grpc1.45.2/third_party/envoy-api/envoy/config/bootstrap/v3/bootstrap.proto

syntax = "proto3";

package envoy.config.bootstrap.v3;

import "envoy/config/accesslog/v3/accesslog.proto";
import "envoy/config/cluster/v3/cluster.proto";
import "envoy/config/core/v3/address.proto";
import "envoy/config/core/v3/base.proto";
import "envoy/config/core/v3/config_source.proto";
import "envoy/config/core/v3/event_service_config.proto";
import "envoy/config/core/v3/extension.proto";
import "envoy/config/core/v3/resolver.proto";
import "envoy/config/core/v3/socket_option.proto";
import "envoy/config/listener/v3/listener.proto";
import "envoy/config/metrics/v3/stats.proto";
import "envoy/config/overload/v3/overload.proto";
import "envoy/config/trace/v3/http_tracer.proto";
import "envoy/extensions/transport_sockets/tls/v3/secret.proto";
import "envoy/type/v3/percent.proto";

import "google/protobuf/duration.proto";
import "google/protobuf/struct.proto";
import "google/protobuf/wrappers.proto";

import "envoy/annotations/deprecation.proto";
import "udpa/annotations/migrate.proto";
import "udpa/annotations/security.proto";
import "udpa/annotations/status.proto";
import "udpa/annotations/versioning.proto";
import "validate/validate.proto";

option java_package = "io.envoyproxy.envoy.config.bootstrap.v3";
option java_outer_classname = "BootstrapProto";
option java_multiple_files = true;
option go_package = "github.com/envoyproxy/go-control-plane/envoy/config/bootstrap/v3;bootstrapv3";
option (udpa.annotations.file_status).package_version_status = ACTIVE;

// [#protodoc-title: Bootstrap]
// This proto is supplied via the :option:`-c` CLI flag and acts as the root
// of the Envoy v3 configuration. See the :ref:`v3 configuration overview
// <config_overview_bootstrap>` for more detail.

// Bootstrap :ref:`configuration overview <config_overview_bootstrap>`.
// [#next-free-field: 34]
message Bootstrap {
  option (udpa.annotations.versioning).previous_message_type =
      "envoy.config.bootstrap.v2.Bootstrap";

  message StaticResources {
    option (udpa.annotations.versioning).previous_message_type =
        "envoy.config.bootstrap.v2.Bootstrap.StaticResources";

    // Static :ref:`Listeners <envoy_v3_api_msg_config.listener.v3.Listener>`. These listeners are
    // available regardless of LDS configuration.
    repeated listener.v3.Listener listeners = 1;

    // If a network based configuration source is specified for :ref:`cds_config
    // <envoy_v3_api_field_config.bootstrap.v3.Bootstrap.DynamicResources.cds_config>`, it's necessary
    // to have some initial cluster definitions available to allow Envoy to know
    // how to speak to the management server. These cluster definitions may not
    // use :ref:`EDS <arch_overview_dynamic_config_eds>` (i.e. they should be static
    // IP or DNS-based).
    repeated cluster.v3.Cluster clusters = 2;

    // These static secrets can be used by :ref:`SdsSecretConfig
    // <envoy_v3_api_msg_extensions.transport_sockets.tls.v3.SdsSecretConfig>`
    repeated envoy.extensions.transport_sockets.tls.v3.Secret secrets = 3;
  }

  // [#next-free-field: 7]
  message DynamicResources {
    option (udpa.annotations.versioning).previous_message_type =
        "envoy.config.bootstrap.v2.Bootstrap.DynamicResources";

    reserved 4;

    // All :ref:`Listeners <envoy_v3_api_msg_config.listener.v3.Listener>` are provided by a single
    // :ref:`LDS <arch_overview_dynamic_config_lds>` configuration source.
    core.v3.ConfigSource lds_config = 1;

    // xdstp:// resource locator for listener collection.
    // [#not-implemented-hide:]
    string lds_resources_locator = 5;

    // All post-bootstrap :ref:`Cluster <envoy_v3_api_msg_config.cluster.v3.Cluster>` definitions are
    // provided by a single :ref:`CDS <arch_overview_dynamic_config_cds>`
    // configuration source.
    core.v3.ConfigSource cds_config = 2;

    // xdstp:// resource locator for cluster collection.
    // [#not-implemented-hide:]
    string cds_resources_locator = 6;

    // A single :ref:`ADS <config_overview_ads>` source may be optionally
    // specified. This must have :ref:`api_type
    // <envoy_v3_api_field_config.core.v3.ApiConfigSource.api_type>` :ref:`GRPC
    // <envoy_v3_api_enum_value_config.core.v3.ApiConfigSource.ApiType.GRPC>`. Only
    // :ref:`ConfigSources <envoy_v3_api_msg_config.core.v3.ConfigSource>` that have
    // the :ref:`ads <envoy_v3_api_field_config.core.v3.ConfigSource.ads>` field set will be
    // streamed on the ADS channel.
    core.v3.ApiConfigSource ads_config = 3;
  }

  reserved 10, 11;

  reserved "runtime";

  // Node identity to present to the management server and for instance
  // identification purposes (e.g. in generated headers).
  core.v3.Node node = 1;

  // A list of :ref:`Node <envoy_v3_api_msg_config.core.v3.Node>` field names
  // that will be included in the context parameters of the effective
  // xdstp:// URL that is sent in a discovery request when resource
  // locators are used for LDS/CDS. Any non-string field will have its JSON
  // encoding set as the context parameter value, with the exception of
  // metadata, which will be flattened (see example below). The supported field
  // names are:
  // - "cluster"
  // - "id"
  // - "locality.region"
  // - "locality.sub_zone"
  // - "locality.zone"
  // - "metadata"
  // - "user_agent_build_version.metadata"
  // - "user_agent_build_version.version"
  // - "user_agent_name"
  // - "user_agent_version"
  //
  // The node context parameters act as a base layer dictionary for the context
  // parameters (i.e. more specific resource specific context parameters will
  // override). Field names will be prefixed with “udpa.node.” when included in
  // context parameters.
  //
  // For example, if node_context_params is ``["user_agent_name", "metadata"]``,
  // the implied context parameters might be::
  //
  //   node.user_agent_name: "envoy"
  //   node.metadata.foo: "{\"bar\": \"baz\"}"
  //   node.metadata.some: "42"
  //   node.metadata.thing: "\"thing\""
  //
  // [#not-implemented-hide:]
  repeated string node_context_params = 26;

  // Statically specified resources.
  StaticResources static_resources = 2;

  // xDS configuration sources.
  DynamicResources dynamic_resources = 3;

  // Configuration for the cluster manager which owns all upstream clusters
  // within the server.
  ClusterManager cluster_manager = 4;

  // Health discovery service config option.
  // (:ref:`core.ApiConfigSource <envoy_v3_api_msg_config.core.v3.ApiConfigSource>`)
  core.v3.ApiConfigSource hds_config = 14;

  // Optional file system path to search for startup flag files.
  string flags_path = 5;

  // Optional set of stats sinks.
  repeated metrics.v3.StatsSink stats_sinks = 6;

  // Configuration for internal processing of stats.
  metrics.v3.StatsConfig stats_config = 13;

  // Optional duration between flushes to configured stats sinks. For
  // performance reasons Envoy latches counters and only flushes counters and
  // gauges at a periodic interval. If not specified the default is 5000ms (5
  // seconds). Only one of `stats_flush_interval` or `stats_flush_on_admin`
  // can be set.
  // Duration must be at least 1ms and at most 5 min.
  google.protobuf.Duration stats_flush_interval = 7 [
    (validate.rules).duration = {
      lt {seconds: 300}
      gte {nanos: 1000000}
    },
    (udpa.annotations.field_migrate).oneof_promotion = "stats_flush"
  ];

  oneof stats_flush {
    // Flush stats to sinks only when queried for on the admin interface. If set,
    // a flush timer is not created. Only one of `stats_flush_on_admin` or
    // `stats_flush_interval` can be set.
    bool stats_flush_on_admin = 29 [(validate.rules).bool = {const: true}];
  }

  // Optional watchdog configuration.
  // This is for a single watchdog configuration for the entire system.
  // Deprecated in favor of *watchdogs* which has finer granularity.
  Watchdog watchdog = 8
      [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];

  // Optional watchdogs configuration.
  // This is used for specifying different watchdogs for the different subsystems.
  // [#extension-category: envoy.guarddog_actions]
  Watchdogs watchdogs = 27;

  // Configuration for an external tracing provider.
  //
  // .. attention::
  //  This field has been deprecated in favor of :ref:`HttpConnectionManager.Tracing.provider
  //  <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.Tracing.provider>`.
  trace.v3.Tracing tracing = 9
      [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];

  // Configuration for the runtime configuration provider. If not
  // specified, a “null” provider will be used which will result in all defaults
  // being used.
  LayeredRuntime layered_runtime = 17;

  // Configuration for the local administration HTTP server.
  Admin admin = 12;

  // Optional overload manager configuration.
  overload.v3.OverloadManager overload_manager = 15 [
    (udpa.annotations.security).configure_for_untrusted_downstream = true,
    (udpa.annotations.security).configure_for_untrusted_upstream = true
  ];

  // Enable :ref:`stats for event dispatcher <operations_performance>`, defaults to false.
  // Note that this records a value for each iteration of the event loop on every thread. This
  // should normally be minimal overhead, but when using
  // :ref:`statsd <envoy_v3_api_msg_config.metrics.v3.StatsdSink>`, it will send each observed value
  // over the wire individually because the statsd protocol doesn't have any way to represent a
  // histogram summary. Be aware that this can be a very large volume of data.
  bool enable_dispatcher_stats = 16;

  // Optional string which will be used in lieu of x-envoy in prefixing headers.
  //
  // For example, if this string is present and set to X-Foo, then x-envoy-retry-on will be
  // transformed into x-foo-retry-on etc.
  //
  // Note this applies to the headers Envoy will generate, the headers Envoy will sanitize, and the
  // headers Envoy will trust for core code and core extensions only. Be VERY careful making
  // changes to this string, especially in multi-layer Envoy deployments or deployments using
  // extensions which are not upstream.
  string header_prefix = 18;

  // Optional proxy version which will be used to set the value of :ref:`server.version statistic
  // <server_statistics>` if specified. Envoy will not process this value, it will be sent as is to
  // :ref:`stats sinks <envoy_v3_api_msg_config.metrics.v3.StatsSink>`.
  google.protobuf.UInt64Value stats_server_version_override = 19;

  // Always use TCP queries instead of UDP queries for DNS lookups.
  // This may be overridden on a per-cluster basis in cds_config,
  // when :ref:`dns_resolvers <envoy_v3_api_field_config.cluster.v3.Cluster.dns_resolvers>` and
  // :ref:`use_tcp_for_dns_lookups <envoy_v3_api_field_config.cluster.v3.Cluster.use_tcp_for_dns_lookups>` are
  // specified.
  // This field is deprecated in favor of *dns_resolution_config*
  // which aggregates all of the DNS resolver configuration in a single message.
  bool use_tcp_for_dns_lookups = 20
      [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];

  // DNS resolution configuration which includes the underlying dns resolver addresses and options.
  // This may be overridden on a per-cluster basis in cds_config, when
  // :ref:`dns_resolution_config <envoy_v3_api_field_config.cluster.v3.Cluster.dns_resolution_config>`
  // is specified.
  // This field is deprecated in favor of
  // :ref:`typed_dns_resolver_config <envoy_v3_api_field_config.bootstrap.v3.Bootstrap.typed_dns_resolver_config>`.
  core.v3.DnsResolutionConfig dns_resolution_config = 30
      [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];

  // DNS resolver type configuration extension. This extension can be used to configure c-ares, apple,
  // or any other DNS resolver types and the related parameters.
  // For example, an object of
  // :ref:`CaresDnsResolverConfig <envoy_v3_api_msg_extensions.network.dns_resolver.cares.v3.CaresDnsResolverConfig>`
  // can be packed into this *typed_dns_resolver_config*. This configuration replaces the
  // :ref:`dns_resolution_config <envoy_v3_api_field_config.bootstrap.v3.Bootstrap.dns_resolution_config>`
  // configuration.
  // During the transition period when both *dns_resolution_config* and *typed_dns_resolver_config* exists,
  // when *typed_dns_resolver_config* is in place, Envoy will use it and ignore *dns_resolution_config*.
  // When *typed_dns_resolver_config* is missing, the default behavior is in place.
  // [#extension-category: envoy.network.dns_resolver]
  core.v3.TypedExtensionConfig typed_dns_resolver_config = 31;

  // Specifies optional bootstrap extensions to be instantiated at startup time.
  // Each item contains extension specific configuration.
  // [#extension-category: envoy.bootstrap]
  repeated core.v3.TypedExtensionConfig bootstrap_extensions = 21;

  // Specifies optional extensions instantiated at startup time and
  // invoked during crash time on the request that caused the crash.
  repeated FatalAction fatal_actions = 28;

  // Configuration sources that will participate in
  // xdstp:// URL authority resolution. The algorithm is as
  // follows:
  // 1. The authority field is taken from the xdstp:// URL, call
  //    this *resource_authority*.
  // 2. *resource_authority* is compared against the authorities in any peer
  //    *ConfigSource*. The peer *ConfigSource* is the configuration source
  //    message which would have been used unconditionally for resolution
  //    with opaque resource names. If there is a match with an authority, the
  //    peer *ConfigSource* message is used.
  // 3. *resource_authority* is compared sequentially with the authorities in
  //    each configuration source in *config_sources*. The first *ConfigSource*
  //    to match wins.
  // 4. As a fallback, if no configuration source matches, then
  //    *default_config_source* is used.
  // 5. If *default_config_source* is not specified, resolution fails.
  // [#not-implemented-hide:]
  repeated core.v3.ConfigSource config_sources = 22;

  // Default configuration source for xdstp:// URLs if all
  // other resolution fails.
  // [#not-implemented-hide:]
  core.v3.ConfigSource default_config_source = 23;

  // Optional overriding of default socket interface. The value must be the name of one of the
  // socket interface factories initialized through a bootstrap extension
  string default_socket_interface = 24;

  // Global map of CertificateProvider instances. These instances are referred to by name in the
  // :ref:`CommonTlsContext.CertificateProviderInstance.instance_name
  // <envoy_v3_api_field_extensions.transport_sockets.tls.v3.CommonTlsContext.CertificateProviderInstance.instance_name>`
  // field.
  // [#not-implemented-hide:]
  map<string, core.v3.TypedExtensionConfig> certificate_provider_instances = 25;

  // Specifies a set of headers that need to be registered as inline header. This configuration
  // allows users to customize the inline headers on-demand at Envoy startup without modifying
  // Envoy's source code.
  //
  // Note that the 'set-cookie' header cannot be registered as inline header.
  repeated CustomInlineHeader inline_headers = 32;

  // Optional path to a file with performance tracing data created by "Perfetto" SDK in binary
  // ProtoBuf format. The default value is "envoy.pftrace".
  string perf_tracing_file_path = 33;
}

// Administration interface :ref:`operations documentation
// <operations_admin_interface>`.
// [#next-free-field: 7]
message Admin {
  option (udpa.annotations.versioning).previous_message_type = "envoy.config.bootstrap.v2.Admin";

  // Configuration for :ref:`access logs <arch_overview_access_logs>`
  // emitted by the administration server.
  repeated accesslog.v3.AccessLog access_log = 5;

  // The path to write the access log for the administration server. If no
  // access log is desired specify ‘/dev/null’. This is only required if
  // :ref:`address <envoy_v3_api_field_config.bootstrap.v3.Admin.address>` is set.
  // Deprecated in favor of *access_log* which offers more options.
  string access_log_path = 1
      [deprecated = true, (envoy.annotations.deprecated_at_minor_version) = "3.0"];

  // The cpu profiler output path for the administration server. If no profile
  // path is specified, the default is ‘/var/log/envoy/envoy.prof’.
  string profile_path = 2;

  // The TCP address that the administration server will listen on.
  // If not specified, Envoy will not start an administration server.
  core.v3.Address address = 3;

  // Additional socket options that may not be present in Envoy source code or
  // precompiled binaries.
  repeated core.v3.SocketOption socket_options = 4;

  // Indicates whether :ref:`global_downstream_max_connections <config_overload_manager_limiting_connections>`
  // should apply to the admin interface or not.
  bool ignore_global_conn_limit = 6;
}

// Cluster manager :ref:`architecture overview <arch_overview_cluster_manager>`.
message ClusterManager {
  option (udpa.annotations.versioning).previous_message_type =
      "envoy.config.bootstrap.v2.ClusterManager";

  message OutlierDetection {
    option (udpa.annotations.versioning).previous_message_type =
        "envoy.config.bootstrap.v2.ClusterManager.OutlierDetection";

    // Specifies the path to the outlier event log.
    string event_log_path = 1;

    // [#not-implemented-hide:]
    // The gRPC service for the outlier detection event service.
    // If empty, outlier detection events won't be sent to a remote endpoint.
    core.v3.EventServiceConfig event_service = 2;
  }

  // Name of the local cluster (i.e., the cluster that owns the Envoy running
  // this configuration). In order to enable :ref:`zone aware routing
  // <arch_overview_load_balancing_zone_aware_routing>` this option must be set.
  // If *local_cluster_name* is defined then :ref:`clusters
  // <envoy_v3_api_msg_config.cluster.v3.Cluster>` must be defined in the :ref:`Bootstrap
  // static cluster resources
  // <envoy_v3_api_field_config.bootstrap.v3.Bootstrap.StaticResources.clusters>`. This is unrelated to
  // the :option:`--service-cluster` option which does not `affect zone aware
  // routing <https://github.com/envoyproxy/envoy/issues/774>`_.
  string local_cluster_name = 1;

  // Optional global configuration for outlier detection.
  OutlierDetection outlier_detection = 2;

  // Optional configuration used to bind newly established upstream connections.
  // This may be overridden on a per-cluster basis by upstream_bind_config in the cds_config.
  core.v3.BindConfig upstream_bind_config = 3;

  // A management server endpoint to stream load stats to via
  // *StreamLoadStats*. This must have :ref:`api_type
  // <envoy_v3_api_field_config.core.v3.ApiConfigSource.api_type>` :ref:`GRPC
  // <envoy_v3_api_enum_value_config.core.v3.ApiConfigSource.ApiType.GRPC>`.
  core.v3.ApiConfigSource load_stats_config = 4;
}

// Allows you to specify different watchdog configs for different subsystems.
// This allows finer tuned policies for the watchdog. If a subsystem is omitted
// the default values for that system will be used.
message Watchdogs {
  // Watchdog for the main thread.
  Watchdog main_thread_watchdog = 1;

  // Watchdog for the worker threads.
  Watchdog worker_watchdog = 2;
}

// Envoy process watchdog configuration. When configured, this monitors for
// nonresponsive threads and kills the process after the configured thresholds.
// See the :ref:`watchdog documentation <operations_performance_watchdog>` for more information.
// [#next-free-field: 8]
message Watchdog {
  option (udpa.annotations.versioning).previous_message_type = "envoy.config.bootstrap.v2.Watchdog";

  message WatchdogAction {
    // The events are fired in this order: KILL, MULTIKILL, MEGAMISS, MISS.
    // Within an event type, actions execute in the order they are configured.
    // For KILL/MULTIKILL there is a default PANIC that will run after the
    // registered actions and kills the process if it wasn't already killed.
    // It might be useful to specify several debug actions, and possibly an
    // alternate FATAL action.
    enum WatchdogEvent {
      UNKNOWN = 0;
      KILL = 1;
      MULTIKILL = 2;
      MEGAMISS = 3;
      MISS = 4;
    }

    // Extension specific configuration for the action.
    core.v3.TypedExtensionConfig config = 1;

    WatchdogEvent event = 2 [(validate.rules).enum = {defined_only: true}];
  }

  // Register actions that will fire on given WatchDog events.
  // See *WatchDogAction* for priority of events.
  repeated WatchdogAction actions = 7;

  // The duration after which Envoy counts a nonresponsive thread in the
  // *watchdog_miss* statistic. If not specified the default is 200ms.
  google.protobuf.Duration miss_timeout = 1;

  // The duration after which Envoy counts a nonresponsive thread in the
  // *watchdog_mega_miss* statistic. If not specified the default is
  // 1000ms.
  google.protobuf.Duration megamiss_timeout = 2;

  // If a watched thread has been nonresponsive for this duration, assume a
  // programming error and kill the entire Envoy process. Set to 0 to disable
  // kill behavior. If not specified the default is 0 (disabled).
  google.protobuf.Duration kill_timeout = 3;

  // Defines the maximum jitter used to adjust the *kill_timeout* if *kill_timeout* is
  // enabled. Enabling this feature would help to reduce risk of synchronized
  // watchdog kill events across proxies due to external triggers. Set to 0 to
  // disable. If not specified the default is 0 (disabled).
  google.protobuf.Duration max_kill_timeout_jitter = 6 [(validate.rules).duration = {gte {}}];

  // If max(2, ceil(registered_threads * Fraction(*multikill_threshold*)))
  // threads have been nonresponsive for at least this duration kill the entire
  // Envoy process. Set to 0 to disable this behavior. If not specified the
  // default is 0 (disabled).
  google.protobuf.Duration multikill_timeout = 4;

  // Sets the threshold for *multikill_timeout* in terms of the percentage of
  // nonresponsive threads required for the *multikill_timeout*.
  // If not specified the default is 0.
  type.v3.Percent multikill_threshold = 5;
}

// Fatal actions to run while crashing. Actions can be safe (meaning they are
// async-signal safe) or unsafe. We run all safe actions before we run unsafe actions.
// If using an unsafe action that could get stuck or deadlock, it important to
// have an out of band system to terminate the process.
//
// The interface for the extension is ``Envoy::Server::Configuration::FatalAction``.
// *FatalAction* extensions live in the ``envoy.extensions.fatal_actions`` API
// namespace.
message FatalAction {
  // Extension specific configuration for the action. It's expected to conform
  // to the ``Envoy::Server::Configuration::FatalAction`` interface.
  core.v3.TypedExtensionConfig config = 1;
}

// Runtime :ref:`configuration overview <config_runtime>` (deprecated).
message Runtime {
  option (udpa.annotations.versioning).previous_message_type = "envoy.config.bootstrap.v2.Runtime";

  // The implementation assumes that the file system tree is accessed via a
  // symbolic link. An atomic link swap is used when a new tree should be
  // switched to. This parameter specifies the path to the symbolic link. Envoy
  // will watch the location for changes and reload the file system tree when
  // they happen. If this parameter is not set, there will be no disk based
  // runtime.
  string symlink_root = 1;

  // Specifies the subdirectory to load within the root directory. This is
  // useful if multiple systems share the same delivery mechanism. Envoy
  // configuration elements can be contained in a dedicated subdirectory.
  string subdirectory = 2;

  // Specifies an optional subdirectory to load within the root directory. If
  // specified and the directory exists, configuration values within this
  // directory will override those found in the primary subdirectory. This is
  // useful when Envoy is deployed across many different types of servers.
  // Sometimes it is useful to have a per service cluster directory for runtime
  // configuration. See below for exactly how the override directory is used.
  string override_subdirectory = 3;

  // Static base runtime. This will be :ref:`overridden
  // <config_runtime_layering>` by other runtime layers, e.g.
  // disk or admin. This follows the :ref:`runtime protobuf JSON representation
  // encoding <config_runtime_proto_json>`.
  google.protobuf.Struct base = 4;
}

// [#next-free-field: 6]
message RuntimeLayer {
  option (udpa.annotations.versioning).previous_message_type =
      "envoy.config.bootstrap.v2.RuntimeLayer";

  // :ref:`Disk runtime <config_runtime_local_disk>` layer.
  message DiskLayer {
    option (udpa.annotations.versioning).previous_message_type =
        "envoy.config.bootstrap.v2.RuntimeLayer.DiskLayer";

    // The implementation assumes that the file system tree is accessed via a
    // symbolic link. An atomic link swap is used when a new tree should be
    // switched to. This parameter specifies the path to the symbolic link.
    // Envoy will watch the location for changes and reload the file system tree
    // when they happen. See documentation on runtime :ref:`atomicity
    // <config_runtime_atomicity>` for further details on how reloads are
    // treated.
    string symlink_root = 1;

    // Specifies the subdirectory to load within the root directory. This is
    // useful if multiple systems share the same delivery mechanism. Envoy
    // configuration elements can be contained in a dedicated subdirectory.
    string subdirectory = 3;

    // :ref:`Append <config_runtime_local_disk_service_cluster_subdirs>` the
    // service cluster to the path under symlink root.
    bool append_service_cluster = 2;
  }

  // :ref:`Admin console runtime <config_runtime_admin>` layer.
  message AdminLayer {
    option (udpa.annotations.versioning).previous_message_type =
        "envoy.config.bootstrap.v2.RuntimeLayer.AdminLayer";
  }

  // :ref:`Runtime Discovery Service (RTDS) <config_runtime_rtds>` layer.
  message RtdsLayer {
    option (udpa.annotations.versioning).previous_message_type =
        "envoy.config.bootstrap.v2.RuntimeLayer.RtdsLayer";

    // Resource to subscribe to at *rtds_config* for the RTDS layer.
    string name = 1;

    // RTDS configuration source.
    core.v3.ConfigSource rtds_config = 2;
  }

  // Descriptive name for the runtime layer. This is only used for the runtime
  // :http:get:`/runtime` output.
  string name = 1 [(validate.rules).string = {min_len: 1}];

  oneof layer_specifier {
    option (validate.required) = true;

    // :ref:`Static runtime <config_runtime_bootstrap>` layer.
    // This follows the :ref:`runtime protobuf JSON representation encoding
    // <config_runtime_proto_json>`. Unlike static xDS resources, this static
    // layer is overridable by later layers in the runtime virtual filesystem.
    google.protobuf.Struct static_layer = 2;

    DiskLayer disk_layer = 3;

    AdminLayer admin_layer = 4;

    RtdsLayer rtds_layer = 5;
  }
}

// Runtime :ref:`configuration overview <config_runtime>`.
message LayeredRuntime {
  option (udpa.annotations.versioning).previous_message_type =
      "envoy.config.bootstrap.v2.LayeredRuntime";

  // The :ref:`layers <config_runtime_layering>` of the runtime. This is ordered
  // such that later layers in the list overlay earlier entries.
  repeated RuntimeLayer layers = 1;
}

// Used to specify the header that needs to be registered as an inline header.
//
// If request or response contain multiple headers with the same name and the header
// name is registered as an inline header. Then multiple headers will be folded
// into one, and multiple header values will be concatenated by a suitable delimiter.
// The delimiter is generally a comma.
//
// For example, if 'foo' is registered as an inline header, and the headers contains
// the following two headers:
//
// .. code-block:: text
//
//   foo: bar
//   foo: eep
//
// Then they will eventually be folded into:
//
// .. code-block:: text
//
//   foo: bar, eep
//
// Inline headers provide O(1) search performance, but each inline header imposes
// an additional memory overhead on all instances of the corresponding type of
// HeaderMap or TrailerMap.
message CustomInlineHeader {
  enum InlineHeaderType {
    REQUEST_HEADER = 0;
    REQUEST_TRAILER = 1;
    RESPONSE_HEADER = 2;
    RESPONSE_TRAILER = 3;
  }

  // The name of the header that is expected to be set as the inline header.
  string inline_header_name = 1
      [(validate.rules).string = {min_len: 1 well_known_regex: HTTP_HEADER_NAME strict: false}];

  // The type of the header that is expected to be set as the inline header.
  InlineHeaderType inline_header_type = 2 [(validate.rules).enum = {defined_only: true}];
}