istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pilot/pkg/features/ambient.go

istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pilot/pkg/features/ambient.go (about)

     1  // Copyright Istio Authors
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package features
    16  
    17  import (
    18  	"istio.io/istio/pkg/env"
    19  	"istio.io/istio/pkg/log"
    20  )
    21  
    22  var (
    23  	EnableAmbient = env.Register(
    24  		"PILOT_ENABLE_AMBIENT",
    25  		false,
    26  		"If enabled, ambient mode can be used. Individual flags configure fine grained enablement; this must be enabled for any ambient functionality.").Get()
    27  
    28  	EnableAmbientWaypoints = registerAmbient("PILOT_ENABLE_AMBIENT_WAYPOINTS",
    29  		true, false,
    30  		"If enabled, controllers required for ambient will run. This is required to run ambient mesh.")
    31  
    32  	EnableHBONESend = registerAmbient(
    33  		"PILOT_ENABLE_SENDING_HBONE",
    34  		true, false,
    35  		"If enabled, HBONE will be allowed when sending to destinations.")
    36  
    37  	EnableSidecarHBONEListening = registerAmbient(
    38  		"PILOT_ENABLE_SIDECAR_LISTENING_HBONE",
    39  		true, false,
    40  		"If enabled, HBONE support can be configured for proxies.")
    41  
    42  	// Not required for ambient, so disabled by default
    43  	PreferHBONESend = registerAmbient(
    44  		"PILOT_PREFER_SENDING_HBONE",
    45  		false, false,
    46  		"If enabled, HBONE will be preferred when sending to destinations. ")
    47  
    48  	DefaultAllowFromWaypoint = registerAmbient(
    49  		"PILOT_AUTO_ALLOW_WAYPOINT_POLICY",
    50  		false, false,
    51  		"If enabled, zTunnel will receive synthetic authorization policies for each workload ALLOW the Waypoint's identity. "+
    52  			"Unless other ALLOW policies are created, this effectively denies traffic that doesn't go through the waypoint.")
    53  )
    54  
    55  // registerAmbient registers a variable that is allowed only if EnableAmbient is set
    56  func registerAmbient[T env.Parseable](name string, defaultWithAmbient, defaultWithoutAmbient T, description string) T {
    57  	if EnableAmbient {
    58  		return env.Register(name, defaultWithAmbient, description).Get()
    59  	}
    60  
    61  	_, f := env.Register(name, defaultWithoutAmbient, description).Lookup()
    62  	if f {
    63  		log.Warnf("ignoring %v; requires PILOT_ENABLE_AMBIENT=true", name)
    64  	}
    65  	return defaultWithoutAmbient
    66  }