Documentation
¶
Overview ¶
Package has auto-generated kube type wrappers for raw types. +k8s:openapi-gen=true +k8s:deepcopy-gen=package
Index ¶
- Constants
- Variables
- type CaptureMode
- type ConnectionPoolSettings
- type ConnectionPoolSettings_HTTPSettings
- type ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy
- type ConnectionPoolSettings_TCPSettings
- type ConnectionPoolSettings_TCPSettings_TcpKeepalive
- type CorsPolicy
- type Destination
- type DestinationRule
- type DestinationRuleList
- type DestinationRuleSpec
- type Duration
- type EnvoyFilter
- type EnvoyFilterList
- type EnvoyFilterSpec
- type EnvoyFilter_ApplyTo
- type EnvoyFilter_DeprecatedListenerMatch
- type EnvoyFilter_DeprecatedListenerMatch_ListenerProtocol
- type EnvoyFilter_DeprecatedListenerMatch_ListenerType
- type EnvoyFilter_EnvoyConfigObjectMatch
- type EnvoyFilter_EnvoyConfigObjectPatch
- type EnvoyFilter_Filter
- type EnvoyFilter_Filter_FilterType
- type EnvoyFilter_InsertPosition
- type EnvoyFilter_InsertPosition_Index
- type EnvoyFilter_Patch
- type EnvoyFilter_PatchContext
- type EnvoyFilter_Patch_Operation
- type EnvoyFilter_ProxyMatch
- type Gateway
- type GatewayList
- type GatewaySpec
- type HTTPMatchRequest
- type HTTPRedirect
- type HTTPRetry
- type HTTPRewrite
- type HTTPRoute
- type HTTPRouteDestination
- type Headers
- type Headers_HeaderOperations
- type IstioEgressListener
- type IstioIngressListener
- type L4MatchAttributes
- type LoadBalancerSettings
- type LocalityLoadBalancerSetting
- type LocalityLoadBalancerSetting_Distribute
- type LocalityLoadBalancerSetting_Failover
- type OutboundTrafficPolicy
- type OutboundTrafficPolicy_Mode
- type OutlierDetection
- type Port
- type PortSelector
- type RouteDestination
- type Server
- type Server_TLSOptions
- type ServiceEntry
- type ServiceEntryList
- type ServiceEntrySpec
- type ServiceEntry_Endpoint
- type ServiceEntry_Location
- type ServiceEntry_Resolution
- type Sidecar
- type SidecarList
- type SidecarSpec
- type StringMatch
- type StringMatch_Exact
- type StringMatch_Prefix
- type StringMatch_Regex
- type Struct
- type Subset
- type TCPRoute
- type TLSMatchAttributes
- type TLSRoute
- type TLSSettings
- type TLSSettings_TLSmode
- type TrafficPolicy
- type TrafficPolicy_PortTrafficPolicy
- type Value
- type VirtualService
- type VirtualServiceList
- type VirtualServiceSpec
- type WorkloadSelector
Constants ¶
View Source
const (
// Package-wide consts from generator "register".
GroupName = "networking.istio.io"
)
Variables ¶
View Source
var ( // Package-wide variables from generator "register". SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha3"} )
Functions ¶
This section is empty.
Types ¶
type CaptureMode ¶
type CaptureMode int32
const ( // The default capture mode defined by the environment. CaptureMode_DEFAULT CaptureMode = 0 // Capture traffic using IPtables redirection. CaptureMode_IPTABLES CaptureMode = 1 // No traffic capture. When used in an egress listener, the application is // expected to explicitly communicate with the listener port or Unix // domain socket. When used in an ingress listener, care needs to be taken // to ensure that the listener port is not in use by other processes on // the host. CaptureMode_NONE CaptureMode = 2 )
type ConnectionPoolSettings ¶
type ConnectionPoolSettings struct {
// Settings common to both HTTP and TCP upstream connections.
Tcp *ConnectionPoolSettings_TCPSettings `protobuf:"bytes,1,opt,name=tcp,proto3" json:"tcp,omitempty"`
// HTTP connection pool settings.
Http *ConnectionPoolSettings_HTTPSettings `protobuf:"bytes,2,opt,name=http,proto3" json:"http,omitempty"`
}
type ConnectionPoolSettings_HTTPSettings ¶
type ConnectionPoolSettings_HTTPSettings struct {
// Maximum number of pending HTTP requests to a destination. Default 1024.
Http1MaxPendingRequests int32 `` /* 135-byte string literal not displayed */
// Maximum number of requests to a backend. Default 1024.
Http2MaxRequests int32 `protobuf:"varint,2,opt,name=http2_max_requests,json=http2MaxRequests,proto3" json:"http2_max_requests,omitempty"`
// Maximum number of requests per connection to a backend. Setting this
// parameter to 1 disables keep alive. Default 0, meaning "unlimited",
// up to 2^29.
MaxRequestsPerConnection int32 `` /* 138-byte string literal not displayed */
// Maximum number of retries that can be outstanding to all hosts in a
// cluster at a given time. Defaults to 1024.
MaxRetries int32 `protobuf:"varint,4,opt,name=max_retries,json=maxRetries,proto3" json:"max_retries,omitempty"`
// The idle timeout for upstream connection pool connections. The idle timeout is defined as the period in which there are no active requests.
// If not set, the default is 1 hour. When the idle timeout is reached the connection will be closed.
// Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. Applies to both HTTP1.1 and HTTP2 connections.
IdleTimeout *Duration `protobuf:"bytes,5,opt,name=idle_timeout,json=idleTimeout,proto3" json:"idle_timeout,omitempty"`
// Specify if http1.1 connection should be upgraded to http2 for the associated destination.
H2UpgradePolicy ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy `` /* 192-byte string literal not displayed */
}
type ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy ¶
type ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy int32
const ( // Use the global default. ConnectionPoolSettings_HTTPSettings_DEFAULT ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy = 0 // Do not upgrade the connection to http2. // This opt-out option overrides the default. ConnectionPoolSettings_HTTPSettings_DO_NOT_UPGRADE ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy = 1 // Upgrade the connection to http2. // This opt-in option overrides the default. ConnectionPoolSettings_HTTPSettings_UPGRADE ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy = 2 )
type ConnectionPoolSettings_TCPSettings ¶
type ConnectionPoolSettings_TCPSettings struct {
// Maximum number of HTTP1 /TCP connections to a destination host. Default 1024.
MaxConnections int32 `protobuf:"varint,1,opt,name=max_connections,json=maxConnections,proto3" json:"max_connections,omitempty"`
// TCP connection timeout.
ConnectTimeout *Duration `protobuf:"bytes,2,opt,name=connect_timeout,json=connectTimeout,proto3" json:"connect_timeout,omitempty"`
// If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives.
TcpKeepalive *ConnectionPoolSettings_TCPSettings_TcpKeepalive `protobuf:"bytes,3,opt,name=tcp_keepalive,json=tcpKeepalive,proto3" json:"tcp_keepalive,omitempty"`
}
type ConnectionPoolSettings_TCPSettings_TcpKeepalive ¶
type ConnectionPoolSettings_TCPSettings_TcpKeepalive struct {
// Maximum number of keepalive probes to send without response before
// deciding the connection is dead. Default is to use the OS level configuration
// (unless overridden, Linux defaults to 9.)
Probes uint32 `protobuf:"varint,1,opt,name=probes,proto3" json:"probes,omitempty"`
// The time duration a connection needs to be idle before keep-alive
// probes start being sent. Default is to use the OS level configuration
// (unless overridden, Linux defaults to 7200s (ie 2 hours.)
Time *Duration `protobuf:"bytes,2,opt,name=time,proto3" json:"time,omitempty"`
// The time duration between keep-alive probes.
// Default is to use the OS level configuration
// (unless overridden, Linux defaults to 75s.)
Interval *Duration `protobuf:"bytes,3,opt,name=interval,proto3" json:"interval,omitempty"`
}
type CorsPolicy ¶
type CorsPolicy struct {
// The list of origins that are allowed to perform CORS requests. The
// content will be serialized into the Access-Control-Allow-Origin
// header. Wildcard * will allow all origins.
AllowOrigin []string `protobuf:"bytes,1,rep,name=allow_origin,json=allowOrigin,proto3" json:"allow_origin,omitempty"`
// List of HTTP methods allowed to access the resource. The content will
// be serialized into the Access-Control-Allow-Methods header.
AllowMethods []string `protobuf:"bytes,2,rep,name=allow_methods,json=allowMethods,proto3" json:"allow_methods,omitempty"`
// List of HTTP headers that can be used when requesting the
// resource. Serialized to Access-Control-Allow-Headers header.
AllowHeaders []string `protobuf:"bytes,3,rep,name=allow_headers,json=allowHeaders,proto3" json:"allow_headers,omitempty"`
// A white list of HTTP headers that the browsers are allowed to
// access. Serialized into Access-Control-Expose-Headers header.
ExposeHeaders []string `protobuf:"bytes,4,rep,name=expose_headers,json=exposeHeaders,proto3" json:"expose_headers,omitempty"`
// Specifies how long the results of a preflight request can be
// cached. Translates to the `Access-Control-Max-Age` header.
MaxAge *Duration `protobuf:"bytes,5,opt,name=max_age,json=maxAge,proto3" json:"max_age,omitempty"`
// Indicates whether the caller is allowed to send the actual request
// (not the preflight) using credentials. Translates to
// `Access-Control-Allow-Credentials` header.
AllowCredentials bool `protobuf:"bytes,6,opt,name=allow_credentials,json=allowCredentials,proto3" json:"allow_credentials,omitempty"`
}
type Destination ¶
type Destination struct {
Host string `protobuf:"bytes,1,opt,name=host,proto3" json:"host,omitempty"`
Subset string `protobuf:"bytes,2,opt,name=subset,proto3" json:"subset,omitempty"`
Port *PortSelector `protobuf:"bytes,3,opt,name=port,proto3" json:"port,omitempty"`
}
type DestinationRule ¶
type DestinationRule struct {
v1.TypeMeta `json:",inline"`
// +optional
v1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
// Spec defines the implementation of this definition.
// +optional
Spec DestinationRuleSpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"`
}
DestinationRule defines policies that apply to traffic intended for a service after routing has occurred.
<!-- go code generation tags +kubetype-gen +kubetype-gen:groupVersion=networking.istio.io/v1alpha3 +genclient +k8s:deepcopy-gen=true -->
type DestinationRuleList ¶
type DestinationRuleList struct {
v1.TypeMeta `json:",inline"`
// +optional
v1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
Items []DestinationRule `json:"items" protobuf:"bytes,2,rep,name=items"`
}
DestinationRuleList is a collection of DestinationRules.
type DestinationRuleSpec ¶
type DestinationRuleSpec struct {
// The name of a service from the service registry. Service
// names are looked up from the platform's service registry (e.g.,
// Kubernetes services, Consul services, etc.) and from the hosts
// declared by [ServiceEntries](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry). Rules defined for
// services that do not exist in the service registry will be ignored.
//
// *Note for Kubernetes users*: When short names are used (e.g. "reviews"
// instead of "reviews.default.svc.cluster.local"), Istio will interpret
// the short name based on the namespace of the rule, not the service. A
// rule in the "default" namespace containing a host "reviews" will be
// interpreted as "reviews.default.svc.cluster.local", irrespective of
// the actual namespace associated with the reviews service. _To avoid
// potential misconfigurations, it is recommended to always use fully
// qualified domain names over short names._
//
// Note that the host field applies to both HTTP and TCP services.
Host string `protobuf:"bytes,1,opt,name=host,proto3" json:"host,omitempty"`
// Traffic policies to apply (load balancing policy, connection pool
// sizes, outlier detection).
TrafficPolicy *TrafficPolicy `protobuf:"bytes,2,opt,name=traffic_policy,json=trafficPolicy,proto3" json:"traffic_policy,omitempty"`
// One or more named sets that represent individual versions of a
// service. Traffic policies can be overridden at subset level.
Subsets []*Subset `protobuf:"bytes,3,rep,name=subsets,proto3" json:"subsets,omitempty"`
// A list of namespaces to which this destination rule is exported.
// The resolution of a destination rule to apply to a service occurs in the
// context of a hierarchy of namespaces. Exporting a destination rule allows
// it to be included in the resolution hierarchy for services in
// other namespaces. This feature provides a mechanism for service owners
// and mesh administrators to control the visibility of destination rules
// across namespace boundaries.
//
// If no namespaces are specified then the destination rule is exported to all
// namespaces by default.
//
// The value "." is reserved and defines an export to the same namespace that
// the destination rule is declared in. Similarly, the value "*" is reserved and
// defines an export to all namespaces.
//
// NOTE: in the current release, the `exportTo` value is restricted to
// "." or "*" (i.e., the current namespace or all namespaces).
ExportTo []string `protobuf:"bytes,4,rep,name=export_to,json=exportTo,proto3" json:"export_to,omitempty"`
}
zk
type Duration ¶
type Duration struct {
// Signed seconds of the span of time. Must be from -315,576,000,000
// to +315,576,000,000 inclusive. Note: these bounds are computed from:
// 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years
Seconds int64 `protobuf:"varint,1,opt,name=seconds,proto3" json:"seconds,omitempty"`
// Signed fractions of a second at nanosecond resolution of the span
// of time. Durations less than one second are represented with a 0
// `seconds` field and a positive or negative `nanos` field. For durations
// of one second or more, a non-zero value for the `nanos` field must be
// of the same sign as the `seconds` field. Must be from -999,999,999
// to +999,999,999 inclusive.
Nanos int32 `protobuf:"varint,2,opt,name=nanos,proto3" json:"nanos,omitempty"`
}
type EnvoyFilter ¶
type EnvoyFilter struct {
v1.TypeMeta `json:",inline"`
// +optional
v1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
// Spec defines the implementation of this definition.
// +optional
Spec EnvoyFilterSpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"`
}
EnvoyFilter provides a mechanism to customize the Envoy configuration generated by Istio Pilot.
<!-- go code generation tags +kubetype-gen +kubetype-gen:groupVersion=networking.istio.io/v1alpha3 +genclient +k8s:deepcopy-gen=true -->
type EnvoyFilterList ¶
type EnvoyFilterList struct {
v1.TypeMeta `json:",inline"`
// +optional
v1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
Items []EnvoyFilter `json:"items" protobuf:"bytes,2,rep,name=items"`
}
EnvoyFilterList is a collection of EnvoyFilters.
type EnvoyFilterSpec ¶
type EnvoyFilterSpec struct {
// Deprecated. Use workload_selector instead.
// $hide_from_docs
WorkloadLabels map[string]string `` // Deprecated: Do not use.
/* 191-byte string literal not displayed */
// $hide_from_docs
Filters []*EnvoyFilter_Filter `protobuf:"bytes,2,rep,name=filters,proto3" json:"filters,omitempty"` // Deprecated: Do not use.
WorkloadSelector *WorkloadSelector `protobuf:"bytes,3,opt,name=workload_selector,json=workloadSelector,proto3" json:"workload_selector,omitempty"`
// One or more patches with match conditions.
ConfigPatches []*EnvoyFilter_EnvoyConfigObjectPatch `protobuf:"bytes,4,rep,name=config_patches,json=configPatches,proto3" json:"config_patches,omitempty"`
}
type EnvoyFilter_ApplyTo ¶
type EnvoyFilter_ApplyTo int32
const ( EnvoyFilter_INVALID EnvoyFilter_ApplyTo = 0 // Applies the patch to the listener. EnvoyFilter_LISTENER EnvoyFilter_ApplyTo = 1 // Applies the patch to the filter chain. EnvoyFilter_FILTER_CHAIN EnvoyFilter_ApplyTo = 2 // Applies the patch to the network filter chain, to modify an // existing filter or add a new filter. EnvoyFilter_NETWORK_FILTER EnvoyFilter_ApplyTo = 3 // Applies the patch to the HTTP filter chain in the http // connection manager, to modify an existing filter or add a new // filter. EnvoyFilter_HTTP_FILTER EnvoyFilter_ApplyTo = 4 // Applies the patch to the Route configuration (rds output) // inside a HTTP connection manager. This does not apply to the // virtual host. Currently, only MERGE operation is allowed on the // route configuration objects. EnvoyFilter_ROUTE_CONFIGURATION EnvoyFilter_ApplyTo = 5 // Applies the patch to a virtual host inside a route configuration. EnvoyFilter_VIRTUAL_HOST EnvoyFilter_ApplyTo = 6 // Applies the patch to a route object inside the matched virtual // host in a route configuration. Currently, only MERGE operation // is allowed on the route objects. EnvoyFilter_HTTP_ROUTE EnvoyFilter_ApplyTo = 7 // Applies the patch to a cluster in a CDS output. Also used to add new clusters. EnvoyFilter_CLUSTER EnvoyFilter_ApplyTo = 8 )
type EnvoyFilter_DeprecatedListenerMatch ¶
type EnvoyFilter_DeprecatedListenerMatch struct {
// The service port/gateway port to which traffic is being
// sent/received. If not specified, matches all listeners. Even though
// inbound listeners are generated for the instance/pod ports, only
// service ports should be used to match listeners.
PortNumber uint32 `protobuf:"varint,1,opt,name=port_number,json=portNumber,proto3" json:"port_number,omitempty"`
// Instead of using specific port numbers, a set of ports matching a
// given port name prefix can be selected. E.g., "mongo" selects ports
// named mongo-port, mongo, mongoDB, MONGO, etc. Matching is case
// insensitive.
PortNamePrefix string `protobuf:"bytes,2,opt,name=port_name_prefix,json=portNamePrefix,proto3" json:"port_name_prefix,omitempty"`
// Inbound vs outbound sidecar listener or gateway listener. If not specified,
// matches all listeners.
ListenerType EnvoyFilter_DeprecatedListenerMatch_ListenerType `` /* 178-byte string literal not displayed */
// Selects a class of listeners for the same protocol. Use the protocol
// selection to select all HTTP listeners (includes HTTP2/gRPC/HTTPS
// where Envoy terminates TLS) or all TCP listeners (includes HTTPS
// passthrough using SNI). When adding a HTTP filter, the listenerProtocol
// should be set to HTTP.
ListenerProtocol EnvoyFilter_DeprecatedListenerMatch_ListenerProtocol `` /* 194-byte string literal not displayed */
// One or more IP addresses to which the listener is bound. If
// specified, should match at least one address in the list.
Address []string `protobuf:"bytes,5,rep,name=address,proto3" json:"address,omitempty"`
}
type EnvoyFilter_DeprecatedListenerMatch_ListenerProtocol ¶
type EnvoyFilter_DeprecatedListenerMatch_ListenerProtocol int32
const ( // All protocols EnvoyFilter_DeprecatedListenerMatch_ALL EnvoyFilter_DeprecatedListenerMatch_ListenerProtocol = 0 // HTTP or HTTPS (with termination) / HTTP2/gRPC EnvoyFilter_DeprecatedListenerMatch_HTTP EnvoyFilter_DeprecatedListenerMatch_ListenerProtocol = 1 // Any non-HTTP listener EnvoyFilter_DeprecatedListenerMatch_TCP EnvoyFilter_DeprecatedListenerMatch_ListenerProtocol = 2 )
type EnvoyFilter_DeprecatedListenerMatch_ListenerType ¶
type EnvoyFilter_DeprecatedListenerMatch_ListenerType int32
const ( // All listeners EnvoyFilter_DeprecatedListenerMatch_ANY EnvoyFilter_DeprecatedListenerMatch_ListenerType = 0 // Inbound listener in sidecar EnvoyFilter_DeprecatedListenerMatch_SIDECAR_INBOUND EnvoyFilter_DeprecatedListenerMatch_ListenerType = 1 // Outbound listener in sidecar EnvoyFilter_DeprecatedListenerMatch_SIDECAR_OUTBOUND EnvoyFilter_DeprecatedListenerMatch_ListenerType = 2 // Gateway listener EnvoyFilter_DeprecatedListenerMatch_GATEWAY EnvoyFilter_DeprecatedListenerMatch_ListenerType = 3 )
type EnvoyFilter_EnvoyConfigObjectMatch ¶
type EnvoyFilter_EnvoyConfigObjectMatch struct {
// The specific config generation context to match on. Istio Pilot
// generates envoy configuration in the context of a gateway,
// inbound traffic to sidecar and outbound traffic from sidecar.
Context EnvoyFilter_PatchContext `protobuf:"varint,1,opt,name=context,proto3,enum=istio.networking.v1alpha3.EnvoyFilter_PatchContext" json:"context,omitempty"`
// Match on properties associated with a proxy.
Proxy *EnvoyFilter_ProxyMatch `protobuf:"bytes,2,opt,name=proxy,proto3" json:"proxy,omitempty"`
// Types that are valid to be assigned to ObjectTypes:
// *EnvoyFilter_EnvoyConfigObjectMatch_Listener
// *EnvoyFilter_EnvoyConfigObjectMatch_RouteConfiguration
// *EnvoyFilter_EnvoyConfigObjectMatch_Cluster
ObjectTypes isEnvoyFilter_EnvoyConfigObjectMatch_ObjectTypes `protobuf_oneof:"object_types"`
}
type EnvoyFilter_EnvoyConfigObjectPatch ¶
type EnvoyFilter_EnvoyConfigObjectPatch struct {
ApplyTo EnvoyFilter_ApplyTo `` /* 134-byte string literal not displayed */
// Match on listener/route configuration/cluster.
Match *EnvoyFilter_EnvoyConfigObjectMatch `protobuf:"bytes,2,opt,name=match,proto3" json:"match,omitempty"`
// The patch to apply along with the operation.
Patch *EnvoyFilter_Patch `protobuf:"bytes,3,opt,name=patch,proto3" json:"patch,omitempty"`
}
type EnvoyFilter_Filter ¶
type EnvoyFilter_Filter struct {
ListenerMatch *EnvoyFilter_DeprecatedListenerMatch `protobuf:"bytes,1,opt,name=listener_match,json=listenerMatch,proto3" json:"listener_match,omitempty"`
// Insert position in the filter chain. Defaults to FIRST
InsertPosition *EnvoyFilter_InsertPosition `protobuf:"bytes,2,opt,name=insert_position,json=insertPosition,proto3" json:"insert_position,omitempty"`
// The type of filter to instantiate.
FilterType EnvoyFilter_Filter_FilterType `` /* 153-byte string literal not displayed */
// The name of the filter to instantiate. The name must match a supported
// filter _compiled into_ Envoy.
FilterName string `protobuf:"bytes,4,opt,name=filter_name,json=filterName,proto3" json:"filter_name,omitempty"`
// Filter specific configuration which depends on the filter being
// instantiated.
FilterConfig *types.Struct `protobuf:"bytes,5,opt,name=filter_config,json=filterConfig,proto3" json:"filter_config,omitempty"`
}
type EnvoyFilter_Filter_FilterType ¶
type EnvoyFilter_Filter_FilterType int32
const ( // placeholder EnvoyFilter_Filter_INVALID EnvoyFilter_Filter_FilterType = 0 // Http filter EnvoyFilter_Filter_HTTP EnvoyFilter_Filter_FilterType = 1 // Network filter EnvoyFilter_Filter_NETWORK EnvoyFilter_Filter_FilterType = 2 )
type EnvoyFilter_InsertPosition ¶
type EnvoyFilter_InsertPosition struct {
// Position of this filter in the filter chain.
Index EnvoyFilter_InsertPosition_Index `` /* 128-byte string literal not displayed */
// If BEFORE or AFTER position is specified, specify the name of the
// filter relative to which this filter should be inserted.
RelativeTo string `protobuf:"bytes,2,opt,name=relative_to,json=relativeTo,proto3" json:"relative_to,omitempty"`
}
type EnvoyFilter_InsertPosition_Index ¶
type EnvoyFilter_InsertPosition_Index int32
const ( // Insert first EnvoyFilter_InsertPosition_FIRST EnvoyFilter_InsertPosition_Index = 0 // Insert last EnvoyFilter_InsertPosition_LAST EnvoyFilter_InsertPosition_Index = 1 // Insert before the named filter. EnvoyFilter_InsertPosition_BEFORE EnvoyFilter_InsertPosition_Index = 2 // Insert after the named filter. EnvoyFilter_InsertPosition_AFTER EnvoyFilter_InsertPosition_Index = 3 )
type EnvoyFilter_Patch ¶
type EnvoyFilter_Patch struct {
// Determines how the patch should be applied.
Operation EnvoyFilter_Patch_Operation `` /* 131-byte string literal not displayed */
// The JSON config of the object being patched. This will be merged using
// json merge semantics with the existing proto in the path.
Value *Struct `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"`
}
type EnvoyFilter_PatchContext ¶
type EnvoyFilter_PatchContext int32
const ( // All listeners/routes/clusters in both sidecars and gateways. EnvoyFilter_ANY EnvoyFilter_PatchContext = 0 // Inbound listener/route/cluster in sidecar. EnvoyFilter_SIDECAR_INBOUND EnvoyFilter_PatchContext = 1 // Outbound listener/route/cluster in sidecar. EnvoyFilter_SIDECAR_OUTBOUND EnvoyFilter_PatchContext = 2 // Gateway listener/route/cluster. EnvoyFilter_GATEWAY EnvoyFilter_PatchContext = 3 )
type EnvoyFilter_Patch_Operation ¶
type EnvoyFilter_Patch_Operation int32
const ( EnvoyFilter_Patch_INVALID EnvoyFilter_Patch_Operation = 0 // Merge the provided config with the generated config using // json merge semantics. EnvoyFilter_Patch_MERGE EnvoyFilter_Patch_Operation = 1 // Add the provided config to an existing list (of listeners, // clusters, virtual hosts, network filters, or http // filters). This operation will be ignored when applyTo is set // to ROUTE_CONFIGURATION, or HTTP_ROUTE. EnvoyFilter_Patch_ADD EnvoyFilter_Patch_Operation = 2 // Remove the selected object from the list (of listeners, // clusters, virtual hosts, network filters, or http // filters). Does not require a value to be specified. This // operation will be ignored when applyTo is set to // ROUTE_CONFIGURATION, or HTTP_ROUTE. EnvoyFilter_Patch_REMOVE EnvoyFilter_Patch_Operation = 3 // Insert operation on an array of named objects. This operation // is typically useful only in the context of filters, where the // order of filters matter. For clusters and virtual hosts, // order of the element in the array does not matter. Insert // before the selected filter or sub filter. If no filter is // selected, the specified filter will be inserted at the front // of the list. EnvoyFilter_Patch_INSERT_BEFORE EnvoyFilter_Patch_Operation = 4 // Insert operation on an array of named objects. This operation // is typically useful only in the context of filters, where the // order of filters matter. For clusters and virtual hosts, // order of the element in the array does not matter. Insert // after the selected filter or sub filter. If no filter is // selected, the specified filter will be inserted at the end // of the list. EnvoyFilter_Patch_INSERT_AFTER EnvoyFilter_Patch_Operation = 5 )
type EnvoyFilter_ProxyMatch ¶
type Gateway ¶
type Gateway struct {
v1.TypeMeta `json:",inline"`
// +optional
v1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
// Spec defines the implementation of this definition.
// +optional
Spec GatewaySpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"`
}
Gateway describes a load balancer operating at the edge of the mesh receiving incoming or outgoing HTTP/TCP connections.
<!-- go code generation tags +kubetype-gen +kubetype-gen:groupVersion=networking.istio.io/v1alpha3 +genclient +k8s:deepcopy-gen=true -->
type GatewayList ¶
type GatewayList struct {
v1.TypeMeta `json:",inline"`
// +optional
v1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
Items []Gateway `json:"items" protobuf:"bytes,2,rep,name=items"`
}
GatewayList is a collection of Gateways.
type GatewaySpec ¶
type GatewaySpec struct {
// A list of server specifications.
Servers []*Server `protobuf:"bytes,1,rep,name=servers,proto3" json:"servers,omitempty"`
// One or more labels that indicate a specific set of pods/VMs
// on which this gateway configuration should be applied. The scope of
// label search is restricted to the configuration namespace in which the
// the resource is present. In other words, the Gateway resource must
// reside in the same namespace as the gateway workload instance.
Selector map[string]string `` /* 157-byte string literal not displayed */
}
type HTTPMatchRequest ¶
type HTTPMatchRequest struct {
Name string `protobuf:"bytes,11,opt,name=name,proto3" json:"name,omitempty"`
Uri *StringMatch `protobuf:"bytes,1,opt,name=uri,proto3" json:"uri,omitempty"`
Scheme *StringMatch `protobuf:"bytes,2,opt,name=scheme,proto3" json:"scheme,omitempty"`
Method *StringMatch `protobuf:"bytes,3,opt,name=method,proto3" json:"method,omitempty"`
Authority *StringMatch `protobuf:"bytes,4,opt,name=authority,proto3" json:"authority,omitempty"`
Headers map[string]*StringMatch `` /* 155-byte string literal not displayed */
Port uint32 `protobuf:"varint,6,opt,name=port,proto3" json:"port,omitempty"`
SourceLabels map[string]string `` /* 185-byte string literal not displayed */
// $hide_from_docs
Gateways []string `protobuf:"bytes,8,rep,name=gateways,proto3" json:"gateways,omitempty"`
QueryParams map[string]*StringMatch `` /* 182-byte string literal not displayed */
IgnoreUriCase bool `protobuf:"varint,10,opt,name=ignore_uri_case,json=ignoreUriCase,proto3" json:"ignore_uri_case,omitempty"`
}
type HTTPRedirect ¶
type HTTPRedirect struct {
// On a redirect, overwrite the Path portion of the URL with this
// value. Note that the entire path will be replaced, irrespective of the
// request URI being matched as an exact path or prefix.
Uri string `protobuf:"bytes,1,opt,name=uri,proto3" json:"uri,omitempty"`
// On a redirect, overwrite the Authority/Host portion of the URL with
// this value.
Authority string `protobuf:"bytes,2,opt,name=authority,proto3" json:"authority,omitempty"`
// On a redirect, Specifies the HTTP status code to use in the redirect
// response. The default response code is MOVED_PERMANENTLY (301).
RedirectCode uint32 `protobuf:"varint,3,opt,name=redirect_code,json=redirectCode,proto3" json:"redirect_code,omitempty"`
}
type HTTPRetry ¶
type HTTPRetry struct {
Attempts int32 `protobuf:"varint,1,opt,name=attempts,proto3" json:"attempts,omitempty"`
PerTryTimeout *Duration `protobuf:"bytes,2,opt,name=per_try_timeout,json=perTryTimeout,proto3" json:"per_try_timeout,omitempty"`
RetryOn string `protobuf:"bytes,3,opt,name=retry_on,json=retryOn,proto3" json:"retry_on,omitempty"`
}
type HTTPRewrite ¶
type HTTPRewrite struct {
// rewrite the path (or the prefix) portion of the URI with this
// value. If the original URI was matched based on prefix, the value
// provided in this field will replace the corresponding matched prefix.
Uri string `protobuf:"bytes,1,opt,name=uri,proto3" json:"uri,omitempty"`
// rewrite the Authority/Host header with this value.
Authority string `protobuf:"bytes,2,opt,name=authority,proto3" json:"authority,omitempty"`
}
type HTTPRoute ¶
type HTTPRoute struct {
// The name assigned to the route for debugging purposes. The
// route's name will be concatenated with the match's name and will
// be logged in the access logs for requests matching this
// route/match.
Name string `protobuf:"bytes,17,opt,name=name,proto3" json:"name,omitempty"`
// Match conditions to be satisfied for the rule to be
// activated. All conditions inside a single match block have AND
// semantics, while the list of match blocks have OR semantics. The rule
// is matched if any one of the match blocks succeed.
Match []*HTTPMatchRequest `protobuf:"bytes,1,rep,name=match,proto3" json:"match,omitempty"`
// A http rule can either redirect or forward (default) traffic. The
// forwarding target can be one of several versions of a service (see
// glossary in beginning of document). Weights associated with the
// service version determine the proportion of traffic it receives.
Route []*HTTPRouteDestination `protobuf:"bytes,2,rep,name=route,proto3" json:"route,omitempty"`
// A http rule can either redirect or forward (default) traffic. If
// traffic passthrough option is specified in the rule,
// route/redirect will be ignored. The redirect primitive can be used to
// send a HTTP 301 redirect to a different URI or Authority.
Redirect *HTTPRedirect `protobuf:"bytes,3,opt,name=redirect,proto3" json:"redirect,omitempty"`
// Rewrite HTTP URIs and Authority headers. Rewrite cannot be used with
// Redirect primitive. Rewrite will be performed before forwarding.
Rewrite *HTTPRewrite `protobuf:"bytes,4,opt,name=rewrite,proto3" json:"rewrite,omitempty"`
// Deprecated. Websocket upgrades are done automatically starting from Istio 1.0.
// $hide_from_docs
WebsocketUpgrade bool `protobuf:"varint,5,opt,name=websocket_upgrade,json=websocketUpgrade,proto3" json:"websocket_upgrade,omitempty"`
// Timeout for HTTP requests.
Timeout *Duration `protobuf:"bytes,6,opt,name=timeout,proto3" json:"timeout,omitempty"`
// Retry policy for HTTP requests.
Retries *HTTPRetry `protobuf:"bytes,7,opt,name=retries,proto3" json:"retries,omitempty"`
// Fault injection policy to apply on HTTP traffic at the client side.
// Note that timeouts or retries will not be enabled when faults are
// enabled on the client side.
//zk unnecessary
//Fault *HTTPFaultInjection `protobuf:"bytes,8,opt,name=fault,proto3" json:"fault,omitempty"`
// Mirror HTTP traffic to a another destination in addition to forwarding
// the requests to the intended destination. Mirrored traffic is on a
// best effort basis where the sidecar/gateway will not wait for the
// mirrored cluster to respond before returning the response from the
// original destination. Statistics will be generated for the mirrored
// destination.
Mirror *Destination `protobuf:"bytes,9,opt,name=mirror,proto3" json:"mirror,omitempty"`
// Percentage of the traffic to be mirrored by the `mirror` field.
// If this field is absent, all the traffic (100%) will be mirrored.
// Max value is 100.
MirrorPercent *uint32 `protobuf:"bytes,18,opt,name=mirror_percent,json=mirrorPercent,proto3" json:"mirror_percent,omitempty"`
// Cross-Origin Resource Sharing policy (CORS). Refer to
// [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS)
// for further details about cross origin resource sharing.
CorsPolicy *CorsPolicy `protobuf:"bytes,10,opt,name=cors_policy,json=corsPolicy,proto3" json:"cors_policy,omitempty"`
// $hide_from_docs
AppendHeaders map[string]string `` // Deprecated: Do not use.
/* 189-byte string literal not displayed */
// $hide_from_docs
RemoveResponseHeaders []string `` // Deprecated: Do not use.
/* 127-byte string literal not displayed */
// $hide_from_docs
AppendResponseHeaders map[string]string `` // Deprecated: Do not use.
/* 215-byte string literal not displayed */
// $hide_from_docs
RemoveRequestHeaders []string `protobuf:"bytes,14,rep,name=remove_request_headers,json=removeRequestHeaders,proto3" json:"remove_request_headers,omitempty"` // Deprecated: Do not use.
// $hide_from_docs
AppendRequestHeaders map[string]string `` // Deprecated: Do not use.
/* 212-byte string literal not displayed */
// Header manipulation rules
Headers *Headers `protobuf:"bytes,16,opt,name=headers,proto3" json:"headers,omitempty"`
}
type HTTPRouteDestination ¶
type HTTPRouteDestination struct {
// Destination uniquely identifies the instances of a service
// to which the request/connection should be forwarded to.
Destination *Destination `protobuf:"bytes,1,opt,name=destination,proto3" json:"destination,omitempty"`
// The proportion of traffic to be forwarded to the service
// version. (0-100). Sum of weights across destinations SHOULD BE == 100.
// If there is only one destination in a rule, the weight value is assumed to
// be 100.
Weight int32 `protobuf:"varint,2,opt,name=weight,proto3" json:"weight,omitempty"`
// Use of `remove_response_header` is deprecated. Use the `headers`
// field instead.
RemoveResponseHeaders []string `` // Deprecated: Do not use.
/* 126-byte string literal not displayed */
// Use of `append_response_headers` is deprecated. Use the `headers`
// field instead.
AppendResponseHeaders map[string]string `` // Deprecated: Do not use.
/* 214-byte string literal not displayed */
// Use of `remove_request_headers` is deprecated. Use the `headers`
// field instead.
RemoveRequestHeaders []string `protobuf:"bytes,5,rep,name=remove_request_headers,json=removeRequestHeaders,proto3" json:"remove_request_headers,omitempty"` // Deprecated: Do not use.
// Use of `append_request_headers` is deprecated. Use the `headers`
// field instead.
AppendRequestHeaders map[string]string `` // Deprecated: Do not use.
/* 211-byte string literal not displayed */
// Header manipulation rules
Headers *Headers `protobuf:"bytes,7,opt,name=headers,proto3" json:"headers,omitempty"`
}
type Headers ¶
type Headers struct {
Request *Headers_HeaderOperations `protobuf:"bytes,1,opt,name=request,proto3" json:"request,omitempty"`
Response *Headers_HeaderOperations `protobuf:"bytes,2,opt,name=response,proto3" json:"response,omitempty"`
}
type IstioEgressListener ¶
type IstioEgressListener struct {
Port *Port `protobuf:"bytes,1,opt,name=port,proto3" json:"port,omitempty"`
Bind string `protobuf:"bytes,2,opt,name=bind,proto3" json:"bind,omitempty"`
CaptureMode CaptureMode `` /* 138-byte string literal not displayed */
Hosts []string `protobuf:"bytes,4,rep,name=hosts,proto3" json:"hosts,omitempty"`
}
type IstioIngressListener ¶
type IstioIngressListener struct {
// The port associated with the listener.
Port *Port `protobuf:"bytes,1,opt,name=port,proto3" json:"port,omitempty"`
// The IP to which the listener should be bound. Must be in the
// format `x.x.x.x`. Unix domain socket addresses are not allowed in
// the bind field for ingress listeners. If omitted, Istio will
// automatically configure the defaults based on imported services
// and the workload instances to which this configuration is applied
// to.
Bind string `protobuf:"bytes,2,opt,name=bind,proto3" json:"bind,omitempty"`
// The captureMode option dictates how traffic to the listener is
// expected to be captured (or not).
CaptureMode CaptureMode `` /* 138-byte string literal not displayed */
// The loopback IP endpoint or Unix domain socket to which
// traffic should be forwarded to. This configuration can be used to
// redirect traffic arriving at the bind `IP:Port` on the sidecar to a `localhost:port`
// or Unix domain socket where the application workload instance is listening for
// connections. Format should be `127.0.0.1:PORT` or `unix:///path/to/socket`
DefaultEndpoint string `protobuf:"bytes,4,opt,name=default_endpoint,json=defaultEndpoint,proto3" json:"default_endpoint,omitempty"`
}
type L4MatchAttributes ¶
type L4MatchAttributes struct {
DestinationSubnets []string `protobuf:"bytes,1,rep,name=destination_subnets,json=destinationSubnets,proto3" json:"destination_subnets,omitempty"`
Port uint32 `protobuf:"varint,2,opt,name=port,proto3" json:"port,omitempty"`
SourceSubnet string `protobuf:"bytes,3,opt,name=source_subnet,json=sourceSubnet,proto3" json:"source_subnet,omitempty"`
SourceLabels map[string]string `` /* 185-byte string literal not displayed */
Gateways []string `protobuf:"bytes,5,rep,name=gateways,proto3" json:"gateways,omitempty"`
}
type LoadBalancerSettings ¶
type LoadBalancerSettings struct {
// Upstream load balancing policy.
//
// Types that are valid to be assigned to LbPolicy:
// *LoadBalancerSettings_Simple
// *LoadBalancerSettings_ConsistentHash
//zk todo
//LbPolicy isLoadBalancerSettings_LbPolicy `protobuf_oneof:"lb_policy"`
// Locality load balancer settings, this will override mesh wide settings in entirety, meaning no merging would be performed
// between this object and the object one in MeshConfig
LocalityLbSetting *LocalityLoadBalancerSetting `protobuf:"bytes,3,opt,name=locality_lb_setting,json=localityLbSetting,proto3" json:"locality_lb_setting,omitempty"`
}
type LocalityLoadBalancerSetting ¶
type LocalityLoadBalancerSetting struct {
// Optional: only one of distribute or failover can be set.
// Explicitly specify loadbalancing weight across different zones and geographical locations.
// Refer to [Locality weighted load balancing](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/locality_weight)
// If empty, the locality weight is set according to the endpoints number within it.
Distribute []*LocalityLoadBalancerSetting_Distribute `protobuf:"bytes,1,rep,name=distribute,proto3" json:"distribute,omitempty"`
// Optional: only failover or distribute can be set.
// Explicitly specify the region traffic will land on when endpoints in local region becomes unhealthy.
// Should be used together with OutlierDetection to detect unhealthy endpoints.
// Note: if no OutlierDetection specified, this will not take effect.
Failover []*LocalityLoadBalancerSetting_Failover `protobuf:"bytes,2,rep,name=failover,proto3" json:"failover,omitempty"`
}
type LocalityLoadBalancerSetting_Distribute ¶
type LocalityLoadBalancerSetting_Distribute struct {
// Originating locality, '/' separated, e.g. 'region/zone/sub_zone'.
From string `protobuf:"bytes,1,opt,name=from,proto3" json:"from,omitempty"`
// Map of upstream localities to traffic distribution weights. The sum of
// all weights should be == 100. Any locality not assigned a weight will
// receive no traffic.
To map[string]uint32 `` /* 146-byte string literal not displayed */
}
type LocalityLoadBalancerSetting_Failover ¶
type LocalityLoadBalancerSetting_Failover struct {
// Originating region.
From string `protobuf:"bytes,1,opt,name=from,proto3" json:"from,omitempty"`
// Destination region the traffic will fail over to when endpoints in
// the 'from' region becomes unhealthy.
To string `protobuf:"bytes,2,opt,name=to,proto3" json:"to,omitempty"`
}
type OutboundTrafficPolicy ¶
type OutboundTrafficPolicy struct {
Mode OutboundTrafficPolicy_Mode `protobuf:"varint,1,opt,name=mode,proto3,enum=istio.networking.v1alpha3.OutboundTrafficPolicy_Mode" json:"mode,omitempty"`
}
type OutboundTrafficPolicy_Mode ¶
type OutboundTrafficPolicy_Mode int32
const ( // Outbound traffic will be restricted to services defined in the // service registry as well as those defined through `ServiceEntry` configurations. OutboundTrafficPolicy_REGISTRY_ONLY OutboundTrafficPolicy_Mode = 0 // Outbound traffic to unknown destinations will be allowed, in case // there are no services or `ServiceEntry` configurations for the destination port. OutboundTrafficPolicy_ALLOW_ANY OutboundTrafficPolicy_Mode = 1 )
type OutlierDetection ¶
type OutlierDetection struct {
// Number of errors before a host is ejected from the connection
// pool. Defaults to 5. When the upstream host is accessed over HTTP, a
// 502, 503, or 504 return code qualifies as an error. When the upstream host
// is accessed over an opaque TCP connection, connect timeouts and
// connection error/failure events qualify as an error.
ConsecutiveErrors int32 `protobuf:"varint,1,opt,name=consecutive_errors,json=consecutiveErrors,proto3" json:"consecutive_errors,omitempty"`
// Time interval between ejection sweep analysis. format:
// 1h/1m/1s/1ms. MUST BE >=1ms. Default is 10s.
Interval *Duration `protobuf:"bytes,2,opt,name=interval,proto3" json:"interval,omitempty"`
// Minimum ejection duration. A host will remain ejected for a period
// equal to the product of minimum ejection duration and the number of
// times the host has been ejected. This technique allows the system to
// automatically increase the ejection period for unhealthy upstream
// servers. format: 1h/1m/1s/1ms. MUST BE >=1ms. Default is 30s.
BaseEjectionTime *Duration `protobuf:"bytes,3,opt,name=base_ejection_time,json=baseEjectionTime,proto3" json:"base_ejection_time,omitempty"`
// Maximum % of hosts in the load balancing pool for the upstream
// service that can be ejected. Defaults to 10%.
MaxEjectionPercent int32 `protobuf:"varint,4,opt,name=max_ejection_percent,json=maxEjectionPercent,proto3" json:"max_ejection_percent,omitempty"`
// Outlier detection will be enabled as long as the associated load balancing
// pool has at least min_health_percent hosts in healthy mode. When the
// percentage of healthy hosts in the load balancing pool drops below this
// threshold, outlier detection will be disabled and the proxy will load balance
// across all hosts in the pool (healthy and unhealthy). The threshold can be
// disabled by setting it to 0%. The default is 0% as it's not typically
// applicable in k8s environments with few pods per service.
MinHealthPercent int32 `protobuf:"varint,5,opt,name=min_health_percent,json=minHealthPercent,proto3" json:"min_health_percent,omitempty"`
}
type Port ¶
type Port struct {
// A valid non-negative integer port number.
Number uint32 `protobuf:"varint,1,opt,name=number,proto3" json:"number,omitempty"`
// The protocol exposed on the port.
// MUST BE one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TLS.
// TLS implies the connection will be routed based on the SNI header to
// the destination without terminating the TLS connection.
Protocol string `protobuf:"bytes,2,opt,name=protocol,proto3" json:"protocol,omitempty"`
// Label assigned to the port.
Name string `protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"`
}
type PortSelector ¶
type PortSelector struct {
// Valid port number
Number uint32 `protobuf:"varint,1,opt,name=number,proto3" json:"number,omitempty"`
}
type RouteDestination ¶
type RouteDestination struct {
Destination *Destination `protobuf:"bytes,1,opt,name=destination,proto3" json:"destination,omitempty"`
Weight int32 `protobuf:"varint,2,opt,name=weight,proto3" json:"weight,omitempty"`
}
type Server ¶
type Server struct {
Port *Port `protobuf:"bytes,1,opt,name=port,proto3" json:"port,omitempty"`
Bind string `protobuf:"bytes,4,opt,name=bind,proto3" json:"bind,omitempty"`
Hosts []string `protobuf:"bytes,2,rep,name=hosts,proto3" json:"hosts,omitempty"`
Tls *Server_TLSOptions `protobuf:"bytes,3,opt,name=tls,proto3" json:"tls,omitempty"`
DefaultEndpoint string `protobuf:"bytes,5,opt,name=default_endpoint,json=defaultEndpoint,proto3" json:"default_endpoint,omitempty"`
}
type Server_TLSOptions ¶
type Server_TLSOptions struct {
HttpsRedirect bool `json:"https_redirect,omitempty"`
Mode string `json:"mode,omitempty"`
ServerCertificate string `json:"server_certificate,omitempty"`
PrivateKey string `json:"private_key,omitempty"`
CaCertificates string `json:"ca_certificates,omitempty"`
SubjectAltNames []string `json:"subject_alt_names,omitempty"`
}
type ServiceEntry ¶
type ServiceEntry struct {
v1.TypeMeta `json:",inline"`
// +optional
v1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
// Spec defines the implementation of this definition.
// +optional
Spec ServiceEntrySpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"`
}
ServiceEntry enables adding additional entries into Istio's internal service registry.
<!-- go code generation tags +kubetype-gen +kubetype-gen:groupVersion=networking.istio.io/v1alpha3 +genclient +k8s:deepcopy-gen=true -->
type ServiceEntryList ¶
type ServiceEntryList struct {
v1.TypeMeta `json:",inline"`
// +optional
v1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
Items []ServiceEntry `json:"items" protobuf:"bytes,2,rep,name=items"`
}
ServiceEntryList is a collection of ServiceEntries.
type ServiceEntrySpec ¶
type ServiceEntrySpec struct {
Hosts []string `protobuf:"bytes,1,rep,name=hosts,proto3" json:"hosts,omitempty"`
Addresses []string `protobuf:"bytes,2,rep,name=addresses,proto3" json:"addresses,omitempty"`
// The ports associated with the external service. If the
// Endpoints are Unix domain socket addresses, there must be exactly one
// port.
Ports []*Port `protobuf:"bytes,3,rep,name=ports,proto3" json:"ports,omitempty"`
// Specify whether the service should be considered external to the mesh
// or part of the mesh.
Location ServiceEntry_Location `protobuf:"varint,4,opt,name=location,proto3,enum=istio.networking.v1alpha3.ServiceEntry_Location" json:"location,omitempty"`
Resolution ServiceEntry_Resolution `` /* 129-byte string literal not displayed */
// One or more endpoints associated with the service.
Endpoints []*ServiceEntry_Endpoint `protobuf:"bytes,6,rep,name=endpoints,proto3" json:"endpoints,omitempty"`
ExportTo []string `protobuf:"bytes,7,rep,name=export_to,json=exportTo,proto3" json:"export_to,omitempty"`
SubjectAltNames []string `protobuf:"bytes,8,rep,name=subject_alt_names,json=subjectAltNames,proto3" json:"subject_alt_names,omitempty"`
}
type ServiceEntry_Endpoint ¶
type ServiceEntry_Endpoint struct {
Address string `protobuf:"bytes,1,opt,name=address,proto3" json:"address,omitempty"`
Ports map[string]uint32 `` /* 152-byte string literal not displayed */
// One or more labels associated with the endpoint.
Labels map[string]string `` /* 153-byte string literal not displayed */
Network string `protobuf:"bytes,4,opt,name=network,proto3" json:"network,omitempty"`
Locality string `protobuf:"bytes,5,opt,name=locality,proto3" json:"locality,omitempty"`
Weight uint32 `protobuf:"varint,6,opt,name=weight,proto3" json:"weight,omitempty"`
}
type ServiceEntry_Location ¶
type ServiceEntry_Location int32
const ( // Signifies that the service is external to the mesh. Typically used // to indicate external services consumed through APIs. ServiceEntry_MESH_EXTERNAL ServiceEntry_Location = 0 // Signifies that the service is part of the mesh. Typically used to // indicate services added explicitly as part of expanding the service // mesh to include unmanaged infrastructure (e.g., VMs added to a // Kubernetes based service mesh). ServiceEntry_MESH_INTERNAL ServiceEntry_Location = 1 )
type ServiceEntry_Resolution ¶
type ServiceEntry_Resolution int32
const ( ServiceEntry_NONE ServiceEntry_Resolution = 0 // Use the static IP addresses specified in endpoints (see below) as the // backing instances associated with the service. ServiceEntry_STATIC ServiceEntry_Resolution = 1 ServiceEntry_DNS ServiceEntry_Resolution = 2 )
type Sidecar ¶
type Sidecar struct {
v1.TypeMeta `json:",inline"`
// +optional
v1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
// Spec defines the implementation of this definition.
// +optional
//zk
Spec SidecarSpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"`
}
`Sidecar` describes the configuration of the sidecar proxy that mediates inbound and outbound communication of the workload instance to which it is attached.
<!-- go code generation tags +kubetype-gen +kubetype-gen:groupVersion=networking.istio.io/v1alpha3 +genclient +k8s:deepcopy-gen=true -->
type SidecarList ¶
type SidecarList struct {
v1.TypeMeta `json:",inline"`
// +optional
v1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
Items []Sidecar `json:"items" protobuf:"bytes,2,rep,name=items"`
}
SidecarList is a collection of Sidecars.
type SidecarSpec ¶
type SidecarSpec struct {
// Criteria used to select the specific set of pods/VMs on which this
// `Sidecar` configuration should be applied. If omitted, the `Sidecar`
// configuration will be applied to all workload instances in the same namespace.
WorkloadSelector *WorkloadSelector `protobuf:"bytes,1,opt,name=workload_selector,json=workloadSelector,proto3" json:"workload_selector,omitempty"`
// Ingress specifies the configuration of the sidecar for processing
// inbound traffic to the attached workload instance. If omitted, Istio will
// automatically configure the sidecar based on the information about the workload
// obtained from the orchestration platform (e.g., exposed ports, services,
// etc.). If specified, inbound ports are configured if and only if the
// workload instance is associated with a service.
Ingress []*IstioIngressListener `protobuf:"bytes,2,rep,name=ingress,proto3" json:"ingress,omitempty"`
// Egress specifies the configuration of the sidecar for processing
// outbound traffic from the attached workload instance to other services in the
// mesh.
Egress []*IstioEgressListener `protobuf:"bytes,3,rep,name=egress,proto3" json:"egress,omitempty"`
// This allows to configure the outbound traffic policy.
// If your application uses one or more external
// services that are not known apriori, setting the policy to `ALLOW_ANY`
// will cause the sidecars to route any unknown traffic originating from
// the application to its requested destination.
OutboundTrafficPolicy *OutboundTrafficPolicy `` /* 126-byte string literal not displayed */
}
type StringMatch ¶
type StringMatch struct {
MatchType isStringMatch_MatchType `protobuf_oneof:"match_type"`
}
type StringMatch_Exact ¶
type StringMatch_Exact struct {
Exact string `protobuf:"bytes,1,opt,name=exact,proto3,oneof"`
}
type StringMatch_Prefix ¶
type StringMatch_Prefix struct {
Prefix string `protobuf:"bytes,2,opt,name=prefix,proto3,oneof"`
}
type StringMatch_Regex ¶
type StringMatch_Regex struct {
Regex string `protobuf:"bytes,3,opt,name=regex,proto3,oneof"`
}
type Subset ¶
type Subset struct {
// Name of the subset. The service name and the subset name can
// be used for traffic splitting in a route rule.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Labels apply a filter over the endpoints of a service in the
// service registry. See route rules for examples of usage.
Labels map[string]string `` /* 153-byte string literal not displayed */
// Traffic policies that apply to this subset. Subsets inherit the
// traffic policies specified at the DestinationRule level. Settings
// specified at the subset level will override the corresponding settings
// specified at the DestinationRule level.
TrafficPolicy *TrafficPolicy `protobuf:"bytes,3,opt,name=traffic_policy,json=trafficPolicy,proto3" json:"traffic_policy,omitempty"`
}
type TCPRoute ¶
type TCPRoute struct {
Match []*L4MatchAttributes `protobuf:"bytes,1,rep,name=match,proto3" json:"match,omitempty"`
// The destination to which the connection should be forwarded to.
Route []*RouteDestination `protobuf:"bytes,2,rep,name=route,proto3" json:"route,omitempty"`
}
type TLSMatchAttributes ¶
type TLSMatchAttributes struct {
// SNI (server name indicator) to match on. Wildcard prefixes
// can be used in the SNI value, e.g., *.com will match foo.example.com
// as well as example.com. An SNI value must be a subset (i.e., fall
// within the domain) of the corresponding virtual serivce's hosts.
SniHosts []string `protobuf:"bytes,1,rep,name=sni_hosts,json=sniHosts,proto3" json:"sni_hosts,omitempty"`
// IPv4 or IPv6 ip addresses of destination with optional subnet. E.g.,
// a.b.c.d/xx form or just a.b.c.d.
DestinationSubnets []string `protobuf:"bytes,2,rep,name=destination_subnets,json=destinationSubnets,proto3" json:"destination_subnets,omitempty"`
// Specifies the port on the host that is being addressed. Many services
// only expose a single port or label ports with the protocols they
// support, in these cases it is not required to explicitly select the
// port.
Port uint32 `protobuf:"varint,3,opt,name=port,proto3" json:"port,omitempty"`
// IPv4 or IPv6 ip address of source with optional subnet. E.g., a.b.c.d/xx
// form or just a.b.c.d
// $hide_from_docs
SourceSubnet string `protobuf:"bytes,4,opt,name=source_subnet,json=sourceSubnet,proto3" json:"source_subnet,omitempty"`
// One or more labels that constrain the applicability of a rule to
// workloads with the given labels. If the VirtualService has a list of
// gateways specified at the top, it should include the reserved gateway
// `mesh` in order for this field to be applicable.
SourceLabels map[string]string `` /* 185-byte string literal not displayed */
// Names of gateways where the rule should be applied to. Gateway names
// at the top of the VirtualService (if any) are overridden. The gateway
// match is independent of sourceLabels.
Gateways []string `protobuf:"bytes,6,rep,name=gateways,proto3" json:"gateways,omitempty"`
}
type TLSRoute ¶
type TLSRoute struct {
// Match conditions to be satisfied for the rule to be
// activated. All conditions inside a single match block have AND
// semantics, while the list of match blocks have OR semantics. The rule
// is matched if any one of the match blocks succeed.
Match []*TLSMatchAttributes `protobuf:"bytes,1,rep,name=match,proto3" json:"match,omitempty"`
// The destination to which the connection should be forwarded to.
Route []*RouteDestination `protobuf:"bytes,2,rep,name=route,proto3" json:"route,omitempty"`
}
type TLSSettings ¶
type TLSSettings struct {
// Indicates whether connections to this port should be secured
// using TLS. The value of this field determines how TLS is enforced.
Mode TLSSettings_TLSmode `protobuf:"varint,1,opt,name=mode,proto3,enum=istio.networking.v1alpha3.TLSSettings_TLSmode" json:"mode,omitempty"`
// REQUIRED if mode is `MUTUAL`. The path to the file holding the
// client-side TLS certificate to use.
// Should be empty if mode is `ISTIO_MUTUAL`.
ClientCertificate string `protobuf:"bytes,2,opt,name=client_certificate,json=clientCertificate,proto3" json:"client_certificate,omitempty"`
// REQUIRED if mode is `MUTUAL`. The path to the file holding the
// client's private key.
// Should be empty if mode is `ISTIO_MUTUAL`.
PrivateKey string `protobuf:"bytes,3,opt,name=private_key,json=privateKey,proto3" json:"private_key,omitempty"`
// OPTIONAL: The path to the file containing certificate authority
// certificates to use in verifying a presented server certificate. If
// omitted, the proxy will not verify the server's certificate.
// Should be empty if mode is `ISTIO_MUTUAL`.
CaCertificates string `protobuf:"bytes,4,opt,name=ca_certificates,json=caCertificates,proto3" json:"ca_certificates,omitempty"`
// A list of alternate names to verify the subject identity in the
// certificate. If specified, the proxy will verify that the server
// certificate's subject alt name matches one of the specified values.
// If specified, this list overrides the value of subject_alt_names
// from the ServiceEntry.
SubjectAltNames []string `protobuf:"bytes,5,rep,name=subject_alt_names,json=subjectAltNames,proto3" json:"subject_alt_names,omitempty"`
// SNI string to present to the server during TLS handshake.
Sni string `protobuf:"bytes,6,opt,name=sni,proto3" json:"sni,omitempty"`
}
type TLSSettings_TLSmode ¶
type TLSSettings_TLSmode int32
const ( // Do not setup a TLS connection to the upstream endpoint. TLSSettings_DISABLE TLSSettings_TLSmode = 0 // Originate a TLS connection to the upstream endpoint. TLSSettings_SIMPLE TLSSettings_TLSmode = 1 // Secure connections to the upstream using mutual TLS by presenting // client certificates for authentication. TLSSettings_MUTUAL TLSSettings_TLSmode = 2 // Secure connections to the upstream using mutual TLS by presenting // client certificates for authentication. // Compared to Mutual mode, this mode uses certificates generated // automatically by Istio for mTLS authentication. When this mode is // used, all other fields in `TLSSettings` should be empty. TLSSettings_ISTIO_MUTUAL TLSSettings_TLSmode = 3 )
type TrafficPolicy ¶
type TrafficPolicy struct {
// Settings controlling the load balancer algorithms.
LoadBalancer *LoadBalancerSettings `protobuf:"bytes,1,opt,name=load_balancer,json=loadBalancer,proto3" json:"load_balancer,omitempty"`
// Settings controlling the volume of connections to an upstream service
ConnectionPool *ConnectionPoolSettings `protobuf:"bytes,2,opt,name=connection_pool,json=connectionPool,proto3" json:"connection_pool,omitempty"`
// Settings controlling eviction of unhealthy hosts from the load balancing pool
OutlierDetection *OutlierDetection `protobuf:"bytes,3,opt,name=outlier_detection,json=outlierDetection,proto3" json:"outlier_detection,omitempty"`
// TLS related settings for connections to the upstream service.
Tls *TLSSettings `protobuf:"bytes,4,opt,name=tls,proto3" json:"tls,omitempty"`
// Traffic policies specific to individual ports. Note that port level
// settings will override the destination-level settings. Traffic
// settings specified at the destination-level will not be inherited when
// overridden by port-level settings, i.e. default values will be applied
// to fields omitted in port-level traffic policies.
PortLevelSettings []*TrafficPolicy_PortTrafficPolicy `protobuf:"bytes,5,rep,name=port_level_settings,json=portLevelSettings,proto3" json:"port_level_settings,omitempty"`
}
type TrafficPolicy_PortTrafficPolicy ¶
type TrafficPolicy_PortTrafficPolicy struct {
// Specifies the number of a port on the destination service
// on which this policy is being applied.
//
Port *PortSelector `protobuf:"bytes,1,opt,name=port,proto3" json:"port,omitempty"`
// Settings controlling the load balancer algorithms.
LoadBalancer *LoadBalancerSettings `protobuf:"bytes,2,opt,name=load_balancer,json=loadBalancer,proto3" json:"load_balancer,omitempty"`
// Settings controlling the volume of connections to an upstream service
ConnectionPool *ConnectionPoolSettings `protobuf:"bytes,3,opt,name=connection_pool,json=connectionPool,proto3" json:"connection_pool,omitempty"`
// Settings controlling eviction of unhealthy hosts from the load balancing pool
OutlierDetection *OutlierDetection `protobuf:"bytes,4,opt,name=outlier_detection,json=outlierDetection,proto3" json:"outlier_detection,omitempty"`
// TLS related settings for connections to the upstream service.
Tls *TLSSettings `protobuf:"bytes,5,opt,name=tls,proto3" json:"tls,omitempty"`
}
type VirtualService ¶
type VirtualService struct {
v1.TypeMeta `json:",inline"`
// +optional
v1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
// Spec defines the implementation of this definition.
// +optional
Spec VirtualServiceSpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"`
}
Configuration affecting traffic routing.
<!-- go code generation tags +kubetype-gen +kubetype-gen:groupVersion=networking.istio.io/v1alpha3 +genclient +k8s:deepcopy-gen=true -->
type VirtualServiceList ¶
type VirtualServiceList struct {
v1.TypeMeta `json:",inline"`
// +optional
v1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
Items []VirtualService `json:"items" protobuf:"bytes,2,rep,name=items"`
}
VirtualServiceList is a collection of VirtualServices.
type VirtualServiceSpec ¶
type VirtualServiceSpec struct {
Hosts []string `protobuf:"bytes,1,rep,name=hosts,proto3" json:"hosts,omitempty"`
Gateways []string `protobuf:"bytes,2,rep,name=gateways,proto3" json:"gateways,omitempty"`
Http []*HTTPRoute `protobuf:"bytes,3,rep,name=http,proto3" json:"http,omitempty"`
Tls []*TLSRoute `protobuf:"bytes,5,rep,name=tls,proto3" json:"tls,omitempty"`
Tcp []*TCPRoute `protobuf:"bytes,4,rep,name=tcp,proto3" json:"tcp,omitempty"`
ExportTo []string `protobuf:"bytes,6,rep,name=export_to,json=exportTo,proto3" json:"export_to,omitempty"`
}
type WorkloadSelector ¶
Source Files
Click to show internal directories.
Click to hide internal directories.