allow adding arbitrary filters in Proxy (#9694)

* allow adding arbitrary filters in Proxy * make it not a plugin * changelog * add values to test --------- Co-authored-by: Eitan Yarmush <[email protected]>
solo-io · Jul 26, 2024 · 02d48c6 · 02d48c6
1 parent 9f5fe80
commit 02d48c6
Show file tree

Hide file tree

Showing 16 changed files with 2,288 additions and 1,538 deletions.
diff --git a/changelog/v1.18.0-beta11/custom-filters-proxy.yaml b/changelog/v1.18.0-beta11/custom-filters-proxy.yaml
@@ -0,0 +1,6 @@
+changelog:
+  - type: NON_USER_FACING
+    description: >-
+      Add fields to TcpListenerOptions and HttpListenerOptions that allow
+      GGv2 translation to direclty configure Envoy. While this is technically
+      accessible by users, we will not document or encourage its usage.
diff --git a/...nt/reference/api/github.com/solo-io/gloo/projects/gloo/api/v1/proxy.proto.sk.md b/...nt/reference/api/github.com/solo-io/gloo/projects/gloo/api/v1/proxy.proto.sk.md
diff --git a/docs/data/ProtoMap.yaml b/docs/data/ProtoMap.yaml
@@ -785,6 +785,9 @@ apis:
   gloo.solo.io.ConsulServiceDestination:
     relativepath: reference/api/github.com/solo-io/gloo/projects/gloo/api/v1/proxy.proto.sk/#ConsulServiceDestination
     package: gloo.solo.io
+  gloo.solo.io.CustomEnvoyFilter:
+    relativepath: reference/api/github.com/solo-io/gloo/projects/gloo/api/v1/proxy.proto.sk/#CustomEnvoyFilter
+    package: gloo.solo.io
   gloo.solo.io.DeletedResources:
     relativepath: reference/api/github.com/solo-io/gloo/projects/gloo/api/grpc/validation/gloo_validation.proto.sk/#DeletedResources
     package: gloo.solo.io

diff --git a/projects/gloo/api/v1/options.proto b/projects/gloo/api/v1/options.proto
@@ -10,6 +10,7 @@ option (extproto.hash_all) = true;
 option (extproto.clone_all) = true;
 
 import "github.com/solo-io/gloo/projects/gloo/api/v1/extensions.proto";
+import "github.com/solo-io/gloo/projects/gloo/api/v1/filters/stages.proto";
 import "github.com/solo-io/gloo/projects/gloo/api/v1/options/cors/cors.proto";
 import "github.com/solo-io/gloo/projects/gloo/api/v1/options/rest/rest.proto";
 import "github.com/solo-io/gloo/projects/gloo/api/v1/options/grpc/grpc.proto";
@@ -238,6 +239,7 @@ message HttpListenerOptions {
     // determine whether requests should be rejected based on the contents of
     // the header.
     header_validation.options.gloo.solo.io.HeaderValidationSettings header_validation_settings = 36;
+
 }
 
 // Optional, feature-specific configuration that lives on tcp listeners
@@ -250,6 +252,7 @@ message TcpListenerOptions {
     // LocalRatelimit can be used to rate limit the connections per gateway at the L4 layer.
     // It uses envoy's own local rate limit filter to do so, without the need for an external rate limit server to be set up.
     local_ratelimit.options.gloo.solo.io.TokenBucket local_ratelimit = 5;
+
 }
 
 // Optional, feature-specific configuration that lives on virtual hosts.

diff --git a/projects/gloo/api/v1/proxy.proto b/projects/gloo/api/v1/proxy.proto
@@ -5,6 +5,7 @@ option go_package = "github.com/solo-io/gloo/projects/gloo/pkg/api/v1";
 import "google/protobuf/wrappers.proto";
 import "google/protobuf/empty.proto";
 import "google/protobuf/struct.proto";
+import "google/protobuf/any.proto";
 
 import "extproto/ext.proto";
 option (extproto.equal_all) = true;
@@ -19,6 +20,7 @@ import "github.com/solo-io/solo-kit/api/v1/solo-kit.proto";
 import "github.com/solo-io/gloo/projects/gloo/api/v1/ssl/ssl.proto";
 import "github.com/solo-io/gloo/projects/gloo/api/v1/subset.proto";
 import "github.com/solo-io/gloo/projects/gloo/api/v1/options.proto";
+import "github.com/solo-io/gloo/projects/gloo/api/v1/filters/stages.proto";
 
 import "github.com/solo-io/gloo/projects/gloo/api/v1/core/matchers/matchers.proto";
 import "github.com/solo-io/gloo/projects/gloo/api/external/envoy/config/core/v3/address.proto";
@@ -134,6 +136,9 @@ message TcpListener {
     TcpListenerOptions options = 8;
     // prefix for addressing envoy stats for the tcp proxy
     string stat_prefix = 3;
+
+    // Additional arbitrary network Filters that will be inserted directly into xDS.
+    repeated CustomEnvoyFilter custom_network_filters = 4;
 }
 
 message TcpHost {
@@ -185,6 +190,12 @@ message HttpListener {
     HttpListenerOptions options = 2;
     // prefix for addressing envoy stats for the http connection manager
     string stat_prefix = 3;
+
+    // Additional arbitrary HTTPFilters that will be inserted directly into xDS.
+    repeated CustomEnvoyFilter custom_http_filters = 4;
+
+    // Additional arbitrary network Filters that will be inserted directly into xDS.
+    repeated CustomEnvoyFilter custom_network_filters = 5;
 }
 
 message HybridListener {
@@ -217,6 +228,7 @@ message MatchedTcpListener {
 
     // The actual tcp listener to be used for this matcher in the aggregate listener
     TcpListener tcp_listener = 2;
+
 }
 
 message Matcher {
@@ -263,6 +275,12 @@ message AggregateListener {
         // The set of refs pointing to VirtualHosts which are available on this HttpFilterChain
         // Each ref corresponds to an entry in the HttpResources.VirtualHosts map
         repeated string virtual_host_refs = 3;
+
+        // Additional arbitrary HTTPFilters that will be inserted directly into xDS.
+        repeated CustomEnvoyFilter custom_http_filters = 37;
+
+        // Additional arbitrary network Filters that will be inserted directly into xDS.
+        repeated CustomEnvoyFilter custom_network_filters = 38;
     }
 
     // The aggregate set of resources available on this listener
@@ -602,3 +620,16 @@ message SourceMetadata {
     // A list of sources
     repeated SourceRef sources = 1;
 }
+
+// CustomEnvoyFilter contains an arbitrary filter.
+// These may be HTTPFilters or NetworkFilters, depending on the context they're used.
+message CustomEnvoyFilter {
+  // Determines filter ordering.
+  .filters.gloo.solo.io.FilterStage filter_stage = 1;
+
+  // The name of the filter configuration.
+  string name = 2;
+
+  // Filter specific configuration.
+  google.protobuf.Any config = 3;
+}