istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pkg/config/gateway/gateway.go (about) 1 // Copyright Istio Authors 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package gateway 16 17 import ( 18 "istio.io/api/networking/v1alpha3" 19 "istio.io/istio/pilot/pkg/features" 20 "istio.io/istio/pkg/config/protocol" 21 ) 22 23 // IsTLSServer returns true if this server is non HTTP, but with some TLS settings for termination/passthrough 24 func IsTLSServer(server *v1alpha3.Server) bool { 25 // to filter out https redirect 26 if server.Tls != nil && !protocol.Parse(server.Port.Protocol).IsHTTP() { 27 return true 28 } 29 return false 30 } 31 32 // IsHTTPSServerWithTLSTermination returns true if the server is HTTPS with TLS termination 33 func IsHTTPSServerWithTLSTermination(server *v1alpha3.Server) bool { 34 if server.Tls != nil { 35 p := protocol.Parse(server.Port.Protocol) 36 if p == protocol.HTTPS && !IsPassThroughServer(server) { 37 return true 38 } 39 } 40 return false 41 } 42 43 // IsHTTPServer returns true if this server is using HTTP or HTTPS with termination 44 func IsHTTPServer(server *v1alpha3.Server) bool { 45 p := protocol.Parse(server.Port.Protocol) 46 if p.IsHTTP() { 47 return true 48 } 49 50 if p == protocol.HTTPS && !IsPassThroughServer(server) { 51 return true 52 } 53 54 return false 55 } 56 57 // IsEligibleForHTTP3Upgrade returns true if we can create an HTTP/3 server 58 // listening of QUIC for the given server. It must be a TLS non-passthrough 59 // as TLS is mandatory for QUIC 60 func IsEligibleForHTTP3Upgrade(server *v1alpha3.Server) bool { 61 if !features.EnableQUICListeners { 62 return false 63 } 64 p := protocol.Parse(server.Port.Protocol) 65 return p == protocol.HTTPS && !IsPassThroughServer(server) 66 } 67 68 // IsPassThroughServer returns true if this server does TLS passthrough (auto or manual) 69 func IsPassThroughServer(server *v1alpha3.Server) bool { 70 if server.Tls == nil { 71 return false 72 } 73 74 if server.Tls.Mode == v1alpha3.ServerTLSSettings_PASSTHROUGH || 75 server.Tls.Mode == v1alpha3.ServerTLSSettings_AUTO_PASSTHROUGH { 76 return true 77 } 78 79 return false 80 } 81 82 // IsTCPServerWithTLSTermination returns true if this server is TCP(non-HTTP) server with some TLS settings for termination 83 func IsTCPServerWithTLSTermination(server *v1alpha3.Server) bool { 84 if !IsPassThroughServer(server) { 85 p := protocol.Parse(server.Port.Protocol) 86 if !p.IsHTTP() && !p.IsHTTPS() { 87 return true 88 } 89 } 90 return false 91 }