in pkg/xds/bootstrap/template_v3.go [67:371]
func genConfig(parameters configParameters, proxyConfig xds.Proxy, enableReloadableTokens bool) (*envoy_bootstrap_v3.Bootstrap, error) {
staticClusters, err := buildStaticClusters(parameters, enableReloadableTokens)
if err != nil {
return nil, err
}
features := []interface{}{}
for _, feature := range parameters.Features {
features = append(features, feature)
}
runtimeLayers := []*envoy_bootstrap_v3.RuntimeLayer{{
Name: "dubbo",
LayerSpecifier: &envoy_bootstrap_v3.RuntimeLayer_StaticLayer{
StaticLayer: util_proto.MustStruct(map[string]interface{}{
"re2.max_program_size.error_level": 4294967295,
"re2.max_program_size.warn_level": 1000,
}),
},
}}
if parameters.IsGatewayDataplane {
connections := proxyConfig.Gateway.GlobalDownstreamMaxConnections
if connections == 0 {
connections = 50000
}
runtimeLayers = append(runtimeLayers,
&envoy_bootstrap_v3.RuntimeLayer{
Name: "gateway",
LayerSpecifier: &envoy_bootstrap_v3.RuntimeLayer_StaticLayer{
StaticLayer: util_proto.MustStruct(map[string]interface{}{
"overload.global_downstream_max_connections": connections,
}),
},
},
&envoy_bootstrap_v3.RuntimeLayer{
Name: "gateway.listeners",
LayerSpecifier: &envoy_bootstrap_v3.RuntimeLayer_RtdsLayer_{
RtdsLayer: &envoy_bootstrap_v3.RuntimeLayer_RtdsLayer{
Name: "gateway.listeners",
RtdsConfig: &envoy_core_v3.ConfigSource{
ResourceApiVersion: envoy_core_v3.ApiVersion_V3,
ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_Ads{},
},
},
},
})
}
// We create matchers
var matchNames []*envoy_tls.SubjectAltNameMatcher
for _, typ := range []envoy_tls.SubjectAltNameMatcher_SanType{
envoy_tls.SubjectAltNameMatcher_DNS,
envoy_tls.SubjectAltNameMatcher_IP_ADDRESS,
} {
matchNames = append(matchNames, &envoy_tls.SubjectAltNameMatcher{
SanType: typ,
Matcher: &envoy_type_matcher_v3.StringMatcher{
MatchPattern: &envoy_type_matcher_v3.StringMatcher_Exact{Exact: parameters.XdsHost},
},
})
}
res := &envoy_bootstrap_v3.Bootstrap{
Node: &envoy_core_v3.Node{
Id: parameters.Id,
Cluster: parameters.Service,
Metadata: &structpb.Struct{
Fields: map[string]*structpb.Value{
core_xds.FieldVersion: {
Kind: &structpb.Value_StructValue{
StructValue: util_proto.MustToStruct(parameters.Version),
},
},
core_xds.FieldFeatures: util_proto.MustNewValueForStruct(features),
core_xds.FieldWorkdir: util_proto.MustNewValueForStruct(parameters.Workdir),
core_xds.FieldAccessLogSocketPath: util_proto.MustNewValueForStruct(parameters.AccessLogSocketPath),
core_xds.FieldMetricsSocketPath: util_proto.MustNewValueForStruct(parameters.MetricsSocketPath),
core_xds.FieldMetricsCertPath: util_proto.MustNewValueForStruct(parameters.MetricsCertPath),
core_xds.FieldMetricsKeyPath: util_proto.MustNewValueForStruct(parameters.MetricsKeyPath),
},
},
},
LayeredRuntime: &envoy_bootstrap_v3.LayeredRuntime{
Layers: runtimeLayers,
},
StatsConfig: &envoy_metrics_v3.StatsConfig{
StatsTags: []*envoy_metrics_v3.TagSpecifier{
{
TagName: "name",
TagValue: &envoy_metrics_v3.TagSpecifier_Regex{Regex: "^grpc\\.((.+)\\.)"},
},
{
TagName: "status",
TagValue: &envoy_metrics_v3.TagSpecifier_Regex{Regex: "^grpc.*streams_closed(_([0-9]+))"},
},
{
TagName: "kafka_name",
TagValue: &envoy_metrics_v3.TagSpecifier_Regex{Regex: "^kafka(\\.(\\S*[0-9]))\\."},
},
{
TagName: "kafka_type",
TagValue: &envoy_metrics_v3.TagSpecifier_Regex{Regex: "^kafka\\..*\\.(.*?(?=_duration|$))"},
},
{
TagName: "worker",
TagValue: &envoy_metrics_v3.TagSpecifier_Regex{Regex: "(worker_([0-9]+)\\.)"},
},
{
TagName: "listener",
TagValue: &envoy_metrics_v3.TagSpecifier_Regex{Regex: "((.+?)\\.)rbac\\."},
},
},
},
DynamicResources: &envoy_bootstrap_v3.Bootstrap_DynamicResources{
LdsConfig: &envoy_core_v3.ConfigSource{
ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_Ads{Ads: &envoy_core_v3.AggregatedConfigSource{}},
ResourceApiVersion: envoy_core_v3.ApiVersion_V3,
},
CdsConfig: &envoy_core_v3.ConfigSource{
ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_Ads{Ads: &envoy_core_v3.AggregatedConfigSource{}},
ResourceApiVersion: envoy_core_v3.ApiVersion_V3,
},
AdsConfig: &envoy_core_v3.ApiConfigSource{
ApiType: envoy_core_v3.ApiConfigSource_GRPC,
TransportApiVersion: envoy_core_v3.ApiVersion_V3,
SetNodeOnFirstMessageOnly: true,
GrpcServices: []*envoy_core_v3.GrpcService{
buildGrpcService(parameters, enableReloadableTokens),
},
},
},
StaticResources: &envoy_bootstrap_v3.Bootstrap_StaticResources{
//Secrets: []*envoy_tls.Secret{
// {
// Name: tls.CpValidationCtx,
// Type: &envoy_tls.Secret_ValidationContext{
// ValidationContext: &envoy_tls.CertificateValidationContext{
// MatchTypedSubjectAltNames: matchNames,
// TrustedCa: &envoy_core_v3.DataSource{
// Specifier: &envoy_core_v3.DataSource_InlineBytes{
// InlineBytes: parameters.CertBytes,
// },
// },
// },
// },
// },
//},
Clusters: staticClusters,
},
DefaultRegexEngine: &envoy_core_v3.TypedExtensionConfig{
Name: "envoy.regex_engines.google_re2",
TypedConfig: util_proto.MustMarshalAny(®ex_engines.GoogleRE2{}),
},
}
for _, r := range res.StaticResources.Clusters {
if r.Name == adsClusterName {
transport := &envoy_tls.UpstreamTlsContext{
Sni: parameters.XdsHost,
CommonTlsContext: &envoy_tls.CommonTlsContext{
//TlsParams: &envoy_tls.TlsParameters{
// TlsMinimumProtocolVersion: envoy_tls.TlsParameters_TLSv1_2,
//},
//ValidationContextType: &envoy_tls.CommonTlsContext_ValidationContextSdsSecretConfig{
//ValidationContextSdsSecretConfig: &envoy_tls.SdsSecretConfig{
// Name: tls.CpValidationCtx,
//},
//},
},
}
any, err := util_proto.MarshalAnyDeterministic(transport)
if err != nil {
return nil, err
}
r.TransportSocket = &envoy_core_v3.TransportSocket{
Name: "envoy.transport_sockets.tls",
ConfigType: &envoy_core_v3.TransportSocket_TypedConfig{
TypedConfig: any,
},
}
}
}
if parameters.HdsEnabled {
res.HdsConfig = &envoy_core_v3.ApiConfigSource{
ApiType: envoy_core_v3.ApiConfigSource_GRPC,
TransportApiVersion: envoy_core_v3.ApiVersion_V3,
SetNodeOnFirstMessageOnly: true,
GrpcServices: []*envoy_core_v3.GrpcService{
buildGrpcService(parameters, enableReloadableTokens),
},
}
}
if parameters.IsGatewayDataplane {
if maxBytes := parameters.Resources.MaxHeapSizeBytes; maxBytes > 0 {
config := &resource_monitors_fixed_heap.FixedHeapConfig{
MaxHeapSizeBytes: maxBytes,
}
marshaledConfig, err := util_proto.MarshalAnyDeterministic(config)
if err != nil {
return nil, errors.Wrapf(err, "could not marshall %T", config)
}
fixedHeap := "envoy.resource_monitors.fixed_heap"
res.OverloadManager = &envoy_overload_v3.OverloadManager{
RefreshInterval: util_proto.Duration(250 * time.Millisecond),
ResourceMonitors: []*envoy_overload_v3.ResourceMonitor{{
Name: fixedHeap,
ConfigType: &envoy_overload_v3.ResourceMonitor_TypedConfig{
TypedConfig: marshaledConfig,
},
}},
Actions: []*envoy_overload_v3.OverloadAction{{
Name: "envoy.overload_actions.shrink_heap",
Triggers: []*envoy_overload_v3.Trigger{{
Name: fixedHeap,
TriggerOneof: &envoy_overload_v3.Trigger_Threshold{
Threshold: &envoy_overload_v3.ThresholdTrigger{
Value: 0.95,
},
},
}},
}, {
Name: "envoy.overload_actions.stop_accepting_requests",
Triggers: []*envoy_overload_v3.Trigger{{
Name: fixedHeap,
TriggerOneof: &envoy_overload_v3.Trigger_Threshold{
Threshold: &envoy_overload_v3.ThresholdTrigger{
Value: 0.98,
},
},
}},
}},
}
}
}
if (!enableReloadableTokens || parameters.DataplaneTokenPath == "") && parameters.DataplaneToken != "" {
if res.HdsConfig != nil {
for _, n := range res.HdsConfig.GrpcServices {
n.InitialMetadata = []*envoy_core_v3.HeaderValue{
{Key: "authorization", Value: parameters.DataplaneToken},
}
}
}
for _, n := range res.DynamicResources.AdsConfig.GrpcServices {
n.InitialMetadata = []*envoy_core_v3.HeaderValue{
{Key: "authorization", Value: parameters.DataplaneToken},
}
}
}
if parameters.DataplaneResource != "" {
res.Node.Metadata.Fields[core_xds.FieldDataplaneDataplaneResource] = util_proto.MustNewValueForStruct(parameters.DataplaneResource)
}
if parameters.AdminPort != 0 {
res.Node.Metadata.Fields[core_xds.FieldDataplaneAdminPort] = util_proto.MustNewValueForStruct(strconv.Itoa(int(parameters.AdminPort)))
res.Node.Metadata.Fields[core_xds.FieldDataplaneAdminAddress] = util_proto.MustNewValueForStruct(parameters.AdminAddress)
res.Admin = &envoy_bootstrap_v3.Admin{
Address: &envoy_core_v3.Address{
Address: &envoy_core_v3.Address_SocketAddress{
SocketAddress: &envoy_core_v3.SocketAddress{
Address: parameters.AdminAddress,
Protocol: envoy_core_v3.SocketAddress_TCP,
PortSpecifier: &envoy_core_v3.SocketAddress_PortValue{
PortValue: parameters.AdminPort,
},
},
},
},
}
if parameters.AdminAccessLogPath != "" {
fileAccessLog := &access_loggers_file.FileAccessLog{
Path: parameters.AdminAccessLogPath,
}
marshaled, err := util_proto.MarshalAnyDeterministic(fileAccessLog)
if err != nil {
return nil, errors.Wrapf(err, "could not marshall %T", fileAccessLog)
}
res.Admin.AccessLog = []*envoy_accesslog_v3.AccessLog{
{
Name: "envoy.access_loggers.file",
ConfigType: &envoy_accesslog_v3.AccessLog_TypedConfig{
TypedConfig: marshaled,
},
},
}
}
}
if parameters.DNSPort != 0 {
res.Node.Metadata.Fields[core_xds.FieldDataplaneDNSPort] = util_proto.MustNewValueForStruct(strconv.Itoa(int(parameters.DNSPort)))
}
if parameters.EmptyDNSPort != 0 {
res.Node.Metadata.Fields[core_xds.FieldDataplaneDNSEmptyPort] = util_proto.MustNewValueForStruct(strconv.Itoa(int(parameters.EmptyDNSPort)))
}
if parameters.ProxyType != "" {
res.Node.Metadata.Fields[core_xds.FieldDataplaneProxyType] = util_proto.MustNewValueForStruct(parameters.ProxyType)
}
if len(parameters.DynamicMetadata) > 0 {
md := make(map[string]interface{}, len(parameters.DynamicMetadata))
for k, v := range parameters.DynamicMetadata {
md[k] = v
}
res.Node.Metadata.Fields[core_xds.FieldDynamicMetadata] = util_proto.MustNewValueForStruct(md)
}
return res, nil
}