istio

1
// Copyright Istio Authors
2
//
3
// Licensed under the Apache License, Version 2.0 (the "License");
4
// you may not use this file except in compliance with the License.
5
// You may obtain a copy of the License at
6
//
7
//     http://www.apache.org/licenses/LICENSE-2.0
8
//
9
// Unless required by applicable law or agreed to in writing, software
10
// distributed under the License is distributed on an "AS IS" BASIS,
11
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
// See the License for the specific language governing permissions and
13
// limitations under the License.
14

15
package options
16

17
import (
18
	"os"
19
	"path/filepath"
20
	"strings"
21

22
	meshconfig "istio.io/api/mesh/v1alpha1"
23
	"istio.io/istio/pilot/pkg/features"
24
	"istio.io/istio/pilot/pkg/model"
25
	"istio.io/istio/pkg/bootstrap/platform"
26
	istioagent "istio.io/istio/pkg/istio-agent"
27
	"istio.io/istio/pkg/util/sets"
28
	"istio.io/istio/pkg/wasm"
29
)
30

31
// Similar with ISTIO_META_, which is used to customize the node metadata - this customizes extra header.
32
const xdsHeaderPrefix = "XDS_HEADER_"
33

34
func NewAgentOptions(proxy *model.Proxy, cfg *meshconfig.ProxyConfig) *istioagent.AgentOptions {
35
	var insecureRegistries []string
36
	if wasmInsecureRegistries != "" {
37
		insecureRegistries = strings.Split(wasmInsecureRegistries, ",")
38
	}
39
	o := &istioagent.AgentOptions{
40
		XDSRootCerts:             xdsRootCA,
41
		CARootCerts:              caRootCA,
42
		XDSHeaders:               map[string]string{},
43
		XdsUdsPath:               filepath.Join(cfg.ConfigPath, "XDS"),
44
		IsIPv6:                   proxy.IsIPv6(),
45
		ProxyType:                proxy.Type,
46
		EnableDynamicProxyConfig: enableProxyConfigXdsEnv,
47
		WASMOptions: wasm.Options{
48
			InsecureRegistries:    sets.New(insecureRegistries...),
49
			ModuleExpiry:          wasmModuleExpiry,
50
			PurgeInterval:         wasmPurgeInterval,
51
			HTTPRequestTimeout:    wasmHTTPRequestTimeout,
52
			HTTPRequestMaxRetries: wasmHTTPRequestMaxRetries,
53
		},
54
		ProxyIPAddresses:            proxy.IPAddresses,
55
		ServiceNode:                 proxy.ServiceNode(),
56
		EnvoyStatusPort:             envoyStatusPortEnv,
57
		EnvoyPrometheusPort:         envoyPrometheusPortEnv,
58
		MinimumDrainDuration:        minimumDrainDurationEnv,
59
		ExitOnZeroActiveConnections: exitOnZeroActiveConnectionsEnv,
60
		Platform:                    platform.Discover(proxy.SupportsIPv6()),
61
		GRPCBootstrapPath:           grpcBootstrapEnv,
62
		DisableEnvoy:                disableEnvoyEnv,
63
		ProxyXDSDebugViaAgent:       proxyXDSDebugViaAgent,
64
		ProxyXDSDebugViaAgentPort:   proxyXDSDebugViaAgentPort,
65
		DNSCapture:                  DNSCaptureByAgent.Get(),
66
		DNSForwardParallel:          DNSForwardParallel.Get(),
67
		DNSAddr:                     DNSCaptureAddr.Get(),
68
		ProxyNamespace:              PodNamespaceVar.Get(),
69
		ProxyDomain:                 proxy.DNSDomain,
70
		IstiodSAN:                   istiodSAN.Get(),
71
		DualStack:                   features.EnableDualStack,
72
		UseExternalWorkloadSDS:      useExternalWorkloadSDSEnv,
73
		MetadataDiscovery:           enableWDSEnv,
74
	}
75
	extractXDSHeadersFromEnv(o)
76
	return o
77
}
78

79
// Simplified extraction of gRPC headers from environment.
80
// Unlike ISTIO_META, where we need JSON and advanced features - this is just for small string headers.
81
func extractXDSHeadersFromEnv(o *istioagent.AgentOptions) {
82
	envs := os.Environ()
83
	for _, e := range envs {
84
		if strings.HasPrefix(e, xdsHeaderPrefix) {
85
			parts := strings.SplitN(e, "=", 2)
86
			if len(parts) != 2 {
87
				continue
88
			}
89
			o.XDSHeaders[parts[0][len(xdsHeaderPrefix):]] = parts[1]
90
		}
91
	}
92
}
93