in main.go [275:368]
func generate(in configInput) ([]byte, error) {
xdsServer := server{
ServerURI: in.xdsServerURI,
ChannelCreds: []creds{{Type: "google_default"}},
}
// Set xds_v3.
xdsServer.ServerFeatures = append(xdsServer.ServerFeatures, "xds_v3")
if in.isTrustedXDSServer {
xdsServer.ServerFeatures = append(xdsServer.ServerFeatures, "trusted_xds_server")
}
if in.ignoreResourceDeletion {
xdsServer.ServerFeatures = append(xdsServer.ServerFeatures, "ignore_resource_deletion")
}
// Setting networkIdentifier based on flags.
networkIdentifier := in.vpcNetworkName
if in.configMesh != "" {
networkIdentifier = fmt.Sprintf("mesh:%s", in.configMesh)
}
c := &config{
XDSServers: []server{xdsServer},
Node: &node{
ID: fmt.Sprintf("projects/%d/networks/%s/nodes/%s", in.gcpProjectNumber, networkIdentifier, uuid.New().String()),
Cluster: "cluster", // unused by TD
Locality: &locality{
Zone: in.zone,
},
Metadata: map[string]any{
"INSTANCE_IP": in.ip,
"TRAFFICDIRECTOR_GRPC_BOOTSTRAP_GENERATOR_SHA": in.gitCommitHash,
},
},
Authorities: map[string]Authority{
tdAuthority: {
// Listener Resource Name format for normal TD usecases looks like:
// xdstp://<authority>/envoy.config.listener.v3.Listener/<project_number>/<(network)|(mesh:mesh_name)>/id
ClientListenerResourceNameTemplate: fmt.Sprintf("xdstp://%s/envoy.config.listener.v3.Listener/%d/%s/%%s", tdAuthority, in.gcpProjectNumber, networkIdentifier),
},
c2pAuthority: {
// In the case of DirectPath, it is safe to assume that the operator is notified of missing resources.
// In other words, "ignore_resource_deletion" server_features is always set.
XDSServers: []server{{
ServerURI: "dns:///directpath-pa.googleapis.com",
ChannelCreds: []creds{{Type: "google_default"}},
ServerFeatures: []string{"xds_v3", "ignore_resource_deletion"},
}},
ClientListenerResourceNameTemplate: fmt.Sprintf("xdstp://%s/envoy.config.listener.v3.Listener/%%s", c2pAuthority),
},
},
ClientDefaultListenerResourceNameTemplate: fmt.Sprintf("xdstp://%s/envoy.config.listener.v3.Listener/%d/%s/%%s", tdAuthority, in.gcpProjectNumber, networkIdentifier),
}
for k, v := range in.metadataLabels {
c.Node.Metadata[k] = v
}
// For PSM Security.
c.CertificateProviders = map[string]certificateProviderConfig{
"google_cloud_private_spiffe": {
PluginName: "file_watcher",
Config: privateSPIFFEConfig{
CertificateFile: path.Join(in.secretsDir, "certificates.pem"),
PrivateKeyFile: path.Join(in.secretsDir, "private_key.pem"),
CACertificateFile: path.Join(in.secretsDir, "ca_certificates.pem"),
// The file_watcher plugin will parse this a Duration proto, but it is totally
// fine to just emit a string here.
RefreshInterval: "600s",
},
},
}
// For Rate Limiting
if in.includeAllowedGrpcServices {
c.AllowedGrpcServices = map[string]allowedGrpcServiceConfig{
getQualifiedXDSURI(in.xdsServerURI): {
ChannelCreds: []creds{{Type: "google_default"}},
},
}
}
c.ServerListenerResourceNameTemplate = "grpc/server?xds.resource.listening_address=%s"
if in.deploymentInfo != nil {
c.Node.Metadata["TRAFFIC_DIRECTOR_CLIENT_ENVIRONMENT"] = in.deploymentInfo
}
if in.ipv6Capable {
c.Node.Metadata["TRAFFICDIRECTOR_DIRECTPATH_C2P_IPV6_CAPABLE"] = true
}
return json.MarshalIndent(c, "", " ")
}