mirror of
https://github.com/pomerium/pomerium.git
synced 2025-05-10 15:47:36 +02:00
envoy: re-implement recommended defaults (#2123)
This commit is contained in:
Caleb Doxsey
GitHub
parent
f365b30e02
commit
22f6a2207b
5 changed files with 99 additions and 54 deletions
|
|
@ -3,8 +3,24 @@ package envoyconfig
|
|||
import (
|
||||
envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
|
||||
envoy_extensions_upstreams_http_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/v3"
|
||||
"google.golang.org/protobuf/types/known/wrapperspb"
|
||||
)
|
||||
|
||||
// recommended defaults: https://www.envoyproxy.io/docs/envoy/latest/configuration/best_practices/edge
|
||||
const (
|
||||
connectionBufferLimit uint32 = 32 * 1024
|
||||
maxConcurrentStreams uint32 = 100
|
||||
initialStreamWindowSizeLimit uint32 = 64 * 1024
|
||||
initialConnectionWindowSizeLimit uint32 = 1 * 1024 * 1024
|
||||
)
|
||||
|
||||
var http2ProtocolOptions = &envoy_config_core_v3.Http2ProtocolOptions{
|
||||
AllowConnect: true,
|
||||
MaxConcurrentStreams: wrapperspb.UInt32(maxConcurrentStreams),
|
||||
InitialStreamWindowSize: wrapperspb.UInt32(initialStreamWindowSizeLimit),
|
||||
InitialConnectionWindowSize: wrapperspb.UInt32(initialConnectionWindowSizeLimit),
|
||||
}
|
||||
|
||||
func buildUpstreamProtocolOptions(endpoints []Endpoint, forceHTTP2 bool) *envoy_extensions_upstreams_http_v3.HttpProtocolOptions {
|
||||
// if forcing http/2, use that explicitly
|
||||
if forceHTTP2 {
|
||||
|
|
@ -12,9 +28,7 @@ func buildUpstreamProtocolOptions(endpoints []Endpoint, forceHTTP2 bool) *envoy_
|
|||
UpstreamProtocolOptions: &envoy_extensions_upstreams_http_v3.HttpProtocolOptions_ExplicitHttpConfig_{
|
||||
ExplicitHttpConfig: &envoy_extensions_upstreams_http_v3.HttpProtocolOptions_ExplicitHttpConfig{
|
||||
ProtocolConfig: &envoy_extensions_upstreams_http_v3.HttpProtocolOptions_ExplicitHttpConfig_Http2ProtocolOptions{
|
||||
Http2ProtocolOptions: &envoy_config_core_v3.Http2ProtocolOptions{
|
||||
AllowConnect: true,
|
||||
},
|
||||
Http2ProtocolOptions: http2ProtocolOptions,
|
||||
},
|
||||
},
|
||||
},
|
||||
|
|
@ -31,7 +45,9 @@ func buildUpstreamProtocolOptions(endpoints []Endpoint, forceHTTP2 bool) *envoy_
|
|||
if tlsCount > 0 && tlsCount == len(endpoints) {
|
||||
return &envoy_extensions_upstreams_http_v3.HttpProtocolOptions{
|
||||
UpstreamProtocolOptions: &envoy_extensions_upstreams_http_v3.HttpProtocolOptions_AutoConfig{
|
||||
AutoConfig: &envoy_extensions_upstreams_http_v3.HttpProtocolOptions_AutoHttpConfig{},
|
||||
AutoConfig: &envoy_extensions_upstreams_http_v3.HttpProtocolOptions_AutoHttpConfig{
|
||||
Http2ProtocolOptions: http2ProtocolOptions,
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue