| /* |
| * Licensed to the Apache Software Foundation (ASF) under one or more |
| * contributor license agreements. See the NOTICE file distributed with |
| * this work for additional information regarding copyright ownership. |
| * The ASF licenses this file to You under the Apache License, Version 2.0 |
| * (the "License"); you may not use this file except in compliance with |
| * the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| package bootstrap |
| |
| import ( |
| "net" |
| "strconv" |
| "time" |
| ) |
| |
| import ( |
| "github.com/asaskevich/govalidator" |
| |
| envoy_accesslog_v3 "github.com/envoyproxy/go-control-plane/envoy/config/accesslog/v3" |
| envoy_bootstrap_v3 "github.com/envoyproxy/go-control-plane/envoy/config/bootstrap/v3" |
| envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" |
| envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" |
| envoy_config_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" |
| envoy_grpc_credentials_v3 "github.com/envoyproxy/go-control-plane/envoy/config/grpc_credential/v3" |
| envoy_metrics_v3 "github.com/envoyproxy/go-control-plane/envoy/config/metrics/v3" |
| envoy_overload_v3 "github.com/envoyproxy/go-control-plane/envoy/config/overload/v3" |
| access_loggers_file "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/file/v3" |
| regex_engines "github.com/envoyproxy/go-control-plane/envoy/extensions/regex_engines/v3" |
| resource_monitors_fixed_heap "github.com/envoyproxy/go-control-plane/envoy/extensions/resource_monitors/fixed_heap/v3" |
| envoy_tls "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" |
| envoy_type_matcher_v3 "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" |
| |
| "github.com/pkg/errors" |
| |
| "google.golang.org/protobuf/types/known/structpb" |
| ) |
| |
| import ( |
| "github.com/apache/dubbo-kubernetes/pkg/config/xds" |
| core_xds "github.com/apache/dubbo-kubernetes/pkg/core/xds" |
| util_proto "github.com/apache/dubbo-kubernetes/pkg/util/proto" |
| clusters_v3 "github.com/apache/dubbo-kubernetes/pkg/xds/envoy/clusters/v3" |
| ) |
| |
| var ( |
| adsClusterName = RegisterBootstrapCluster("ads_cluster") |
| accessLogSinkClusterName = RegisterBootstrapCluster("access_log_sink") |
| ) |
| |
| func RegisterBootstrapCluster(c string) string { |
| BootstrapClusters[c] = struct{}{} |
| return c |
| } |
| |
| var BootstrapClusters = map[string]struct{}{} |
| |
| func genConfig(parameters configParameters, proxyConfig xds.Proxy, enableReloadableTokens bool) (*envoy_bootstrap_v3.Bootstrap, error) { |
| staticClusters, err := buildStaticClusters(parameters, enableReloadableTokens) |
| if err != nil { |
| return nil, err |
| } |
| features := []interface{}{} |
| for _, feature := range parameters.Features { |
| features = append(features, feature) |
| } |
| |
| runtimeLayers := []*envoy_bootstrap_v3.RuntimeLayer{{ |
| Name: "kuma", |
| LayerSpecifier: &envoy_bootstrap_v3.RuntimeLayer_StaticLayer{ |
| StaticLayer: util_proto.MustStruct(map[string]interface{}{ |
| "re2.max_program_size.error_level": 4294967295, |
| "re2.max_program_size.warn_level": 1000, |
| }), |
| }, |
| }} |
| |
| if parameters.IsGatewayDataplane { |
| connections := proxyConfig.Gateway.GlobalDownstreamMaxConnections |
| if connections == 0 { |
| connections = 50000 |
| } |
| |
| runtimeLayers = append(runtimeLayers, |
| &envoy_bootstrap_v3.RuntimeLayer{ |
| Name: "gateway", |
| LayerSpecifier: &envoy_bootstrap_v3.RuntimeLayer_StaticLayer{ |
| StaticLayer: util_proto.MustStruct(map[string]interface{}{ |
| "overload.global_downstream_max_connections": connections, |
| }), |
| }, |
| }, |
| &envoy_bootstrap_v3.RuntimeLayer{ |
| Name: "gateway.listeners", |
| LayerSpecifier: &envoy_bootstrap_v3.RuntimeLayer_RtdsLayer_{ |
| RtdsLayer: &envoy_bootstrap_v3.RuntimeLayer_RtdsLayer{ |
| Name: "gateway.listeners", |
| RtdsConfig: &envoy_core_v3.ConfigSource{ |
| ResourceApiVersion: envoy_core_v3.ApiVersion_V3, |
| ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_Ads{}, |
| }, |
| }, |
| }, |
| }) |
| } |
| |
| // We create matchers |
| var matchNames []*envoy_tls.SubjectAltNameMatcher |
| for _, typ := range []envoy_tls.SubjectAltNameMatcher_SanType{ |
| envoy_tls.SubjectAltNameMatcher_DNS, |
| envoy_tls.SubjectAltNameMatcher_IP_ADDRESS, |
| } { |
| matchNames = append(matchNames, &envoy_tls.SubjectAltNameMatcher{ |
| SanType: typ, |
| Matcher: &envoy_type_matcher_v3.StringMatcher{ |
| MatchPattern: &envoy_type_matcher_v3.StringMatcher_Exact{Exact: parameters.XdsHost}, |
| }, |
| }) |
| } |
| res := &envoy_bootstrap_v3.Bootstrap{ |
| Node: &envoy_core_v3.Node{ |
| Id: parameters.Id, |
| Cluster: parameters.Service, |
| Metadata: &structpb.Struct{ |
| Fields: map[string]*structpb.Value{ |
| core_xds.FieldVersion: { |
| Kind: &structpb.Value_StructValue{ |
| StructValue: util_proto.MustToStruct(parameters.Version), |
| }, |
| }, |
| core_xds.FieldFeatures: util_proto.MustNewValueForStruct(features), |
| core_xds.FieldWorkdir: util_proto.MustNewValueForStruct(parameters.Workdir), |
| core_xds.FieldAccessLogSocketPath: util_proto.MustNewValueForStruct(parameters.AccessLogSocketPath), |
| core_xds.FieldMetricsSocketPath: util_proto.MustNewValueForStruct(parameters.MetricsSocketPath), |
| core_xds.FieldMetricsCertPath: util_proto.MustNewValueForStruct(parameters.MetricsCertPath), |
| core_xds.FieldMetricsKeyPath: util_proto.MustNewValueForStruct(parameters.MetricsKeyPath), |
| }, |
| }, |
| }, |
| LayeredRuntime: &envoy_bootstrap_v3.LayeredRuntime{ |
| Layers: runtimeLayers, |
| }, |
| StatsConfig: &envoy_metrics_v3.StatsConfig{ |
| StatsTags: []*envoy_metrics_v3.TagSpecifier{ |
| { |
| TagName: "name", |
| TagValue: &envoy_metrics_v3.TagSpecifier_Regex{Regex: "^grpc\\.((.+)\\.)"}, |
| }, |
| { |
| TagName: "status", |
| TagValue: &envoy_metrics_v3.TagSpecifier_Regex{Regex: "^grpc.*streams_closed(_([0-9]+))"}, |
| }, |
| { |
| TagName: "kafka_name", |
| TagValue: &envoy_metrics_v3.TagSpecifier_Regex{Regex: "^kafka(\\.(\\S*[0-9]))\\."}, |
| }, |
| { |
| TagName: "kafka_type", |
| TagValue: &envoy_metrics_v3.TagSpecifier_Regex{Regex: "^kafka\\..*\\.(.*?(?=_duration|$))"}, |
| }, |
| { |
| TagName: "worker", |
| TagValue: &envoy_metrics_v3.TagSpecifier_Regex{Regex: "(worker_([0-9]+)\\.)"}, |
| }, |
| { |
| TagName: "listener", |
| TagValue: &envoy_metrics_v3.TagSpecifier_Regex{Regex: "((.+?)\\.)rbac\\."}, |
| }, |
| }, |
| }, |
| DynamicResources: &envoy_bootstrap_v3.Bootstrap_DynamicResources{ |
| LdsConfig: &envoy_core_v3.ConfigSource{ |
| ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_Ads{Ads: &envoy_core_v3.AggregatedConfigSource{}}, |
| ResourceApiVersion: envoy_core_v3.ApiVersion_V3, |
| }, |
| CdsConfig: &envoy_core_v3.ConfigSource{ |
| ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_Ads{Ads: &envoy_core_v3.AggregatedConfigSource{}}, |
| ResourceApiVersion: envoy_core_v3.ApiVersion_V3, |
| }, |
| AdsConfig: &envoy_core_v3.ApiConfigSource{ |
| ApiType: envoy_core_v3.ApiConfigSource_GRPC, |
| TransportApiVersion: envoy_core_v3.ApiVersion_V3, |
| SetNodeOnFirstMessageOnly: true, |
| GrpcServices: []*envoy_core_v3.GrpcService{ |
| buildGrpcService(parameters, enableReloadableTokens), |
| }, |
| }, |
| }, |
| StaticResources: &envoy_bootstrap_v3.Bootstrap_StaticResources{ |
| //Secrets: []*envoy_tls.Secret{ |
| // { |
| // Name: tls.CpValidationCtx, |
| // Type: &envoy_tls.Secret_ValidationContext{ |
| // ValidationContext: &envoy_tls.CertificateValidationContext{ |
| // MatchTypedSubjectAltNames: matchNames, |
| // TrustedCa: &envoy_core_v3.DataSource{ |
| // Specifier: &envoy_core_v3.DataSource_InlineBytes{ |
| // InlineBytes: parameters.CertBytes, |
| // }, |
| // }, |
| // }, |
| // }, |
| // }, |
| //}, |
| Clusters: staticClusters, |
| }, |
| DefaultRegexEngine: &envoy_core_v3.TypedExtensionConfig{ |
| Name: "envoy.regex_engines.google_re2", |
| TypedConfig: util_proto.MustMarshalAny(®ex_engines.GoogleRE2{}), |
| }, |
| } |
| for _, r := range res.StaticResources.Clusters { |
| if r.Name == adsClusterName { |
| transport := &envoy_tls.UpstreamTlsContext{ |
| Sni: parameters.XdsHost, |
| CommonTlsContext: &envoy_tls.CommonTlsContext{ |
| TlsParams: &envoy_tls.TlsParameters{ |
| TlsMinimumProtocolVersion: envoy_tls.TlsParameters_TLSv1_2, |
| }, |
| ValidationContextType: &envoy_tls.CommonTlsContext_ValidationContextSdsSecretConfig{ |
| //ValidationContextSdsSecretConfig: &envoy_tls.SdsSecretConfig{ |
| // Name: tls.CpValidationCtx, |
| //}, |
| }, |
| }, |
| } |
| any, err := util_proto.MarshalAnyDeterministic(transport) |
| if err != nil { |
| return nil, err |
| } |
| r.TransportSocket = &envoy_core_v3.TransportSocket{ |
| Name: "envoy.transport_sockets.tls", |
| ConfigType: &envoy_core_v3.TransportSocket_TypedConfig{ |
| TypedConfig: any, |
| }, |
| } |
| } |
| } |
| if parameters.HdsEnabled { |
| res.HdsConfig = &envoy_core_v3.ApiConfigSource{ |
| ApiType: envoy_core_v3.ApiConfigSource_GRPC, |
| TransportApiVersion: envoy_core_v3.ApiVersion_V3, |
| SetNodeOnFirstMessageOnly: true, |
| GrpcServices: []*envoy_core_v3.GrpcService{ |
| buildGrpcService(parameters, enableReloadableTokens), |
| }, |
| } |
| } |
| |
| if parameters.IsGatewayDataplane { |
| if maxBytes := parameters.Resources.MaxHeapSizeBytes; maxBytes > 0 { |
| config := &resource_monitors_fixed_heap.FixedHeapConfig{ |
| MaxHeapSizeBytes: maxBytes, |
| } |
| marshaledConfig, err := util_proto.MarshalAnyDeterministic(config) |
| if err != nil { |
| return nil, errors.Wrapf(err, "could not marshall %T", config) |
| } |
| |
| fixedHeap := "envoy.resource_monitors.fixed_heap" |
| |
| res.OverloadManager = &envoy_overload_v3.OverloadManager{ |
| RefreshInterval: util_proto.Duration(250 * time.Millisecond), |
| ResourceMonitors: []*envoy_overload_v3.ResourceMonitor{{ |
| Name: fixedHeap, |
| ConfigType: &envoy_overload_v3.ResourceMonitor_TypedConfig{ |
| TypedConfig: marshaledConfig, |
| }, |
| }}, |
| Actions: []*envoy_overload_v3.OverloadAction{{ |
| Name: "envoy.overload_actions.shrink_heap", |
| Triggers: []*envoy_overload_v3.Trigger{{ |
| Name: fixedHeap, |
| TriggerOneof: &envoy_overload_v3.Trigger_Threshold{ |
| Threshold: &envoy_overload_v3.ThresholdTrigger{ |
| Value: 0.95, |
| }, |
| }, |
| }}, |
| }, { |
| Name: "envoy.overload_actions.stop_accepting_requests", |
| Triggers: []*envoy_overload_v3.Trigger{{ |
| Name: fixedHeap, |
| TriggerOneof: &envoy_overload_v3.Trigger_Threshold{ |
| Threshold: &envoy_overload_v3.ThresholdTrigger{ |
| Value: 0.98, |
| }, |
| }, |
| }}, |
| }}, |
| } |
| } |
| } |
| if (!enableReloadableTokens || parameters.DataplaneTokenPath == "") && parameters.DataplaneToken != "" { |
| if res.HdsConfig != nil { |
| for _, n := range res.HdsConfig.GrpcServices { |
| n.InitialMetadata = []*envoy_core_v3.HeaderValue{ |
| {Key: "authorization", Value: parameters.DataplaneToken}, |
| } |
| } |
| } |
| for _, n := range res.DynamicResources.AdsConfig.GrpcServices { |
| n.InitialMetadata = []*envoy_core_v3.HeaderValue{ |
| {Key: "authorization", Value: parameters.DataplaneToken}, |
| } |
| } |
| } |
| if parameters.DataplaneResource != "" { |
| res.Node.Metadata.Fields[core_xds.FieldDataplaneDataplaneResource] = util_proto.MustNewValueForStruct(parameters.DataplaneResource) |
| } |
| if parameters.AdminPort != 0 { |
| res.Node.Metadata.Fields[core_xds.FieldDataplaneAdminPort] = util_proto.MustNewValueForStruct(strconv.Itoa(int(parameters.AdminPort))) |
| res.Node.Metadata.Fields[core_xds.FieldDataplaneAdminAddress] = util_proto.MustNewValueForStruct(parameters.AdminAddress) |
| res.Admin = &envoy_bootstrap_v3.Admin{ |
| Address: &envoy_core_v3.Address{ |
| Address: &envoy_core_v3.Address_SocketAddress{ |
| SocketAddress: &envoy_core_v3.SocketAddress{ |
| Address: parameters.AdminAddress, |
| Protocol: envoy_core_v3.SocketAddress_TCP, |
| PortSpecifier: &envoy_core_v3.SocketAddress_PortValue{ |
| PortValue: parameters.AdminPort, |
| }, |
| }, |
| }, |
| }, |
| } |
| if parameters.AdminAccessLogPath != "" { |
| fileAccessLog := &access_loggers_file.FileAccessLog{ |
| Path: parameters.AdminAccessLogPath, |
| } |
| marshaled, err := util_proto.MarshalAnyDeterministic(fileAccessLog) |
| if err != nil { |
| return nil, errors.Wrapf(err, "could not marshall %T", fileAccessLog) |
| } |
| res.Admin.AccessLog = []*envoy_accesslog_v3.AccessLog{ |
| { |
| Name: "envoy.access_loggers.file", |
| ConfigType: &envoy_accesslog_v3.AccessLog_TypedConfig{ |
| TypedConfig: marshaled, |
| }, |
| }, |
| } |
| } |
| } |
| if parameters.DNSPort != 0 { |
| res.Node.Metadata.Fields[core_xds.FieldDataplaneDNSPort] = util_proto.MustNewValueForStruct(strconv.Itoa(int(parameters.DNSPort))) |
| } |
| if parameters.EmptyDNSPort != 0 { |
| res.Node.Metadata.Fields[core_xds.FieldDataplaneDNSEmptyPort] = util_proto.MustNewValueForStruct(strconv.Itoa(int(parameters.EmptyDNSPort))) |
| } |
| if parameters.ProxyType != "" { |
| res.Node.Metadata.Fields[core_xds.FieldDataplaneProxyType] = util_proto.MustNewValueForStruct(parameters.ProxyType) |
| } |
| if len(parameters.DynamicMetadata) > 0 { |
| md := make(map[string]interface{}, len(parameters.DynamicMetadata)) |
| for k, v := range parameters.DynamicMetadata { |
| md[k] = v |
| } |
| res.Node.Metadata.Fields[core_xds.FieldDynamicMetadata] = util_proto.MustNewValueForStruct(md) |
| } |
| return res, nil |
| } |
| |
| func clusterTypeFromHost(host string) envoy_cluster_v3.Cluster_DiscoveryType { |
| if govalidator.IsIP(host) { |
| return envoy_cluster_v3.Cluster_STATIC |
| } |
| return envoy_cluster_v3.Cluster_STRICT_DNS |
| } |
| |
| func dnsLookupFamilyFromXdsHost(host string, lookupFn func(host string) ([]net.IP, error)) envoy_cluster_v3.Cluster_DnsLookupFamily { |
| if govalidator.IsDNSName(host) && host != "localhost" { |
| ips, err := lookupFn(host) |
| if err != nil { |
| log.Info("[WARNING] error looking up XDS host to determine DnsLookupFamily, falling back to AUTO", "hostname", host) |
| return envoy_cluster_v3.Cluster_AUTO |
| } |
| hasIPv6 := false |
| |
| for _, ip := range ips { |
| if ip.To4() == nil { |
| hasIPv6 = true |
| } |
| } |
| |
| if !hasIPv6 && len(ips) > 0 { |
| return envoy_cluster_v3.Cluster_V4_ONLY |
| } |
| } |
| |
| return envoy_cluster_v3.Cluster_AUTO // default |
| } |
| |
| func buildStaticClusters(parameters configParameters, enableReloadableTokens bool) ([]*envoy_cluster_v3.Cluster, error) { |
| accessLogSink := &envoy_cluster_v3.Cluster{ |
| // TODO does timeout and keepAlive make sense on this as it uses unix domain sockets? |
| Name: accessLogSinkClusterName, |
| ConnectTimeout: util_proto.Duration(parameters.XdsConnectTimeout), |
| LbPolicy: envoy_cluster_v3.Cluster_ROUND_ROBIN, |
| UpstreamConnectionOptions: &envoy_cluster_v3.UpstreamConnectionOptions{ |
| TcpKeepalive: &envoy_core_v3.TcpKeepalive{ |
| KeepaliveProbes: util_proto.UInt32(3), |
| KeepaliveTime: util_proto.UInt32(10), |
| KeepaliveInterval: util_proto.UInt32(10), |
| }, |
| }, |
| ClusterDiscoveryType: &envoy_cluster_v3.Cluster_Type{Type: envoy_cluster_v3.Cluster_STATIC}, |
| LoadAssignment: &envoy_config_endpoint_v3.ClusterLoadAssignment{ |
| ClusterName: accessLogSinkClusterName, |
| Endpoints: []*envoy_config_endpoint_v3.LocalityLbEndpoints{ |
| { |
| LbEndpoints: []*envoy_config_endpoint_v3.LbEndpoint{ |
| { |
| HostIdentifier: &envoy_config_endpoint_v3.LbEndpoint_Endpoint{ |
| Endpoint: &envoy_config_endpoint_v3.Endpoint{ |
| Address: &envoy_core_v3.Address{ |
| Address: &envoy_core_v3.Address_Pipe{Pipe: &envoy_core_v3.Pipe{Path: parameters.AccessLogSocketPath}}, |
| }, |
| }, |
| }, |
| }, |
| }, |
| }, |
| }, |
| }, |
| } |
| if err := (&clusters_v3.Http2Configurer{}).Configure(accessLogSink); err != nil { |
| return nil, err |
| } |
| |
| clusters := []*envoy_cluster_v3.Cluster{accessLogSink} |
| |
| if parameters.DataplaneTokenPath == "" || !enableReloadableTokens { |
| adsCluster := &envoy_cluster_v3.Cluster{ |
| Name: adsClusterName, |
| ConnectTimeout: util_proto.Duration(parameters.XdsConnectTimeout), |
| LbPolicy: envoy_cluster_v3.Cluster_ROUND_ROBIN, |
| UpstreamConnectionOptions: &envoy_cluster_v3.UpstreamConnectionOptions{ |
| TcpKeepalive: &envoy_core_v3.TcpKeepalive{ |
| KeepaliveProbes: util_proto.UInt32(3), |
| KeepaliveTime: util_proto.UInt32(10), |
| KeepaliveInterval: util_proto.UInt32(10), |
| }, |
| }, |
| ClusterDiscoveryType: &envoy_cluster_v3.Cluster_Type{Type: clusterTypeFromHost(parameters.XdsHost)}, |
| DnsLookupFamily: dnsLookupFamilyFromXdsHost(parameters.XdsHost, net.LookupIP), |
| LoadAssignment: &envoy_config_endpoint_v3.ClusterLoadAssignment{ |
| ClusterName: adsClusterName, |
| Endpoints: []*envoy_config_endpoint_v3.LocalityLbEndpoints{ |
| { |
| LbEndpoints: []*envoy_config_endpoint_v3.LbEndpoint{ |
| { |
| HostIdentifier: &envoy_config_endpoint_v3.LbEndpoint_Endpoint{ |
| Endpoint: &envoy_config_endpoint_v3.Endpoint{ |
| Address: &envoy_core_v3.Address{ |
| Address: &envoy_core_v3.Address_SocketAddress{ |
| SocketAddress: &envoy_core_v3.SocketAddress{ |
| Address: parameters.XdsHost, |
| PortSpecifier: &envoy_core_v3.SocketAddress_PortValue{PortValue: parameters.XdsPort}, |
| }, |
| }, |
| }, |
| }, |
| }, |
| }, |
| }, |
| }, |
| }, |
| }, |
| } |
| |
| if err := (&clusters_v3.Http2Configurer{}).Configure(adsCluster); err != nil { |
| return nil, err |
| } |
| |
| clusters = append(clusters, adsCluster) |
| } |
| return clusters, nil |
| } |
| |
| func buildGrpcService(params configParameters, useTokenPath bool) *envoy_core_v3.GrpcService { |
| if useTokenPath && params.DataplaneTokenPath != "" { |
| googleGrpcService := &envoy_core_v3.GrpcService{ |
| TargetSpecifier: &envoy_core_v3.GrpcService_GoogleGrpc_{ |
| GoogleGrpc: &envoy_core_v3.GrpcService_GoogleGrpc{ |
| TargetUri: net.JoinHostPort(params.XdsHost, strconv.FormatUint(uint64(params.XdsPort), 10)), |
| StatPrefix: "ads", |
| CredentialsFactoryName: "envoy.grpc_credentials.file_based_metadata", |
| CallCredentials: []*envoy_core_v3.GrpcService_GoogleGrpc_CallCredentials{ |
| { |
| CredentialSpecifier: &envoy_core_v3.GrpcService_GoogleGrpc_CallCredentials_FromPlugin{ |
| FromPlugin: &envoy_core_v3.GrpcService_GoogleGrpc_CallCredentials_MetadataCredentialsFromPlugin{ |
| Name: "envoy.grpc_credentials.file_based_metadata", |
| ConfigType: &envoy_core_v3.GrpcService_GoogleGrpc_CallCredentials_MetadataCredentialsFromPlugin_TypedConfig{ |
| TypedConfig: util_proto.MustMarshalAny(&envoy_grpc_credentials_v3.FileBasedMetadataConfig{ |
| SecretData: &envoy_core_v3.DataSource{ |
| Specifier: &envoy_core_v3.DataSource_Filename{Filename: params.DataplaneTokenPath}, |
| }, |
| }), |
| }, |
| }, |
| }, |
| }, |
| }, |
| }, |
| }, |
| } |
| if params.CertBytes != nil { |
| googleGrpcService.GetGoogleGrpc().ChannelCredentials = &envoy_core_v3.GrpcService_GoogleGrpc_ChannelCredentials{ |
| CredentialSpecifier: &envoy_core_v3.GrpcService_GoogleGrpc_ChannelCredentials_SslCredentials{ |
| SslCredentials: &envoy_core_v3.GrpcService_GoogleGrpc_SslCredentials{ |
| RootCerts: &envoy_core_v3.DataSource{ |
| Specifier: &envoy_core_v3.DataSource_InlineBytes{ |
| InlineBytes: params.CertBytes, |
| }, |
| }, |
| }, |
| }, |
| } |
| } |
| return googleGrpcService |
| } else { |
| envoyGrpcSerivce := &envoy_core_v3.GrpcService{ |
| TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{ |
| EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{ |
| ClusterName: adsClusterName, |
| }, |
| }, |
| } |
| return envoyGrpcSerivce |
| } |
| } |