Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
200 lines (173 sloc) 8.94 KB
syntax = "proto3";
package envoy.config.filter.network.tcp_proxy.v2;
option java_outer_classname = "TcpProxyProto";
option java_multiple_files = true;
option java_package = "io.envoyproxy.envoy.config.filter.network.tcp_proxy.v2";
option go_package = "v2";
import "envoy/config/filter/accesslog/v2/accesslog.proto";
import "envoy/api/v2/core/address.proto";
import "envoy/api/v2/core/base.proto";
import "google/protobuf/duration.proto";
import "google/protobuf/wrappers.proto";
import "validate/validate.proto";
import "gogoproto/gogo.proto";
// [#protodoc-title: TCP Proxy]
// TCP Proxy :ref:`configuration overview <config_network_filters_tcp_proxy>`.
message TcpProxy {
// The prefix to use when emitting :ref:`statistics
// <config_network_filters_tcp_proxy_stats>`.
string stat_prefix = 1 [(validate.rules).string.min_bytes = 1];
oneof cluster_specifier {
option (validate.required) = true;
// The upstream cluster to connect to.
//
// .. note::
//
// Complex routing (based on connection properties) is being implemented in listeners. Once
// fully implemented, this field (or `weighted_clusters`) will be the only way to configure
// the target cluster. In the interim, complex routing requires using a :ref:`deprecated_v1
// <envoy_api_field_config.filter.network.tcp_proxy.v2.TcpProxy.deprecated_v1>` configuration.
// This field is ignored if a `deprecated_v1` configuration is set.
//
string cluster = 2;
// Multiple upstream clusters can be specified for a given route. The
// request is routed to one of the upstream clusters based on weights
// assigned to each cluster.
//
// .. note::
//
// This field is ignored if the :ref:`deprecated_v1
// <envoy_api_field_config.filter.network.tcp_proxy.v2.TcpProxy.deprecated_v1>`
// configuration is set.
WeightedCluster weighted_clusters = 10;
}
// Optional endpoint metadata match criteria. Only endpoints in the upstream
// cluster with metadata matching that set in metadata_match will be
// considered. The filter name should be specified as *envoy.lb*.
envoy.api.v2.core.Metadata metadata_match = 9;
// The idle timeout for connections managed by the TCP proxy filter. The idle timeout
// is defined as the period in which there are no bytes sent or received on either
// the upstream or downstream connection. If not set, connections will never be closed
// by the TCP proxy due to being idle.
google.protobuf.Duration idle_timeout = 8
[(validate.rules).duration.gt = {}, (gogoproto.stdduration) = true];
// [#not-implemented-hide:] The idle timeout for connections managed by the TCP proxy
// filter. The idle timeout is defined as the period in which there is no
// active traffic. If not set, there is no idle timeout. When the idle timeout
// is reached the connection will be closed. The distinction between
// downstream_idle_timeout/upstream_idle_timeout provides a means to set
// timeout based on the last byte sent on the downstream/upstream connection.
google.protobuf.Duration downstream_idle_timeout = 3;
// [#not-implemented-hide:]
google.protobuf.Duration upstream_idle_timeout = 4;
// Configuration for :ref:`access logs <arch_overview_access_logs>`
// emitted by the this tcp_proxy.
repeated envoy.config.filter.accesslog.v2.AccessLog access_log = 5;
// TCP Proxy filter configuration using V1 format, until Envoy gets the
// ability to match source/destination at the listener level (called
// :ref:`filter chain match <envoy_api_msg_listener.FilterChainMatch>`).
message DeprecatedV1 {
// A TCP proxy route consists of a set of optional L4 criteria and the
// name of a cluster. If a downstream connection matches all the
// specified criteria, the cluster in the route is used for the
// corresponding upstream connection. Routes are tried in the order
// specified until a match is found. If no match is found, the connection
// is closed. A route with no criteria is valid and always produces a
// match.
message TCPRoute {
// The cluster to connect to when a the downstream network connection
// matches the specified criteria.
string cluster = 1 [(validate.rules).string.min_bytes = 1];
// An optional list of IP address subnets in the form
// “ip_address/xx”. The criteria is satisfied if the destination IP
// address of the downstream connection is contained in at least one of
// the specified subnets. If the parameter is not specified or the list
// is empty, the destination IP address is ignored. The destination IP
// address of the downstream connection might be different from the
// addresses on which the proxy is listening if the connection has been
// redirected.
repeated envoy.api.v2.core.CidrRange destination_ip_list = 2;
// An optional string containing a comma-separated list of port numbers
// or ranges. The criteria is satisfied if the destination port of the
// downstream connection is contained in at least one of the specified
// ranges. If the parameter is not specified, the destination port is
// ignored. The destination port address of the downstream connection
// might be different from the port on which the proxy is listening if
// the connection has been redirected.
string destination_ports = 3;
// An optional list of IP address subnets in the form
// “ip_address/xx”. The criteria is satisfied if the source IP address
// of the downstream connection is contained in at least one of the
// specified subnets. If the parameter is not specified or the list is
// empty, the source IP address is ignored.
repeated envoy.api.v2.core.CidrRange source_ip_list = 4;
// An optional string containing a comma-separated list of port numbers
// or ranges. The criteria is satisfied if the source port of the
// downstream connection is contained in at least one of the specified
// ranges. If the parameter is not specified, the source port is
// ignored.
string source_ports = 5;
}
// The route table for the filter. All filter instances must have a route
// table, even if it is empty.
repeated TCPRoute routes = 1 [(validate.rules).repeated .min_items = 1];
}
// TCP Proxy filter configuration using deprecated V1 format. This is required for complex
// routing until filter chain matching in the listener is implemented.
//
// Example:
//
// .. code-block:: yaml
//
// - name: "envoy.tcp_proxy"
// config:
// deprecated_v1: true
// value:
// stat_prefix: "prefix"
// access_log:
// - ...
// route_config:
// routes:
// - cluster: "cluster"
// destination_ip_list:
// - "10.1.0.0/8"
// destination_ports: "8080"
// source_ip_list:
// - "10.1.0.0/16"
// - "2001:db8::/32"
// source_ports: "8000,9000-9999"
//
// .. attention::
//
// Using the deprecated V1 configuration excludes the use of any V2 configuration options. Only
// the V1 configuration is used. All available fields are shown in the example, although the
// access log configuration is omitted for simplicity. The access log configuration uses the
// :repo:`deprecated V1 access log configuration<source/common/json/config_schemas.cc>`.
//
// .. attention::
//
// In the deprecated V1 configuration, source and destination CIDR ranges are specified as a
// list of strings with each string in CIDR notation. Source and destination ports are
// specified as single strings containing a comma-separated list of ports and/or port ranges.
//
// Deprecation pending https://github.com/envoyproxy/envoy/issues/4457
DeprecatedV1 deprecated_v1 = 6;
// The maximum number of unsuccessful connection attempts that will be made before
// giving up. If the parameter is not specified, 1 connection attempt will be made.
google.protobuf.UInt32Value max_connect_attempts = 7 [(validate.rules).uint32.gte = 1];
// Allows for specification of multiple upstream clusters along with weights
// that indicate the percentage of traffic to be forwarded to each cluster.
// The router selects an upstream cluster based on these weights.
message WeightedCluster {
message ClusterWeight {
// Name of the upstream cluster.
string name = 1 [(validate.rules).string.min_bytes = 1];
// When a request matches the route, the choice of an upstream cluster is
// determined by its weight. The sum of weights across all entries in the
// clusters array determines the total weight.
uint32 weight = 2 [(validate.rules).uint32.gte = 1];
}
// Specifies one or more upstream clusters associated with the route.
repeated ClusterWeight clusters = 1 [(validate.rules).repeated .min_items = 1];
}
}
You can’t perform that action at this time.