1syntax = "proto3"; 2 3package envoy.config.cluster.v3; 4 5import "envoy/config/cluster/v3/circuit_breaker.proto"; 6import "envoy/config/cluster/v3/filter.proto"; 7import "envoy/config/cluster/v3/outlier_detection.proto"; 8import "envoy/config/core/v3/address.proto"; 9import "envoy/config/core/v3/base.proto"; 10import "envoy/config/core/v3/config_source.proto"; 11import "envoy/config/core/v3/extension.proto"; 12import "envoy/config/core/v3/health_check.proto"; 13import "envoy/config/core/v3/protocol.proto"; 14import "envoy/config/core/v3/resolver.proto"; 15import "envoy/config/endpoint/v3/endpoint.proto"; 16import "envoy/type/v3/percent.proto"; 17 18import "google/protobuf/any.proto"; 19import "google/protobuf/duration.proto"; 20import "google/protobuf/struct.proto"; 21import "google/protobuf/wrappers.proto"; 22 23import "xds/core/v3/collection_entry.proto"; 24 25import "envoy/annotations/deprecation.proto"; 26import "udpa/annotations/migrate.proto"; 27import "udpa/annotations/security.proto"; 28import "udpa/annotations/status.proto"; 29import "udpa/annotations/versioning.proto"; 30import "validate/validate.proto"; 31 32option java_package = "io.envoyproxy.envoy.config.cluster.v3"; 33option java_outer_classname = "ClusterProto"; 34option java_multiple_files = true; 35option go_package = "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3;clusterv3"; 36option (udpa.annotations.file_status).package_version_status = ACTIVE; 37 38// [#protodoc-title: Cluster configuration] 39 40// Cluster list collections. Entries are ``Cluster`` resources or references. 41// [#not-implemented-hide:] 42message ClusterCollection { 43 xds.core.v3.CollectionEntry entries = 1; 44} 45 46// Configuration for a single upstream cluster. 47// [#next-free-field: 57] 48message Cluster { 49 option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.Cluster"; 50 51 // Refer to :ref:`service discovery type <arch_overview_service_discovery_types>` 52 // for an explanation on each type. 53 enum DiscoveryType { 54 // Refer to the :ref:`static discovery type<arch_overview_service_discovery_types_static>` 55 // for an explanation. 56 STATIC = 0; 57 58 // Refer to the :ref:`strict DNS discovery 59 // type<arch_overview_service_discovery_types_strict_dns>` 60 // for an explanation. 61 STRICT_DNS = 1; 62 63 // Refer to the :ref:`logical DNS discovery 64 // type<arch_overview_service_discovery_types_logical_dns>` 65 // for an explanation. 66 LOGICAL_DNS = 2; 67 68 // Refer to the :ref:`service discovery type<arch_overview_service_discovery_types_eds>` 69 // for an explanation. 70 EDS = 3; 71 72 // Refer to the :ref:`original destination discovery 73 // type<arch_overview_service_discovery_types_original_destination>` 74 // for an explanation. 75 ORIGINAL_DST = 4; 76 } 77 78 // Refer to :ref:`load balancer type <arch_overview_load_balancing_types>` architecture 79 // overview section for information on each type. 80 enum LbPolicy { 81 reserved 4; 82 83 reserved "ORIGINAL_DST_LB"; 84 85 // Refer to the :ref:`round robin load balancing 86 // policy<arch_overview_load_balancing_types_round_robin>` 87 // for an explanation. 88 ROUND_ROBIN = 0; 89 90 // Refer to the :ref:`least request load balancing 91 // policy<arch_overview_load_balancing_types_least_request>` 92 // for an explanation. 93 LEAST_REQUEST = 1; 94 95 // Refer to the :ref:`ring hash load balancing 96 // policy<arch_overview_load_balancing_types_ring_hash>` 97 // for an explanation. 98 RING_HASH = 2; 99 100 // Refer to the :ref:`random load balancing 101 // policy<arch_overview_load_balancing_types_random>` 102 // for an explanation. 103 RANDOM = 3; 104 105 // Refer to the :ref:`Maglev load balancing policy<arch_overview_load_balancing_types_maglev>` 106 // for an explanation. 107 MAGLEV = 5; 108 109 // This load balancer type must be specified if the configured cluster provides a cluster 110 // specific load balancer. Consult the configured cluster's documentation for whether to set 111 // this option or not. 112 CLUSTER_PROVIDED = 6; 113 114 // Use the new :ref:`load_balancing_policy 115 // <envoy_v3_api_field_config.cluster.v3.Cluster.load_balancing_policy>` field to determine the LB policy. 116 // This has been deprecated in favor of using the :ref:`load_balancing_policy 117 // <envoy_v3_api_field_config.cluster.v3.Cluster.load_balancing_policy>` field without 118 // setting any value in :ref:`lb_policy<envoy_v3_api_field_config.cluster.v3.Cluster.lb_policy>`. 119 LOAD_BALANCING_POLICY_CONFIG = 7; 120 } 121 122 // When V4_ONLY is selected, the DNS resolver will only perform a lookup for 123 // addresses in the IPv4 family. If V6_ONLY is selected, the DNS resolver will 124 // only perform a lookup for addresses in the IPv6 family. If AUTO is 125 // specified, the DNS resolver will first perform a lookup for addresses in 126 // the IPv6 family and fallback to a lookup for addresses in the IPv4 family. 127 // This is semantically equivalent to a non-existent V6_PREFERRED option. 128 // AUTO is a legacy name that is more opaque than 129 // necessary and will be deprecated in favor of V6_PREFERRED in a future major version of the API. 130 // If V4_PREFERRED is specified, the DNS resolver will first perform a lookup for addresses in the 131 // IPv4 family and fallback to a lookup for addresses in the IPv6 family. i.e., the callback 132 // target will only get v6 addresses if there were NO v4 addresses to return. 133 // If ALL is specified, the DNS resolver will perform a lookup for both IPv4 and IPv6 families, 134 // and return all resolved addresses. When this is used, Happy Eyeballs will be enabled for 135 // upstream connections. Refer to :ref:`Happy Eyeballs Support <arch_overview_happy_eyeballs>` 136 // for more information. 137 // For cluster types other than 138 // :ref:`STRICT_DNS<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.STRICT_DNS>` and 139 // :ref:`LOGICAL_DNS<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.LOGICAL_DNS>`, 140 // this setting is 141 // ignored. 142 // [#next-major-version: deprecate AUTO in favor of a V6_PREFERRED option.] 143 enum DnsLookupFamily { 144 AUTO = 0; 145 V4_ONLY = 1; 146 V6_ONLY = 2; 147 V4_PREFERRED = 3; 148 ALL = 4; 149 } 150 151 enum ClusterProtocolSelection { 152 // Cluster can only operate on one of the possible upstream protocols (HTTP1.1, HTTP2). 153 // If :ref:`http2_protocol_options <envoy_v3_api_field_config.cluster.v3.Cluster.http2_protocol_options>` are 154 // present, HTTP2 will be used, otherwise HTTP1.1 will be used. 155 USE_CONFIGURED_PROTOCOL = 0; 156 157 // Use HTTP1.1 or HTTP2, depending on which one is used on the downstream connection. 158 USE_DOWNSTREAM_PROTOCOL = 1; 159 } 160 161 // TransportSocketMatch specifies what transport socket config will be used 162 // when the match conditions are satisfied. 163 message TransportSocketMatch { 164 option (udpa.annotations.versioning).previous_message_type = 165 "envoy.api.v2.Cluster.TransportSocketMatch"; 166 167 // The name of the match, used in stats generation. 168 string name = 1 [(validate.rules).string = {min_len: 1}]; 169 170 // Optional endpoint metadata match criteria. 171 // The connection to the endpoint with metadata matching what is set in this field 172 // will use the transport socket configuration specified here. 173 // The endpoint's metadata entry in ``envoy.transport_socket_match`` is used to match 174 // against the values specified in this field. 175 google.protobuf.Struct match = 2; 176 177 // The configuration of the transport socket. 178 // [#extension-category: envoy.transport_sockets.upstream] 179 core.v3.TransportSocket transport_socket = 3; 180 } 181 182 // Extended cluster type. 183 message CustomClusterType { 184 option (udpa.annotations.versioning).previous_message_type = 185 "envoy.api.v2.Cluster.CustomClusterType"; 186 187 // The type of the cluster to instantiate. The name must match a supported cluster type. 188 string name = 1 [(validate.rules).string = {min_len: 1}]; 189 190 // Cluster specific configuration which depends on the cluster being instantiated. 191 // See the supported cluster for further documentation. 192 // [#extension-category: envoy.clusters] 193 google.protobuf.Any typed_config = 2; 194 } 195 196 // Only valid when discovery type is EDS. 197 message EdsClusterConfig { 198 option (udpa.annotations.versioning).previous_message_type = 199 "envoy.api.v2.Cluster.EdsClusterConfig"; 200 201 // Configuration for the source of EDS updates for this Cluster. 202 core.v3.ConfigSource eds_config = 1; 203 204 // Optional alternative to cluster name to present to EDS. This does not 205 // have the same restrictions as cluster name, i.e. it may be arbitrary 206 // length. This may be a xdstp:// URL. 207 string service_name = 2; 208 } 209 210 // Optionally divide the endpoints in this cluster into subsets defined by 211 // endpoint metadata and selected by route and weighted cluster metadata. 212 // [#next-free-field: 9] 213 message LbSubsetConfig { 214 option (udpa.annotations.versioning).previous_message_type = 215 "envoy.api.v2.Cluster.LbSubsetConfig"; 216 217 // If NO_FALLBACK is selected, a result 218 // equivalent to no healthy hosts is reported. If ANY_ENDPOINT is selected, 219 // any cluster endpoint may be returned (subject to policy, health checks, 220 // etc). If DEFAULT_SUBSET is selected, load balancing is performed over the 221 // endpoints matching the values from the default_subset field. 222 enum LbSubsetFallbackPolicy { 223 NO_FALLBACK = 0; 224 ANY_ENDPOINT = 1; 225 DEFAULT_SUBSET = 2; 226 } 227 228 enum LbSubsetMetadataFallbackPolicy { 229 // No fallback. Route metadata will be used as-is. 230 METADATA_NO_FALLBACK = 0; 231 232 // A special metadata key ``fallback_list`` will be used to provide variants of metadata to try. 233 // Value of ``fallback_list`` key has to be a list. Every list element has to be a struct - it will 234 // be merged with route metadata, overriding keys that appear in both places. 235 // ``fallback_list`` entries will be used in order until a host is found. 236 // 237 // ``fallback_list`` key itself is removed from metadata before subset load balancing is performed. 238 // 239 // Example: 240 // 241 // for metadata: 242 // 243 // .. code-block:: yaml 244 // 245 // version: 1.0 246 // fallback_list: 247 // - version: 2.0 248 // hardware: c64 249 // - hardware: c32 250 // - version: 3.0 251 // 252 // at first, metadata: 253 // 254 // .. code-block:: json 255 // 256 // {"version": "2.0", "hardware": "c64"} 257 // 258 // will be used for load balancing. If no host is found, metadata: 259 // 260 // .. code-block:: json 261 // 262 // {"version": "1.0", "hardware": "c32"} 263 // 264 // is next to try. If it still results in no host, finally metadata: 265 // 266 // .. code-block:: json 267 // 268 // {"version": "3.0"} 269 // 270 // is used. 271 FALLBACK_LIST = 1; 272 } 273 274 // Specifications for subsets. 275 message LbSubsetSelector { 276 option (udpa.annotations.versioning).previous_message_type = 277 "envoy.api.v2.Cluster.LbSubsetConfig.LbSubsetSelector"; 278 279 // Allows to override top level fallback policy per selector. 280 enum LbSubsetSelectorFallbackPolicy { 281 // If NOT_DEFINED top level config fallback policy is used instead. 282 NOT_DEFINED = 0; 283 284 // If NO_FALLBACK is selected, a result equivalent to no healthy hosts is reported. 285 NO_FALLBACK = 1; 286 287 // If ANY_ENDPOINT is selected, any cluster endpoint may be returned 288 // (subject to policy, health checks, etc). 289 ANY_ENDPOINT = 2; 290 291 // If DEFAULT_SUBSET is selected, load balancing is performed over the 292 // endpoints matching the values from the default_subset field. 293 DEFAULT_SUBSET = 3; 294 295 // If KEYS_SUBSET is selected, subset selector matching is performed again with metadata 296 // keys reduced to 297 // :ref:`fallback_keys_subset<envoy_v3_api_field_config.cluster.v3.Cluster.LbSubsetConfig.LbSubsetSelector.fallback_keys_subset>`. 298 // It allows for a fallback to a different, less specific selector if some of the keys of 299 // the selector are considered optional. 300 KEYS_SUBSET = 4; 301 } 302 303 // List of keys to match with the weighted cluster metadata. 304 repeated string keys = 1; 305 306 // Selects a mode of operation in which each subset has only one host. This mode uses the same rules for 307 // choosing a host, but updating hosts is faster, especially for large numbers of hosts. 308 // 309 // If a match is found to a host, that host will be used regardless of priority levels. 310 // 311 // When this mode is enabled, configurations that contain more than one host with the same metadata value for the single key in ``keys`` 312 // will use only one of the hosts with the given key; no requests will be routed to the others. The cluster gauge 313 // :ref:`lb_subsets_single_host_per_subset_duplicate<config_cluster_manager_cluster_stats_subset_lb>` indicates how many duplicates are 314 // present in the current configuration. 315 bool single_host_per_subset = 4; 316 317 // The behavior used when no endpoint subset matches the selected route's 318 // metadata. 319 LbSubsetSelectorFallbackPolicy fallback_policy = 2 320 [(validate.rules).enum = {defined_only: true}]; 321 322 // Subset of 323 // :ref:`keys<envoy_v3_api_field_config.cluster.v3.Cluster.LbSubsetConfig.LbSubsetSelector.keys>` used by 324 // :ref:`KEYS_SUBSET<envoy_v3_api_enum_value_config.cluster.v3.Cluster.LbSubsetConfig.LbSubsetSelector.LbSubsetSelectorFallbackPolicy.KEYS_SUBSET>` 325 // fallback policy. 326 // It has to be a non empty list if KEYS_SUBSET fallback policy is selected. 327 // For any other fallback policy the parameter is not used and should not be set. 328 // Only values also present in 329 // :ref:`keys<envoy_v3_api_field_config.cluster.v3.Cluster.LbSubsetConfig.LbSubsetSelector.keys>` are allowed, but 330 // ``fallback_keys_subset`` cannot be equal to ``keys``. 331 repeated string fallback_keys_subset = 3; 332 } 333 334 // The behavior used when no endpoint subset matches the selected route's 335 // metadata. The value defaults to 336 // :ref:`NO_FALLBACK<envoy_v3_api_enum_value_config.cluster.v3.Cluster.LbSubsetConfig.LbSubsetFallbackPolicy.NO_FALLBACK>`. 337 LbSubsetFallbackPolicy fallback_policy = 1 [(validate.rules).enum = {defined_only: true}]; 338 339 // Specifies the default subset of endpoints used during fallback if 340 // fallback_policy is 341 // :ref:`DEFAULT_SUBSET<envoy_v3_api_enum_value_config.cluster.v3.Cluster.LbSubsetConfig.LbSubsetFallbackPolicy.DEFAULT_SUBSET>`. 342 // Each field in default_subset is 343 // compared to the matching LbEndpoint.Metadata under the ``envoy.lb`` 344 // namespace. It is valid for no hosts to match, in which case the behavior 345 // is the same as a fallback_policy of 346 // :ref:`NO_FALLBACK<envoy_v3_api_enum_value_config.cluster.v3.Cluster.LbSubsetConfig.LbSubsetFallbackPolicy.NO_FALLBACK>`. 347 google.protobuf.Struct default_subset = 2; 348 349 // For each entry, LbEndpoint.Metadata's 350 // ``envoy.lb`` namespace is traversed and a subset is created for each unique 351 // combination of key and value. For example: 352 // 353 // .. code-block:: json 354 // 355 // { "subset_selectors": [ 356 // { "keys": [ "version" ] }, 357 // { "keys": [ "stage", "hardware_type" ] } 358 // ]} 359 // 360 // A subset is matched when the metadata from the selected route and 361 // weighted cluster contains the same keys and values as the subset's 362 // metadata. The same host may appear in multiple subsets. 363 repeated LbSubsetSelector subset_selectors = 3; 364 365 // If true, routing to subsets will take into account the localities and locality weights of the 366 // endpoints when making the routing decision. 367 // 368 // There are some potential pitfalls associated with enabling this feature, as the resulting 369 // traffic split after applying both a subset match and locality weights might be undesirable. 370 // 371 // Consider for example a situation in which you have 50/50 split across two localities X/Y 372 // which have 100 hosts each without subsetting. If the subset LB results in X having only 1 373 // host selected but Y having 100, then a lot more load is being dumped on the single host in X 374 // than originally anticipated in the load balancing assignment delivered via EDS. 375 bool locality_weight_aware = 4; 376 377 // When used with locality_weight_aware, scales the weight of each locality by the ratio 378 // of hosts in the subset vs hosts in the original subset. This aims to even out the load 379 // going to an individual locality if said locality is disproportionately affected by the 380 // subset predicate. 381 bool scale_locality_weight = 5; 382 383 // If true, when a fallback policy is configured and its corresponding subset fails to find 384 // a host this will cause any host to be selected instead. 385 // 386 // This is useful when using the default subset as the fallback policy, given the default 387 // subset might become empty. With this option enabled, if that happens the LB will attempt 388 // to select a host from the entire cluster. 389 bool panic_mode_any = 6; 390 391 // If true, metadata specified for a metadata key will be matched against the corresponding 392 // endpoint metadata if the endpoint metadata matches the value exactly OR it is a list value 393 // and any of the elements in the list matches the criteria. 394 bool list_as_any = 7; 395 396 // Fallback mechanism that allows to try different route metadata until a host is found. 397 // If load balancing process, including all its mechanisms (like 398 // :ref:`fallback_policy<envoy_v3_api_field_config.cluster.v3.Cluster.LbSubsetConfig.fallback_policy>`) 399 // fails to select a host, this policy decides if and how the process is repeated using another metadata. 400 // 401 // The value defaults to 402 // :ref:`METADATA_NO_FALLBACK<envoy_v3_api_enum_value_config.cluster.v3.Cluster.LbSubsetConfig.LbSubsetMetadataFallbackPolicy.METADATA_NO_FALLBACK>`. 403 LbSubsetMetadataFallbackPolicy metadata_fallback_policy = 8 404 [(validate.rules).enum = {defined_only: true}]; 405 } 406 407 // Configuration for :ref:`slow start mode <arch_overview_load_balancing_slow_start>`. 408 message SlowStartConfig { 409 // Represents the size of slow start window. 410 // If set, the newly created host remains in slow start mode starting from its creation time 411 // for the duration of slow start window. 412 google.protobuf.Duration slow_start_window = 1; 413 414 // This parameter controls the speed of traffic increase over the slow start window. Defaults to 1.0, 415 // so that endpoint would get linearly increasing amount of traffic. 416 // When increasing the value for this parameter, the speed of traffic ramp-up increases non-linearly. 417 // The value of aggression parameter should be greater than 0.0. 418 // By tuning the parameter, is possible to achieve polynomial or exponential shape of ramp-up curve. 419 // 420 // During slow start window, effective weight of an endpoint would be scaled with time factor and aggression: 421 // ``new_weight = weight * max(min_weight_percent, time_factor ^ (1 / aggression))``, 422 // where ``time_factor=(time_since_start_seconds / slow_start_time_seconds)``. 423 // 424 // As time progresses, more and more traffic would be sent to endpoint, which is in slow start window. 425 // Once host exits slow start, time_factor and aggression no longer affect its weight. 426 core.v3.RuntimeDouble aggression = 2; 427 428 // Configures the minimum percentage of origin weight that avoids too small new weight, 429 // which may cause endpoints in slow start mode receive no traffic in slow start window. 430 // If not specified, the default is 10%. 431 type.v3.Percent min_weight_percent = 3; 432 } 433 434 // Specific configuration for the RoundRobin load balancing policy. 435 message RoundRobinLbConfig { 436 // Configuration for slow start mode. 437 // If this configuration is not set, slow start will not be not enabled. 438 SlowStartConfig slow_start_config = 1; 439 } 440 441 // Specific configuration for the LeastRequest load balancing policy. 442 message LeastRequestLbConfig { 443 option (udpa.annotations.versioning).previous_message_type = 444 "envoy.api.v2.Cluster.LeastRequestLbConfig"; 445 446 // The number of random healthy hosts from which the host with the fewest active requests will 447 // be chosen. Defaults to 2 so that we perform two-choice selection if the field is not set. 448 google.protobuf.UInt32Value choice_count = 1 [(validate.rules).uint32 = {gte: 2}]; 449 450 // The following formula is used to calculate the dynamic weights when hosts have different load 451 // balancing weights: 452 // 453 // ``weight = load_balancing_weight / (active_requests + 1)^active_request_bias`` 454 // 455 // The larger the active request bias is, the more aggressively active requests will lower the 456 // effective weight when all host weights are not equal. 457 // 458 // ``active_request_bias`` must be greater than or equal to 0.0. 459 // 460 // When ``active_request_bias == 0.0`` the Least Request Load Balancer doesn't consider the number 461 // of active requests at the time it picks a host and behaves like the Round Robin Load 462 // Balancer. 463 // 464 // When ``active_request_bias > 0.0`` the Least Request Load Balancer scales the load balancing 465 // weight by the number of active requests at the time it does a pick. 466 // 467 // The value is cached for performance reasons and refreshed whenever one of the Load Balancer's 468 // host sets changes, e.g., whenever there is a host membership update or a host load balancing 469 // weight change. 470 // 471 // .. note:: 472 // This setting only takes effect if all host weights are not equal. 473 core.v3.RuntimeDouble active_request_bias = 2; 474 475 // Configuration for slow start mode. 476 // If this configuration is not set, slow start will not be not enabled. 477 SlowStartConfig slow_start_config = 3; 478 } 479 480 // Specific configuration for the :ref:`RingHash<arch_overview_load_balancing_types_ring_hash>` 481 // load balancing policy. 482 message RingHashLbConfig { 483 option (udpa.annotations.versioning).previous_message_type = 484 "envoy.api.v2.Cluster.RingHashLbConfig"; 485 486 // The hash function used to hash hosts onto the ketama ring. 487 enum HashFunction { 488 // Use `xxHash <https://github.com/Cyan4973/xxHash>`_, this is the default hash function. 489 XX_HASH = 0; 490 491 // Use `MurmurHash2 <https://sites.google.com/site/murmurhash/>`_, this is compatible with 492 // std:hash<string> in GNU libstdc++ 3.4.20 or above. This is typically the case when compiled 493 // on Linux and not macOS. 494 MURMUR_HASH_2 = 1; 495 } 496 497 reserved 2; 498 499 // Minimum hash ring size. The larger the ring is (that is, the more hashes there are for each 500 // provided host) the better the request distribution will reflect the desired weights. Defaults 501 // to 1024 entries, and limited to 8M entries. See also 502 // :ref:`maximum_ring_size<envoy_v3_api_field_config.cluster.v3.Cluster.RingHashLbConfig.maximum_ring_size>`. 503 google.protobuf.UInt64Value minimum_ring_size = 1 [(validate.rules).uint64 = {lte: 8388608}]; 504 505 // The hash function used to hash hosts onto the ketama ring. The value defaults to 506 // :ref:`XX_HASH<envoy_v3_api_enum_value_config.cluster.v3.Cluster.RingHashLbConfig.HashFunction.XX_HASH>`. 507 HashFunction hash_function = 3 [(validate.rules).enum = {defined_only: true}]; 508 509 // Maximum hash ring size. Defaults to 8M entries, and limited to 8M entries, but can be lowered 510 // to further constrain resource use. See also 511 // :ref:`minimum_ring_size<envoy_v3_api_field_config.cluster.v3.Cluster.RingHashLbConfig.minimum_ring_size>`. 512 google.protobuf.UInt64Value maximum_ring_size = 4 [(validate.rules).uint64 = {lte: 8388608}]; 513 } 514 515 // Specific configuration for the :ref:`Maglev<arch_overview_load_balancing_types_maglev>` 516 // load balancing policy. 517 message MaglevLbConfig { 518 // The table size for Maglev hashing. Maglev aims for "minimal disruption" rather than an absolute guarantee. 519 // Minimal disruption means that when the set of upstream hosts change, a connection will likely be sent to the same 520 // upstream as it was before. Increasing the table size reduces the amount of disruption. 521 // The table size must be prime number limited to 5000011. If it is not specified, the default is 65537. 522 google.protobuf.UInt64Value table_size = 1 [(validate.rules).uint64 = {lte: 5000011}]; 523 } 524 525 // Specific configuration for the 526 // :ref:`Original Destination <arch_overview_load_balancing_types_original_destination>` 527 // load balancing policy. 528 // [#extension: envoy.clusters.original_dst] 529 message OriginalDstLbConfig { 530 option (udpa.annotations.versioning).previous_message_type = 531 "envoy.api.v2.Cluster.OriginalDstLbConfig"; 532 533 // When true, a HTTP header can be used to override the original dst address. The default header is 534 // :ref:`x-envoy-original-dst-host <config_http_conn_man_headers_x-envoy-original-dst-host>`. 535 // 536 // .. attention:: 537 // 538 // This header isn't sanitized by default, so enabling this feature allows HTTP clients to 539 // route traffic to arbitrary hosts and/or ports, which may have serious security 540 // consequences. 541 // 542 // .. note:: 543 // 544 // If the header appears multiple times only the first value is used. 545 bool use_http_header = 1; 546 547 // The http header to override destination address if :ref:`use_http_header <envoy_v3_api_field_config.cluster.v3.Cluster.OriginalDstLbConfig.use_http_header>`. 548 // is set to true. If the value is empty, :ref:`x-envoy-original-dst-host <config_http_conn_man_headers_x-envoy-original-dst-host>` will be used. 549 string http_header_name = 2; 550 551 // The port to override for the original dst address. This port 552 // will take precedence over filter state and header override ports 553 google.protobuf.UInt32Value upstream_port_override = 3 [(validate.rules).uint32 = {lte: 65535}]; 554 } 555 556 // Common configuration for all load balancer implementations. 557 // [#next-free-field: 9] 558 message CommonLbConfig { 559 option (udpa.annotations.versioning).previous_message_type = 560 "envoy.api.v2.Cluster.CommonLbConfig"; 561 562 // Configuration for :ref:`zone aware routing 563 // <arch_overview_load_balancing_zone_aware_routing>`. 564 message ZoneAwareLbConfig { 565 option (udpa.annotations.versioning).previous_message_type = 566 "envoy.api.v2.Cluster.CommonLbConfig.ZoneAwareLbConfig"; 567 568 // Configures percentage of requests that will be considered for zone aware routing 569 // if zone aware routing is configured. If not specified, the default is 100%. 570 // * :ref:`runtime values <config_cluster_manager_cluster_runtime_zone_routing>`. 571 // * :ref:`Zone aware routing support <arch_overview_load_balancing_zone_aware_routing>`. 572 type.v3.Percent routing_enabled = 1; 573 574 // Configures minimum upstream cluster size required for zone aware routing 575 // If upstream cluster size is less than specified, zone aware routing is not performed 576 // even if zone aware routing is configured. If not specified, the default is 6. 577 // * :ref:`runtime values <config_cluster_manager_cluster_runtime_zone_routing>`. 578 // * :ref:`Zone aware routing support <arch_overview_load_balancing_zone_aware_routing>`. 579 google.protobuf.UInt64Value min_cluster_size = 2; 580 581 // If set to true, Envoy will not consider any hosts when the cluster is in :ref:`panic 582 // mode<arch_overview_load_balancing_panic_threshold>`. Instead, the cluster will fail all 583 // requests as if all hosts are unhealthy. This can help avoid potentially overwhelming a 584 // failing service. 585 bool fail_traffic_on_panic = 3; 586 } 587 588 // Configuration for :ref:`locality weighted load balancing 589 // <arch_overview_load_balancing_locality_weighted_lb>` 590 message LocalityWeightedLbConfig { 591 option (udpa.annotations.versioning).previous_message_type = 592 "envoy.api.v2.Cluster.CommonLbConfig.LocalityWeightedLbConfig"; 593 } 594 595 // Common Configuration for all consistent hashing load balancers (MaglevLb, RingHashLb, etc.) 596 message ConsistentHashingLbConfig { 597 option (udpa.annotations.versioning).previous_message_type = 598 "envoy.api.v2.Cluster.CommonLbConfig.ConsistentHashingLbConfig"; 599 600 // If set to ``true``, the cluster will use hostname instead of the resolved 601 // address as the key to consistently hash to an upstream host. Only valid for StrictDNS clusters with hostnames which resolve to a single IP address. 602 bool use_hostname_for_hashing = 1; 603 604 // Configures percentage of average cluster load to bound per upstream host. For example, with a value of 150 605 // no upstream host will get a load more than 1.5 times the average load of all the hosts in the cluster. 606 // If not specified, the load is not bounded for any upstream host. Typical value for this parameter is between 120 and 200. 607 // Minimum is 100. 608 // 609 // Applies to both Ring Hash and Maglev load balancers. 610 // 611 // This is implemented based on the method described in the paper https://arxiv.org/abs/1608.01350. For the specified 612 // ``hash_balance_factor``, requests to any upstream host are capped at ``hash_balance_factor/100`` times the average number of requests 613 // across the cluster. When a request arrives for an upstream host that is currently serving at its max capacity, linear probing 614 // is used to identify an eligible host. Further, the linear probe is implemented using a random jump in hosts ring/table to identify 615 // the eligible host (this technique is as described in the paper https://arxiv.org/abs/1908.08762 - the random jump avoids the 616 // cascading overflow effect when choosing the next host in the ring/table). 617 // 618 // If weights are specified on the hosts, they are respected. 619 // 620 // This is an O(N) algorithm, unlike other load balancers. Using a lower ``hash_balance_factor`` results in more hosts 621 // being probed, so use a higher value if you require better performance. 622 google.protobuf.UInt32Value hash_balance_factor = 2 [(validate.rules).uint32 = {gte: 100}]; 623 } 624 625 // Configures the :ref:`healthy panic threshold <arch_overview_load_balancing_panic_threshold>`. 626 // If not specified, the default is 50%. 627 // To disable panic mode, set to 0%. 628 // 629 // .. note:: 630 // The specified percent will be truncated to the nearest 1%. 631 type.v3.Percent healthy_panic_threshold = 1; 632 633 oneof locality_config_specifier { 634 ZoneAwareLbConfig zone_aware_lb_config = 2; 635 636 LocalityWeightedLbConfig locality_weighted_lb_config = 3; 637 } 638 639 // If set, all health check/weight/metadata updates that happen within this duration will be 640 // merged and delivered in one shot when the duration expires. The start of the duration is when 641 // the first update happens. This is useful for big clusters, with potentially noisy deploys 642 // that might trigger excessive CPU usage due to a constant stream of healthcheck state changes 643 // or metadata updates. The first set of updates to be seen apply immediately (e.g.: a new 644 // cluster). Please always keep in mind that the use of sandbox technologies may change this 645 // behavior. 646 // 647 // If this is not set, we default to a merge window of 1000ms. To disable it, set the merge 648 // window to 0. 649 // 650 // Note: merging does not apply to cluster membership changes (e.g.: adds/removes); this is 651 // because merging those updates isn't currently safe. See 652 // https://github.com/envoyproxy/envoy/pull/3941. 653 google.protobuf.Duration update_merge_window = 4; 654 655 // If set to true, Envoy will :ref:`exclude <arch_overview_load_balancing_excluded>` new hosts 656 // when computing load balancing weights until they have been health checked for the first time. 657 // This will have no effect unless active health checking is also configured. 658 bool ignore_new_hosts_until_first_hc = 5; 659 660 // If set to ``true``, the cluster manager will drain all existing 661 // connections to upstream hosts whenever hosts are added or removed from the cluster. 662 bool close_connections_on_host_set_change = 6; 663 664 // Common Configuration for all consistent hashing load balancers (MaglevLb, RingHashLb, etc.) 665 ConsistentHashingLbConfig consistent_hashing_lb_config = 7; 666 667 // This controls what hosts are considered valid when using 668 // :ref:`host overrides <arch_overview_load_balancing_override_host>`, which is used by some 669 // filters to modify the load balancing decision. 670 // 671 // If this is unset then [UNKNOWN, HEALTHY, DEGRADED] will be applied by default. If this is 672 // set with an empty set of statuses then host overrides will be ignored by the load balancing. 673 core.v3.HealthStatusSet override_host_status = 8; 674 } 675 676 message RefreshRate { 677 option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.Cluster.RefreshRate"; 678 679 // Specifies the base interval between refreshes. This parameter is required and must be greater 680 // than zero and less than 681 // :ref:`max_interval <envoy_v3_api_field_config.cluster.v3.Cluster.RefreshRate.max_interval>`. 682 google.protobuf.Duration base_interval = 1 [(validate.rules).duration = { 683 required: true 684 gt {nanos: 1000000} 685 }]; 686 687 // Specifies the maximum interval between refreshes. This parameter is optional, but must be 688 // greater than or equal to the 689 // :ref:`base_interval <envoy_v3_api_field_config.cluster.v3.Cluster.RefreshRate.base_interval>` if set. The default 690 // is 10 times the :ref:`base_interval <envoy_v3_api_field_config.cluster.v3.Cluster.RefreshRate.base_interval>`. 691 google.protobuf.Duration max_interval = 2 [(validate.rules).duration = {gt {nanos: 1000000}}]; 692 } 693 694 message PreconnectPolicy { 695 // Indicates how many streams (rounded up) can be anticipated per-upstream for each 696 // incoming stream. This is useful for high-QPS or latency-sensitive services. Preconnecting 697 // will only be done if the upstream is healthy and the cluster has traffic. 698 // 699 // For example if this is 2, for an incoming HTTP/1.1 stream, 2 connections will be 700 // established, one for the new incoming stream, and one for a presumed follow-up stream. For 701 // HTTP/2, only one connection would be established by default as one connection can 702 // serve both the original and presumed follow-up stream. 703 // 704 // In steady state for non-multiplexed connections a value of 1.5 would mean if there were 100 705 // active streams, there would be 100 connections in use, and 50 connections preconnected. 706 // This might be a useful value for something like short lived single-use connections, 707 // for example proxying HTTP/1.1 if keep-alive were false and each stream resulted in connection 708 // termination. It would likely be overkill for long lived connections, such as TCP proxying SMTP 709 // or regular HTTP/1.1 with keep-alive. For long lived traffic, a value of 1.05 would be more 710 // reasonable, where for every 100 connections, 5 preconnected connections would be in the queue 711 // in case of unexpected disconnects where the connection could not be reused. 712 // 713 // If this value is not set, or set explicitly to one, Envoy will fetch as many connections 714 // as needed to serve streams in flight. This means in steady state if a connection is torn down, 715 // a subsequent streams will pay an upstream-rtt latency penalty waiting for a new connection. 716 // 717 // This is limited somewhat arbitrarily to 3 because preconnecting too aggressively can 718 // harm latency more than the preconnecting helps. 719 google.protobuf.DoubleValue per_upstream_preconnect_ratio = 1 720 [(validate.rules).double = {lte: 3.0 gte: 1.0}]; 721 722 // Indicates how many many streams (rounded up) can be anticipated across a cluster for each 723 // stream, useful for low QPS services. This is currently supported for a subset of 724 // deterministic non-hash-based load-balancing algorithms (weighted round robin, random). 725 // Unlike ``per_upstream_preconnect_ratio`` this preconnects across the upstream instances in a 726 // cluster, doing best effort predictions of what upstream would be picked next and 727 // pre-establishing a connection. 728 // 729 // Preconnecting will be limited to one preconnect per configured upstream in the cluster and will 730 // only be done if there are healthy upstreams and the cluster has traffic. 731 // 732 // For example if preconnecting is set to 2 for a round robin HTTP/2 cluster, on the first 733 // incoming stream, 2 connections will be preconnected - one to the first upstream for this 734 // cluster, one to the second on the assumption there will be a follow-up stream. 735 // 736 // If this value is not set, or set explicitly to one, Envoy will fetch as many connections 737 // as needed to serve streams in flight, so during warm up and in steady state if a connection 738 // is closed (and per_upstream_preconnect_ratio is not set), there will be a latency hit for 739 // connection establishment. 740 // 741 // If both this and preconnect_ratio are set, Envoy will make sure both predicted needs are met, 742 // basically preconnecting max(predictive-preconnect, per-upstream-preconnect), for each 743 // upstream. 744 google.protobuf.DoubleValue predictive_preconnect_ratio = 2 745 [(validate.rules).double = {lte: 3.0 gte: 1.0}]; 746 } 747 748 reserved 12, 15, 7, 11, 35; 749 750 reserved "hosts", "tls_context", "extension_protocol_options"; 751 752 // Configuration to use different transport sockets for different endpoints. 753 // The entry of ``envoy.transport_socket_match`` in the 754 // :ref:`LbEndpoint.Metadata <envoy_v3_api_field_config.endpoint.v3.LbEndpoint.metadata>` 755 // is used to match against the transport sockets as they appear in the list. The first 756 // :ref:`match <envoy_v3_api_msg_config.cluster.v3.Cluster.TransportSocketMatch>` is used. 757 // For example, with the following match 758 // 759 // .. code-block:: yaml 760 // 761 // transport_socket_matches: 762 // - name: "enableMTLS" 763 // match: 764 // acceptMTLS: true 765 // transport_socket: 766 // name: envoy.transport_sockets.tls 767 // config: { ... } # tls socket configuration 768 // - name: "defaultToPlaintext" 769 // match: {} 770 // transport_socket: 771 // name: envoy.transport_sockets.raw_buffer 772 // 773 // Connections to the endpoints whose metadata value under ``envoy.transport_socket_match`` 774 // having "acceptMTLS"/"true" key/value pair use the "enableMTLS" socket configuration. 775 // 776 // If a :ref:`socket match <envoy_v3_api_msg_config.cluster.v3.Cluster.TransportSocketMatch>` with empty match 777 // criteria is provided, that always match any endpoint. For example, the "defaultToPlaintext" 778 // socket match in case above. 779 // 780 // If an endpoint metadata's value under ``envoy.transport_socket_match`` does not match any 781 // ``TransportSocketMatch``, socket configuration fallbacks to use the ``tls_context`` or 782 // ``transport_socket`` specified in this cluster. 783 // 784 // This field allows gradual and flexible transport socket configuration changes. 785 // 786 // The metadata of endpoints in EDS can indicate transport socket capabilities. For example, 787 // an endpoint's metadata can have two key value pairs as "acceptMTLS": "true", 788 // "acceptPlaintext": "true". While some other endpoints, only accepting plaintext traffic 789 // has "acceptPlaintext": "true" metadata information. 790 // 791 // Then the xDS server can configure the CDS to a client, Envoy A, to send mutual TLS 792 // traffic for endpoints with "acceptMTLS": "true", by adding a corresponding 793 // ``TransportSocketMatch`` in this field. Other client Envoys receive CDS without 794 // ``transport_socket_match`` set, and still send plain text traffic to the same cluster. 795 // 796 // This field can be used to specify custom transport socket configurations for health 797 // checks by adding matching key/value pairs in a health check's 798 // :ref:`transport socket match criteria <envoy_v3_api_field_config.core.v3.HealthCheck.transport_socket_match_criteria>` field. 799 // 800 // [#comment:TODO(incfly): add a detailed architecture doc on intended usage.] 801 repeated TransportSocketMatch transport_socket_matches = 43; 802 803 // Supplies the name of the cluster which must be unique across all clusters. 804 // The cluster name is used when emitting 805 // :ref:`statistics <config_cluster_manager_cluster_stats>` if :ref:`alt_stat_name 806 // <envoy_v3_api_field_config.cluster.v3.Cluster.alt_stat_name>` is not provided. 807 // Any ``:`` in the cluster name will be converted to ``_`` when emitting statistics. 808 string name = 1 [(validate.rules).string = {min_len: 1}]; 809 810 // An optional alternative to the cluster name to be used for observability. This name is used 811 // emitting stats for the cluster and access logging the cluster name. This will appear as 812 // additional information in configuration dumps of a cluster's current status as 813 // :ref:`observability_name <envoy_v3_api_field_admin.v3.ClusterStatus.observability_name>` 814 // and as an additional tag "upstream_cluster.name" while tracing. Note: Any ``:`` in the name 815 // will be converted to ``_`` when emitting statistics. This should not be confused with 816 // :ref:`Router Filter Header <config_http_filters_router_x-envoy-upstream-alt-stat-name>`. 817 string alt_stat_name = 28 [(udpa.annotations.field_migrate).rename = "observability_name"]; 818 819 oneof cluster_discovery_type { 820 // The :ref:`service discovery type <arch_overview_service_discovery_types>` 821 // to use for resolving the cluster. 822 DiscoveryType type = 2 [(validate.rules).enum = {defined_only: true}]; 823 824 // The custom cluster type. 825 CustomClusterType cluster_type = 38; 826 } 827 828 // Configuration to use for EDS updates for the Cluster. 829 EdsClusterConfig eds_cluster_config = 3; 830 831 // The timeout for new network connections to hosts in the cluster. 832 // If not set, a default value of 5s will be used. 833 google.protobuf.Duration connect_timeout = 4 [(validate.rules).duration = {gt {}}]; 834 835 // Soft limit on size of the cluster’s connections read and write buffers. If 836 // unspecified, an implementation defined default is applied (1MiB). 837 google.protobuf.UInt32Value per_connection_buffer_limit_bytes = 5 838 [(udpa.annotations.security).configure_for_untrusted_upstream = true]; 839 840 // The :ref:`load balancer type <arch_overview_load_balancing_types>` to use 841 // when picking a host in the cluster. 842 LbPolicy lb_policy = 6 [(validate.rules).enum = {defined_only: true}]; 843 844 // Setting this is required for specifying members of 845 // :ref:`STATIC<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.STATIC>`, 846 // :ref:`STRICT_DNS<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.STRICT_DNS>` 847 // or :ref:`LOGICAL_DNS<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.LOGICAL_DNS>` clusters. 848 // This field supersedes the ``hosts`` field in the v2 API. 849 // 850 // .. attention:: 851 // 852 // Setting this allows non-EDS cluster types to contain embedded EDS equivalent 853 // :ref:`endpoint assignments<envoy_v3_api_msg_config.endpoint.v3.ClusterLoadAssignment>`. 854 // 855 endpoint.v3.ClusterLoadAssignment load_assignment = 33; 856 857 // Optional :ref:`active health checking <arch_overview_health_checking>` 858 // configuration for the cluster. If no 859 // configuration is specified no health checking will be done and all cluster 860 // members will be considered healthy at all times. 861 repeated core.v3.HealthCheck health_checks = 8; 862 863 // Optional maximum requests for a single upstream connection. This parameter 864 // is respected by both the HTTP/1.1 and HTTP/2 connection pool 865 // implementations. If not specified, there is no limit. Setting this 866 // parameter to 1 will effectively disable keep alive. 867 // 868 // .. attention:: 869 // This field has been deprecated in favor of the :ref:`max_requests_per_connection <envoy_v3_api_field_config.core.v3.HttpProtocolOptions.max_requests_per_connection>` field. 870 google.protobuf.UInt32Value max_requests_per_connection = 9 871 [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; 872 873 // Optional :ref:`circuit breaking <arch_overview_circuit_break>` for the cluster. 874 CircuitBreakers circuit_breakers = 10; 875 876 // HTTP protocol options that are applied only to upstream HTTP connections. 877 // These options apply to all HTTP versions. 878 // This has been deprecated in favor of 879 // :ref:`upstream_http_protocol_options <envoy_v3_api_field_extensions.upstreams.http.v3.HttpProtocolOptions.upstream_http_protocol_options>` 880 // in the :ref:`http_protocol_options <envoy_v3_api_msg_extensions.upstreams.http.v3.HttpProtocolOptions>` message. 881 // upstream_http_protocol_options can be set via the cluster's 882 // :ref:`extension_protocol_options<envoy_v3_api_field_config.cluster.v3.Cluster.typed_extension_protocol_options>`. 883 // See :ref:`upstream_http_protocol_options 884 // <envoy_v3_api_field_extensions.upstreams.http.v3.HttpProtocolOptions.upstream_http_protocol_options>` 885 // for example usage. 886 core.v3.UpstreamHttpProtocolOptions upstream_http_protocol_options = 46 887 [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; 888 889 // Additional options when handling HTTP requests upstream. These options will be applicable to 890 // both HTTP1 and HTTP2 requests. 891 // This has been deprecated in favor of 892 // :ref:`common_http_protocol_options <envoy_v3_api_field_extensions.upstreams.http.v3.HttpProtocolOptions.common_http_protocol_options>` 893 // in the :ref:`http_protocol_options <envoy_v3_api_msg_extensions.upstreams.http.v3.HttpProtocolOptions>` message. 894 // common_http_protocol_options can be set via the cluster's 895 // :ref:`extension_protocol_options<envoy_v3_api_field_config.cluster.v3.Cluster.typed_extension_protocol_options>`. 896 // See :ref:`upstream_http_protocol_options 897 // <envoy_v3_api_field_extensions.upstreams.http.v3.HttpProtocolOptions.upstream_http_protocol_options>` 898 // for example usage. 899 core.v3.HttpProtocolOptions common_http_protocol_options = 29 900 [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; 901 902 // Additional options when handling HTTP1 requests. 903 // This has been deprecated in favor of http_protocol_options fields in the 904 // :ref:`http_protocol_options <envoy_v3_api_msg_extensions.upstreams.http.v3.HttpProtocolOptions>` message. 905 // http_protocol_options can be set via the cluster's 906 // :ref:`extension_protocol_options<envoy_v3_api_field_config.cluster.v3.Cluster.typed_extension_protocol_options>`. 907 // See :ref:`upstream_http_protocol_options 908 // <envoy_v3_api_field_extensions.upstreams.http.v3.HttpProtocolOptions.upstream_http_protocol_options>` 909 // for example usage. 910 core.v3.Http1ProtocolOptions http_protocol_options = 13 911 [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; 912 913 // Even if default HTTP2 protocol options are desired, this field must be 914 // set so that Envoy will assume that the upstream supports HTTP/2 when 915 // making new HTTP connection pool connections. Currently, Envoy only 916 // supports prior knowledge for upstream connections. Even if TLS is used 917 // with ALPN, ``http2_protocol_options`` must be specified. As an aside this allows HTTP/2 918 // connections to happen over plain text. 919 // This has been deprecated in favor of http2_protocol_options fields in the 920 // :ref:`http_protocol_options <envoy_v3_api_msg_extensions.upstreams.http.v3.HttpProtocolOptions>` 921 // message. http2_protocol_options can be set via the cluster's 922 // :ref:`extension_protocol_options<envoy_v3_api_field_config.cluster.v3.Cluster.typed_extension_protocol_options>`. 923 // See :ref:`upstream_http_protocol_options 924 // <envoy_v3_api_field_extensions.upstreams.http.v3.HttpProtocolOptions.upstream_http_protocol_options>` 925 // for example usage. 926 core.v3.Http2ProtocolOptions http2_protocol_options = 14 [ 927 deprecated = true, 928 (udpa.annotations.security).configure_for_untrusted_upstream = true, 929 (envoy.annotations.deprecated_at_minor_version) = "3.0" 930 ]; 931 932 // The extension_protocol_options field is used to provide extension-specific protocol options 933 // for upstream connections. The key should match the extension filter name, such as 934 // "envoy.filters.network.thrift_proxy". See the extension's documentation for details on 935 // specific options. 936 // [#next-major-version: make this a list of typed extensions.] 937 map<string, google.protobuf.Any> typed_extension_protocol_options = 36; 938 939 // If the DNS refresh rate is specified and the cluster type is either 940 // :ref:`STRICT_DNS<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.STRICT_DNS>`, 941 // or :ref:`LOGICAL_DNS<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.LOGICAL_DNS>`, 942 // this value is used as the cluster’s DNS refresh 943 // rate. The value configured must be at least 1ms. If this setting is not specified, the 944 // value defaults to 5000ms. For cluster types other than 945 // :ref:`STRICT_DNS<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.STRICT_DNS>` 946 // and :ref:`LOGICAL_DNS<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.LOGICAL_DNS>` 947 // this setting is ignored. 948 google.protobuf.Duration dns_refresh_rate = 16 949 [(validate.rules).duration = {gt {nanos: 1000000}}]; 950 951 // If the DNS failure refresh rate is specified and the cluster type is either 952 // :ref:`STRICT_DNS<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.STRICT_DNS>`, 953 // or :ref:`LOGICAL_DNS<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.LOGICAL_DNS>`, 954 // this is used as the cluster’s DNS refresh rate when requests are failing. If this setting is 955 // not specified, the failure refresh rate defaults to the DNS refresh rate. For cluster types 956 // other than :ref:`STRICT_DNS<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.STRICT_DNS>` and 957 // :ref:`LOGICAL_DNS<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.LOGICAL_DNS>` this setting is 958 // ignored. 959 RefreshRate dns_failure_refresh_rate = 44; 960 961 // Optional configuration for setting cluster's DNS refresh rate. If the value is set to true, 962 // cluster's DNS refresh rate will be set to resource record's TTL which comes from DNS 963 // resolution. 964 bool respect_dns_ttl = 39; 965 966 // The DNS IP address resolution policy. If this setting is not specified, the 967 // value defaults to 968 // :ref:`AUTO<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DnsLookupFamily.AUTO>`. 969 DnsLookupFamily dns_lookup_family = 17 [(validate.rules).enum = {defined_only: true}]; 970 971 // If DNS resolvers are specified and the cluster type is either 972 // :ref:`STRICT_DNS<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.STRICT_DNS>`, 973 // or :ref:`LOGICAL_DNS<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.LOGICAL_DNS>`, 974 // this value is used to specify the cluster’s dns resolvers. 975 // If this setting is not specified, the value defaults to the default 976 // resolver, which uses /etc/resolv.conf for configuration. For cluster types 977 // other than 978 // :ref:`STRICT_DNS<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.STRICT_DNS>` 979 // and :ref:`LOGICAL_DNS<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.LOGICAL_DNS>` 980 // this setting is ignored. 981 // This field is deprecated in favor of ``dns_resolution_config`` 982 // which aggregates all of the DNS resolver configuration in a single message. 983 repeated core.v3.Address dns_resolvers = 18 984 [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; 985 986 // Always use TCP queries instead of UDP queries for DNS lookups. 987 // This field is deprecated in favor of ``dns_resolution_config`` 988 // which aggregates all of the DNS resolver configuration in a single message. 989 bool use_tcp_for_dns_lookups = 45 990 [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; 991 992 // DNS resolution configuration which includes the underlying dns resolver addresses and options. 993 // This field is deprecated in favor of 994 // :ref:`typed_dns_resolver_config <envoy_v3_api_field_config.cluster.v3.Cluster.typed_dns_resolver_config>`. 995 core.v3.DnsResolutionConfig dns_resolution_config = 53 996 [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; 997 998 // DNS resolver type configuration extension. This extension can be used to configure c-ares, apple, 999 // or any other DNS resolver types and the related parameters. 1000 // For example, an object of 1001 // :ref:`CaresDnsResolverConfig <envoy_v3_api_msg_extensions.network.dns_resolver.cares.v3.CaresDnsResolverConfig>` 1002 // can be packed into this ``typed_dns_resolver_config``. This configuration replaces the 1003 // :ref:`dns_resolution_config <envoy_v3_api_field_config.cluster.v3.Cluster.dns_resolution_config>` 1004 // configuration. 1005 // During the transition period when both ``dns_resolution_config`` and ``typed_dns_resolver_config`` exists, 1006 // when ``typed_dns_resolver_config`` is in place, Envoy will use it and ignore ``dns_resolution_config``. 1007 // When ``typed_dns_resolver_config`` is missing, the default behavior is in place. 1008 // [#extension-category: envoy.network.dns_resolver] 1009 core.v3.TypedExtensionConfig typed_dns_resolver_config = 55; 1010 1011 // Optional configuration for having cluster readiness block on warm-up. Currently, only applicable for 1012 // :ref:`STRICT_DNS<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.STRICT_DNS>`, 1013 // or :ref:`LOGICAL_DNS<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.LOGICAL_DNS>`, 1014 // or :ref:`Redis Cluster<arch_overview_redis>`. 1015 // If true, cluster readiness blocks on warm-up. If false, the cluster will complete 1016 // initialization whether or not warm-up has completed. Defaults to true. 1017 google.protobuf.BoolValue wait_for_warm_on_init = 54; 1018 1019 // If specified, outlier detection will be enabled for this upstream cluster. 1020 // Each of the configuration values can be overridden via 1021 // :ref:`runtime values <config_cluster_manager_cluster_runtime_outlier_detection>`. 1022 OutlierDetection outlier_detection = 19; 1023 1024 // The interval for removing stale hosts from a cluster type 1025 // :ref:`ORIGINAL_DST<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.ORIGINAL_DST>`. 1026 // Hosts are considered stale if they have not been used 1027 // as upstream destinations during this interval. New hosts are added 1028 // to original destination clusters on demand as new connections are 1029 // redirected to Envoy, causing the number of hosts in the cluster to 1030 // grow over time. Hosts that are not stale (they are actively used as 1031 // destinations) are kept in the cluster, which allows connections to 1032 // them remain open, saving the latency that would otherwise be spent 1033 // on opening new connections. If this setting is not specified, the 1034 // value defaults to 5000ms. For cluster types other than 1035 // :ref:`ORIGINAL_DST<envoy_v3_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.ORIGINAL_DST>` 1036 // this setting is ignored. 1037 google.protobuf.Duration cleanup_interval = 20 [(validate.rules).duration = {gt {}}]; 1038 1039 // Optional configuration used to bind newly established upstream connections. 1040 // This overrides any bind_config specified in the bootstrap proto. 1041 // If the address and port are empty, no bind will be performed. 1042 core.v3.BindConfig upstream_bind_config = 21; 1043 1044 // Configuration for load balancing subsetting. 1045 LbSubsetConfig lb_subset_config = 22; 1046 1047 // Optional configuration for the load balancing algorithm selected by 1048 // LbPolicy. Currently only 1049 // :ref:`RING_HASH<envoy_v3_api_enum_value_config.cluster.v3.Cluster.LbPolicy.RING_HASH>`, 1050 // :ref:`MAGLEV<envoy_v3_api_enum_value_config.cluster.v3.Cluster.LbPolicy.MAGLEV>` and 1051 // :ref:`LEAST_REQUEST<envoy_v3_api_enum_value_config.cluster.v3.Cluster.LbPolicy.LEAST_REQUEST>` 1052 // has additional configuration options. 1053 // Specifying ring_hash_lb_config or maglev_lb_config or least_request_lb_config without setting the corresponding 1054 // LbPolicy will generate an error at runtime. 1055 oneof lb_config { 1056 // Optional configuration for the Ring Hash load balancing policy. 1057 RingHashLbConfig ring_hash_lb_config = 23; 1058 1059 // Optional configuration for the Maglev load balancing policy. 1060 MaglevLbConfig maglev_lb_config = 52; 1061 1062 // Optional configuration for the Original Destination load balancing policy. 1063 OriginalDstLbConfig original_dst_lb_config = 34; 1064 1065 // Optional configuration for the LeastRequest load balancing policy. 1066 LeastRequestLbConfig least_request_lb_config = 37; 1067 1068 // Optional configuration for the RoundRobin load balancing policy. 1069 RoundRobinLbConfig round_robin_lb_config = 56; 1070 } 1071 1072 // Common configuration for all load balancer implementations. 1073 CommonLbConfig common_lb_config = 27; 1074 1075 // Optional custom transport socket implementation to use for upstream connections. 1076 // To setup TLS, set a transport socket with name ``envoy.transport_sockets.tls`` and 1077 // :ref:`UpstreamTlsContexts <envoy_v3_api_msg_extensions.transport_sockets.tls.v3.UpstreamTlsContext>` in the ``typed_config``. 1078 // If no transport socket configuration is specified, new connections 1079 // will be set up with plaintext. 1080 core.v3.TransportSocket transport_socket = 24; 1081 1082 // The Metadata field can be used to provide additional information about the 1083 // cluster. It can be used for stats, logging, and varying filter behavior. 1084 // Fields should use reverse DNS notation to denote which entity within Envoy 1085 // will need the information. For instance, if the metadata is intended for 1086 // the Router filter, the filter name should be specified as ``envoy.filters.http.router``. 1087 core.v3.Metadata metadata = 25; 1088 1089 // Determines how Envoy selects the protocol used to speak to upstream hosts. 1090 // This has been deprecated in favor of setting explicit protocol selection 1091 // in the :ref:`http_protocol_options 1092 // <envoy_v3_api_msg_extensions.upstreams.http.v3.HttpProtocolOptions>` message. 1093 // http_protocol_options can be set via the cluster's 1094 // :ref:`extension_protocol_options<envoy_v3_api_field_config.cluster.v3.Cluster.typed_extension_protocol_options>`. 1095 ClusterProtocolSelection protocol_selection = 26 1096 [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; 1097 1098 // Optional options for upstream connections. 1099 UpstreamConnectionOptions upstream_connection_options = 30; 1100 1101 // If an upstream host becomes unhealthy (as determined by the configured health checks 1102 // or outlier detection), immediately close all connections to the failed host. 1103 // 1104 // .. note:: 1105 // 1106 // This is currently only supported for connections created by tcp_proxy. 1107 // 1108 // .. note:: 1109 // 1110 // The current implementation of this feature closes all connections immediately when 1111 // the unhealthy status is detected. If there are a large number of connections open 1112 // to an upstream host that becomes unhealthy, Envoy may spend a substantial amount of 1113 // time exclusively closing these connections, and not processing any other traffic. 1114 bool close_connections_on_host_health_failure = 31; 1115 1116 // If set to true, Envoy will ignore the health value of a host when processing its removal 1117 // from service discovery. This means that if active health checking is used, Envoy will *not* 1118 // wait for the endpoint to go unhealthy before removing it. 1119 bool ignore_health_on_host_removal = 32; 1120 1121 // An (optional) network filter chain, listed in the order the filters should be applied. 1122 // The chain will be applied to all outgoing connections that Envoy makes to the upstream 1123 // servers of this cluster. 1124 repeated Filter filters = 40; 1125 1126 // If this field is set and is supported by the client, it will supersede the value of 1127 // :ref:`lb_policy<envoy_v3_api_field_config.cluster.v3.Cluster.lb_policy>`. 1128 LoadBalancingPolicy load_balancing_policy = 41; 1129 1130 // [#not-implemented-hide:] 1131 // If present, tells the client where to send load reports via LRS. If not present, the 1132 // client will fall back to a client-side default, which may be either (a) don't send any 1133 // load reports or (b) send load reports for all clusters to a single default server 1134 // (which may be configured in the bootstrap file). 1135 // 1136 // Note that if multiple clusters point to the same LRS server, the client may choose to 1137 // create a separate stream for each cluster or it may choose to coalesce the data for 1138 // multiple clusters onto a single stream. Either way, the client must make sure to send 1139 // the data for any given cluster on no more than one stream. 1140 // 1141 // [#next-major-version: In the v3 API, we should consider restructuring this somehow, 1142 // maybe by allowing LRS to go on the ADS stream, or maybe by moving some of the negotiation 1143 // from the LRS stream here.] 1144 core.v3.ConfigSource lrs_server = 42; 1145 1146 // If track_timeout_budgets is true, the :ref:`timeout budget histograms 1147 // <config_cluster_manager_cluster_stats_timeout_budgets>` will be published for each 1148 // request. These show what percentage of a request's per try and global timeout was used. A value 1149 // of 0 would indicate that none of the timeout was used or that the timeout was infinite. A value 1150 // of 100 would indicate that the request took the entirety of the timeout given to it. 1151 // 1152 // .. attention:: 1153 // 1154 // This field has been deprecated in favor of ``timeout_budgets``, part of 1155 // :ref:`track_cluster_stats <envoy_v3_api_field_config.cluster.v3.Cluster.track_cluster_stats>`. 1156 bool track_timeout_budgets = 47 1157 [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"]; 1158 1159 // Optional customization and configuration of upstream connection pool, and upstream type. 1160 // 1161 // Currently this field only applies for HTTP traffic but is designed for eventual use for custom 1162 // TCP upstreams. 1163 // 1164 // For HTTP traffic, Envoy will generally take downstream HTTP and send it upstream as upstream 1165 // HTTP, using the http connection pool and the codec from ``http2_protocol_options`` 1166 // 1167 // For routes where CONNECT termination is configured, Envoy will take downstream CONNECT 1168 // requests and forward the CONNECT payload upstream over raw TCP using the tcp connection pool. 1169 // 1170 // The default pool used is the generic connection pool which creates the HTTP upstream for most 1171 // HTTP requests, and the TCP upstream if CONNECT termination is configured. 1172 // 1173 // If users desire custom connection pool or upstream behavior, for example terminating 1174 // CONNECT only if a custom filter indicates it is appropriate, the custom factories 1175 // can be registered and configured here. 1176 // [#extension-category: envoy.upstreams] 1177 core.v3.TypedExtensionConfig upstream_config = 48; 1178 1179 // Configuration to track optional cluster stats. 1180 TrackClusterStats track_cluster_stats = 49; 1181 1182 // Preconnect configuration for this cluster. 1183 PreconnectPolicy preconnect_policy = 50; 1184 1185 // If ``connection_pool_per_downstream_connection`` is true, the cluster will use a separate 1186 // connection pool for every downstream connection 1187 bool connection_pool_per_downstream_connection = 51; 1188} 1189 1190// Extensible load balancing policy configuration. 1191// 1192// Every LB policy defined via this mechanism will be identified via a unique name using reverse 1193// DNS notation. If the policy needs configuration parameters, it must define a message for its 1194// own configuration, which will be stored in the config field. The name of the policy will tell 1195// clients which type of message they should expect to see in the config field. 1196// 1197// Note that there are cases where it is useful to be able to independently select LB policies 1198// for choosing a locality and for choosing an endpoint within that locality. For example, a 1199// given deployment may always use the same policy to choose the locality, but for choosing the 1200// endpoint within the locality, some clusters may use weighted-round-robin, while others may 1201// use some sort of session-based balancing. 1202// 1203// This can be accomplished via hierarchical LB policies, where the parent LB policy creates a 1204// child LB policy for each locality. For each request, the parent chooses the locality and then 1205// delegates to the child policy for that locality to choose the endpoint within the locality. 1206// 1207// To facilitate this, the config message for the top-level LB policy may include a field of 1208// type LoadBalancingPolicy that specifies the child policy. 1209message LoadBalancingPolicy { 1210 option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.LoadBalancingPolicy"; 1211 1212 message Policy { 1213 option (udpa.annotations.versioning).previous_message_type = 1214 "envoy.api.v2.LoadBalancingPolicy.Policy"; 1215 1216 reserved 2, 1, 3; 1217 1218 reserved "config", "name", "typed_config"; 1219 1220 // [#extension-category: envoy.load_balancing_policies] 1221 core.v3.TypedExtensionConfig typed_extension_config = 4; 1222 } 1223 1224 // Each client will iterate over the list in order and stop at the first policy that it 1225 // supports. This provides a mechanism for starting to use new LB policies that are not yet 1226 // supported by all clients. 1227 repeated Policy policies = 1; 1228} 1229 1230message UpstreamConnectionOptions { 1231 option (udpa.annotations.versioning).previous_message_type = 1232 "envoy.api.v2.UpstreamConnectionOptions"; 1233 1234 // If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. 1235 core.v3.TcpKeepalive tcp_keepalive = 1; 1236 1237 // If enabled, associates the interface name of the local address with the upstream connection. 1238 // This can be used by extensions during processing of requests. The association mechanism is 1239 // implementation specific. Defaults to false due to performance concerns. 1240 bool set_local_interface_name_on_upstream_connections = 2; 1241} 1242 1243message TrackClusterStats { 1244 // If timeout_budgets is true, the :ref:`timeout budget histograms 1245 // <config_cluster_manager_cluster_stats_timeout_budgets>` will be published for each 1246 // request. These show what percentage of a request's per try and global timeout was used. A value 1247 // of 0 would indicate that none of the timeout was used or that the timeout was infinite. A value 1248 // of 100 would indicate that the request took the entirety of the timeout given to it. 1249 bool timeout_budgets = 1; 1250 1251 // If request_response_sizes is true, then the :ref:`histograms 1252 // <config_cluster_manager_cluster_stats_request_response_sizes>` tracking header and body sizes 1253 // of requests and responses will be published. 1254 bool request_response_sizes = 2; 1255} 1256