- gRPC services
- core.GrpcService
- core.GrpcService.EnvoyGrpc
- core.GrpcService.GoogleGrpc
- core.GrpcService.GoogleGrpc.SslCredentials
- core.GrpcService.GoogleGrpc.GoogleLocalCredentials
- core.GrpcService.GoogleGrpc.ChannelCredentials
- core.GrpcService.GoogleGrpc.CallCredentials
- core.GrpcService.GoogleGrpc.CallCredentials.ServiceAccountJWTAccessCredentials
- core.GrpcService.GoogleGrpc.CallCredentials.GoogleIAMCredentials
- core.GrpcService.GoogleGrpc.CallCredentials.MetadataCredentialsFromPlugin
gRPC services
core.GrpcService
gRPC service configuration. This is used by ApiConfigSource and filter configurations.
{
"envoy_grpc": "{...}",
"google_grpc": "{...}",
"timeout": "{...}",
"initial_metadata": []
}
envoy_grpc
(core.GrpcService.EnvoyGrpc) Envoy’s in-built gRPC client. See the gRPC services overview documentation for discussion on gRPC client selection.
Precisely one of envoy_grpc, google_grpc must be set.
google_grpc
(core.GrpcService.GoogleGrpc) Google C++ gRPC client See the gRPC services overview documentation for discussion on gRPC client selection.
Precisely one of envoy_grpc, google_grpc must be set.
timeout
(Duration) The timeout for the gRPC request. This is the timeout for a specific request.
initial_metadata
(core.HeaderValue) Additional metadata to include in streams initiated to the GrpcService. This can be used for scenarios in which additional ad hoc authorization headers (e.g. x-foo-bar: baz-key) are to be injected.
core.GrpcService.EnvoyGrpc
[core.GrpcService.EnvoyGrpc proto]
{
"cluster_name": "..."
}
cluster_name
(string, REQUIRED) The name of the upstream gRPC cluster. SSL credentials will be supplied in the Cluster tls_context.
core.GrpcService.GoogleGrpc
[core.GrpcService.GoogleGrpc proto]
Warning
This message type has draft status.
{
"target_uri": "...",
"channel_credentials": "{...}",
"call_credentials": [],
"stat_prefix": "...",
"credentials_factory_name": "...",
"config": "{...}"
}
target_uri
(string, REQUIRED) The target URI when using the Google C++ gRPC client. SSL credentials will be supplied in channel_credentials.
channel_credentials
(core.GrpcService.GoogleGrpc.ChannelCredentials)
call_credentials
(core.GrpcService.GoogleGrpc.CallCredentials) A set of call credentials that can be composed with channel credentials.
stat_prefix
(string, REQUIRED) The human readable prefix to use when emitting statistics for the gRPC service.
Name | Type | Description |
---|---|---|
streamstotal | Counter | Total number of streams opened |
streams_closed<gRPC status code> | Counter | Total streams closed with <gRPC status code> |
credentials_factory_name
(string) The name of the Google gRPC credentials factory to use. This must have been registered with Envoy. If this is empty, a default credentials factory will be used that sets up channel credentials based on other configuration parameters.
config
(Struct) Additional configuration for site-specific customizations of the Google gRPC library.
core.GrpcService.GoogleGrpc.SslCredentials
[core.GrpcService.GoogleGrpc.SslCredentials proto]
See https://grpc.io/grpc/cpp/structgrpc_1_1_ssl_credentials_options.html.
{
"root_certs": "{...}",
"private_key": "{...}",
"cert_chain": "{...}"
}
root_certs
(core.DataSource) PEM encoded server root certificates.
private_key
(core.DataSource) PEM encoded client private key.
cert_chain
(core.DataSource) PEM encoded client certificate chain.
core.GrpcService.GoogleGrpc.GoogleLocalCredentials
[core.GrpcService.GoogleGrpc.GoogleLocalCredentials proto]
Local channel credentials. Only UDS is supported for now. See https://github.com/grpc/grpc/pull/15909.
{}
core.GrpcService.GoogleGrpc.ChannelCredentials
[core.GrpcService.GoogleGrpc.ChannelCredentials proto]
See https://grpc.io/docs/guides/auth.html#credential-types to understand Channel and Call credential types.
{
"ssl_credentials": "{...}",
"google_default": "{...}",
"local_credentials": "{...}"
}
ssl_credentials
(core.GrpcService.GoogleGrpc.SslCredentials)
Precisely one of ssl_credentials, google_default, local_credentials must be set.
google_default
(Empty) https://grpc.io/grpc/cpp/namespacegrpc.html#a6beb3ac70ff94bd2ebbd89b8f21d1f61
Precisely one of ssl_credentials, google_default, local_credentials must be set.
local_credentials
(core.GrpcService.GoogleGrpc.GoogleLocalCredentials)
Precisely one of ssl_credentials, google_default, local_credentials must be set.
core.GrpcService.GoogleGrpc.CallCredentials
[core.GrpcService.GoogleGrpc.CallCredentials proto]
{
"access_token": "...",
"google_compute_engine": "{...}",
"google_refresh_token": "...",
"service_account_jwt_access": "{...}",
"google_iam": "{...}",
"from_plugin": "{...}"
}
access_token
(string) Access token credentials. https://grpc.io/grpc/cpp/namespacegrpc.html#ad3a80da696ffdaea943f0f858d7a360d.
Precisely one of access_token, google_compute_engine, google_refresh_token, service_account_jwt_access, google_iam, from_plugin must be set.
google_compute_engine
(Empty) Google Compute Engine credentials. https://grpc.io/grpc/cpp/namespacegrpc.html#a6beb3ac70ff94bd2ebbd89b8f21d1f61
Precisely one of access_token, google_compute_engine, google_refresh_token, service_account_jwt_access, google_iam, from_plugin must be set.
google_refresh_token
(string) Google refresh token credentials. https://grpc.io/grpc/cpp/namespacegrpc.html#a96901c997b91bc6513b08491e0dca37c.
Precisely one of access_token, google_compute_engine, google_refresh_token, service_account_jwt_access, google_iam, from_plugin must be set.
service_account_jwt_access
(core.GrpcService.GoogleGrpc.CallCredentials.ServiceAccountJWTAccessCredentials) Service Account JWT Access credentials. https://grpc.io/grpc/cpp/namespacegrpc.html#a92a9f959d6102461f66ee973d8e9d3aa.
Precisely one of access_token, google_compute_engine, google_refresh_token, service_account_jwt_access, google_iam, from_plugin must be set.
google_iam
(core.GrpcService.GoogleGrpc.CallCredentials.GoogleIAMCredentials) Google IAM credentials. https://grpc.io/grpc/cpp/namespacegrpc.html#a9fc1fc101b41e680d47028166e76f9d0.
Precisely one of access_token, google_compute_engine, google_refresh_token, service_account_jwt_access, google_iam, from_plugin must be set.
from_plugin
(core.GrpcService.GoogleGrpc.CallCredentials.MetadataCredentialsFromPlugin) Custom authenticator credentials. https://grpc.io/grpc/cpp/namespacegrpc.html#a823c6a4b19ffc71fb33e90154ee2ad07. https://grpc.io/docs/guides/auth.html#extending-grpc-to-support-other-authentication-mechanisms.
Precisely one of access_token, google_compute_engine, google_refresh_token, service_account_jwt_access, google_iam, from_plugin must be set.
core.GrpcService.GoogleGrpc.CallCredentials.ServiceAccountJWTAccessCredentials
[core.GrpcService.GoogleGrpc.CallCredentials.ServiceAccountJWTAccessCredentials proto]
{
"json_key": "...",
"token_lifetime_seconds": "..."
}
json_key
(string)
token_lifetime_seconds
(uint64)
core.GrpcService.GoogleGrpc.CallCredentials.GoogleIAMCredentials
[core.GrpcService.GoogleGrpc.CallCredentials.GoogleIAMCredentials proto]
{
"authorization_token": "...",
"authority_selector": "..."
}
authorization_token
(string)
authority_selector
(string)
core.GrpcService.GoogleGrpc.CallCredentials.MetadataCredentialsFromPlugin
[core.GrpcService.GoogleGrpc.CallCredentials.MetadataCredentialsFromPlugin proto]
{
"name": "...",
"config": "{...}",
"typed_config": "{...}"
}
name
(string)
config
(Struct)
Only one of config, typed_config may be set.
typed_config
(Any)
Only one of config, typed_config may be set.