This project is in the process of being donated to the CNCF and is not affiliated with the Kubernetes project.
API
dynamic_forward_proxy.proto

dynamic_forward_proxy.proto

Package: dfp.options.gloo.solo.io Types:

Enums:

- [DnsLookupFamily](#dnslookupfamily)

Source File: github.com/solo-io/gloo/projects/gloo/api/v1/options/dynamic_forward_proxy/dynamic_forward_proxy.proto


FilterConfig

Configuration for the dynamic forward proxy HTTP filter. See the architecture overview for more information. [#extension: envoy.filters.http.dynamic_forward_proxy]

"dnsCacheConfig": .dfp.options.gloo.solo.io.DnsCacheConfig
"saveUpstreamAddress": bool
"sslConfig": .gloo.solo.io.UpstreamSslConfig
Field Type Description
dnsCacheConfig .dfp.options.gloo.solo.io.DnsCacheConfig The DNS cache configuration that the filter will attach to. Note this configuration must match that of associated dynamic forward proxy cluster configuration.
saveUpstreamAddress bool When this flag is set, the filter will add the resolved upstream address in the filter state. The state should be saved with key envoy.stream.upstream_address (See :repo:upstream_address.h<source/common/stream_info/upstream_address.h>).
sslConfig .gloo.solo.io.UpstreamSslConfig If provided, the autogenerated dynamic forward proxy cluster will use TLS when connecting to upstream hosts and verify the certificate chain.

DnsCacheCircuitBreakers

Configuration of circuit breakers for resolver.

"maxPendingRequests": .google.protobuf.UInt32Value
Field Type Description
maxPendingRequests .google.protobuf.UInt32Value The maximum number of pending requests that Envoy will allow to the resolver. If not specified, the default is 1024.

DnsCacheConfig

Configuration for the dynamic forward proxy DNS cache. See the architecture overview for more information.

"dnsLookupFamily": .dfp.options.gloo.solo.io.DnsLookupFamily
"dnsRefreshRate": .google.protobuf.Duration
"hostTtl": .google.protobuf.Duration
"maxHosts": .google.protobuf.UInt32Value
"dnsFailureRefreshRate": .dfp.options.gloo.solo.io.RefreshRate
"dnsCacheCircuitBreaker": .dfp.options.gloo.solo.io.DnsCacheCircuitBreakers
"caresDns": .dfp.options.gloo.solo.io.CaresDnsResolverConfig
"appleDns": .dfp.options.gloo.solo.io.AppleDnsResolverConfig
"preresolveHostnames": []solo.io.envoy.config.core.v3.SocketAddress
"dnsQueryTimeout": .google.protobuf.Duration
Field Type Description
dnsLookupFamily .dfp.options.gloo.solo.io.DnsLookupFamily The DNS lookup family to use during resolution. [#comment:TODO(mattklein123): Figure out how to support IPv4/IPv6 “happy eyeballs” mode. The way this might work is a new lookup family which returns both IPv4 and IPv6 addresses, and then configures a host to have a primary and fall back address. With this, we could very likely build a “happy eyeballs” connection pool which would race the primary / fall back address and return the one that wins. This same method could potentially also be used for QUIC to TCP fall back.].
dnsRefreshRate .google.protobuf.Duration The DNS refresh rate for unresolved DNS hosts. If not specified defaults to 60s. The refresh rate is rounded to the closest millisecond, and must be at least 1ms. Once a host has been resolved, the refresh rate will be the DNS TTL, capped at a minimum of 5s.
hostTtl .google.protobuf.Duration The TTL for hosts that are unused. Hosts that have not been used in the configured time interval will be purged. If not specified defaults to 5m. Note: The TTL is only checked at the time of DNS refresh, as specified by dns_refresh_rate. This means that if the configured TTL is shorter than the refresh rate the host may not be removed immediately. Note: The TTL has no relation to DNS TTL and is only used to control Envoy’s resource usage.
maxHosts .google.protobuf.UInt32Value The maximum number of hosts that the cache will hold. If not specified defaults to 1024. Note: The implementation is approximate and enforced independently on each worker thread, thus it is possible for the maximum hosts in the cache to go slightly above the configured value depending on timing. This is similar to how other circuit breakers work.
dnsFailureRefreshRate .dfp.options.gloo.solo.io.RefreshRate If the DNS failure refresh rate is specified, this is used as the cache’s DNS refresh rate when DNS requests are failing. If this setting is not specified, the failure refresh rate defaults to the dns_refresh_rate.
dnsCacheCircuitBreaker .dfp.options.gloo.solo.io.DnsCacheCircuitBreakers The config of circuit breakers for resolver. It provides a configurable threshold. Envoy will use dns cache circuit breakers with default settings even if this value is not set.
caresDns .dfp.options.gloo.solo.io.CaresDnsResolverConfig Only one of caresDns or appleDns can be set.
appleDns .dfp.options.gloo.solo.io.AppleDnsResolverConfig Only one of appleDns or caresDns can be set.
preresolveHostnames []solo.io.envoy.config.core.v3.SocketAddress Hostnames that should be preresolved into the cache upon creation. This might provide a performance improvement, in the form of cache hits, for hostnames that are going to be resolved during steady state and are known at config load time.
dnsQueryTimeout .google.protobuf.Duration The timeout used for DNS queries. This timeout is independent of any timeout and retry policy used by the underlying DNS implementation (e.g., c-areas and Apple DNS) which are opaque. Setting this timeout will ensure that queries succeed or fail within the specified time frame and are then retried using the standard refresh rates. Defaults to 5s if not set.

RefreshRate

"baseInterval": .google.protobuf.Duration
"maxInterval": .google.protobuf.Duration
Field Type Description
baseInterval .google.protobuf.Duration Specifies the base interval between refreshes. This parameter is required and must be greater than 1ms and less than max_interval.
maxInterval .google.protobuf.Duration Specifies the maximum interval between refreshes. This parameter is optional, but must be greater than or equal to the base_interval if set. The default is 10 times the base_interval.

PerRouteConfig

Per route Configuration for the dynamic forward proxy HTTP filter.

"hostRewrite": string
"autoHostRewriteHeader": string
Field Type Description
hostRewrite string Indicates that before DNS lookup, the host header will be swapped with this value. If not set or empty, the original host header value will be used and no rewrite will happen. Note: this rewrite affects both DNS lookup and host header forwarding. However, this option shouldn’t be used with HCM host rewrite given that the value set here would be used for DNS lookups whereas the value set in the HCM would be used for host header forwarding which is not the desired outcome. Only one of hostRewrite or autoHostRewriteHeader can be set.
autoHostRewriteHeader string Indicates that before DNS lookup, the host header will be swapped with the value of this header. If not set or empty, the original host header value will be used and no rewrite will happen. Note: this rewrite affects both DNS lookup and host header forwarding. However, this option shouldn’t be used with HCM host rewrite header given that the value set here would be used for DNS lookups whereas the value set in the HCM would be used for host header forwarding which is not the desired outcome. Note: If the header appears multiple times only the first value is used. Only one of autoHostRewriteHeader or hostRewrite can be set.

DnsResolverOptions

Configuration of DNS resolver option flags which control the behavior of the DNS resolver.

"useTcpForDnsLookups": bool
"noDefaultSearchDomain": bool
Field Type Description
useTcpForDnsLookups bool Use TCP for all DNS queries instead of the default protocol UDP.
noDefaultSearchDomain bool Do not use the default search domains; only query hostnames as-is or as aliases.

CaresDnsResolverConfig

Configuration for c-ares DNS resolver.

"resolvers": []solo.io.envoy.config.core.v3.Address
"dnsResolverOptions": .dfp.options.gloo.solo.io.DnsResolverOptions
Field Type Description
resolvers []solo.io.envoy.config.core.v3.Address A list of dns resolver addresses. use_resolvers_as_fallbackbelow dictates if the DNS client should override system defaults or only use the provided resolvers if the system defaults are not available, i.e., as a fallback.
dnsResolverOptions .dfp.options.gloo.solo.io.DnsResolverOptions Configuration of DNS resolver option flags which control the behavior of the DNS resolver.

AppleDnsResolverConfig

Configuration for apple DNS resolver.

Field Type Description

DnsLookupFamily

Description: When V4_ONLY is selected, the DNS resolver will only perform a lookup for addresses in the IPv4 family. If V6_ONLY is selected, the DNS resolver will only perform a lookup for addresses in the IPv6 family. If AUTO is specified, the DNS resolver will first perform a lookup for addresses in the IPv6 family and fallback to a lookup for addresses in the IPv4 family. This is semantically equivalent to a non-existent V6_PREFERRED option. AUTO is a legacy name that is more opaque than necessary and will be deprecated in favor of V6_PREFERRED in a future major version of the API. If V4_PREFERRED is specified, the DNS resolver will first perform a lookup for addresses in the IPv4 family and fallback to a lookup for addresses in the IPv6 family. i.e., the callback target will only get v6 addresses if there were NO v4 addresses to return. If ALL is specified, the DNS resolver will perform a lookup for both IPv4 and IPv6 families, and return all resolved addresses. For cluster types other than STRICT_DNS and LOGICAL_DNS. this setting is ignored. [#next-major-version: deprecate AUTO in favor of a V6_PREFERRED option.]

Name Description
V4_PREFERRED
V4_ONLY
V6_ONLY
AUTO
ALL