expose.envoy¶
Simplest configuration:
[expose#0]
type = envoy
port = foo
svcmgr -s <svcname> set --kw expose#0.type=envoy --kw expose#0.port=foo
cluster_certificates¶
scopable |
True |
required |
False |
provisioning |
False |
default |
None |
inheritance |
leaf > head |
scope order |
specific > generic |
convert |
list |
The TLS certificates used to communicate with cluster endpoints.
cluster_data¶
scopable |
True |
required |
False |
provisioning |
False |
default |
None |
inheritance |
leaf > head |
scope order |
specific > generic |
convert |
json |
The envoy protocol compliant data in json format used to bootstrap the Cluster config messages. Parts of this structure, like endpoints, are amended to reflect the actual cluster state.
cluster_private_key_filename¶
scopable |
True |
required |
False |
provisioning |
False |
default |
None |
inheritance |
leaf > head |
scope order |
specific > generic |
Local filesystem data source of the TLS private key used to communicate with cluster endpoints.
filter_config_data¶
scopable |
True |
required |
False |
provisioning |
False |
default |
None |
inheritance |
leaf > head |
scope order |
specific > generic |
convert |
json |
The envoy protocol compliant data in json format used to bootstrap the Listener filter config messages. Parts of this structure, like routes, are amended by more specific keywords.
gateway¶
scopable |
True |
required |
False |
provisioning |
False |
default |
None |
inheritance |
leaf > head |
scope order |
specific > generic |
The name of the ingress gateway that should handle this expose.
lb_policy¶
scopable |
True |
required |
False |
provisioning |
False |
default |
round robin |
inheritance |
leaf > head |
scope order |
specific > generic |
candidates |
round robin | least_request | ring_hash | random | original_dst_lb | maglev |
The name of the envoy cluster load balancing policy.
listener_addr¶
scopable |
True |
required |
False |
provisioning |
False |
default |
The main proxy ip address. |
inheritance |
leaf > head |
scope order |
specific > generic |
The public ip address to expose from.
listener_certificates¶
scopable |
True |
required |
False |
provisioning |
False |
default |
None |
inheritance |
leaf > head |
scope order |
specific > generic |
convert |
list |
The TLS certificates used by the listener.
listener_port¶
scopable |
True |
required |
False |
provisioning |
False |
default |
The expose <port>. |
inheritance |
leaf > head |
scope order |
specific > generic |
convert |
integer |
The public port number to expose from. The special value 0 is interpreted as a request for auto-allocation.
port¶
scopable |
True |
required |
True |
provisioning |
False |
default |
None |
inheritance |
leaf > head |
scope order |
specific > generic |
convert |
integer |
The port number of the endpoint.
protocol¶
scopable |
True |
required |
False |
provisioning |
False |
default |
tcp |
inheritance |
leaf > head |
scope order |
specific > generic |
candidates |
tcp | udp |
The protocol of the endpoint.
sni¶
scopable |
True |
required |
False |
provisioning |
False |
default |
None |
inheritance |
leaf > head |
scope order |
specific > generic |
convert |
list |
The SNI server names to match on the proxy to select this service endpoints. The socket server must support TLS.
vhosts¶
scopable |
True |
required |
False |
provisioning |
False |
default |
None |
inheritance |
leaf > head |
scope order |
specific > generic |
convert |
list |
The list of vhost resource identifiers for this expose.
comment¶
scopable |
False |
required |
False |
provisioning |
False |
default |
|
inheritance |
leaf > head |
scope order |
specific > generic |
Helps users understand the role of the service and resources, which is nice to on-call support people having to operate on a service they are not usually responsible for.