istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pkg/config/gateway/gateway.go

istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pkg/config/gateway/gateway.go (about)

     1  // Copyright Istio Authors
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package gateway
    16  
    17  import (
    18  	"istio.io/api/networking/v1alpha3"
    19  	"istio.io/istio/pilot/pkg/features"
    20  	"istio.io/istio/pkg/config/protocol"
    21  )
    22  
    23  // IsTLSServer returns true if this server is non HTTP, but with some TLS settings for termination/passthrough
    24  func IsTLSServer(server *v1alpha3.Server) bool {
    25  	// to filter out https redirect
    26  	if server.Tls != nil && !protocol.Parse(server.Port.Protocol).IsHTTP() {
    27  		return true
    28  	}
    29  	return false
    30  }
    31  
    32  // IsHTTPSServerWithTLSTermination returns true if the server is HTTPS with TLS termination
    33  func IsHTTPSServerWithTLSTermination(server *v1alpha3.Server) bool {
    34  	if server.Tls != nil {
    35  		p := protocol.Parse(server.Port.Protocol)
    36  		if p == protocol.HTTPS && !IsPassThroughServer(server) {
    37  			return true
    38  		}
    39  	}
    40  	return false
    41  }
    42  
    43  // IsHTTPServer returns true if this server is using HTTP or HTTPS with termination
    44  func IsHTTPServer(server *v1alpha3.Server) bool {
    45  	p := protocol.Parse(server.Port.Protocol)
    46  	if p.IsHTTP() {
    47  		return true
    48  	}
    49  
    50  	if p == protocol.HTTPS && !IsPassThroughServer(server) {
    51  		return true
    52  	}
    53  
    54  	return false
    55  }
    56  
    57  // IsEligibleForHTTP3Upgrade returns true if we can create an HTTP/3 server
    58  // listening of QUIC for the given server. It must be a TLS non-passthrough
    59  // as TLS is mandatory for QUIC
    60  func IsEligibleForHTTP3Upgrade(server *v1alpha3.Server) bool {
    61  	if !features.EnableQUICListeners {
    62  		return false
    63  	}
    64  	p := protocol.Parse(server.Port.Protocol)
    65  	return p == protocol.HTTPS && !IsPassThroughServer(server)
    66  }
    67  
    68  // IsPassThroughServer returns true if this server does TLS passthrough (auto or manual)
    69  func IsPassThroughServer(server *v1alpha3.Server) bool {
    70  	if server.Tls == nil {
    71  		return false
    72  	}
    73  
    74  	if server.Tls.Mode == v1alpha3.ServerTLSSettings_PASSTHROUGH ||
    75  		server.Tls.Mode == v1alpha3.ServerTLSSettings_AUTO_PASSTHROUGH {
    76  		return true
    77  	}
    78  
    79  	return false
    80  }
    81  
    82  // IsTCPServerWithTLSTermination returns true if this server is TCP(non-HTTP) server with some TLS settings for termination
    83  func IsTCPServerWithTLSTermination(server *v1alpha3.Server) bool {
    84  	if !IsPassThroughServer(server) {
    85  		p := protocol.Parse(server.Port.Protocol)
    86  		if !p.IsHTTP() && !p.IsHTTPS() {
    87  			return true
    88  		}
    89  	}
    90  	return false
    91  }