1syntax = "proto3"; 2 3package envoy.config.core.v3; 4 5import "envoy/config/core/v3/address.proto"; 6import "envoy/config/core/v3/backoff.proto"; 7import "envoy/config/core/v3/http_uri.proto"; 8import "envoy/type/v3/percent.proto"; 9import "envoy/type/v3/semantic_version.proto"; 10 11import "google/protobuf/any.proto"; 12import "google/protobuf/struct.proto"; 13import "google/protobuf/wrappers.proto"; 14 15import "xds/core/v3/context_params.proto"; 16 17import "envoy/annotations/deprecation.proto"; 18import "udpa/annotations/migrate.proto"; 19import "udpa/annotations/status.proto"; 20import "udpa/annotations/versioning.proto"; 21import "validate/validate.proto"; 22 23option java_package = "io.envoyproxy.envoy.config.core.v3"; 24option java_outer_classname = "BaseProto"; 25option java_multiple_files = true; 26option go_package = "github.com/envoyproxy/go-control-plane/envoy/config/core/v3;corev3"; 27option (udpa.annotations.file_status).package_version_status = ACTIVE; 28 29// [#protodoc-title: Common types] 30 31// Envoy supports :ref:`upstream priority routing 32// <arch_overview_http_routing_priority>` both at the route and the virtual 33// cluster level. The current priority implementation uses different connection 34// pool and circuit breaking settings for each priority level. This means that 35// even for HTTP/2 requests, two physical connections will be used to an 36// upstream host. In the future Envoy will likely support true HTTP/2 priority 37// over a single upstream connection. 38enum RoutingPriority { 39 DEFAULT = 0; 40 HIGH = 1; 41} 42 43// HTTP request method. 44enum RequestMethod { 45 METHOD_UNSPECIFIED = 0; 46 GET = 1; 47 HEAD = 2; 48 POST = 3; 49 PUT = 4; 50 DELETE = 5; 51 CONNECT = 6; 52 OPTIONS = 7; 53 TRACE = 8; 54 PATCH = 9; 55} 56 57// Identifies the direction of the traffic relative to the local Envoy. 58enum TrafficDirection { 59 // Default option is unspecified. 60 UNSPECIFIED = 0; 61 62 // The transport is used for incoming traffic. 63 INBOUND = 1; 64 65 // The transport is used for outgoing traffic. 66 OUTBOUND = 2; 67} 68 69// Identifies location of where either Envoy runs or where upstream hosts run. 70message Locality { 71 option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.Locality"; 72 73 // Region this :ref:`zone <envoy_v3_api_field_config.core.v3.Locality.zone>` belongs to. 74 string region = 1; 75 76 // Defines the local service zone where Envoy is running. Though optional, it 77 // should be set if discovery service routing is used and the discovery 78 // service exposes :ref:`zone data <envoy_v3_api_field_config.endpoint.v3.LocalityLbEndpoints.locality>`, 79 // either in this message or via :option:`--service-zone`. The meaning of zone 80 // is context dependent, e.g. `Availability Zone (AZ) 81 // <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html>`_ 82 // on AWS, `Zone <https://cloud.google.com/compute/docs/regions-zones/>`_ on 83 // GCP, etc. 84 string zone = 2; 85 86 // When used for locality of upstream hosts, this field further splits zone 87 // into smaller chunks of sub-zones so they can be load balanced 88 // independently. 89 string sub_zone = 3; 90} 91 92// BuildVersion combines SemVer version of extension with free-form build information 93// (i.e. 'alpha', 'private-build') as a set of strings. 94message BuildVersion { 95 option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.BuildVersion"; 96 97 // SemVer version of extension. 98 type.v3.SemanticVersion version = 1; 99 100 // Free-form build information. 101 // Envoy defines several well known keys in the source/common/version/version.h file 102 google.protobuf.Struct metadata = 2; 103} 104 105// Version and identification for an Envoy extension. 106// [#next-free-field: 7] 107message Extension { 108 option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.Extension"; 109 110 // This is the name of the Envoy filter as specified in the Envoy 111 // configuration, e.g. envoy.filters.http.router, com.acme.widget. 112 string name = 1; 113 114 // Category of the extension. 115 // Extension category names use reverse DNS notation. For instance "envoy.filters.listener" 116 // for Envoy's built-in listener filters or "com.acme.filters.http" for HTTP filters from 117 // acme.com vendor. 118 // [#comment:TODO(yanavlasov): Link to the doc with existing envoy category names.] 119 string category = 2; 120 121 // [#not-implemented-hide:] Type descriptor of extension configuration proto. 122 // [#comment:TODO(yanavlasov): Link to the doc with existing configuration protos.] 123 // [#comment:TODO(yanavlasov): Add tests when PR #9391 lands.] 124 string type_descriptor = 3 125 [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; 126 127 // The version is a property of the extension and maintained independently 128 // of other extensions and the Envoy API. 129 // This field is not set when extension did not provide version information. 130 BuildVersion version = 4; 131 132 // Indicates that the extension is present but was disabled via dynamic configuration. 133 bool disabled = 5; 134 135 // Type URLs of extension configuration protos. 136 repeated string type_urls = 6; 137} 138 139// Identifies a specific Envoy instance. The node identifier is presented to the 140// management server, which may use this identifier to distinguish per Envoy 141// configuration for serving. 142// [#next-free-field: 13] 143message Node { 144 option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.Node"; 145 146 reserved 5; 147 148 reserved "build_version"; 149 150 // An opaque node identifier for the Envoy node. This also provides the local 151 // service node name. It should be set if any of the following features are 152 // used: :ref:`statsd <arch_overview_statistics>`, :ref:`CDS 153 // <config_cluster_manager_cds>`, and :ref:`HTTP tracing 154 // <arch_overview_tracing>`, either in this message or via 155 // :option:`--service-node`. 156 string id = 1; 157 158 // Defines the local service cluster name where Envoy is running. Though 159 // optional, it should be set if any of the following features are used: 160 // :ref:`statsd <arch_overview_statistics>`, :ref:`health check cluster 161 // verification 162 // <envoy_v3_api_field_config.core.v3.HealthCheck.HttpHealthCheck.service_name_matcher>`, 163 // :ref:`runtime override directory <envoy_v3_api_msg_config.bootstrap.v3.Runtime>`, 164 // :ref:`user agent addition 165 // <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.add_user_agent>`, 166 // :ref:`HTTP global rate limiting <config_http_filters_rate_limit>`, 167 // :ref:`CDS <config_cluster_manager_cds>`, and :ref:`HTTP tracing 168 // <arch_overview_tracing>`, either in this message or via 169 // :option:`--service-cluster`. 170 string cluster = 2; 171 172 // Opaque metadata extending the node identifier. Envoy will pass this 173 // directly to the management server. 174 google.protobuf.Struct metadata = 3; 175 176 // Map from xDS resource type URL to dynamic context parameters. These may vary at runtime (unlike 177 // other fields in this message). For example, the xDS client may have a shard identifier that 178 // changes during the lifetime of the xDS client. In Envoy, this would be achieved by updating the 179 // dynamic context on the Server::Instance's LocalInfo context provider. The shard ID dynamic 180 // parameter then appears in this field during future discovery requests. 181 map<string, xds.core.v3.ContextParams> dynamic_parameters = 12; 182 183 // Locality specifying where the Envoy instance is running. 184 Locality locality = 4; 185 186 // Free-form string that identifies the entity requesting config. 187 // E.g. "envoy" or "grpc" 188 string user_agent_name = 6; 189 190 oneof user_agent_version_type { 191 // Free-form string that identifies the version of the entity requesting config. 192 // E.g. "1.12.2" or "abcd1234", or "SpecialEnvoyBuild" 193 string user_agent_version = 7; 194 195 // Structured version of the entity requesting config. 196 BuildVersion user_agent_build_version = 8; 197 } 198 199 // List of extensions and their versions supported by the node. 200 repeated Extension extensions = 9; 201 202 // Client feature support list. These are well known features described 203 // in the Envoy API repository for a given major version of an API. Client features 204 // use reverse DNS naming scheme, for example ``com.acme.feature``. 205 // See :ref:`the list of features <client_features>` that xDS client may 206 // support. 207 repeated string client_features = 10; 208 209 // Known listening ports on the node as a generic hint to the management server 210 // for filtering :ref:`listeners <config_listeners>` to be returned. For example, 211 // if there is a listener bound to port 80, the list can optionally contain the 212 // SocketAddress ``(0.0.0.0,80)``. The field is optional and just a hint. 213 repeated Address listening_addresses = 11 214 [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; 215} 216 217// Metadata provides additional inputs to filters based on matched listeners, 218// filter chains, routes and endpoints. It is structured as a map, usually from 219// filter name (in reverse DNS format) to metadata specific to the filter. Metadata 220// key-values for a filter are merged as connection and request handling occurs, 221// with later values for the same key overriding earlier values. 222// 223// An example use of metadata is providing additional values to 224// http_connection_manager in the envoy.http_connection_manager.access_log 225// namespace. 226// 227// Another example use of metadata is to per service config info in cluster metadata, which may get 228// consumed by multiple filters. 229// 230// For load balancing, Metadata provides a means to subset cluster endpoints. 231// Endpoints have a Metadata object associated and routes contain a Metadata 232// object to match against. There are some well defined metadata used today for 233// this purpose: 234// 235// * ``{"envoy.lb": {"canary": <bool> }}`` This indicates the canary status of an 236// endpoint and is also used during header processing 237// (x-envoy-upstream-canary) and for stats purposes. 238// [#next-major-version: move to type/metadata/v2] 239message Metadata { 240 option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.Metadata"; 241 242 // Key is the reverse DNS filter name, e.g. com.acme.widget. The ``envoy.*`` 243 // namespace is reserved for Envoy's built-in filters. 244 // If both ``filter_metadata`` and 245 // :ref:`typed_filter_metadata <envoy_v3_api_field_config.core.v3.Metadata.typed_filter_metadata>` 246 // fields are present in the metadata with same keys, 247 // only ``typed_filter_metadata`` field will be parsed. 248 map<string, google.protobuf.Struct> filter_metadata = 1; 249 250 // Key is the reverse DNS filter name, e.g. com.acme.widget. The ``envoy.*`` 251 // namespace is reserved for Envoy's built-in filters. 252 // The value is encoded as google.protobuf.Any. 253 // If both :ref:`filter_metadata <envoy_v3_api_field_config.core.v3.Metadata.filter_metadata>` 254 // and ``typed_filter_metadata`` fields are present in the metadata with same keys, 255 // only ``typed_filter_metadata`` field will be parsed. 256 map<string, google.protobuf.Any> typed_filter_metadata = 2; 257} 258 259// Runtime derived uint32 with a default when not specified. 260message RuntimeUInt32 { 261 option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.RuntimeUInt32"; 262 263 // Default value if runtime value is not available. 264 uint32 default_value = 2; 265 266 // Runtime key to get value for comparison. This value is used if defined. 267 string runtime_key = 3 [(validate.rules).string = {min_len: 1}]; 268} 269 270// Runtime derived percentage with a default when not specified. 271message RuntimePercent { 272 // Default value if runtime value is not available. 273 type.v3.Percent default_value = 1; 274 275 // Runtime key to get value for comparison. This value is used if defined. 276 string runtime_key = 2 [(validate.rules).string = {min_len: 1}]; 277} 278 279// Runtime derived double with a default when not specified. 280message RuntimeDouble { 281 option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.RuntimeDouble"; 282 283 // Default value if runtime value is not available. 284 double default_value = 1; 285 286 // Runtime key to get value for comparison. This value is used if defined. 287 string runtime_key = 2 [(validate.rules).string = {min_len: 1}]; 288} 289 290// Runtime derived bool with a default when not specified. 291message RuntimeFeatureFlag { 292 option (udpa.annotations.versioning).previous_message_type = 293 "envoy.api.v2.core.RuntimeFeatureFlag"; 294 295 // Default value if runtime value is not available. 296 google.protobuf.BoolValue default_value = 1 [(validate.rules).message = {required: true}]; 297 298 // Runtime key to get value for comparison. This value is used if defined. The boolean value must 299 // be represented via its 300 // `canonical JSON encoding <https://developers.google.com/protocol-buffers/docs/proto3#json>`_. 301 string runtime_key = 2 [(validate.rules).string = {min_len: 1}]; 302} 303 304// Query parameter name/value pair. 305message QueryParameter { 306 // The key of the query parameter. Case sensitive. 307 string key = 1 [(validate.rules).string = {min_len: 1}]; 308 309 // The value of the query parameter. 310 string value = 2; 311} 312 313// Header name/value pair. 314message HeaderValue { 315 option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.HeaderValue"; 316 317 // Header name. 318 string key = 1 319 [(validate.rules).string = 320 {min_len: 1 max_bytes: 16384 well_known_regex: HTTP_HEADER_NAME strict: false}]; 321 322 // Header value. 323 // 324 // The same :ref:`format specifier <config_access_log_format>` as used for 325 // :ref:`HTTP access logging <config_access_log>` applies here, however 326 // unknown header values are replaced with the empty string instead of ``-``. 327 string value = 2 [ 328 (validate.rules).string = {max_bytes: 16384 well_known_regex: HTTP_HEADER_VALUE strict: false} 329 ]; 330} 331 332// Header name/value pair plus option to control append behavior. 333message HeaderValueOption { 334 option (udpa.annotations.versioning).previous_message_type = 335 "envoy.api.v2.core.HeaderValueOption"; 336 337 // Describes the supported actions types for header append action. 338 enum HeaderAppendAction { 339 // This action will append the specified value to the existing values if the header 340 // already exists. If the header doesn't exist then this will add the header with 341 // specified key and value. 342 APPEND_IF_EXISTS_OR_ADD = 0; 343 344 // This action will add the header if it doesn't already exist. If the header 345 // already exists then this will be a no-op. 346 ADD_IF_ABSENT = 1; 347 348 // This action will overwrite the specified value by discarding any existing values if 349 // the header already exists. If the header doesn't exist then this will add the header 350 // with specified key and value. 351 OVERWRITE_IF_EXISTS_OR_ADD = 2; 352 } 353 354 // Header name/value pair that this option applies to. 355 HeaderValue header = 1 [(validate.rules).message = {required: true}]; 356 357 // Should the value be appended? If true (default), the value is appended to 358 // existing values. Otherwise it replaces any existing values. 359 // This field is deprecated and please use 360 // :ref:`append_action <envoy_v3_api_field_config.core.v3.HeaderValueOption.append_action>` as replacement. 361 // 362 // .. note:: 363 // The :ref:`external authorization service <envoy_v3_api_msg_service.auth.v3.CheckResponse>` and 364 // :ref:`external processor service <envoy_v3_api_msg_service.ext_proc.v3.ProcessingResponse>` have 365 // default value (``false``) for this field. 366 google.protobuf.BoolValue append = 2 367 [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; 368 369 // Describes the action taken to append/overwrite the given value for an existing header 370 // or to only add this header if it's absent. 371 // Value defaults to :ref:`APPEND_IF_EXISTS_OR_ADD 372 // <envoy_v3_api_enum_value_config.core.v3.HeaderValueOption.HeaderAppendAction.APPEND_IF_EXISTS_OR_ADD>`. 373 HeaderAppendAction append_action = 3 [(validate.rules).enum = {defined_only: true}]; 374 375 // Is the header value allowed to be empty? If false (default), custom headers with empty values are dropped, 376 // otherwise they are added. 377 bool keep_empty_value = 4; 378} 379 380// Wrapper for a set of headers. 381message HeaderMap { 382 option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.HeaderMap"; 383 384 repeated HeaderValue headers = 1; 385} 386 387// A directory that is watched for changes, e.g. by inotify on Linux. Move/rename 388// events inside this directory trigger the watch. 389message WatchedDirectory { 390 // Directory path to watch. 391 string path = 1 [(validate.rules).string = {min_len: 1}]; 392} 393 394// Data source consisting of a file, an inline value, or an environment variable. 395message DataSource { 396 option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.DataSource"; 397 398 oneof specifier { 399 option (validate.required) = true; 400 401 // Local filesystem data source. 402 string filename = 1 [(validate.rules).string = {min_len: 1}]; 403 404 // Bytes inlined in the configuration. 405 bytes inline_bytes = 2; 406 407 // String inlined in the configuration. 408 string inline_string = 3; 409 410 // Environment variable data source. 411 string environment_variable = 4 [(validate.rules).string = {min_len: 1}]; 412 } 413} 414 415// The message specifies the retry policy of remote data source when fetching fails. 416message RetryPolicy { 417 option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.RetryPolicy"; 418 419 // Specifies parameters that control :ref:`retry backoff strategy <envoy_v3_api_msg_config.core.v3.BackoffStrategy>`. 420 // This parameter is optional, in which case the default base interval is 1000 milliseconds. The 421 // default maximum interval is 10 times the base interval. 422 BackoffStrategy retry_back_off = 1; 423 424 // Specifies the allowed number of retries. This parameter is optional and 425 // defaults to 1. 426 google.protobuf.UInt32Value num_retries = 2 427 [(udpa.annotations.field_migrate).rename = "max_retries"]; 428} 429 430// The message specifies how to fetch data from remote and how to verify it. 431message RemoteDataSource { 432 option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.RemoteDataSource"; 433 434 // The HTTP URI to fetch the remote data. 435 HttpUri http_uri = 1 [(validate.rules).message = {required: true}]; 436 437 // SHA256 string for verifying data. 438 string sha256 = 2 [(validate.rules).string = {min_len: 1}]; 439 440 // Retry policy for fetching remote data. 441 RetryPolicy retry_policy = 3; 442} 443 444// Async data source which support async data fetch. 445message AsyncDataSource { 446 option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.AsyncDataSource"; 447 448 oneof specifier { 449 option (validate.required) = true; 450 451 // Local async data source. 452 DataSource local = 1; 453 454 // Remote async data source. 455 RemoteDataSource remote = 2; 456 } 457} 458 459// Configuration for transport socket in :ref:`listeners <config_listeners>` and 460// :ref:`clusters <envoy_v3_api_msg_config.cluster.v3.Cluster>`. If the configuration is 461// empty, a default transport socket implementation and configuration will be 462// chosen based on the platform and existence of tls_context. 463message TransportSocket { 464 option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.TransportSocket"; 465 466 reserved 2; 467 468 reserved "config"; 469 470 // The name of the transport socket to instantiate. The name must match a supported transport 471 // socket implementation. 472 string name = 1 [(validate.rules).string = {min_len: 1}]; 473 474 // Implementation specific configuration which depends on the implementation being instantiated. 475 // See the supported transport socket implementations for further documentation. 476 oneof config_type { 477 google.protobuf.Any typed_config = 3; 478 } 479} 480 481// Runtime derived FractionalPercent with defaults for when the numerator or denominator is not 482// specified via a runtime key. 483// 484// .. note:: 485// 486// Parsing of the runtime key's data is implemented such that it may be represented as a 487// :ref:`FractionalPercent <envoy_v3_api_msg_type.v3.FractionalPercent>` proto represented as JSON/YAML 488// and may also be represented as an integer with the assumption that the value is an integral 489// percentage out of 100. For instance, a runtime key lookup returning the value "42" would parse 490// as a ``FractionalPercent`` whose numerator is 42 and denominator is HUNDRED. 491message RuntimeFractionalPercent { 492 option (udpa.annotations.versioning).previous_message_type = 493 "envoy.api.v2.core.RuntimeFractionalPercent"; 494 495 // Default value if the runtime value's for the numerator/denominator keys are not available. 496 type.v3.FractionalPercent default_value = 1 [(validate.rules).message = {required: true}]; 497 498 // Runtime key for a YAML representation of a FractionalPercent. 499 string runtime_key = 2; 500} 501 502// Identifies a specific ControlPlane instance that Envoy is connected to. 503message ControlPlane { 504 option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.ControlPlane"; 505 506 // An opaque control plane identifier that uniquely identifies an instance 507 // of control plane. This can be used to identify which control plane instance, 508 // the Envoy is connected to. 509 string identifier = 1; 510} 511