Navigation :
Getting Started
What is Gloo Gateway?
Setup
Guides
Operations
Reference
-
Open Source Attribution
-
API Reference
-- address.proto
-- address.proto
-- advanced_http.proto
-- advanced_http.proto
-- ai.proto
-- als.proto
-- annotations.proto
-- any.proto
-- api.proto
-- apple_dns_resolver.proto
-- artifact.proto
-- authority.proto
-- aws.proto
-- aws_ec2.proto
-- azure.proto
-- backoff.proto
-- base.proto
-- base.proto
-- buffer.proto
-- caching.proto
-- cares_dns_resolver.proto
-- cidr.proto
-- cipher_detection_input.proto
-- circuit_breaker.proto
-- cluster.proto
-- config.proto
-- config.proto
-- connection.proto
-- connection_limit.proto
-- consul.proto
-- context_params.proto
-- core.proto
-- cors.proto
-- csrf.proto
-- custom_tag.proto
-- datadog.proto
-- deprecation.proto
-- descriptor.proto
-- discovery.proto
-- dlp.proto
-- domain.proto
-- duration.proto
-- dynamic_forward_proxy.proto
-- empty.proto
-- endpoint.proto
-- envoy.glooe.solo.io.project
-- envoy_glooe_solo_io.project
-- event_service_config.proto
-- ext.proto
-- extauth.proto
-- extension.proto
-- extension.proto
-- extensions.proto
-- external_options.proto
-- external_processor.proto
-- extproc.proto
-- failover.proto
-- failover.proto
-- fault.proto
-- field_mask.proto
-- filter.proto
-- gateway.proto
-- gateway.solo.io.project
-- gateway_solo_io.project
-- gcp.proto
-- gloo.solo.io.project
-- gloo_solo_io.project
-- gloo_validation.proto
-- glooe.solo.io.project
-- glooe_solo_io.project
-- graphql.proto
-- graphql.proto
-- graphql.proto
-- grpc.proto
-- grpc_json.proto
-- grpc_output_sink.proto
-- grpc_service.proto
-- grpc_web.proto
-- gzip.proto
-- hcm.proto
-- header_validation.proto
-- headers.proto
-- health_check.proto
-- health_check.proto
-- healthcheck.proto
-- http.proto
-- http.proto
-- http_gateway.proto
-- http_inputs.proto
-- http_output_sink.proto
-- http_path.proto
-- http_status.proto
-- http_uri.proto
-- http_uri.proto
-- ingress.proto
-- instance.proto
-- ip.proto
-- jwt.proto
-- kubernetes.proto
-- lbhash.proto
-- load_balancer.proto
-- local_ratelimit.proto
-- matchable_http_gateway.proto
-- matchable_tcp_gateway.proto
-- matcher.proto
-- matchers.proto
-- metadata.proto
-- metadata.proto
-- metrics.proto
-- migrate.proto
-- migrate.proto
-- mutation_rules.proto
-- opencensus.proto
-- opentelemetry.proto
-- options.proto
-- orca.proto
-- outlier_detection.proto
-- parameters.proto
-- percent.proto
-- percent.proto
-- pipe.proto
-- placement.proto
-- processing_mode.proto
-- protocol.proto
-- protocol_upgrade.proto
-- proxy.proto
-- proxy_endpoint.proto
-- proxy_protocol.proto
-- proxy_protocol.proto
-- proxy_protocol.proto
-- proxylatency.proto
-- proxyprotocol.proto
-- query_options.proto
-- query_options.proto
-- range.proto
-- range.proto
-- range.proto
-- range.proto
-- ratelimit.proto
-- ratelimit.proto
-- ratelimit.proto
-- rbac.proto
-- ref.proto
-- regex.proto
-- regex.proto
-- resolver.proto
-- resource.proto
-- resource_locator.proto
-- resource_name.proto
-- rest.proto
-- retries.proto
-- route.proto
-- route_components.proto
-- route_table.proto
-- router.proto
-- sanitize.proto
-- secret.proto
-- security.proto
-- selectors.proto
-- semantic_version.proto
-- semantic_version.proto
-- sensitive.proto
-- sensitive.proto
-- server_name_matcher.proto
-- service.proto
-- service_spec.proto
-- settings.proto
-- shadowing.proto
-- snap.proto
-- socket_option.proto
-- socket_option.proto
-- solo-discovery-service.proto
-- solo-kit.proto
-- solo_jwt_authn.proto
-- solo_xff_offset_filter.proto
-- source_context.proto
-- ssl.proto
-- ssl.proto
-- stages.proto
-- stateful_session.proto
-- statefulsession.proto
-- statefulsession.proto
-- static.proto
-- stats.proto
-- status.proto
-- status.proto
-- status.proto
-- status.proto
-- stitching.proto
-- string.proto
-- string.proto
-- struct.proto
-- subset.proto
-- subset_spec.proto
-- tap.proto
-- tap.proto
-- tcp.proto
-- timestamp.proto
-- tls_cipher_inspector.proto
-- trace.proto
-- tracing.proto
-- transformation.proto
-- transformation.proto
-- transformation.proto
-- type.proto
-- typed_struct.proto
-- upstream.proto
-- upstream_proxy_protocol.proto
-- upstream_wait_filter.proto
-- version.proto
-- versioning.proto
-- versioning.proto
-- virtual_service.proto
-- waf.proto
-- waf.proto
-- wasm.proto
-- wasm.proto
-- wasm.proto
-- wrappers.proto
-- xslt_transformer.proto
-- zipkin.proto
-
Command Line Reference
-
Changelog
-
Helm Chart Values
-
Security Updates
- Security Posture
- Gloo Gateway Port Reference
- Release Support
-
Cheatsheets
Contribution Guide
Get help and support
grpc_service.proto
Package: solo.io.envoy.config.core.v3
Types:
GrpcService
gRPC service configuration. This is used by :ref:ApiConfigSource <envoy_api_msg_config.core.v3.ApiConfigSource>
and filter configurations.
[#next-free-field: 6]
"envoyGrpc": .solo.io.envoy.config.core.v3.GrpcService.EnvoyGrpc
"googleGrpc": .solo.io.envoy.config.core.v3.GrpcService.GoogleGrpc
"timeout": .google.protobuf.Duration
"initialMetadata": [] solo.io.envoy.config.core.v3.HeaderValue
Field
Type
Description
envoyGrpc
.solo.io.envoy.config.core.v3.GrpcService.EnvoyGrpc
Envoy’s in-built gRPC client. See the :ref:gRPC services overview <arch_overview_grpc_services>
documentation for discussion on gRPC client selection. Only one of envoyGrpc
or googleGrpc
can be set.
googleGrpc
.solo.io.envoy.config.core.v3.GrpcService.GoogleGrpc
Google C++ gRPC client <https://github.com/grpc/grpc>
_ See the :ref:gRPC services overview <arch_overview_grpc_services>
documentation for discussion on gRPC client selection. Only one of googleGrpc
or envoyGrpc
can be set.
timeout
.google.protobuf.Duration
The timeout for the gRPC request. This is the timeout for a specific request.
initialMetadata
[]solo.io.envoy.config.core.v3.HeaderValue
Additional metadata to include in streams initiated to the GrpcService. This can be used for scenarios in which additional ad hoc authorization headers (e.g. x-foo-bar: baz-key
) are to be injected.
EnvoyGrpc
"clusterName": string
"authority": string
"retryPolicy": .solo.io.envoy.config.core.v3.RetryPolicy
Field
Type
Description
clusterName
string
The name of the upstream gRPC cluster. SSL credentials will be supplied in the :ref:Cluster <envoy_api_msg_config.cluster.v3.Cluster>
:ref:transport_socket <envoy_api_field_config.cluster.v3.Cluster.transport_socket>
.
authority
string
The :authority
header in the grpc request. If this field is not set, the authority header value will be cluster_name
. Note that this authority does not override the SNI. The SNI is provided by the transport socket of the cluster.
retryPolicy
.solo.io.envoy.config.core.v3.RetryPolicy
Indicates the retry policy for re-establishing the gRPC stream This field is optional. If max interval is not provided, it will be set to ten times the provided base interval. Currently only supported for xDS gRPC streams. If not set, xDS gRPC streams default base interval:500ms, maximum interval:30s will be applied.
GoogleGrpc
[#next-free-field: 9]
"targetUri": string
"channelCredentials": .solo.io.envoy.config.core.v3.GrpcService.GoogleGrpc.ChannelCredentials
"callCredentials": [] solo.io.envoy.config.core.v3.GrpcService.GoogleGrpc.CallCredentials
"statPrefix": string
"credentialsFactoryName": string
"config": .google.protobuf.Struct
"perStreamBufferLimitBytes": .google.protobuf.UInt32Value
"channelArgs": .solo.io.envoy.config.core.v3.GrpcService.GoogleGrpc.ChannelArgs
Field
Type
Description
targetUri
string
The target URI when using the Google C++ gRPC client <https://github.com/grpc/grpc>
_. SSL credentials will be supplied in :ref:channel_credentials <envoy_api_field_config.core.v3.GrpcService.GoogleGrpc.channel_credentials>
.
channelCredentials
.solo.io.envoy.config.core.v3.GrpcService.GoogleGrpc.ChannelCredentials
callCredentials
[]solo.io.envoy.config.core.v3.GrpcService.GoogleGrpc.CallCredentials
A set of call credentials that can be composed with channel credentials <https://grpc.io/docs/guides/auth.html#credential-types>
_.
statPrefix
string
The human readable prefix to use when emitting statistics for the gRPC service. .. csv-table:: :header: Name, Type, Description :widths: 1, 1, 2 streams_total, Counter, Total number of streams opened streams_closed_, Counter, Total streams closed with .
credentialsFactoryName
string
The name of the Google gRPC credentials factory to use. This must have been registered with Envoy. If this is empty, a default credentials factory will be used that sets up channel credentials based on other configuration parameters.
config
.google.protobuf.Struct
Additional configuration for site-specific customizations of the Google gRPC library.
perStreamBufferLimitBytes
.google.protobuf.UInt32Value
How many bytes each stream can buffer internally. If not set an implementation defined default is applied (1MiB).
channelArgs
.solo.io.envoy.config.core.v3.GrpcService.GoogleGrpc.ChannelArgs
Custom channels args.
SslCredentials
See https://grpc.io/grpc/cpp/structgrpc_1_1_ssl_credentials_options.html .
"rootCerts": .solo.io.envoy.config.core.v3.DataSource
"privateKey": .solo.io.envoy.config.core.v3.DataSource
"certChain": .solo.io.envoy.config.core.v3.DataSource
GoogleLocalCredentials
Local channel credentials. Only UDS is supported for now.
See https://github.com/grpc/grpc/pull/15909 .
ChannelCredentials
See https://grpc.io/docs/guides/auth.html#credential-types to understand Channel and Call
credential types.
"sslCredentials": .solo.io.envoy.config.core.v3.GrpcService.GoogleGrpc.SslCredentials
"googleDefault": .google.protobuf.Empty
"localCredentials": .solo.io.envoy.config.core.v3.GrpcService.GoogleGrpc.GoogleLocalCredentials
CallCredentials
[#next-free-field: 8]
"accessToken": string
"googleComputeEngine": .google.protobuf.Empty
"googleRefreshToken": string
"serviceAccountJwtAccess": .solo.io.envoy.config.core.v3.GrpcService.GoogleGrpc.CallCredentials.ServiceAccountJWTAccessCredentials
"googleIam": .solo.io.envoy.config.core.v3.GrpcService.GoogleGrpc.CallCredentials.GoogleIAMCredentials
"fromPlugin": .solo.io.envoy.config.core.v3.GrpcService.GoogleGrpc.CallCredentials.MetadataCredentialsFromPlugin
"stsService": .solo.io.envoy.config.core.v3.GrpcService.GoogleGrpc.CallCredentials.StsService
Field
Type
Description
accessToken
string
Access token credentials. https://grpc.io/grpc/cpp/namespacegrpc.html#ad3a80da696ffdaea943f0f858d7a360d . Only one of accessToken
, googleComputeEngine
, googleRefreshToken
, serviceAccountJwtAccess
, googleIam
, fromPlugin
, or stsService
can be set.
googleComputeEngine
.google.protobuf.Empty
Google Compute Engine credentials. https://grpc.io/grpc/cpp/namespacegrpc.html#a6beb3ac70ff94bd2ebbd89b8f21d1f61 . Only one of googleComputeEngine
, accessToken
, googleRefreshToken
, serviceAccountJwtAccess
, googleIam
, fromPlugin
, or stsService
can be set.
googleRefreshToken
string
Google refresh token credentials. https://grpc.io/grpc/cpp/namespacegrpc.html#a96901c997b91bc6513b08491e0dca37c . Only one of googleRefreshToken
, accessToken
, googleComputeEngine
, serviceAccountJwtAccess
, googleIam
, fromPlugin
, or stsService
can be set.
serviceAccountJwtAccess
.solo.io.envoy.config.core.v3.GrpcService.GoogleGrpc.CallCredentials.ServiceAccountJWTAccessCredentials
Service Account JWT Access credentials. https://grpc.io/grpc/cpp/namespacegrpc.html#a92a9f959d6102461f66ee973d8e9d3aa . Only one of serviceAccountJwtAccess
, accessToken
, googleComputeEngine
, googleRefreshToken
, googleIam
, fromPlugin
, or stsService
can be set.
googleIam
.solo.io.envoy.config.core.v3.GrpcService.GoogleGrpc.CallCredentials.GoogleIAMCredentials
Google IAM credentials. https://grpc.io/grpc/cpp/namespacegrpc.html#a9fc1fc101b41e680d47028166e76f9d0 . Only one of googleIam
, accessToken
, googleComputeEngine
, googleRefreshToken
, serviceAccountJwtAccess
, fromPlugin
, or stsService
can be set.
fromPlugin
.solo.io.envoy.config.core.v3.GrpcService.GoogleGrpc.CallCredentials.MetadataCredentialsFromPlugin
Custom authenticator credentials. https://grpc.io/grpc/cpp/namespacegrpc.html#a823c6a4b19ffc71fb33e90154ee2ad07 . https://grpc.io/docs/guides/auth.html#extending-grpc-to-support-other-authentication-mechanisms . Only one of fromPlugin
, accessToken
, googleComputeEngine
, googleRefreshToken
, serviceAccountJwtAccess
, googleIam
, or stsService
can be set.
stsService
.solo.io.envoy.config.core.v3.GrpcService.GoogleGrpc.CallCredentials.StsService
Custom security token service which implements OAuth 2.0 token exchange. https://datatracker.ietf.org/doc/html/draft-ietf-oauth-token-exchange-16 See https://github.com/grpc/grpc/pull/19587 . Only one of stsService
, accessToken
, googleComputeEngine
, googleRefreshToken
, serviceAccountJwtAccess
, googleIam
, or fromPlugin
can be set.
ServiceAccountJWTAccessCredentials
"jsonKey": string
"tokenLifetimeSeconds": int
Field
Type
Description
jsonKey
string
tokenLifetimeSeconds
int
GoogleIAMCredentials
"authorizationToken": string
"authoritySelector": string
Field
Type
Description
authorizationToken
string
authoritySelector
string
"name": string
"typedConfig": .google.protobuf.Any
StsService
Security token service configuration that allows Google gRPC to
fetch security token from an OAuth 2.0 authorization server.
See https://datatracker.ietf.org/doc/html/draft-ietf-oauth-token-exchange-16 and
https://github.com/grpc/grpc/pull/19587 .
[#next-free-field: 10]
"tokenExchangeServiceUri": string
"resource": string
"audience": string
"scope": string
"requestedTokenType": string
"subjectTokenPath": string
"subjectTokenType": string
"actorTokenPath": string
"actorTokenType": string
Field
Type
Description
tokenExchangeServiceUri
string
URI of the token exchange service that handles token exchange requests. [#comment:TODO(asraa): Add URI validation when implemented. Tracked by https://github.com/envoyproxy/protoc-gen-validate/issues/303].
resource
string
Location of the target service or resource where the client intends to use the requested security token.
audience
string
Logical name of the target service where the client intends to use the requested security token.
scope
string
The desired scope of the requested security token in the context of the service or resource where the token will be used.
requestedTokenType
string
Type of the requested security token.
subjectTokenPath
string
The path of subject token, a security token that represents the identity of the party on behalf of whom the request is being made.
subjectTokenType
string
Type of the subject token.
actorTokenPath
string
The path of actor token, a security token that represents the identity of the acting party. The acting party is authorized to use the requested security token and act on behalf of the subject.
actorTokenType
string
Type of the actor token.
ChannelArgs
Channel arguments.
"args": map<string, .solo.io.envoy.config.core.v3.GrpcService.GoogleGrpc.ChannelArgs.Value>
Field
Type
Description
args
map<string, .solo.io.envoy.config.core.v3.GrpcService.GoogleGrpc.ChannelArgs.Value>
See grpc_types.h GRPC_ARG #defines for keys that work here.
Value
"stringValue": string
"intValue": int
Field
Type
Description
stringValue
string
Only one of stringValue
or intValue
can be set.
intValue
int
Only one of intValue
or stringValue
can be set.