istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pkg/zdsapi/zds.proto

istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pkg/zdsapi/zds.proto (about)

     1  // Copyright Istio Authors
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  syntax = "proto3";
    16  
    17  // GRPC package - part of the URL. Service is added.
    18  // URL: /PACKAGE.SERVICE/METHOD
    19  package istio.workload.zds;
    20  
    21  option go_package="pkg/zdsapi";
    22  
    23  enum Version {
    24    NOT_USED = 0;
    25    V1 = 1;
    26  }
    27  
    28  message ZdsHello {
    29    Version version = 1;
    30  }
    31  
    32  message WorkloadInfo {
    33    string name = 1;
    34    string namespace = 2;
    35    string service_account = 3;
    36    string trust_domain = 4;
    37  }
    38  
    39  // Add a workload to the ztunnel. this will be accompanied by ancillary data contianing
    40  // the workload's netns file descriptor.
    41  message AddWorkload {
    42    string uid = 1;
    43    WorkloadInfo workload_info = 2;
    44  }
    45  
    46  // Keep workload that we can't find in the fd cache. This can only be sent before SnapshotSent is sent
    47  // to signal ztunnel to not delete the workload if it has it.
    48  message KeepWorkload {
    49    string uid = 1;
    50  }
    51  
    52  // Delete a workload from the ztunnel. Ztunnel should shutdown the workload's proxy.
    53  message DelWorkload {
    54    string uid = 2;
    55  }
    56  
    57  // Let ztunnel know that a full snapshot was sent. Ztunnel should reconcile its internal state
    58  // and remove internal entries that were not sent.
    59  message SnapshotSent {
    60  }
    61  
    62  // Ztunnel ack message. If error is not empty, this is an error message.
    63  message Ack {
    64    string error = 1;
    65  }
    66  
    67  /*
    68  Protocol details:
    69  on new connection from ztunnel to CNI, the CNI agent
    70  - will send all the existing payloads (that it has in its cache) to the ztunnel using AddWorkload message.
    71  - the ztunnel will send an ack for each payload (which the CNI will wait for before sending the next one).
    72  - when the CNI finishes sending the content of its current cache, a SnapshotSent message will be sent.
    73  - the ztunnel will then remove any entries from its cache that were not sent up to this point (as these entries do not exist in the CNI
    74    cache, and must have been deleted). ztunnel will ack the SnapshotSent message.
    75  - from now on, ztunnel will expect only AddWorkload and DelWorkload messages.
    76  */
    77  
    78  // Sent from CNI to ztunnel
    79  message WorkloadRequest {
    80    oneof payload {
    81      AddWorkload add = 1;
    82      KeepWorkload keep = 5;
    83      DelWorkload del = 2;
    84      SnapshotSent snapshot_sent = 3;
    85    }
    86  }
    87  
    88  // Sent from ztunnel to CNI
    89  message WorkloadResponse {
    90    oneof payload {
    91      Ack ack = 1;
    92    }
    93  }