package fleetspeak.components

Get desktop application:
View/edit binary Protocol Buffers messages

Used in: Config

• string listen_address = 1

  The bind address to listen on for connections, e.g. ":443" or "localhost:1234". Required.

In this mode Fleetspeak runs in clear text (HTTP). This allows for Fleetspeak to be deployed in a Service Mesh behind a side car proxy that offers a secure communications channel. Fleetspeak accepts a TLS connection from an intermediate actor which terminates the TLS protocol (typically a layer 7 load balancer). The original client passes the certificate it uses for the TLS protocol to the frontend via an HTTP header. The intermediate actor passes a SHA256 checksum of client certificate it receives from the original TLS connection to the frontend via a second HTTP header. The Fleetspeak frontend uses the certificate passed passed from the client to identify it, and uses the hash from the intermediate actor to verify that this certificate was in fact used in the original TLS connection.

Used in: FrontendConfig

• string client_certificate_header = 1

  The name of the HTTP header set by the client that contains the original client certificate. Required.

• string client_certificate_checksum_header = 2

  The name of the HTTP header set by the intermediary that contains the client certificate checksum. Required.

In this mode Fleetspeak runs in clear text (HTTP). This allows for Fleetspeak to be deployed in a Service Mesh behind a side car proxy that offers a secure communications channel. Fleetspeak accepts a TLS connection from an intermediate actor which terminates the TLS protocol (typically a layer 7 load balancer). The intermediate actor passes the client certificate it receives from the original TLS connection to the frontend via an HTTP header. The Fleetspeak frontend uses the certificate passed in this header to identify the client.

Used in: FrontendConfig

• string client_certificate_header = 1

  The name of the HTTP header set by the intermediary that contains the forwarded client certificate. Required.

In this mode Fleetspeak runs in clear text (HTTP). This allows for Fleetspeak to be deployed in a Service Mesh behind a side car proxy that offers a secure communications channel. Fleetspeak accepts a TLS connection from an intermediate envoy which terminates the mTLS protocol exchange. The intermediate envoy passes the client certificate it receives from the original mTLS connection to the frontend via an HTTP header. The Fleetspeak frontend uses the certificate passed in this header to identify the client.

Used in: FrontendConfig

• string client_certificate_header = 1

  The name of the HTTP header set by the intermediary envoy that contains the forwarded client certificate. Required.

Used in: config.Config

• string mysql_data_source_name = 1

  Mysql connection string. Optional. Either this or the SpannerConfig has to be set. https://github.com/go-sql-driver/mysql#dsn-data-source-name

• optional HttpsConfig https_config = 2

  The parameters required to stand up an https server.

• optional AdminConfig admin_config = 7

  Parameters required to stand up an admin server. Either this or "https_config", or both, have to be specified.

• optional StatsConfig stats_config = 8

  Parameters required to set up a stats collector.

• optional HealthCheckConfig health_check_config = 9

  Parameters required to stand up a http health check service. Optional.

• bool proxy_protocol = 3

  If set, expects connections to arrive through a load balance implementing the PROXY protocol. https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt

• string required_label = 4

  If set, only clients reporting this label will be allowed to connect. Meant as a sanity check that the client and server are for the same Fleetspeak installation.

• string notification_listen_address = 5

  If set, the bind address to listen on to receive notifications from other fleetspeak servers. Optional, but strongly recommended for installations involving multiple servers. e.g. ":8080", "localhost:1234".

• string notification_public_address = 6

  If set, other servers will be told to use this address in order to connect with this server's notification port. Has no effect when notification_listen_address is unset.

• bool notification_use_http_notifier = 10

  If set, a HTTP notifier implementation is used for sending notifications. Set this if running a pure admin server (without a notification listener) in a distributed setup.

• optional SpannerConfig spanner_config = 11

  Spanner Config. Optional. Either this or the MySQL data source name has to be set.

The frontend config determines how the Fleetspeak frontend communicates with clients and how it identifies them.

Used in: HttpsConfig

• oneof frontend_mode

  The mode in which the frontend should operate. Defaults to MTlsConfig. Note: Typically MTlsConfig should be used. The other options are only used in scenarios where a direct TLS connection between client and server is not possible.

  • MTlsConfig mtls_config = 7

  • HttpsHeaderConfig https_header_config = 8

  • HttpsHeaderChecksumConfig https_header_checksum_config = 9

  • CleartextHeaderConfig cleartext_header_config = 10

  • CleartextHeaderChecksumConfig cleartext_header_checksum_config = 11

  • CleartextXfccConfig cleartext_xfcc_config = 12

Used in: Config

• string listen_address = 1

  The bind address to listen on for http health check probes in the form "<host>:<port>", e.g. "localhost:8080".

Used in: Config

• string listen_address = 1

  The bind address to listen on for client connections, e.g. ":443" or "localhost:1234". Required.

• string certificates = 2

  A certificate chain which identifies the server to clients. Must lead to a certificate known to the clients. x509 format. Required, if frontend mode is not cleartext (ie neither CleartextHeaderConfig nor CleartextHeaderChecksumConfig)

• string key = 3

  The private key used to identify the server. Must match the first entry in certificates. x509 format. Required, if frontend mode is not cleartext (ie neither CleartextHeaderConfig nor CleartextHeaderChecksumConfig)

• bool disable_streaming = 4

  If set, disables long running (streaming) connections. This type of connection causes more active connections but can reduce database load and server->client communications latency.

• optional FrontendConfig frontend_config = 7

  The frontend config. Optional; If not set, Fleetspeak will default to using MTlsConfig.

In this mode Fleetspeak accepts a TLS connection from an intermediate actor which terminates the TLS protocol (typically a layer 7 load balancer). The original client passes the certificate it uses for the TLS protocol to the frontend via an HTTP header. The intermediate actor passes a SHA256 checksum of client certificate it receives from the original TLS connection to the frontend via a second HTTP header. The Fleetspeak frontend uses the certificate passed passed from the client to identify it, and uses the hash from the intermediate actor to verify that this certificate was in fact used in the original TLS connection.

Used in: FrontendConfig

• string client_certificate_header = 1

  The name of the HTTP header set by the client that contains the original client certificate. Required.

• string client_certificate_checksum_header = 2

  The name of the HTTP header set by the intermediary that contains the client certificate checksum. Required.

In this mode Fleetspeak accepts a TLS connection from an intermediate actor which terminates the TLS protocol (typically a layer 7 load balancer). The intermediate actor passes the client certificate it receives from the original TLS connection to the frontend via an HTTP header. The Fleetspeak frontend uses the certificate passed in this header to identify the client.

Used in: FrontendConfig

• string client_certificate_header = 1

  The name of the HTTP header set by the intermediary that contains the forwarded client certificate. Required.

In this mode Fleetspeak accepts a mTLS connection directly from the client. The Fleetspeak frontend uses the client certificate from the HTTPS request to identify the client. This is the default operating mode of the frontend.

Used in: FrontendConfig

(message has no fields)

Used in: Config

• string project_id = 1

  https://pkg.go.dev/cloud.google.com/go/spanner#NewClient A valid database name has the form of projects/PROJECT_ID/instances/INSTANCE_ID/databases/DATABASE_ID

• string instance_name = 2

• string database_name = 3

• string pubsub_topic = 4

• string pubsub_sub = 5

Used in: Config

• string address = 1

  The bind address to listen on for Prometheus http metric collection in the form "<host>:<port>", e.g. "localhost:2112". Optional; if no address is configured, then no stats collector will be used (i.e. noopStatsCollector).