expose.envoy

Simplest configuration:

[expose#0]
type = envoy
port = foo
svcmgr -s <svcname> set --kw expose#0.type=envoy --kw expose#0.port=foo

cluster_certificates

scopable True
required False
provisioning False
default None
inheritance leaf > head
scope order specific > generic
convert list

The TLS certificates used to communicate with cluster endpoints.

cluster_data

scopable True
required False
provisioning False
default None
inheritance leaf > head
scope order specific > generic
convert json

The envoy protocol compliant data in json format used to bootstrap the Cluster config messages. Parts of this structure, like endpoints, are amended to reflect the actual cluster state.

cluster_private_key_filename

scopable True
required False
provisioning False
default None
inheritance leaf > head
scope order specific > generic

Local filesystem data source of the TLS private key used to communicate with cluster endpoints.

filter_config_data

scopable True
required False
provisioning False
default None
inheritance leaf > head
scope order specific > generic
convert json

The envoy protocol compliant data in json format used to bootstrap the Listener filter config messages. Parts of this structure, like routes, are amended by more specific keywords.

gateway

scopable True
required False
provisioning False
default None
inheritance leaf > head
scope order specific > generic

The name of the ingress gateway that should handle this expose.

lb_policy

scopable True
required False
provisioning False
default round robin
inheritance leaf > head
scope order specific > generic
candidates round robin | least_request | ring_hash | random | original_dst_lb | maglev

The name of the envoy cluster load balancing policy.

listener_addr

scopable True
required False
provisioning False
default The main proxy ip address.
inheritance leaf > head
scope order specific > generic

The public ip address to expose from.

listener_certificates

scopable True
required False
provisioning False
default None
inheritance leaf > head
scope order specific > generic
convert list

The TLS certificates used by the listener.

listener_port

scopable True
required False
provisioning False
default The expose <port>.
inheritance leaf > head
scope order specific > generic
convert integer

The public port number to expose from. The special value 0 is interpreted as a request for auto-allocation.

port

scopable True
required True
provisioning False
default None
inheritance leaf > head
scope order specific > generic
convert integer

The port number of the endpoint.

protocol

scopable True
required False
provisioning False
default tcp
inheritance leaf > head
scope order specific > generic
candidates tcp | udp

The protocol of the endpoint.

sni

scopable True
required False
provisioning False
default None
inheritance leaf > head
scope order specific > generic
convert list

The SNI server names to match on the proxy to select this service endpoints. The socket server must support TLS.

vhosts

scopable True
required False
provisioning False
default None
inheritance leaf > head
scope order specific > generic
convert list

The list of vhost resource identifiers for this expose.

comment

scopable False
required False
provisioning False
default  
inheritance leaf > head
scope order specific > generic

Helps users understand the role of the service and resources, which is nice to on-call support people having to operate on a service they are not usually responsible for.