diff --git a/configs/configgen.sh b/configs/configgen.sh index 2ef145c4af75..d68db9d46784 100755 --- a/configs/configgen.sh +++ b/configs/configgen.sh @@ -9,16 +9,20 @@ shift mkdir -p "$OUT_DIR/certs" mkdir -p "$OUT_DIR/lib" +mkdir -p "$OUT_DIR/protos" "$CONFIGGEN" "$OUT_DIR" for FILE in "$@"; do case "$FILE" in - *.pem) + *.pem|*.der) cp "$FILE" "$OUT_DIR/certs" ;; *.lua) cp "$FILE" "$OUT_DIR/lib" ;; + *.pb) + cp "$FILE" "$OUT_DIR/protos" + ;; *) FILENAME="$(echo "$FILE" | sed -e 's/.*examples\///g')" @@ -29,4 +33,4 @@ for FILE in "$@"; do done # tar is having issues with -C for some reason so just cd into OUT_DIR. -(cd "$OUT_DIR"; tar -hcvf example_configs.tar -- *.yaml certs/*.pem lib/*.lua) +(cd "$OUT_DIR"; tar -hcvf example_configs.tar -- *.yaml certs/*.pem certs/*.der protos/*.pb lib/*.lua) diff --git a/docs/BUILD b/docs/BUILD index 15db81818225..aad5c89f0b65 100644 --- a/docs/BUILD +++ b/docs/BUILD @@ -9,20 +9,24 @@ exports_files(["protodoc_manifest.yaml"]) envoy_package() -# TODO(phlax): fix failing/excluded configs -# the following config only fails on windows: -# dns-cache-circuit-breaker: "Error: unable to read file: /etc/ssl/certs/ca-certificates.crt" - filegroup( name = "configs", srcs = glob( - ["root/**/*.yaml"], + [ + "root/**/*.yaml", + "root/**/*.pb", + ], exclude = [ - "root/intro/_include/life-of-a-request.yaml", + # TODO(phlax/windows-dev): figure out how to get this working on windows + # "Error: unable to read file: /etc/ssl/certs/ca-certificates.crt" + "root/configuration/http/http_filters/_include/dns-cache-circuit-breaker.yaml", "root/intro/arch_overview/security/_include/ssl.yaml", + ], + ) + select({ + "//bazel:windows_x86_64": [], + "//conditions:default": [ "root/configuration/http/http_filters/_include/dns-cache-circuit-breaker.yaml", - "root/configuration/http/http_filters/_include/grpc-reverse-bridge-filter.yaml", - "root/configuration/http/http_filters/_include/grpc-transcoder-filter.yaml", + "root/intro/arch_overview/security/_include/ssl.yaml", ], - ), + }), ) diff --git a/docs/root/configuration/http/http_filters/_include/grpc-reverse-bridge-filter.yaml b/docs/root/configuration/http/http_filters/_include/grpc-reverse-bridge-filter.yaml index 0e7215933c4d..dcbd0d06ff63 100644 --- a/docs/root/configuration/http/http_filters/_include/grpc-reverse-bridge-filter.yaml +++ b/docs/root/configuration/http/http_filters/_include/grpc-reverse-bridge-filter.yaml @@ -31,7 +31,7 @@ static_resources: - match: prefix: "/route-with-filter-disabled" route: - host_rewrite: localhost + host_rewrite_literal: localhost cluster: grpc timeout: 5.00s # per_filter_config disables the filter for this route @@ -42,7 +42,7 @@ static_resources: - match: prefix: "/route-with-filter-enabled" route: - host_rewrite: localhost + host_rewrite_literal: localhost cluster: other timeout: 5.00s http_filters: diff --git a/docs/root/configuration/http/http_filters/_include/grpc-transcoder-filter.yaml b/docs/root/configuration/http/http_filters/_include/grpc-transcoder-filter.yaml index b2791037f7ee..f9c20ddcf2e9 100644 --- a/docs/root/configuration/http/http_filters/_include/grpc-transcoder-filter.yaml +++ b/docs/root/configuration/http/http_filters/_include/grpc-transcoder-filter.yaml @@ -29,7 +29,7 @@ static_resources: - name: envoy.filters.http.grpc_json_transcoder typed_config: "@type": type.googleapis.com/envoy.extensions.filters.http.grpc_json_transcoder.v3.GrpcJsonTranscoder - proto_descriptor: "/tmp/envoy/proto.pb" + proto_descriptor: "protos/helloworld.pb" services: ["helloworld.Greeter"] print_options: add_whitespace: true diff --git a/docs/root/configuration/http/http_filters/_include/helloworld.pb b/docs/root/configuration/http/http_filters/_include/helloworld.pb new file mode 100644 index 000000000000..88eda67b2cd1 Binary files /dev/null and b/docs/root/configuration/http/http_filters/_include/helloworld.pb differ diff --git a/docs/root/configuration/http/http_filters/_include/helloworld.proto b/docs/root/configuration/http/http_filters/_include/helloworld.proto new file mode 100644 index 000000000000..9b5615252428 --- /dev/null +++ b/docs/root/configuration/http/http_filters/_include/helloworld.proto @@ -0,0 +1,25 @@ +syntax = "proto3"; + +package helloworld; + +import "google/api/annotations.proto"; + +// The greeting service definition. +service Greeter { + // Sends a greeting + rpc SayHello(HelloRequest) returns (HelloReply) { + option (google.api.http) = { + get: "/say" + }; + } +} + +// The request message containing the user's name. +message HelloRequest { + string name = 1; +} + +// The response message containing the greetings +message HelloReply { + string message = 1; +} diff --git a/docs/root/configuration/http/http_filters/grpc_json_transcoder_filter.rst b/docs/root/configuration/http/http_filters/grpc_json_transcoder_filter.rst index 7969152ec85d..c89093b84658 100644 --- a/docs/root/configuration/http/http_filters/grpc_json_transcoder_filter.rst +++ b/docs/root/configuration/http/http_filters/grpc_json_transcoder_filter.rst @@ -29,17 +29,18 @@ To generate a protobuf descriptor set for the gRPC service, you'll also need to googleapis repository from GitHub before running protoc, as you'll need annotations.proto in your include path, to define the HTTP mapping. -.. code-block:: bash +.. code-block:: console - git clone https://github.com/googleapis/googleapis - GOOGLEAPIS_DIR= + $ git clone https://github.com/googleapis/googleapis + $ GOOGLEAPIS_DIR= -Then run protoc to generate the descriptor set from bookstore.proto: +Then run protoc to generate the descriptor set. For example using the test +:repo:`bookstore.proto ` provided in the Envoy repository: -.. code-block:: bash +.. code-block:: console - protoc -I$(GOOGLEAPIS_DIR) -I. --include_imports --include_source_info \ - --descriptor_set_out=proto.pb test/proto/bookstore.proto + $ protoc -I$(GOOGLEAPIS_DIR) -I. --include_imports --include_source_info \ + --descriptor_set_out=proto.pb test/proto/bookstore.proto If you have more than one proto source files, you can pass all of them in one command. @@ -56,19 +57,17 @@ For example, with the following proto example, the router will process `/hellowo as the path, so the route config prefix `/say` won't match requests to `SayHello`. If you want to match the incoming request path, set `match_incoming_request_route` to true. -.. code-block:: proto +.. literalinclude:: _include/helloworld.proto + :language: proto - package helloworld; +Assuming you have checked out the google APIs as described above, and have saved the proto file as +``protos/helloworld.proto`` you can build it with: + +.. code-block:: console + + $ protoc -I$(GOOGLEAPIS_DIR) -I. --include_imports --include_source_info \ + --descriptor_set_out=protos/helloworld.pb protos/helloworld.proto - // The greeting service definition. - service Greeter { - // Sends a greeting - rpc SayHello (HelloRequest) returns (HelloReply) { - option (google.api.http) = { - get: "/say" - }; - } - } Sending arbitrary content ------------------------- diff --git a/docs/root/intro/_include/life-of-a-request.yaml b/docs/root/intro/_include/life-of-a-request.yaml index b3df4f05da9d..7006dbc24221 100644 --- a/docs/root/intro/_include/life-of-a-request.yaml +++ b/docs/root/intro/_include/life-of-a-request.yaml @@ -52,10 +52,10 @@ static_resources: path: "/foo" route: cluster: some_service - # CustomFilter and the HTTP router filter are the HTTP filter chain. - http_filters: - - name: some.customer.filter - - name: envoy.filters.http.router + # CustomFilter and the HTTP router filter are the HTTP filter chain. + http_filters: + # - name: some.customer.filter + - name: envoy.filters.http.router clusters: - name: some_service connect_timeout: 5s @@ -86,7 +86,7 @@ static_resources: # The rest of the configuration for statsd sink cluster. # statsd sink. stats_sinks: - - name: envoy.stat_sinks.statsd - typed_config: - "@type": type.googleapis.com/envoy.config.metrics.v3.StatsdSink - tcp_cluster_name: some_statsd_cluster + - name: envoy.stat_sinks.statsd + typed_config: + "@type": type.googleapis.com/envoy.config.metrics.v3.StatsdSink + tcp_cluster_name: some_statsd_sink diff --git a/docs/root/intro/arch_overview/security/_include/ssl.yaml b/docs/root/intro/arch_overview/security/_include/ssl.yaml index 5d9e8ae82b63..8c74e56c8d93 100644 --- a/docs/root/intro/arch_overview/security/_include/ssl.yaml +++ b/docs/root/intro/arch_overview/security/_include/ssl.yaml @@ -5,15 +5,28 @@ static_resources: filter_chains: - filters: - name: envoy.filters.network.http_connection_manager - # ... + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + stat_prefix: ingress_http + route_config: + virtual_hosts: + - name: default + domains: "*" + routes: + - match: { prefix: "/" } + route: + cluster: some_service transport_socket: name: envoy.transport_sockets.tls typed_config: "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext common_tls_context: + tls_certificates: + - certificate_chain: { filename: "certs/servercert.pem" } + private_key: { filename: "certs/serverkey.pem" } validation_context: trusted_ca: - filename: /usr/local/my-client-ca.crt + filename: certs/cacert.pem clusters: - name: some_service connect_timeout: 0.25s @@ -34,9 +47,9 @@ static_resources: "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext common_tls_context: tls_certificates: - certificate_chain: { "filename": "/cert.crt" } - private_key: { "filename": "/cert.key" } - ocsp_response: { "filename": "/ocsp_response.der" } + certificate_chain: { "filename": "certs/servercert.pem" } + private_key: { "filename": "certs/serverkey.pem" } + ocsp_staple: { "filename": "certs/server_ocsp_resp.der" } validation_context: match_subject_alt_names: exact: "foo"