[READ ONLY MIRROR] Envoy REST/proto API definitions and documentation. (grpc依赖)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

575 lines
25 KiB

// This is heavily derived from
// https://lyft.github.io/envoy/docs/configuration/http_conn_man/route_config/route_config.html#config-http-conn-man-route-table.
// The v2 gRPC API differences are tagged with [V2-API-DIFF].
syntax = "proto3";
package envoy.api.v2;
import "api/auth.proto";
import "api/base.proto";
import "api/discovery.proto";
import "google/api/annotations.proto";
import "google/protobuf/duration.proto";
import "google/protobuf/wrappers.proto";
// The resource_names field in DiscoveryRequest specifies a route configuration.
// This allows an Envoy configuration with multiple HTTP listeners (and
// associated HTTP connection manager filters) to use different route
// configurations. Each listener will bind its HTTP connection manager filter to
// a route table via this identifier.
service RouteDiscoveryService {
rpc StreamRoutes(stream DiscoveryRequest)
returns (stream DiscoveryResponse) {
}
rpc FetchRoutes(DiscoveryRequest)
returns (DiscoveryResponse) {
option (google.api.http) = {
post: "/v2/discovery:routes"
body: "*"
};
}
}
// Compared to the cluster field that specifies a single upstream cluster as the
// target of a request, the weighted_clusters option allows for specification of
// multiple upstream clusters along with weights that indicate the percentage of
// traffic to be forwarded to each cluster. The router selects an upstream
// cluster based on the weights.
message WeightedCluster {
message ClusterWeight {
// Name of the upstream cluster. The cluster must exist in the cluster
// manager configuration.
string name = 1;
// An integer between 0-100. When a request matches the route, the choice of
// an upstream cluster is determined by its weight. The sum of weights
// across all entries in the clusters array must add up to 100.
google.protobuf.UInt32Value weight = 2;
// Optional endpoint metadata match criteria. Only endpoints in the upstream
// cluster with metadata matching that set in metadata_match will be
// considered. The filter name should be specified as "envoy.lb".
Metadata metadata_match = 3;
}
// Specifies one or more upstream clusters associated with the route.
repeated ClusterWeight clusters = 1;
// Specifies the runtime key prefix that should be used to construct the
// runtime keys associated with each cluster. When the runtime_key_prefix is
// specified, the router will look for weights associated with each upstream
// cluster under the key runtime_key_prefix + "." + cluster[i].name where
// cluster[i] denotes an entry in the clusters array field. If the runtime
// key for the cluster does not exist, the value specified in the
// configuration file will be used as the default weight. See the runtime
// documentation for how key names map to the underlying implementation.
string runtime_key_prefix = 2;
}
message RouteMatch {
// A path specifier must be present.
oneof path_specifier {
// If specified, the route is a prefix rule meaning that the prefix must
// match the beginning of the :path header.
string prefix = 1;
// If specified, the route is an exact path rule meaning that the path must
// exactly match the :path header once the query string is removed.
string path = 2;
// If specified, the route is a regular expression match on the :path header
// once the query string is removed [V2-API-DIFF].
string regex = 3;
}
// Indicates that prefix/path matching should be case insensitive. The default
// is true.
google.protobuf.BoolValue case_sensitive = 4;
// Indicates that the route should additionally match on a runtime key. An
// integer between 0-100. Every time the route is considered for a match, a
// random number between 0-99 is selected. If the number is <= the value found
// in the key (checked first) or, if the key is not present, the default
// value, the route is a match (assuming everything also about the route
// matches).
// A runtime route configuration can be used to roll out route changes in a
// gradual manner without full code/config deploys. Refer to traffic shifting
// docs for additional documentation.
RuntimeUInt32 runtime = 5;
// Specifies a set of headers that the route should match on. The router will
// check the request’s headers against all the specified headers in the route
// config. A match will happen if all the headers in the route are present in
// the request with the same values (or based on presence if the value field
// is not in the config).
repeated HeaderMatcher headers = 6;
}
message CorsPolicy {
// Specifies the origins that will be allowed to do CORS requests.
repeated string allow_origin = 1;
// Specifies the content for the access-control-allow-methods header.
string allow_methods = 2;
// Specifies the content for the access-control-allow-headers header.
string allow_headers = 3;
// Specifies the content for the access-control-expose-headers header.
string expose_headers = 4;
// Specifies the content for the access-control-max-age header.
string max_age = 5;
// Specifies whether the resource allows credentials.
google.protobuf.BoolValue allow_credentials = 6;
// Specifies if CORS is enabled. Defaults to true. Only effective on route.
google.protobuf.BoolValue enabled = 7;
}
message RouteAction {
oneof cluster_specifier {
// Indicates the upstream cluster to which the request should be routed
// to.
string cluster = 1;
// Envoy will determine the cluster to route to by reading the value of the
// HTTP header named by cluster_header from the request headers. If the
// header is not found or the referenced cluster does not exist, Envoy will
// return a 404 response.
string cluster_header = 2;
// Multiple upstream clusters can be specified for a given route. The
// request is routed to one of the upstream clusters based on weights
// assigned to each cluster. See traffic splitting for additional
// documentation.
WeightedCluster weighted_clusters = 3;
}
// Optional endpoint metadata match criteria. Only endpoints in the upstream
// cluster with metadata matching that set in metadata_match will be
// considered. The filter name should be specified as "envoy.lb".
Metadata metadata_match = 4;
// Indicates that during forwarding, the matched prefix (or path) should be
// swapped with this value. This option allows application URLs to be rooted
// at a different path from those exposed at the reverse proxy layer.
string prefix_rewrite = 5;
oneof host_rewrite_specifier {
// Indicates that during forwarding, the host header will be swapped with
// this value.
string host_rewrite = 6;
// Indicates that during forwarding, the host header will be swapped with
// the hostname of the upstream host chosen by the cluster manager. This
// option is applicable only when the destination cluster for a route is of
// type strict_dns or logical_dns. Setting this to true with other cluster
// types has no effect.
google.protobuf.BoolValue auto_host_rewrite = 7;
}
// Specifies the timeout for the route. If not specified, the default is 15s.
// Note that this timeout includes all retries. See also
// x-envoy-upstream-rq-timeout-ms, x-envoy-upstream-rq-per-try-timeout-ms, and
// the retry overview.
google.protobuf.Duration timeout = 8;
message RetryPolicy {
// Specifies the conditions under which retry takes place. These are the
// same conditions documented for x-envoy-retry-on.
string retry_on = 1;
// Specifies the allowed number of retries. This parameter is optional and
// defaults to 1. These are the same conditions documented for
// x-envoy-max-retries.
google.protobuf.UInt32Value num_retries = 2;
// Specifies a non-zero timeout per retry attempt. This parameter is
// optional. The same conditions documented for
// x-envoy-upstream-rq-per-try-timeout-ms apply.
google.protobuf.Duration per_try_timeout = 3;
}
// Indicates that the route has a retry policy.
RetryPolicy retry_policy = 9;
// Indicates that the route has a request mirroring policy.
message RequestMirrorPolicy {
// Specifies the cluster that requests will be mirrored to. The cluster must
// exist in the cluster manager configuration.
string cluster = 1;
// If not specified, all requests to the target cluster will be mirrored. If
// specified, Envoy will lookup the runtime key to get the % of requests to
// mirror. Valid values are from 0 to 10000, allowing for increments of
// 0.01% of requests to be mirrored. If the runtime key is specified in the
// configuration but not present in runtime, 0 is the default and thus 0% of
// requests will be mirrored.
string runtime_key = 2;
}
RequestMirrorPolicy request_mirror_policy = 10;
RoutingPriority priority = 11;
// Specifies a set of headers that will be added to requests matching this
// route. Headers specified at this level are applied before headers from the
// enclosing VirtualHost and RouteConfiguration.
repeated HeaderValueOption request_headers_to_add = 12;
// Specifies a set of headers that will be added to responses to requests
// matching this route. Headers specified at this level are applied before
// headers from the enclosing VirtualHost and RouteConfiguration.
repeated HeaderValueOption response_headers_to_add = 18;
// Specifies a list of HTTP headers that should be removed from each response
// to requests matching this route.
repeated string response_headers_to_remove = 19;
// Specifies a set of rate limit configurations that could be applied to the
// route.
repeated RateLimit rate_limits = 13;
// Specifies if the rate limit filter should include the virtual host rate
// limits. By default, if the route configured rate limits, the virtual host
// rate_limits are not applied to the request.
google.protobuf.BoolValue include_vh_rate_limits = 14;
message HashPolicy {
// [V2-API-DIFF] We expect additional hash policies in the future, e.g.
// cookie based, originating IP, etc.
message Header {
// The name of the request header that will be used to obtain the hash
// key. If the request header is not present, no hash will be produced.
string header_name = 1;
}
// Envoy supports two types of cookie affinity:
//
// 1. Passive. Envoy takes a cookie that's present in the cookies header and
// hashes on its value.
//
// 2. Generated. Envoy generates and sets a cookie with an expiration (TTL)
// on the first request from the client in its response to the client,
// based on the endpoint the request gets sent to. The client then
// presents this on the next and all subsequent requests. The hash of
// this is sufficient to ensure these requests get sent to the same
// endpoint. The cookie is generated by hashing the source and
// destination ports and addresses so that multiple independent HTTP2
// streams on the same connection will independently receive the same
// cookie, even if they arrive at the Envoy simultaneously.
message Cookie {
// The name of the cookie that will be used to obtain the hash key. If the
// cookie is not present and ttl below is not set, no hash will be
// produced.
string name = 1;
// If specified, a cookie with the TTL will be generated if the cookie is
// not present.
google.protobuf.Duration ttl = 2;
}
message ConnectionProperties {
// Hash on source IP address.
bool source_ip = 1;
}
oneof policy_specifier {
Header header = 1;
Cookie cookie = 2;
ConnectionProperties connection_properties = 3;
}
}
// Specifies a list of hash policies to use for ring hash load balancing. Each
// hash policy is evaluated individually and the combined result is used to
// route the request. The method of combination is deterministic such that
// identical lists of hash policies will produce the same hash. Since a hash
// policy examines specific parts of a request, it can fail to produce a hash
// (i.e. if the hashed header is not present). If (and only if) all configured
// hash policies fail to generate a hash, no hash will be produced for
// the route. In this case, the behavior is the same as if no hash policies
// were specified (i.e. the ring hash load balancer will choose a random
// backend).
repeated HashPolicy hash_policy = 15;
// Indicates that a HTTP/1.1 client connection to this particular route
// should be allowed (and expected) to upgrade to a WebSocket connection. The
// default is false.
//
// Attention
//
// If set to true, Envoy will expect the first request matching this route to
// contain WebSocket upgrade headers. If the headers are not present, the
// connection will be rejected. If set to true, Envoy will setup plain TCP
// proxying between the client and the upstream server. Hence, an upstream
// server that rejects the WebSocket upgrade request is also responsible for
// closing the associated connection. Until then, Envoy will continue to
// proxy data from the client to the upstream server.
//
// Redirects, timeouts and retries are not supported on routes where
// websocket upgrades are allowed.
google.protobuf.BoolValue use_websocket = 16;
// Indicates that the route has a CORS policy.
CorsPolicy cors = 17;
}
message RedirectAction {
// The host portion of the URL will be swapped with this value.
string host_redirect = 1;
// The path portion of the URL will be swapped with this value.
string path_redirect = 2;
enum RedirectResponseCode {
// Moved Permanently HTTP Status Code - 301.
MOVED_PERMANENTLY = 0;
// Found HTTP Status Code - 302.
FOUND = 1;
// See Other HTTP Status Code - 303.
SEE_OTHER = 2;
// Temporary Redirect HTTP Status Code - 307.
TEMPORARY_REDIRECT = 3;
// Permanent Redirect HTTP Status Code - 308.
PERMANENT_REDIRECT = 4;
}
// The HTTP status code to use in the redirect response. The default response
// code is MOVED_PERMANENTLY (301).
RedirectResponseCode response_code = 3;
}
message Decorator {
// The operation (or span name) to be used for the matched route.
string operation = 1;
}
// The match/action distinction in Route is surfaced explicitly in the v2 API
// [V2-API-DIFF].
message Route {
RouteMatch match = 1;
oneof action {
// Route request to some upstream cluster.
RouteAction route = 2;
// Return a 302 redirect.
RedirectAction redirect = 3;
}
// See base.Metadata description for message structure. The Metadata field
// can be used to provide the Router filter additional information
// about the Route. It can be used for configuration, stats, and logging.
// The metadata should go under the filter namespace that will need it.
// For instance, if the metadata is intended for the Router filter,
// the filter name should be specified as "envoy.router".
Metadata metadata = 4;
// Decorator for matched route.
Decorator decorator = 5;
// Return a 401/403 when auth checks fail.
// [V2-API-DIFF] new in v2.
AuthAction auth = 6;
}
// A virtual cluster is a way of specifying a regex matching rule against
// certain important endpoints such that statistics are generated explicitly for
// the matched requests. The reason this is useful is that when doing
// prefix/path matching Envoy does not always know what the application
// considers to be an endpoint. Thus, it’s impossible for Envoy to generically
// emit per endpoint statistics. However, often systems have highly critical
// endpoints that they wish to get “perfect” statistics on. Virtual cluster
// statistics are perfect in the sense that they are emitted on the downstream
// side such that they include network level failures.
message VirtualCluster {
// Specifies a regex pattern to use for matching requests.
string pattern = 1;
// Specifies the name of the virtual cluster. The virtual cluster name as well
// as the virtual host name are used when emitting statistics.
string name = 2;
// Optionally specifies the HTTP method to match on. For example GET, PUT,
// etc.
RequestMethod method = 3;
}
// See
// https://lyft.github.io/envoy/docs/configuration/http_conn_man/route_config/rate_limits.html
message RateLimit {
// Refers to the stage set in the filter. The rate limit configuration only
// applies to filters with the same stage number. The default stage number is
// 0.
// NOTE: The filter supports a range of 0 - 10 inclusively for stage numbers.
google.protobuf.UInt32Value stage = 1;
// The key to be set in runtime to disable this rate limit configuration.
string disable_key = 2;
message Action {
// The following descriptor entry is appended to the descriptor:
// ("source_cluster", "<local service cluster>")
message SourceCluster {
}
// The following descriptor entry is appended to the descriptor:
// ("destination_cluster", "<routed target cluster>")
message DestinationCluster {
}
// The following descriptor entry is appended when a header contains a key
// that matches the header_name:
// ("<descriptor_key>", "<header_value_queried_from_header>")
message RequestHeaders {
// The header name to be queried from the request headers. The header’s
// value is used to populate the value of the descriptor entry for the
// descriptor_key.
string header_name = 1;
// The key to use in the descriptor entry.
string descriptor_key = 2;
}
// The following descriptor entry is appended to the descriptor and is
// populated using the trusted address from x-forwarded-for:
// ("remote_address", "<trusted address from x-forwarded-for>")
message RemoteAddress {
}
// The following descriptor entry is appended to the descriptor:
// ("generic_key", "<descriptor_value>")
message GenericKey {
// The value to use in the descriptor entry.
string descriptor_value = 1;
}
// The following descriptor entry is appended to the descriptor:
// (“header_match”, “<descriptor_value>”)
message HeaderValueMatch {
// The value to use in the descriptor entry.
string descriptor_value = 1;
// If set to true, the action will append a descriptor entry when the
// request matches the headers. If set to false, the action will append a
// descriptor entry when the request does not match the headers. The
// default value is true.
google.protobuf.BoolValue expect_match = 2;
// Specifies a set of headers that the rate limit action should match
// on. The action will check the request’s headers against all the
// specified headers in the config. A match will happen if all the
// headers in the config are present in the request with the same values
// (or based on presence if the value field is not in the config).
repeated HeaderMatcher headers = 3;
}
oneof action_specifier {
SourceCluster source_cluster = 1;
DestinationCluster destination_cluster = 2;
RequestHeaders request_headers = 3;
RemoteAddress remote_address = 4;
GenericKey generic_key = 5;
HeaderValueMatch header_value_match = 6;
}
}
// A list of actions that are to be applied for this rate limit configuration.
// Order matters as the actions are processed sequentially and the descriptor
// is composed by appending descriptor entries in that sequence. If an action
// cannot append a descriptor entry, no descriptor is generated for the
// configuration. See composing actions for additional documentation.
repeated Action actions = 3;
}
message HeaderMatcher {
// Specifies the name of the header in the request.
string name = 1;
// Specifies the value of the header. If the value is absent a request that
// has the name header will match, regardless of the header’s value.
string value = 2;
// Specifies whether the header value is a regular expression or not.
// Defaults to false.
google.protobuf.BoolValue regex = 3;
}
message VirtualHost {
// The logical name of the virtual host. This is used when emitting certain
// statistics but is not relevant for routing.
string name = 1;
// A list of domains (host/authority header) that will be matched to this
// virtual host. Wildcard hosts are supported in the form of “*.foo.com” or
// “*-bar.foo.com”. Note that the wildcard will not match the empty string.
// e.g. “*-bar.foo.com” will match “baz-bar.foo.com” but not “-bar.foo.com”.
// Additionally, a special entry “*” is allowed which will match any
// host/authority header. Only a single virtual host in the entire route
// configuration can match on “*”. A domain must be unique across all virtual
// hosts or the config will fail to load.
repeated string domains = 2;
// The list of routes that will be matched, in order, for incoming requests.
// The first route that matches will be used.
repeated Route routes = 3;
enum TlsRequirementType {
// No TLS requirement for the virtual host.
NONE = 0;
// External requests must use TLS. If a request is external and it is not
// using TLS, a 301 redirect will be sent telling the client to use HTTPS.
EXTERNAL_ONLY = 1;
// All requests must use TLS. If a request is not using TLS, a 301 redirect
// will be sent telling the client to use HTTPS.
ALL = 2;
}
// Specifies the type of TLS enforcement the virtual host expects.
TlsRequirementType require_tls = 4;
// A list of virtual clusters defined for this virtual host. Virtual clusters
// are used for additional statistics gathering.
repeated VirtualCluster virtual_clusters = 5;
// Specifies a set of rate limit configurations that will be applied to the
// virtual host.
repeated RateLimit rate_limits = 6;
// Specifies a list of HTTP headers that should be added to each request
// handled by this virtual host. Headers specified at this level are applied
// after headers from enclosed RouteActions and before headers from the
// enclosing RouteConfiguration.
repeated HeaderValueOption request_headers_to_add = 7;
// Specifies a list of HTTP headers that should be added to each response
// handled by this virtual host. Headers specified at this level are applied
// after headers from enclosed RouteActions and before headers from the
// enclosing RouteConfiguration.
repeated HeaderValueOption response_headers_to_add = 10;
// Specifies a list of HTTP headers that should be removed from each response
// handle by this virtual host.
repeated string response_headers_to_remove = 11;
// Indicates that the virtual host has a CORS policy.
CorsPolicy cors = 8;
// Return a 401/403 when auth checks fail.
// [V2-API-DIFF] new in v2.
AuthAction auth = 9;
}
message RouteConfiguration {
// The name of the route configuration. For example, it might match the
// router_config_name in the HttpConnectionManager > route_specifier > rds
// message.
string name = 1;
// An array of virtual hosts that make up the route table.
repeated VirtualHost virtual_hosts = 2;
// Specifies a list of HTTP headers that the connection manager will consider
// to be internal only. If they are found on external requests they will be
// cleaned prior to filter invocation. See x-envoy-internal for more
// information.
repeated string internal_only_headers = 3;
// Specifies a list of HTTP headers that should be added to each response that
// the connection manager encodes. Headers specified at this level are applied
// after headers from any enclosed VirtualHost or RouteAction.
repeated HeaderValueOption response_headers_to_add = 4;
// Specifies a list of HTTP headers that should be removed from each response
// that the connection manager encodes.
repeated string response_headers_to_remove = 5;
// Specifies a list of HTTP headers that should be added to each request
// routed by the HTTP connection manager. Headers specified at this level are
// applied after headers from any enclosed VirtualHost or RouteAction.
repeated HeaderValueOption request_headers_to_add = 6;
// An optional boolean that specifies whether the clusters that the route
// table refers to will be validated by the cluster manager. If set to true
// and a route refers to a non-existent cluster, the route table will not
// load. If set to false and a route refers to a non-existent cluster, the
// route table will load and the router filter will return a 404 if the route
// is selected at runtime. This setting defaults to true if the route table
// is statically defined via the route_config option. This setting default to
// false if the route table is loaded dynamically via the rds option. Users
// may which to override the default behavior in certain cases (for example
// when using CDS with a static route table).
google.protobuf.BoolValue validate_clusters = 7;
}