Proto commits in linkerd/linkerd2-proxy-api

These commits are when the Protocol Buffers files have changed: (only the last 100 relevant commits are shown)

2026-06-03

feat(load-balancing): update API for 429-aware load balancing (#559) * feat(load-balancing): update API for 429-aware load balancing Signed-off-by: Alex Leong <alex@buoyant.io> * update Signed-off-by: Alex Leong <alex@buoyant.io> * move ejection config to failure accrual Signed-off-by: Alex Leong <alex@buoyant.io> --------- Signed-off-by: Alex Leong <alex@buoyant.io>

The documentation is generated from this commit.

2026-05-26

feat(outbound): add load balancing and circuit breaking proto surface (#556) * fix: set build_transport in gen.rs The tonic-prost-build configure call was missing an explicit build_transport(true). While this is the default value, being explicit keeps the builder chain consistent with build_client and build_server, and prevents surprises if the default changes. Signed-off-by: Alejandro Martinez Ruiz <amr@buoyant.io> * feat(outbound): restructure FailureAccrual for multiple accrual policies Replace the single-field oneof wrapper with direct optional fields, allowing consecutive-failure and success-rate policies to coexist. The consecutive_failures field retains field number 1, so the wire encoding is identical to the old oneof layout and existing proxies continue to work without changes. Add a SuccessRate nested message at field 2 with threshold, decay, and min_requests parameters. When absent, success-rate accrual is disabled. Signed-off-by: Alejandro Martinez Ruiz <amr@buoyant.io> * feat(outbound): add LoadBiasConfig and load_bias fields Introduce a LoadBiasConfig message for 429-aware load balancing. When set on Http1, Http2, or Grpc protocol variants, the proxy injects artificial latency penalties on rate-limited endpoints so the P2C balancer prefers healthier alternatives. Signed-off-by: Alejandro Martinez Ruiz <amr@buoyant.io> * feat(outbound): add RetryAfterConfig and retry_after fields Introduce a RetryAfterConfig message for Retry-After header handling. When set on Http1, Http2, or Grpc protocol variants, the proxy honors Retry-After headers from 429 responses and clamps durations to the configured maximum. Added as field 4 on each HTTP protocol variant. The single max_duration field caps the Retry-After value the proxy will honor, falling back to a built-in default when absent. Signed-off-by: Alejandro Martinez Ruiz <amr@buoyant.io> * feat(outbound): add EjectionConfig to BalanceP2c Add pool-level ejection protection to the P2C load balancer configuration. When set this prevents circuit breakers from ejecting all endpoints in a load-balancing pool by enforcing a minimum number of ready endpoints. Signed-off-by: Alejandro Martinez Ruiz <amr@buoyant.io> * build: regenerate Rust and Go bindings Full regeneration from updated outbound.proto after the FailureAccrual restructure, the additions of LoadBiasConfig, RetryAfterConfig and EjectionConfig messages, and load_bias, retry_after and ejection fields. Signed-off-by: Alejandro Martinez Ruiz <amr@buoyant.io> --------- Signed-off-by: Alejandro Martinez Ruiz <amr@buoyant.io>

2026-05-01

feat(outbound): add success-rate, load-bias, and retry-after config Introduce three new proto messages: * SuccessRate: tracks the observed success proportion via an EWMA decay window so that once the rate drops below threshold (and at least min_requests have been observed), the breaker trips. * LoadBiasConfig: lets the proxy inject a penalty into the P2C load metric for endpoints that return 429, 503, or other 5xx responses, steering traffic toward healthier backends. * RetryAfterConfig: caps how long the proxy waits when it receives a Retry-After header. Restructure FailureAccrual from a oneof into optional fields so that both consecutive_failures and success_rate can coexist on the same backend. Each HTTP/gRPC protocol variant gains load_bias and retry_after fields. Signed-off-by: Alejandro Martinez Ruiz <amr@buoyant.io>

2025-10-16

Update observe request

2025-10-13

Replace stream

Add traces to watch response

Add instrument service

2025-10-10

chore(deps): Update tonic to 0.14

chore(deps): Update tonic to 0.14

2024-11-21

refactor(policy)!: use filters instead of explicit errors in TCP and TLS protocols (#405) This change removes the RouteError and Invalid types from the routes and backends of TLS and TCP protocols and moves to using filters. Signed-off-by: Zahari Dichev <zaharidichev@gmail.com>

2024-11-06

feat(inbound): add HTTP local rate limiting (#388) This adds an entry for `HttpLocalRateLimit` under `ProxyProtocol.Detect`, `ProxyProtocol.Http1` and `ProxyProtocol.Http2` leaving the door open to add analogous support for protocols besides HTTP later on.

2024-11-05

feat(destination): add resource metadata to responses (#396) The destination service does no include resource coordinates, so the proxy must "guess" them by parsing hostnames, which is not particularly reliable or efficient. This change updates the destination API so that profile responses may include resource reference to (1) parent Services, (2) ServiceProfile resources and (3) backend Services. Furthermore, the WeightedAddr type is updated to include a resource reference so that Pod coordinates may be referenced. This metadata is not required to be set (for backwards compatibility).

2024-10-30

Add metadata

2024-10-29

Add support for HTTP local rate limiting v0.14.0 This adds an entry for `HttpLocalRateLimit` under `ProxyProtocol.Detect`, `ProxyProtocol.Http1` and `ProxyProtocol.Http2` leaving the door open to add analogous support for protocols besides HTTP later on.

2024-10-27

outbound: make RouteError optional (#392) #383 introduced support for route and backend level errors. This commit changes the structure of these types in order to make the route error optional (protobuf enums are non-optional values unless an experimental feature is specified). Signed-off-by: Zahari Dichev <zaharidichev@gmail.com>

2024-10-24

outbound: Add error type to TCP and TLS routes (#387) This PR adds explicit error types to TLS and TCP routes and backends. They serve two distinct purposes: - a route level error is to be used when we want to fail all traffic that goes through a particular route (i.e. blocked by default traffic) - a backend level error is to be used when we want to fail traffic for just a single backend on a route (i.e. in situations when we have more than one backends but some of them have caused `InvalidKind` reasons). This behavior is governed by the Gateway API GEP described here: https://gateway-api.sigs.k8s.io/geps/gep-1364/ Signed-off-by: Zahari Dichev <zaharidichev@gmail.com>

2024-10-15

Add TLS protocol support (#383) This change adds support for TLS in the `ProxyProtocol` enum. For the time being we can only use SNIs to do do TLS routing. Signed-off-by: Zahari Dichev <zaharidichev@gmail.com>

2024-07-24

feat(outbound)!: Add retry and timeout route policies (#357) This commit adds support for retry and timeout route policies to the outbound policy API to both HTTP and GRPC route types. This change also bumps the release version to v0.14.0 in preparation for the next release. The pre-existing requestTimeout fields are deprecated. The RouteBackend requestTimeout is no longer honored, while the route requestTimeout should correspond to the 'request' timeout policy.

2024-07-18

tls scetch Signed-off-by: Zahari Dichev <zaharidichev@gmail.com>

2024-05-02

feat(destination): Add ResourceVersions to Get resolutions

2024-04-29

feat(destination): Add http2 client params to endpoints (#331) This change updates the Destination API so that its WeightedAddr type, which represents an individual network endpoint, with HTTP/2 client parameters. This enables the control plane to alter keep-alive and flow control settings on a per-endpoint basis.

2024-01-05

destination: add `UriLikeIdentity` and server_name (#285) Changes the `TlsIdentity` type in the destination API such that: - we add an extra `UriLikeIdentity` identity type that should contain identities that are in URI format (e.g. SPIFFE) - we add a `server_name` to the `TlsIdentity` type. This allows us to differentiate between an SNI value and a TLS Id value. This is mainly needed because in certain identity systems (SPIFFE/SPIRE) the TLS SAN can be in URI form. A URI cannot be used as a SNI extension in a `ClientHello`, so an alternative SNI value needs to be provided. This brings the need to distinguish between these two concepts. For context: https://github.com/linkerd/linkerd2-proxy/pull/2506 Signed-off-by: Zahari Dichev <zaharidichev@gmail.com> Co-authored-by: Oliver Gould <ver@buoyant.io>

2023-12-07

add autoregistration api skeleton Signed-off-by: Zahari Dichev <zaharidichev@gmail.com>

2023-12-04

rust: Update to tonic v0.10 and prost v0.12 (#269)

2023-11-22

add uri like identity Signed-off-by: Zahari Dichev <zaharidichev@gmail.com>

2023-08-14

rm bonus slash from doc comment

2023-08-09

remove `RetryBudget` from `GrpcRoute`

2023-08-08

un-camelCase `request_timeout` fields When the `request_timeout` fields were added to the outbound API, they were accidentally added with camelCase names rather than snake_case. This is inconsistent with the rest of the protobuf, so this PR fixes that.

2023-08-01

remove bonus newline

2023-07-11

move `RetryPolicy` to `HTTPRoute.rule` After thinking a bit about the previous approach, it occurred to me that it didn't make a whole lot of sense to have the per-request retry limit be on the `RouteBackend`. We may (and generally, we *should*) retry a failed request by sending it to a different backend than the one that failed the request, so the per-request retry limit must be determined when a rule is matched to the request, not when a backend is selected for an individual "try". This has the implication that the controller should probably not allow the `RetryFilter` CRD to be placed on a backend; it may only be placed on a route rule.

2023-07-10

un-remove ws

outbound: add HTTP retry policy configuration This branch adds fields for configuring HTTP retries to the `OutboundPolicies` API. In particular, it adds `RetryBudget` messages to the `ProxyProtocol.Http1`, `ProxyProtocol.Http2`, and `ProxyProtocol.Grpc` messages, and it adds a new `RetryPolicy` message to the `HttpRoute.RouteBackend` message. The same `RetryBudget` message use by ServiceProfiles is reused here, while the `RetryPolicy` message is added specifically for the `OutboundPolicies` proto, and consists of a list of retryable status ranges, and a maximum number of retries allowed. The `RetryPolicy` field is placed only on `RouteBackend`, although it will be configured by the `HTTPRetryFilter` CRD which can be attached at the level of a HTTPRoute `rule` or a `backend` within a `rule`. If the `HTTPRetryFilter` is configured at the route-rule level, the controller will apply that configuration to each backend. This makes the representation in the proxy API simpler than if the field could be placed on both the `HttpRoute.Rule` and `HttpRoute.RouteBackend` messages in the proto, and means that the proxy is not responsible for resolving conflicts when both a route-rule and a specific backend within that rule have `HTTPRetryFilter` CRDs attached.

2023-07-05

Add response_header_modifier outbound http filter (#251) The `responseHeaderModifier` filter is an Extended level feature: https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io%2fv1beta1.HTTPRouteFilter We add this filter to the outbound proxy-api. Signed-off-by: Alex Leong <alex@buoyant.io>

2023-06-01

outbound: add request timeout fields (#243) This branch adds fields to the `OutboundPolicies` API messages for configuring request timeouts. The `HttpRoute.Rule` and `GrpcRoute.Rule` messages now contain a `requestTimeout` field, which contains a `Duration` for a request timeout for that rule. In addition, the `RouteBackend` messages also contain a `requestTimeout` field, which configures a duration for requests dispatched to that specific backend. All new fields have comments describing their intended semantics. These fields are primarily intended to support the new timeout fields added to the HTTPRoute CRD in GEP-1742 (see linkerd/linkerd2#10969). The HTTPRoute timeout configuration are an additional field on the `rule` fields in a route that contains optional `request` and `backendRequest` timeouts. This means that a single request timeout and backend request timeout is set for all backends on an individual route rule. The proxy API additions in this PR are somewhat more flexible than the current HTTPRoute CRD, as each `RouteBackend` has its *own* field for the `backendRequest` timeout. This means that in theory, independent `backendRequest` timeout values could be configured for each individual backend. HTTPRoute doesn't currently support this, but it felt like a good idea to add this flexibility in the proxy API regardless, to support future use cases.

2023-05-30

Add timeouts to outbound proto Signed-off-by: Alex Leong <alex@buoyant.io>

2023-04-04

outbound: Add 'port' to resource metadata (#227) The gateway API supports port references, especially when referencing a Service. This metadata should be included with the rest of these resource references.

2023-04-01

outbound: Add Metadata to OutboundPolicy responses. (#226) The metadata field refers to the resource for which discovery was performed, typically a Kubernetes Service.

outbound: Add Metadata to OutboundPolicy responses. The metadata field refers to the resource for which discovery was performed, typically a Kubernetes Service.

2023-03-30

Add circuit breaker proto to outbound (#223) Add support for consecutive failure based failure accrual to the outbound policy API. Signed-off-by: Alex Leong <alex@buoyant.io>

2023-03-07

outbound: Include failure statuses for routes To support circuit breaking (and, later, retries), this change introduces `failure_statuses` fields into both the HttpRoute and GrpcRoute response types. HTTP statuses are represented as ranges so it's convenient to express 5XX. gRPC status codes aren't partitioned into logical ranges like HTTP status codes are.

Introduce the OutboundPolicies API (#165) To support Gateway API-style HTTP routing in the outbound proxy, this change introduces a new `OutboundPolicies` API so that proxies may discover outbound configurations. This API is intended to, eventually, replace the `GetProfile` endpoint on the `Destination` API. Further enhancements to this API will be necessary to replace all of the functionality currently provided by the ServiceProfile API.

2023-02-07

dst: add `Opaque` hint to `destination.ProtocolHint ` (#197) This indicates that the destination will handle the connection as an opaque TCP byte stream, and that HTTP/2 upgrades should not be performed. If the `opaque_transport` flag is also set for this destination, then the proxy should not send a session protocol in its transport header. See linkerd/linkerd2#9888 for details.

2022-10-13

WIP Signed-off-by: Alex Leong <alex@buoyant.io>

2022-09-13

add client policy api Signed-off-by: Alex Leong <alex@buoyant.io>

2022-09-11

Add initial ClientPolicy protobuf definitions Signed-off-by: Kevin Leimkuhler <kleimkuhler@icloud.com>

2022-07-13

Add HTTP route types (#118) In order to use a Gateway-style API to power inbound policy to support per-route authorization policies, we want to add route information to inbound policy responses. Signed-off-by: Oliver Gould <ver@buoyant.io>

2022-07-06

Add a `Metadata` protobuf module (#123) As we introduce HTTP routes (for inbound policy), we need the control plane to describe resources references for metrics, and other diagonstics in the proxy. Currently, the control plane uses a free-form map of strings, but the proxy only references a specific set of keys, which is not clearly documented via the gRPC API. This change replaces the `Authz` type's `labels` map with a `Metadata` type. Controllers should set both fields for at least one stable version. Signed-off-by: Oliver Gould <ver@buoyant.io>

2021-07-16

Add the `io.linkerd.proxy.inbound` API (#58) The `io.linkerd.proxy.inbound` package provides the `InboundServerPolicies` service to support discovering inbound proxy configurations to support access policies.

2021-06-03

Add an IPNetwork type (#57) The `io.linkerd.proxy.net` package provides numeric IP address types for use in proxy API communication. This change extends this module to support IP network types as well (i.e. IP address and a prefix length). In Rust, we provide convenience translations to the `ipnet::IpNet` type.

2020-12-22

dst: Indicate endpoint support for opaque transport (#53) The proxy supports reading a connection header for opaque traffic. The inbound proxy reads this header from connections that target the proxy's inbound port; but outbound proxies have no means to know whether a given traffic target supports this header and on what port it expects the connection header. (While it's almost always 4143, it's theoretically configurable.) This change adds an optional field to an endpoint's `ProtocolHint` that should be set when the target endpoint supports transporting opaque traffic via the connection header.

2020-11-14

v0.1.15: Add an `endpoint` field to profile responses (#51) This release adds an `endpoint` field to `DestinationProfile` responses, which the controller may set to indicate that the target is known to be an individual endpoint and not a service address.

2020-09-29

destination: Add opaque_protocol and fully_qualified_name to profile response (#44) The profile API can be used to bootstrap dynamic protocol detection. This change adds an `opaque_protocol` flag to the `DestinationProfile`, which indicates that the proxy should skip protocol detection. HTTP routes will not be used, but `dst_overrides` will. `fully_qualified_name` provides returns the name of the resolved service. This is useful when resolutions are performed on IP addresses.

2020-09-01

Apply clang-format to protobuf (#49) This change applies clang-format to the protobuf files (as used by the vscode-proto3 extension). We should follow this up with a CI check that enforces formatting, but this change is a starting point so that future changes won't have arbitrary formatting changes.

2020-08-05

touchup

2020-08-04

api bump

Mark some deprecations; extend configuration surface

touchups

fmt

2020-07-09

Uncomment target

Add a Strategy API endpoint

DetectFromClient => Client

destination: Add detection & proxy strategies When a proxy requests a service profile--especially by IP address--the profile can preempt the proxy's protocol detection and endpoint resolution.

2020-03-25

Auth override (#38) Add auth override Signed-off-by: Zahari Dichev <zaharidichev@gmail.com>

2020-03-09

Wrap in an object Signed-off-by: Zahari Dichev <zaharidichev@gmail.com>

Add auth override Signed-off-by: Zahari Dichev <zaharidichev@gmail.com>

Add authority override Signed-off-by: Zahari Dichev <zaharidichev@gmail.com>

2019-09-27

Add headers and trailers to TapEvents (#33) ### Motivation In order to include headers and trailers in `TapEvent`s, the API must be updated to allow a new field to be set in the proxy. This field should be set by the proxies and read by the control plane. ### Solution A new message `http_types.Headers` has been added to `http_types.proto`. This message allows repeated fields of `name` and `value` pairs where `name` can non-unique. Because header values can be encoded in various ways, `value` is `bytes` while `name` is `string` Signed-off-by: Kevin Leimkuhler <kleimkuhler@icloud.com>

2019-08-15

Add header support Signed-off-by: Alex Leong <alex@buoyant.io>

2019-05-29

Add per-route traffic split to API (#31) * Add traffic split to profiles API Signed-off-by: Alex Leong <alex@buoyant.io>

2019-05-15

Introduce route delegates

2019-03-15

Introduce the Identity service (#25) In order to support provisioning of short-lived identity certificates at runtime, the `io.linkerd.proxy.identity.Identity` gRPC service provides an API that proxies may use to submit Certificate Signing Requests to a new linkerd-identity controller. Furthermore, this renames the Destination service's `proxy_id` field to the more ambiguous `context_token` (because we no longer intend to encode the proxy ID here); and this change removes the `K8sPodIdentity` strategy in favor of a new, simpler `DnsLikeIdenitity` type. Note that this branch may fail to build when running against newer prost/tower-grpc versions (that use prost 0.5+).

2019-03-14

Tap body prototype Signed-off-by: Alex Leong <alex@buoyant.io>

2019-01-31

Add client_id to GetProfile method (#22) Related to https://github.com/linkerd/linkerd2/issues/2077 Add a proxy_id parameter to the Get and GetProfile methods. This identifies the proxy which is making the request. The server may use this as context. Signed-off-by: Alex Leong <alex@buoyant.io>

2019-01-25

Add header match conditions Signed-off-by: Alex Leong <alex@buoyant.io>

2019-01-23

Add timeouts to service profiles (#19) Signed-off-by: Alex Leong <alex@buoyant.io>

2018-12-21

Add timeouts to service profiles Signed-off-by: Alex Leong <alex@buoyant.io>

Remove default timeout Signed-off-by: Alex Leong <alex@buoyant.io>

2018-12-18

Add retryability to destination profiles (#16) Add retryability to destination profiles. Signed-off-by: Alex Leong <alex@buoyant.io>

2018-12-03

RFC: Add retryability to destination profiles Signed-off-by: Alex Leong <alex@buoyant.io>

Add route labels to tap (#17) With this change, Tap queries can now include route label selectors; and Tap events may include route labels.

2018-10-23

Add metrics labels to routes (#13) Add a map of labels/values to the route object in the destination profile API. The proxy should attach these labels to requests and responses which match the route. This can be used to have the proxy expose per-route metrics data. Signed-off-by: Alex Leong <alex@buoyant.io>

2018-10-05

Add metrics labels to routes Signed-off-by: Alex Leong <alex@buoyant.io>

2018-09-06

Don't use a oneof for range struct (#12) Using a oneof in the range struct makes it impossible to set both a maximum and a minimum. Remove the oneof to allow both fields to be set. Signed-off-by: Alex Leong <alex@buoyant.io>

2018-08-30

Add service profile API (#9) Add destination profile API to destination service. Signed-off-by: Alex Leong <alex@buoyant.io>

2018-08-29

Update protobuf to v1.1.0 Signed-off-by: Alex Leong <alex@buoyant.io>

2018-08-23

Remove description field Signed-off-by: Alex Leong <alex@buoyant.io>

Rename RequestPolicy and ResponsePolicy to RequestClass and ResponseClass Signed-off-by: Alex Leong <alex@buoyant.io>

Update API to use response policies that include descriptions Signed-off-by: Alex Leong <alex@buoyant.io>

2018-08-21

Factor profile into its own service Signed-off-by: Alex Leong <alex@buoyant.io>

2018-08-17

Fix errors Signed-off-by: Alex Leong <alex@buoyant.io>

2018-08-16

Add service profile to destination API Signed-off-by: Alex Leong <alex@buoyant.io>

2018-07-26

add ProtocolHint in Destination updates (#6) This hint will be enable the proxy to try to coerce HTTP/1 messages over a single HTTP2 connection, since it is known the other side is also a linkerd proxy. Ref https://github.com/linkerd/linkerd2/issues/1360 Signed-off-by: Sean McArthur <sean@seanmonstar.com>

2018-07-14

Replace references to conduit (#5) Signed-off-by: Kevin Lingerfelt <kl@buoyant.io>

2018-07-07

Migrate conduit-proxy-controller-grpc to linkerd2-proxy-api Reorganizes the proxy's gRPC interfaces under the `io.linkerd.proxy` package namespace. The `linkerd2-proxy-api` crate (in the rs/ directory) provides bindings for Rust. Generated Go bindings are stored in the go directory so that clients may simply depend on this repo. A `Makefile` is provided to automate builds.

2018-07-03

tap: Support `tls` labeling (#1244) The proxy's metrics are instrumented with a `tls` label that describes the state of TLS for each connection and associated messges. This same level of detail is useful to get in `tap` output as well. This change updates Tap in the following ways: * `TapEvent` protobuf updated: * Added `source_meta` field including source labels * `proxy_direction` enum indicates which proxy server was used. * The proxy adds a `tls` label to both source and destination meta indicating the state of each peer's connection * The CLI uses the `proxy_direction` field to determine which `tls` label should be rendered.

2018-06-29

Use parent name instead of pod name in identity string (#1236) * Use parent name instead of pod name in identity string * Update protobuf comment Signed-off-by: Kevin Lingerfelt <kl@buoyant.io>

2018-06-28

Proxy: Use new destination service TLS identity scheme. (#1222) Signed-off-by: Brian Smith <brian@briansmith.org>

2018-06-27

Update dest service with a different tls identity strategy (#1215) * Update dest service with a different tls identity strategy * Send controller namespace as separate field Signed-off-by: Kevin Lingerfelt <kl@buoyant.io>

2018-06-14

proto: Use explicit `go_package` option (#1120) protobuf has a `go_package` option that can be used to explicitly name Go packages such that they can be imported without additional rewrites. This allows us to store proto files without additional, redundant directories (which were used for packaging hints, previously). This change adds an explicit `go_package` to all .proto files and updates `bin/protoc-go.sh` to ensure these packages are output into $GOPATH (so that the go_package can be absolute). This removes the need to manually rewrite imports in bin/protoc-go.sh.

2018-05-31

proto: Add TLS identity to WeightedAddr message (#1041) Required for #1008. This PR adds the `TlsIdentity` message to the Destination service proto, to describe what strategy the proxy should use for verifying an endpoint's TLS certificates. It also adds a `TlsIdentity` field to the `WeightedAddr` message. Currently, there is one possible variant for `TlsIdentity`, `KubernetesPodName`, which consists of the Kubernetes pod name of the endpoint, the namespace of the endpoint, and the namespace of that pod's Conduit control plane. The proxy should attempt to connect over TLS if the control plane namespace matches its own control plane namespace. The pod name and namespace are used to verify the endpoint's TLS certificate. See https://github.com/runconduit/conduit/issues/386#issuecomment-392948046. This change was initially part of #1008, but I factored it out to make the diff smaller. Signed-off-by: Eliza Weisman <eliza@buoyant.io>