github.com/cilium/cilium@v1.16.2/Documentation/network/servicemesh/l7-traffic-management.rst

github.com/cilium/cilium@v1.16.2/Documentation/network/servicemesh/l7-traffic-management.rst (about)

     1  .. only:: not (epub or latex or html)
     2  
     3      WARNING: You are looking at unreleased Cilium documentation.
     4      Please use the official rendered version released here:
     5      https://docs.cilium.io
     6  
     7  .. _gs_l7_traffic_management:
     8  
     9  ***************************
    10  L7-Aware Traffic Management
    11  ***************************
    12  
    13  Cilium provides a way to control L7 traffic via CRDs (e.g. CiliumEnvoyConfig
    14  and CiliumClusterwideEnvoyConfig).
    15  
    16  Prerequisites
    17  #############
    18  
    19  * Cilium must be configured with NodePort enabled, using
    20    ``nodePort.enabled=true`` or by enabling the kube-proxy replacement with
    21    ``kubeProxyReplacement=true``. For more information, see :ref:`kube-proxy
    22    replacement <kubeproxy-free>`.
    23  
    24  Caveats
    25  #######
    26  
    27  * ``CiliumEnvoyConfig`` resources have only minimal validation performed, and
    28    do not have a defined conflict resolution behavior. This means that if you
    29    create multiple CECs that modify the same parts of Envoy's config, the results
    30    may be unpredictable.
    31  * In addition to this minimal validation, ``CiliumEnvoyConfig`` has minimal
    32    feedback to the user about the correctness of the configuration. So in the
    33    event a CEC does produce an undesirable outcome, troubleshooting will require
    34    inspecting the Envoy config and logs, rather than being able to look at the
    35    ``CiliumEnvoyConfig`` in question.  
    36  * ``CiliumEnvoyConfig`` is used by Cilium's Ingress and Gateway API support to
    37    direct traffic through the per-node Envoy proxies. If you create CECs that
    38    conflict with or modify the autogenerated config, results may be unpredictable.
    39    Be very careful using CECs for these use cases. The above risks are managed
    40    by ensuring that all config generated by Cilium is semantically valid, as far
    41    as possible.
    42  
    43  .. include:: installation.rst
    44  
    45  Supported Envoy API Versions
    46  ============================
    47  
    48  As of now only the Envoy API v3 is supported.
    49  
    50  Supported Envoy Extension Resource Types
    51  ========================================
    52  
    53  Envoy extensions are resource types that may or may not be built in to
    54  an Envoy build. The standard types referred to in Envoy documentation,
    55  such as ``type.googleapis.com/envoy.config.listener.v3.Listener``, and
    56  ``type.googleapis.com/envoy.config.route.v3.RouteConfiguration``, are
    57  always available.
    58  
    59  Cilium nodes deploy an Envoy image to support Cilium HTTP policy
    60  enforcement and observability. This build of Envoy has been optimized
    61  for the needs of the Cilium Agent and does not contain many of the
    62  Envoy extensions available in the Envoy code base.
    63  
    64  To see which Envoy extensions are available, please have a look at
    65  the `Envoy extensions configuration
    66  file <https://github.com/cilium/proxy/blob/main/envoy_build_config/extensions_build_config.bzl>`_.
    67  Only the extensions that have not been commented out with ``#`` are
    68  built in to the Cilium Envoy image. We will evolve the list of built-in
    69  extensions based on user feedback.
    70  
    71  Examples
    72  ########
    73  
    74  Please refer to one of the below examples on how to use and leverage
    75  Cilium's Ingress features:
    76  
    77  .. toctree::
    78     :maxdepth: 1
    79     :glob:
    80  
    81     envoy-custom-listener
    82     envoy-traffic-management
    83     envoy-circuit-breaker
    84     envoy-load-balancing
    85     envoy-traffic-shifting