Documentation ¶
Overview ¶
Package v1alpha3 is the v1alpha3 version of the API.
Index ¶
- Constants
- Variables
- func Resource(resource string) schema.GroupResource
- type CertManagerProviderSpec
- type CertificateSpec
- type CloudServiceAccessNames
- type ClusterPropertySpec
- type ClusterSetSpec
- type ConnectorGatewaySpec
- type ConnectorSpec
- type EgressGatewaySpec
- type ExternalAuthzSpec
- type FLBSpec
- type FLBUpstreamMode
- type FeatureFlags
- type GatewayAPISpec
- type HTTP
- type ImageSpec
- type IngressGatewayCertSpec
- type IngressSpec
- type LoadBalancerType
- type LocalDNSProxy
- type LocalProxyMode
- type MeshConfig
- type MeshConfigList
- type MeshConfigSpec
- type MeshRootCertificate
- type MeshRootCertificateList
- type MeshRootCertificateSpec
- type MeshRootCertificateStatus
- type MiscSpec
- type ObservabilitySpec
- type PluginChainSpec
- type PluginChainsSpec
- type ProviderSpec
- type ProxyTag
- type RemoteLoggingSpec
- type RepoServerSpec
- type ResolveAddr
- type ResolveDN
- type SSLPassthrough
- type SecretKeyReferenceSpec
- type ServiceAccessMode
- type ServiceAccessNames
- type ServiceLBSpec
- type SidecarSpec
- type TLS
- type TracingSpec
- type TrafficSpec
- type TresorCASpec
- type TresorProviderSpec
- type VaultProviderSpec
- type VaultTokenSpec
- type WildcardDN
Constants ¶
const GroupName = "config.flomesh.io"
GroupName specifies the group name used to register the objects.
Variables ¶
var ( // localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes. SchemeBuilder runtime.SchemeBuilder // Deprecated: use Install instead AddToScheme = localSchemeBuilder.AddToScheme Install = localSchemeBuilder.AddToScheme )
var GroupVersion = v1.GroupVersion{Group: GroupName, Version: "v1alpha3"}
GroupVersion specifies the group and the version used to register the objects.
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha3"}
SchemeGroupVersion is group version used to register these objects Deprecated: use GroupVersion instead.
Functions ¶
func Resource ¶
func Resource(resource string) schema.GroupResource
Resource takes an unqualified resource and returns a Group qualified GroupResource
Types ¶
type CertManagerProviderSpec ¶
type CertManagerProviderSpec struct { // IssuerName specifies the name of the Issuer resource IssuerName string `json:"issuerName"` // IssuerKind specifies the kind of Issuer IssuerKind string `json:"issuerKind"` // IssuerGroup specifies the group the Issuer belongs to IssuerGroup string `json:"issuerGroup"` }
CertManagerProviderSpec defines the configuration of the cert-manager provider
func (*CertManagerProviderSpec) DeepCopy ¶
func (in *CertManagerProviderSpec) DeepCopy() *CertManagerProviderSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertManagerProviderSpec.
func (*CertManagerProviderSpec) DeepCopyInto ¶
func (in *CertManagerProviderSpec) DeepCopyInto(out *CertManagerProviderSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CertificateSpec ¶
type CertificateSpec struct { // ServiceCertValidityDuration defines the service certificate validity duration. ServiceCertValidityDuration string `json:"serviceCertValidityDuration,omitempty"` // CertKeyBitSize defines the certicate key bit size. CertKeyBitSize int `json:"certKeyBitSize,omitempty"` // IngressGateway defines the certificate specification for an ingress gateway. // +optional IngressGateway *IngressGatewayCertSpec `json:"ingressGateway,omitempty"` }
CertificateSpec is the type to reperesent FSM's certificate management configuration.
func (*CertificateSpec) DeepCopy ¶
func (in *CertificateSpec) DeepCopy() *CertificateSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateSpec.
func (*CertificateSpec) DeepCopyInto ¶
func (in *CertificateSpec) DeepCopyInto(out *CertificateSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CloudServiceAccessNames ¶ added in v1.3.8
type CloudServiceAccessNames struct { // +kubebuilder:default=true // +optional WithNamespace bool `json:"withNamespace,omitempty"` }
func (*CloudServiceAccessNames) DeepCopy ¶ added in v1.3.8
func (in *CloudServiceAccessNames) DeepCopy() *CloudServiceAccessNames
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudServiceAccessNames.
func (*CloudServiceAccessNames) DeepCopyInto ¶ added in v1.3.8
func (in *CloudServiceAccessNames) DeepCopyInto(out *CloudServiceAccessNames)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ClusterPropertySpec ¶
type ClusterPropertySpec struct { // Name defines the name of cluster property. Name string `json:"name"` // Value defines the name of cluster property. Value string `json:"value"` }
ClusterPropertySpec is the type to represent cluster property.
func (*ClusterPropertySpec) DeepCopy ¶
func (in *ClusterPropertySpec) DeepCopy() *ClusterPropertySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPropertySpec.
func (*ClusterPropertySpec) DeepCopyInto ¶
func (in *ClusterPropertySpec) DeepCopyInto(out *ClusterPropertySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ClusterSetSpec ¶
type ClusterSetSpec struct { // +kubebuilder:default=false // IsManaged defines if the cluster is managed. IsManaged bool `json:"isManaged"` // UID defines Unique ID of cluster. UID string `json:"uid"` // +kubebuilder:default=default // +optional // Region defines Region of cluster. Region string `json:"region"` // +kubebuilder:default=default // +optional // Zone defines Zone of cluster. Zone string `json:"zone"` // +kubebuilder:default=default // +optional // Group defines Group of cluster. Group string `json:"group"` // Name defines Name of cluster. Name string `json:"name"` // ControlPlaneUID defines the unique ID of the control plane cluster, // in case it's managed ControlPlaneUID string `json:"controlPlaneUID"` // Properties defines properties for cluster. Properties []ClusterPropertySpec `json:"properties"` }
ClusterSetSpec is the type to represent cluster set.
func (*ClusterSetSpec) DeepCopy ¶
func (in *ClusterSetSpec) DeepCopy() *ClusterSetSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSetSpec.
func (*ClusterSetSpec) DeepCopyInto ¶
func (in *ClusterSetSpec) DeepCopyInto(out *ClusterSetSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ConnectorGatewaySpec ¶ added in v1.2.1
type ConnectorGatewaySpec struct { ClusterIP string `json:"clusterIP"` ExternalIP string `json:"externalIP"` IngressAddr string `json:"ingressAddr"` IngressHTTPPort uint `json:"ingressHTTPPort"` IngressGRPCPort uint `json:"ingressGRPCPort"` EgressAddr string `json:"egressAddr"` EgressHTTPPort uint `json:"egressHTTPPort"` EgressGRPCPort uint `json:"egressGRPCPort"` }
ConnectorGatewaySpec is the type to represent connector gateway configs.
func (*ConnectorGatewaySpec) DeepCopy ¶ added in v1.2.1
func (in *ConnectorGatewaySpec) DeepCopy() *ConnectorGatewaySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConnectorGatewaySpec.
func (*ConnectorGatewaySpec) DeepCopyInto ¶ added in v1.2.1
func (in *ConnectorGatewaySpec) DeepCopyInto(out *ConnectorGatewaySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ConnectorSpec ¶ added in v1.2.1
type ConnectorSpec struct { // +kubebuilder:default=FailOver // +kubebuilder:validation:Enum=ActiveActive;FailOver // Type of global load distribution LbType LoadBalancerType `json:"lbType,omitempty"` // +kubebuilder:default="viaGateway Managed by fsm-connector-gateway." Notice string `json:"DO_NOT_EDIT_viaGateway"` // ViaGateway defines gateway settings ViaGateway ConnectorGatewaySpec `json:"viaGateway"` }
ConnectorSpec is the type to represent connector configs.
func (*ConnectorSpec) DeepCopy ¶ added in v1.2.1
func (in *ConnectorSpec) DeepCopy() *ConnectorSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConnectorSpec.
func (*ConnectorSpec) DeepCopyInto ¶ added in v1.2.1
func (in *ConnectorSpec) DeepCopyInto(out *ConnectorSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EgressGatewaySpec ¶ added in v1.1.1
type EgressGatewaySpec struct { // +kubebuilder:default=false // Enabled defines if flb is enabled. Enabled bool `json:"enabled"` // +kubebuilder:default=info // +kubebuilder:validation:Enum=trace;debug;info;warn;error;fatal;panic;disabled // LogLevel defines the log level of gateway api. LogLevel string `json:"logLevel"` // +kubebuilder:default=http2tunnel // +kubebuilder:validation:Enum=http2tunnel;sock5 // Mode defines the mode of egress gateway. Mode string `json:"mode"` // +kubebuilder:default=1080 // +kubebuilder:validation:Minimum=1 // +kubebuilder:validation:Maximum=65535 // Port defines the port of egress gateway. Port *int32 `json:"port,omitempty"` // +kubebuilder:default=6060 // +kubebuilder:validation:Minimum=1 // +kubebuilder:validation:Maximum=65535 // AdminPort defines the admin port of egress gateway. AdminPort *int32 `json:"adminPort,omitempty"` // +kubebuilder:default=1 // Replicas defines the replicas of egress gateway. Replicas *int32 `json:"replicas,omitempty"` }
EgressGatewaySpec is the type to represent egress gateway.
func (*EgressGatewaySpec) DeepCopy ¶ added in v1.1.1
func (in *EgressGatewaySpec) DeepCopy() *EgressGatewaySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressGatewaySpec.
func (*EgressGatewaySpec) DeepCopyInto ¶ added in v1.1.1
func (in *EgressGatewaySpec) DeepCopyInto(out *EgressGatewaySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExternalAuthzSpec ¶
type ExternalAuthzSpec struct { // Enable defines a boolean indicating if the external authorization policy is to be enabled. Enable bool `json:"enable"` // Address defines the remote address of the external authorization endpoint. Address string `json:"address,omitempty"` // Port defines the destination port of the remote external authorization endpoint. Port uint16 `json:"port,omitempty"` // StatPrefix defines a prefix for the stats sink for this external authorization policy. StatPrefix string `json:"statPrefix,omitempty"` // Timeout defines the timeout in which a response from the external authorization endpoint. // is expected to execute. Timeout string `json:"timeout,omitempty"` // FailureModeAllow defines a boolean indicating if traffic should be allowed on a failure to get a // response against the external authorization endpoint. FailureModeAllow bool `json:"failureModeAllow"` }
ExternalAuthzSpec is a type to represent external authorization configuration.
func (*ExternalAuthzSpec) DeepCopy ¶
func (in *ExternalAuthzSpec) DeepCopy() *ExternalAuthzSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalAuthzSpec.
func (*ExternalAuthzSpec) DeepCopyInto ¶
func (in *ExternalAuthzSpec) DeepCopyInto(out *ExternalAuthzSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FLBSpec ¶
type FLBSpec struct { // +kubebuilder:default=false // Enabled defines if flb is enabled. Enabled bool `json:"enabled"` // +kubebuilder:default=false // StrictMode defines if flb is in strict mode. StrictMode bool `json:"strictMode"` // +kubebuilder:default=Endpoint // +kubebuilder:validation:Enum=NodePort;Endpoint // UpstreamMode defines the upstream mode of flb. UpstreamMode FLBUpstreamMode `json:"upstreamMode"` // +kubebuilder:default=fsm-flb-secret // SecretName defines the secret name of flb. SecretName string `json:"secretName"` }
FLBSpec is the type to represent flb.
func (*FLBSpec) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FLBSpec.
func (*FLBSpec) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FLBUpstreamMode ¶ added in v1.2.0
type FLBUpstreamMode string
const ( FLBUpstreamModeNodePort FLBUpstreamMode = "NodePort" FLBUpstreamModeEndpoint FLBUpstreamMode = "Endpoint" )
type FeatureFlags ¶
type FeatureFlags struct { // EnableEgressPolicy defines if FSM's Egress policy is enabled. EnableEgressPolicy bool `json:"enableEgressPolicy"` // EnableSnapshotCacheMode defines if XDS server starts with snapshot cache. EnableSnapshotCacheMode bool `json:"enableSnapshotCacheMode"` //EnableAsyncProxyServiceMapping defines if FSM will map proxies to services asynchronously. EnableAsyncProxyServiceMapping bool `json:"enableAsyncProxyServiceMapping"` // EnableIngressBackendPolicy defines if FSM will use the IngressBackend API to allow ingress traffic to // service mesh backends. EnableIngressBackendPolicy bool `json:"enableIngressBackendPolicy"` // EnableAccessControlPolicy defines if FSM will use the AccessControl API to allow access control traffic to // service mesh backends. EnableAccessControlPolicy bool `json:"enableAccessControlPolicy"` // EnableAccessCertPolicy defines if FSM can issue certificates for external services.. EnableAccessCertPolicy bool `json:"enableAccessCertPolicy"` // EnableSidecarPrettyConfig defines if pretty sidecar config is enabled. EnableSidecarPrettyConfig bool `json:"enableSidecarPrettyConfig"` // EnableSidecarActiveHealthChecks defines if FSM will Sidecar active health // checks between services allowed to communicate. EnableSidecarActiveHealthChecks bool `json:"enableSidecarActiveHealthChecks"` // EnableRetryPolicy defines if retry policy is enabled. EnableRetryPolicy bool `json:"enableRetryPolicy"` // EnablePluginPolicy defines if plugin policy is enabled. EnablePluginPolicy bool `json:"enablePluginPolicy"` // EnableAutoDefaultRoute defines if auto default route is enabled. EnableAutoDefaultRoute bool `json:"enableAutoDefaultRoute"` // EnableValidateGatewayListenerHostname defines if validate gateway listener hostname is enabled. EnableValidateGatewayListenerHostname bool `json:"enableValidateGatewayListenerHostname"` // EnableValidateHTTPRouteHostnames defines if validate http route hostnames is enabled. EnableValidateHTTPRouteHostnames bool `json:"enableValidateHTTPRouteHostnames"` // EnableValidateGRPCRouteHostnames defines if validate grpc route hostnames is enabled. EnableValidateGRPCRouteHostnames bool `json:"enableValidateGRPCRouteHostnames"` // EnableValidateTCPRouteHostnames defines if validate tcp route hostnames is enabled. EnableValidateTLSRouteHostnames bool `json:"enableValidateTLSRouteHostnames"` // EnableGatewayAgentService defines if agent service is enabled. EnableGatewayAgentService bool `json:"enableGatewayAgentService"` // EnableGatewayProxyTag defines if gateway proxy-tag header is enabled. EnableGatewayProxyTag bool `json:"enableGatewayProxyTag"` // UseEndpointSlicesForGateway defines if endpoint slices are enabled for calculating gateway routes. UseEndpointSlicesForGateway bool `json:"useEndpointSlicesForGateway"` }
FeatureFlags is a type to represent FSM's feature flags.
func (*FeatureFlags) DeepCopy ¶
func (in *FeatureFlags) DeepCopy() *FeatureFlags
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FeatureFlags.
func (*FeatureFlags) DeepCopyInto ¶
func (in *FeatureFlags) DeepCopyInto(out *FeatureFlags)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GatewayAPISpec ¶
type GatewayAPISpec struct { // +kubebuilder:default=false // Enabled defines if gateway api is enabled. Enabled bool `json:"enabled"` // +kubebuilder:default=info // +kubebuilder:validation:Enum=trace;debug;info;warn;error;fatal;panic;disabled // LogLevel defines the log level of gateway api. LogLevel string `json:"logLevel"` // +kubebuilder:default=info // +kubebuilder:validation:Enum=trace;debug;info;warn;error;fatal;panic;disabled // FGWLogLevel defines the log level of FGW. FGWLogLevel string `json:"fgwLogLevel"` // +kubebuilder:default=false // StripAnyHostPort defines if strip any host port is enabled. StripAnyHostPort bool `json:"stripAnyHostPort"` // +kubebuilder:default=true // ProxyPreserveHost defines if proxy preserve host is enabled. ProxyPreserveHost bool `json:"proxyPreserveHost"` // +kubebuilder:default=443 // SSLPassthroughUpstreamPort defines the default upstream port of SSL passthrough. SSLPassthroughUpstreamPort int32 `json:"sslPassthroughUpstreamPort"` // +kubebuilder:default=false // HTTP1PerRequestLoadBalancing defines if load balancing based on per-request is enabled for http1. HTTP1PerRequestLoadBalancing bool `json:"http1PerRequestLoadBalancing"` // +kubebuilder:default=false // HTTP2PerRequestLoadBalancing defines if load balancing based on per-request is enabled for http2. HTTP2PerRequestLoadBalancing bool `json:"http2PerRequestLoadBalancing"` // +kubebuilder:default={srcHostHeader: "orig-host", dstHostHeader: "proxy-tag"} // ProxyTag defines the proxy tag configuration of gateway api. ProxyTag ProxyTag `json:"proxyTag"` }
GatewayAPISpec is the type to represent gateway api.
func (*GatewayAPISpec) DeepCopy ¶
func (in *GatewayAPISpec) DeepCopy() *GatewayAPISpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayAPISpec.
func (*GatewayAPISpec) DeepCopyInto ¶
func (in *GatewayAPISpec) DeepCopyInto(out *GatewayAPISpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type HTTP ¶
type HTTP struct { // +kubebuilder:default=true // Enabled defines if http is enabled. Enabled bool `json:"enabled"` // +kubebuilder:default=80 // +kubebuilder:validation:Minimum=1 // +kubebuilder:validation:Maximum=65535 // Bind defines the bind port of http. Bind int32 `json:"bind"` // +kubebuilder:default=8000 // +kubebuilder:validation:Minimum=1 // +kubebuilder:validation:Maximum=65535 // Listen defines the listen port of http. Listen int32 `json:"listen"` // +kubebuilder:default=30508 // +kubebuilder:validation:Minimum=1 // +kubebuilder:validation:Maximum=65535 // NodePort defines the node port of http. NodePort int32 `json:"nodePort"` }
HTTP is the type to represent http.
func (*HTTP) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTP.
func (*HTTP) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ImageSpec ¶
type ImageSpec struct { // +kubebuilder:default=flomesh // Registry defines the registry of docker image. Registry string `json:"registry"` // +kubebuilder:default=latest // Tag defines the tag of docker image. Tag string `json:"tag"` // +kubebuilder:default=IfNotPresent // PullPolicy defines the pull policy of docker image. PullPolicy corev1.PullPolicy `json:"pullPolicy"` }
ImageSpec is the type to represent image.
func (*ImageSpec) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageSpec.
func (*ImageSpec) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IngressGatewayCertSpec ¶
type IngressGatewayCertSpec struct { // SubjectAltNames defines the Subject Alternative Names (domain names and IP addresses) secured by the certificate. SubjectAltNames []string `json:"subjectAltNames"` // ValidityDuration defines the validity duration of the certificate. ValidityDuration string `json:"validityDuration"` // Secret defines the secret in which the certificate is stored. Secret corev1.SecretReference `json:"secret"` }
IngressGatewayCertSpec is the type to represent the certificate specification for an ingress gateway.
func (*IngressGatewayCertSpec) DeepCopy ¶
func (in *IngressGatewayCertSpec) DeepCopy() *IngressGatewayCertSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressGatewayCertSpec.
func (*IngressGatewayCertSpec) DeepCopyInto ¶
func (in *IngressGatewayCertSpec) DeepCopyInto(out *IngressGatewayCertSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IngressSpec ¶
type IngressSpec struct { // +kubebuilder:default=true // Enabled defines if ingress is enabled. Enabled bool `json:"enabled"` // +kubebuilder:default=false // Namespaced defines if ingress is namespaced. Namespaced bool `json:"namespaced"` // +kubebuilder:default=LoadBalancer // +kubebuilder:validation:Enum=LoadBalancer;NodePort // Type defines the type of ingress service. Type corev1.ServiceType `json:"type"` // +kubebuilder:default=info // +kubebuilder:validation:Enum=trace;debug;info;warn;error;fatal;panic;disabled // LogLevel defines the log level of ingress. LogLevel string `json:"logLevel"` // +kubebuilder:default={enabled: true, bind: 80, listen: 8000, nodePort: 30508} // +optional // HTTP defines the http configuration of ingress. HTTP *HTTP `json:"http"` // +kubebuilder:default={enabled: true, bind: 443, listen: 8443, nodePort: 30607, mTLS: false} // +optional // TLS defines the tls configuration of ingress. TLS *TLS `json:"tls"` }
IngressSpec is the type to represent ingress.
func (*IngressSpec) DeepCopy ¶
func (in *IngressSpec) DeepCopy() *IngressSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressSpec.
func (*IngressSpec) DeepCopyInto ¶
func (in *IngressSpec) DeepCopyInto(out *IngressSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type LoadBalancerType ¶ added in v1.3.8
type LoadBalancerType string
LoadBalancerType defines the type of load balancer
const ( // ActiveActiveLbType is the type of load balancer that distributes traffic to all targets ActiveActiveLbType LoadBalancerType = "ActiveActive" // FailOverLbType is the type of load balancer that distributes traffic to the first available target FailOverLbType LoadBalancerType = "FailOver" )
type LocalDNSProxy ¶
type LocalDNSProxy struct { // Enable defines a boolean indicating if the sidecars are enabled for local DNS Proxy. Enable bool `json:"enable"` // PrimaryUpstreamDNSServerIPAddr defines a primary upstream DNS server for local DNS Proxy. // +optional PrimaryUpstreamDNSServerIPAddr string `json:"primaryUpstreamDNSServerIPAddr,omitempty"` // SecondaryUpstreamDNSServerIPAddr defines a secondary upstream DNS server for local DNS Proxy. // +optional SecondaryUpstreamDNSServerIPAddr string `json:"secondaryUpstreamDNSServerIPAddr,omitempty"` // +kubebuilder:default=false // +optional GenerateIPv6BasedOnIPv4 bool `json:"generateIPv6BasedOnIPv4,omitempty"` // Wildcard defines Wildcard DN. Wildcard WildcardDN `json:"wildcard"` // DB defines Resolve DB. DB []ResolveDN `json:"db,omitempty"` }
LocalDNSProxy is the type to represent FSM's local DNS proxy configuration.
func (*LocalDNSProxy) DeepCopy ¶
func (in *LocalDNSProxy) DeepCopy() *LocalDNSProxy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalDNSProxy.
func (*LocalDNSProxy) DeepCopyInto ¶
func (in *LocalDNSProxy) DeepCopyInto(out *LocalDNSProxy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type LocalProxyMode ¶
type LocalProxyMode string
LocalProxyMode is a type alias representing the way the sidecar proxies to the main application +kubebuilder:validation:Enum=Localhost;PodIP
const ( // LocalProxyModeLocalhost indicates the the sidecar should communicate with the main application over localhost LocalProxyModeLocalhost LocalProxyMode = "Localhost" // LocalProxyModePodIP indicates that the sidecar should communicate with the main application via the pod ip LocalProxyModePodIP LocalProxyMode = "PodIP" )
type MeshConfig ¶
type MeshConfig struct { // Object's type metadata. metav1.TypeMeta `json:",inline" yaml:",inline"` // Object's metadata. // +optional metav1.ObjectMeta `json:"metadata,omitempty" yaml:"metadata,omitempty"` // Spec is the MeshConfig specification. // +optional Spec MeshConfigSpec `json:"spec,omitempty" yaml:"spec,omitempty"` }
MeshConfig is the type used to represent the mesh configuration. +genclient +genclient:noStatus +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +kubebuilder:storageversion +kubebuilder:metadata:labels=app.kubernetes.io/name=flomesh.io +kubebuilder:resource:shortName=meshconfig,scope=Namespaced
func (*MeshConfig) DeepCopy ¶
func (in *MeshConfig) DeepCopy() *MeshConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MeshConfig.
func (*MeshConfig) DeepCopyInto ¶
func (in *MeshConfig) DeepCopyInto(out *MeshConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*MeshConfig) DeepCopyObject ¶
func (in *MeshConfig) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type MeshConfigList ¶
type MeshConfigList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []MeshConfig `json:"items"` }
MeshConfigList lists the MeshConfig objects. +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
func (*MeshConfigList) DeepCopy ¶
func (in *MeshConfigList) DeepCopy() *MeshConfigList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MeshConfigList.
func (*MeshConfigList) DeepCopyInto ¶
func (in *MeshConfigList) DeepCopyInto(out *MeshConfigList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*MeshConfigList) DeepCopyObject ¶
func (in *MeshConfigList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type MeshConfigSpec ¶
type MeshConfigSpec struct { // ClusterSetSpec defines the configurations of cluster. ClusterSet ClusterSetSpec `json:"clusterSet,omitempty"` // Sidecar defines the configurations of the proxy sidecar in a mesh. Sidecar SidecarSpec `json:"sidecar,omitempty"` // RepoServer defines the configurations of pipy repo server. RepoServer RepoServerSpec `json:"repoServer,omitempty"` // Traffic defines the traffic management configurations for a mesh instance. Traffic TrafficSpec `json:"traffic,omitempty"` // Observalility defines the observability configurations for a mesh instance. Observability ObservabilitySpec `json:"observability,omitempty"` // Certificate defines the certificate management configurations for a mesh instance. Certificate CertificateSpec `json:"certificate,omitempty"` // FeatureFlags defines the feature flags for a mesh instance. FeatureFlags FeatureFlags `json:"featureFlags,omitempty"` // PluginChains defines the default plugin chains. PluginChains PluginChainsSpec `json:"pluginChains,omitempty"` // Ingress defines the configurations of Ingress features. Ingress IngressSpec `json:"ingress,omitempty"` // GatewayAPI defines the configurations of GatewayAPI features. GatewayAPI GatewayAPISpec `json:"gatewayAPI,omitempty"` // ServiceLB defines the configurations of ServiceLBServiceLB features. ServiceLB ServiceLBSpec `json:"serviceLB,omitempty"` // FLB defines the configurations of FLB features. FLB FLBSpec `json:"flb,omitempty"` // EgressGateway defines the configurations of EgressGateway features. EgressGateway EgressGatewaySpec `json:"egressGateway,omitempty"` // Image defines the configurations of Image info Image ImageSpec `json:"image"` // Misc defines the configurations of misc info Misc MiscSpec `json:"misc"` // Connector defines the configurations of connector info Connector ConnectorSpec `json:"connector"` }
MeshConfigSpec is the spec for FSM's configuration.
func (*MeshConfigSpec) DeepCopy ¶
func (in *MeshConfigSpec) DeepCopy() *MeshConfigSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MeshConfigSpec.
func (*MeshConfigSpec) DeepCopyInto ¶
func (in *MeshConfigSpec) DeepCopyInto(out *MeshConfigSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type MeshRootCertificate ¶
type MeshRootCertificate struct { // Object's type metadata metav1.TypeMeta `json:",inline"` // Object's metadata // +optional metav1.ObjectMeta `json:"metadata,omitempty"` // Spec is the MeshRootCertificate config specification // +optional Spec MeshRootCertificateSpec `json:"spec,omitempty"` // Status of the MeshRootCertificate resource // +optional Status MeshRootCertificateStatus `json:"status,omitempty"` }
MeshRootCertificate defines the configuration for certificate issuing by the mesh control plane +genclient +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +kubebuilder:storageversion +kubebuilder:metadata:labels=app.kubernetes.io/name=flomesh.io +kubebuilder:resource:shortName=mrc,scope=Namespaced
func (*MeshRootCertificate) DeepCopy ¶
func (in *MeshRootCertificate) DeepCopy() *MeshRootCertificate
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MeshRootCertificate.
func (*MeshRootCertificate) DeepCopyInto ¶
func (in *MeshRootCertificate) DeepCopyInto(out *MeshRootCertificate)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*MeshRootCertificate) DeepCopyObject ¶
func (in *MeshRootCertificate) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type MeshRootCertificateList ¶
type MeshRootCertificateList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` Items []MeshRootCertificate `json:"items"` }
MeshRootCertificateList defines the list of MeshRootCertificate objects +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
func (*MeshRootCertificateList) DeepCopy ¶
func (in *MeshRootCertificateList) DeepCopy() *MeshRootCertificateList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MeshRootCertificateList.
func (*MeshRootCertificateList) DeepCopyInto ¶
func (in *MeshRootCertificateList) DeepCopyInto(out *MeshRootCertificateList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*MeshRootCertificateList) DeepCopyObject ¶
func (in *MeshRootCertificateList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type MeshRootCertificateSpec ¶
type MeshRootCertificateSpec struct { // Provider specifies the mesh certificate provider Provider ProviderSpec `json:"provider"` // TrustDomain is the trust domain to use as a suffix in Common Names for new certificates. TrustDomain string `json:"trustDomain"` }
MeshRootCertificateSpec defines the mesh root certificate specification
func (*MeshRootCertificateSpec) DeepCopy ¶
func (in *MeshRootCertificateSpec) DeepCopy() *MeshRootCertificateSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MeshRootCertificateSpec.
func (*MeshRootCertificateSpec) DeepCopyInto ¶
func (in *MeshRootCertificateSpec) DeepCopyInto(out *MeshRootCertificateSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type MeshRootCertificateStatus ¶
type MeshRootCertificateStatus struct { // State specifies the state of the certificate provider // All states are specified in constants.go State string `json:"state"` }
MeshRootCertificateStatus defines the status of the MeshRootCertificate resource
func (*MeshRootCertificateStatus) DeepCopy ¶
func (in *MeshRootCertificateStatus) DeepCopy() *MeshRootCertificateStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MeshRootCertificateStatus.
func (*MeshRootCertificateStatus) DeepCopyInto ¶
func (in *MeshRootCertificateStatus) DeepCopyInto(out *MeshRootCertificateStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type MiscSpec ¶ added in v1.1.1
type MiscSpec struct { // +kubebuilder:default="flomesh/pipy-repo:1.2.0" // RepoServerImage defines the image of repo server. RepoServerImage string `json:"repoServerImage"` }
MiscSpec is the type to represent misc configs.
func (*MiscSpec) DeepCopy ¶ added in v1.1.1
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MiscSpec.
func (*MiscSpec) DeepCopyInto ¶ added in v1.1.1
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ObservabilitySpec ¶
type ObservabilitySpec struct { // +kubebuilder:validation:Enum=trace;debug;info;warn;error;fatal;panic;disabled // FSMLogLevel defines the log level for FSM control plane logs. FSMLogLevel string `json:"fsmLogLevel,omitempty"` // EnableDebugServer defines if the debug endpoint on the FSM controller pod is enabled. EnableDebugServer bool `json:"enableDebugServer"` // Tracing defines FSM's tracing configuration. Tracing TracingSpec `json:"tracing,omitempty"` // RemoteLogging defines FSM's remote logging configuration. RemoteLogging RemoteLoggingSpec `json:"remoteLogging,omitempty"` }
ObservabilitySpec is the type to represent FSM's observability configurations.
func (*ObservabilitySpec) DeepCopy ¶
func (in *ObservabilitySpec) DeepCopy() *ObservabilitySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObservabilitySpec.
func (*ObservabilitySpec) DeepCopyInto ¶
func (in *ObservabilitySpec) DeepCopyInto(out *ObservabilitySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PluginChainSpec ¶
type PluginChainSpec struct { // Plugin defines the name of plugin Plugin string `json:"plugin"` // Priority defines the priority of plugin Priority float32 `json:"priority"` // Disable defines the visibility of plugin Disable bool `json:"disable"` }
PluginChainSpec is the type to represent plugin chain.
func (*PluginChainSpec) DeepCopy ¶
func (in *PluginChainSpec) DeepCopy() *PluginChainSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PluginChainSpec.
func (*PluginChainSpec) DeepCopyInto ¶
func (in *PluginChainSpec) DeepCopyInto(out *PluginChainSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PluginChainsSpec ¶
type PluginChainsSpec struct { // InboundTCPChains defines inbound tcp chains InboundTCPChains []*PluginChainSpec `json:"inbound-tcp"` // InboundHTTPChains defines inbound http chains InboundHTTPChains []*PluginChainSpec `json:"inbound-http"` // OutboundTCPChains defines outbound tcp chains OutboundTCPChains []*PluginChainSpec `json:"outbound-tcp"` // OutboundHTTPChains defines outbound http chains OutboundHTTPChains []*PluginChainSpec `json:"outbound-http"` }
PluginChainsSpec is the type to represent plugin chains.
func (*PluginChainsSpec) DeepCopy ¶
func (in *PluginChainsSpec) DeepCopy() *PluginChainsSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PluginChainsSpec.
func (*PluginChainsSpec) DeepCopyInto ¶
func (in *PluginChainsSpec) DeepCopyInto(out *PluginChainsSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ProviderSpec ¶
type ProviderSpec struct { // CertManager specifies the cert-manager provider configuration // +optional CertManager *CertManagerProviderSpec `json:"certManager,omitempty"` // Vault specifies the vault provider configuration // +optional Vault *VaultProviderSpec `json:"vault,omitempty"` // Tresor specifies the Tresor provider configuration // +optional Tresor *TresorProviderSpec `json:"tresor,omitempty"` }
ProviderSpec defines the certificate provider used by the mesh control plane
func (*ProviderSpec) DeepCopy ¶
func (in *ProviderSpec) DeepCopy() *ProviderSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProviderSpec.
func (*ProviderSpec) DeepCopyInto ¶
func (in *ProviderSpec) DeepCopyInto(out *ProviderSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ProxyTag ¶ added in v1.2.0
type ProxyTag struct { // +kubebuilder:default="orig-host" // SrcHostHeader defines the src host header. SrcHostHeader string `json:"srcHostHeader"` // +kubebuilder:default="proxy-tag" // DstHostHeader defines the dst host header. DstHostHeader string `json:"dstHostHeader"` }
func (*ProxyTag) DeepCopy ¶ added in v1.2.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyTag.
func (*ProxyTag) DeepCopyInto ¶ added in v1.2.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RemoteLoggingSpec ¶
type RemoteLoggingSpec struct { // Enable defines a boolean indicating if the sidecars are enabled for remote logging. Enable bool `json:"enable"` // Level defines the remote logging's level. Level uint16 `json:"level,omitempty"` // Port defines the remote logging's port. Port int16 `json:"port,omitempty"` // Address defines the remote logging's hostname. Address string `json:"address,omitempty"` // Endpoint defines the API endpoint for remote logging requests sent to the collector. Endpoint string `json:"endpoint,omitempty"` // Authorization defines the access entity that allows to authorize someone in remote logging service. Authorization string `json:"authorization,omitempty"` // SampledFraction defines the sampled fraction. SampledFraction *string `json:"sampledFraction,omitempty"` // SecretName defines the name of the secret that contains the configuration for remote logging. SecretName string `json:"secretName,omitempty"` }
RemoteLoggingSpec is the type to represent FSM's remote logging configuration.
func (*RemoteLoggingSpec) DeepCopy ¶
func (in *RemoteLoggingSpec) DeepCopy() *RemoteLoggingSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RemoteLoggingSpec.
func (*RemoteLoggingSpec) DeepCopyInto ¶
func (in *RemoteLoggingSpec) DeepCopyInto(out *RemoteLoggingSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RepoServerSpec ¶
type RepoServerSpec struct { // IPAddr of the pipy repo server IPAddr string `json:"ipaddr"` // Port defines the pipy repo server's port. Port int16 `json:"port,omitempty"` // Codebase is the folder used by fsmController Codebase string `json:"codebase"` }
RepoServerSpec is the type to represent repo server.
func (*RepoServerSpec) DeepCopy ¶
func (in *RepoServerSpec) DeepCopy() *RepoServerSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RepoServerSpec.
func (*RepoServerSpec) DeepCopyInto ¶
func (in *RepoServerSpec) DeepCopyInto(out *RepoServerSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ResolveAddr ¶ added in v1.3.9
type ResolveAddr struct { // IPv4 defines a ipv4 address for resolve DN. IPv4 string `json:"ipv4"` // IPv6 defines a ipv6 address for resolve DN. IPv6 string `json:"ipv6,omitempty"` }
ResolveAddr is the type to represent FSM's Resolve Addr configuration.
func (*ResolveAddr) DeepCopy ¶ added in v1.3.9
func (in *ResolveAddr) DeepCopy() *ResolveAddr
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResolveAddr.
func (*ResolveAddr) DeepCopyInto ¶ added in v1.3.9
func (in *ResolveAddr) DeepCopyInto(out *ResolveAddr)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ResolveDN ¶ added in v1.2.0
type ResolveDN struct { // DN defines resolve DN. DN string `json:"dn"` // IPs defines ip addresses for resolve DN. IPs []*ResolveAddr `json:"ips"` }
ResolveDN is the type to represent FSM's Resolve DN configuration.
func (*ResolveDN) DeepCopy ¶ added in v1.2.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResolveDN.
func (*ResolveDN) DeepCopyInto ¶ added in v1.2.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SSLPassthrough ¶
type SSLPassthrough struct { // +kubebuilder:default=false // Enabled defines if ssl passthrough is enabled. Enabled bool `json:"enabled"` // +kubebuilder:default=443 // +kubebuilder:validation:Minimum=1 // +kubebuilder:validation:Maximum=65535 // UpstreamPort defines the upstream port of ssl passthrough. UpstreamPort int32 `json:"upstreamPort"` }
SSLPassthrough is the type to represent ssl passthrough.
func (*SSLPassthrough) DeepCopy ¶
func (in *SSLPassthrough) DeepCopy() *SSLPassthrough
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SSLPassthrough.
func (*SSLPassthrough) DeepCopyInto ¶
func (in *SSLPassthrough) DeepCopyInto(out *SSLPassthrough)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SecretKeyReferenceSpec ¶
type SecretKeyReferenceSpec struct { // Name specifies the name of the secret in which the Vault token is stored Name string `json:"name"` // Key specifies the key whose value is the Vault token Key string `json:"key"` // Namespace specifies the namespace of the secret in which the Vault token is stored Namespace string `json:"namespace"` }
SecretKeyReferenceSpec defines the configuration of the secret reference
func (*SecretKeyReferenceSpec) DeepCopy ¶
func (in *SecretKeyReferenceSpec) DeepCopy() *SecretKeyReferenceSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretKeyReferenceSpec.
func (*SecretKeyReferenceSpec) DeepCopyInto ¶
func (in *SecretKeyReferenceSpec) DeepCopyInto(out *SecretKeyReferenceSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ServiceAccessMode ¶ added in v1.3.8
type ServiceAccessMode string
ServiceAccessMode is a type alias representing the mode service accessed. +kubebuilder:validation:Enum=ip;domain;mixed
const ( //ServiceAccessModeIP defines the ip service access mode ServiceAccessModeIP ServiceAccessMode = "ip" //ServiceAccessModeDomain defines the domain service access mode ServiceAccessModeDomain ServiceAccessMode = "domain" //ServiceAccessModeMixed defines the mixed service access mode ServiceAccessModeMixed ServiceAccessMode = "mixed" )
type ServiceAccessNames ¶ added in v1.3.8
type ServiceAccessNames struct { // +kubebuilder:default=false // +optional MustWithServicePort bool `json:"mustWithServicePort,omitempty"` // +kubebuilder:default=true // +optional WithTrustDomain bool `json:"withTrustDomain,omitempty"` // +kubebuilder:default={withNamespace: true} // +optional CloudServiceAccessNames *CloudServiceAccessNames `json:"cloud,omitempty"` }
func (*ServiceAccessNames) DeepCopy ¶ added in v1.3.8
func (in *ServiceAccessNames) DeepCopy() *ServiceAccessNames
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccessNames.
func (*ServiceAccessNames) DeepCopyInto ¶ added in v1.3.8
func (in *ServiceAccessNames) DeepCopyInto(out *ServiceAccessNames)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ServiceLBSpec ¶
type ServiceLBSpec struct { // +kubebuilder:default=false // Enabled defines if service lb is enabled. Enabled bool `json:"enabled"` // +kubebuilder:default="flomesh/mirrored-klipper-lb:v0.4.7" // Image defines the service lb image. Image string `json:"image"` }
ServiceLBSpec is the type to represent service lb.
func (*ServiceLBSpec) DeepCopy ¶
func (in *ServiceLBSpec) DeepCopy() *ServiceLBSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceLBSpec.
func (*ServiceLBSpec) DeepCopyInto ¶
func (in *ServiceLBSpec) DeepCopyInto(out *ServiceLBSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SidecarSpec ¶
type SidecarSpec struct { // EnablePrivilegedInitContainer defines a boolean indicating whether the init container for a meshed pod should run as privileged. EnablePrivilegedInitContainer bool `json:"enablePrivilegedInitContainer"` // LogLevel defines the logging level for the sidecar's logs. Non developers should generally never set this value. In production environments the LogLevel should be set to error. LogLevel string `json:"logLevel,omitempty"` // SidecarImage defines the container image used for the proxy sidecar. SidecarImage string `json:"sidecarImage,omitempty"` // SidecarDisabledMTLS defines whether mTLS is disabled. SidecarDisabledMTLS bool `json:"sidecarDisabledMTLS"` // MaxDataPlaneConnections defines the maximum allowed data plane connections from a proxy sidecar to the FSM controller. MaxDataPlaneConnections int `json:"maxDataPlaneConnections,omitempty"` // ConfigResyncInterval defines the resync interval for regular proxy broadcast updates. ConfigResyncInterval string `json:"configResyncInterval,omitempty"` // SidecarTimeout defines the connect/idle/read/write timeout. SidecarTimeout int `json:"sidecarTimeout,omitempty"` // Resources defines the compute resources for the sidecar. Resources corev1.ResourceRequirements `json:"resources,omitempty"` // InitResources defines the compute resources for init container. InitResources corev1.ResourceRequirements `json:"initResources,omitempty"` // HealthcheckResources defines the compute resources for init container. HealthcheckResources corev1.ResourceRequirements `json:"healthcheckResources,omitempty"` // TLSMinProtocolVersion defines the minimum TLS protocol version that the sidecar supports. Valid TLS protocol versions are TLS_AUTO, TLSv1_0, TLSv1_1, TLSv1_2 and TLSv1_3. TLSMinProtocolVersion string `json:"tlsMinProtocolVersion,omitempty"` // TLSMaxProtocolVersion defines the maximum TLS protocol version that the sidecar supports. Valid TLS protocol versions are TLS_AUTO, TLSv1_0, TLSv1_1, TLSv1_2 and TLSv1_3. TLSMaxProtocolVersion string `json:"tlsMaxProtocolVersion,omitempty"` // CipherSuites defines a list of ciphers that listener supports when negotiating TLS 1.0-1.2. This setting has no effect when negotiating TLS 1.3. For valid cipher names, see the latest OpenSSL ciphers manual page. E.g. https://www.openssl.org/docs/man1.1.1/apps/ciphers.html. CipherSuites []string `json:"cipherSuites,omitempty"` // ECDHCurves defines a list of ECDH curves that TLS connection supports. If not specified, the curves are [X25519, P-256] for non-FIPS build and P-256 for builds using BoringSSL FIPS. ECDHCurves []string `json:"ecdhCurves,omitempty"` // LocalProxyMode defines the network interface the proxy will use to send traffic to the backend service application. Acceptable values are [`Localhost`, `PodIP`]. The default is `Localhost` LocalProxyMode LocalProxyMode `json:"localProxyMode,omitempty"` // LocalDNSProxy improves the performance of your computer by caching the responses coming from your DNS servers LocalDNSProxy LocalDNSProxy `json:"localDNSProxy,omitempty"` }
SidecarSpec is the type used to represent the specifications for the proxy sidecar.
func (*SidecarSpec) DeepCopy ¶
func (in *SidecarSpec) DeepCopy() *SidecarSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SidecarSpec.
func (*SidecarSpec) DeepCopyInto ¶
func (in *SidecarSpec) DeepCopyInto(out *SidecarSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TLS ¶
type TLS struct { // +kubebuilder:default=false // Enabled defines if tls is enabled. Enabled bool `json:"enabled"` // +kubebuilder:default=443 // +kubebuilder:validation:Minimum=1 // +kubebuilder:validation:Maximum=65535 // Bind defines the bind port of tls. Bind int32 `json:"bind" validate:"gte=1,lte=65535"` // +kubebuilder:default=8443 // +kubebuilder:validation:Minimum=1 // +kubebuilder:validation:Maximum=65535 // Listen defines the listen port of tls. Listen int32 `json:"listen" validate:"gte=1,lte=65535"` // +kubebuilder:default=30607 // +kubebuilder:validation:Minimum=1 // +kubebuilder:validation:Maximum=65535 // NodePort defines the node port of tls. NodePort int32 `json:"nodePort" validate:"gte=0,lte=65535"` // +kubebuilder:default=false // MTLS defines if mTLS is enabled. MTLS bool `json:"mTLS"` // +kubebuilder:default={enabled: false, upstreamPort: 443} // +optional // SSLPassthrough defines the ssl passthrough configuration of tls. SSLPassthrough *SSLPassthrough `json:"sslPassthrough"` }
TLS is the type to represent tls.
func (*TLS) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLS.
func (*TLS) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TracingSpec ¶
type TracingSpec struct { // Enable defines a boolean indicating if the sidecars are enabled for tracing. Enable bool `json:"enable"` // Port defines the tracing collector's port. Port int16 `json:"port,omitempty"` // Address defines the tracing collectio's hostname. Address string `json:"address,omitempty"` // Endpoint defines the API endpoint for tracing requests sent to the collector. Endpoint string `json:"endpoint,omitempty"` // SampledFraction defines the sampled fraction. SampledFraction *string `json:"sampledFraction,omitempty"` }
TracingSpec is the type to represent FSM's tracing configuration.
func (*TracingSpec) DeepCopy ¶
func (in *TracingSpec) DeepCopy() *TracingSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TracingSpec.
func (*TracingSpec) DeepCopyInto ¶
func (in *TracingSpec) DeepCopyInto(out *TracingSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TrafficSpec ¶
type TrafficSpec struct { // InterceptionMode defines a string indicating which traffic interception mode is used. InterceptionMode string `json:"interceptionMode"` // EnableEgress defines a boolean indicating if mesh-wide Egress is enabled. EnableEgress bool `json:"enableEgress"` // OutboundIPRangeExclusionList defines a global list of IP address ranges to exclude from outbound traffic interception by the sidecar proxy. OutboundIPRangeExclusionList []string `json:"outboundIPRangeExclusionList"` // OutboundIPRangeInclusionList defines a global list of IP address ranges to include for outbound traffic interception by the sidecar proxy. // IP addresses outside this range will be excluded from outbound traffic interception by the sidecar proxy. OutboundIPRangeInclusionList []string `json:"outboundIPRangeInclusionList"` // OutboundPortExclusionList defines a global list of ports to exclude from outbound traffic interception by the sidecar proxy. OutboundPortExclusionList []int `json:"outboundPortExclusionList"` // InboundPortExclusionList defines a global list of ports to exclude from inbound traffic interception by the sidecar proxy. InboundPortExclusionList []int `json:"inboundPortExclusionList"` // EnablePermissiveTrafficPolicyMode defines a boolean indicating if permissive traffic policy mode is enabled mesh-wide. EnablePermissiveTrafficPolicyMode bool `json:"enablePermissiveTrafficPolicyMode"` // InboundExternalAuthorization defines a ruleset that, if enabled, will configure a remote external authorization endpoint // for all inbound and ingress traffic in the mesh. InboundExternalAuthorization ExternalAuthzSpec `json:"inboundExternalAuthorization,omitempty"` // NetworkInterfaceExclusionList defines a global list of network interface // names to exclude from inbound and outbound traffic interception by the // sidecar proxy. NetworkInterfaceExclusionList []string `json:"networkInterfaceExclusionList"` // HTTP1PerRequestLoadBalancing defines a boolean indicating if load balancing based on request is enabled for http1. HTTP1PerRequestLoadBalancing bool `json:"http1PerRequestLoadBalancing"` // HTTP1PerRequestLoadBalancing defines a boolean indicating if load balancing based on request is enabled for http2. HTTP2PerRequestLoadBalancing bool `json:"http2PerRequestLoadBalancing"` // ServiceAccessMode defines a string indicating service access mode. // +kubebuilder:default=mixed ServiceAccessMode ServiceAccessMode `json:"serviceAccessMode"` // +kubebuilder:default={mustWithServicePort: false, withTrustDomain: true} // +optional ServiceAccessNames *ServiceAccessNames `json:"serviceAccessNames,omitempty"` }
TrafficSpec is the type used to represent FSM's traffic management configuration.
func (*TrafficSpec) DeepCopy ¶
func (in *TrafficSpec) DeepCopy() *TrafficSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrafficSpec.
func (*TrafficSpec) DeepCopyInto ¶
func (in *TrafficSpec) DeepCopyInto(out *TrafficSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TresorCASpec ¶
type TresorCASpec struct { // SecretRef specifies the secret in which the root certificate is stored SecretRef corev1.SecretReference `json:"secretRef"` }
TresorCASpec defines the configuration of Tresor's root certificate
func (*TresorCASpec) DeepCopy ¶
func (in *TresorCASpec) DeepCopy() *TresorCASpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TresorCASpec.
func (*TresorCASpec) DeepCopyInto ¶
func (in *TresorCASpec) DeepCopyInto(out *TresorCASpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type TresorProviderSpec ¶
type TresorProviderSpec struct { // CA specifies Tresor's ca configuration CA TresorCASpec `json:"ca"` }
TresorProviderSpec defines the configuration of the Tresor provider
func (*TresorProviderSpec) DeepCopy ¶
func (in *TresorProviderSpec) DeepCopy() *TresorProviderSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TresorProviderSpec.
func (*TresorProviderSpec) DeepCopyInto ¶
func (in *TresorProviderSpec) DeepCopyInto(out *TresorProviderSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultProviderSpec ¶
type VaultProviderSpec struct { // Host specifies the name of the Vault server Host string `json:"host"` // Port specifies the port of the Vault server Port int `json:"port"` // Role specifies the name of the role for use by mesh control plane Role string `json:"role"` // Protocol specifies the protocol for connections to Vault Protocol string `json:"protocol"` // Token specifies the configuration of the token to be used by mesh control plane // to connect to Vault Token VaultTokenSpec `json:"token"` }
VaultProviderSpec defines the configuration of the Vault provider
func (*VaultProviderSpec) DeepCopy ¶
func (in *VaultProviderSpec) DeepCopy() *VaultProviderSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultProviderSpec.
func (*VaultProviderSpec) DeepCopyInto ¶
func (in *VaultProviderSpec) DeepCopyInto(out *VaultProviderSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VaultTokenSpec ¶
type VaultTokenSpec struct { // SecretKeyRef specifies the secret in which the Vault token is stored SecretKeyRef SecretKeyReferenceSpec `json:"secretKeyRef"` }
VaultTokenSpec defines the configuration of the Vault token
func (*VaultTokenSpec) DeepCopy ¶
func (in *VaultTokenSpec) DeepCopy() *VaultTokenSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultTokenSpec.
func (*VaultTokenSpec) DeepCopyInto ¶
func (in *VaultTokenSpec) DeepCopyInto(out *VaultTokenSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WildcardDN ¶ added in v1.2.0
type WildcardDN struct { // Enable defines a boolean indicating if wildcard are enabled for local DNS Proxy. Enable bool `json:"enable"` // LOs defines loopback addresses for resolve DN. LOs []*ResolveAddr `json:"los"` // IPs defines ip addresses for resolve DN. IPs []*ResolveAddr `json:"ips"` }
WildcardDN is the type to represent FSM's Wildcard DN configuration.
func (*WildcardDN) DeepCopy ¶ added in v1.2.0
func (in *WildcardDN) DeepCopy() *WildcardDN
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WildcardDN.
func (*WildcardDN) DeepCopyInto ¶ added in v1.2.0
func (in *WildcardDN) DeepCopyInto(out *WildcardDN)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.