Google Git
Sign in
apache / dubbo-go-pixiu / de9f1befd6a6e38513ea5e704a5488ed608df7d5 / . / pilot / pkg / xds / filters / filters.go
blob: 557151d86a7bed24e1ab83dad325df73433e0e60 [file] [log] [blame]
// Copyright Istio Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package filters
import (
cluster "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"
core "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
listener "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3"
route "github.com/envoyproxy/go-control-plane/envoy/config/route/v3"
cors "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/cors/v3"
fault "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/fault/v3"
grpcstats "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/grpc_stats/v3"
grpcweb "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/grpc_web/v3"
router "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/router/v3"
httpwasm "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/wasm/v3"
httpinspector "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/listener/http_inspector/v3"
originaldst "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/listener/original_dst/v3"
originalsrc "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/listener/original_src/v3"
tlsinspector "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/listener/tls_inspector/v3"
hcm "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3"
previoushost "github.com/envoyproxy/go-control-plane/envoy/extensions/retry/host/previous_hosts/v3"
rawbuffer "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/raw_buffer/v3"
wasm "github.com/envoyproxy/go-control-plane/envoy/extensions/wasm/v3"
"github.com/envoyproxy/go-control-plane/pkg/wellknown"
"google.golang.org/protobuf/types/known/wrapperspb"
alpn "istio.io/api/envoy/config/filter/http/alpn/v2alpha1"
"istio.io/api/envoy/config/filter/network/metadata_exchange"
)
import (
"github.com/apache/dubbo-go-pixiu/pilot/pkg/model"
"github.com/apache/dubbo-go-pixiu/pilot/pkg/networking/util"
)
const (
// Alpn HTTP filter name which will override the ALPN for upstream TLS connection.
AlpnFilterName = "istio.alpn"
TLSTransportProtocol = "tls"
RawBufferTransportProtocol = "raw_buffer"
MxFilterName = "istio.metadata_exchange"
)
// Define static filters to be reused across the codebase. This avoids duplicate marshaling/unmarshaling
// This should not be used for filters that will be mutated
var (
RetryPreviousHosts = &route.RetryPolicy_RetryHostPredicate{
Name: "envoy.retry_host_predicates.previous_hosts",
ConfigType: &route.RetryPolicy_RetryHostPredicate_TypedConfig{
TypedConfig: util.MessageToAny(&previoushost.PreviousHostsPredicate{}),
},
}
RawBufferTransportSocket = &core.TransportSocket{
Name: util.EnvoyRawBufferSocketName,
ConfigType: &core.TransportSocket_TypedConfig{
TypedConfig: util.MessageToAny(&rawbuffer.RawBuffer{}),
},
}
Cors = &hcm.HttpFilter{
Name: wellknown.CORS,
ConfigType: &hcm.HttpFilter_TypedConfig{
TypedConfig: util.MessageToAny(&cors.Cors{}),
},
}
Fault = &hcm.HttpFilter{
Name: wellknown.Fault,
ConfigType: &hcm.HttpFilter_TypedConfig{
TypedConfig: util.MessageToAny(&fault.HTTPFault{}),
},
}
Router = &hcm.HttpFilter{
Name: wellknown.Router,
ConfigType: &hcm.HttpFilter_TypedConfig{
TypedConfig: util.MessageToAny(&router.Router{}),
},
}
GrpcWeb = &hcm.HttpFilter{
Name: wellknown.GRPCWeb,
ConfigType: &hcm.HttpFilter_TypedConfig{
TypedConfig: util.MessageToAny(&grpcweb.GrpcWeb{}),
},
}
GrpcStats = &hcm.HttpFilter{
Name: wellknown.HTTPGRPCStats,
ConfigType: &hcm.HttpFilter_TypedConfig{
TypedConfig: util.MessageToAny(&grpcstats.FilterConfig{
EmitFilterState: true,
PerMethodStatSpecifier: &grpcstats.FilterConfig_StatsForAllMethods{
StatsForAllMethods: &wrapperspb.BoolValue{Value: false},
},
}),
},
}
TLSInspector = &listener.ListenerFilter{
Name: wellknown.TlsInspector,
ConfigType: &listener.ListenerFilter_TypedConfig{
TypedConfig: util.MessageToAny(&tlsinspector.TlsInspector{}),
},
}
HTTPInspector = &listener.ListenerFilter{
Name: wellknown.HttpInspector,
ConfigType: &listener.ListenerFilter_TypedConfig{
TypedConfig: util.MessageToAny(&httpinspector.HttpInspector{}),
},
}
OriginalDestination = &listener.ListenerFilter{
Name: wellknown.OriginalDestination,
ConfigType: &listener.ListenerFilter_TypedConfig{
TypedConfig: util.MessageToAny(&originaldst.OriginalDst{}),
},
}
OriginalSrc = &listener.ListenerFilter{
Name: wellknown.OriginalSource,
ConfigType: &listener.ListenerFilter_TypedConfig{
TypedConfig: util.MessageToAny(&originalsrc.OriginalSrc{
Mark: 1337,
}),
},
}
Alpn = &hcm.HttpFilter{
Name: AlpnFilterName,
ConfigType: &hcm.HttpFilter_TypedConfig{
TypedConfig: util.MessageToAny(&alpn.FilterConfig{
AlpnOverride: []*alpn.FilterConfig_AlpnOverride{
{
UpstreamProtocol: alpn.FilterConfig_HTTP10,
AlpnOverride: mtlsHTTP10ALPN,
},
{
UpstreamProtocol: alpn.FilterConfig_HTTP11,
AlpnOverride: mtlsHTTP11ALPN,
},
{
UpstreamProtocol: alpn.FilterConfig_HTTP2,
AlpnOverride: mtlsHTTP2ALPN,
},
},
}),
},
}
tcpMx = util.MessageToAny(&metadata_exchange.MetadataExchange{Protocol: "istio-peer-exchange"})
TCPListenerMx = &listener.Filter{
Name: MxFilterName,
ConfigType: &listener.Filter_TypedConfig{TypedConfig: tcpMx},
}
TCPClusterMx = &cluster.Filter{
Name: MxFilterName,
TypedConfig: tcpMx,
}
HTTPMx = buildHTTPMxFilter()
)
func BuildRouterFilter(ctx *RouterFilterContext) *hcm.HttpFilter {
if ctx == nil {
return Router
}
return &hcm.HttpFilter{
Name: wellknown.Router,
ConfigType: &hcm.HttpFilter_TypedConfig{
TypedConfig: util.MessageToAny(&router.Router{
StartChildSpan: ctx.StartChildSpan,
}),
},
}
}
var (
// These ALPNs are injected in the client side by the ALPN filter.
// "istio" is added for each upstream protocol in order to make it
// backward compatible. e.g., 1.4 proxy -> 1.3 proxy.
// Non istio-* variants are added to ensure that traffic sent out of the mesh has a valid ALPN;
// ideally this would not be added, but because the override filter is in the HCM, rather than cluster,
// we do not yet know the upstream so we cannot determine if its in or out of the mesh
mtlsHTTP10ALPN = []string{"istio-http/1.0", "istio", "http/1.0"}
mtlsHTTP11ALPN = []string{"istio-http/1.1", "istio", "http/1.1"}
mtlsHTTP2ALPN = []string{"istio-h2", "istio", "h2"}
)
func buildHTTPMxFilter() *hcm.HttpFilter {
httpMxConfigProto := &httpwasm.Wasm{
Config: &wasm.PluginConfig{
Vm: model.ConstructVMConfig("/etc/istio/extensions/metadata-exchange-filter.compiled.wasm", "envoy.wasm.metadata_exchange"),
Configuration: util.MessageToAny(&metadata_exchange.MetadataExchange{}),
},
}
return &hcm.HttpFilter{
Name: MxFilterName,
ConfigType: &hcm.HttpFilter_TypedConfig{TypedConfig: util.MessageToAny(httpMxConfigProto)},
}
}