/
cluster.proto
58 lines (49 loc) · 3 KB
/
cluster.proto
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
syntax = "proto3";
package envoy.extensions.clusters.dynamic_forward_proxy.v3;
import "envoy/extensions/common/dynamic_forward_proxy/v3/dns_cache.proto";
import "udpa/annotations/status.proto";
import "udpa/annotations/versioning.proto";
import "validate/validate.proto";
option java_package = "io.envoyproxy.envoy.extensions.clusters.dynamic_forward_proxy.v3";
option java_outer_classname = "ClusterProto";
option java_multiple_files = true;
option go_package = "github.com/envoyproxy/go-control-plane/envoy/extensions/clusters/dynamic_forward_proxy/v3;dynamic_forward_proxyv3";
option (udpa.annotations.file_status).package_version_status = ACTIVE;
// [#protodoc-title: Dynamic forward proxy cluster configuration]
// Configuration for the dynamic forward proxy cluster. See the :ref:`architecture overview
// <arch_overview_http_dynamic_forward_proxy>` for more information.
// [#extension: envoy.clusters.dynamic_forward_proxy]
message ClusterConfig {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.cluster.dynamic_forward_proxy.v2alpha.ClusterConfig";
// The DNS cache configuration that the cluster will attach to. Note this configuration must
// match that of associated :ref:`dynamic forward proxy HTTP filter configuration
// <envoy_v3_api_field_extensions.filters.http.dynamic_forward_proxy.v3.FilterConfig.dns_cache_config>`.
common.dynamic_forward_proxy.v3.DnsCacheConfig dns_cache_config = 1
[(validate.rules).message = {required: true}];
// If true allow the cluster configuration to disable the auto_sni and auto_san_validation options
// in the :ref:`cluster's upstream_http_protocol_options
// <envoy_v3_api_field_config.cluster.v3.Cluster.upstream_http_protocol_options>`
bool allow_insecure_cluster_options = 2;
// [#not-implemented-hide:]
// If true allow HTTP/2 and HTTP/3 connections to be reused for requests to different
// origins than the connection was initially created for. This will only happen when the
// resolved address for the new connection matches the peer address of the connection and
// the TLS certificate is also valid for the new hostname. For example, if a connection
// has previously been established to foo.example.com at IP 1.2.3.4 with a certificate
// that is valid for `*.example.com`, then this connection could be used for requests to
// bar.example.com if that also resolved to 1.2.3.4.
//
// .. note::
// By design, this feature will maximize reuse of connections. This means that instead
// opening a new connection when an existing connection reaches the maximum number of
// concurrent streams, requests will instead be sent to the existing connection.
// TODO(alyssawilk) implement request queueing in connections.
//
// .. note::
// The coalesced connections might be to upstreams that would not be otherwise
// selected by Envoy. See the section `Connection Reuse in RFC 7540
// <https://datatracker.ietf.org/doc/html/rfc7540#section-9.1.1>`_
//
bool allow_coalesced_connections = 3;
}