-
Notifications
You must be signed in to change notification settings - Fork 362
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
api: ext-proc attributes #4747
api: ext-proc attributes #4747
Conversation
Signed-off-by: Guy Daich <[email protected]>
Signed-off-by: Guy Daich <[email protected]>
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #4747 +/- ##
=======================================
Coverage 65.60% 65.60%
=======================================
Files 211 211
Lines 31961 31989 +28
=======================================
+ Hits 20968 20987 +19
- Misses 9753 9762 +9
Partials 1240 1240 ☔ View full report in Codecov by Sentry. |
// MetadataOptions defines options related to the sending and receiving of dynamic metadata. | ||
// These options define which metadata namespaces would be sent to the processor and which dynamic metadata | ||
// namespaces the processor would be permitted to emit metadata to. | ||
// Users can specify custom namespaces or well-known envoy metadata namespace (such as envoy.filters.http.ext_authz) | ||
// documented here: https://www.envoyproxy.io/docs/envoy/latest/configuration/advanced/well_known_dynamic_metadata#well-known-dynamic-metadata | ||
// Default: no metadata context is sent or received from the external processor | ||
// | ||
// +optional | ||
MetadataOptions *ExtProcMetadataOptions `json:"metadataOptions,omitempty"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 on this
@guydc Can we add a short description to the release note? Or you pland to modify the release not in the implementation PR? |
Signed-off-by: Guy Daich <[email protected]>
Signed-off-by: Guy Daich <[email protected]>
added |
* use Cluster_V4_PREFERRED Signed-off-by: zirain <[email protected]> * release notes Signed-off-by: zirain <[email protected]> --------- Signed-off-by: zirain <[email protected]>
* [docs] Add Teleport as an Adopter Signed-off-by: Arko Dasgupta <[email protected]> * Update site/data/adopters.yaml Co-authored-by: David Boslee <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> --------- Signed-off-by: Arko Dasgupta <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> Co-authored-by: David Boslee <[email protected]>
Signed-off-by: bitliu <[email protected]>
…gh Pod churn (envoyproxy#4754) * Revert "fix: some status updates are discarded by the status updater (envoyproxy#4337)" This reverts commit 14830c7. Signed-off-by: Huabing Zhao <[email protected]> * store update events and process it later Signed-off-by: Huabing Zhao <[email protected]> * rename method Signed-off-by: Huabing Zhao <[email protected]> * add release note Signed-off-by: Huabing Zhao <[email protected]> --------- Signed-off-by: Huabing Zhao <[email protected]>
Signed-off-by: bitliu <[email protected]>
Signed-off-by: Guy Daich <[email protected]>
7e1b44c
to
4d2d71e
Compare
closed in favor of: #4794 |
What type of PR is this?
Following the discussion at KubeCon NA : https://docs.google.com/document/d/1PS5xLA0IDbj6McHIXXhShn51Zq37WvuistaidBPeHoE/edit?tab=t.0
Scope and Motivation
This API will allow users to define which attributes are sent to the external processor as context for requests/responses.
Attributes provide HTTP extensions with additional context (e.g. TCP, TLS and XDS attributes) that can be relevant inputs for the extension logic.
Comparison to other extension options
Many Envoy extensions are inherently capable of interaction with context attributes:
For out-of-process extensions like ext-proc, Envoy must be explicitly configured to allow access to attributes and and define the scope of access. With the increase in ext-proc use cases, such as the llm-instance-gateway, envoy-ai-gateway and externally-deployed WAFs, there is a greater need to provide Connection/Stream context.
Security Considerations
Most attributes are scoped to the current connection or stream by their prefix (
connection.*
,request.*
,response.*
), with the exception ofxds.*
attributes such asxds.listener_metadata
,xds.upstream_host_metadata
,xds.node
and generic metadata and filter state access attributes.Related Work
Untyped
metadata support in ExtProc #4160Release Notes: Yes