/
config_source.proto
283 lines (235 loc) · 13.2 KB
/
config_source.proto
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
syntax = "proto3";
package envoy.config.core.v3;
import "envoy/config/core/v3/base.proto";
import "envoy/config/core/v3/extension.proto";
import "envoy/config/core/v3/grpc_service.proto";
import "google/protobuf/any.proto";
import "google/protobuf/duration.proto";
import "google/protobuf/wrappers.proto";
import "xds/core/v3/authority.proto";
import "envoy/annotations/deprecation.proto";
import "udpa/annotations/status.proto";
import "udpa/annotations/versioning.proto";
import "validate/validate.proto";
option java_package = "io.envoyproxy.envoy.config.core.v3";
option java_outer_classname = "ConfigSourceProto";
option java_multiple_files = true;
option go_package = "github.com/envoyproxy/go-control-plane/envoy/config/core/v3;corev3";
option (udpa.annotations.file_status).package_version_status = ACTIVE;
// [#protodoc-title: Configuration sources]
// xDS API and non-xDS services version. This is used to describe both resource and transport
// protocol versions (in distinct configuration fields).
enum ApiVersion {
// When not specified, we assume v2, to ease migration to Envoy's stable API
// versioning. If a client does not support v2 (e.g. due to deprecation), this
// is an invalid value.
AUTO = 0 [deprecated = true, (envoy.annotations.deprecated_at_minor_version_enum) = "3.0"];
// Use xDS v2 API.
V2 = 1 [deprecated = true, (envoy.annotations.deprecated_at_minor_version_enum) = "3.0"];
// Use xDS v3 API.
V3 = 2;
}
// API configuration source. This identifies the API type and cluster that Envoy
// will use to fetch an xDS API.
// [#next-free-field: 10]
message ApiConfigSource {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.ApiConfigSource";
// APIs may be fetched via either REST or gRPC.
enum ApiType {
// Ideally this would be 'reserved 0' but one can't reserve the default
// value. Instead we throw an exception if this is ever used.
DEPRECATED_AND_UNAVAILABLE_DO_NOT_USE = 0
[deprecated = true, (envoy.annotations.disallowed_by_default_enum) = true];
// REST-JSON v2 API. The `canonical JSON encoding
// <https://developers.google.com/protocol-buffers/docs/proto3#json>`_ for
// the v2 protos is used.
REST = 1;
// SotW gRPC service.
GRPC = 2;
// Using the delta xDS gRPC service, i.e. DeltaDiscovery{Request,Response}
// rather than Discovery{Request,Response}. Rather than sending Envoy the entire state
// with every update, the xDS server only sends what has changed since the last update.
DELTA_GRPC = 3;
// SotW xDS gRPC with ADS. All resources which resolve to this configuration source will be
// multiplexed on a single connection to an ADS endpoint.
// [#not-implemented-hide:]
AGGREGATED_GRPC = 5;
// Delta xDS gRPC with ADS. All resources which resolve to this configuration source will be
// multiplexed on a single connection to an ADS endpoint.
// [#not-implemented-hide:]
AGGREGATED_DELTA_GRPC = 6;
}
// API type (gRPC, REST, delta gRPC)
ApiType api_type = 1 [(validate.rules).enum = {defined_only: true}];
// API version for xDS transport protocol. This describes the xDS gRPC/REST
// endpoint and version of [Delta]DiscoveryRequest/Response used on the wire.
ApiVersion transport_api_version = 8 [(validate.rules).enum = {defined_only: true}];
// Cluster names should be used only with REST. If > 1
// cluster is defined, clusters will be cycled through if any kind of failure
// occurs.
//
// .. note::
//
// The cluster with name ``cluster_name`` must be statically defined and its
// type must not be ``EDS``.
repeated string cluster_names = 2;
// Multiple gRPC services be provided for GRPC. If > 1 cluster is defined,
// services will be cycled through if any kind of failure occurs.
repeated GrpcService grpc_services = 4;
// For REST APIs, the delay between successive polls.
google.protobuf.Duration refresh_delay = 3;
// For REST APIs, the request timeout. If not set, a default value of 1s will be used.
google.protobuf.Duration request_timeout = 5 [(validate.rules).duration = {gt {}}];
// For GRPC APIs, the rate limit settings. If present, discovery requests made by Envoy will be
// rate limited.
RateLimitSettings rate_limit_settings = 6;
// Skip the node identifier in subsequent discovery requests for streaming gRPC config types.
bool set_node_on_first_message_only = 7;
// A list of config validators that will be executed when a new update is
// received from the ApiConfigSource. Note that each validator handles a
// specific xDS service type, and only the validators corresponding to the
// type url (in ``:ref: DiscoveryResponse`` or ``:ref: DeltaDiscoveryResponse``)
// will be invoked.
// If the validator returns false or throws an exception, the config will be rejected by
// the client, and a NACK will be sent.
// [#extension-category: envoy.config.validators]
repeated TypedExtensionConfig config_validators = 9;
}
// Aggregated Discovery Service (ADS) options. This is currently empty, but when
// set in :ref:`ConfigSource <envoy_v3_api_msg_config.core.v3.ConfigSource>` can be used to
// specify that ADS is to be used.
message AggregatedConfigSource {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.core.AggregatedConfigSource";
}
// [#not-implemented-hide:]
// Self-referencing config source options. This is currently empty, but when
// set in :ref:`ConfigSource <envoy_v3_api_msg_config.core.v3.ConfigSource>` can be used to
// specify that other data can be obtained from the same server.
message SelfConfigSource {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.SelfConfigSource";
// API version for xDS transport protocol. This describes the xDS gRPC/REST
// endpoint and version of [Delta]DiscoveryRequest/Response used on the wire.
ApiVersion transport_api_version = 1 [(validate.rules).enum = {defined_only: true}];
}
// Rate Limit settings to be applied for discovery requests made by Envoy.
message RateLimitSettings {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.core.RateLimitSettings";
// Maximum number of tokens to be used for rate limiting discovery request calls. If not set, a
// default value of 100 will be used.
google.protobuf.UInt32Value max_tokens = 1;
// Rate at which tokens will be filled per second. If not set, a default fill rate of 10 tokens
// per second will be used.
google.protobuf.DoubleValue fill_rate = 2 [(validate.rules).double = {gt: 0.0}];
}
// Local filesystem path configuration source.
message PathConfigSource {
// Path on the filesystem to source and watch for configuration updates.
// When sourcing configuration for a :ref:`secret <envoy_v3_api_msg_extensions.transport_sockets.tls.v3.Secret>`,
// the certificate and key files are also watched for updates.
//
// .. note::
//
// The path to the source must exist at config load time.
//
// .. note::
//
// If ``watched_directory`` is *not* configured, Envoy will watch the file path for *moves*.
// This is because in general only moves are atomic. The same method of swapping files as is
// demonstrated in the :ref:`runtime documentation <config_runtime_symbolic_link_swap>` can be
// used here also. If ``watched_directory`` is configured, no watch will be placed directly on
// this path. Instead, the configured ``watched_directory`` will be used to trigger reloads of
// this path. This is required in certain deployment scenarios. See below for more information.
string path = 1 [(validate.rules).string = {min_len: 1}];
// If configured, this directory will be watched for *moves*. When an entry in this directory is
// moved to, the ``path`` will be reloaded. This is required in certain deployment scenarios.
//
// Specifically, if trying to load an xDS resource using a
// `Kubernetes ConfigMap <https://kubernetes.io/docs/concepts/configuration/configmap/>`_, the
// following configuration might be used:
// 1. Store xds.yaml inside a ConfigMap.
// 2. Mount the ConfigMap to ``/config_map/xds``
// 3. Configure path ``/config_map/xds/xds.yaml``
// 4. Configure watched directory ``/config_map/xds``
//
// The above configuration will ensure that Envoy watches the owning directory for moves which is
// required due to how Kubernetes manages ConfigMap symbolic links during atomic updates.
WatchedDirectory watched_directory = 2;
}
// Configuration for :ref:`listeners <config_listeners>`, :ref:`clusters
// <config_cluster_manager>`, :ref:`routes
// <envoy_v3_api_msg_config.route.v3.RouteConfiguration>`, :ref:`endpoints
// <arch_overview_service_discovery>` etc. may either be sourced from the
// filesystem or from an xDS API source. Filesystem configs are watched with
// inotify for updates.
// [#next-free-field: 9]
message ConfigSource {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.ConfigSource";
// Authorities that this config source may be used for. An authority specified in a xdstp:// URL
// is resolved to a ``ConfigSource`` prior to configuration fetch. This field provides the
// association between authority name and configuration source.
// [#not-implemented-hide:]
repeated xds.core.v3.Authority authorities = 7;
oneof config_source_specifier {
option (validate.required) = true;
// Deprecated in favor of ``path_config_source``. Use that field instead.
string path = 1 [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];
// Local filesystem path configuration source.
PathConfigSource path_config_source = 8;
// API configuration source.
ApiConfigSource api_config_source = 2;
// When set, ADS will be used to fetch resources. The ADS API configuration
// source in the bootstrap configuration is used.
AggregatedConfigSource ads = 3;
// [#not-implemented-hide:]
// When set, the client will access the resources from the same server it got the
// ConfigSource from, although not necessarily from the same stream. This is similar to the
// :ref:`ads<envoy_v3_api_field.ConfigSource.ads>` field, except that the client may use a
// different stream to the same server. As a result, this field can be used for things
// like LRS that cannot be sent on an ADS stream. It can also be used to link from (e.g.)
// LDS to RDS on the same server without requiring the management server to know its name
// or required credentials.
// [#next-major-version: In xDS v3, consider replacing the ads field with this one, since
// this field can implicitly mean to use the same stream in the case where the ConfigSource
// is provided via ADS and the specified data can also be obtained via ADS.]
SelfConfigSource self = 5;
}
// When this timeout is specified, Envoy will wait no longer than the specified time for first
// config response on this xDS subscription during the :ref:`initialization process
// <arch_overview_initialization>`. After reaching the timeout, Envoy will move to the next
// initialization phase, even if the first config is not delivered yet. The timer is activated
// when the xDS API subscription starts, and is disarmed on first config update or on error. 0
// means no timeout - Envoy will wait indefinitely for the first xDS config (unless another
// timeout applies). The default is 15s.
google.protobuf.Duration initial_fetch_timeout = 4;
// API version for xDS resources. This implies the type URLs that the client
// will request for resources and the resource type that the client will in
// turn expect to be delivered.
ApiVersion resource_api_version = 6 [(validate.rules).enum = {defined_only: true}];
}
// Configuration source specifier for a late-bound extension configuration. The
// parent resource is warmed until all the initial extension configurations are
// received, unless the flag to apply the default configuration is set.
// Subsequent extension updates are atomic on a per-worker basis. Once an
// extension configuration is applied to a request or a connection, it remains
// constant for the duration of processing. If the initial delivery of the
// extension configuration fails, due to a timeout for example, the optional
// default configuration is applied. Without a default configuration, the
// extension is disabled, until an extension configuration is received. The
// behavior of a disabled extension depends on the context. For example, a
// filter chain with a disabled extension filter rejects all incoming streams.
message ExtensionConfigSource {
ConfigSource config_source = 1 [(validate.rules).any = {required: true}];
// Optional default configuration to use as the initial configuration if
// there is a failure to receive the initial extension configuration or if
// ``apply_default_config_without_warming`` flag is set.
google.protobuf.Any default_config = 2;
// Use the default config as the initial configuration without warming and
// waiting for the first discovery response. Requires the default configuration
// to be supplied.
bool apply_default_config_without_warming = 3;
// A set of permitted extension type URLs. Extension configuration updates are rejected
// if they do not match any type URL in the set.
repeated string type_urls = 4 [(validate.rules).repeated = {min_items: 1}];
}