syntax = "proto3"; package envoy.config.core.v3; import "envoy/config/core/v3/base.proto"; import "envoy/config/core/v3/extension.proto"; import "envoy/config/core/v3/grpc_service.proto"; import "google/protobuf/any.proto"; import "google/protobuf/duration.proto"; import "google/protobuf/wrappers.proto"; import "xds/core/v3/authority.proto"; import "envoy/annotations/deprecation.proto"; import "udpa/annotations/status.proto"; import "udpa/annotations/versioning.proto"; import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.core.v3"; option java_outer_classname = "ConfigSourceProto"; option java_multiple_files = true; option go_package = "github.com/envoyproxy/go-control-plane/envoy/config/core/v3;corev3"; option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Configuration sources] // xDS API and non-xDS services version. This is used to describe both resource and transport // protocol versions (in distinct configuration fields). enum ApiVersion { // When not specified, we assume v2, to ease migration to Envoy's stable API // versioning. If a client does not support v2 (e.g. due to deprecation), this // is an invalid value. AUTO = 0 [deprecated = true, (envoy.annotations.deprecated_at_minor_version_enum) = "3.0"]; // Use xDS v2 API. V2 = 1 [deprecated = true, (envoy.annotations.deprecated_at_minor_version_enum) = "3.0"]; // Use xDS v3 API. V3 = 2; } // API configuration source. This identifies the API type and cluster that Envoy // will use to fetch an xDS API. // [#next-free-field: 10] message ApiConfigSource { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.ApiConfigSource"; // APIs may be fetched via either REST or gRPC. enum ApiType { // Ideally this would be 'reserved 0' but one can't reserve the default // value. Instead we throw an exception if this is ever used. DEPRECATED_AND_UNAVAILABLE_DO_NOT_USE = 0 [deprecated = true, (envoy.annotations.disallowed_by_default_enum) = true]; // REST-JSON v2 API. The `canonical JSON encoding // `_ for // the v2 protos is used. REST = 1; // SotW gRPC service. GRPC = 2; // Using the delta xDS gRPC service, i.e. DeltaDiscovery{Request,Response} // rather than Discovery{Request,Response}. Rather than sending Envoy the entire state // with every update, the xDS server only sends what has changed since the last update. DELTA_GRPC = 3; // SotW xDS gRPC with ADS. All resources which resolve to this configuration source will be // multiplexed on a single connection to an ADS endpoint. // [#not-implemented-hide:] AGGREGATED_GRPC = 5; // Delta xDS gRPC with ADS. All resources which resolve to this configuration source will be // multiplexed on a single connection to an ADS endpoint. // [#not-implemented-hide:] AGGREGATED_DELTA_GRPC = 6; } // API type (gRPC, REST, delta gRPC) ApiType api_type = 1 [(validate.rules).enum = {defined_only: true}]; // API version for xDS transport protocol. This describes the xDS gRPC/REST // endpoint and version of [Delta]DiscoveryRequest/Response used on the wire. ApiVersion transport_api_version = 8 [(validate.rules).enum = {defined_only: true}]; // Cluster names should be used only with REST. If > 1 // cluster is defined, clusters will be cycled through if any kind of failure // occurs. // // .. note:: // // The cluster with name ``cluster_name`` must be statically defined and its // type must not be ``EDS``. repeated string cluster_names = 2; // Multiple gRPC services be provided for GRPC. If > 1 cluster is defined, // services will be cycled through if any kind of failure occurs. repeated GrpcService grpc_services = 4; // For REST APIs, the delay between successive polls. google.protobuf.Duration refresh_delay = 3; // For REST APIs, the request timeout. If not set, a default value of 1s will be used. google.protobuf.Duration request_timeout = 5 [(validate.rules).duration = {gt {}}]; // For GRPC APIs, the rate limit settings. If present, discovery requests made by Envoy will be // rate limited. RateLimitSettings rate_limit_settings = 6; // Skip the node identifier in subsequent discovery requests for streaming gRPC config types. bool set_node_on_first_message_only = 7; // A list of config validators that will be executed when a new update is // received from the ApiConfigSource. Note that each validator handles a // specific xDS service type, and only the validators corresponding to the // type url (in ``:ref: DiscoveryResponse`` or ``:ref: DeltaDiscoveryResponse``) // will be invoked. // If the validator returns false or throws an exception, the config will be rejected by // the client, and a NACK will be sent. // [#extension-category: envoy.config.validators] repeated TypedExtensionConfig config_validators = 9; } // Aggregated Discovery Service (ADS) options. This is currently empty, but when // set in :ref:`ConfigSource ` can be used to // specify that ADS is to be used. message AggregatedConfigSource { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.AggregatedConfigSource"; } // [#not-implemented-hide:] // Self-referencing config source options. This is currently empty, but when // set in :ref:`ConfigSource ` can be used to // specify that other data can be obtained from the same server. message SelfConfigSource { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.SelfConfigSource"; // API version for xDS transport protocol. This describes the xDS gRPC/REST // endpoint and version of [Delta]DiscoveryRequest/Response used on the wire. ApiVersion transport_api_version = 1 [(validate.rules).enum = {defined_only: true}]; } // Rate Limit settings to be applied for discovery requests made by Envoy. message RateLimitSettings { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.RateLimitSettings"; // Maximum number of tokens to be used for rate limiting discovery request calls. If not set, a // default value of 100 will be used. google.protobuf.UInt32Value max_tokens = 1; // Rate at which tokens will be filled per second. If not set, a default fill rate of 10 tokens // per second will be used. google.protobuf.DoubleValue fill_rate = 2 [(validate.rules).double = {gt: 0.0}]; } // Local filesystem path configuration source. message PathConfigSource { // Path on the filesystem to source and watch for configuration updates. // When sourcing configuration for a :ref:`secret `, // the certificate and key files are also watched for updates. // // .. note:: // // The path to the source must exist at config load time. // // .. note:: // // If ``watched_directory`` is *not* configured, Envoy will watch the file path for *moves*. // This is because in general only moves are atomic. The same method of swapping files as is // demonstrated in the :ref:`runtime documentation ` can be // used here also. If ``watched_directory`` is configured, no watch will be placed directly on // this path. Instead, the configured ``watched_directory`` will be used to trigger reloads of // this path. This is required in certain deployment scenarios. See below for more information. string path = 1 [(validate.rules).string = {min_len: 1}]; // If configured, this directory will be watched for *moves*. When an entry in this directory is // moved to, the ``path`` will be reloaded. This is required in certain deployment scenarios. // // Specifically, if trying to load an xDS resource using a // `Kubernetes ConfigMap `_, the // following configuration might be used: // 1. Store xds.yaml inside a ConfigMap. // 2. Mount the ConfigMap to ``/config_map/xds`` // 3. Configure path ``/config_map/xds/xds.yaml`` // 4. Configure watched directory ``/config_map/xds`` // // The above configuration will ensure that Envoy watches the owning directory for moves which is // required due to how Kubernetes manages ConfigMap symbolic links during atomic updates. WatchedDirectory watched_directory = 2; } // Configuration for :ref:`listeners `, :ref:`clusters // `, :ref:`routes // `, :ref:`endpoints // ` etc. may either be sourced from the // filesystem or from an xDS API source. Filesystem configs are watched with // inotify for updates. // [#next-free-field: 9] message ConfigSource { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.ConfigSource"; // Authorities that this config source may be used for. An authority specified in a xdstp:// URL // is resolved to a ``ConfigSource`` prior to configuration fetch. This field provides the // association between authority name and configuration source. // [#not-implemented-hide:] repeated xds.core.v3.Authority authorities = 7; oneof config_source_specifier { option (validate.required) = true; // Deprecated in favor of ``path_config_source``. Use that field instead. string path = 1 [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; // Local filesystem path configuration source. PathConfigSource path_config_source = 8; // API configuration source. ApiConfigSource api_config_source = 2; // When set, ADS will be used to fetch resources. The ADS API configuration // source in the bootstrap configuration is used. AggregatedConfigSource ads = 3; // [#not-implemented-hide:] // When set, the client will access the resources from the same server it got the // ConfigSource from, although not necessarily from the same stream. This is similar to the // :ref:`ads` field, except that the client may use a // different stream to the same server. As a result, this field can be used for things // like LRS that cannot be sent on an ADS stream. It can also be used to link from (e.g.) // LDS to RDS on the same server without requiring the management server to know its name // or required credentials. // [#next-major-version: In xDS v3, consider replacing the ads field with this one, since // this field can implicitly mean to use the same stream in the case where the ConfigSource // is provided via ADS and the specified data can also be obtained via ADS.] SelfConfigSource self = 5; } // When this timeout is specified, Envoy will wait no longer than the specified time for first // config response on this xDS subscription during the :ref:`initialization process // `. After reaching the timeout, Envoy will move to the next // initialization phase, even if the first config is not delivered yet. The timer is activated // when the xDS API subscription starts, and is disarmed on first config update or on error. 0 // means no timeout - Envoy will wait indefinitely for the first xDS config (unless another // timeout applies). The default is 15s. google.protobuf.Duration initial_fetch_timeout = 4; // API version for xDS resources. This implies the type URLs that the client // will request for resources and the resource type that the client will in // turn expect to be delivered. ApiVersion resource_api_version = 6 [(validate.rules).enum = {defined_only: true}]; } // Configuration source specifier for a late-bound extension configuration. The // parent resource is warmed until all the initial extension configurations are // received, unless the flag to apply the default configuration is set. // Subsequent extension updates are atomic on a per-worker basis. Once an // extension configuration is applied to a request or a connection, it remains // constant for the duration of processing. If the initial delivery of the // extension configuration fails, due to a timeout for example, the optional // default configuration is applied. Without a default configuration, the // extension is disabled, until an extension configuration is received. The // behavior of a disabled extension depends on the context. For example, a // filter chain with a disabled extension filter rejects all incoming streams. message ExtensionConfigSource { ConfigSource config_source = 1 [(validate.rules).any = {required: true}]; // Optional default configuration to use as the initial configuration if // there is a failure to receive the initial extension configuration or if // ``apply_default_config_without_warming`` flag is set. google.protobuf.Any default_config = 2; // Use the default config as the initial configuration without warming and // waiting for the first discovery response. Requires the default configuration // to be supplied. bool apply_default_config_without_warming = 3; // A set of permitted extension type URLs. Extension configuration updates are rejected // if they do not match any type URL in the set. repeated string type_urls = 4 [(validate.rules).repeated = {min_items: 1}]; }