint weights are instead determined via
// qps and CPU utilization metrics sent by the endpoint using the Open
// Request Cost Aggregation (ORCA) protocol. The weight of a given endpoint
// is computed as qps / cpu_utilization.
//
// See the :ref:`load balancing architecture overview<arch_overview_load_balancing_types>` for more information.
//
// [#next-free-field: 6]
message ClientSideWeightedRoundRobin {
// Whether to enable out-of-band utilization reporting collection from
// the endpoints. By default, per-request utilization reporting is used.
google.protobuf.BoolValue enable_oob_load_report = 1;
// Load reporting interval to request from the server. Note that the
// server may not provide reports as frequently as the client requests.
// Used only when enable_oob_load_report is true. Default is 10 seconds.
google.protobuf.Duration oob_reporting_period = 2;
// A given endpoint must report load metrics continuously for at least
// this long before the endpoint weight will be used. This avoids
// churn when the set of endpoint addresses changes. Takes effect
// both immediately after we establish a connection to an endpoint and
// after weight_expiration_period has caused us to stop using the most
// recent load metrics. Default is 10 seconds.
google.protobuf.Duration blackout_period = 3;
// If a given endpoint has not reported load metrics in this long,
// then we stop using the reported weight. This ensures that we do
// not continue to use very stale weights. Once we stop using a stale
// value, if we later start seeing fresh reports again, the
// blackout_period applies. Defaults to 3 minutes.
google.protobuf.Duration weight_expiration_period = 4;
// How often endpoint weights are recalculated. Default is 1 second.
google.protobuf.Duration weight_update_period = 5;
}

114
xds/third_party/envoy/src/main/proto/envoy/extensions/load_balancing_policies/common/v3/common.proto vendored Normal file
View File

@ -0,0 +1,114 @@
syntax = "proto3";
package envoy.extensions.load_balancing_policies.common.v3;
import "envoy/config/core/v3/base.proto";
import "envoy/type/v3/percent.proto";
import "google/protobuf/duration.proto";
import "google/protobuf/wrappers.proto";
import "udpa/annotations/status.proto";
import "validate/validate.proto";
option java_package = "io.envoyproxy.envoy.extensions.load_balancing_policies.common.v3";
option java_outer_classname = "CommonProto";
option java_multiple_files = true;
option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/load_balancing_policies/common/v3;commonv3";
option (udpa.annotations.file_status).package_version_status = ACTIVE;
// [#protodoc-title: Common configuration for two or more load balancing policy extensions]
message LocalityLbConfig {
// Configuration for :ref:`zone aware routing
// <arch_overview_load_balancing_zone_aware_routing>`.
message ZoneAwareLbConfig {
// Configures percentage of requests that will be considered for zone aware routing
// if zone aware routing is configured. If not specified, the default is 100%.
// * :ref:`runtime values <config_cluster_manager_cluster_runtime_zone_routing>`.
// * :ref:`Zone aware routing support <arch_overview_load_balancing_zone_aware_routing>`.
type.v3.Percent routing_enabled = 1;
// Configures minimum upstream cluster size required for zone aware routing
// If upstream cluster size is less than specified, zone aware routing is not performed
// even if zone aware routing is configured. If not specified, the default is 6.
// * :ref:`runtime values <config_cluster_manager_cluster_runtime_zone_routing>`.
// * :ref:`Zone aware routing support <arch_overview_load_balancing_zone_aware_routing>`.
google.protobuf.UInt64Value min_cluster_size = 2;
// If set to true, Envoy will not consider any hosts when the cluster is in :ref:`panic
// mode<arch_overview_load_balancing_panic_threshold>`. Instead, the cluster will fail all
// requests as if all hosts are unhealthy. This can help avoid potentially overwhelming a
// failing service.
bool fail_traffic_on_panic = 3;
}
// Configuration for :ref:`locality weighted load balancing
// <arch_overview_load_balancing_locality_weighted_lb>`
message LocalityWeightedLbConfig {
}
oneof locality_config_specifier {
option (validate.required) = true;
// Configuration for local zone aware load balancing.
ZoneAwareLbConfig zone_aware_lb_config = 1;
// Enable locality weighted load balancing.
LocalityWeightedLbConfig locality_weighted_lb_config = 2;
}
}
// Configuration for :ref:`slow start mode <arch_overview_load_balancing_slow_start>`.
message SlowStartConfig {
// Represents the size of slow start window.
// If set, the newly created host remains in slow start mode starting from its creation time
// for the duration of slow start window.
google.protobuf.Duration slow_start_window = 1;
// This parameter controls the speed of traffic increase over the slow start window. Defaults to 1.0,
// so that endpoint would get linearly increasing amount of traffic.
// When increasing the value for this parameter, the speed of traffic ramp-up increases non-linearly.
// The value of aggression parameter should be greater than 0.0.
// By tuning the parameter, is possible to achieve polynomial or exponential shape of ramp-up curve.
//
// During slow start window, effective weight of an endpoint would be scaled with time factor and aggression:
// ``new_weight = weight * max(min_weight_percent, time_factor ^ (1 / aggression))``,
// where ``time_factor=(time_since_start_seconds / slow_start_time_seconds)``.
//
// As time progresses, more and more traffic would be sent to endpoint, which is in slow start window.
// Once host exits slow start, time_factor and aggression no longer affect its weight.
config.core.v3.RuntimeDouble aggression = 2;
// Configures the minimum percentage of origin weight that avoids too small new weight,
// which may cause endpoints in slow start mode receive no traffic in slow start window.
// If not specified, the default is 10%.
type.v3.Percent min_weight_percent = 3;
}
// Common Configuration for all consistent hashing load balancers (MaglevLb, RingHashLb, etc.)
message ConsistentHashingLbConfig {
// If set to ``true``, the cluster will use hostname instead of the resolved
// address as the key to consistently hash to an upstream host. Only valid for StrictDNS clusters with hostnames which resolve to a single IP address.
bool use_hostname_for_hashing = 1;
// Configures percentage of average cluster load to bound per upstream host. For example, with a value of 150
// no upstream host will get a load more than 1.5 times the average load of all the hosts in the cluster.
// If not specified, the load is not bounded for any upstream host. Typical value for this parameter is between 120 and 200.
// Minimum is 100.
//
// Applies to both Ring Hash and Maglev load balancers.
//
// This is implemented based on the method described in the paper https://arxiv.org/abs/1608.01350. For the specified
// ``hash_balance_factor``, requests to any upstream host are capped at ``hash_balance_factor/100`` times the average number of requests
// across the cluster. When a request arrives for an upstream host that is currently serving at its max capacity, linear probing
// is used to identify an eligible host. Further, the linear probe is implemented using a random jump in hosts ring/table to identify
// the eligible host (this technique is as described in the paper https://arxiv.org/abs/1908.08762 - the random jump avoids the
// cascading overflow effect when choosing the next host in the ring/table).
//
// If weights are specified on the hosts, they are respected.
//
// This is an O(N) algorithm, unlike other load balancers. Using a lower ``hash_balance_factor`` results in more hosts
// being probed, so use a higher value if you require better performance.
google.protobuf.UInt32Value hash_balance_factor = 2 [(validate.rules).uint32 = {gte: 100}];
}

9
xds/third_party/envoy/src/main/proto/envoy/extensions/load_balancing_policies/least_request/v3/least_request.proto vendored
View File

@ -2,8 +2,8 @@ syntax = "proto3";
package envoy.extensions.load_balancing_policies.least_request.v3;
import "envoy/config/cluster/v3/cluster.proto";
import "envoy/config/core/v3/base.proto";
import "envoy/extensions/load_balancing_policies/common/v3/common.proto";
import "google/protobuf/wrappers.proto";
@ -17,11 +17,11 @@ option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/loa
option (udpa.annotations.file_status).package_version_status = ACTIVE;
// [#protodoc-title: Least Request Load Balancing Policy]
// [#extension: envoy.load_balancing_policies.least_request]
// This configuration allows the built-in LEAST_REQUEST LB policy to be configured via the LB policy
// extension point. See the :ref:`load balancing architecture overview
// <arch_overview_load_balancing_types>` for more information.
// [#extension: envoy.clusters.lb_policy]
message LeastRequest {
// The number of random healthy hosts from which the host with the fewest active requests will
// be chosen. Defaults to 2 so that we perform two-choice selection if the field is not set.
@ -54,5 +54,8 @@ message LeastRequest {
// Configuration for slow start mode.
// If this configuration is not set, slow start will not be not enabled.
config.cluster.v3.Cluster.SlowStartConfig slow_start_config = 3;
common.v3.SlowStartConfig slow_start_config = 3;
// Configuration for local zone aware load balancing or locality weighted load balancing.
common.v3.LocalityLbConfig locality_lb_config = 4;
}

30
xds/third_party/envoy/src/main/proto/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.proto vendored
View File

@ -2,8 +2,11 @@ syntax = "proto3";
package envoy.extensions.load_balancing_policies.ring_hash.v3;
import "envoy/extensions/load_balancing_policies/common/v3/common.proto";
import "google/protobuf/wrappers.proto";
import "envoy/annotations/deprecation.proto";
import "udpa/annotations/status.proto";
import "validate/validate.proto";
@ -14,12 +17,12 @@ option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/loa
option (udpa.annotations.file_status).package_version_status = ACTIVE;
// [#protodoc-title: Ring Hash Load Balancing Policy]
// [#extension: envoy.load_balancing_policies.ring_hash]
// This configuration allows the built-in RING_HASH LB policy to be configured via the LB policy
// extension point. See the :ref:`load balancing architecture overview
// <arch_overview_load_balancing_types>` for more information.
// [#extension: envoy.clusters.lb_policy]
// [#next-free-field: 6]
// [#next-free-field: 8]
message RingHash {
// The hash function used to hash hosts onto the ketama ring.
enum HashFunction {
@ -52,7 +55,12 @@ message RingHash {
// If set to `true`, the cluster will use hostname instead of the resolved
// address as the key to consistently hash to an upstream host. Only valid for StrictDNS clusters with hostnames which resolve to a single IP address.
bool use_hostname_for_hashing = 4;
//
// ..note::
// This is deprecated and please use :ref:`consistent_hashing_lb_config
// <envoy_v3_api_field_extensions.load_balancing_policies.ring_hash.v3.RingHash.consistent_hashing_lb_config>` instead.
bool use_hostname_for_hashing = 4
[deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
// Configures percentage of average cluster load to bound per upstream host. For example, with a value of 150
// no upstream host will get a load more than 1.5 times the average load of all the hosts in the cluster.
@ -70,5 +78,19 @@ message RingHash {
//
// This is an O(N) algorithm, unlike other load balancers. Using a lower `hash_balance_factor` results in more hosts
// being probed, so use a higher value if you require better performance.
google.protobuf.UInt32Value hash_balance_factor = 5 [(validate.rules).uint32 = {gte: 100}];
//
// ..note::
// This is deprecated and please use :ref:`consistent_hashing_lb_config
// <envoy_v3_api_field_extensions.load_balancing_policies.ring_hash.v3.RingHash.consistent_hashing_lb_config>` instead.
google.protobuf.UInt32Value hash_balance_factor = 5 [
deprecated = true,
(validate.rules).uint32 = {gte: 100},
(envoy.annotations.deprecated_at_minor_version) = "3.0"
];
// Common configuration for hashing-based load balancing policies.
common.v3.ConsistentHashingLbConfig consistent_hashing_lb_config = 6;
// Enable locality weighted load balancing for ring hash lb explicitly.
common.v3.LocalityLbConfig.LocalityWeightedLbConfig locality_weighted_lb_config = 7;
}

10
xds/third_party/envoy/src/main/proto/envoy/extensions/load_balancing_policies/round_robin/v3/round_robin.proto vendored
View File

@ -2,10 +2,9 @@ syntax = "proto3";
package envoy.extensions.load_balancing_policies.round_robin.v3;
import "envoy/config/cluster/v3/cluster.proto";
import "envoy/extensions/load_balancing_policies/common/v3/common.proto";
import "udpa/annotations/status.proto";
import "validate/validate.proto";
option java_package = "io.envoyproxy.envoy.extensions.load_balancing_policies.round_robin.v3";
option java_outer_classname = "RoundRobinProto";
@ -14,13 +13,16 @@ option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/loa
option (udpa.annotations.file_status).package_version_status = ACTIVE;
// [#protodoc-title: Round Robin Load Balancing Policy]
// [#extension: envoy.load_balancing_policies.round_robin]
// This configuration allows the built-in ROUND_ROBIN LB policy to be configured via the LB policy
// extension point. See the :ref:`load balancing architecture overview
// <arch_overview_load_balancing_types>` for more information.
// [#extension: envoy.clusters.lb_policy]
message RoundRobin {
// Configuration for slow start mode.
// If this configuration is not set, slow start will not be not enabled.
config.cluster.v3.Cluster.SlowStartConfig slow_start_config = 1;
common.v3.SlowStartConfig slow_start_config = 1;
// Configuration for local zone aware load balancing or locality weighted load balancing.
common.v3.LocalityLbConfig locality_lb_config = 2;
}

2
xds/third_party/envoy/src/main/proto/envoy/extensions/load_balancing_policies/wrr_locality/v3/wrr_locality.proto vendored
View File

@ -14,10 +14,10 @@ option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/loa
option (udpa.annotations.file_status).package_version_status = ACTIVE;
// [#protodoc-title: Weighted Round Robin Locality-Picking Load Balancing Policy]
// [#not-implemented-hide:]
// Configuration for the wrr_locality LB policy. See the :ref:`load balancing architecture overview
// <arch_overview_load_balancing_types>` for more information.
// [#extension: envoy.clusters.lb_policy]
message WrrLocality {
// The child LB policy to create for endpoint-picking within the chosen locality.
config.cluster.v3.LoadBalancingPolicy endpoint_picking_policy = 1

62
xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/common.proto vendored
View File

@ -45,6 +45,13 @@ message TlsParameters {
}
// Minimum TLS protocol version. By default, it's ``TLSv1_2`` for both clients and servers.
//
// TLS protocol versions below TLSv1_2 require setting compatible ciphers with the
// ``cipher_suites`` setting as the default ciphers no longer include compatible ciphers.
//
// .. attention::
//
// Using TLS protocol versions below TLSv1_2 has serious security considerations and risks.
TlsProtocol tls_minimum_protocol_version = 1 [(validate.rules).enum = {defined_only: true}];
// Maximum TLS protocol version. By default, it's ``TLSv1_2`` for clients and ``TLSv1_3`` for
@ -142,24 +149,24 @@ message TlsCertificate {
// The TLS certificate chain.
//
// If *certificate_chain* is a filesystem path, a watch will be added to the
// If ``certificate_chain`` is a filesystem path, a watch will be added to the
// parent directory for any file moves to support rotation. This currently
// only applies to dynamic secrets, when the *TlsCertificate* is delivered via
// only applies to dynamic secrets, when the ``TlsCertificate`` is delivered via
// SDS.
config.core.v3.DataSource certificate_chain = 1;
// The TLS private key.
//
// If *private_key* is a filesystem path, a watch will be added to the parent
// If ``private_key`` is a filesystem path, a watch will be added to the parent
// directory for any file moves to support rotation. This currently only
// applies to dynamic secrets, when the *TlsCertificate* is delivered via SDS.
// applies to dynamic secrets, when the ``TlsCertificate`` is delivered via SDS.
config.core.v3.DataSource private_key = 2 [(udpa.annotations.sensitive) = true];
// `Pkcs12` data containing TLS certificate, chain, and private key.
// ``Pkcs12`` data containing TLS certificate, chain, and private key.
//
// If *pkcs12* is a filesystem path, the file will be read, but no watch will
// be added to the parent directory, since *pkcs12* isn't used by SDS.
// This field is mutually exclusive with *certificate_chain*, *private_key* and *private_key_provider*.
// If ``pkcs12`` is a filesystem path, the file will be read, but no watch will
// be added to the parent directory, since ``pkcs12`` isn't used by SDS.
// This field is mutually exclusive with ``certificate_chain``, ``private_key`` and ``private_key_provider``.
// This can't be marked as ``oneof`` due to API compatibility reasons. Setting
// both :ref:`private_key <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>`,
// :ref:`certificate_chain <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.certificate_chain>`,
@ -167,17 +174,17 @@ message TlsCertificate {
// and :ref:`pkcs12 <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.pkcs12>`
// fields will result in an error. Use :ref:`password
// <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.password>`
// to specify the password to unprotect the `PKCS12` data, if necessary.
// to specify the password to unprotect the ``PKCS12`` data, if necessary.
config.core.v3.DataSource pkcs12 = 8 [(udpa.annotations.sensitive) = true];
// If specified, updates of file-based *certificate_chain* and *private_key*
// If specified, updates of file-based ``certificate_chain`` and ``private_key``
// sources will be triggered by this watch. The certificate/key pair will be
// read together and validated for atomic read consistency (i.e. no
// intervening modification occurred between cert/key read, verified by file
// hash comparisons). This allows explicit control over the path watched, by
// default the parent directories of the filesystem paths in
// *certificate_chain* and *private_key* are watched if this field is not
// specified. This only applies when a *TlsCertificate* is delivered by SDS
// ``certificate_chain`` and ``private_key`` are watched if this field is not
// specified. This only applies when a ``TlsCertificate`` is delivered by SDS
// with references to filesystem paths. See the :ref:`SDS key rotation
// <sds_key_rotation>` documentation for further details.
config.core.v3.WatchedDirectory watched_directory = 7;
@ -320,12 +327,16 @@ message CertificateValidationContext {
// See :ref:`the TLS overview <arch_overview_ssl_enabling_verification>` for a list of common
// system CA locations.
//
// If *trusted_ca* is a filesystem path, a watch will be added to the parent
// If ``trusted_ca`` is a filesystem path, a watch will be added to the parent
// directory for any file moves to support rotation. This currently only
// applies to dynamic secrets, when the *CertificateValidationContext* is
// applies to dynamic secrets, when the ``CertificateValidationContext`` is
// delivered via SDS.
//
// Only one of *trusted_ca* and *ca_certificate_provider_instance* may be specified.
// X509_V_FLAG_PARTIAL_CHAIN is set by default, so non-root/intermediate ca certificate in ``trusted_ca``
// can be treated as trust anchor as well. It allows verification with building valid partial chain instead
// of a full chain.
//
// Only one of ``trusted_ca`` and ``ca_certificate_provider_instance`` may be specified.
//
// [#next-major-version: This field and watched_directory below should ideally be moved into a
// separate sub-message, since there's no point in specifying the latter field without this one.]
@ -334,16 +345,16 @@ message CertificateValidationContext {
// Certificate provider instance for fetching TLS certificates.
//
// Only one of *trusted_ca* and *ca_certificate_provider_instance* may be specified.
// Only one of ``trusted_ca`` and ``ca_certificate_provider_instance`` may be specified.
// [#not-implemented-hide:]
CertificateProviderPluginInstance ca_certificate_provider_instance = 13
[(udpa.annotations.field_migrate).oneof_promotion = "ca_cert_source"];
// If specified, updates of a file-based *trusted_ca* source will be triggered
// If specified, updates of a file-based ``trusted_ca`` source will be triggered
// by this watch. This allows explicit control over the path watched, by
// default the parent directory of the filesystem path in *trusted_ca* is
// default the parent directory of the filesystem path in ``trusted_ca`` is
// watched if this field is not specified. This only applies when a
// *CertificateValidationContext* is delivered by SDS with references to
// ``CertificateValidationContext`` is delivered by SDS with references to
// filesystem paths. See the :ref:`SDS key rotation <sds_key_rotation>`
// documentation for further details.
config.core.v3.WatchedDirectory watched_directory = 11;
@ -477,10 +488,13 @@ message CertificateValidationContext {
// certificate chain will be subject to validation by :ref:`CRL <envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.crl>`.
bool only_verify_leaf_cert_crl = 14;
// Config for the max number of intermediate certificates in chain that are parsed during verification.
// This does not include the leaf certificate. If configured, and the certificate chain is longer than allowed, the certificates
// above the limit are ignored, and certificate validation will fail. The default limit is 100,
// though this can be system-dependent.
// https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_verify_depth.html
// Defines maximum depth of a certificate chain accepted in verification, the default limit is 100, though this can be system-dependent.
// This number does not include the leaf, so a depth of 1 allows the leaf and one CA certificate. If a trusted issuer appears in the chain,
// but in a depth larger than configured, the certificate validation will fail.
// See `BoringSSL SSL_CTX_set_verify_depth <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#SSL_CTX_set_verify_depth>`
// If you use OpenSSL, its behavior is different from BoringSSL, this will define a limit on the number of certificates between the end-entity and trust-anchor certificates.
// Neither the end-entity nor the trust-anchor certificates count against depth.
// See `OpenSSL SSL set_verify_depth <https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_verify_depth.html>`_.
// Trusted issues are specified by setting :ref:`trusted_ca <envoy_v3_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.trusted_ca>`
google.protobuf.UInt32Value max_verify_depth = 16 [(validate.rules).uint32 = {lte: 100}];
}

33
xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/tls.proto vendored
View File

@ -55,7 +55,7 @@ message UpstreamTlsContext {
google.protobuf.UInt32Value max_session_keys = 4;
}
// [#next-free-field: 9]
// [#next-free-field: 10]
message DownstreamTlsContext {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.auth.DownstreamTlsContext";
@ -123,6 +123,11 @@ message DownstreamTlsContext {
// an accompanying OCSP response or if the response expires at runtime.
// Defaults to LENIENT_STAPLING
OcspStaplePolicy ocsp_staple_policy = 8 [(validate.rules).enum = {defined_only: true}];
// Multiple certificates are allowed in Downstream transport socket to serve different SNI.
// If the client provides SNI but no such cert matched, it will decide to full scan certificates or not based on this config.
// Defaults to false. See more details in :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>`.
google.protobuf.BoolValue full_scan_certs_on_sni_mismatch = 9;
}
// TLS key log configuration.
@ -210,13 +215,13 @@ message CommonTlsContext {
[(validate.rules).message = {required: true}];
// Certificate provider for fetching CA certs. This will populate the
// *default_validation_context.trusted_ca* field.
// ``default_validation_context.trusted_ca`` field.
// [#not-implemented-hide:]
CertificateProvider validation_context_certificate_provider = 3
[deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
// Certificate provider instance for fetching CA certs. This will populate the
// *default_validation_context.trusted_ca* field.
// ``default_validation_context.trusted_ca`` field.
// [#not-implemented-hide:]
CertificateProviderInstance validation_context_certificate_provider_instance = 4
[deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
@ -227,15 +232,12 @@ message CommonTlsContext {
// TLS protocol versions, cipher suites etc.
TlsParameters tls_params = 1;
// Only a single TLS certificate is supported in client contexts. In server contexts,
// :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>` can be associated with the
// same context to allow both RSA and ECDSA certificates.
// same context to allow both RSA and ECDSA certificates and support SNI-based selection.
//
// Only a single TLS certificate is supported in client contexts. In server contexts, the first
// RSA certificate is used for clients that only support RSA and the first ECDSA certificate is
// used for clients that support ECDSA.
//
// Only one of *tls_certificates*, *tls_certificate_sds_secret_configs*,
// and *tls_certificate_provider_instance* may be used.
// Only one of ``tls_certificates``, ``tls_certificate_sds_secret_configs``,
// and ``tls_certificate_provider_instance`` may be used.
// [#next-major-version: These mutually exclusive fields should ideally be in a oneof, but it's
// not legal to put a repeated field in a oneof. In the next major version, we should rework
// this to avoid this problem.]
@ -247,18 +249,17 @@ message CommonTlsContext {
// The same number and types of certificates as :ref:`tls_certificates <envoy_v3_api_field_extensions.transport_sockets.tls.v3.CommonTlsContext.tls_certificates>`
// are valid in the the certificates fetched through this setting.
//
// Only one of *tls_certificates*, *tls_certificate_sds_secret_configs*,
// and *tls_certificate_provider_instance* may be used.
// Only one of ``tls_certificates``, ``tls_certificate_sds_secret_configs``,
// and ``tls_certificate_provider_instance`` may be used.
// [#next-major-version: These mutually exclusive fields should ideally be in a oneof, but it's
// not legal to put a repeated field in a oneof. In the next major version, we should rework
// this to avoid this problem.]
repeated SdsSecretConfig tls_certificate_sds_secret_configs = 6
[(validate.rules).repeated = {max_items: 2}];
repeated SdsSecretConfig tls_certificate_sds_secret_configs = 6;
// Certificate provider instance for fetching TLS certs.
//
// Only one of *tls_certificates*, *tls_certificate_sds_secret_configs*,
// and *tls_certificate_provider_instance* may be used.
// Only one of ``tls_certificates``, ``tls_certificate_sds_secret_configs``,
// and ``tls_certificate_provider_instance`` may be used.
// [#not-implemented-hide:]
CertificateProviderPluginInstance tls_certificate_provider_instance = 14;

34
xds/third_party/envoy/src/main/proto/envoy/service/discovery/v3/discovery.proto vendored
View File

@ -68,12 +68,12 @@ message DiscoveryRequest {
repeated string resource_names = 3;
// [#not-implemented-hide:]
// Alternative to *resource_names* field that allows specifying dynamic
// Alternative to ``resource_names`` field that allows specifying dynamic
// parameters along with each resource name. Clients that populate this
// field must be able to handle responses from the server where resources
// are wrapped in a Resource message.
// Note that it is legal for a request to have some resources listed
// in *resource_names* and others in *resource_locators*.
// in ``resource_names`` and others in ``resource_locators``.
repeated ResourceLocator resource_locators = 7;
// Type of the resource that is being requested, e.g.
@ -90,7 +90,7 @@ message DiscoveryRequest {
string response_nonce = 5;
// This is populated when the previous :ref:`DiscoveryResponse <envoy_v3_api_msg_service.discovery.v3.DiscoveryResponse>`
// failed to update configuration. The *message* field in *error_details* provides the Envoy
// failed to update configuration. The ``message`` field in ``error_details`` provides the Envoy
// internal exception related to the failure. It is only intended for consumption during manual
// debugging, the string provided is not guaranteed to be stable across Envoy versions.
google.rpc.Status error_detail = 6;
@ -180,9 +180,9 @@ message DeltaDiscoveryRequest {
config.core.v3.Node node = 1;
// Type of the resource that is being requested, e.g.
// "type.googleapis.com/envoy.api.v2.ClusterLoadAssignment". This does not need to be set if
// resources are only referenced via *xds_resource_subscribe* and
// *xds_resources_unsubscribe*.
// ``type.googleapis.com/envoy.api.v2.ClusterLoadAssignment``. This does not need to be set if
// resources are only referenced via ``xds_resource_subscribe`` and
// ``xds_resources_unsubscribe``.
string type_url = 2;
// DeltaDiscoveryRequests allow the client to add or remove individual
@ -212,17 +212,17 @@ message DeltaDiscoveryRequest {
repeated string resource_names_unsubscribe = 4;
// [#not-implemented-hide:]
// Alternative to *resource_names_subscribe* field that allows specifying dynamic parameters
// Alternative to ``resource_names_subscribe`` field that allows specifying dynamic parameters
// along with each resource name.
// Note that it is legal for a request to have some resources listed
// in *resource_names_subscribe* and others in *resource_locators_subscribe*.
// in ``resource_names_subscribe`` and others in ``resource_locators_subscribe``.
repeated ResourceLocator resource_locators_subscribe = 8;
// [#not-implemented-hide:]
// Alternative to *resource_names_unsubscribe* field that allows specifying dynamic parameters
// Alternative to ``resource_names_unsubscribe`` field that allows specifying dynamic parameters
// along with each resource name.
// Note that it is legal for a request to have some resources listed
// in *resource_names_unsubscribe* and others in *resource_locators_unsubscribe*.
// in ``resource_names_unsubscribe`` and others in ``resource_locators_unsubscribe``.
repeated ResourceLocator resource_locators_unsubscribe = 9;
// Informs the server of the versions of the resources the xDS client knows of, to enable the
@ -242,7 +242,7 @@ message DeltaDiscoveryRequest {
string response_nonce = 6;
// This is populated when the previous :ref:`DiscoveryResponse <envoy_v3_api_msg_service.discovery.v3.DiscoveryResponse>`
// failed to update configuration. The *message* field in *error_details*
// failed to update configuration. The ``message`` field in ``error_details``
// provides the Envoy internal exception related to the failure.
google.rpc.Status error_detail = 7;
}
@ -332,7 +332,7 @@ message DynamicParameterConstraints {
}
}
// [#next-free-field: 9]
// [#next-free-field: 10]
message Resource {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.Resource";
@ -346,13 +346,13 @@ message Resource {
}
// The resource's name, to distinguish it from others of the same type of resource.
// Only one of *name* or *resource_name* may be set.
// Only one of ``name`` or ``resource_name`` may be set.
string name = 3;
// Alternative to the *name* field, to be used when the server supports
// Alternative to the ``name`` field, to be used when the server supports
// multiple variants of the named resource that are differentiated by
// dynamic parameter constraints.
// Only one of *name* or *resource_name* may be set.
// Only one of ``name`` or ``resource_name`` may be set.
ResourceName resource_name = 8;
// The aliases are a list of other names that this resource can go by.
@ -383,4 +383,8 @@ message Resource {
// Cache control properties for the resource.
// [#not-implemented-hide:]
CacheControl cache_control = 7;
// The Metadata field can be used to provide additional information for the resource.
// E.g. the trace data for debugging.
config.core.v3.Metadata metadata = 9;
}

12
xds/third_party/envoy/src/main/proto/envoy/service/load_stats/v3/lrs.proto vendored
View File

@ -17,7 +17,7 @@ option go_package = "github.com/envoyproxy/go-control-plane/envoy/service/load_s
option java_generic_services = true;
option (udpa.annotations.file_status).package_version_status = ACTIVE;
// [#protodoc-title: Load Reporting service (LRS)]
// [#protodoc-title: Load reporting service (LRS)]
// Load Reporting Service is an Envoy API to emit load reports. Envoy will initiate a bi-directional
// stream with a management server. Upon connecting, the management server can send a
@ -79,7 +79,7 @@ message LoadStatsResponse {
"envoy.service.load_stats.v2.LoadStatsResponse";
// Clusters to report stats for.
// Not populated if *send_all_clusters* is true.
// Not populated if ``send_all_clusters`` is true.
repeated string clusters = 1;
// If true, the client should send all clusters it knows about.
@ -90,14 +90,14 @@ message LoadStatsResponse {
// The minimum interval of time to collect stats over. This is only a minimum for two reasons:
//
// 1. There may be some delay from when the timer fires until stats sampling occurs.
// 2. For clusters that were already feature in the previous *LoadStatsResponse*, any traffic
// that is observed in between the corresponding previous *LoadStatsRequest* and this
// *LoadStatsResponse* will also be accumulated and billed to the cluster. This avoids a period
// 2. For clusters that were already feature in the previous ``LoadStatsResponse``, any traffic
// that is observed in between the corresponding previous ``LoadStatsRequest`` and this
// ``LoadStatsResponse`` will also be accumulated and billed to the cluster. This avoids a period
// of inobservability that might otherwise exists between the messages. New clusters are not
// subject to this consideration.
google.protobuf.Duration load_reporting_interval = 2;
// Set to *true* if the management server supports endpoint granularity
// Set to ``true`` if the management server supports endpoint granularity
// report.
bool report_endpoint_granularity = 3;
}

4
xds/third_party/envoy/src/main/proto/envoy/service/status/v3/csds.proto vendored
View File

@ -2,7 +2,7 @@ syntax = "proto3";
package envoy.service.status.v3;
import "envoy/admin/v3/config_dump.proto";
import "envoy/admin/v3/config_dump_shared.proto";
import "envoy/config/core/v3/base.proto";
import "envoy/type/matcher/v3/node.proto";
@ -21,7 +21,7 @@ option go_package = "github.com/envoyproxy/go-control-plane/envoy/service/status
option java_generic_services = true;
option (udpa.annotations.file_status).package_version_status = ACTIVE;
// [#protodoc-title: Client Status Discovery Service (CSDS)]
// [#protodoc-title: Client status discovery service (CSDS)]
// CSDS is Client Status Discovery Service. It can be used to get the status of
// an xDS-compliant client from the management server's point of view. It can

8
xds/third_party/envoy/src/main/proto/envoy/type/http/v3/path_transformation.proto vendored
View File

@ -34,10 +34,10 @@ message PathTransformation {
}
// Determines if adjacent slashes are merged into one. A common use case is for a request path
// header. Using this option in `:ref: PathNormalizationOptions
// <envoy_v3_api_msg_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.PathNormalizationOptions>`
// will allow incoming requests with path `//dir///file` to match against route with `prefix`
// match set to `/dir`. When using for header transformations, note that slash merging is not
// header. Using this option in ``:ref: PathNormalizationOptions
// <envoy_v3_api_msg_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.PathNormalizationOptions>``
// will allow incoming requests with path ``//dir///file`` to match against route with ``prefix``
// match set to ``/dir``. When using for header transformations, note that slash merging is not
// part of `HTTP spec <https://tools.ietf.org/html/rfc3986>`_ and is provided for convenience.
message MergeSlashes {
}

8
xds/third_party/envoy/src/main/proto/envoy/type/matcher/regex.proto vendored
View File

@ -21,11 +21,11 @@ message RegexMatcher {
// the documented `syntax <https://github.com/google/re2/wiki/Syntax>`_. The engine is designed
// to complete execution in linear time as well as limit the amount of memory used.
//
// Envoy supports program size checking via runtime. The runtime keys `re2.max_program_size.error_level`
// and `re2.max_program_size.warn_level` can be set to integers as the maximum program size or
// Envoy supports program size checking via runtime. The runtime keys ``re2.max_program_size.error_level``
// and ``re2.max_program_size.warn_level`` can be set to integers as the maximum program size or
// complexity that a compiled regex can have before an exception is thrown or a warning is
// logged, respectively. `re2.max_program_size.error_level` defaults to 100, and
// `re2.max_program_size.warn_level` has no default if unset (will not check/log a warning).
// logged, respectively. ``re2.max_program_size.error_level`` defaults to 100, and
// ``re2.max_program_size.warn_level`` has no default if unset (will not check/log a warning).
//
// Envoy emits two stats for tracking the program size of regexes: the histogram `re2.program_size`,
// which records the program size, and the counter `re2.exceeded_warn_level`, which is incremented

29
xds/third_party/envoy/src/main/proto/envoy/type/matcher/v3/filter_state.proto vendored Normal file
View File

@ -0,0 +1,29 @@
syntax = "proto3";
package envoy.type.matcher.v3;
import "envoy/type/matcher/v3/string.proto";
import "udpa/annotations/status.proto";
import "validate/validate.proto";
option java_package = "io.envoyproxy.envoy.type.matcher.v3";
option java_outer_classname = "FilterStateProto";
option java_multiple_files = true;
option go_package = "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3;matcherv3";
option (udpa.annotations.file_status).package_version_status = ACTIVE;
// [#protodoc-title: Filter state matcher]
// FilterStateMatcher provides a general interface for matching the filter state objects.
message FilterStateMatcher {
// The filter state key to retrieve the object.
string key = 1 [(validate.rules).string = {min_len: 1}];
oneof matcher {
option (validate.required) = true;
// Matches the filter state object as a string value.
StringMatcher string_match = 2;
}
}

4
xds/third_party/envoy/src/main/proto/envoy/type/matcher/v3/path.proto vendored
View File

@ -23,9 +23,9 @@ message PathMatcher {
oneof rule {
option (validate.required) = true;
// The `path` must match the URL path portion of the :path header. The query and fragment
// The ``path`` must match the URL path portion of the :path header. The query and fragment
// string (if present) are removed in the URL path portion.
// For example, the path */data* will match the *:path* header */data#fragment?param=value*.
// For example, the path ``/data`` will match the ``:path`` header ``/data#fragment?param=value``.
StringMatcher path = 1 [(validate.rules).message = {required: true}];
}
}

23
xds/third_party/envoy/src/main/proto/envoy/type/matcher/v3/regex.proto vendored
View File

@ -25,14 +25,14 @@ message RegexMatcher {
// the documented `syntax <https://github.com/google/re2/wiki/Syntax>`_. The engine is designed
// to complete execution in linear time as well as limit the amount of memory used.
//
// Envoy supports program size checking via runtime. The runtime keys `re2.max_program_size.error_level`
// and `re2.max_program_size.warn_level` can be set to integers as the maximum program size or
// Envoy supports program size checking via runtime. The runtime keys ``re2.max_program_size.error_level``
// and ``re2.max_program_size.warn_level`` can be set to integers as the maximum program size or
// complexity that a compiled regex can have before an exception is thrown or a warning is
// logged, respectively. `re2.max_program_size.error_level` defaults to 100, and
// `re2.max_program_size.warn_level` has no default if unset (will not check/log a warning).
// logged, respectively. ``re2.max_program_size.error_level`` defaults to 100, and
// ``re2.max_program_size.warn_level`` has no default if unset (will not check/log a warning).
//
// Envoy emits two stats for tracking the program size of regexes: the histogram `re2.program_size`,
// which records the program size, and the counter `re2.exceeded_warn_level`, which is incremented
// Envoy emits two stats for tracking the program size of regexes: the histogram ``re2.program_size``,
// which records the program size, and the counter ``re2.exceeded_warn_level``, which is incremented
// each time the program size exceeds the warn level threshold.
message GoogleRE2 {
option (udpa.annotations.versioning).previous_message_type =
@ -56,10 +56,12 @@ message RegexMatcher {
}
oneof engine_type {
option (validate.required) = true;
// Google's RE2 regex engine.
GoogleRE2 google_re2 = 1 [(validate.rules).message = {required: true}];
GoogleRE2 google_re2 = 1 [
deprecated = true,
(validate.rules).message = {required: true},
(envoy.annotations.deprecated_at_minor_version) = "3.0"
];
}
// The regex match string. The string must be supported by the configured engine. The regex is matched
@ -93,5 +95,6 @@ message RegexMatchAndSubstitute {
// backslash followed by the capture group number to denote a numbered
// capture group. E.g., ``\1`` refers to capture group 1, and ``\2`` refers
// to capture group 2.
string substitution = 2;
string substitution = 2
[(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}];
}

10
xds/third_party/envoy/src/main/proto/envoy/type/matcher/v3/string.proto vendored
View File

@ -32,7 +32,7 @@ message StringMatcher {
//
// Examples:
//
// * *abc* only matches the value *abc*.
// * ``abc`` only matches the value ``abc``.
string exact = 1;
// The input string must have the prefix specified here.
@ -40,7 +40,7 @@ message StringMatcher {
//
// Examples:
//
// * *abc* matches the value *abc.xyz*
// * ``abc`` matches the value ``abc.xyz``
string prefix = 2 [(validate.rules).string = {min_len: 1}];
// The input string must have the suffix specified here.
@ -48,7 +48,7 @@ message StringMatcher {
//
// Examples:
//
// * *abc* matches the value *xyz.abc*
// * ``abc`` matches the value ``xyz.abc``
string suffix = 3 [(validate.rules).string = {min_len: 1}];
// The input string must match the regular expression specified here.
@ -59,13 +59,13 @@ message StringMatcher {
//
// Examples:
//
// * *abc* matches the value *xyz.abc.def*
// * ``abc`` matches the value ``xyz.abc.def``
string contains = 7 [(validate.rules).string = {min_len: 1}];
}
// If true, indicates the exact/prefix/suffix/contains matching should be case insensitive. This
// has no effect for the safe_regex match.
// For example, the matcher *data* will match both input string *Data* and *data* if set to true.
// For example, the matcher ``data`` will match both input string ``Data`` and ``data`` if set to true.
bool ignore_case = 6;
}

2
xds/third_party/envoy/src/main/proto/envoy/type/matcher/v3/struct.proto vendored
View File

@ -17,7 +17,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
// [#protodoc-title: Struct matcher]
// StructMatcher provides a general interface to check if a given value is matched in
// google.protobuf.Struct. It uses `path` to retrieve the value
// google.protobuf.Struct. It uses ``path`` to retrieve the value
// from the struct and then check if it's matched to the specified value.
//
// For example, for the following Struct:

2
xds/third_party/envoy/src/main/proto/envoy/type/metadata/v3/metadata.proto vendored
View File

@ -14,7 +14,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
// [#protodoc-title: Metadata]
// MetadataKey provides a general interface using `key` and `path` to retrieve value from
// MetadataKey provides a general interface using ``key`` and ``path`` to retrieve value from
// :ref:`Metadata <envoy_v3_api_msg_config.core.v3.Metadata>`.
//
// For example, for the following Metadata:

2
xds/third_party/envoy/src/main/proto/envoy/type/v3/semantic_version.proto vendored
View File

@ -11,7 +11,7 @@ option java_multiple_files = true;
option go_package = "github.com/envoyproxy/go-control-plane/envoy/type/v3;typev3";
option (udpa.annotations.file_status).package_version_status = ACTIVE;
// [#protodoc-title: Semantic Version]
// [#protodoc-title: Semantic version]
// Envoy uses SemVer (https://semver.org/). Major/minor versions indicate
// expected behaviors and APIs, the patch version field is used only