[READ ONLY MIRROR] Envoy REST/proto API definitions and documentation. (grpc依赖)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

146 lines
5.6 KiB

// This is heavily derived from
// https://lyft.github.io/envoy/docs/configuration/listeners/listeners.html
// The v2 gRPC API differences are tagged with [V2-API-DIFF].
syntax = "proto3";
package envoy.api.v2;
import "api/address.proto";
import "api/base.proto";
import "api/tls_context.proto";
import "google/api/annotations.proto";
import "google/protobuf/struct.proto";
import "google/protobuf/wrappers.proto";
// The Envoy instance initiates an RPC at startup to discover a list of
// listeners. Updates are delivered via streaming from the LDS server and
// consist of a complete update of all listeners. Existing connections will be
// allowed to drain from listeners that are no longer present.
service ListenerDiscoveryService {
rpc StreamListeners(ListenerDiscoveryRequest) returns
(stream ListenerDiscoverResponse) {}
rpc FetchListeners(ListenerDiscoveryRequest)
returns (ListenerDiscoverResponse) {
option (google.api.http) = {
post: "/v2/discovery:listeners"
body: "*"
};
}
}
message ListenerDiscoveryRequest {
Node node = 1;
}
message ListenerDiscoverResponse {
repeated Listener listeners = 1;
}
message Filter {
// The type of filter to instantiate. Most filters implement a specific type,
// though it is theoretically possible for a filter to be written such that it
// can operate in multiple modes. Supported types are read, write, and both.
enum Type {
BOTH = 0;
READ = 1;
WRITE = 2;
}
Type type = 1;
// The name of the filter to instantiate. The name must match a supported
// filter.
string name = 2;
// Filter specific configuration which depends on the filter being
// instantiated. See the supported filters for further documentation.
google.protobuf.Struct config = 3;
}
// Specifies the match criteria for selecting a specific filter chain for a
// listener [V2-API-DIFF].
message FilterChainMatch {
// If non-empty, the SNI domains to consider. May contain a wildcard prefix,
// e.g. *.example.com.
repeated string sni_domains = 1;
// If non-empty, an IP address and prefix length to match addresses when the
// listener is bound to 0.0.0.0/:: or when use_original_dst is specified.
message CidrRange {
string address_prefix = 1;
google.protobuf.UInt32Value prefix_len = 2;
}
repeated CidrRange prefix_ranges = 3;
// If non-empty, an IP address and suffix length to match addresses when the
// listener is bound to 0.0.0.0/:: or when use_original_dst is specified.
string address_suffix = 4;
google.protobuf.UInt32Value suffix_len = 5;
// The criteria is satisfied if the source IP address of the downstream
// connection is contained in at least one of the specified subnets. If the
// parameter is not specified or the list is empty, the source IP address is
// ignored.
repeated CidrRange source_prefix_ranges = 6;
// The criteria is satisfied if the source port of the downstream connection
// is contained in at least one of the specified ports. If the parameter is
// not specified, the source port is ignored.
repeated google.protobuf.UInt32Value source_ports = 7;
}
// Grouping of FilterChainMatch criteria, DownstreamTlsContext, the actual filter chain
// and related parameters.
message FilterChain {
FilterChainMatch filter_chain_match = 1;
DownstreamTlsContext tls_context = 2;
// A list of individual network filters that make up the filter chain for
// connections established with the listener. Order matters as the filters are
// processed sequentially as connection events happen. Note: If the filter
// list is empty, the connection will close by default.
repeated Filter filter_chain = 3;
// Whether the listener should expect a PROXY protocol V1 header on new
// connections. If this option is enabled, the listener will assume that that
// remote address of the connection is the one specified in the header. Some
// load balancers including the AWS ELB support this option. If the option is
// absent or set to false, Envoy will use the physical peer address of the
// connection as the remote address.
google.protobuf.BoolValue use_proxy_proto = 4;
// See base.Metadata description.
Metadata metadata = 5;
}
message Listener {
// The address that the listener should listen on.
UnresolvedAddress address = 1;
// A list of filter chains to consider for this listener. The FilterChain with
// the most specific FilterChainMatch criteria is used on a connection. The
// algorithm works as follows:
// 1. If SNI information is presented at connection time, only the
// FilterChains matching the SNI are considered. Otherwise, only
// FilterChains with no SNI domains are considered.
// 2. Of the FilterChains from step 1, the longest prefix match on the
// bound destination address is used to select the next set of
// FilterChains. This may be one FilterChain or multiple if there is
// a tie.
// 3. The longest suffix match on the bound destination address is used to
// select the FilterChain from step 2 that is used.
repeated FilterChain filter_chains = 2;
// If a connection is redirected using iptables, the port on which the proxy
// receives it might be different from the original destination port. When
// this flag is set to true, the listener uses the original destination
// address and port during FilterChain matching. Default is false.
google.protobuf.BoolValue use_original_dst = 3;
// Soft limit on size of the listener’s new connection read and write buffers.
// If unspecified, an implementation defined default is applied (1MiB).
google.protobuf.UInt32Value per_connection_buffer_limit_bytes = 4;
// See base.Metadata description.
Metadata metadata = 5;
}