Package : envoy.config.core.v3



Table of Contents


Field Type Label Description
envoyGrpc envoy.config.core.v3.GrpcService.EnvoyGrpc Envoy's in-built gRPC client. See the :ref:gRPC services overview <arch_overview_grpc_services> documentation for discussion on gRPC client selection.
googleGrpc envoy.config.core.v3.GrpcService.GoogleGrpc Google C++ gRPC client <>_ See the :ref:gRPC services overview <arch_overview_grpc_services> documentation for discussion on gRPC client selection.
timeout google.protobuf.Duration The timeout for the gRPC request. This is the timeout for a specific request.
initialMetadata []envoy.config.core.v3.HeaderValue repeated Additional metadata to include in streams initiated to the GrpcService. This can be used for scenarios in which additional ad hoc authorization headers (e.g. x-foo-bar: baz-key) are to be injected. For more information, including details on header value syntax, see the documentation on :ref:custom request headers <config_http_conn_man_headers_custom_request_headers>.


Field Type Label Description
clusterName string The name of the upstream gRPC cluster. SSL credentials will be supplied in the :ref:Cluster <envoy_api_msg_config.cluster.v3.Cluster> :ref:transport_socket <envoy_api_field_config.cluster.v3.Cluster.transport_socket>.
authority string The :authority header in the grpc request. If this field is not set, the authority header value will be cluster_name. Note that this authority does not override the SNI. The SNI is provided by the transport socket of the cluster.


Field Type Label Description
targetUri string The target URI when using the Google C++ gRPC client <>_. SSL credentials will be supplied in :ref:channel_credentials <envoy_api_field_config.core.v3.GrpcService.GoogleGrpc.channel_credentials>.
channelCredentials envoy.config.core.v3.GrpcService.GoogleGrpc.ChannelCredentials
callCredentials []envoy.config.core.v3.GrpcService.GoogleGrpc.CallCredentials repeated A set of call credentials that can be composed with channel credentials <>_.
statPrefix string The human readable prefix to use when emitting statistics for the gRPC service.
.. csv-table:: :header: Name, Type, Description :widths: 1, 1, 2
streams_total, Counter, Total number of streams opened streams_closed_, Counter, Total streams closed with
credentialsFactoryName string The name of the Google gRPC credentials factory to use. This must have been registered with Envoy. If this is empty, a default credentials factory will be used that sets up channel credentials based on other configuration parameters.
config google.protobuf.Struct Additional configuration for site-specific customizations of the Google gRPC library.
perStreamBufferLimitBytes google.protobuf.UInt32Value How many bytes each stream can buffer internally. If not set an implementation defined default is applied (1MiB).
channelArgs envoy.config.core.v3.GrpcService.GoogleGrpc.ChannelArgs Custom channels args.


Field Type Label Description
accessToken string Access token credentials.
googleComputeEngine google.protobuf.Empty Google Compute Engine credentials.
googleRefreshToken string Google refresh token credentials.
serviceAccountJwtAccess envoy.config.core.v3.GrpcService.GoogleGrpc.CallCredentials.ServiceAccountJWTAccessCredentials Service Account JWT Access credentials.
googleIam envoy.config.core.v3.GrpcService.GoogleGrpc.CallCredentials.GoogleIAMCredentials Google IAM credentials.
fromPlugin envoy.config.core.v3.GrpcService.GoogleGrpc.CallCredentials.MetadataCredentialsFromPlugin Custom authenticator credentials.
stsService envoy.config.core.v3.GrpcService.GoogleGrpc.CallCredentials.StsService Custom security token service which implements OAuth 2.0 token exchange. See


Field Type Label Description
authorizationToken string
authoritySelector string


Field Type Label Description
name string
typedConfig google.protobuf.Any


Field Type Label Description
jsonKey string
tokenLifetimeSeconds uint64


Field Type Label Description
tokenExchangeServiceUri string URI of the token exchange service that handles token exchange requests. [#comment:TODO(asraa): Add URI validation when implemented. Tracked by]
resource string Location of the target service or resource where the client intends to use the requested security token.
audience string Logical name of the target service where the client intends to use the requested security token.
scope string The desired scope of the requested security token in the context of the service or resource where the token will be used.
requestedTokenType string Type of the requested security token.
subjectTokenPath string The path of subject token, a security token that represents the identity of the party on behalf of whom the request is being made.
subjectTokenType string Type of the subject token.
actorTokenPath string The path of actor token, a security token that represents the identity of the acting party. The acting party is authorized to use the requested security token and act on behalf of the subject.
actorTokenType string Type of the actor token.


Field Type Label Description
args []envoy.config.core.v3.GrpcService.GoogleGrpc.ChannelArgs.ArgsEntry repeated See grpc_types.h GRPC_ARG #defines for keys that work here.


Field Type Label Description
key string
value envoy.config.core.v3.GrpcService.GoogleGrpc.ChannelArgs.Value


Field Type Label Description
stringValue string
intValue int64


Field Type Label Description
sslCredentials envoy.config.core.v3.GrpcService.GoogleGrpc.SslCredentials
googleDefault google.protobuf.Empty
localCredentials envoy.config.core.v3.GrpcService.GoogleGrpc.GoogleLocalCredentials



Field Type Label Description
rootCerts envoy.config.core.v3.DataSource PEM encoded server root certificates.
privateKey envoy.config.core.v3.DataSource PEM encoded client private key.
certChain envoy.config.core.v3.DataSource PEM encoded client certificate chain.