syntax = "proto3"; package envoy.config.bootstrap.v3; import "envoy/config/accesslog/v3/accesslog.proto"; import "envoy/config/cluster/v3/cluster.proto"; import "envoy/config/core/v3/address.proto"; import "envoy/config/core/v3/base.proto"; import "envoy/config/core/v3/config_source.proto"; import "envoy/config/core/v3/event_service_config.proto"; import "envoy/config/core/v3/extension.proto"; import "envoy/config/core/v3/resolver.proto"; import "envoy/config/core/v3/socket_option.proto"; import "envoy/config/listener/v3/listener.proto"; import "envoy/config/metrics/v3/stats.proto"; import "envoy/config/overload/v3/overload.proto"; import "envoy/config/trace/v3/http_tracer.proto"; import "envoy/extensions/transport_sockets/tls/v3/secret.proto"; import "envoy/type/v3/percent.proto"; import "google/protobuf/duration.proto"; import "google/protobuf/struct.proto"; import "google/protobuf/wrappers.proto"; import "envoy/annotations/deprecation.proto"; import "udpa/annotations/migrate.proto"; import "udpa/annotations/security.proto"; import "udpa/annotations/status.proto"; import "udpa/annotations/versioning.proto"; import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.bootstrap.v3"; option java_outer_classname = "BootstrapProto"; option java_multiple_files = true; option go_package = "github.com/envoyproxy/go-control-plane/envoy/config/bootstrap/v3;bootstrapv3"; option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Bootstrap] // This proto is supplied via the :option:`-c` CLI flag and acts as the root // of the Envoy v3 configuration. See the :ref:`v3 configuration overview // ` for more detail. // Bootstrap :ref:`configuration overview `. // [#next-free-field: 36] message Bootstrap { option (udpa.annotations.versioning).previous_message_type = "envoy.config.bootstrap.v2.Bootstrap"; message StaticResources { option (udpa.annotations.versioning).previous_message_type = "envoy.config.bootstrap.v2.Bootstrap.StaticResources"; // Static :ref:`Listeners `. These listeners are // available regardless of LDS configuration. repeated listener.v3.Listener listeners = 1; // If a network based configuration source is specified for :ref:`cds_config // `, it's necessary // to have some initial cluster definitions available to allow Envoy to know // how to speak to the management server. These cluster definitions may not // use :ref:`EDS ` (i.e. they should be static // IP or DNS-based). repeated cluster.v3.Cluster clusters = 2; // These static secrets can be used by :ref:`SdsSecretConfig // ` repeated envoy.extensions.transport_sockets.tls.v3.Secret secrets = 3; } // [#next-free-field: 7] message DynamicResources { option (udpa.annotations.versioning).previous_message_type = "envoy.config.bootstrap.v2.Bootstrap.DynamicResources"; reserved 4; // All :ref:`Listeners ` are provided by a single // :ref:`LDS ` configuration source. core.v3.ConfigSource lds_config = 1; // xdstp:// resource locator for listener collection. // [#not-implemented-hide:] string lds_resources_locator = 5; // All post-bootstrap :ref:`Cluster ` definitions are // provided by a single :ref:`CDS ` // configuration source. core.v3.ConfigSource cds_config = 2; // xdstp:// resource locator for cluster collection. // [#not-implemented-hide:] string cds_resources_locator = 6; // A single :ref:`ADS ` source may be optionally // specified. This must have :ref:`api_type // ` :ref:`GRPC // `. Only // :ref:`ConfigSources ` that have // the :ref:`ads ` field set will be // streamed on the ADS channel. core.v3.ApiConfigSource ads_config = 3; } reserved 10, 11; reserved "runtime"; // Node identity to present to the management server and for instance // identification purposes (e.g. in generated headers). core.v3.Node node = 1; // A list of :ref:`Node ` field names // that will be included in the context parameters of the effective // xdstp:// URL that is sent in a discovery request when resource // locators are used for LDS/CDS. Any non-string field will have its JSON // encoding set as the context parameter value, with the exception of // metadata, which will be flattened (see example below). The supported field // names are: // - "cluster" // - "id" // - "locality.region" // - "locality.sub_zone" // - "locality.zone" // - "metadata" // - "user_agent_build_version.metadata" // - "user_agent_build_version.version" // - "user_agent_name" // - "user_agent_version" // // The node context parameters act as a base layer dictionary for the context // parameters (i.e. more specific resource specific context parameters will // override). Field names will be prefixed with “udpa.node.” when included in // context parameters. // // For example, if node_context_params is ``["user_agent_name", "metadata"]``, // the implied context parameters might be:: // // node.user_agent_name: "envoy" // node.metadata.foo: "{\"bar\": \"baz\"}" // node.metadata.some: "42" // node.metadata.thing: "\"thing\"" // // [#not-implemented-hide:] repeated string node_context_params = 26; // Statically specified resources. StaticResources static_resources = 2; // xDS configuration sources. DynamicResources dynamic_resources = 3; // Configuration for the cluster manager which owns all upstream clusters // within the server. ClusterManager cluster_manager = 4; // Health discovery service config option. // (:ref:`core.ApiConfigSource `) core.v3.ApiConfigSource hds_config = 14; // Optional file system path to search for startup flag files. string flags_path = 5; // Optional set of stats sinks. repeated metrics.v3.StatsSink stats_sinks = 6; // Configuration for internal processing of stats. metrics.v3.StatsConfig stats_config = 13; // Optional duration between flushes to configured stats sinks. For // performance reasons Envoy latches counters and only flushes counters and // gauges at a periodic interval. If not specified the default is 5000ms (5 // seconds). Only one of ``stats_flush_interval`` or ``stats_flush_on_admin`` // can be set. // Duration must be at least 1ms and at most 5 min. google.protobuf.Duration stats_flush_interval = 7 [ (validate.rules).duration = { lt {seconds: 300} gte {nanos: 1000000} }, (udpa.annotations.field_migrate).oneof_promotion = "stats_flush" ]; oneof stats_flush { // Flush stats to sinks only when queried for on the admin interface. If set, // a flush timer is not created. Only one of ``stats_flush_on_admin`` or // ``stats_flush_interval`` can be set. bool stats_flush_on_admin = 29 [(validate.rules).bool = {const: true}]; } // Optional watchdog configuration. // This is for a single watchdog configuration for the entire system. // Deprecated in favor of ``watchdogs`` which has finer granularity. Watchdog watchdog = 8 [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; // Optional watchdogs configuration. // This is used for specifying different watchdogs for the different subsystems. // [#extension-category: envoy.guarddog_actions] Watchdogs watchdogs = 27; // Configuration for an external tracing provider. // // .. attention:: // This field has been deprecated in favor of :ref:`HttpConnectionManager.Tracing.provider // `. trace.v3.Tracing tracing = 9 [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; // Configuration for the runtime configuration provider. If not // specified, a “null” provider will be used which will result in all defaults // being used. LayeredRuntime layered_runtime = 17; // Configuration for the local administration HTTP server. Admin admin = 12; // Optional overload manager configuration. overload.v3.OverloadManager overload_manager = 15 [ (udpa.annotations.security).configure_for_untrusted_downstream = true, (udpa.annotations.security).configure_for_untrusted_upstream = true ]; // Enable :ref:`stats for event dispatcher `, defaults to false. // Note that this records a value for each iteration of the event loop on every thread. This // should normally be minimal overhead, but when using // :ref:`statsd `, it will send each observed value // over the wire individually because the statsd protocol doesn't have any way to represent a // histogram summary. Be aware that this can be a very large volume of data. bool enable_dispatcher_stats = 16; // Optional string which will be used in lieu of x-envoy in prefixing headers. // // For example, if this string is present and set to X-Foo, then x-envoy-retry-on will be // transformed into x-foo-retry-on etc. // // Note this applies to the headers Envoy will generate, the headers Envoy will sanitize, and the // headers Envoy will trust for core code and core extensions only. Be VERY careful making // changes to this string, especially in multi-layer Envoy deployments or deployments using // extensions which are not upstream. string header_prefix = 18; // Optional proxy version which will be used to set the value of :ref:`server.version statistic // ` if specified. Envoy will not process this value, it will be sent as is to // :ref:`stats sinks `. google.protobuf.UInt64Value stats_server_version_override = 19; // Always use TCP queries instead of UDP queries for DNS lookups. // This may be overridden on a per-cluster basis in cds_config, // when :ref:`dns_resolvers ` and // :ref:`use_tcp_for_dns_lookups ` are // specified. // This field is deprecated in favor of ``dns_resolution_config`` // which aggregates all of the DNS resolver configuration in a single message. bool use_tcp_for_dns_lookups = 20 [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; // DNS resolution configuration which includes the underlying dns resolver addresses and options. // This may be overridden on a per-cluster basis in cds_config, when // :ref:`dns_resolution_config ` // is specified. // This field is deprecated in favor of // :ref:`typed_dns_resolver_config `. core.v3.DnsResolutionConfig dns_resolution_config = 30 [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; // DNS resolver type configuration extension. This extension can be used to configure c-ares, apple, // or any other DNS resolver types and the related parameters. // For example, an object of // :ref:`CaresDnsResolverConfig ` // can be packed into this ``typed_dns_resolver_config``. This configuration replaces the // :ref:`dns_resolution_config ` // configuration. // During the transition period when both ``dns_resolution_config`` and ``typed_dns_resolver_config`` exists, // when ``typed_dns_resolver_config`` is in place, Envoy will use it and ignore ``dns_resolution_config``. // When ``typed_dns_resolver_config`` is missing, the default behavior is in place. // [#extension-category: envoy.network.dns_resolver] core.v3.TypedExtensionConfig typed_dns_resolver_config = 31; // Specifies optional bootstrap extensions to be instantiated at startup time. // Each item contains extension specific configuration. // [#extension-category: envoy.bootstrap] repeated core.v3.TypedExtensionConfig bootstrap_extensions = 21; // Specifies optional extensions instantiated at startup time and // invoked during crash time on the request that caused the crash. repeated FatalAction fatal_actions = 28; // Configuration sources that will participate in // xdstp:// URL authority resolution. The algorithm is as // follows: // 1. The authority field is taken from the xdstp:// URL, call // this ``resource_authority``. // 2. ``resource_authority`` is compared against the authorities in any peer // ``ConfigSource``. The peer ``ConfigSource`` is the configuration source // message which would have been used unconditionally for resolution // with opaque resource names. If there is a match with an authority, the // peer ``ConfigSource`` message is used. // 3. ``resource_authority`` is compared sequentially with the authorities in // each configuration source in ``config_sources``. The first ``ConfigSource`` // to match wins. // 4. As a fallback, if no configuration source matches, then // ``default_config_source`` is used. // 5. If ``default_config_source`` is not specified, resolution fails. // [#not-implemented-hide:] repeated core.v3.ConfigSource config_sources = 22; // Default configuration source for xdstp:// URLs if all // other resolution fails. // [#not-implemented-hide:] core.v3.ConfigSource default_config_source = 23; // Optional overriding of default socket interface. The value must be the name of one of the // socket interface factories initialized through a bootstrap extension string default_socket_interface = 24; // Global map of CertificateProvider instances. These instances are referred to by name in the // :ref:`CommonTlsContext.CertificateProviderInstance.instance_name // ` // field. // [#not-implemented-hide:] map certificate_provider_instances = 25; // Specifies a set of headers that need to be registered as inline header. This configuration // allows users to customize the inline headers on-demand at Envoy startup without modifying // Envoy's source code. // // Note that the 'set-cookie' header cannot be registered as inline header. repeated CustomInlineHeader inline_headers = 32; // Optional path to a file with performance tracing data created by "Perfetto" SDK in binary // ProtoBuf format. The default value is "envoy.pftrace". string perf_tracing_file_path = 33; // Optional overriding of default regex engine. // If the value is not specified, Google RE2 will be used by default. // [#extension-category: envoy.regex_engines] core.v3.TypedExtensionConfig default_regex_engine = 34; // Optional XdsResourcesDelegate configuration, which allows plugging custom logic into both // fetch and load events during xDS processing. // If a value is not specified, no XdsResourcesDelegate will be used. // TODO(abeyad): Add public-facing documentation. // [#not-implemented-hide:] core.v3.TypedExtensionConfig xds_delegate_extension = 35; } // Administration interface :ref:`operations documentation // `. // [#next-free-field: 7] message Admin { option (udpa.annotations.versioning).previous_message_type = "envoy.config.bootstrap.v2.Admin"; // Configuration for :ref:`access logs ` // emitted by the administration server. repeated accesslog.v3.AccessLog access_log = 5; // The path to write the access log for the administration server. If no // access log is desired specify ‘/dev/null’. This is only required if // :ref:`address ` is set. // Deprecated in favor of ``access_log`` which offers more options. string access_log_path = 1 [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; // The cpu profiler output path for the administration server. If no profile // path is specified, the default is ‘/var/log/envoy/envoy.prof’. string profile_path = 2; // The TCP address that the administration server will listen on. // If not specified, Envoy will not start an administration server. core.v3.Address address = 3; // Additional socket options that may not be present in Envoy source code or // precompiled binaries. repeated core.v3.SocketOption socket_options = 4; // Indicates whether :ref:`global_downstream_max_connections ` // should apply to the admin interface or not. bool ignore_global_conn_limit = 6; } // Cluster manager :ref:`architecture overview `. message ClusterManager { option (udpa.annotations.versioning).previous_message_type = "envoy.config.bootstrap.v2.ClusterManager"; message OutlierDetection { option (udpa.annotations.versioning).previous_message_type = "envoy.config.bootstrap.v2.ClusterManager.OutlierDetection"; // Specifies the path to the outlier event log. string event_log_path = 1; // [#not-implemented-hide:] // The gRPC service for the outlier detection event service. // If empty, outlier detection events won't be sent to a remote endpoint. core.v3.EventServiceConfig event_service = 2; } // Name of the local cluster (i.e., the cluster that owns the Envoy running // this configuration). In order to enable :ref:`zone aware routing // ` this option must be set. // If ``local_cluster_name`` is defined then :ref:`clusters // ` must be defined in the :ref:`Bootstrap // static cluster resources // `. This is unrelated to // the :option:`--service-cluster` option which does not `affect zone aware // routing `_. string local_cluster_name = 1; // Optional global configuration for outlier detection. OutlierDetection outlier_detection = 2; // Optional configuration used to bind newly established upstream connections. // This may be overridden on a per-cluster basis by upstream_bind_config in the cds_config. core.v3.BindConfig upstream_bind_config = 3; // A management server endpoint to stream load stats to via // ``StreamLoadStats``. This must have :ref:`api_type // ` :ref:`GRPC // `. core.v3.ApiConfigSource load_stats_config = 4; } // Allows you to specify different watchdog configs for different subsystems. // This allows finer tuned policies for the watchdog. If a subsystem is omitted // the default values for that system will be used. message Watchdogs { // Watchdog for the main thread. Watchdog main_thread_watchdog = 1; // Watchdog for the worker threads. Watchdog worker_watchdog = 2; } // Envoy process watchdog configuration. When configured, this monitors for // nonresponsive threads and kills the process after the configured thresholds. // See the :ref:`watchdog documentation ` for more information. // [#next-free-field: 8] message Watchdog { option (udpa.annotations.versioning).previous_message_type = "envoy.config.bootstrap.v2.Watchdog"; message WatchdogAction { // The events are fired in this order: KILL, MULTIKILL, MEGAMISS, MISS. // Within an event type, actions execute in the order they are configured. // For KILL/MULTIKILL there is a default PANIC that will run after the // registered actions and kills the process if it wasn't already killed. // It might be useful to specify several debug actions, and possibly an // alternate FATAL action. enum WatchdogEvent { UNKNOWN = 0; KILL = 1; MULTIKILL = 2; MEGAMISS = 3; MISS = 4; } // Extension specific configuration for the action. core.v3.TypedExtensionConfig config = 1; WatchdogEvent event = 2 [(validate.rules).enum = {defined_only: true}]; } // Register actions that will fire on given WatchDog events. // See ``WatchDogAction`` for priority of events. repeated WatchdogAction actions = 7; // The duration after which Envoy counts a nonresponsive thread in the // ``watchdog_miss`` statistic. If not specified the default is 200ms. google.protobuf.Duration miss_timeout = 1; // The duration after which Envoy counts a nonresponsive thread in the // ``watchdog_mega_miss`` statistic. If not specified the default is // 1000ms. google.protobuf.Duration megamiss_timeout = 2; // If a watched thread has been nonresponsive for this duration, assume a // programming error and kill the entire Envoy process. Set to 0 to disable // kill behavior. If not specified the default is 0 (disabled). google.protobuf.Duration kill_timeout = 3; // Defines the maximum jitter used to adjust the ``kill_timeout`` if ``kill_timeout`` is // enabled. Enabling this feature would help to reduce risk of synchronized // watchdog kill events across proxies due to external triggers. Set to 0 to // disable. If not specified the default is 0 (disabled). google.protobuf.Duration max_kill_timeout_jitter = 6 [(validate.rules).duration = {gte {}}]; // If ``max(2, ceil(registered_threads * Fraction(*multikill_threshold*)))`` // threads have been nonresponsive for at least this duration kill the entire // Envoy process. Set to 0 to disable this behavior. If not specified the // default is 0 (disabled). google.protobuf.Duration multikill_timeout = 4; // Sets the threshold for ``multikill_timeout`` in terms of the percentage of // nonresponsive threads required for the ``multikill_timeout``. // If not specified the default is 0. type.v3.Percent multikill_threshold = 5; } // Fatal actions to run while crashing. Actions can be safe (meaning they are // async-signal safe) or unsafe. We run all safe actions before we run unsafe actions. // If using an unsafe action that could get stuck or deadlock, it important to // have an out of band system to terminate the process. // // The interface for the extension is ``Envoy::Server::Configuration::FatalAction``. // ``FatalAction`` extensions live in the ``envoy.extensions.fatal_actions`` API // namespace. message FatalAction { // Extension specific configuration for the action. It's expected to conform // to the ``Envoy::Server::Configuration::FatalAction`` interface. core.v3.TypedExtensionConfig config = 1; } // Runtime :ref:`configuration overview ` (deprecated). message Runtime { option (udpa.annotations.versioning).previous_message_type = "envoy.config.bootstrap.v2.Runtime"; // The implementation assumes that the file system tree is accessed via a // symbolic link. An atomic link swap is used when a new tree should be // switched to. This parameter specifies the path to the symbolic link. Envoy // will watch the location for changes and reload the file system tree when // they happen. If this parameter is not set, there will be no disk based // runtime. string symlink_root = 1; // Specifies the subdirectory to load within the root directory. This is // useful if multiple systems share the same delivery mechanism. Envoy // configuration elements can be contained in a dedicated subdirectory. string subdirectory = 2; // Specifies an optional subdirectory to load within the root directory. If // specified and the directory exists, configuration values within this // directory will override those found in the primary subdirectory. This is // useful when Envoy is deployed across many different types of servers. // Sometimes it is useful to have a per service cluster directory for runtime // configuration. See below for exactly how the override directory is used. string override_subdirectory = 3; // Static base runtime. This will be :ref:`overridden // ` by other runtime layers, e.g. // disk or admin. This follows the :ref:`runtime protobuf JSON representation // encoding `. google.protobuf.Struct base = 4; } // [#next-free-field: 6] message RuntimeLayer { option (udpa.annotations.versioning).previous_message_type = "envoy.config.bootstrap.v2.RuntimeLayer"; // :ref:`Disk runtime ` layer. message DiskLayer { option (udpa.annotations.versioning).previous_message_type = "envoy.config.bootstrap.v2.RuntimeLayer.DiskLayer"; // The implementation assumes that the file system tree is accessed via a // symbolic link. An atomic link swap is used when a new tree should be // switched to. This parameter specifies the path to the symbolic link. // Envoy will watch the location for changes and reload the file system tree // when they happen. See documentation on runtime :ref:`atomicity // ` for further details on how reloads are // treated. string symlink_root = 1; // Specifies the subdirectory to load within the root directory. This is // useful if multiple systems share the same delivery mechanism. Envoy // configuration elements can be contained in a dedicated subdirectory. string subdirectory = 3; // :ref:`Append ` the // service cluster to the path under symlink root. bool append_service_cluster = 2; } // :ref:`Admin console runtime ` layer. message AdminLayer { option (udpa.annotations.versioning).previous_message_type = "envoy.config.bootstrap.v2.RuntimeLayer.AdminLayer"; } // :ref:`Runtime Discovery Service (RTDS) ` layer. message RtdsLayer { option (udpa.annotations.versioning).previous_message_type = "envoy.config.bootstrap.v2.RuntimeLayer.RtdsLayer"; // Resource to subscribe to at ``rtds_config`` for the RTDS layer. string name = 1; // RTDS configuration source. core.v3.ConfigSource rtds_config = 2; } // Descriptive name for the runtime layer. This is only used for the runtime // :http:get:`/runtime` output. string name = 1 [(validate.rules).string = {min_len: 1}]; oneof layer_specifier { option (validate.required) = true; // :ref:`Static runtime ` layer. // This follows the :ref:`runtime protobuf JSON representation encoding // `. Unlike static xDS resources, this static // layer is overridable by later layers in the runtime virtual filesystem. google.protobuf.Struct static_layer = 2; DiskLayer disk_layer = 3; AdminLayer admin_layer = 4; RtdsLayer rtds_layer = 5; } } // Runtime :ref:`configuration overview `. message LayeredRuntime { option (udpa.annotations.versioning).previous_message_type = "envoy.config.bootstrap.v2.LayeredRuntime"; // The :ref:`layers ` of the runtime. This is ordered // such that later layers in the list overlay earlier entries. repeated RuntimeLayer layers = 1; } // Used to specify the header that needs to be registered as an inline header. // // If request or response contain multiple headers with the same name and the header // name is registered as an inline header. Then multiple headers will be folded // into one, and multiple header values will be concatenated by a suitable delimiter. // The delimiter is generally a comma. // // For example, if 'foo' is registered as an inline header, and the headers contains // the following two headers: // // .. code-block:: text // // foo: bar // foo: eep // // Then they will eventually be folded into: // // .. code-block:: text // // foo: bar, eep // // Inline headers provide O(1) search performance, but each inline header imposes // an additional memory overhead on all instances of the corresponding type of // HeaderMap or TrailerMap. message CustomInlineHeader { enum InlineHeaderType { REQUEST_HEADER = 0; REQUEST_TRAILER = 1; RESPONSE_HEADER = 2; RESPONSE_TRAILER = 3; } // The name of the header that is expected to be set as the inline header. string inline_header_name = 1 [(validate.rules).string = {min_len: 1 well_known_regex: HTTP_HEADER_NAME strict: false}]; // The type of the header that is expected to be set as the inline header. InlineHeaderType inline_header_type = 2 [(validate.rules).enum = {defined_only: true}]; }