expose.envoy

Simplest configuration:

[expose#0]
type = envoy
port = foo
svcmgr -s <svcname> set --kw expose#0.type=envoy --kw expose#0.port=foo

cluster_certificates

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

convert

list

The TLS certificates used to communicate with cluster endpoints.

cluster_data

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

convert

json

The envoy protocol compliant data in json format used to bootstrap the Cluster config messages. Parts of this structure, like endpoints, are amended to reflect the actual cluster state.

cluster_private_key_filename

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

Local filesystem data source of the TLS private key used to communicate with cluster endpoints.

filter_config_data

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

convert

json

The envoy protocol compliant data in json format used to bootstrap the Listener filter config messages. Parts of this structure, like routes, are amended by more specific keywords.

gateway

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

The name of the ingress gateway that should handle this expose.

lb_policy

scopable

True

required

False

provisioning

False

default

round robin

inheritance

leaf > head

scope order

specific > generic

candidates

round robin | least_request | ring_hash | random | original_dst_lb | maglev

The name of the envoy cluster load balancing policy.

listener_addr

scopable

True

required

False

provisioning

False

default

The main proxy ip address.

inheritance

leaf > head

scope order

specific > generic

The public ip address to expose from.

listener_certificates

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

convert

list

The TLS certificates used by the listener.

listener_port

scopable

True

required

False

provisioning

False

default

The expose <port>.

inheritance

leaf > head

scope order

specific > generic

convert

integer

The public port number to expose from. The special value 0 is interpreted as a request for auto-allocation.

port

scopable

True

required

True

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

convert

integer

The port number of the endpoint.

protocol

scopable

True

required

False

provisioning

False

default

tcp

inheritance

leaf > head

scope order

specific > generic

candidates

tcp | udp

The protocol of the endpoint.

sni

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

convert

list

The SNI server names to match on the proxy to select this service endpoints. The socket server must support TLS.

vhosts

scopable

True

required

False

provisioning

False

default

None

inheritance

leaf > head

scope order

specific > generic

convert

list

The list of vhost resource identifiers for this expose.

comment

scopable

False

required

False

provisioning

False

default

inheritance

leaf > head

scope order

specific > generic

Helps users understand the role of the service and resources, which is nice to on-call support people having to operate on a service they are not usually responsible for.