/
pilot.go
233 lines (201 loc) · 9.94 KB
/
pilot.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
// Copyright 2018 Istio Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package pilot
import (
"os"
"strconv"
"time"
"istio.io/istio/pkg/log"
)
var (
// CertDir is the default location for mTLS certificates used by pilot.
// Defaults to /etc/certs, matching k8s template. Can be used if you run pilot
// as a regular user on a VM or test environment.
CertDir = os.Getenv("PILOT_CERT_DIR")
// MaxConcurrentStreams indicates pilot max grpc concurrent streams.
// Default is 100k.
MaxConcurrentStreams = os.Getenv("ISTIO_GPRC_MAXSTREAMS")
// TraceSampling sets mesh-wide trace sampling
// percentage, should be 0.0 - 100.0 Precision to 0.01
// Default is 100%, not recommended for production use.
TraceSampling = os.Getenv("PILOT_TRACE_SAMPLING")
// PushThrottle limits the qps of the actual push. Default is 10 pushes per second.
// On larger machines you can increase this to get faster push.
PushThrottle = os.Getenv("PILOT_PUSH_THROTTLE")
// PushBurst limits the burst of the actual push. Default is 100.
PushBurst = os.Getenv("PILOT_PUSH_BURST")
// DebugConfigs controls saving snapshots of configs for /debug/adsz.
// Defaults to false, can be enabled with PILOT_DEBUG_ADSZ_CONFIG=1
// For larger clusters it can increase memory use and GC - useful for small tests.
DebugConfigs = os.Getenv("PILOT_DEBUG_ADSZ_CONFIG") == "1"
// RefreshDuration is the duration of periodic refresh, in case events or cache invalidation fail.
// Example: "300ms", "10s" or "2h45m".
// Default is 0 (disabled).
RefreshDuration = os.Getenv("V2_REFRESH")
// DebounceAfter is the delay added to events to wait
// after a registry/config event for debouncing.
// This will delay the push by at least this interval, plus
// the time getting subsequent events. If no change is
// detected the push will happen, otherwise we'll keep
// delaying until things settle.
// Default is 100ms, Example: "300ms", "10s" or "2h45m".
DebounceAfter = os.Getenv("PILOT_DEBOUNCE_AFTER")
// DebounceMax is the maximum time to wait for events
// while debouncing. Defaults to 10 seconds. If events keep
// showing up with no break for this time, we'll trigger a push.
// Default is 10s, Example: "300ms", "10s" or "2h45m".
DebounceMax = os.Getenv("PILOT_DEBOUNCE_MAX")
// DisableEDSIsolation provides an option to disable the feature
// of EDS isolation which is enabled by default from Istio 1.1 and
// go back to the legacy behavior of previous releases.
// If not set, Pilot will return the endpoints for a proxy in an isolated namespace.
// Set the environment variable to any value to disable.
DisableEDSIsolation = os.Getenv("PILOT_DISABLE_EDS_ISOLATION")
// AzDebug indicates whether to log service registry az info.
AzDebug = os.Getenv("VERBOSE_AZ_DEBUG") == "1"
// NetworkScopes isolates namespaces, limiting configuration for
// egress and other mesh services to only hosts defined in same namespace or
// 'admin' namespaces. Using services from any other namespaces will require the new NetworkScope
// config. In most cases 'istio-system' should be included. Comma separated (ns1,ns2,istio-system)
NetworkScopes = os.Getenv("DEFAULT_NAMESPACE_DEPENDENCIES")
// BaseDir is the base directory for locating configs.
// File based certificates are located under $BaseDir/etc/certs/. If not set, the original 1.0 locations will
// be used, "/"
BaseDir = "BASE"
// HTTP10 enables the use of HTTP10 in the outbound HTTP listeners, to support legacy applications.
// Will add "accept_http_10" to http outbound listeners. Can also be set only for specific sidecars via meta.
//
// Alpha in 1.1, may become the default or be turned into a Sidecar API or mesh setting. Only applies to namespaces
// where Sidecar is enabled.
HTTP10 = os.Getenv("PILOT_HTTP10") == "1"
// TerminationDrainDuration is the amount of time allowed for connections to complete on pilot-agent shutdown.
// On receiving SIGTERM or SIGINT, pilot-agent tells the active Envoy to start draining,
// preventing any new connections and allowing existing connections to complete. It then
// sleeps for the TerminationDrainDuration and then kills any remaining active Envoy processes.
TerminationDrainDuration = func() time.Duration {
defaultDuration := time.Second * 5
if os.Getenv("TERMINATION_DRAIN_DURATION_SECONDS") == "" {
return defaultDuration
}
duration, err := strconv.Atoi(os.Getenv("TERMINATION_DRAIN_DURATION_SECONDS"))
if err != nil {
log.Warnf("unable to parse env var %v, using default of %v.", os.Getenv("TERMINATION_DRAIN_DURATION_SECONDS"), defaultDuration)
return defaultDuration
}
return time.Second * time.Duration(duration)
}
// EnableCDSPrecomputation provides an option to enable precomputation
// of CDS output for all namespaces at the start of a push cycle.
// While it reduces CPU, it comes at the cost of increased memory usage
EnableCDSPrecomputation = func() bool {
return len(os.Getenv("PILOT_ENABLE_CDS_PRECOMPUTATION")) != 0
}
// EnableLocalityLoadBalancing provides an option to enable the LocalityLoadBalancerSetting feature
// as well as prioritizing the sending of traffic to a local locality. Set the environment variable to any value to enable.
// This is an experimental feature.
EnableLocalityLoadBalancing = func() bool {
return len(os.Getenv("PILOT_ENABLE_LOCALITY_LOAD_BALANCING")) != 0
}
// EnableWaitCacheSync provides an option to specify whether it should wait
// for cache sync before Pilot bootstrap. Set env PILOT_ENABLE_WAIT_CACHE_SYNC = 0 to disable it.
EnableWaitCacheSync = os.Getenv("PILOT_ENABLE_WAIT_CACHE_SYNC") != "0"
// EnableFallthroughRoute provides an option to add a final wildcard match for routes.
// When ALLOW_ANY traffic policy is used, a Passthrough cluster is used.
// When REGISTRY_ONLY traffic policy is used, a 502 error is returned.
EnableFallthroughRoute = func() bool {
val, set := os.LookupEnv("PILOT_ENABLE_FALLTHROUGH_ROUTE")
return val == "1" || !set
}
// DisablePartialRouteResponse provides an option to disable a partial route response. This
// will cause Pilot to send an error if any routes are invalid. The default behavior (without
// this flag) is to just skip the invalid route.
DisablePartialRouteResponse = os.Getenv("PILOT_DISABLE_PARTIAL_ROUTE_RESPONSE") == "1"
// DisableEmptyRouteResponse provides an option to disable a partial route response. This
// will cause Pilot to ignore a route request if Pilot generates a nil route (due to an error).
// This may cause Envoy to wait forever for the route, blocking listeners from receiving traffic.
// The default behavior (without this flag set) is to explicitly send an empty route. This
// will break routing for that particular route, but allow others on the same listener to work.
DisableEmptyRouteResponse = os.Getenv("PILOT_DISABLE_EMPTY_ROUTE_RESPONSE") == "1"
// DisableXDSMarshalingToAny provides an option to disable the "xDS marshaling to Any" feature ("on" by default).
DisableXDSMarshalingToAny = func() bool {
return os.Getenv("PILOT_DISABLE_XDS_MARSHALING_TO_ANY") == "1"
}
// InitialConnectionWindowSize specifies the window size to use for http2 connections
// Must be 65535 - 2147483647, default 268435456 (256mb)
initialConnectionWindowSize = func() int {
raw, f := os.LookupEnv("PILOT_INITIAL_CONNECTION_WINDOW_SIZE")
if !f {
return 0
}
i, err := strconv.Atoi(raw)
if err != nil {
log.Warnf("failed to parse PILOT_INITIAL_CONNECTION_WINDOW_SIZE: %v", err)
return 0
}
if i < 65535 || i > 2147483647 {
log.Warnf("PILOT_INITIAL_CONNECTION_WINDOW_SIZE invalid, must be 65535 - 2147483647: %v", i)
return 0
}
return i
}
InitialConnectionWindowSize = initialConnectionWindowSize()
// InitialStreamWindowSize specifies the window size to use for http2 connections
// Must be 65535 - 2147483647, default 268435456
initialStreamWindowSize = func() int {
raw, f := os.LookupEnv("PILOT_INITIAL_STREAM_WINDOW_SIZE")
if !f {
return 0
}
i, err := strconv.Atoi(raw)
if err != nil {
log.Warnf("failed to parse PILOT_INITIAL_STREAM_WINDOW_SIZE: %v", err)
return 0
}
if i < 65535 || i > 2147483647 {
log.Warnf("PILOT_INITIAL_STREAM_WINDOW_SIZE invalid, must be 65535 - 2147483647: %v", i)
return 0
}
return i
}
InitialStreamWindowSize = initialStreamWindowSize()
// DisableSplitHorizonEdsProxyNetworkCompare provides an option to disable
// matching proxy and pod network id.
DisableSplitHorizonEdsProxyNetworkCompare = func() bool {
return os.Getenv("PILOT_DISABLE_SPLIT_HORIZON_EDS_NETWORK_COMPARE") == "1"
}
// EnableMysqlFilter enables injection of `envoy.filters.network.mysql_proxy` in the filter chain.
// Pilot injects this outbound filter if the service port name is `mysql`.
EnableMysqlFilter = os.Getenv("PILOT_ENABLE_MYSQL_FILTER") == "1"
// RestrictPodIPTrafficLoops if enabled, this will block inbound traffic from matching outbound listeners, which
// could result in an infinite loop of traffic. This option is only provided for backward compatibility purposes
// and will be removed in the near future.
RestrictPodIPTrafficLoops = func() bool {
val, f := os.LookupEnv("PILOT_RESTRICT_POD_UP_TRAFFIC_LOOP")
if !f {
// Default to enabled
return true
}
enabled, err := strconv.ParseBool(val)
if err != nil {
// If we cannot parse, default to enabled
return true
}
return enabled
}
)
var (
// TODO: define all other default ports here, add docs
// DefaultPortHTTPProxy is used as for HTTP PROXY mode. Can be overridden by ProxyHttpPort in mesh config.
DefaultPortHTTPProxy = 15002
)