6035 lines
257 KiB
YAML
6035 lines
257 KiB
YAML
---
|
|
# Source: crds/crd-all.gen.yaml
|
|
# DO NOT EDIT - Generated by Cue OpenAPI generator based on Istio APIs.
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
"helm.sh/resource-policy": keep
|
|
labels:
|
|
app: istio-pilot
|
|
chart: istio
|
|
heritage: Tiller
|
|
release: istio
|
|
name: destinationrules.networking.istio.io
|
|
spec:
|
|
group: networking.istio.io
|
|
names:
|
|
categories:
|
|
- istio-io
|
|
- networking-istio-io
|
|
kind: DestinationRule
|
|
listKind: DestinationRuleList
|
|
plural: destinationrules
|
|
shortNames:
|
|
- dr
|
|
singular: destinationrule
|
|
scope: Namespaced
|
|
versions:
|
|
- additionalPrinterColumns:
|
|
- description: The name of a service from the service registry
|
|
jsonPath: .spec.host
|
|
name: Host
|
|
type: string
|
|
- description: 'CreationTimestamp is a timestamp representing the server time
|
|
when this object was created. It is not guaranteed to be set in happens-before
|
|
order across separate operations. Clients may not set this value. It is represented
|
|
in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
|
|
lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
|
|
jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
name: v1alpha3
|
|
schema:
|
|
openAPIV3Schema:
|
|
properties:
|
|
spec:
|
|
description: 'Configuration affecting load balancing, outlier detection,
|
|
etc. See more details at: https://istio.io/docs/reference/config/networking/destination-rule.html'
|
|
properties:
|
|
exportTo:
|
|
description: A list of namespaces to which this destination rule is
|
|
exported.
|
|
items:
|
|
type: string
|
|
type: array
|
|
host:
|
|
description: The name of a service from the service registry.
|
|
type: string
|
|
subsets:
|
|
items:
|
|
properties:
|
|
labels:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
name:
|
|
description: Name of the subset.
|
|
type: string
|
|
trafficPolicy:
|
|
description: Traffic policies that apply to this subset.
|
|
properties:
|
|
connectionPool:
|
|
properties:
|
|
http:
|
|
description: HTTP connection pool settings.
|
|
properties:
|
|
h2UpgradePolicy:
|
|
description: Specify if http1.1 connection should
|
|
be upgraded to http2 for the associated destination.
|
|
enum:
|
|
- DEFAULT
|
|
- DO_NOT_UPGRADE
|
|
- UPGRADE
|
|
type: string
|
|
http1MaxPendingRequests:
|
|
description: Maximum number of pending HTTP requests
|
|
to a destination.
|
|
format: int32
|
|
type: integer
|
|
http2MaxRequests:
|
|
description: Maximum number of requests to a backend.
|
|
format: int32
|
|
type: integer
|
|
idleTimeout:
|
|
description: The idle timeout for upstream connection
|
|
pool connections.
|
|
type: string
|
|
maxRequestsPerConnection:
|
|
description: Maximum number of requests per connection
|
|
to a backend.
|
|
format: int32
|
|
type: integer
|
|
maxRetries:
|
|
format: int32
|
|
type: integer
|
|
useClientProtocol:
|
|
description: If set to true, client protocol will
|
|
be preserved while initiating connection to backend.
|
|
type: boolean
|
|
type: object
|
|
tcp:
|
|
description: Settings common to both HTTP and TCP upstream
|
|
connections.
|
|
properties:
|
|
connectTimeout:
|
|
description: TCP connection timeout.
|
|
type: string
|
|
maxConnections:
|
|
description: Maximum number of HTTP1 /TCP connections
|
|
to a destination host.
|
|
format: int32
|
|
type: integer
|
|
tcpKeepalive:
|
|
description: If set then set SO_KEEPALIVE on the
|
|
socket to enable TCP Keepalives.
|
|
properties:
|
|
interval:
|
|
description: The time duration between keep-alive
|
|
probes.
|
|
type: string
|
|
probes:
|
|
type: integer
|
|
time:
|
|
type: string
|
|
type: object
|
|
type: object
|
|
type: object
|
|
loadBalancer:
|
|
description: Settings controlling the load balancer algorithms.
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- simple
|
|
- properties:
|
|
consistentHash:
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- httpHeaderName
|
|
- required:
|
|
- httpCookie
|
|
- required:
|
|
- useSourceIp
|
|
- required:
|
|
- httpQueryParameterName
|
|
- required:
|
|
- httpHeaderName
|
|
- required:
|
|
- httpCookie
|
|
- required:
|
|
- useSourceIp
|
|
- required:
|
|
- httpQueryParameterName
|
|
required:
|
|
- consistentHash
|
|
- required:
|
|
- simple
|
|
- properties:
|
|
consistentHash:
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- httpHeaderName
|
|
- required:
|
|
- httpCookie
|
|
- required:
|
|
- useSourceIp
|
|
- required:
|
|
- httpQueryParameterName
|
|
- required:
|
|
- httpHeaderName
|
|
- required:
|
|
- httpCookie
|
|
- required:
|
|
- useSourceIp
|
|
- required:
|
|
- httpQueryParameterName
|
|
required:
|
|
- consistentHash
|
|
properties:
|
|
consistentHash:
|
|
properties:
|
|
httpCookie:
|
|
description: Hash based on HTTP cookie.
|
|
properties:
|
|
name:
|
|
description: Name of the cookie.
|
|
type: string
|
|
path:
|
|
description: Path to set for the cookie.
|
|
type: string
|
|
ttl:
|
|
description: Lifetime of the cookie.
|
|
type: string
|
|
type: object
|
|
httpHeaderName:
|
|
description: Hash based on a specific HTTP header.
|
|
type: string
|
|
httpQueryParameterName:
|
|
description: Hash based on a specific HTTP query
|
|
parameter.
|
|
type: string
|
|
minimumRingSize:
|
|
type: integer
|
|
useSourceIp:
|
|
description: Hash based on the source IP address.
|
|
type: boolean
|
|
type: object
|
|
localityLbSetting:
|
|
properties:
|
|
distribute:
|
|
description: 'Optional: only one of distribute or
|
|
failover can be set.'
|
|
items:
|
|
properties:
|
|
from:
|
|
description: Originating locality, '/' separated,
|
|
e.g.
|
|
type: string
|
|
to:
|
|
additionalProperties:
|
|
type: integer
|
|
description: Map of upstream localities to
|
|
traffic distribution weights.
|
|
type: object
|
|
type: object
|
|
type: array
|
|
enabled:
|
|
description: enable locality load balancing, this
|
|
is DestinationRule-level and will override mesh
|
|
wide settings in entirety.
|
|
nullable: true
|
|
type: boolean
|
|
failover:
|
|
description: 'Optional: only failover or distribute
|
|
can be set.'
|
|
items:
|
|
properties:
|
|
from:
|
|
description: Originating region.
|
|
type: string
|
|
to:
|
|
type: string
|
|
type: object
|
|
type: array
|
|
type: object
|
|
simple:
|
|
enum:
|
|
- ROUND_ROBIN
|
|
- LEAST_CONN
|
|
- RANDOM
|
|
- PASSTHROUGH
|
|
type: string
|
|
type: object
|
|
outlierDetection:
|
|
properties:
|
|
baseEjectionTime:
|
|
description: Minimum ejection duration.
|
|
type: string
|
|
consecutive5xxErrors:
|
|
description: Number of 5xx errors before a host is ejected
|
|
from the connection pool.
|
|
nullable: true
|
|
type: integer
|
|
consecutiveErrors:
|
|
format: int32
|
|
type: integer
|
|
consecutiveGatewayErrors:
|
|
description: Number of gateway errors before a host
|
|
is ejected from the connection pool.
|
|
nullable: true
|
|
type: integer
|
|
consecutiveLocalOriginFailures:
|
|
nullable: true
|
|
type: integer
|
|
interval:
|
|
description: Time interval between ejection sweep analysis.
|
|
type: string
|
|
maxEjectionPercent:
|
|
format: int32
|
|
type: integer
|
|
minHealthPercent:
|
|
format: int32
|
|
type: integer
|
|
splitExternalLocalOriginErrors:
|
|
description: Determines whether to distinguish local
|
|
origin failures from external errors.
|
|
type: boolean
|
|
type: object
|
|
portLevelSettings:
|
|
description: Traffic policies specific to individual ports.
|
|
items:
|
|
properties:
|
|
connectionPool:
|
|
properties:
|
|
http:
|
|
description: HTTP connection pool settings.
|
|
properties:
|
|
h2UpgradePolicy:
|
|
description: Specify if http1.1 connection
|
|
should be upgraded to http2 for the associated
|
|
destination.
|
|
enum:
|
|
- DEFAULT
|
|
- DO_NOT_UPGRADE
|
|
- UPGRADE
|
|
type: string
|
|
http1MaxPendingRequests:
|
|
description: Maximum number of pending HTTP
|
|
requests to a destination.
|
|
format: int32
|
|
type: integer
|
|
http2MaxRequests:
|
|
description: Maximum number of requests to
|
|
a backend.
|
|
format: int32
|
|
type: integer
|
|
idleTimeout:
|
|
description: The idle timeout for upstream
|
|
connection pool connections.
|
|
type: string
|
|
maxRequestsPerConnection:
|
|
description: Maximum number of requests per
|
|
connection to a backend.
|
|
format: int32
|
|
type: integer
|
|
maxRetries:
|
|
format: int32
|
|
type: integer
|
|
useClientProtocol:
|
|
description: If set to true, client protocol
|
|
will be preserved while initiating connection
|
|
to backend.
|
|
type: boolean
|
|
type: object
|
|
tcp:
|
|
description: Settings common to both HTTP and
|
|
TCP upstream connections.
|
|
properties:
|
|
connectTimeout:
|
|
description: TCP connection timeout.
|
|
type: string
|
|
maxConnections:
|
|
description: Maximum number of HTTP1 /TCP
|
|
connections to a destination host.
|
|
format: int32
|
|
type: integer
|
|
tcpKeepalive:
|
|
description: If set then set SO_KEEPALIVE
|
|
on the socket to enable TCP Keepalives.
|
|
properties:
|
|
interval:
|
|
description: The time duration between
|
|
keep-alive probes.
|
|
type: string
|
|
probes:
|
|
type: integer
|
|
time:
|
|
type: string
|
|
type: object
|
|
type: object
|
|
type: object
|
|
loadBalancer:
|
|
description: Settings controlling the load balancer
|
|
algorithms.
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- simple
|
|
- properties:
|
|
consistentHash:
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- httpHeaderName
|
|
- required:
|
|
- httpCookie
|
|
- required:
|
|
- useSourceIp
|
|
- required:
|
|
- httpQueryParameterName
|
|
- required:
|
|
- httpHeaderName
|
|
- required:
|
|
- httpCookie
|
|
- required:
|
|
- useSourceIp
|
|
- required:
|
|
- httpQueryParameterName
|
|
required:
|
|
- consistentHash
|
|
- required:
|
|
- simple
|
|
- properties:
|
|
consistentHash:
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- httpHeaderName
|
|
- required:
|
|
- httpCookie
|
|
- required:
|
|
- useSourceIp
|
|
- required:
|
|
- httpQueryParameterName
|
|
- required:
|
|
- httpHeaderName
|
|
- required:
|
|
- httpCookie
|
|
- required:
|
|
- useSourceIp
|
|
- required:
|
|
- httpQueryParameterName
|
|
required:
|
|
- consistentHash
|
|
properties:
|
|
consistentHash:
|
|
properties:
|
|
httpCookie:
|
|
description: Hash based on HTTP cookie.
|
|
properties:
|
|
name:
|
|
description: Name of the cookie.
|
|
type: string
|
|
path:
|
|
description: Path to set for the cookie.
|
|
type: string
|
|
ttl:
|
|
description: Lifetime of the cookie.
|
|
type: string
|
|
type: object
|
|
httpHeaderName:
|
|
description: Hash based on a specific HTTP
|
|
header.
|
|
type: string
|
|
httpQueryParameterName:
|
|
description: Hash based on a specific HTTP
|
|
query parameter.
|
|
type: string
|
|
minimumRingSize:
|
|
type: integer
|
|
useSourceIp:
|
|
description: Hash based on the source IP address.
|
|
type: boolean
|
|
type: object
|
|
localityLbSetting:
|
|
properties:
|
|
distribute:
|
|
description: 'Optional: only one of distribute
|
|
or failover can be set.'
|
|
items:
|
|
properties:
|
|
from:
|
|
description: Originating locality, '/'
|
|
separated, e.g.
|
|
type: string
|
|
to:
|
|
additionalProperties:
|
|
type: integer
|
|
description: Map of upstream localities
|
|
to traffic distribution weights.
|
|
type: object
|
|
type: object
|
|
type: array
|
|
enabled:
|
|
description: enable locality load balancing,
|
|
this is DestinationRule-level and will override
|
|
mesh wide settings in entirety.
|
|
nullable: true
|
|
type: boolean
|
|
failover:
|
|
description: 'Optional: only failover or distribute
|
|
can be set.'
|
|
items:
|
|
properties:
|
|
from:
|
|
description: Originating region.
|
|
type: string
|
|
to:
|
|
type: string
|
|
type: object
|
|
type: array
|
|
type: object
|
|
simple:
|
|
enum:
|
|
- ROUND_ROBIN
|
|
- LEAST_CONN
|
|
- RANDOM
|
|
- PASSTHROUGH
|
|
type: string
|
|
type: object
|
|
outlierDetection:
|
|
properties:
|
|
baseEjectionTime:
|
|
description: Minimum ejection duration.
|
|
type: string
|
|
consecutive5xxErrors:
|
|
description: Number of 5xx errors before a host
|
|
is ejected from the connection pool.
|
|
nullable: true
|
|
type: integer
|
|
consecutiveErrors:
|
|
format: int32
|
|
type: integer
|
|
consecutiveGatewayErrors:
|
|
description: Number of gateway errors before a
|
|
host is ejected from the connection pool.
|
|
nullable: true
|
|
type: integer
|
|
consecutiveLocalOriginFailures:
|
|
nullable: true
|
|
type: integer
|
|
interval:
|
|
description: Time interval between ejection sweep
|
|
analysis.
|
|
type: string
|
|
maxEjectionPercent:
|
|
format: int32
|
|
type: integer
|
|
minHealthPercent:
|
|
format: int32
|
|
type: integer
|
|
splitExternalLocalOriginErrors:
|
|
description: Determines whether to distinguish
|
|
local origin failures from external errors.
|
|
type: boolean
|
|
type: object
|
|
port:
|
|
properties:
|
|
number:
|
|
type: integer
|
|
type: object
|
|
tls:
|
|
description: TLS related settings for connections
|
|
to the upstream service.
|
|
properties:
|
|
caCertificates:
|
|
type: string
|
|
clientCertificate:
|
|
description: REQUIRED if mode is `MUTUAL`.
|
|
type: string
|
|
credentialName:
|
|
type: string
|
|
mode:
|
|
enum:
|
|
- DISABLE
|
|
- SIMPLE
|
|
- MUTUAL
|
|
- ISTIO_MUTUAL
|
|
type: string
|
|
privateKey:
|
|
description: REQUIRED if mode is `MUTUAL`.
|
|
type: string
|
|
sni:
|
|
description: SNI string to present to the server
|
|
during TLS handshake.
|
|
type: string
|
|
subjectAltNames:
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
type: object
|
|
type: array
|
|
tls:
|
|
description: TLS related settings for connections to the
|
|
upstream service.
|
|
properties:
|
|
caCertificates:
|
|
type: string
|
|
clientCertificate:
|
|
description: REQUIRED if mode is `MUTUAL`.
|
|
type: string
|
|
credentialName:
|
|
type: string
|
|
mode:
|
|
enum:
|
|
- DISABLE
|
|
- SIMPLE
|
|
- MUTUAL
|
|
- ISTIO_MUTUAL
|
|
type: string
|
|
privateKey:
|
|
description: REQUIRED if mode is `MUTUAL`.
|
|
type: string
|
|
sni:
|
|
description: SNI string to present to the server during
|
|
TLS handshake.
|
|
type: string
|
|
subjectAltNames:
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
type: object
|
|
type: object
|
|
type: array
|
|
trafficPolicy:
|
|
properties:
|
|
connectionPool:
|
|
properties:
|
|
http:
|
|
description: HTTP connection pool settings.
|
|
properties:
|
|
h2UpgradePolicy:
|
|
description: Specify if http1.1 connection should be upgraded
|
|
to http2 for the associated destination.
|
|
enum:
|
|
- DEFAULT
|
|
- DO_NOT_UPGRADE
|
|
- UPGRADE
|
|
type: string
|
|
http1MaxPendingRequests:
|
|
description: Maximum number of pending HTTP requests to
|
|
a destination.
|
|
format: int32
|
|
type: integer
|
|
http2MaxRequests:
|
|
description: Maximum number of requests to a backend.
|
|
format: int32
|
|
type: integer
|
|
idleTimeout:
|
|
description: The idle timeout for upstream connection
|
|
pool connections.
|
|
type: string
|
|
maxRequestsPerConnection:
|
|
description: Maximum number of requests per connection
|
|
to a backend.
|
|
format: int32
|
|
type: integer
|
|
maxRetries:
|
|
format: int32
|
|
type: integer
|
|
useClientProtocol:
|
|
description: If set to true, client protocol will be preserved
|
|
while initiating connection to backend.
|
|
type: boolean
|
|
type: object
|
|
tcp:
|
|
description: Settings common to both HTTP and TCP upstream
|
|
connections.
|
|
properties:
|
|
connectTimeout:
|
|
description: TCP connection timeout.
|
|
type: string
|
|
maxConnections:
|
|
description: Maximum number of HTTP1 /TCP connections
|
|
to a destination host.
|
|
format: int32
|
|
type: integer
|
|
tcpKeepalive:
|
|
description: If set then set SO_KEEPALIVE on the socket
|
|
to enable TCP Keepalives.
|
|
properties:
|
|
interval:
|
|
description: The time duration between keep-alive
|
|
probes.
|
|
type: string
|
|
probes:
|
|
type: integer
|
|
time:
|
|
type: string
|
|
type: object
|
|
type: object
|
|
type: object
|
|
loadBalancer:
|
|
description: Settings controlling the load balancer algorithms.
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- simple
|
|
- properties:
|
|
consistentHash:
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- httpHeaderName
|
|
- required:
|
|
- httpCookie
|
|
- required:
|
|
- useSourceIp
|
|
- required:
|
|
- httpQueryParameterName
|
|
- required:
|
|
- httpHeaderName
|
|
- required:
|
|
- httpCookie
|
|
- required:
|
|
- useSourceIp
|
|
- required:
|
|
- httpQueryParameterName
|
|
required:
|
|
- consistentHash
|
|
- required:
|
|
- simple
|
|
- properties:
|
|
consistentHash:
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- httpHeaderName
|
|
- required:
|
|
- httpCookie
|
|
- required:
|
|
- useSourceIp
|
|
- required:
|
|
- httpQueryParameterName
|
|
- required:
|
|
- httpHeaderName
|
|
- required:
|
|
- httpCookie
|
|
- required:
|
|
- useSourceIp
|
|
- required:
|
|
- httpQueryParameterName
|
|
required:
|
|
- consistentHash
|
|
properties:
|
|
consistentHash:
|
|
properties:
|
|
httpCookie:
|
|
description: Hash based on HTTP cookie.
|
|
properties:
|
|
name:
|
|
description: Name of the cookie.
|
|
type: string
|
|
path:
|
|
description: Path to set for the cookie.
|
|
type: string
|
|
ttl:
|
|
description: Lifetime of the cookie.
|
|
type: string
|
|
type: object
|
|
httpHeaderName:
|
|
description: Hash based on a specific HTTP header.
|
|
type: string
|
|
httpQueryParameterName:
|
|
description: Hash based on a specific HTTP query parameter.
|
|
type: string
|
|
minimumRingSize:
|
|
type: integer
|
|
useSourceIp:
|
|
description: Hash based on the source IP address.
|
|
type: boolean
|
|
type: object
|
|
localityLbSetting:
|
|
properties:
|
|
distribute:
|
|
description: 'Optional: only one of distribute or failover
|
|
can be set.'
|
|
items:
|
|
properties:
|
|
from:
|
|
description: Originating locality, '/' separated,
|
|
e.g.
|
|
type: string
|
|
to:
|
|
additionalProperties:
|
|
type: integer
|
|
description: Map of upstream localities to traffic
|
|
distribution weights.
|
|
type: object
|
|
type: object
|
|
type: array
|
|
enabled:
|
|
description: enable locality load balancing, this is DestinationRule-level
|
|
and will override mesh wide settings in entirety.
|
|
nullable: true
|
|
type: boolean
|
|
failover:
|
|
description: 'Optional: only failover or distribute can
|
|
be set.'
|
|
items:
|
|
properties:
|
|
from:
|
|
description: Originating region.
|
|
type: string
|
|
to:
|
|
type: string
|
|
type: object
|
|
type: array
|
|
type: object
|
|
simple:
|
|
enum:
|
|
- ROUND_ROBIN
|
|
- LEAST_CONN
|
|
- RANDOM
|
|
- PASSTHROUGH
|
|
type: string
|
|
type: object
|
|
outlierDetection:
|
|
properties:
|
|
baseEjectionTime:
|
|
description: Minimum ejection duration.
|
|
type: string
|
|
consecutive5xxErrors:
|
|
description: Number of 5xx errors before a host is ejected
|
|
from the connection pool.
|
|
nullable: true
|
|
type: integer
|
|
consecutiveErrors:
|
|
format: int32
|
|
type: integer
|
|
consecutiveGatewayErrors:
|
|
description: Number of gateway errors before a host is ejected
|
|
from the connection pool.
|
|
nullable: true
|
|
type: integer
|
|
consecutiveLocalOriginFailures:
|
|
nullable: true
|
|
type: integer
|
|
interval:
|
|
description: Time interval between ejection sweep analysis.
|
|
type: string
|
|
maxEjectionPercent:
|
|
format: int32
|
|
type: integer
|
|
minHealthPercent:
|
|
format: int32
|
|
type: integer
|
|
splitExternalLocalOriginErrors:
|
|
description: Determines whether to distinguish local origin
|
|
failures from external errors.
|
|
type: boolean
|
|
type: object
|
|
portLevelSettings:
|
|
description: Traffic policies specific to individual ports.
|
|
items:
|
|
properties:
|
|
connectionPool:
|
|
properties:
|
|
http:
|
|
description: HTTP connection pool settings.
|
|
properties:
|
|
h2UpgradePolicy:
|
|
description: Specify if http1.1 connection should
|
|
be upgraded to http2 for the associated destination.
|
|
enum:
|
|
- DEFAULT
|
|
- DO_NOT_UPGRADE
|
|
- UPGRADE
|
|
type: string
|
|
http1MaxPendingRequests:
|
|
description: Maximum number of pending HTTP requests
|
|
to a destination.
|
|
format: int32
|
|
type: integer
|
|
http2MaxRequests:
|
|
description: Maximum number of requests to a backend.
|
|
format: int32
|
|
type: integer
|
|
idleTimeout:
|
|
description: The idle timeout for upstream connection
|
|
pool connections.
|
|
type: string
|
|
maxRequestsPerConnection:
|
|
description: Maximum number of requests per connection
|
|
to a backend.
|
|
format: int32
|
|
type: integer
|
|
maxRetries:
|
|
format: int32
|
|
type: integer
|
|
useClientProtocol:
|
|
description: If set to true, client protocol will
|
|
be preserved while initiating connection to backend.
|
|
type: boolean
|
|
type: object
|
|
tcp:
|
|
description: Settings common to both HTTP and TCP upstream
|
|
connections.
|
|
properties:
|
|
connectTimeout:
|
|
description: TCP connection timeout.
|
|
type: string
|
|
maxConnections:
|
|
description: Maximum number of HTTP1 /TCP connections
|
|
to a destination host.
|
|
format: int32
|
|
type: integer
|
|
tcpKeepalive:
|
|
description: If set then set SO_KEEPALIVE on the
|
|
socket to enable TCP Keepalives.
|
|
properties:
|
|
interval:
|
|
description: The time duration between keep-alive
|
|
probes.
|
|
type: string
|
|
probes:
|
|
type: integer
|
|
time:
|
|
type: string
|
|
type: object
|
|
type: object
|
|
type: object
|
|
loadBalancer:
|
|
description: Settings controlling the load balancer algorithms.
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- simple
|
|
- properties:
|
|
consistentHash:
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- httpHeaderName
|
|
- required:
|
|
- httpCookie
|
|
- required:
|
|
- useSourceIp
|
|
- required:
|
|
- httpQueryParameterName
|
|
- required:
|
|
- httpHeaderName
|
|
- required:
|
|
- httpCookie
|
|
- required:
|
|
- useSourceIp
|
|
- required:
|
|
- httpQueryParameterName
|
|
required:
|
|
- consistentHash
|
|
- required:
|
|
- simple
|
|
- properties:
|
|
consistentHash:
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- httpHeaderName
|
|
- required:
|
|
- httpCookie
|
|
- required:
|
|
- useSourceIp
|
|
- required:
|
|
- httpQueryParameterName
|
|
- required:
|
|
- httpHeaderName
|
|
- required:
|
|
- httpCookie
|
|
- required:
|
|
- useSourceIp
|
|
- required:
|
|
- httpQueryParameterName
|
|
required:
|
|
- consistentHash
|
|
properties:
|
|
consistentHash:
|
|
properties:
|
|
httpCookie:
|
|
description: Hash based on HTTP cookie.
|
|
properties:
|
|
name:
|
|
description: Name of the cookie.
|
|
type: string
|
|
path:
|
|
description: Path to set for the cookie.
|
|
type: string
|
|
ttl:
|
|
description: Lifetime of the cookie.
|
|
type: string
|
|
type: object
|
|
httpHeaderName:
|
|
description: Hash based on a specific HTTP header.
|
|
type: string
|
|
httpQueryParameterName:
|
|
description: Hash based on a specific HTTP query
|
|
parameter.
|
|
type: string
|
|
minimumRingSize:
|
|
type: integer
|
|
useSourceIp:
|
|
description: Hash based on the source IP address.
|
|
type: boolean
|
|
type: object
|
|
localityLbSetting:
|
|
properties:
|
|
distribute:
|
|
description: 'Optional: only one of distribute or
|
|
failover can be set.'
|
|
items:
|
|
properties:
|
|
from:
|
|
description: Originating locality, '/' separated,
|
|
e.g.
|
|
type: string
|
|
to:
|
|
additionalProperties:
|
|
type: integer
|
|
description: Map of upstream localities to
|
|
traffic distribution weights.
|
|
type: object
|
|
type: object
|
|
type: array
|
|
enabled:
|
|
description: enable locality load balancing, this
|
|
is DestinationRule-level and will override mesh
|
|
wide settings in entirety.
|
|
nullable: true
|
|
type: boolean
|
|
failover:
|
|
description: 'Optional: only failover or distribute
|
|
can be set.'
|
|
items:
|
|
properties:
|
|
from:
|
|
description: Originating region.
|
|
type: string
|
|
to:
|
|
type: string
|
|
type: object
|
|
type: array
|
|
type: object
|
|
simple:
|
|
enum:
|
|
- ROUND_ROBIN
|
|
- LEAST_CONN
|
|
- RANDOM
|
|
- PASSTHROUGH
|
|
type: string
|
|
type: object
|
|
outlierDetection:
|
|
properties:
|
|
baseEjectionTime:
|
|
description: Minimum ejection duration.
|
|
type: string
|
|
consecutive5xxErrors:
|
|
description: Number of 5xx errors before a host is ejected
|
|
from the connection pool.
|
|
nullable: true
|
|
type: integer
|
|
consecutiveErrors:
|
|
format: int32
|
|
type: integer
|
|
consecutiveGatewayErrors:
|
|
description: Number of gateway errors before a host
|
|
is ejected from the connection pool.
|
|
nullable: true
|
|
type: integer
|
|
consecutiveLocalOriginFailures:
|
|
nullable: true
|
|
type: integer
|
|
interval:
|
|
description: Time interval between ejection sweep analysis.
|
|
type: string
|
|
maxEjectionPercent:
|
|
format: int32
|
|
type: integer
|
|
minHealthPercent:
|
|
format: int32
|
|
type: integer
|
|
splitExternalLocalOriginErrors:
|
|
description: Determines whether to distinguish local
|
|
origin failures from external errors.
|
|
type: boolean
|
|
type: object
|
|
port:
|
|
properties:
|
|
number:
|
|
type: integer
|
|
type: object
|
|
tls:
|
|
description: TLS related settings for connections to the
|
|
upstream service.
|
|
properties:
|
|
caCertificates:
|
|
type: string
|
|
clientCertificate:
|
|
description: REQUIRED if mode is `MUTUAL`.
|
|
type: string
|
|
credentialName:
|
|
type: string
|
|
mode:
|
|
enum:
|
|
- DISABLE
|
|
- SIMPLE
|
|
- MUTUAL
|
|
- ISTIO_MUTUAL
|
|
type: string
|
|
privateKey:
|
|
description: REQUIRED if mode is `MUTUAL`.
|
|
type: string
|
|
sni:
|
|
description: SNI string to present to the server during
|
|
TLS handshake.
|
|
type: string
|
|
subjectAltNames:
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
type: object
|
|
type: array
|
|
tls:
|
|
description: TLS related settings for connections to the upstream
|
|
service.
|
|
properties:
|
|
caCertificates:
|
|
type: string
|
|
clientCertificate:
|
|
description: REQUIRED if mode is `MUTUAL`.
|
|
type: string
|
|
credentialName:
|
|
type: string
|
|
mode:
|
|
enum:
|
|
- DISABLE
|
|
- SIMPLE
|
|
- MUTUAL
|
|
- ISTIO_MUTUAL
|
|
type: string
|
|
privateKey:
|
|
description: REQUIRED if mode is `MUTUAL`.
|
|
type: string
|
|
sni:
|
|
description: SNI string to present to the server during TLS
|
|
handshake.
|
|
type: string
|
|
subjectAltNames:
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
type: object
|
|
type: object
|
|
status:
|
|
type: object
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
- additionalPrinterColumns:
|
|
- description: The name of a service from the service registry
|
|
jsonPath: .spec.host
|
|
name: Host
|
|
type: string
|
|
- description: 'CreationTimestamp is a timestamp representing the server time
|
|
when this object was created. It is not guaranteed to be set in happens-before
|
|
order across separate operations. Clients may not set this value. It is represented
|
|
in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
|
|
lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
|
|
jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
name: v1beta1
|
|
schema:
|
|
openAPIV3Schema:
|
|
properties:
|
|
spec:
|
|
description: 'Configuration affecting load balancing, outlier detection,
|
|
etc. See more details at: https://istio.io/docs/reference/config/networking/destination-rule.html'
|
|
properties:
|
|
exportTo:
|
|
description: A list of namespaces to which this destination rule is
|
|
exported.
|
|
items:
|
|
type: string
|
|
type: array
|
|
host:
|
|
description: The name of a service from the service registry.
|
|
type: string
|
|
subsets:
|
|
items:
|
|
properties:
|
|
labels:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
name:
|
|
description: Name of the subset.
|
|
type: string
|
|
trafficPolicy:
|
|
description: Traffic policies that apply to this subset.
|
|
properties:
|
|
connectionPool:
|
|
properties:
|
|
http:
|
|
description: HTTP connection pool settings.
|
|
properties:
|
|
h2UpgradePolicy:
|
|
description: Specify if http1.1 connection should
|
|
be upgraded to http2 for the associated destination.
|
|
enum:
|
|
- DEFAULT
|
|
- DO_NOT_UPGRADE
|
|
- UPGRADE
|
|
type: string
|
|
http1MaxPendingRequests:
|
|
description: Maximum number of pending HTTP requests
|
|
to a destination.
|
|
format: int32
|
|
type: integer
|
|
http2MaxRequests:
|
|
description: Maximum number of requests to a backend.
|
|
format: int32
|
|
type: integer
|
|
idleTimeout:
|
|
description: The idle timeout for upstream connection
|
|
pool connections.
|
|
type: string
|
|
maxRequestsPerConnection:
|
|
description: Maximum number of requests per connection
|
|
to a backend.
|
|
format: int32
|
|
type: integer
|
|
maxRetries:
|
|
format: int32
|
|
type: integer
|
|
useClientProtocol:
|
|
description: If set to true, client protocol will
|
|
be preserved while initiating connection to backend.
|
|
type: boolean
|
|
type: object
|
|
tcp:
|
|
description: Settings common to both HTTP and TCP upstream
|
|
connections.
|
|
properties:
|
|
connectTimeout:
|
|
description: TCP connection timeout.
|
|
type: string
|
|
maxConnections:
|
|
description: Maximum number of HTTP1 /TCP connections
|
|
to a destination host.
|
|
format: int32
|
|
type: integer
|
|
tcpKeepalive:
|
|
description: If set then set SO_KEEPALIVE on the
|
|
socket to enable TCP Keepalives.
|
|
properties:
|
|
interval:
|
|
description: The time duration between keep-alive
|
|
probes.
|
|
type: string
|
|
probes:
|
|
type: integer
|
|
time:
|
|
type: string
|
|
type: object
|
|
type: object
|
|
type: object
|
|
loadBalancer:
|
|
description: Settings controlling the load balancer algorithms.
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- simple
|
|
- properties:
|
|
consistentHash:
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- httpHeaderName
|
|
- required:
|
|
- httpCookie
|
|
- required:
|
|
- useSourceIp
|
|
- required:
|
|
- httpQueryParameterName
|
|
- required:
|
|
- httpHeaderName
|
|
- required:
|
|
- httpCookie
|
|
- required:
|
|
- useSourceIp
|
|
- required:
|
|
- httpQueryParameterName
|
|
required:
|
|
- consistentHash
|
|
- required:
|
|
- simple
|
|
- properties:
|
|
consistentHash:
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- httpHeaderName
|
|
- required:
|
|
- httpCookie
|
|
- required:
|
|
- useSourceIp
|
|
- required:
|
|
- httpQueryParameterName
|
|
- required:
|
|
- httpHeaderName
|
|
- required:
|
|
- httpCookie
|
|
- required:
|
|
- useSourceIp
|
|
- required:
|
|
- httpQueryParameterName
|
|
required:
|
|
- consistentHash
|
|
properties:
|
|
consistentHash:
|
|
properties:
|
|
httpCookie:
|
|
description: Hash based on HTTP cookie.
|
|
properties:
|
|
name:
|
|
description: Name of the cookie.
|
|
type: string
|
|
path:
|
|
description: Path to set for the cookie.
|
|
type: string
|
|
ttl:
|
|
description: Lifetime of the cookie.
|
|
type: string
|
|
type: object
|
|
httpHeaderName:
|
|
description: Hash based on a specific HTTP header.
|
|
type: string
|
|
httpQueryParameterName:
|
|
description: Hash based on a specific HTTP query
|
|
parameter.
|
|
type: string
|
|
minimumRingSize:
|
|
type: integer
|
|
useSourceIp:
|
|
description: Hash based on the source IP address.
|
|
type: boolean
|
|
type: object
|
|
localityLbSetting:
|
|
properties:
|
|
distribute:
|
|
description: 'Optional: only one of distribute or
|
|
failover can be set.'
|
|
items:
|
|
properties:
|
|
from:
|
|
description: Originating locality, '/' separated,
|
|
e.g.
|
|
type: string
|
|
to:
|
|
additionalProperties:
|
|
type: integer
|
|
description: Map of upstream localities to
|
|
traffic distribution weights.
|
|
type: object
|
|
type: object
|
|
type: array
|
|
enabled:
|
|
description: enable locality load balancing, this
|
|
is DestinationRule-level and will override mesh
|
|
wide settings in entirety.
|
|
nullable: true
|
|
type: boolean
|
|
failover:
|
|
description: 'Optional: only failover or distribute
|
|
can be set.'
|
|
items:
|
|
properties:
|
|
from:
|
|
description: Originating region.
|
|
type: string
|
|
to:
|
|
type: string
|
|
type: object
|
|
type: array
|
|
type: object
|
|
simple:
|
|
enum:
|
|
- ROUND_ROBIN
|
|
- LEAST_CONN
|
|
- RANDOM
|
|
- PASSTHROUGH
|
|
type: string
|
|
type: object
|
|
outlierDetection:
|
|
properties:
|
|
baseEjectionTime:
|
|
description: Minimum ejection duration.
|
|
type: string
|
|
consecutive5xxErrors:
|
|
description: Number of 5xx errors before a host is ejected
|
|
from the connection pool.
|
|
nullable: true
|
|
type: integer
|
|
consecutiveErrors:
|
|
format: int32
|
|
type: integer
|
|
consecutiveGatewayErrors:
|
|
description: Number of gateway errors before a host
|
|
is ejected from the connection pool.
|
|
nullable: true
|
|
type: integer
|
|
consecutiveLocalOriginFailures:
|
|
nullable: true
|
|
type: integer
|
|
interval:
|
|
description: Time interval between ejection sweep analysis.
|
|
type: string
|
|
maxEjectionPercent:
|
|
format: int32
|
|
type: integer
|
|
minHealthPercent:
|
|
format: int32
|
|
type: integer
|
|
splitExternalLocalOriginErrors:
|
|
description: Determines whether to distinguish local
|
|
origin failures from external errors.
|
|
type: boolean
|
|
type: object
|
|
portLevelSettings:
|
|
description: Traffic policies specific to individual ports.
|
|
items:
|
|
properties:
|
|
connectionPool:
|
|
properties:
|
|
http:
|
|
description: HTTP connection pool settings.
|
|
properties:
|
|
h2UpgradePolicy:
|
|
description: Specify if http1.1 connection
|
|
should be upgraded to http2 for the associated
|
|
destination.
|
|
enum:
|
|
- DEFAULT
|
|
- DO_NOT_UPGRADE
|
|
- UPGRADE
|
|
type: string
|
|
http1MaxPendingRequests:
|
|
description: Maximum number of pending HTTP
|
|
requests to a destination.
|
|
format: int32
|
|
type: integer
|
|
http2MaxRequests:
|
|
description: Maximum number of requests to
|
|
a backend.
|
|
format: int32
|
|
type: integer
|
|
idleTimeout:
|
|
description: The idle timeout for upstream
|
|
connection pool connections.
|
|
type: string
|
|
maxRequestsPerConnection:
|
|
description: Maximum number of requests per
|
|
connection to a backend.
|
|
format: int32
|
|
type: integer
|
|
maxRetries:
|
|
format: int32
|
|
type: integer
|
|
useClientProtocol:
|
|
description: If set to true, client protocol
|
|
will be preserved while initiating connection
|
|
to backend.
|
|
type: boolean
|
|
type: object
|
|
tcp:
|
|
description: Settings common to both HTTP and
|
|
TCP upstream connections.
|
|
properties:
|
|
connectTimeout:
|
|
description: TCP connection timeout.
|
|
type: string
|
|
maxConnections:
|
|
description: Maximum number of HTTP1 /TCP
|
|
connections to a destination host.
|
|
format: int32
|
|
type: integer
|
|
tcpKeepalive:
|
|
description: If set then set SO_KEEPALIVE
|
|
on the socket to enable TCP Keepalives.
|
|
properties:
|
|
interval:
|
|
description: The time duration between
|
|
keep-alive probes.
|
|
type: string
|
|
probes:
|
|
type: integer
|
|
time:
|
|
type: string
|
|
type: object
|
|
type: object
|
|
type: object
|
|
loadBalancer:
|
|
description: Settings controlling the load balancer
|
|
algorithms.
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- simple
|
|
- properties:
|
|
consistentHash:
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- httpHeaderName
|
|
- required:
|
|
- httpCookie
|
|
- required:
|
|
- useSourceIp
|
|
- required:
|
|
- httpQueryParameterName
|
|
- required:
|
|
- httpHeaderName
|
|
- required:
|
|
- httpCookie
|
|
- required:
|
|
- useSourceIp
|
|
- required:
|
|
- httpQueryParameterName
|
|
required:
|
|
- consistentHash
|
|
- required:
|
|
- simple
|
|
- properties:
|
|
consistentHash:
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- httpHeaderName
|
|
- required:
|
|
- httpCookie
|
|
- required:
|
|
- useSourceIp
|
|
- required:
|
|
- httpQueryParameterName
|
|
- required:
|
|
- httpHeaderName
|
|
- required:
|
|
- httpCookie
|
|
- required:
|
|
- useSourceIp
|
|
- required:
|
|
- httpQueryParameterName
|
|
required:
|
|
- consistentHash
|
|
properties:
|
|
consistentHash:
|
|
properties:
|
|
httpCookie:
|
|
description: Hash based on HTTP cookie.
|
|
properties:
|
|
name:
|
|
description: Name of the cookie.
|
|
type: string
|
|
path:
|
|
description: Path to set for the cookie.
|
|
type: string
|
|
ttl:
|
|
description: Lifetime of the cookie.
|
|
type: string
|
|
type: object
|
|
httpHeaderName:
|
|
description: Hash based on a specific HTTP
|
|
header.
|
|
type: string
|
|
httpQueryParameterName:
|
|
description: Hash based on a specific HTTP
|
|
query parameter.
|
|
type: string
|
|
minimumRingSize:
|
|
type: integer
|
|
useSourceIp:
|
|
description: Hash based on the source IP address.
|
|
type: boolean
|
|
type: object
|
|
localityLbSetting:
|
|
properties:
|
|
distribute:
|
|
description: 'Optional: only one of distribute
|
|
or failover can be set.'
|
|
items:
|
|
properties:
|
|
from:
|
|
description: Originating locality, '/'
|
|
separated, e.g.
|
|
type: string
|
|
to:
|
|
additionalProperties:
|
|
type: integer
|
|
description: Map of upstream localities
|
|
to traffic distribution weights.
|
|
type: object
|
|
type: object
|
|
type: array
|
|
enabled:
|
|
description: enable locality load balancing,
|
|
this is DestinationRule-level and will override
|
|
mesh wide settings in entirety.
|
|
nullable: true
|
|
type: boolean
|
|
failover:
|
|
description: 'Optional: only failover or distribute
|
|
can be set.'
|
|
items:
|
|
properties:
|
|
from:
|
|
description: Originating region.
|
|
type: string
|
|
to:
|
|
type: string
|
|
type: object
|
|
type: array
|
|
type: object
|
|
simple:
|
|
enum:
|
|
- ROUND_ROBIN
|
|
- LEAST_CONN
|
|
- RANDOM
|
|
- PASSTHROUGH
|
|
type: string
|
|
type: object
|
|
outlierDetection:
|
|
properties:
|
|
baseEjectionTime:
|
|
description: Minimum ejection duration.
|
|
type: string
|
|
consecutive5xxErrors:
|
|
description: Number of 5xx errors before a host
|
|
is ejected from the connection pool.
|
|
nullable: true
|
|
type: integer
|
|
consecutiveErrors:
|
|
format: int32
|
|
type: integer
|
|
consecutiveGatewayErrors:
|
|
description: Number of gateway errors before a
|
|
host is ejected from the connection pool.
|
|
nullable: true
|
|
type: integer
|
|
consecutiveLocalOriginFailures:
|
|
nullable: true
|
|
type: integer
|
|
interval:
|
|
description: Time interval between ejection sweep
|
|
analysis.
|
|
type: string
|
|
maxEjectionPercent:
|
|
format: int32
|
|
type: integer
|
|
minHealthPercent:
|
|
format: int32
|
|
type: integer
|
|
splitExternalLocalOriginErrors:
|
|
description: Determines whether to distinguish
|
|
local origin failures from external errors.
|
|
type: boolean
|
|
type: object
|
|
port:
|
|
properties:
|
|
number:
|
|
type: integer
|
|
type: object
|
|
tls:
|
|
description: TLS related settings for connections
|
|
to the upstream service.
|
|
properties:
|
|
caCertificates:
|
|
type: string
|
|
clientCertificate:
|
|
description: REQUIRED if mode is `MUTUAL`.
|
|
type: string
|
|
credentialName:
|
|
type: string
|
|
mode:
|
|
enum:
|
|
- DISABLE
|
|
- SIMPLE
|
|
- MUTUAL
|
|
- ISTIO_MUTUAL
|
|
type: string
|
|
privateKey:
|
|
description: REQUIRED if mode is `MUTUAL`.
|
|
type: string
|
|
sni:
|
|
description: SNI string to present to the server
|
|
during TLS handshake.
|
|
type: string
|
|
subjectAltNames:
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
type: object
|
|
type: array
|
|
tls:
|
|
description: TLS related settings for connections to the
|
|
upstream service.
|
|
properties:
|
|
caCertificates:
|
|
type: string
|
|
clientCertificate:
|
|
description: REQUIRED if mode is `MUTUAL`.
|
|
type: string
|
|
credentialName:
|
|
type: string
|
|
mode:
|
|
enum:
|
|
- DISABLE
|
|
- SIMPLE
|
|
- MUTUAL
|
|
- ISTIO_MUTUAL
|
|
type: string
|
|
privateKey:
|
|
description: REQUIRED if mode is `MUTUAL`.
|
|
type: string
|
|
sni:
|
|
description: SNI string to present to the server during
|
|
TLS handshake.
|
|
type: string
|
|
subjectAltNames:
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
type: object
|
|
type: object
|
|
type: array
|
|
trafficPolicy:
|
|
properties:
|
|
connectionPool:
|
|
properties:
|
|
http:
|
|
description: HTTP connection pool settings.
|
|
properties:
|
|
h2UpgradePolicy:
|
|
description: Specify if http1.1 connection should be upgraded
|
|
to http2 for the associated destination.
|
|
enum:
|
|
- DEFAULT
|
|
- DO_NOT_UPGRADE
|
|
- UPGRADE
|
|
type: string
|
|
http1MaxPendingRequests:
|
|
description: Maximum number of pending HTTP requests to
|
|
a destination.
|
|
format: int32
|
|
type: integer
|
|
http2MaxRequests:
|
|
description: Maximum number of requests to a backend.
|
|
format: int32
|
|
type: integer
|
|
idleTimeout:
|
|
description: The idle timeout for upstream connection
|
|
pool connections.
|
|
type: string
|
|
maxRequestsPerConnection:
|
|
description: Maximum number of requests per connection
|
|
to a backend.
|
|
format: int32
|
|
type: integer
|
|
maxRetries:
|
|
format: int32
|
|
type: integer
|
|
useClientProtocol:
|
|
description: If set to true, client protocol will be preserved
|
|
while initiating connection to backend.
|
|
type: boolean
|
|
type: object
|
|
tcp:
|
|
description: Settings common to both HTTP and TCP upstream
|
|
connections.
|
|
properties:
|
|
connectTimeout:
|
|
description: TCP connection timeout.
|
|
type: string
|
|
maxConnections:
|
|
description: Maximum number of HTTP1 /TCP connections
|
|
to a destination host.
|
|
format: int32
|
|
type: integer
|
|
tcpKeepalive:
|
|
description: If set then set SO_KEEPALIVE on the socket
|
|
to enable TCP Keepalives.
|
|
properties:
|
|
interval:
|
|
description: The time duration between keep-alive
|
|
probes.
|
|
type: string
|
|
probes:
|
|
type: integer
|
|
time:
|
|
type: string
|
|
type: object
|
|
type: object
|
|
type: object
|
|
loadBalancer:
|
|
description: Settings controlling the load balancer algorithms.
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- simple
|
|
- properties:
|
|
consistentHash:
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- httpHeaderName
|
|
- required:
|
|
- httpCookie
|
|
- required:
|
|
- useSourceIp
|
|
- required:
|
|
- httpQueryParameterName
|
|
- required:
|
|
- httpHeaderName
|
|
- required:
|
|
- httpCookie
|
|
- required:
|
|
- useSourceIp
|
|
- required:
|
|
- httpQueryParameterName
|
|
required:
|
|
- consistentHash
|
|
- required:
|
|
- simple
|
|
- properties:
|
|
consistentHash:
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- httpHeaderName
|
|
- required:
|
|
- httpCookie
|
|
- required:
|
|
- useSourceIp
|
|
- required:
|
|
- httpQueryParameterName
|
|
- required:
|
|
- httpHeaderName
|
|
- required:
|
|
- httpCookie
|
|
- required:
|
|
- useSourceIp
|
|
- required:
|
|
- httpQueryParameterName
|
|
required:
|
|
- consistentHash
|
|
properties:
|
|
consistentHash:
|
|
properties:
|
|
httpCookie:
|
|
description: Hash based on HTTP cookie.
|
|
properties:
|
|
name:
|
|
description: Name of the cookie.
|
|
type: string
|
|
path:
|
|
description: Path to set for the cookie.
|
|
type: string
|
|
ttl:
|
|
description: Lifetime of the cookie.
|
|
type: string
|
|
type: object
|
|
httpHeaderName:
|
|
description: Hash based on a specific HTTP header.
|
|
type: string
|
|
httpQueryParameterName:
|
|
description: Hash based on a specific HTTP query parameter.
|
|
type: string
|
|
minimumRingSize:
|
|
type: integer
|
|
useSourceIp:
|
|
description: Hash based on the source IP address.
|
|
type: boolean
|
|
type: object
|
|
localityLbSetting:
|
|
properties:
|
|
distribute:
|
|
description: 'Optional: only one of distribute or failover
|
|
can be set.'
|
|
items:
|
|
properties:
|
|
from:
|
|
description: Originating locality, '/' separated,
|
|
e.g.
|
|
type: string
|
|
to:
|
|
additionalProperties:
|
|
type: integer
|
|
description: Map of upstream localities to traffic
|
|
distribution weights.
|
|
type: object
|
|
type: object
|
|
type: array
|
|
enabled:
|
|
description: enable locality load balancing, this is DestinationRule-level
|
|
and will override mesh wide settings in entirety.
|
|
nullable: true
|
|
type: boolean
|
|
failover:
|
|
description: 'Optional: only failover or distribute can
|
|
be set.'
|
|
items:
|
|
properties:
|
|
from:
|
|
description: Originating region.
|
|
type: string
|
|
to:
|
|
type: string
|
|
type: object
|
|
type: array
|
|
type: object
|
|
simple:
|
|
enum:
|
|
- ROUND_ROBIN
|
|
- LEAST_CONN
|
|
- RANDOM
|
|
- PASSTHROUGH
|
|
type: string
|
|
type: object
|
|
outlierDetection:
|
|
properties:
|
|
baseEjectionTime:
|
|
description: Minimum ejection duration.
|
|
type: string
|
|
consecutive5xxErrors:
|
|
description: Number of 5xx errors before a host is ejected
|
|
from the connection pool.
|
|
nullable: true
|
|
type: integer
|
|
consecutiveErrors:
|
|
format: int32
|
|
type: integer
|
|
consecutiveGatewayErrors:
|
|
description: Number of gateway errors before a host is ejected
|
|
from the connection pool.
|
|
nullable: true
|
|
type: integer
|
|
consecutiveLocalOriginFailures:
|
|
nullable: true
|
|
type: integer
|
|
interval:
|
|
description: Time interval between ejection sweep analysis.
|
|
type: string
|
|
maxEjectionPercent:
|
|
format: int32
|
|
type: integer
|
|
minHealthPercent:
|
|
format: int32
|
|
type: integer
|
|
splitExternalLocalOriginErrors:
|
|
description: Determines whether to distinguish local origin
|
|
failures from external errors.
|
|
type: boolean
|
|
type: object
|
|
portLevelSettings:
|
|
description: Traffic policies specific to individual ports.
|
|
items:
|
|
properties:
|
|
connectionPool:
|
|
properties:
|
|
http:
|
|
description: HTTP connection pool settings.
|
|
properties:
|
|
h2UpgradePolicy:
|
|
description: Specify if http1.1 connection should
|
|
be upgraded to http2 for the associated destination.
|
|
enum:
|
|
- DEFAULT
|
|
- DO_NOT_UPGRADE
|
|
- UPGRADE
|
|
type: string
|
|
http1MaxPendingRequests:
|
|
description: Maximum number of pending HTTP requests
|
|
to a destination.
|
|
format: int32
|
|
type: integer
|
|
http2MaxRequests:
|
|
description: Maximum number of requests to a backend.
|
|
format: int32
|
|
type: integer
|
|
idleTimeout:
|
|
description: The idle timeout for upstream connection
|
|
pool connections.
|
|
type: string
|
|
maxRequestsPerConnection:
|
|
description: Maximum number of requests per connection
|
|
to a backend.
|
|
format: int32
|
|
type: integer
|
|
maxRetries:
|
|
format: int32
|
|
type: integer
|
|
useClientProtocol:
|
|
description: If set to true, client protocol will
|
|
be preserved while initiating connection to backend.
|
|
type: boolean
|
|
type: object
|
|
tcp:
|
|
description: Settings common to both HTTP and TCP upstream
|
|
connections.
|
|
properties:
|
|
connectTimeout:
|
|
description: TCP connection timeout.
|
|
type: string
|
|
maxConnections:
|
|
description: Maximum number of HTTP1 /TCP connections
|
|
to a destination host.
|
|
format: int32
|
|
type: integer
|
|
tcpKeepalive:
|
|
description: If set then set SO_KEEPALIVE on the
|
|
socket to enable TCP Keepalives.
|
|
properties:
|
|
interval:
|
|
description: The time duration between keep-alive
|
|
probes.
|
|
type: string
|
|
probes:
|
|
type: integer
|
|
time:
|
|
type: string
|
|
type: object
|
|
type: object
|
|
type: object
|
|
loadBalancer:
|
|
description: Settings controlling the load balancer algorithms.
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- simple
|
|
- properties:
|
|
consistentHash:
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- httpHeaderName
|
|
- required:
|
|
- httpCookie
|
|
- required:
|
|
- useSourceIp
|
|
- required:
|
|
- httpQueryParameterName
|
|
- required:
|
|
- httpHeaderName
|
|
- required:
|
|
- httpCookie
|
|
- required:
|
|
- useSourceIp
|
|
- required:
|
|
- httpQueryParameterName
|
|
required:
|
|
- consistentHash
|
|
- required:
|
|
- simple
|
|
- properties:
|
|
consistentHash:
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- httpHeaderName
|
|
- required:
|
|
- httpCookie
|
|
- required:
|
|
- useSourceIp
|
|
- required:
|
|
- httpQueryParameterName
|
|
- required:
|
|
- httpHeaderName
|
|
- required:
|
|
- httpCookie
|
|
- required:
|
|
- useSourceIp
|
|
- required:
|
|
- httpQueryParameterName
|
|
required:
|
|
- consistentHash
|
|
properties:
|
|
consistentHash:
|
|
properties:
|
|
httpCookie:
|
|
description: Hash based on HTTP cookie.
|
|
properties:
|
|
name:
|
|
description: Name of the cookie.
|
|
type: string
|
|
path:
|
|
description: Path to set for the cookie.
|
|
type: string
|
|
ttl:
|
|
description: Lifetime of the cookie.
|
|
type: string
|
|
type: object
|
|
httpHeaderName:
|
|
description: Hash based on a specific HTTP header.
|
|
type: string
|
|
httpQueryParameterName:
|
|
description: Hash based on a specific HTTP query
|
|
parameter.
|
|
type: string
|
|
minimumRingSize:
|
|
type: integer
|
|
useSourceIp:
|
|
description: Hash based on the source IP address.
|
|
type: boolean
|
|
type: object
|
|
localityLbSetting:
|
|
properties:
|
|
distribute:
|
|
description: 'Optional: only one of distribute or
|
|
failover can be set.'
|
|
items:
|
|
properties:
|
|
from:
|
|
description: Originating locality, '/' separated,
|
|
e.g.
|
|
type: string
|
|
to:
|
|
additionalProperties:
|
|
type: integer
|
|
description: Map of upstream localities to
|
|
traffic distribution weights.
|
|
type: object
|
|
type: object
|
|
type: array
|
|
enabled:
|
|
description: enable locality load balancing, this
|
|
is DestinationRule-level and will override mesh
|
|
wide settings in entirety.
|
|
nullable: true
|
|
type: boolean
|
|
failover:
|
|
description: 'Optional: only failover or distribute
|
|
can be set.'
|
|
items:
|
|
properties:
|
|
from:
|
|
description: Originating region.
|
|
type: string
|
|
to:
|
|
type: string
|
|
type: object
|
|
type: array
|
|
type: object
|
|
simple:
|
|
enum:
|
|
- ROUND_ROBIN
|
|
- LEAST_CONN
|
|
- RANDOM
|
|
- PASSTHROUGH
|
|
type: string
|
|
type: object
|
|
outlierDetection:
|
|
properties:
|
|
baseEjectionTime:
|
|
description: Minimum ejection duration.
|
|
type: string
|
|
consecutive5xxErrors:
|
|
description: Number of 5xx errors before a host is ejected
|
|
from the connection pool.
|
|
nullable: true
|
|
type: integer
|
|
consecutiveErrors:
|
|
format: int32
|
|
type: integer
|
|
consecutiveGatewayErrors:
|
|
description: Number of gateway errors before a host
|
|
is ejected from the connection pool.
|
|
nullable: true
|
|
type: integer
|
|
consecutiveLocalOriginFailures:
|
|
nullable: true
|
|
type: integer
|
|
interval:
|
|
description: Time interval between ejection sweep analysis.
|
|
type: string
|
|
maxEjectionPercent:
|
|
format: int32
|
|
type: integer
|
|
minHealthPercent:
|
|
format: int32
|
|
type: integer
|
|
splitExternalLocalOriginErrors:
|
|
description: Determines whether to distinguish local
|
|
origin failures from external errors.
|
|
type: boolean
|
|
type: object
|
|
port:
|
|
properties:
|
|
number:
|
|
type: integer
|
|
type: object
|
|
tls:
|
|
description: TLS related settings for connections to the
|
|
upstream service.
|
|
properties:
|
|
caCertificates:
|
|
type: string
|
|
clientCertificate:
|
|
description: REQUIRED if mode is `MUTUAL`.
|
|
type: string
|
|
credentialName:
|
|
type: string
|
|
mode:
|
|
enum:
|
|
- DISABLE
|
|
- SIMPLE
|
|
- MUTUAL
|
|
- ISTIO_MUTUAL
|
|
type: string
|
|
privateKey:
|
|
description: REQUIRED if mode is `MUTUAL`.
|
|
type: string
|
|
sni:
|
|
description: SNI string to present to the server during
|
|
TLS handshake.
|
|
type: string
|
|
subjectAltNames:
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
type: object
|
|
type: array
|
|
tls:
|
|
description: TLS related settings for connections to the upstream
|
|
service.
|
|
properties:
|
|
caCertificates:
|
|
type: string
|
|
clientCertificate:
|
|
description: REQUIRED if mode is `MUTUAL`.
|
|
type: string
|
|
credentialName:
|
|
type: string
|
|
mode:
|
|
enum:
|
|
- DISABLE
|
|
- SIMPLE
|
|
- MUTUAL
|
|
- ISTIO_MUTUAL
|
|
type: string
|
|
privateKey:
|
|
description: REQUIRED if mode is `MUTUAL`.
|
|
type: string
|
|
sni:
|
|
description: SNI string to present to the server during TLS
|
|
handshake.
|
|
type: string
|
|
subjectAltNames:
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
type: object
|
|
type: object
|
|
status:
|
|
type: object
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
type: object
|
|
served: true
|
|
storage: false
|
|
subresources:
|
|
status: {}
|
|
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
"helm.sh/resource-policy": keep
|
|
labels:
|
|
app: istio-pilot
|
|
chart: istio
|
|
heritage: Tiller
|
|
release: istio
|
|
name: envoyfilters.networking.istio.io
|
|
spec:
|
|
group: networking.istio.io
|
|
names:
|
|
categories:
|
|
- istio-io
|
|
- networking-istio-io
|
|
kind: EnvoyFilter
|
|
listKind: EnvoyFilterList
|
|
plural: envoyfilters
|
|
singular: envoyfilter
|
|
scope: Namespaced
|
|
versions:
|
|
- name: v1alpha3
|
|
schema:
|
|
openAPIV3Schema:
|
|
properties:
|
|
spec:
|
|
description: 'Customizing Envoy configuration generated by Istio. See
|
|
more details at: https://istio.io/docs/reference/config/networking/envoy-filter.html'
|
|
properties:
|
|
configPatches:
|
|
description: One or more patches with match conditions.
|
|
items:
|
|
properties:
|
|
applyTo:
|
|
enum:
|
|
- INVALID
|
|
- LISTENER
|
|
- FILTER_CHAIN
|
|
- NETWORK_FILTER
|
|
- HTTP_FILTER
|
|
- ROUTE_CONFIGURATION
|
|
- VIRTUAL_HOST
|
|
- HTTP_ROUTE
|
|
- CLUSTER
|
|
- EXTENSION_CONFIG
|
|
- BOOTSTRAP
|
|
type: string
|
|
match:
|
|
description: Match on listener/route configuration/cluster.
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- listener
|
|
- required:
|
|
- routeConfiguration
|
|
- required:
|
|
- cluster
|
|
- required:
|
|
- listener
|
|
- required:
|
|
- routeConfiguration
|
|
- required:
|
|
- cluster
|
|
properties:
|
|
cluster:
|
|
description: Match on envoy cluster attributes.
|
|
properties:
|
|
name:
|
|
description: The exact name of the cluster to match.
|
|
type: string
|
|
portNumber:
|
|
description: The service port for which this cluster
|
|
was generated.
|
|
type: integer
|
|
service:
|
|
description: The fully qualified service name for this
|
|
cluster.
|
|
type: string
|
|
subset:
|
|
description: The subset associated with the service.
|
|
type: string
|
|
type: object
|
|
context:
|
|
description: The specific config generation context to match
|
|
on.
|
|
enum:
|
|
- ANY
|
|
- SIDECAR_INBOUND
|
|
- SIDECAR_OUTBOUND
|
|
- GATEWAY
|
|
type: string
|
|
listener:
|
|
description: Match on envoy listener attributes.
|
|
properties:
|
|
filterChain:
|
|
description: Match a specific filter chain in a listener.
|
|
properties:
|
|
applicationProtocols:
|
|
description: Applies only to sidecars.
|
|
type: string
|
|
destinationPort:
|
|
description: The destination_port value used by
|
|
a filter chain's match condition.
|
|
type: integer
|
|
filter:
|
|
description: The name of a specific filter to apply
|
|
the patch to.
|
|
properties:
|
|
name:
|
|
description: The filter name to match on.
|
|
type: string
|
|
subFilter:
|
|
properties:
|
|
name:
|
|
description: The filter name to match on.
|
|
type: string
|
|
type: object
|
|
type: object
|
|
name:
|
|
description: The name assigned to the filter chain.
|
|
type: string
|
|
sni:
|
|
description: The SNI value used by a filter chain's
|
|
match condition.
|
|
type: string
|
|
transportProtocol:
|
|
description: Applies only to `SIDECAR_INBOUND` context.
|
|
type: string
|
|
type: object
|
|
name:
|
|
description: Match a specific listener by its name.
|
|
type: string
|
|
portName:
|
|
type: string
|
|
portNumber:
|
|
type: integer
|
|
type: object
|
|
proxy:
|
|
description: Match on properties associated with a proxy.
|
|
properties:
|
|
metadata:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
proxyVersion:
|
|
type: string
|
|
type: object
|
|
routeConfiguration:
|
|
description: Match on envoy HTTP route configuration attributes.
|
|
properties:
|
|
gateway:
|
|
type: string
|
|
name:
|
|
description: Route configuration name to match on.
|
|
type: string
|
|
portName:
|
|
description: Applicable only for GATEWAY context.
|
|
type: string
|
|
portNumber:
|
|
type: integer
|
|
vhost:
|
|
properties:
|
|
name:
|
|
type: string
|
|
route:
|
|
description: Match a specific route within the virtual
|
|
host.
|
|
properties:
|
|
action:
|
|
description: Match a route with specific action
|
|
type.
|
|
enum:
|
|
- ANY
|
|
- ROUTE
|
|
- REDIRECT
|
|
- DIRECT_RESPONSE
|
|
type: string
|
|
name:
|
|
type: string
|
|
type: object
|
|
type: object
|
|
type: object
|
|
type: object
|
|
patch:
|
|
description: The patch to apply along with the operation.
|
|
properties:
|
|
filterClass:
|
|
description: Determines the filter insertion order.
|
|
enum:
|
|
- UNSPECIFIED
|
|
- AUTHN
|
|
- AUTHZ
|
|
- STATS
|
|
type: string
|
|
operation:
|
|
description: Determines how the patch should be applied.
|
|
enum:
|
|
- INVALID
|
|
- MERGE
|
|
- ADD
|
|
- REMOVE
|
|
- INSERT_BEFORE
|
|
- INSERT_AFTER
|
|
- INSERT_FIRST
|
|
- REPLACE
|
|
type: string
|
|
value:
|
|
description: The JSON config of the object being patched.
|
|
type: object
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
type: object
|
|
type: object
|
|
type: array
|
|
priority:
|
|
description: Priority defines the order in which patch sets are applied
|
|
within a context.
|
|
format: int32
|
|
type: integer
|
|
workloadSelector:
|
|
properties:
|
|
labels:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
type: object
|
|
type: object
|
|
status:
|
|
type: object
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
"helm.sh/resource-policy": keep
|
|
labels:
|
|
app: istio-pilot
|
|
chart: istio
|
|
heritage: Tiller
|
|
release: istio
|
|
name: gateways.networking.istio.io
|
|
spec:
|
|
group: networking.istio.io
|
|
names:
|
|
categories:
|
|
- istio-io
|
|
- networking-istio-io
|
|
kind: Gateway
|
|
listKind: GatewayList
|
|
plural: gateways
|
|
shortNames:
|
|
- gw
|
|
singular: gateway
|
|
scope: Namespaced
|
|
versions:
|
|
- name: v1alpha3
|
|
schema:
|
|
openAPIV3Schema:
|
|
properties:
|
|
spec:
|
|
description: 'Configuration affecting edge load balancer. See more details
|
|
at: https://istio.io/docs/reference/config/networking/gateway.html'
|
|
properties:
|
|
selector:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
servers:
|
|
description: A list of server specifications.
|
|
items:
|
|
properties:
|
|
bind:
|
|
type: string
|
|
defaultEndpoint:
|
|
type: string
|
|
hosts:
|
|
description: One or more hosts exposed by this gateway.
|
|
items:
|
|
type: string
|
|
type: array
|
|
name:
|
|
description: An optional name of the server, when set must be
|
|
unique across all servers.
|
|
type: string
|
|
port:
|
|
properties:
|
|
name:
|
|
description: Label assigned to the port.
|
|
type: string
|
|
number:
|
|
description: A valid non-negative integer port number.
|
|
type: integer
|
|
protocol:
|
|
description: The protocol exposed on the port.
|
|
type: string
|
|
targetPort:
|
|
type: integer
|
|
type: object
|
|
tls:
|
|
description: Set of TLS related options that govern the server's
|
|
behavior.
|
|
properties:
|
|
caCertificates:
|
|
description: REQUIRED if mode is `MUTUAL`.
|
|
type: string
|
|
cipherSuites:
|
|
description: 'Optional: If specified, only support the specified
|
|
cipher list.'
|
|
items:
|
|
type: string
|
|
type: array
|
|
credentialName:
|
|
type: string
|
|
httpsRedirect:
|
|
type: boolean
|
|
maxProtocolVersion:
|
|
description: 'Optional: Maximum TLS protocol version.'
|
|
enum:
|
|
- TLS_AUTO
|
|
- TLSV1_0
|
|
- TLSV1_1
|
|
- TLSV1_2
|
|
- TLSV1_3
|
|
type: string
|
|
minProtocolVersion:
|
|
description: 'Optional: Minimum TLS protocol version.'
|
|
enum:
|
|
- TLS_AUTO
|
|
- TLSV1_0
|
|
- TLSV1_1
|
|
- TLSV1_2
|
|
- TLSV1_3
|
|
type: string
|
|
mode:
|
|
enum:
|
|
- PASSTHROUGH
|
|
- SIMPLE
|
|
- MUTUAL
|
|
- AUTO_PASSTHROUGH
|
|
- ISTIO_MUTUAL
|
|
type: string
|
|
privateKey:
|
|
description: REQUIRED if mode is `SIMPLE` or `MUTUAL`.
|
|
type: string
|
|
serverCertificate:
|
|
description: REQUIRED if mode is `SIMPLE` or `MUTUAL`.
|
|
type: string
|
|
subjectAltNames:
|
|
items:
|
|
type: string
|
|
type: array
|
|
verifyCertificateHash:
|
|
items:
|
|
type: string
|
|
type: array
|
|
verifyCertificateSpki:
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
type: object
|
|
type: array
|
|
type: object
|
|
status:
|
|
type: object
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
- name: v1beta1
|
|
schema:
|
|
openAPIV3Schema:
|
|
properties:
|
|
spec:
|
|
description: 'Configuration affecting edge load balancer. See more details
|
|
at: https://istio.io/docs/reference/config/networking/gateway.html'
|
|
properties:
|
|
selector:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
servers:
|
|
description: A list of server specifications.
|
|
items:
|
|
properties:
|
|
bind:
|
|
type: string
|
|
defaultEndpoint:
|
|
type: string
|
|
hosts:
|
|
description: One or more hosts exposed by this gateway.
|
|
items:
|
|
type: string
|
|
type: array
|
|
name:
|
|
description: An optional name of the server, when set must be
|
|
unique across all servers.
|
|
type: string
|
|
port:
|
|
properties:
|
|
name:
|
|
description: Label assigned to the port.
|
|
type: string
|
|
number:
|
|
description: A valid non-negative integer port number.
|
|
type: integer
|
|
protocol:
|
|
description: The protocol exposed on the port.
|
|
type: string
|
|
targetPort:
|
|
type: integer
|
|
type: object
|
|
tls:
|
|
description: Set of TLS related options that govern the server's
|
|
behavior.
|
|
properties:
|
|
caCertificates:
|
|
description: REQUIRED if mode is `MUTUAL`.
|
|
type: string
|
|
cipherSuites:
|
|
description: 'Optional: If specified, only support the specified
|
|
cipher list.'
|
|
items:
|
|
type: string
|
|
type: array
|
|
credentialName:
|
|
type: string
|
|
httpsRedirect:
|
|
type: boolean
|
|
maxProtocolVersion:
|
|
description: 'Optional: Maximum TLS protocol version.'
|
|
enum:
|
|
- TLS_AUTO
|
|
- TLSV1_0
|
|
- TLSV1_1
|
|
- TLSV1_2
|
|
- TLSV1_3
|
|
type: string
|
|
minProtocolVersion:
|
|
description: 'Optional: Minimum TLS protocol version.'
|
|
enum:
|
|
- TLS_AUTO
|
|
- TLSV1_0
|
|
- TLSV1_1
|
|
- TLSV1_2
|
|
- TLSV1_3
|
|
type: string
|
|
mode:
|
|
enum:
|
|
- PASSTHROUGH
|
|
- SIMPLE
|
|
- MUTUAL
|
|
- AUTO_PASSTHROUGH
|
|
- ISTIO_MUTUAL
|
|
type: string
|
|
privateKey:
|
|
description: REQUIRED if mode is `SIMPLE` or `MUTUAL`.
|
|
type: string
|
|
serverCertificate:
|
|
description: REQUIRED if mode is `SIMPLE` or `MUTUAL`.
|
|
type: string
|
|
subjectAltNames:
|
|
items:
|
|
type: string
|
|
type: array
|
|
verifyCertificateHash:
|
|
items:
|
|
type: string
|
|
type: array
|
|
verifyCertificateSpki:
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
type: object
|
|
type: array
|
|
type: object
|
|
status:
|
|
type: object
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
type: object
|
|
served: true
|
|
storage: false
|
|
subresources:
|
|
status: {}
|
|
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
"helm.sh/resource-policy": keep
|
|
labels:
|
|
app: istio-pilot
|
|
chart: istio
|
|
heritage: Tiller
|
|
release: istio
|
|
name: serviceentries.networking.istio.io
|
|
spec:
|
|
group: networking.istio.io
|
|
names:
|
|
categories:
|
|
- istio-io
|
|
- networking-istio-io
|
|
kind: ServiceEntry
|
|
listKind: ServiceEntryList
|
|
plural: serviceentries
|
|
shortNames:
|
|
- se
|
|
singular: serviceentry
|
|
scope: Namespaced
|
|
versions:
|
|
- additionalPrinterColumns:
|
|
- description: The hosts associated with the ServiceEntry
|
|
jsonPath: .spec.hosts
|
|
name: Hosts
|
|
type: string
|
|
- description: Whether the service is external to the mesh or part of the mesh
|
|
(MESH_EXTERNAL or MESH_INTERNAL)
|
|
jsonPath: .spec.location
|
|
name: Location
|
|
type: string
|
|
- description: Service discovery mode for the hosts (NONE, STATIC, or DNS)
|
|
jsonPath: .spec.resolution
|
|
name: Resolution
|
|
type: string
|
|
- description: 'CreationTimestamp is a timestamp representing the server time
|
|
when this object was created. It is not guaranteed to be set in happens-before
|
|
order across separate operations. Clients may not set this value. It is represented
|
|
in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
|
|
lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
|
|
jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
name: v1alpha3
|
|
schema:
|
|
openAPIV3Schema:
|
|
properties:
|
|
spec:
|
|
description: 'Configuration affecting service registry. See more details
|
|
at: https://istio.io/docs/reference/config/networking/service-entry.html'
|
|
properties:
|
|
addresses:
|
|
description: The virtual IP addresses associated with the service.
|
|
items:
|
|
type: string
|
|
type: array
|
|
endpoints:
|
|
description: One or more endpoints associated with the service.
|
|
items:
|
|
properties:
|
|
address:
|
|
type: string
|
|
labels:
|
|
additionalProperties:
|
|
type: string
|
|
description: One or more labels associated with the endpoint.
|
|
type: object
|
|
locality:
|
|
description: The locality associated with the endpoint.
|
|
type: string
|
|
network:
|
|
type: string
|
|
ports:
|
|
additionalProperties:
|
|
type: integer
|
|
description: Set of ports associated with the endpoint.
|
|
type: object
|
|
serviceAccount:
|
|
type: string
|
|
weight:
|
|
description: The load balancing weight associated with the endpoint.
|
|
type: integer
|
|
type: object
|
|
type: array
|
|
exportTo:
|
|
description: A list of namespaces to which this service is exported.
|
|
items:
|
|
type: string
|
|
type: array
|
|
hosts:
|
|
description: The hosts associated with the ServiceEntry.
|
|
items:
|
|
type: string
|
|
type: array
|
|
location:
|
|
enum:
|
|
- MESH_EXTERNAL
|
|
- MESH_INTERNAL
|
|
type: string
|
|
ports:
|
|
description: The ports associated with the external service.
|
|
items:
|
|
properties:
|
|
name:
|
|
description: Label assigned to the port.
|
|
type: string
|
|
number:
|
|
description: A valid non-negative integer port number.
|
|
type: integer
|
|
protocol:
|
|
description: The protocol exposed on the port.
|
|
type: string
|
|
targetPort:
|
|
type: integer
|
|
type: object
|
|
type: array
|
|
resolution:
|
|
description: Service discovery mode for the hosts.
|
|
enum:
|
|
- NONE
|
|
- STATIC
|
|
- DNS
|
|
type: string
|
|
subjectAltNames:
|
|
items:
|
|
type: string
|
|
type: array
|
|
workloadSelector:
|
|
description: Applicable only for MESH_INTERNAL services.
|
|
properties:
|
|
labels:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
type: object
|
|
type: object
|
|
status:
|
|
type: object
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
- additionalPrinterColumns:
|
|
- description: The hosts associated with the ServiceEntry
|
|
jsonPath: .spec.hosts
|
|
name: Hosts
|
|
type: string
|
|
- description: Whether the service is external to the mesh or part of the mesh
|
|
(MESH_EXTERNAL or MESH_INTERNAL)
|
|
jsonPath: .spec.location
|
|
name: Location
|
|
type: string
|
|
- description: Service discovery mode for the hosts (NONE, STATIC, or DNS)
|
|
jsonPath: .spec.resolution
|
|
name: Resolution
|
|
type: string
|
|
- description: 'CreationTimestamp is a timestamp representing the server time
|
|
when this object was created. It is not guaranteed to be set in happens-before
|
|
order across separate operations. Clients may not set this value. It is represented
|
|
in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
|
|
lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
|
|
jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
name: v1beta1
|
|
schema:
|
|
openAPIV3Schema:
|
|
properties:
|
|
spec:
|
|
description: 'Configuration affecting service registry. See more details
|
|
at: https://istio.io/docs/reference/config/networking/service-entry.html'
|
|
properties:
|
|
addresses:
|
|
description: The virtual IP addresses associated with the service.
|
|
items:
|
|
type: string
|
|
type: array
|
|
endpoints:
|
|
description: One or more endpoints associated with the service.
|
|
items:
|
|
properties:
|
|
address:
|
|
type: string
|
|
labels:
|
|
additionalProperties:
|
|
type: string
|
|
description: One or more labels associated with the endpoint.
|
|
type: object
|
|
locality:
|
|
description: The locality associated with the endpoint.
|
|
type: string
|
|
network:
|
|
type: string
|
|
ports:
|
|
additionalProperties:
|
|
type: integer
|
|
description: Set of ports associated with the endpoint.
|
|
type: object
|
|
serviceAccount:
|
|
type: string
|
|
weight:
|
|
description: The load balancing weight associated with the endpoint.
|
|
type: integer
|
|
type: object
|
|
type: array
|
|
exportTo:
|
|
description: A list of namespaces to which this service is exported.
|
|
items:
|
|
type: string
|
|
type: array
|
|
hosts:
|
|
description: The hosts associated with the ServiceEntry.
|
|
items:
|
|
type: string
|
|
type: array
|
|
location:
|
|
enum:
|
|
- MESH_EXTERNAL
|
|
- MESH_INTERNAL
|
|
type: string
|
|
ports:
|
|
description: The ports associated with the external service.
|
|
items:
|
|
properties:
|
|
name:
|
|
description: Label assigned to the port.
|
|
type: string
|
|
number:
|
|
description: A valid non-negative integer port number.
|
|
type: integer
|
|
protocol:
|
|
description: The protocol exposed on the port.
|
|
type: string
|
|
targetPort:
|
|
type: integer
|
|
type: object
|
|
type: array
|
|
resolution:
|
|
description: Service discovery mode for the hosts.
|
|
enum:
|
|
- NONE
|
|
- STATIC
|
|
- DNS
|
|
type: string
|
|
subjectAltNames:
|
|
items:
|
|
type: string
|
|
type: array
|
|
workloadSelector:
|
|
description: Applicable only for MESH_INTERNAL services.
|
|
properties:
|
|
labels:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
type: object
|
|
type: object
|
|
status:
|
|
type: object
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
type: object
|
|
served: true
|
|
storage: false
|
|
subresources:
|
|
status: {}
|
|
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
"helm.sh/resource-policy": keep
|
|
labels:
|
|
app: istio-pilot
|
|
chart: istio
|
|
heritage: Tiller
|
|
release: istio
|
|
name: sidecars.networking.istio.io
|
|
spec:
|
|
group: networking.istio.io
|
|
names:
|
|
categories:
|
|
- istio-io
|
|
- networking-istio-io
|
|
kind: Sidecar
|
|
listKind: SidecarList
|
|
plural: sidecars
|
|
singular: sidecar
|
|
scope: Namespaced
|
|
versions:
|
|
- name: v1alpha3
|
|
schema:
|
|
openAPIV3Schema:
|
|
properties:
|
|
spec:
|
|
description: 'Configuration affecting network reachability of a sidecar.
|
|
See more details at: https://istio.io/docs/reference/config/networking/sidecar.html'
|
|
properties:
|
|
egress:
|
|
items:
|
|
properties:
|
|
bind:
|
|
type: string
|
|
captureMode:
|
|
enum:
|
|
- DEFAULT
|
|
- IPTABLES
|
|
- NONE
|
|
type: string
|
|
hosts:
|
|
items:
|
|
type: string
|
|
type: array
|
|
port:
|
|
description: The port associated with the listener.
|
|
properties:
|
|
name:
|
|
description: Label assigned to the port.
|
|
type: string
|
|
number:
|
|
description: A valid non-negative integer port number.
|
|
type: integer
|
|
protocol:
|
|
description: The protocol exposed on the port.
|
|
type: string
|
|
targetPort:
|
|
type: integer
|
|
type: object
|
|
type: object
|
|
type: array
|
|
ingress:
|
|
items:
|
|
properties:
|
|
bind:
|
|
description: The IP to which the listener should be bound.
|
|
type: string
|
|
captureMode:
|
|
enum:
|
|
- DEFAULT
|
|
- IPTABLES
|
|
- NONE
|
|
type: string
|
|
defaultEndpoint:
|
|
type: string
|
|
port:
|
|
description: The port associated with the listener.
|
|
properties:
|
|
name:
|
|
description: Label assigned to the port.
|
|
type: string
|
|
number:
|
|
description: A valid non-negative integer port number.
|
|
type: integer
|
|
protocol:
|
|
description: The protocol exposed on the port.
|
|
type: string
|
|
targetPort:
|
|
type: integer
|
|
type: object
|
|
type: object
|
|
type: array
|
|
outboundTrafficPolicy:
|
|
description: Configuration for the outbound traffic policy.
|
|
properties:
|
|
egressProxy:
|
|
properties:
|
|
host:
|
|
description: The name of a service from the service registry.
|
|
type: string
|
|
port:
|
|
description: Specifies the port on the host that is being
|
|
addressed.
|
|
properties:
|
|
number:
|
|
type: integer
|
|
type: object
|
|
subset:
|
|
description: The name of a subset within the service.
|
|
type: string
|
|
type: object
|
|
mode:
|
|
enum:
|
|
- REGISTRY_ONLY
|
|
- ALLOW_ANY
|
|
type: string
|
|
type: object
|
|
workloadSelector:
|
|
properties:
|
|
labels:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
type: object
|
|
type: object
|
|
status:
|
|
type: object
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
- name: v1beta1
|
|
schema:
|
|
openAPIV3Schema:
|
|
properties:
|
|
spec:
|
|
description: 'Configuration affecting network reachability of a sidecar.
|
|
See more details at: https://istio.io/docs/reference/config/networking/sidecar.html'
|
|
properties:
|
|
egress:
|
|
items:
|
|
properties:
|
|
bind:
|
|
type: string
|
|
captureMode:
|
|
enum:
|
|
- DEFAULT
|
|
- IPTABLES
|
|
- NONE
|
|
type: string
|
|
hosts:
|
|
items:
|
|
type: string
|
|
type: array
|
|
port:
|
|
description: The port associated with the listener.
|
|
properties:
|
|
name:
|
|
description: Label assigned to the port.
|
|
type: string
|
|
number:
|
|
description: A valid non-negative integer port number.
|
|
type: integer
|
|
protocol:
|
|
description: The protocol exposed on the port.
|
|
type: string
|
|
targetPort:
|
|
type: integer
|
|
type: object
|
|
type: object
|
|
type: array
|
|
ingress:
|
|
items:
|
|
properties:
|
|
bind:
|
|
description: The IP to which the listener should be bound.
|
|
type: string
|
|
captureMode:
|
|
enum:
|
|
- DEFAULT
|
|
- IPTABLES
|
|
- NONE
|
|
type: string
|
|
defaultEndpoint:
|
|
type: string
|
|
port:
|
|
description: The port associated with the listener.
|
|
properties:
|
|
name:
|
|
description: Label assigned to the port.
|
|
type: string
|
|
number:
|
|
description: A valid non-negative integer port number.
|
|
type: integer
|
|
protocol:
|
|
description: The protocol exposed on the port.
|
|
type: string
|
|
targetPort:
|
|
type: integer
|
|
type: object
|
|
type: object
|
|
type: array
|
|
outboundTrafficPolicy:
|
|
description: Configuration for the outbound traffic policy.
|
|
properties:
|
|
egressProxy:
|
|
properties:
|
|
host:
|
|
description: The name of a service from the service registry.
|
|
type: string
|
|
port:
|
|
description: Specifies the port on the host that is being
|
|
addressed.
|
|
properties:
|
|
number:
|
|
type: integer
|
|
type: object
|
|
subset:
|
|
description: The name of a subset within the service.
|
|
type: string
|
|
type: object
|
|
mode:
|
|
enum:
|
|
- REGISTRY_ONLY
|
|
- ALLOW_ANY
|
|
type: string
|
|
type: object
|
|
workloadSelector:
|
|
properties:
|
|
labels:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
type: object
|
|
type: object
|
|
status:
|
|
type: object
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
type: object
|
|
served: true
|
|
storage: false
|
|
subresources:
|
|
status: {}
|
|
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
"helm.sh/resource-policy": keep
|
|
labels:
|
|
app: istio-pilot
|
|
chart: istio
|
|
heritage: Tiller
|
|
release: istio
|
|
name: virtualservices.networking.istio.io
|
|
spec:
|
|
group: networking.istio.io
|
|
names:
|
|
categories:
|
|
- istio-io
|
|
- networking-istio-io
|
|
kind: VirtualService
|
|
listKind: VirtualServiceList
|
|
plural: virtualservices
|
|
shortNames:
|
|
- vs
|
|
singular: virtualservice
|
|
scope: Namespaced
|
|
versions:
|
|
- additionalPrinterColumns:
|
|
- description: The names of gateways and sidecars that should apply these routes
|
|
jsonPath: .spec.gateways
|
|
name: Gateways
|
|
type: string
|
|
- description: The destination hosts to which traffic is being sent
|
|
jsonPath: .spec.hosts
|
|
name: Hosts
|
|
type: string
|
|
- description: 'CreationTimestamp is a timestamp representing the server time
|
|
when this object was created. It is not guaranteed to be set in happens-before
|
|
order across separate operations. Clients may not set this value. It is represented
|
|
in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
|
|
lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
|
|
jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
name: v1alpha3
|
|
schema:
|
|
openAPIV3Schema:
|
|
properties:
|
|
spec:
|
|
description: 'Configuration affecting label/content routing, sni routing,
|
|
etc. See more details at: https://istio.io/docs/reference/config/networking/virtual-service.html'
|
|
properties:
|
|
exportTo:
|
|
description: A list of namespaces to which this virtual service is
|
|
exported.
|
|
items:
|
|
type: string
|
|
type: array
|
|
gateways:
|
|
description: The names of gateways and sidecars that should apply
|
|
these routes.
|
|
items:
|
|
type: string
|
|
type: array
|
|
hosts:
|
|
description: The destination hosts to which traffic is being sent.
|
|
items:
|
|
type: string
|
|
type: array
|
|
http:
|
|
description: An ordered list of route rules for HTTP traffic.
|
|
items:
|
|
properties:
|
|
corsPolicy:
|
|
description: Cross-Origin Resource Sharing policy (CORS).
|
|
properties:
|
|
allowCredentials:
|
|
nullable: true
|
|
type: boolean
|
|
allowHeaders:
|
|
items:
|
|
type: string
|
|
type: array
|
|
allowMethods:
|
|
description: List of HTTP methods allowed to access the
|
|
resource.
|
|
items:
|
|
type: string
|
|
type: array
|
|
allowOrigin:
|
|
description: The list of origins that are allowed to perform
|
|
CORS requests.
|
|
items:
|
|
type: string
|
|
type: array
|
|
allowOrigins:
|
|
description: String patterns that match allowed origins.
|
|
items:
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- exact
|
|
- required:
|
|
- prefix
|
|
- required:
|
|
- regex
|
|
- required:
|
|
- exact
|
|
- required:
|
|
- prefix
|
|
- required:
|
|
- regex
|
|
properties:
|
|
exact:
|
|
type: string
|
|
prefix:
|
|
type: string
|
|
regex:
|
|
description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
|
|
type: string
|
|
type: object
|
|
type: array
|
|
exposeHeaders:
|
|
items:
|
|
type: string
|
|
type: array
|
|
maxAge:
|
|
type: string
|
|
type: object
|
|
delegate:
|
|
properties:
|
|
name:
|
|
description: Name specifies the name of the delegate VirtualService.
|
|
type: string
|
|
namespace:
|
|
description: Namespace specifies the namespace where the
|
|
delegate VirtualService resides.
|
|
type: string
|
|
type: object
|
|
fault:
|
|
description: Fault injection policy to apply on HTTP traffic
|
|
at the client side.
|
|
properties:
|
|
abort:
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- httpStatus
|
|
- required:
|
|
- grpcStatus
|
|
- required:
|
|
- http2Error
|
|
- required:
|
|
- httpStatus
|
|
- required:
|
|
- grpcStatus
|
|
- required:
|
|
- http2Error
|
|
properties:
|
|
grpcStatus:
|
|
type: string
|
|
http2Error:
|
|
type: string
|
|
httpStatus:
|
|
description: HTTP status code to use to abort the Http
|
|
request.
|
|
format: int32
|
|
type: integer
|
|
percentage:
|
|
description: Percentage of requests to be aborted with
|
|
the error code provided.
|
|
properties:
|
|
value:
|
|
format: double
|
|
type: number
|
|
type: object
|
|
type: object
|
|
delay:
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- fixedDelay
|
|
- required:
|
|
- exponentialDelay
|
|
- required:
|
|
- fixedDelay
|
|
- required:
|
|
- exponentialDelay
|
|
properties:
|
|
exponentialDelay:
|
|
type: string
|
|
fixedDelay:
|
|
description: Add a fixed delay before forwarding the
|
|
request.
|
|
type: string
|
|
percent:
|
|
description: Percentage of requests on which the delay
|
|
will be injected (0-100).
|
|
format: int32
|
|
type: integer
|
|
percentage:
|
|
description: Percentage of requests on which the delay
|
|
will be injected.
|
|
properties:
|
|
value:
|
|
format: double
|
|
type: number
|
|
type: object
|
|
type: object
|
|
type: object
|
|
headers:
|
|
properties:
|
|
request:
|
|
properties:
|
|
add:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
remove:
|
|
items:
|
|
type: string
|
|
type: array
|
|
set:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
type: object
|
|
response:
|
|
properties:
|
|
add:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
remove:
|
|
items:
|
|
type: string
|
|
type: array
|
|
set:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
type: object
|
|
type: object
|
|
match:
|
|
items:
|
|
properties:
|
|
authority:
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- exact
|
|
- required:
|
|
- prefix
|
|
- required:
|
|
- regex
|
|
- required:
|
|
- exact
|
|
- required:
|
|
- prefix
|
|
- required:
|
|
- regex
|
|
properties:
|
|
exact:
|
|
type: string
|
|
prefix:
|
|
type: string
|
|
regex:
|
|
description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
|
|
type: string
|
|
type: object
|
|
gateways:
|
|
description: Names of gateways where the rule should be
|
|
applied.
|
|
items:
|
|
type: string
|
|
type: array
|
|
headers:
|
|
additionalProperties:
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- exact
|
|
- required:
|
|
- prefix
|
|
- required:
|
|
- regex
|
|
- required:
|
|
- exact
|
|
- required:
|
|
- prefix
|
|
- required:
|
|
- regex
|
|
properties:
|
|
exact:
|
|
type: string
|
|
prefix:
|
|
type: string
|
|
regex:
|
|
description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
|
|
type: string
|
|
type: object
|
|
type: object
|
|
ignoreUriCase:
|
|
description: Flag to specify whether the URI matching
|
|
should be case-insensitive.
|
|
type: boolean
|
|
method:
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- exact
|
|
- required:
|
|
- prefix
|
|
- required:
|
|
- regex
|
|
- required:
|
|
- exact
|
|
- required:
|
|
- prefix
|
|
- required:
|
|
- regex
|
|
properties:
|
|
exact:
|
|
type: string
|
|
prefix:
|
|
type: string
|
|
regex:
|
|
description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
|
|
type: string
|
|
type: object
|
|
name:
|
|
description: The name assigned to a match.
|
|
type: string
|
|
port:
|
|
description: Specifies the ports on the host that is being
|
|
addressed.
|
|
type: integer
|
|
queryParams:
|
|
additionalProperties:
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- exact
|
|
- required:
|
|
- prefix
|
|
- required:
|
|
- regex
|
|
- required:
|
|
- exact
|
|
- required:
|
|
- prefix
|
|
- required:
|
|
- regex
|
|
properties:
|
|
exact:
|
|
type: string
|
|
prefix:
|
|
type: string
|
|
regex:
|
|
description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
|
|
type: string
|
|
type: object
|
|
description: Query parameters for matching.
|
|
type: object
|
|
scheme:
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- exact
|
|
- required:
|
|
- prefix
|
|
- required:
|
|
- regex
|
|
- required:
|
|
- exact
|
|
- required:
|
|
- prefix
|
|
- required:
|
|
- regex
|
|
properties:
|
|
exact:
|
|
type: string
|
|
prefix:
|
|
type: string
|
|
regex:
|
|
description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
|
|
type: string
|
|
type: object
|
|
sourceLabels:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
sourceNamespace:
|
|
description: Source namespace constraining the applicability
|
|
of a rule to workloads in that namespace.
|
|
type: string
|
|
uri:
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- exact
|
|
- required:
|
|
- prefix
|
|
- required:
|
|
- regex
|
|
- required:
|
|
- exact
|
|
- required:
|
|
- prefix
|
|
- required:
|
|
- regex
|
|
properties:
|
|
exact:
|
|
type: string
|
|
prefix:
|
|
type: string
|
|
regex:
|
|
description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
|
|
type: string
|
|
type: object
|
|
withoutHeaders:
|
|
additionalProperties:
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- exact
|
|
- required:
|
|
- prefix
|
|
- required:
|
|
- regex
|
|
- required:
|
|
- exact
|
|
- required:
|
|
- prefix
|
|
- required:
|
|
- regex
|
|
properties:
|
|
exact:
|
|
type: string
|
|
prefix:
|
|
type: string
|
|
regex:
|
|
description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
|
|
type: string
|
|
type: object
|
|
description: withoutHeader has the same syntax with the
|
|
header, but has opposite meaning.
|
|
type: object
|
|
type: object
|
|
type: array
|
|
mirror:
|
|
properties:
|
|
host:
|
|
description: The name of a service from the service registry.
|
|
type: string
|
|
port:
|
|
description: Specifies the port on the host that is being
|
|
addressed.
|
|
properties:
|
|
number:
|
|
type: integer
|
|
type: object
|
|
subset:
|
|
description: The name of a subset within the service.
|
|
type: string
|
|
type: object
|
|
mirror_percent:
|
|
description: Percentage of the traffic to be mirrored by the
|
|
`mirror` field.
|
|
nullable: true
|
|
type: integer
|
|
mirrorPercent:
|
|
description: Percentage of the traffic to be mirrored by the
|
|
`mirror` field.
|
|
nullable: true
|
|
type: integer
|
|
mirrorPercentage:
|
|
description: Percentage of the traffic to be mirrored by the
|
|
`mirror` field.
|
|
properties:
|
|
value:
|
|
format: double
|
|
type: number
|
|
type: object
|
|
name:
|
|
description: The name assigned to the route for debugging purposes.
|
|
type: string
|
|
redirect:
|
|
description: A HTTP rule can either redirect or forward (default)
|
|
traffic.
|
|
properties:
|
|
authority:
|
|
type: string
|
|
redirectCode:
|
|
type: integer
|
|
uri:
|
|
type: string
|
|
type: object
|
|
retries:
|
|
description: Retry policy for HTTP requests.
|
|
properties:
|
|
attempts:
|
|
description: Number of retries to be allowed for a given
|
|
request.
|
|
format: int32
|
|
type: integer
|
|
perTryTimeout:
|
|
description: Timeout per attempt for a given request, including
|
|
the initial call and any retries.
|
|
type: string
|
|
retryOn:
|
|
description: Specifies the conditions under which retry
|
|
takes place.
|
|
type: string
|
|
retryRemoteLocalities:
|
|
description: Flag to specify whether the retries should
|
|
retry to other localities.
|
|
nullable: true
|
|
type: boolean
|
|
type: object
|
|
rewrite:
|
|
description: Rewrite HTTP URIs and Authority headers.
|
|
properties:
|
|
authority:
|
|
description: rewrite the Authority/Host header with this
|
|
value.
|
|
type: string
|
|
uri:
|
|
type: string
|
|
type: object
|
|
route:
|
|
description: A HTTP rule can either redirect or forward (default)
|
|
traffic.
|
|
items:
|
|
properties:
|
|
destination:
|
|
properties:
|
|
host:
|
|
description: The name of a service from the service
|
|
registry.
|
|
type: string
|
|
port:
|
|
description: Specifies the port on the host that is
|
|
being addressed.
|
|
properties:
|
|
number:
|
|
type: integer
|
|
type: object
|
|
subset:
|
|
description: The name of a subset within the service.
|
|
type: string
|
|
type: object
|
|
headers:
|
|
properties:
|
|
request:
|
|
properties:
|
|
add:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
remove:
|
|
items:
|
|
type: string
|
|
type: array
|
|
set:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
type: object
|
|
response:
|
|
properties:
|
|
add:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
remove:
|
|
items:
|
|
type: string
|
|
type: array
|
|
set:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
type: object
|
|
type: object
|
|
weight:
|
|
format: int32
|
|
type: integer
|
|
type: object
|
|
type: array
|
|
timeout:
|
|
description: Timeout for HTTP requests, default is disabled.
|
|
type: string
|
|
type: object
|
|
type: array
|
|
tcp:
|
|
description: An ordered list of route rules for opaque TCP traffic.
|
|
items:
|
|
properties:
|
|
match:
|
|
items:
|
|
properties:
|
|
destinationSubnets:
|
|
description: IPv4 or IPv6 ip addresses of destination
|
|
with optional subnet.
|
|
items:
|
|
type: string
|
|
type: array
|
|
gateways:
|
|
description: Names of gateways where the rule should be
|
|
applied.
|
|
items:
|
|
type: string
|
|
type: array
|
|
port:
|
|
description: Specifies the port on the host that is being
|
|
addressed.
|
|
type: integer
|
|
sourceLabels:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
sourceNamespace:
|
|
description: Source namespace constraining the applicability
|
|
of a rule to workloads in that namespace.
|
|
type: string
|
|
sourceSubnet:
|
|
description: IPv4 or IPv6 ip address of source with optional
|
|
subnet.
|
|
type: string
|
|
type: object
|
|
type: array
|
|
route:
|
|
description: The destination to which the connection should
|
|
be forwarded to.
|
|
items:
|
|
properties:
|
|
destination:
|
|
properties:
|
|
host:
|
|
description: The name of a service from the service
|
|
registry.
|
|
type: string
|
|
port:
|
|
description: Specifies the port on the host that is
|
|
being addressed.
|
|
properties:
|
|
number:
|
|
type: integer
|
|
type: object
|
|
subset:
|
|
description: The name of a subset within the service.
|
|
type: string
|
|
type: object
|
|
weight:
|
|
format: int32
|
|
type: integer
|
|
type: object
|
|
type: array
|
|
type: object
|
|
type: array
|
|
tls:
|
|
items:
|
|
properties:
|
|
match:
|
|
items:
|
|
properties:
|
|
destinationSubnets:
|
|
description: IPv4 or IPv6 ip addresses of destination
|
|
with optional subnet.
|
|
items:
|
|
type: string
|
|
type: array
|
|
gateways:
|
|
description: Names of gateways where the rule should be
|
|
applied.
|
|
items:
|
|
type: string
|
|
type: array
|
|
port:
|
|
description: Specifies the port on the host that is being
|
|
addressed.
|
|
type: integer
|
|
sniHosts:
|
|
description: SNI (server name indicator) to match on.
|
|
items:
|
|
type: string
|
|
type: array
|
|
sourceLabels:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
sourceNamespace:
|
|
description: Source namespace constraining the applicability
|
|
of a rule to workloads in that namespace.
|
|
type: string
|
|
type: object
|
|
type: array
|
|
route:
|
|
description: The destination to which the connection should
|
|
be forwarded to.
|
|
items:
|
|
properties:
|
|
destination:
|
|
properties:
|
|
host:
|
|
description: The name of a service from the service
|
|
registry.
|
|
type: string
|
|
port:
|
|
description: Specifies the port on the host that is
|
|
being addressed.
|
|
properties:
|
|
number:
|
|
type: integer
|
|
type: object
|
|
subset:
|
|
description: The name of a subset within the service.
|
|
type: string
|
|
type: object
|
|
weight:
|
|
format: int32
|
|
type: integer
|
|
type: object
|
|
type: array
|
|
type: object
|
|
type: array
|
|
type: object
|
|
status:
|
|
type: object
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
- additionalPrinterColumns:
|
|
- description: The names of gateways and sidecars that should apply these routes
|
|
jsonPath: .spec.gateways
|
|
name: Gateways
|
|
type: string
|
|
- description: The destination hosts to which traffic is being sent
|
|
jsonPath: .spec.hosts
|
|
name: Hosts
|
|
type: string
|
|
- description: 'CreationTimestamp is a timestamp representing the server time
|
|
when this object was created. It is not guaranteed to be set in happens-before
|
|
order across separate operations. Clients may not set this value. It is represented
|
|
in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
|
|
lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
|
|
jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
name: v1beta1
|
|
schema:
|
|
openAPIV3Schema:
|
|
properties:
|
|
spec:
|
|
description: 'Configuration affecting label/content routing, sni routing,
|
|
etc. See more details at: https://istio.io/docs/reference/config/networking/virtual-service.html'
|
|
properties:
|
|
exportTo:
|
|
description: A list of namespaces to which this virtual service is
|
|
exported.
|
|
items:
|
|
type: string
|
|
type: array
|
|
gateways:
|
|
description: The names of gateways and sidecars that should apply
|
|
these routes.
|
|
items:
|
|
type: string
|
|
type: array
|
|
hosts:
|
|
description: The destination hosts to which traffic is being sent.
|
|
items:
|
|
type: string
|
|
type: array
|
|
http:
|
|
description: An ordered list of route rules for HTTP traffic.
|
|
items:
|
|
properties:
|
|
corsPolicy:
|
|
description: Cross-Origin Resource Sharing policy (CORS).
|
|
properties:
|
|
allowCredentials:
|
|
nullable: true
|
|
type: boolean
|
|
allowHeaders:
|
|
items:
|
|
type: string
|
|
type: array
|
|
allowMethods:
|
|
description: List of HTTP methods allowed to access the
|
|
resource.
|
|
items:
|
|
type: string
|
|
type: array
|
|
allowOrigin:
|
|
description: The list of origins that are allowed to perform
|
|
CORS requests.
|
|
items:
|
|
type: string
|
|
type: array
|
|
allowOrigins:
|
|
description: String patterns that match allowed origins.
|
|
items:
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- exact
|
|
- required:
|
|
- prefix
|
|
- required:
|
|
- regex
|
|
- required:
|
|
- exact
|
|
- required:
|
|
- prefix
|
|
- required:
|
|
- regex
|
|
properties:
|
|
exact:
|
|
type: string
|
|
prefix:
|
|
type: string
|
|
regex:
|
|
description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
|
|
type: string
|
|
type: object
|
|
type: array
|
|
exposeHeaders:
|
|
items:
|
|
type: string
|
|
type: array
|
|
maxAge:
|
|
type: string
|
|
type: object
|
|
delegate:
|
|
properties:
|
|
name:
|
|
description: Name specifies the name of the delegate VirtualService.
|
|
type: string
|
|
namespace:
|
|
description: Namespace specifies the namespace where the
|
|
delegate VirtualService resides.
|
|
type: string
|
|
type: object
|
|
fault:
|
|
description: Fault injection policy to apply on HTTP traffic
|
|
at the client side.
|
|
properties:
|
|
abort:
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- httpStatus
|
|
- required:
|
|
- grpcStatus
|
|
- required:
|
|
- http2Error
|
|
- required:
|
|
- httpStatus
|
|
- required:
|
|
- grpcStatus
|
|
- required:
|
|
- http2Error
|
|
properties:
|
|
grpcStatus:
|
|
type: string
|
|
http2Error:
|
|
type: string
|
|
httpStatus:
|
|
description: HTTP status code to use to abort the Http
|
|
request.
|
|
format: int32
|
|
type: integer
|
|
percentage:
|
|
description: Percentage of requests to be aborted with
|
|
the error code provided.
|
|
properties:
|
|
value:
|
|
format: double
|
|
type: number
|
|
type: object
|
|
type: object
|
|
delay:
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- fixedDelay
|
|
- required:
|
|
- exponentialDelay
|
|
- required:
|
|
- fixedDelay
|
|
- required:
|
|
- exponentialDelay
|
|
properties:
|
|
exponentialDelay:
|
|
type: string
|
|
fixedDelay:
|
|
description: Add a fixed delay before forwarding the
|
|
request.
|
|
type: string
|
|
percent:
|
|
description: Percentage of requests on which the delay
|
|
will be injected (0-100).
|
|
format: int32
|
|
type: integer
|
|
percentage:
|
|
description: Percentage of requests on which the delay
|
|
will be injected.
|
|
properties:
|
|
value:
|
|
format: double
|
|
type: number
|
|
type: object
|
|
type: object
|
|
type: object
|
|
headers:
|
|
properties:
|
|
request:
|
|
properties:
|
|
add:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
remove:
|
|
items:
|
|
type: string
|
|
type: array
|
|
set:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
type: object
|
|
response:
|
|
properties:
|
|
add:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
remove:
|
|
items:
|
|
type: string
|
|
type: array
|
|
set:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
type: object
|
|
type: object
|
|
match:
|
|
items:
|
|
properties:
|
|
authority:
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- exact
|
|
- required:
|
|
- prefix
|
|
- required:
|
|
- regex
|
|
- required:
|
|
- exact
|
|
- required:
|
|
- prefix
|
|
- required:
|
|
- regex
|
|
properties:
|
|
exact:
|
|
type: string
|
|
prefix:
|
|
type: string
|
|
regex:
|
|
description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
|
|
type: string
|
|
type: object
|
|
gateways:
|
|
description: Names of gateways where the rule should be
|
|
applied.
|
|
items:
|
|
type: string
|
|
type: array
|
|
headers:
|
|
additionalProperties:
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- exact
|
|
- required:
|
|
- prefix
|
|
- required:
|
|
- regex
|
|
- required:
|
|
- exact
|
|
- required:
|
|
- prefix
|
|
- required:
|
|
- regex
|
|
properties:
|
|
exact:
|
|
type: string
|
|
prefix:
|
|
type: string
|
|
regex:
|
|
description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
|
|
type: string
|
|
type: object
|
|
type: object
|
|
ignoreUriCase:
|
|
description: Flag to specify whether the URI matching
|
|
should be case-insensitive.
|
|
type: boolean
|
|
method:
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- exact
|
|
- required:
|
|
- prefix
|
|
- required:
|
|
- regex
|
|
- required:
|
|
- exact
|
|
- required:
|
|
- prefix
|
|
- required:
|
|
- regex
|
|
properties:
|
|
exact:
|
|
type: string
|
|
prefix:
|
|
type: string
|
|
regex:
|
|
description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
|
|
type: string
|
|
type: object
|
|
name:
|
|
description: The name assigned to a match.
|
|
type: string
|
|
port:
|
|
description: Specifies the ports on the host that is being
|
|
addressed.
|
|
type: integer
|
|
queryParams:
|
|
additionalProperties:
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- exact
|
|
- required:
|
|
- prefix
|
|
- required:
|
|
- regex
|
|
- required:
|
|
- exact
|
|
- required:
|
|
- prefix
|
|
- required:
|
|
- regex
|
|
properties:
|
|
exact:
|
|
type: string
|
|
prefix:
|
|
type: string
|
|
regex:
|
|
description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
|
|
type: string
|
|
type: object
|
|
description: Query parameters for matching.
|
|
type: object
|
|
scheme:
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- exact
|
|
- required:
|
|
- prefix
|
|
- required:
|
|
- regex
|
|
- required:
|
|
- exact
|
|
- required:
|
|
- prefix
|
|
- required:
|
|
- regex
|
|
properties:
|
|
exact:
|
|
type: string
|
|
prefix:
|
|
type: string
|
|
regex:
|
|
description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
|
|
type: string
|
|
type: object
|
|
sourceLabels:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
sourceNamespace:
|
|
description: Source namespace constraining the applicability
|
|
of a rule to workloads in that namespace.
|
|
type: string
|
|
uri:
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- exact
|
|
- required:
|
|
- prefix
|
|
- required:
|
|
- regex
|
|
- required:
|
|
- exact
|
|
- required:
|
|
- prefix
|
|
- required:
|
|
- regex
|
|
properties:
|
|
exact:
|
|
type: string
|
|
prefix:
|
|
type: string
|
|
regex:
|
|
description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
|
|
type: string
|
|
type: object
|
|
withoutHeaders:
|
|
additionalProperties:
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- exact
|
|
- required:
|
|
- prefix
|
|
- required:
|
|
- regex
|
|
- required:
|
|
- exact
|
|
- required:
|
|
- prefix
|
|
- required:
|
|
- regex
|
|
properties:
|
|
exact:
|
|
type: string
|
|
prefix:
|
|
type: string
|
|
regex:
|
|
description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).
|
|
type: string
|
|
type: object
|
|
description: withoutHeader has the same syntax with the
|
|
header, but has opposite meaning.
|
|
type: object
|
|
type: object
|
|
type: array
|
|
mirror:
|
|
properties:
|
|
host:
|
|
description: The name of a service from the service registry.
|
|
type: string
|
|
port:
|
|
description: Specifies the port on the host that is being
|
|
addressed.
|
|
properties:
|
|
number:
|
|
type: integer
|
|
type: object
|
|
subset:
|
|
description: The name of a subset within the service.
|
|
type: string
|
|
type: object
|
|
mirror_percent:
|
|
description: Percentage of the traffic to be mirrored by the
|
|
`mirror` field.
|
|
nullable: true
|
|
type: integer
|
|
mirrorPercent:
|
|
description: Percentage of the traffic to be mirrored by the
|
|
`mirror` field.
|
|
nullable: true
|
|
type: integer
|
|
mirrorPercentage:
|
|
description: Percentage of the traffic to be mirrored by the
|
|
`mirror` field.
|
|
properties:
|
|
value:
|
|
format: double
|
|
type: number
|
|
type: object
|
|
name:
|
|
description: The name assigned to the route for debugging purposes.
|
|
type: string
|
|
redirect:
|
|
description: A HTTP rule can either redirect or forward (default)
|
|
traffic.
|
|
properties:
|
|
authority:
|
|
type: string
|
|
redirectCode:
|
|
type: integer
|
|
uri:
|
|
type: string
|
|
type: object
|
|
retries:
|
|
description: Retry policy for HTTP requests.
|
|
properties:
|
|
attempts:
|
|
description: Number of retries to be allowed for a given
|
|
request.
|
|
format: int32
|
|
type: integer
|
|
perTryTimeout:
|
|
description: Timeout per attempt for a given request, including
|
|
the initial call and any retries.
|
|
type: string
|
|
retryOn:
|
|
description: Specifies the conditions under which retry
|
|
takes place.
|
|
type: string
|
|
retryRemoteLocalities:
|
|
description: Flag to specify whether the retries should
|
|
retry to other localities.
|
|
nullable: true
|
|
type: boolean
|
|
type: object
|
|
rewrite:
|
|
description: Rewrite HTTP URIs and Authority headers.
|
|
properties:
|
|
authority:
|
|
description: rewrite the Authority/Host header with this
|
|
value.
|
|
type: string
|
|
uri:
|
|
type: string
|
|
type: object
|
|
route:
|
|
description: A HTTP rule can either redirect or forward (default)
|
|
traffic.
|
|
items:
|
|
properties:
|
|
destination:
|
|
properties:
|
|
host:
|
|
description: The name of a service from the service
|
|
registry.
|
|
type: string
|
|
port:
|
|
description: Specifies the port on the host that is
|
|
being addressed.
|
|
properties:
|
|
number:
|
|
type: integer
|
|
type: object
|
|
subset:
|
|
description: The name of a subset within the service.
|
|
type: string
|
|
type: object
|
|
headers:
|
|
properties:
|
|
request:
|
|
properties:
|
|
add:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
remove:
|
|
items:
|
|
type: string
|
|
type: array
|
|
set:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
type: object
|
|
response:
|
|
properties:
|
|
add:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
remove:
|
|
items:
|
|
type: string
|
|
type: array
|
|
set:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
type: object
|
|
type: object
|
|
weight:
|
|
format: int32
|
|
type: integer
|
|
type: object
|
|
type: array
|
|
timeout:
|
|
description: Timeout for HTTP requests, default is disabled.
|
|
type: string
|
|
type: object
|
|
type: array
|
|
tcp:
|
|
description: An ordered list of route rules for opaque TCP traffic.
|
|
items:
|
|
properties:
|
|
match:
|
|
items:
|
|
properties:
|
|
destinationSubnets:
|
|
description: IPv4 or IPv6 ip addresses of destination
|
|
with optional subnet.
|
|
items:
|
|
type: string
|
|
type: array
|
|
gateways:
|
|
description: Names of gateways where the rule should be
|
|
applied.
|
|
items:
|
|
type: string
|
|
type: array
|
|
port:
|
|
description: Specifies the port on the host that is being
|
|
addressed.
|
|
type: integer
|
|
sourceLabels:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
sourceNamespace:
|
|
description: Source namespace constraining the applicability
|
|
of a rule to workloads in that namespace.
|
|
type: string
|
|
sourceSubnet:
|
|
description: IPv4 or IPv6 ip address of source with optional
|
|
subnet.
|
|
type: string
|
|
type: object
|
|
type: array
|
|
route:
|
|
description: The destination to which the connection should
|
|
be forwarded to.
|
|
items:
|
|
properties:
|
|
destination:
|
|
properties:
|
|
host:
|
|
description: The name of a service from the service
|
|
registry.
|
|
type: string
|
|
port:
|
|
description: Specifies the port on the host that is
|
|
being addressed.
|
|
properties:
|
|
number:
|
|
type: integer
|
|
type: object
|
|
subset:
|
|
description: The name of a subset within the service.
|
|
type: string
|
|
type: object
|
|
weight:
|
|
format: int32
|
|
type: integer
|
|
type: object
|
|
type: array
|
|
type: object
|
|
type: array
|
|
tls:
|
|
items:
|
|
properties:
|
|
match:
|
|
items:
|
|
properties:
|
|
destinationSubnets:
|
|
description: IPv4 or IPv6 ip addresses of destination
|
|
with optional subnet.
|
|
items:
|
|
type: string
|
|
type: array
|
|
gateways:
|
|
description: Names of gateways where the rule should be
|
|
applied.
|
|
items:
|
|
type: string
|
|
type: array
|
|
port:
|
|
description: Specifies the port on the host that is being
|
|
addressed.
|
|
type: integer
|
|
sniHosts:
|
|
description: SNI (server name indicator) to match on.
|
|
items:
|
|
type: string
|
|
type: array
|
|
sourceLabels:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
sourceNamespace:
|
|
description: Source namespace constraining the applicability
|
|
of a rule to workloads in that namespace.
|
|
type: string
|
|
type: object
|
|
type: array
|
|
route:
|
|
description: The destination to which the connection should
|
|
be forwarded to.
|
|
items:
|
|
properties:
|
|
destination:
|
|
properties:
|
|
host:
|
|
description: The name of a service from the service
|
|
registry.
|
|
type: string
|
|
port:
|
|
description: Specifies the port on the host that is
|
|
being addressed.
|
|
properties:
|
|
number:
|
|
type: integer
|
|
type: object
|
|
subset:
|
|
description: The name of a subset within the service.
|
|
type: string
|
|
type: object
|
|
weight:
|
|
format: int32
|
|
type: integer
|
|
type: object
|
|
type: array
|
|
type: object
|
|
type: array
|
|
type: object
|
|
status:
|
|
type: object
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
type: object
|
|
served: true
|
|
storage: false
|
|
subresources:
|
|
status: {}
|
|
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
"helm.sh/resource-policy": keep
|
|
labels:
|
|
app: istio-pilot
|
|
chart: istio
|
|
heritage: Tiller
|
|
release: istio
|
|
name: workloadentries.networking.istio.io
|
|
spec:
|
|
group: networking.istio.io
|
|
names:
|
|
categories:
|
|
- istio-io
|
|
- networking-istio-io
|
|
kind: WorkloadEntry
|
|
listKind: WorkloadEntryList
|
|
plural: workloadentries
|
|
shortNames:
|
|
- we
|
|
singular: workloadentry
|
|
scope: Namespaced
|
|
versions:
|
|
- additionalPrinterColumns:
|
|
- description: 'CreationTimestamp is a timestamp representing the server time
|
|
when this object was created. It is not guaranteed to be set in happens-before
|
|
order across separate operations. Clients may not set this value. It is represented
|
|
in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
|
|
lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
|
|
jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
- description: Address associated with the network endpoint.
|
|
jsonPath: .spec.address
|
|
name: Address
|
|
type: string
|
|
name: v1alpha3
|
|
schema:
|
|
openAPIV3Schema:
|
|
properties:
|
|
spec:
|
|
description: 'Configuration affecting VMs onboarded into the mesh. See
|
|
more details at: https://istio.io/docs/reference/config/networking/workload-entry.html'
|
|
properties:
|
|
address:
|
|
type: string
|
|
labels:
|
|
additionalProperties:
|
|
type: string
|
|
description: One or more labels associated with the endpoint.
|
|
type: object
|
|
locality:
|
|
description: The locality associated with the endpoint.
|
|
type: string
|
|
network:
|
|
type: string
|
|
ports:
|
|
additionalProperties:
|
|
type: integer
|
|
description: Set of ports associated with the endpoint.
|
|
type: object
|
|
serviceAccount:
|
|
type: string
|
|
weight:
|
|
description: The load balancing weight associated with the endpoint.
|
|
type: integer
|
|
type: object
|
|
status:
|
|
type: object
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
- additionalPrinterColumns:
|
|
- description: 'CreationTimestamp is a timestamp representing the server time
|
|
when this object was created. It is not guaranteed to be set in happens-before
|
|
order across separate operations. Clients may not set this value. It is represented
|
|
in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
|
|
lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
|
|
jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
- description: Address associated with the network endpoint.
|
|
jsonPath: .spec.address
|
|
name: Address
|
|
type: string
|
|
name: v1beta1
|
|
schema:
|
|
openAPIV3Schema:
|
|
properties:
|
|
spec:
|
|
description: 'Configuration affecting VMs onboarded into the mesh. See
|
|
more details at: https://istio.io/docs/reference/config/networking/workload-entry.html'
|
|
properties:
|
|
address:
|
|
type: string
|
|
labels:
|
|
additionalProperties:
|
|
type: string
|
|
description: One or more labels associated with the endpoint.
|
|
type: object
|
|
locality:
|
|
description: The locality associated with the endpoint.
|
|
type: string
|
|
network:
|
|
type: string
|
|
ports:
|
|
additionalProperties:
|
|
type: integer
|
|
description: Set of ports associated with the endpoint.
|
|
type: object
|
|
serviceAccount:
|
|
type: string
|
|
weight:
|
|
description: The load balancing weight associated with the endpoint.
|
|
type: integer
|
|
type: object
|
|
status:
|
|
type: object
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
type: object
|
|
served: true
|
|
storage: false
|
|
subresources:
|
|
status: {}
|
|
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
labels:
|
|
app: istio-pilot
|
|
chart: istio
|
|
heritage: Tiller
|
|
release: istio
|
|
name: workloadgroups.networking.istio.io
|
|
spec:
|
|
group: networking.istio.io
|
|
names:
|
|
categories:
|
|
- istio-io
|
|
- networking-istio-io
|
|
kind: WorkloadGroup
|
|
listKind: WorkloadGroupList
|
|
plural: workloadgroups
|
|
shortNames:
|
|
- wg
|
|
singular: workloadgroup
|
|
scope: Namespaced
|
|
versions:
|
|
- additionalPrinterColumns:
|
|
- description: 'CreationTimestamp is a timestamp representing the server time
|
|
when this object was created. It is not guaranteed to be set in happens-before
|
|
order across separate operations. Clients may not set this value. It is represented
|
|
in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
|
|
lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
|
|
jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
name: v1alpha3
|
|
schema:
|
|
openAPIV3Schema:
|
|
properties:
|
|
spec:
|
|
description: 'Describes a collection of workload instances. See more details
|
|
at: https://istio.io/docs/reference/config/networking/workload-group.html'
|
|
properties:
|
|
metadata:
|
|
description: Metadata that will be used for all corresponding `WorkloadEntries`.
|
|
properties:
|
|
annotations:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
labels:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
type: object
|
|
probe:
|
|
description: '`ReadinessProbe` describes the configuration the user
|
|
must provide for healthchecking on their workload.'
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- httpGet
|
|
- required:
|
|
- tcpSocket
|
|
- required:
|
|
- exec
|
|
- required:
|
|
- httpGet
|
|
- required:
|
|
- tcpSocket
|
|
- required:
|
|
- exec
|
|
properties:
|
|
exec:
|
|
description: Health is determined by how the command that is executed
|
|
exited.
|
|
properties:
|
|
command:
|
|
description: Command to run.
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
failureThreshold:
|
|
description: Minimum consecutive failures for the probe to be
|
|
considered failed after having succeeded.
|
|
format: int32
|
|
type: integer
|
|
httpGet:
|
|
properties:
|
|
host:
|
|
description: Host name to connect to, defaults to the pod
|
|
IP.
|
|
type: string
|
|
httpHeaders:
|
|
description: Headers the proxy will pass on to make the request.
|
|
items:
|
|
properties:
|
|
name:
|
|
type: string
|
|
value:
|
|
type: string
|
|
type: object
|
|
type: array
|
|
path:
|
|
description: Path to access on the HTTP server.
|
|
type: string
|
|
port:
|
|
description: Port on which the endpoint lives.
|
|
type: integer
|
|
scheme:
|
|
type: string
|
|
type: object
|
|
initialDelaySeconds:
|
|
description: Number of seconds after the container has started
|
|
before readiness probes are initiated.
|
|
format: int32
|
|
type: integer
|
|
periodSeconds:
|
|
description: How often (in seconds) to perform the probe.
|
|
format: int32
|
|
type: integer
|
|
successThreshold:
|
|
description: Minimum consecutive successes for the probe to be
|
|
considered successful after having failed.
|
|
format: int32
|
|
type: integer
|
|
tcpSocket:
|
|
description: Health is determined by if the proxy is able to connect.
|
|
properties:
|
|
host:
|
|
type: string
|
|
port:
|
|
type: integer
|
|
type: object
|
|
timeoutSeconds:
|
|
description: Number of seconds after which the probe times out.
|
|
format: int32
|
|
type: integer
|
|
type: object
|
|
template:
|
|
description: Template to be used for the generation of `WorkloadEntry`
|
|
resources that belong to this `WorkloadGroup`.
|
|
properties:
|
|
address:
|
|
type: string
|
|
labels:
|
|
additionalProperties:
|
|
type: string
|
|
description: One or more labels associated with the endpoint.
|
|
type: object
|
|
locality:
|
|
description: The locality associated with the endpoint.
|
|
type: string
|
|
network:
|
|
type: string
|
|
ports:
|
|
additionalProperties:
|
|
type: integer
|
|
description: Set of ports associated with the endpoint.
|
|
type: object
|
|
serviceAccount:
|
|
type: string
|
|
weight:
|
|
description: The load balancing weight associated with the endpoint.
|
|
type: integer
|
|
type: object
|
|
type: object
|
|
status:
|
|
type: object
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
"helm.sh/resource-policy": keep
|
|
labels:
|
|
app: istio-pilot
|
|
chart: istio
|
|
heritage: Tiller
|
|
istio: security
|
|
release: istio
|
|
name: authorizationpolicies.security.istio.io
|
|
spec:
|
|
group: security.istio.io
|
|
names:
|
|
categories:
|
|
- istio-io
|
|
- security-istio-io
|
|
kind: AuthorizationPolicy
|
|
listKind: AuthorizationPolicyList
|
|
plural: authorizationpolicies
|
|
singular: authorizationpolicy
|
|
scope: Namespaced
|
|
versions:
|
|
- name: v1beta1
|
|
schema:
|
|
openAPIV3Schema:
|
|
properties:
|
|
spec:
|
|
description: 'Configuration for access control on workloads. See more
|
|
details at: https://istio.io/docs/reference/config/security/authorization-policy.html'
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- provider
|
|
- required:
|
|
- provider
|
|
properties:
|
|
action:
|
|
description: Optional.
|
|
enum:
|
|
- ALLOW
|
|
- DENY
|
|
- AUDIT
|
|
- CUSTOM
|
|
type: string
|
|
provider:
|
|
description: Specifies detailed configuration of the CUSTOM action.
|
|
properties:
|
|
name:
|
|
description: Specifies the name of the extension provider.
|
|
type: string
|
|
type: object
|
|
rules:
|
|
description: Optional.
|
|
items:
|
|
properties:
|
|
from:
|
|
description: Optional.
|
|
items:
|
|
properties:
|
|
source:
|
|
description: Source specifies the source of a request.
|
|
properties:
|
|
ipBlocks:
|
|
description: Optional.
|
|
items:
|
|
type: string
|
|
type: array
|
|
namespaces:
|
|
description: Optional.
|
|
items:
|
|
type: string
|
|
type: array
|
|
notIpBlocks:
|
|
description: Optional.
|
|
items:
|
|
type: string
|
|
type: array
|
|
notNamespaces:
|
|
description: Optional.
|
|
items:
|
|
type: string
|
|
type: array
|
|
notPrincipals:
|
|
description: Optional.
|
|
items:
|
|
type: string
|
|
type: array
|
|
notRemoteIpBlocks:
|
|
description: Optional.
|
|
items:
|
|
type: string
|
|
type: array
|
|
notRequestPrincipals:
|
|
description: Optional.
|
|
items:
|
|
type: string
|
|
type: array
|
|
principals:
|
|
description: Optional.
|
|
items:
|
|
type: string
|
|
type: array
|
|
remoteIpBlocks:
|
|
description: Optional.
|
|
items:
|
|
type: string
|
|
type: array
|
|
requestPrincipals:
|
|
description: Optional.
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
type: object
|
|
type: array
|
|
to:
|
|
description: Optional.
|
|
items:
|
|
properties:
|
|
operation:
|
|
description: Operation specifies the operation of a request.
|
|
properties:
|
|
hosts:
|
|
description: Optional.
|
|
items:
|
|
type: string
|
|
type: array
|
|
methods:
|
|
description: Optional.
|
|
items:
|
|
type: string
|
|
type: array
|
|
notHosts:
|
|
description: Optional.
|
|
items:
|
|
type: string
|
|
type: array
|
|
notMethods:
|
|
description: Optional.
|
|
items:
|
|
type: string
|
|
type: array
|
|
notPaths:
|
|
description: Optional.
|
|
items:
|
|
type: string
|
|
type: array
|
|
notPorts:
|
|
description: Optional.
|
|
items:
|
|
type: string
|
|
type: array
|
|
paths:
|
|
description: Optional.
|
|
items:
|
|
type: string
|
|
type: array
|
|
ports:
|
|
description: Optional.
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
type: object
|
|
type: array
|
|
when:
|
|
description: Optional.
|
|
items:
|
|
properties:
|
|
key:
|
|
description: The name of an Istio attribute.
|
|
type: string
|
|
notValues:
|
|
description: Optional.
|
|
items:
|
|
type: string
|
|
type: array
|
|
values:
|
|
description: Optional.
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
type: array
|
|
type: object
|
|
type: array
|
|
selector:
|
|
description: Optional.
|
|
properties:
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
type: object
|
|
type: object
|
|
status:
|
|
type: object
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
"helm.sh/resource-policy": keep
|
|
labels:
|
|
app: istio-pilot
|
|
chart: istio
|
|
heritage: Tiller
|
|
istio: security
|
|
release: istio
|
|
name: peerauthentications.security.istio.io
|
|
spec:
|
|
group: security.istio.io
|
|
names:
|
|
categories:
|
|
- istio-io
|
|
- security-istio-io
|
|
kind: PeerAuthentication
|
|
listKind: PeerAuthenticationList
|
|
plural: peerauthentications
|
|
shortNames:
|
|
- pa
|
|
singular: peerauthentication
|
|
scope: Namespaced
|
|
versions:
|
|
- additionalPrinterColumns:
|
|
- description: Defines the mTLS mode used for peer authentication.
|
|
jsonPath: .spec.mtls.mode
|
|
name: Mode
|
|
type: string
|
|
- description: 'CreationTimestamp is a timestamp representing the server time
|
|
when this object was created. It is not guaranteed to be set in happens-before
|
|
order across separate operations. Clients may not set this value. It is represented
|
|
in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
|
|
lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
|
|
jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
name: v1beta1
|
|
schema:
|
|
openAPIV3Schema:
|
|
properties:
|
|
spec:
|
|
description: PeerAuthentication defines how traffic will be tunneled (or
|
|
not) to the sidecar.
|
|
properties:
|
|
mtls:
|
|
description: Mutual TLS settings for workload.
|
|
properties:
|
|
mode:
|
|
description: Defines the mTLS mode used for peer authentication.
|
|
enum:
|
|
- UNSET
|
|
- DISABLE
|
|
- PERMISSIVE
|
|
- STRICT
|
|
type: string
|
|
type: object
|
|
portLevelMtls:
|
|
additionalProperties:
|
|
properties:
|
|
mode:
|
|
description: Defines the mTLS mode used for peer authentication.
|
|
enum:
|
|
- UNSET
|
|
- DISABLE
|
|
- PERMISSIVE
|
|
- STRICT
|
|
type: string
|
|
type: object
|
|
description: Port specific mutual TLS settings.
|
|
type: object
|
|
selector:
|
|
description: The selector determines the workloads to apply the ChannelAuthentication
|
|
on.
|
|
properties:
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
type: object
|
|
type: object
|
|
status:
|
|
type: object
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
"helm.sh/resource-policy": keep
|
|
labels:
|
|
app: istio-pilot
|
|
chart: istio
|
|
heritage: Tiller
|
|
istio: security
|
|
release: istio
|
|
name: requestauthentications.security.istio.io
|
|
spec:
|
|
group: security.istio.io
|
|
names:
|
|
categories:
|
|
- istio-io
|
|
- security-istio-io
|
|
kind: RequestAuthentication
|
|
listKind: RequestAuthenticationList
|
|
plural: requestauthentications
|
|
shortNames:
|
|
- ra
|
|
singular: requestauthentication
|
|
scope: Namespaced
|
|
versions:
|
|
- name: v1beta1
|
|
schema:
|
|
openAPIV3Schema:
|
|
properties:
|
|
spec:
|
|
description: RequestAuthentication defines what request authentication
|
|
methods are supported by a workload.
|
|
properties:
|
|
jwtRules:
|
|
description: Define the list of JWTs that can be validated at the
|
|
selected workloads' proxy.
|
|
items:
|
|
properties:
|
|
audiences:
|
|
items:
|
|
type: string
|
|
type: array
|
|
forwardOriginalToken:
|
|
description: If set to true, the orginal token will be kept
|
|
for the ustream request.
|
|
type: boolean
|
|
fromHeaders:
|
|
description: List of header locations from which JWT is expected.
|
|
items:
|
|
properties:
|
|
name:
|
|
description: The HTTP header name.
|
|
type: string
|
|
prefix:
|
|
description: The prefix that should be stripped before
|
|
decoding the token.
|
|
type: string
|
|
type: object
|
|
type: array
|
|
fromParams:
|
|
description: List of query parameters from which JWT is expected.
|
|
items:
|
|
type: string
|
|
type: array
|
|
issuer:
|
|
description: Identifies the issuer that issued the JWT.
|
|
type: string
|
|
jwks:
|
|
description: JSON Web Key Set of public keys to validate signature
|
|
of the JWT.
|
|
type: string
|
|
jwks_uri:
|
|
type: string
|
|
jwksUri:
|
|
type: string
|
|
outputPayloadToHeader:
|
|
type: string
|
|
type: object
|
|
type: array
|
|
selector:
|
|
description: The selector determines the workloads to apply the RequestAuthentication
|
|
on.
|
|
properties:
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
type: object
|
|
type: object
|
|
status:
|
|
type: object
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
"helm.sh/resource-policy": keep
|
|
labels:
|
|
app: istio-pilot
|
|
chart: istio
|
|
heritage: Tiller
|
|
istio: telemetry
|
|
release: istio
|
|
name: telemetries.telemetry.istio.io
|
|
spec:
|
|
group: telemetry.istio.io
|
|
names:
|
|
categories:
|
|
- istio-io
|
|
- telemetry-istio-io
|
|
kind: Telemetry
|
|
listKind: TelemetryList
|
|
plural: telemetries
|
|
shortNames:
|
|
- telemetry
|
|
singular: telemetry
|
|
scope: Namespaced
|
|
versions:
|
|
- additionalPrinterColumns:
|
|
- description: 'CreationTimestamp is a timestamp representing the server time
|
|
when this object was created. It is not guaranteed to be set in happens-before
|
|
order across separate operations. Clients may not set this value. It is represented
|
|
in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
|
|
lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
|
|
jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
name: v1alpha1
|
|
schema:
|
|
openAPIV3Schema:
|
|
properties:
|
|
spec:
|
|
description: Telemetry defines how the telemetry is generated for workloads
|
|
within a mesh.
|
|
properties:
|
|
accessLogging:
|
|
description: Optional.
|
|
items:
|
|
properties:
|
|
disabled:
|
|
description: Controls logging.
|
|
nullable: true
|
|
type: boolean
|
|
providers:
|
|
description: Optional.
|
|
items:
|
|
properties:
|
|
name:
|
|
description: Required.
|
|
type: string
|
|
type: object
|
|
type: array
|
|
type: object
|
|
type: array
|
|
metrics:
|
|
description: Optional.
|
|
items:
|
|
properties:
|
|
overrides:
|
|
description: Optional.
|
|
items:
|
|
properties:
|
|
disabled:
|
|
description: Optional.
|
|
nullable: true
|
|
type: boolean
|
|
match:
|
|
description: Match allows provides the scope of the override.
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- metric
|
|
- required:
|
|
- customMetric
|
|
- required:
|
|
- metric
|
|
- required:
|
|
- customMetric
|
|
properties:
|
|
customMetric:
|
|
description: Allows free-form specification of a metric.
|
|
type: string
|
|
metric:
|
|
description: One of the well-known Istio Standard
|
|
Metrics.
|
|
enum:
|
|
- ALL_METRICS
|
|
- REQUEST_COUNT
|
|
- REQUEST_DURATION
|
|
- REQUEST_SIZE
|
|
- RESPONSE_SIZE
|
|
- TCP_OPENED_CONNECTIONS
|
|
- TCP_CLOSED_CONNECTIONS
|
|
- TCP_SENT_BYTES
|
|
- TCP_RECEIVED_BYTES
|
|
- GRPC_REQUEST_MESSAGES
|
|
- GRPC_RESPONSE_MESSAGES
|
|
type: string
|
|
mode:
|
|
description: 'Controls which mode of metrics generation
|
|
is selected: CLIENT and/or SERVER.'
|
|
enum:
|
|
- CLIENT_AND_SERVER
|
|
- CLIENT
|
|
- SERVER
|
|
type: string
|
|
type: object
|
|
tagOverrides:
|
|
additionalProperties:
|
|
properties:
|
|
operation:
|
|
description: Operation controls whether or not to
|
|
update/add a tag, or to remove it.
|
|
enum:
|
|
- UPSERT
|
|
- REMOVE
|
|
type: string
|
|
value:
|
|
description: Value is only considered if the operation
|
|
is `UPSERT`.
|
|
type: string
|
|
type: object
|
|
description: Optional.
|
|
type: object
|
|
type: object
|
|
type: array
|
|
providers:
|
|
description: Optional.
|
|
items:
|
|
properties:
|
|
name:
|
|
description: Required.
|
|
type: string
|
|
type: object
|
|
type: array
|
|
type: object
|
|
type: array
|
|
selector:
|
|
description: Optional.
|
|
properties:
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
type: object
|
|
tracing:
|
|
description: Optional.
|
|
items:
|
|
properties:
|
|
customTags:
|
|
additionalProperties:
|
|
oneOf:
|
|
- not:
|
|
anyOf:
|
|
- required:
|
|
- literal
|
|
- required:
|
|
- environment
|
|
- required:
|
|
- header
|
|
- required:
|
|
- literal
|
|
- required:
|
|
- environment
|
|
- required:
|
|
- header
|
|
properties:
|
|
environment:
|
|
description: Environment adds the value of an environment
|
|
variable to each span.
|
|
properties:
|
|
defaultValue:
|
|
description: Optional.
|
|
type: string
|
|
name:
|
|
description: Name of the environment variable from
|
|
which to extract the tag value.
|
|
type: string
|
|
type: object
|
|
header:
|
|
description: RequestHeader adds the value of an header
|
|
from the request to each span.
|
|
properties:
|
|
defaultValue:
|
|
description: Optional.
|
|
type: string
|
|
name:
|
|
description: Name of the header from which to extract
|
|
the tag value.
|
|
type: string
|
|
type: object
|
|
literal:
|
|
description: Literal adds the same, hard-coded value to
|
|
each span.
|
|
properties:
|
|
value:
|
|
description: The tag value to use.
|
|
type: string
|
|
type: object
|
|
type: object
|
|
description: Optional.
|
|
type: object
|
|
disableSpanReporting:
|
|
description: Controls span reporting.
|
|
nullable: true
|
|
type: boolean
|
|
providers:
|
|
description: Optional.
|
|
items:
|
|
properties:
|
|
name:
|
|
description: Required.
|
|
type: string
|
|
type: object
|
|
type: array
|
|
randomSamplingPercentage:
|
|
nullable: true
|
|
type: number
|
|
type: object
|
|
type: array
|
|
type: object
|
|
status:
|
|
type: object
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
|
|
---
|
|
|
|
---
|
|
# Source: crds/crd-operator.yaml
|
|
# SYNC WITH manifests/charts/istio-operator/templates
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
name: istiooperators.install.istio.io
|
|
labels:
|
|
release: istio
|
|
spec:
|
|
conversion:
|
|
strategy: None
|
|
group: install.istio.io
|
|
names:
|
|
kind: IstioOperator
|
|
listKind: IstioOperatorList
|
|
plural: istiooperators
|
|
singular: istiooperator
|
|
shortNames:
|
|
- iop
|
|
- io
|
|
scope: Namespaced
|
|
versions:
|
|
- additionalPrinterColumns:
|
|
- description: Istio control plane revision
|
|
jsonPath: .spec.revision
|
|
name: Revision
|
|
type: string
|
|
- description: IOP current state
|
|
jsonPath: .status.status
|
|
name: Status
|
|
type: string
|
|
- description: 'CreationTimestamp is a timestamp representing the server time
|
|
when this object was created. It is not guaranteed to be set in happens-before
|
|
order across separate operations. Clients may not set this value. It is represented
|
|
in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
|
|
lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
|
|
jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
subresources:
|
|
status: {}
|
|
name: v1alpha1
|
|
schema:
|
|
openAPIV3Schema:
|
|
type: object
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
served: true
|
|
storage: true
|
|
---
|
|
|
|
---
|
|
# Source: base/templates/reader-serviceaccount.yaml
|
|
# This service account aggregates reader permissions for the revisions in a given cluster
|
|
# Should be used for remote secret creation.
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: istio-reader-service-account
|
|
namespace: istio-system
|
|
labels:
|
|
app: istio-reader
|
|
release: istio
|
|
---
|
|
# Source: base/templates/serviceaccount.yaml
|
|
# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
|
|
# DO NOT EDIT!
|
|
# THIS IS A LEGACY CHART HERE FOR BACKCOMPAT
|
|
# UPDATED CHART AT manifests/charts/istio-control/istio-discovery
|
|
# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: istiod-service-account
|
|
namespace: istio-system
|
|
labels:
|
|
app: istiod
|
|
release: istio
|
|
---
|
|
# Source: base/templates/clusterrole.yaml
|
|
# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
|
|
# DO NOT EDIT!
|
|
# THIS IS A LEGACY CHART HERE FOR BACKCOMPAT
|
|
# UPDATED CHART AT manifests/charts/istio-control/istio-discovery
|
|
# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: istiod-istio-system
|
|
labels:
|
|
app: istiod
|
|
release: istio
|
|
rules:
|
|
# sidecar injection controller
|
|
- apiGroups: ["admissionregistration.k8s.io"]
|
|
resources: ["mutatingwebhookconfigurations"]
|
|
verbs: ["get", "list", "watch", "update", "patch"]
|
|
|
|
# configuration validation webhook controller
|
|
- apiGroups: ["admissionregistration.k8s.io"]
|
|
resources: ["validatingwebhookconfigurations"]
|
|
verbs: ["get", "list", "watch", "update"]
|
|
|
|
# istio configuration
|
|
# removing CRD permissions can break older versions of Istio running alongside this control plane (https://github.com/istio/istio/issues/29382)
|
|
# please proceed with caution
|
|
- apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io", "rbac.istio.io", "telemetry.istio.io"]
|
|
verbs: ["get", "watch", "list"]
|
|
resources: ["*"]
|
|
- apiGroups: ["networking.istio.io"]
|
|
verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ]
|
|
resources: [ "workloadentries" ]
|
|
- apiGroups: ["networking.istio.io"]
|
|
verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ]
|
|
resources: [ "workloadentries/status" ]
|
|
|
|
# auto-detect installed CRD definitions
|
|
- apiGroups: ["apiextensions.k8s.io"]
|
|
resources: ["customresourcedefinitions"]
|
|
verbs: ["get", "list", "watch"]
|
|
|
|
# discovery and routing
|
|
- apiGroups: [""]
|
|
resources: ["pods", "nodes", "services", "namespaces", "endpoints"]
|
|
verbs: ["get", "list", "watch"]
|
|
- apiGroups: ["discovery.k8s.io"]
|
|
resources: ["endpointslices"]
|
|
verbs: ["get", "list", "watch"]
|
|
|
|
# ingress controller
|
|
- apiGroups: ["networking.k8s.io"]
|
|
resources: ["ingresses", "ingressclasses"]
|
|
verbs: ["get", "list", "watch"]
|
|
- apiGroups: ["networking.k8s.io"]
|
|
resources: ["ingresses/status"]
|
|
verbs: ["*"]
|
|
|
|
# required for CA's namespace controller
|
|
- apiGroups: [""]
|
|
resources: ["configmaps"]
|
|
verbs: ["create", "get", "list", "watch", "update"]
|
|
|
|
# Istiod and bootstrap.
|
|
- apiGroups: ["certificates.k8s.io"]
|
|
resources:
|
|
- "certificatesigningrequests"
|
|
- "certificatesigningrequests/approval"
|
|
- "certificatesigningrequests/status"
|
|
verbs: ["update", "create", "get", "delete", "watch"]
|
|
- apiGroups: ["certificates.k8s.io"]
|
|
resources:
|
|
- "signers"
|
|
resourceNames:
|
|
- "kubernetes.io/legacy-unknown"
|
|
verbs: ["approve"]
|
|
|
|
# Used by Istiod to verify the JWT tokens
|
|
- apiGroups: ["authentication.k8s.io"]
|
|
resources: ["tokenreviews"]
|
|
verbs: ["create"]
|
|
|
|
# Used by Istiod to verify gateway SDS
|
|
- apiGroups: ["authorization.k8s.io"]
|
|
resources: ["subjectaccessreviews"]
|
|
verbs: ["create"]
|
|
|
|
# Use for Kubernetes Service APIs
|
|
- apiGroups: ["networking.x-k8s.io"]
|
|
resources: ["*"]
|
|
verbs: ["get", "watch", "list"]
|
|
- apiGroups: ["networking.x-k8s.io"]
|
|
resources: ["*"] # TODO: should be on just */status but wildcard is not supported
|
|
verbs: ["update"]
|
|
|
|
# Needed for multicluster secret reading, possibly ingress certs in the future
|
|
- apiGroups: [""]
|
|
resources: ["secrets"]
|
|
verbs: ["get", "watch", "list"]
|
|
|
|
# Used for MCS serviceexport management
|
|
- apiGroups: ["multicluster.x-k8s.io"]
|
|
resources: ["serviceexports"]
|
|
verbs: ["get", "watch", "list", "create", "delete"]
|
|
---
|
|
# Source: base/templates/clusterrole.yaml
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: istio-reader-istio-system
|
|
labels:
|
|
app: istio-reader
|
|
release: istio
|
|
rules:
|
|
- apiGroups:
|
|
- "config.istio.io"
|
|
- "security.istio.io"
|
|
- "networking.istio.io"
|
|
- "authentication.istio.io"
|
|
- "rbac.istio.io"
|
|
resources: ["*"]
|
|
verbs: ["get", "list", "watch"]
|
|
- apiGroups: [""]
|
|
resources: ["endpoints", "pods", "services", "nodes", "replicationcontrollers", "namespaces", "secrets"]
|
|
verbs: ["get", "list", "watch"]
|
|
- apiGroups: ["networking.istio.io"]
|
|
verbs: [ "get", "watch", "list" ]
|
|
resources: [ "workloadentries" ]
|
|
- apiGroups: ["apiextensions.k8s.io"]
|
|
resources: ["customresourcedefinitions"]
|
|
verbs: ["get", "list", "watch"]
|
|
- apiGroups: ["discovery.k8s.io"]
|
|
resources: ["endpointslices"]
|
|
verbs: ["get", "list", "watch"]
|
|
- apiGroups: ["apps"]
|
|
resources: ["replicasets"]
|
|
verbs: ["get", "list", "watch"]
|
|
- apiGroups: ["authentication.k8s.io"]
|
|
resources: ["tokenreviews"]
|
|
verbs: ["create"]
|
|
- apiGroups: ["authorization.k8s.io"]
|
|
resources: ["subjectaccessreviews"]
|
|
verbs: ["create"]
|
|
- apiGroups: ["multicluster.x-k8s.io"]
|
|
resources: ["serviceexports"]
|
|
verbs: ["get", "watch", "list"]
|
|
---
|
|
# Source: base/templates/clusterrolebinding.yaml
|
|
# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
|
|
# DO NOT EDIT!
|
|
# THIS IS A LEGACY CHART HERE FOR BACKCOMPAT
|
|
# UPDATED CHART AT manifests/charts/istio-control/istio-discovery
|
|
# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: istio-reader-istio-system
|
|
labels:
|
|
app: istio-reader
|
|
release: istio
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: istio-reader-istio-system
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: istio-reader-service-account
|
|
namespace: istio-system
|
|
---
|
|
# Source: base/templates/clusterrolebinding.yaml
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: istiod-istio-system
|
|
labels:
|
|
app: istiod
|
|
release: istio
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: istiod-istio-system
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: istiod-service-account
|
|
namespace: istio-system
|
|
---
|
|
# Source: base/templates/role.yaml
|
|
# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
|
|
# DO NOT EDIT!
|
|
# THIS IS A LEGACY CHART HERE FOR BACKCOMPAT
|
|
# UPDATED CHART AT manifests/charts/istio-control/istio-discovery
|
|
# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: Role
|
|
metadata:
|
|
name: istiod-istio-system
|
|
namespace: istio-system
|
|
labels:
|
|
app: istiod
|
|
release: istio
|
|
rules:
|
|
# permissions to verify the webhook is ready and rejecting
|
|
# invalid config. We use --server-dry-run so no config is persisted.
|
|
- apiGroups: ["networking.istio.io"]
|
|
verbs: ["create"]
|
|
resources: ["gateways"]
|
|
|
|
# For storing CA secret
|
|
- apiGroups: [""]
|
|
resources: ["secrets"]
|
|
# TODO lock this down to istio-ca-cert if not using the DNS cert mesh config
|
|
verbs: ["create", "get", "watch", "list", "update", "delete"]
|
|
---
|
|
# Source: base/templates/rolebinding.yaml
|
|
# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
|
|
# DO NOT EDIT!
|
|
# THIS IS A LEGACY CHART HERE FOR BACKCOMPAT
|
|
# UPDATED CHART AT manifests/charts/istio-control/istio-discovery
|
|
# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
name: istiod-istio-system
|
|
namespace: istio-system
|
|
labels:
|
|
app: istiod
|
|
release: istio
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: Role
|
|
name: istiod-istio-system
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: istiod-service-account
|
|
namespace: istio-system
|