Created new definitions in api_build_system.bzl that wrap
go_proto_library, go_grpc_library, and go_test. Changed rules in api/BUILD and
test/build/BUILD to use these new definitions. In the future these
definitions could be expanded upon for auto generation in api_proto_library.
Signed-off-by: Kyle Myerson <kmyerson@google.com>
Currently clusters can not open both HTTP1.1 and HTTP2 upstream
connections at the same time. When the new cluster option
"auto_http2" is set to "true", the cluster must open an HTTP2 upstream
connection if the downstream connection is HTTP2, and an HTTP1.1
upstream connection if the downstream connection is HTTP1.1. This option
is to have no effect if there is no corresponding downstream
connection.
This functionality removes the need to operate multiple clusters and
routing rules for them when the backends accept both HTTP1.1 and HTTP2
connections, and when the choice of the HTTP protocol is significant,
as with gRPC.
Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
We need to track statistics in a client neutral way, since the Google
gRPC client doesn't have upstream stats. This will allow us to track the
gRPC status returned by the remote (or inferred from events such as
client timeouts).
Signed-off-by: Harvey Tuch <htuch@google.com>
In support of https://github.com/envoyproxy/envoy/issues/2200 and some
Google internal needs, we are planning on adding support to Envoy to
allow a configuration (or possibly build) driven decision on whether to
using the existing Envoy in-built Grpc::AsyncClient or
the Google C++ gRPC client library (https://grpc.io/grpc/cpp/index.html).
To move in this direction, the idea is we have the xDS ApiConfigSources,
rate limit service config and other filter configurations point at a
GrpcService object. This can be configured to use an Envoy cluster,
where Grpc::AsyncClient will orchestrate communication, or to contain
the config needed to establish a channel in Google C++ gRPC client
library.
Signed-off-by: Harvey Tuch <htuch@google.com>
envoyproxy/envoy#2256 adds restrictions to the backing sources for xDS resources. This change documents those restrictions.
Signed-off-by: Jose Nino <jnino@lyft.com>
Add support for configuration of TCP, HTTP filters to support external authorization cluster.
The filter configuration references an external cluster which is expected to be running the grpc server that supports the service being defined by #296
Signed-off-by: Saurabh Mohan <saurabh+github@tigera.io>
1) Use Address instead of SocketAddress to account for UDS.
2) Rename/clarify/add both remote/local for downstream/upstream.
Signed-off-by: Matt Klein <mklein@lyft.com>
CertificateValidationContext.trusted_ca is not only for client
certificates, but also for server certs. Change the wording to "peer
certificates".
Also mention that verification is not enabled by default in docs for
UpstreamTlsContext.
Signed-off-by: Peter Schultz <peter.schultz@classmarkets.com>
This patch clarifies the relationship between the CLI flags for local
service configuration and the bootstrap node identifier, where these
concepts are also expressed.
Signed-off-by: Harvey Tuch <htuch@google.com>
These were lost in my backlog. Required a PGV fix for cross-package enum
validation to deal with the TODOs, see
https://github.com/lyft/protoc-gen-validate/issues/42.
Signed-off-by: Harvey Tuch <htuch@google.com>
To resolve https://github.com/envoyproxy/envoy/issues/2155, it seems
better to fix via docs than implementation. This is because we have a
choice of binding 0.0.0.0 or ::, and the current Envoy idiom is to make
the user be explicit rather than probe.
It's possible to use :: for both IPv4/v6, for example, in
certain environments where /proc/sys/net/ipv6/bindv6only is set to 0. We
could add support to Envoy and the API for IPV6_V6ONLY to override this,
but this is orthogonal to the above issue.
Signed-off-by: Harvey Tuch <htuch@google.com>
Taiki Ono
Hong Zhang
ramaraochavali
Jose Ulises Nino Rivera
Matt Rice
kmyerson
jrajahalme
htuch
mandarjog
Brian Pane
William Thurston
Matt Klein
Alexey Baranov
William Chang
Saurabh Mohan
Reuven Lazarus
Andrew Dunham
Yuval Kohavi
Piotr Sikora
Gabriel Sagula
Kuat
Peter Schultz
Lizan Zhou
Greg Greenway
alyssawilk