vane 0.9.0

A flow-based reverse proxy with multi-layer routing and programmable pipelines.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42

---
title: Overview
description: Shared cross-layer resources including KV stores, service discovery, and templates.
icon: Telescope
---

The `resources` module manages the shared state and infrastructure that persist across connection lifecycles or are shared between different network layers. These resources provide the "intelligence" of the engine, enabling dynamic routing, metadata accumulation, and template resolution.

## Core Components

The module is divided into four critical subsystems:

| Sub-module                                           | Responsibility                                                                |
| :--------------------------------------------------- | :---------------------------------------------------------------------------- |
| [`kv`](./resources/kv-store)                         | Per-connection metadata storage using a high-performance hash map.            |
| [`templates`](./resources/templates)                 | The engine's variable substitution system supporting cross-layer "hijacking". |
| [`service_discovery`](./resources/service-discovery) | Upstream node management, health tracking, and dynamic node lookup.           |
| [`certs`](./resources/certificates)                  | Dynamic TLS certificate loading, storage, and domain-based matching.          |

## Design Objectives

1.  **Thread-Safe Sharing**: Shared registries (like nodes and certs) use `ArcSwap` for lock-free, zero-downtime updates.
2.  **Layer Agnostic**: Resources like the `KvStore` follow the connection from L4 all the way to L7, accumulating metadata along the way.
3.  **High Performance**: The `kv` store is optimized with `AHashMap` to minimize overhead in the hot path of plugin execution.

## Data Persistence & Lifecycle

Resources in Vane have different lifecycles:

- **Connection-Scoped**: The `KvStore` is created when a connection is accepted and dropped when it closes.
- **Global/Static**: `certs` and `service_discovery` nodes are loaded during bootstrap and live for the entire process duration, though they can be refreshed via hotswap.

<Callout type="info" title="Metadata Pipeline">
	Think of the resources as a pipeline. L4 populates the `kv` store with IP data, L4+ adds SNI/HTTP
	headers, and the `templates` system uses all this data to resolve plugin inputs in L7.
</Callout>

<Callout type="idea">
	Explore the specific implementation details for [KV Store](./resources/kv-store),
	[Templates](./resources/templates), [Service Discovery](./resources/service-discovery), and
	[Certificates](./resources/certificates).
</Callout>