http_11_proxy: Allow for configuration via endpoint metadata (#35486)

Previously the only way to configure the HTTP/1.1 proxy transport socket was by adding information to the streamInfo metadata via an intermediate filter. This patch adds the ability to configure proxy addresses using endpoint or locality metadata. The metadata key is `envoy.http11_proxy_transport_socket.proxy_address`. Configuration can be set in the metadata associated with `LocalityLbEndpoints`. The metadata associated with each individual endpoint overrides this value and the original method of configuration (filter state metadata) takes precedence above all. The format of the value must be a valid `config::core::v3::Address`. Risk Level: Low. Alpha feature. Testing: Unit test. Docs Changes: Done. Release Notes: Done. --------- Signed-off-by: Tony Allen <txallen@google.com> Mirrored from https://github.com/envoyproxy/envoy @ 03561251fbc50e9d16b35e02ae6032e073c16430
4 months ago · 5a391bdc8f
parent ec2b071597
commit 5a391bdc8f
1 changed files with 22 additions and 11 deletions
--- a/envoy/extensions/transport_sockets/http_11_proxy/v3/upstream_http_11_connect.proto
+++ b/envoy/extensions/transport_sockets/http_11_proxy/v3/upstream_http_11_connect.proto
@ -16,20 +16,31 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE;
 // [#protodoc-title: Upstream HTTP/1.1 Proxy]
 // [#extension: envoy.transport_sockets.http_11_proxy]

-// Configuration for HTTP/1.1 proxy transport sockets.
-// This is intended for use in Envoy Mobile, though may eventually be extended
-// for upstream Envoy use.
-// If this transport socket is configured, and an intermediate filter adds the
-// stream info necessary for proxying to the stream info (as the test filter
-// does :repo:`here <test/integration/filters/header_to_proxy_filter.cc>`) then
+// The HTTP/1.1 proxy transport socket opens an upstream connection to a specified proxy address
+// rather than the target host's address. If this transport socket is configured and proxy
+// information is configured, then:
 //
-// * Upstream connections will be directed to the specified proxy address rather
-//   than the host's address
-// * Upstream TLS connections will have a raw HTTP/1.1 CONNECT header prefaced
-//   to the payload, and 200 response stripped (if less than 200 bytes)
+// * Upstream connections to the proxy address will have a raw HTTP/1.1 CONNECT header prefaced to
+//   the payload, and 200 response stripped (if less than 200 bytes).
 // * Plaintext HTTP/1.1 connections will be sent with a fully qualified URL.
 //
-// This transport socket is not compatible with HTTP/3, plaintext HTTP/2, or raw TCP.
+// There are two primary ways to configure proxy information:
+//
+// * An intermediate filter adds the stream info necessary for proxying to the stream info (as the
+//   test filter does :repo:`here <test/integration/filters/header_to_proxy_filter.cc>`).
+// * Setting the "typed_filter_metadata" in :ref:`LbEndpoint.Metadata <envoy_v3_api_field_config.endpoint.v3.lbendpoint.metadata>`
+//   or :ref:`LocalityLbEndpoints.Metadata
+//   <envoy_v3_api_field_config.endpoint.v3.LocalityLbEndpoints.metadata>` using the key
+//   "envoy.http11_proxy_transport_socket.proxy_address" and the proxy address in
+//   config::core::v3::Address format.
+//
+// Some important notes regarding this transport socket:
+//
+// * Configuration via stream info (as opposed to endpoint/locality metadata) will only proxy TLS
+//   connections to the proxy address on port 443. This is to maintain the original behavior of the
+//   transport socket when using this method of configuration.
+// * The transport socket is not compatible with HTTP/3 or plaintext HTTP/2.
+//
 message Http11ProxyUpstreamTransport {
  // The underlying transport socket being wrapped.
  config.core.v3.TransportSocket transport_socket = 1 [(validate.rules).message = {required: true}];