v1alpha3

package
v1.4.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 29, 2024 License: Apache-2.0 Imports: 4 Imported by: 0

Documentation

Overview

Package v1alpha3 is the v1alpha3 version of the API.

Index

Constants

View Source
const GroupName = "config.flomesh.io"

GroupName specifies the group name used to register the objects.

Variables

View Source
var (
	// localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes.
	SchemeBuilder runtime.SchemeBuilder

	// Deprecated: use Install instead
	AddToScheme = localSchemeBuilder.AddToScheme
	Install     = localSchemeBuilder.AddToScheme
)
View Source
var GroupVersion = v1.GroupVersion{Group: GroupName, Version: "v1alpha3"}

GroupVersion specifies the group and the version used to register the objects.

View Source
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha3"}

SchemeGroupVersion is group version used to register these objects Deprecated: use GroupVersion instead.

Functions

func Resource

func Resource(resource string) schema.GroupResource

Resource takes an unqualified resource and returns a Group qualified GroupResource

Types

type CertManagerProviderSpec

type CertManagerProviderSpec struct {
	// IssuerName specifies the name of the Issuer resource
	IssuerName string `json:"issuerName"`

	// IssuerKind specifies the kind of Issuer
	IssuerKind string `json:"issuerKind"`

	// IssuerGroup specifies the group the Issuer belongs to
	IssuerGroup string `json:"issuerGroup"`
}

CertManagerProviderSpec defines the configuration of the cert-manager provider

func (*CertManagerProviderSpec) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertManagerProviderSpec.

func (*CertManagerProviderSpec) DeepCopyInto

func (in *CertManagerProviderSpec) DeepCopyInto(out *CertManagerProviderSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CertificateSpec

type CertificateSpec struct {
	// ServiceCertValidityDuration defines the service certificate validity duration.
	ServiceCertValidityDuration string `json:"serviceCertValidityDuration,omitempty"`

	// CertKeyBitSize defines the certicate key bit size.
	CertKeyBitSize int `json:"certKeyBitSize,omitempty"`

	// IngressGateway defines the certificate specification for an ingress gateway.
	// +optional
	IngressGateway *IngressGatewayCertSpec `json:"ingressGateway,omitempty"`
}

CertificateSpec is the type to reperesent FSM's certificate management configuration.

func (*CertificateSpec) DeepCopy

func (in *CertificateSpec) DeepCopy() *CertificateSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateSpec.

func (*CertificateSpec) DeepCopyInto

func (in *CertificateSpec) DeepCopyInto(out *CertificateSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CloudServiceAccessNames added in v1.3.8

type CloudServiceAccessNames struct {
	// +kubebuilder:default=true
	// +optional
	WithNamespace bool `json:"withNamespace,omitempty"`
}

func (*CloudServiceAccessNames) DeepCopy added in v1.3.8

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudServiceAccessNames.

func (*CloudServiceAccessNames) DeepCopyInto added in v1.3.8

func (in *CloudServiceAccessNames) DeepCopyInto(out *CloudServiceAccessNames)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterPropertySpec

type ClusterPropertySpec struct {
	// Name defines the name of cluster property.
	Name string `json:"name"`

	// Value defines the name of cluster property.
	Value string `json:"value"`
}

ClusterPropertySpec is the type to represent cluster property.

func (*ClusterPropertySpec) DeepCopy

func (in *ClusterPropertySpec) DeepCopy() *ClusterPropertySpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPropertySpec.

func (*ClusterPropertySpec) DeepCopyInto

func (in *ClusterPropertySpec) DeepCopyInto(out *ClusterPropertySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterSetSpec

type ClusterSetSpec struct {
	// +kubebuilder:default=false
	// IsManaged defines if the cluster is managed.
	IsManaged bool `json:"isManaged"`

	// UID defines Unique ID of cluster.
	UID string `json:"uid"`

	// +kubebuilder:default=default
	// +optional
	// Region defines Region of cluster.
	Region string `json:"region"`

	// +kubebuilder:default=default
	// +optional
	// Zone defines Zone of cluster.
	Zone string `json:"zone"`

	// +kubebuilder:default=default
	// +optional
	// Group defines Group of cluster.
	Group string `json:"group"`

	// Name defines Name of cluster.
	Name string `json:"name"`

	// ControlPlaneUID defines the unique ID of the control plane cluster,
	//   in case it's managed
	ControlPlaneUID string `json:"controlPlaneUID"`

	// Properties defines properties for cluster.
	Properties []ClusterPropertySpec `json:"properties"`
}

ClusterSetSpec is the type to represent cluster set.

func (*ClusterSetSpec) DeepCopy

func (in *ClusterSetSpec) DeepCopy() *ClusterSetSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSetSpec.

func (*ClusterSetSpec) DeepCopyInto

func (in *ClusterSetSpec) DeepCopyInto(out *ClusterSetSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ConnectorGatewaySpec added in v1.2.1

type ConnectorGatewaySpec struct {
	ClusterIP  string `json:"clusterIP"`
	ExternalIP string `json:"externalIP"`

	IngressAddr     string `json:"ingressAddr"`
	IngressHTTPPort uint   `json:"ingressHTTPPort"`
	IngressGRPCPort uint   `json:"ingressGRPCPort"`

	EgressAddr     string `json:"egressAddr"`
	EgressHTTPPort uint   `json:"egressHTTPPort"`
	EgressGRPCPort uint   `json:"egressGRPCPort"`
}

ConnectorGatewaySpec is the type to represent connector gateway configs.

func (*ConnectorGatewaySpec) DeepCopy added in v1.2.1

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConnectorGatewaySpec.

func (*ConnectorGatewaySpec) DeepCopyInto added in v1.2.1

func (in *ConnectorGatewaySpec) DeepCopyInto(out *ConnectorGatewaySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ConnectorSpec added in v1.2.1

type ConnectorSpec struct {
	// +kubebuilder:default=FailOver
	// +kubebuilder:validation:Enum=ActiveActive;FailOver
	// Type of global load distribution
	LbType LoadBalancerType `json:"lbType,omitempty"`

	// +kubebuilder:default="viaGateway Managed by fsm-connector-gateway."
	Notice string `json:"DO_NOT_EDIT_viaGateway"`

	// ViaGateway defines gateway settings
	ViaGateway ConnectorGatewaySpec `json:"viaGateway"`
}

ConnectorSpec is the type to represent connector configs.

func (*ConnectorSpec) DeepCopy added in v1.2.1

func (in *ConnectorSpec) DeepCopy() *ConnectorSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConnectorSpec.

func (*ConnectorSpec) DeepCopyInto added in v1.2.1

func (in *ConnectorSpec) DeepCopyInto(out *ConnectorSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type EgressGatewaySpec added in v1.1.1

type EgressGatewaySpec struct {
	// +kubebuilder:default=false
	// Enabled defines if flb is enabled.
	Enabled bool `json:"enabled"`

	// +kubebuilder:default=info
	// +kubebuilder:validation:Enum=trace;debug;info;warn;error;fatal;panic;disabled
	// LogLevel defines the log level of gateway api.
	LogLevel string `json:"logLevel"`

	// +kubebuilder:default=http2tunnel
	// +kubebuilder:validation:Enum=http2tunnel;sock5
	// Mode defines the mode of egress gateway.
	Mode string `json:"mode"`

	// +kubebuilder:default=1080
	// +kubebuilder:validation:Minimum=1
	// +kubebuilder:validation:Maximum=65535
	// Port defines the port of egress gateway.
	Port *int32 `json:"port,omitempty"`

	// +kubebuilder:default=6060
	// +kubebuilder:validation:Minimum=1
	// +kubebuilder:validation:Maximum=65535
	// AdminPort defines the admin port of egress gateway.
	AdminPort *int32 `json:"adminPort,omitempty"`

	// +kubebuilder:default=1
	// Replicas defines the replicas of egress gateway.
	Replicas *int32 `json:"replicas,omitempty"`
}

EgressGatewaySpec is the type to represent egress gateway.

func (*EgressGatewaySpec) DeepCopy added in v1.1.1

func (in *EgressGatewaySpec) DeepCopy() *EgressGatewaySpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EgressGatewaySpec.

func (*EgressGatewaySpec) DeepCopyInto added in v1.1.1

func (in *EgressGatewaySpec) DeepCopyInto(out *EgressGatewaySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExternalAuthzSpec

type ExternalAuthzSpec struct {
	// Enable defines a boolean indicating if the external authorization policy is to be enabled.
	Enable bool `json:"enable"`

	// Address defines the remote address of the external authorization endpoint.
	Address string `json:"address,omitempty"`

	// Port defines the destination port of the remote external authorization endpoint.
	Port uint16 `json:"port,omitempty"`

	// StatPrefix defines a prefix for the stats sink for this external authorization policy.
	StatPrefix string `json:"statPrefix,omitempty"`

	// Timeout defines the timeout in which a response from the external authorization endpoint.
	// is expected to execute.
	Timeout string `json:"timeout,omitempty"`

	// FailureModeAllow defines a boolean indicating if traffic should be allowed on a failure to get a
	// response against the external authorization endpoint.
	FailureModeAllow bool `json:"failureModeAllow"`
}

ExternalAuthzSpec is a type to represent external authorization configuration.

func (*ExternalAuthzSpec) DeepCopy

func (in *ExternalAuthzSpec) DeepCopy() *ExternalAuthzSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalAuthzSpec.

func (*ExternalAuthzSpec) DeepCopyInto

func (in *ExternalAuthzSpec) DeepCopyInto(out *ExternalAuthzSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type FLBSpec

type FLBSpec struct {
	// +kubebuilder:default=false
	// Enabled defines if flb is enabled.
	Enabled bool `json:"enabled"`

	// +kubebuilder:default=false
	// StrictMode defines if flb is in strict mode.
	StrictMode bool `json:"strictMode"`

	// +kubebuilder:default=Endpoint
	// +kubebuilder:validation:Enum=NodePort;Endpoint
	// UpstreamMode defines the upstream mode of flb.
	UpstreamMode FLBUpstreamMode `json:"upstreamMode"`

	// +kubebuilder:default=fsm-flb-secret
	// SecretName defines the secret name of flb.
	SecretName string `json:"secretName"`
}

FLBSpec is the type to represent flb.

func (*FLBSpec) DeepCopy

func (in *FLBSpec) DeepCopy() *FLBSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FLBSpec.

func (*FLBSpec) DeepCopyInto

func (in *FLBSpec) DeepCopyInto(out *FLBSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type FLBUpstreamMode added in v1.2.0

type FLBUpstreamMode string
const (
	FLBUpstreamModeNodePort FLBUpstreamMode = "NodePort"
	FLBUpstreamModeEndpoint FLBUpstreamMode = "Endpoint"
)

type FeatureFlags

type FeatureFlags struct {
	// EnableEgressPolicy defines if FSM's Egress policy is enabled.
	EnableEgressPolicy bool `json:"enableEgressPolicy"`

	// EnableSnapshotCacheMode defines if XDS server starts with snapshot cache.
	EnableSnapshotCacheMode bool `json:"enableSnapshotCacheMode"`

	//EnableAsyncProxyServiceMapping defines if FSM will map proxies to services asynchronously.
	EnableAsyncProxyServiceMapping bool `json:"enableAsyncProxyServiceMapping"`

	// EnableIngressBackendPolicy defines if FSM will use the IngressBackend API to allow ingress traffic to
	// service mesh backends.
	EnableIngressBackendPolicy bool `json:"enableIngressBackendPolicy"`

	// EnableAccessControlPolicy defines if FSM will use the AccessControl API to allow access control traffic to
	// service mesh backends.
	EnableAccessControlPolicy bool `json:"enableAccessControlPolicy"`

	// EnableAccessCertPolicy defines if FSM can issue certificates for external services..
	EnableAccessCertPolicy bool `json:"enableAccessCertPolicy"`

	// EnableSidecarPrettyConfig defines if pretty sidecar config is enabled.
	EnableSidecarPrettyConfig bool `json:"enableSidecarPrettyConfig"`

	// EnableSidecarActiveHealthChecks defines if FSM will Sidecar active health
	// checks between services allowed to communicate.
	EnableSidecarActiveHealthChecks bool `json:"enableSidecarActiveHealthChecks"`

	// EnableRetryPolicy defines if retry policy is enabled.
	EnableRetryPolicy bool `json:"enableRetryPolicy"`

	// EnablePluginPolicy defines if plugin policy is enabled.
	EnablePluginPolicy bool `json:"enablePluginPolicy"`

	// EnableAutoDefaultRoute defines if auto default route is enabled.
	EnableAutoDefaultRoute bool `json:"enableAutoDefaultRoute"`

	// EnableValidateGatewayListenerHostname defines if validate gateway listener hostname is enabled.
	EnableValidateGatewayListenerHostname bool `json:"enableValidateGatewayListenerHostname"`

	// EnableValidateHTTPRouteHostnames defines if validate http route hostnames is enabled.
	EnableValidateHTTPRouteHostnames bool `json:"enableValidateHTTPRouteHostnames"`

	// EnableValidateGRPCRouteHostnames defines if validate grpc route hostnames is enabled.
	EnableValidateGRPCRouteHostnames bool `json:"enableValidateGRPCRouteHostnames"`

	// EnableValidateTCPRouteHostnames defines if validate tcp route hostnames is enabled.
	EnableValidateTLSRouteHostnames bool `json:"enableValidateTLSRouteHostnames"`

	// EnableGatewayAgentService defines if agent service is enabled.
	EnableGatewayAgentService bool `json:"enableGatewayAgentService"`

	// EnableGatewayProxyTag defines if gateway proxy-tag header is enabled.
	EnableGatewayProxyTag bool `json:"enableGatewayProxyTag"`

	// UseEndpointSlicesForGateway defines if endpoint slices are enabled for calculating gateway routes.
	UseEndpointSlicesForGateway bool `json:"useEndpointSlicesForGateway"`
}

FeatureFlags is a type to represent FSM's feature flags.

func (*FeatureFlags) DeepCopy

func (in *FeatureFlags) DeepCopy() *FeatureFlags

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FeatureFlags.

func (*FeatureFlags) DeepCopyInto

func (in *FeatureFlags) DeepCopyInto(out *FeatureFlags)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type GatewayAPISpec

type GatewayAPISpec struct {
	// +kubebuilder:default=false
	// Enabled defines if gateway api is enabled.
	Enabled bool `json:"enabled"`

	// +kubebuilder:default=info
	// +kubebuilder:validation:Enum=trace;debug;info;warn;error;fatal;panic;disabled
	// LogLevel defines the log level of gateway api.
	LogLevel string `json:"logLevel"`

	// +kubebuilder:default=info
	// +kubebuilder:validation:Enum=trace;debug;info;warn;error;fatal;panic;disabled
	// FGWLogLevel defines the log level of FGW.
	FGWLogLevel string `json:"fgwLogLevel"`

	// +kubebuilder:default=false
	// StripAnyHostPort defines if strip any host port is enabled.
	StripAnyHostPort bool `json:"stripAnyHostPort"`

	// +kubebuilder:default=true
	// ProxyPreserveHost defines if proxy preserve host is enabled.
	ProxyPreserveHost bool `json:"proxyPreserveHost"`

	// +kubebuilder:default=443
	// SSLPassthroughUpstreamPort defines the default upstream port of SSL passthrough.
	SSLPassthroughUpstreamPort int32 `json:"sslPassthroughUpstreamPort"`

	// +kubebuilder:default=false
	// HTTP1PerRequestLoadBalancing defines if load balancing based on per-request is enabled for http1.
	HTTP1PerRequestLoadBalancing bool `json:"http1PerRequestLoadBalancing"`

	// +kubebuilder:default=false
	// HTTP2PerRequestLoadBalancing defines if load balancing based on per-request is enabled for http2.
	HTTP2PerRequestLoadBalancing bool `json:"http2PerRequestLoadBalancing"`

	// +kubebuilder:default={srcHostHeader: "orig-host", dstHostHeader: "proxy-tag"}
	// ProxyTag defines the proxy tag configuration of gateway api.
	ProxyTag ProxyTag `json:"proxyTag"`
}

GatewayAPISpec is the type to represent gateway api.

func (*GatewayAPISpec) DeepCopy

func (in *GatewayAPISpec) DeepCopy() *GatewayAPISpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayAPISpec.

func (*GatewayAPISpec) DeepCopyInto

func (in *GatewayAPISpec) DeepCopyInto(out *GatewayAPISpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type HTTP

type HTTP struct {
	// +kubebuilder:default=true
	// Enabled defines if http is enabled.
	Enabled bool `json:"enabled"`

	// +kubebuilder:default=80
	// +kubebuilder:validation:Minimum=1
	// +kubebuilder:validation:Maximum=65535
	// Bind defines the bind port of http.
	Bind int32 `json:"bind"`

	// +kubebuilder:default=8000
	// +kubebuilder:validation:Minimum=1
	// +kubebuilder:validation:Maximum=65535
	// Listen defines the listen port of http.
	Listen int32 `json:"listen"`

	// +kubebuilder:default=30508
	// +kubebuilder:validation:Minimum=1
	// +kubebuilder:validation:Maximum=65535
	// NodePort defines the node port of http.
	NodePort int32 `json:"nodePort"`
}

HTTP is the type to represent http.

func (*HTTP) DeepCopy

func (in *HTTP) DeepCopy() *HTTP

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTP.

func (*HTTP) DeepCopyInto

func (in *HTTP) DeepCopyInto(out *HTTP)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ImageSpec

type ImageSpec struct {
	// +kubebuilder:default=flomesh
	// Registry defines the registry of docker image.
	Registry string `json:"registry"`

	// +kubebuilder:default=latest
	// Tag defines the tag of docker image.
	Tag string `json:"tag"`

	// +kubebuilder:default=IfNotPresent
	// PullPolicy defines the pull policy of docker image.
	PullPolicy corev1.PullPolicy `json:"pullPolicy"`
}

ImageSpec is the type to represent image.

func (*ImageSpec) DeepCopy

func (in *ImageSpec) DeepCopy() *ImageSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageSpec.

func (*ImageSpec) DeepCopyInto

func (in *ImageSpec) DeepCopyInto(out *ImageSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type IngressGatewayCertSpec

type IngressGatewayCertSpec struct {
	// SubjectAltNames defines the Subject Alternative Names (domain names and IP addresses) secured by the certificate.
	SubjectAltNames []string `json:"subjectAltNames"`

	// ValidityDuration defines the validity duration of the certificate.
	ValidityDuration string `json:"validityDuration"`

	// Secret defines the secret in which the certificate is stored.
	Secret corev1.SecretReference `json:"secret"`
}

IngressGatewayCertSpec is the type to represent the certificate specification for an ingress gateway.

func (*IngressGatewayCertSpec) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressGatewayCertSpec.

func (*IngressGatewayCertSpec) DeepCopyInto

func (in *IngressGatewayCertSpec) DeepCopyInto(out *IngressGatewayCertSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type IngressSpec

type IngressSpec struct {
	// +kubebuilder:default=true
	// Enabled defines if ingress is enabled.
	Enabled bool `json:"enabled"`

	// +kubebuilder:default=false
	// Namespaced defines if ingress is namespaced.
	Namespaced bool `json:"namespaced"`

	// +kubebuilder:default=LoadBalancer
	// +kubebuilder:validation:Enum=LoadBalancer;NodePort
	// Type defines the type of ingress service.
	Type corev1.ServiceType `json:"type"`

	// +kubebuilder:default=info
	// +kubebuilder:validation:Enum=trace;debug;info;warn;error;fatal;panic;disabled
	// LogLevel defines the log level of ingress.
	LogLevel string `json:"logLevel"`

	// +kubebuilder:default={enabled: true, bind: 80, listen: 8000, nodePort: 30508}
	// +optional
	// HTTP defines the http configuration of ingress.
	HTTP *HTTP `json:"http"`

	// +kubebuilder:default={enabled: true, bind: 443, listen: 8443, nodePort: 30607, mTLS: false}
	// +optional
	// TLS defines the tls configuration of ingress.
	TLS *TLS `json:"tls"`
}

IngressSpec is the type to represent ingress.

func (*IngressSpec) DeepCopy

func (in *IngressSpec) DeepCopy() *IngressSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressSpec.

func (*IngressSpec) DeepCopyInto

func (in *IngressSpec) DeepCopyInto(out *IngressSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type LoadBalancerType added in v1.3.8

type LoadBalancerType string

LoadBalancerType defines the type of load balancer

const (
	// ActiveActiveLbType is the type of load balancer that distributes traffic to all targets
	ActiveActiveLbType LoadBalancerType = "ActiveActive"

	// FailOverLbType is the type of load balancer that distributes traffic to the first available target
	FailOverLbType LoadBalancerType = "FailOver"
)

type LocalDNSProxy

type LocalDNSProxy struct {
	// Enable defines a boolean indicating if the sidecars are enabled for local DNS Proxy.
	Enable bool `json:"enable"`

	// PrimaryUpstreamDNSServerIPAddr defines a primary upstream DNS server for local DNS Proxy.
	// +optional
	PrimaryUpstreamDNSServerIPAddr string `json:"primaryUpstreamDNSServerIPAddr,omitempty"`

	// SecondaryUpstreamDNSServerIPAddr defines a secondary upstream DNS server for local DNS Proxy.
	// +optional
	SecondaryUpstreamDNSServerIPAddr string `json:"secondaryUpstreamDNSServerIPAddr,omitempty"`

	// +kubebuilder:default=false
	// +optional
	GenerateIPv6BasedOnIPv4 bool `json:"generateIPv6BasedOnIPv4,omitempty"`

	// Wildcard defines Wildcard DN.
	Wildcard WildcardDN `json:"wildcard"`

	// DB defines Resolve DB.
	DB []ResolveDN `json:"db,omitempty"`
}

LocalDNSProxy is the type to represent FSM's local DNS proxy configuration.

func (*LocalDNSProxy) DeepCopy

func (in *LocalDNSProxy) DeepCopy() *LocalDNSProxy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalDNSProxy.

func (*LocalDNSProxy) DeepCopyInto

func (in *LocalDNSProxy) DeepCopyInto(out *LocalDNSProxy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type LocalProxyMode

type LocalProxyMode string

LocalProxyMode is a type alias representing the way the sidecar proxies to the main application +kubebuilder:validation:Enum=Localhost;PodIP

const (
	// LocalProxyModeLocalhost indicates the the sidecar should communicate with the main application over localhost
	LocalProxyModeLocalhost LocalProxyMode = "Localhost"
	// LocalProxyModePodIP indicates that the sidecar should communicate with the main application via the pod ip
	LocalProxyModePodIP LocalProxyMode = "PodIP"
)

type MeshConfig

type MeshConfig struct {
	// Object's type metadata.
	metav1.TypeMeta `json:",inline" yaml:",inline"`

	// Object's metadata.
	// +optional
	metav1.ObjectMeta `json:"metadata,omitempty" yaml:"metadata,omitempty"`

	// Spec is the MeshConfig specification.
	// +optional
	Spec MeshConfigSpec `json:"spec,omitempty" yaml:"spec,omitempty"`
}

MeshConfig is the type used to represent the mesh configuration. +genclient +genclient:noStatus +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +kubebuilder:storageversion +kubebuilder:metadata:labels=app.kubernetes.io/name=flomesh.io +kubebuilder:resource:shortName=meshconfig,scope=Namespaced

func (*MeshConfig) DeepCopy

func (in *MeshConfig) DeepCopy() *MeshConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MeshConfig.

func (*MeshConfig) DeepCopyInto

func (in *MeshConfig) DeepCopyInto(out *MeshConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*MeshConfig) DeepCopyObject

func (in *MeshConfig) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type MeshConfigList

type MeshConfigList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`

	Items []MeshConfig `json:"items"`
}

MeshConfigList lists the MeshConfig objects. +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

func (*MeshConfigList) DeepCopy

func (in *MeshConfigList) DeepCopy() *MeshConfigList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MeshConfigList.

func (*MeshConfigList) DeepCopyInto

func (in *MeshConfigList) DeepCopyInto(out *MeshConfigList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*MeshConfigList) DeepCopyObject

func (in *MeshConfigList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type MeshConfigSpec

type MeshConfigSpec struct {
	// ClusterSetSpec defines the configurations of cluster.
	ClusterSet ClusterSetSpec `json:"clusterSet,omitempty"`

	// Sidecar defines the configurations of the proxy sidecar in a mesh.
	Sidecar SidecarSpec `json:"sidecar,omitempty"`

	// RepoServer defines the configurations of pipy repo server.
	RepoServer RepoServerSpec `json:"repoServer,omitempty"`

	// Traffic defines the traffic management configurations for a mesh instance.
	Traffic TrafficSpec `json:"traffic,omitempty"`

	// Observalility defines the observability configurations for a mesh instance.
	Observability ObservabilitySpec `json:"observability,omitempty"`

	// Certificate defines the certificate management configurations for a mesh instance.
	Certificate CertificateSpec `json:"certificate,omitempty"`

	// FeatureFlags defines the feature flags for a mesh instance.
	FeatureFlags FeatureFlags `json:"featureFlags,omitempty"`

	// PluginChains defines the default plugin chains.
	PluginChains PluginChainsSpec `json:"pluginChains,omitempty"`

	// Ingress defines the configurations of Ingress features.
	Ingress IngressSpec `json:"ingress,omitempty"`

	// GatewayAPI defines the configurations of GatewayAPI features.
	GatewayAPI GatewayAPISpec `json:"gatewayAPI,omitempty"`

	// ServiceLB defines the configurations of ServiceLBServiceLB features.
	ServiceLB ServiceLBSpec `json:"serviceLB,omitempty"`

	// FLB defines the configurations of FLB features.
	FLB FLBSpec `json:"flb,omitempty"`

	// EgressGateway defines the configurations of EgressGateway features.
	EgressGateway EgressGatewaySpec `json:"egressGateway,omitempty"`

	// Image defines the configurations of Image info
	Image ImageSpec `json:"image"`

	// Misc defines the configurations of misc info
	Misc MiscSpec `json:"misc"`

	// Connector defines the configurations of connector info
	Connector ConnectorSpec `json:"connector"`
}

MeshConfigSpec is the spec for FSM's configuration.

func (*MeshConfigSpec) DeepCopy

func (in *MeshConfigSpec) DeepCopy() *MeshConfigSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MeshConfigSpec.

func (*MeshConfigSpec) DeepCopyInto

func (in *MeshConfigSpec) DeepCopyInto(out *MeshConfigSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type MeshRootCertificate

type MeshRootCertificate struct {
	// Object's type metadata
	metav1.TypeMeta `json:",inline"`

	// Object's metadata
	// +optional
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// Spec is the MeshRootCertificate config specification
	// +optional
	Spec MeshRootCertificateSpec `json:"spec,omitempty"`

	// Status of the MeshRootCertificate resource
	// +optional
	Status MeshRootCertificateStatus `json:"status,omitempty"`
}

MeshRootCertificate defines the configuration for certificate issuing by the mesh control plane +genclient +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +kubebuilder:storageversion +kubebuilder:metadata:labels=app.kubernetes.io/name=flomesh.io +kubebuilder:resource:shortName=mrc,scope=Namespaced

func (*MeshRootCertificate) DeepCopy

func (in *MeshRootCertificate) DeepCopy() *MeshRootCertificate

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MeshRootCertificate.

func (*MeshRootCertificate) DeepCopyInto

func (in *MeshRootCertificate) DeepCopyInto(out *MeshRootCertificate)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*MeshRootCertificate) DeepCopyObject

func (in *MeshRootCertificate) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type MeshRootCertificateList

type MeshRootCertificateList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata"`

	Items []MeshRootCertificate `json:"items"`
}

MeshRootCertificateList defines the list of MeshRootCertificate objects +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

func (*MeshRootCertificateList) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MeshRootCertificateList.

func (*MeshRootCertificateList) DeepCopyInto

func (in *MeshRootCertificateList) DeepCopyInto(out *MeshRootCertificateList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*MeshRootCertificateList) DeepCopyObject

func (in *MeshRootCertificateList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type MeshRootCertificateSpec

type MeshRootCertificateSpec struct {
	// Provider specifies the mesh certificate provider
	Provider ProviderSpec `json:"provider"`

	// TrustDomain is the trust domain to use as a suffix in Common Names for new certificates.
	TrustDomain string `json:"trustDomain"`
}

MeshRootCertificateSpec defines the mesh root certificate specification

func (*MeshRootCertificateSpec) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MeshRootCertificateSpec.

func (*MeshRootCertificateSpec) DeepCopyInto

func (in *MeshRootCertificateSpec) DeepCopyInto(out *MeshRootCertificateSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type MeshRootCertificateStatus

type MeshRootCertificateStatus struct {
	// State specifies the state of the certificate provider
	// All states are specified in constants.go
	State string `json:"state"`
}

MeshRootCertificateStatus defines the status of the MeshRootCertificate resource

func (*MeshRootCertificateStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MeshRootCertificateStatus.

func (*MeshRootCertificateStatus) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type MiscSpec added in v1.1.1

type MiscSpec struct {
	// +kubebuilder:default="flomesh/pipy-repo:1.5.0"
	// RepoServerImage defines the image of repo server.
	RepoServerImage string `json:"repoServerImage"`
}

MiscSpec is the type to represent misc configs.

func (*MiscSpec) DeepCopy added in v1.1.1

func (in *MiscSpec) DeepCopy() *MiscSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MiscSpec.

func (*MiscSpec) DeepCopyInto added in v1.1.1

func (in *MiscSpec) DeepCopyInto(out *MiscSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ObservabilitySpec

type ObservabilitySpec struct {
	// +kubebuilder:validation:Enum=trace;debug;info;warn;error;fatal;panic;disabled
	// FSMLogLevel defines the log level for FSM control plane logs.
	FSMLogLevel string `json:"fsmLogLevel,omitempty"`

	// EnableDebugServer defines if the debug endpoint on the FSM controller pod is enabled.
	EnableDebugServer bool `json:"enableDebugServer"`

	// Tracing defines FSM's tracing configuration.
	Tracing TracingSpec `json:"tracing,omitempty"`

	// RemoteLogging defines FSM's remote logging configuration.
	RemoteLogging RemoteLoggingSpec `json:"remoteLogging,omitempty"`
}

ObservabilitySpec is the type to represent FSM's observability configurations.

func (*ObservabilitySpec) DeepCopy

func (in *ObservabilitySpec) DeepCopy() *ObservabilitySpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObservabilitySpec.

func (*ObservabilitySpec) DeepCopyInto

func (in *ObservabilitySpec) DeepCopyInto(out *ObservabilitySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PluginChainSpec

type PluginChainSpec struct {
	// Plugin defines the name of plugin
	Plugin string `json:"plugin"`

	// Priority defines the priority of plugin
	Priority float32 `json:"priority"`

	// Disable defines the visibility of plugin
	Disable bool `json:"disable"`
}

PluginChainSpec is the type to represent plugin chain.

func (*PluginChainSpec) DeepCopy

func (in *PluginChainSpec) DeepCopy() *PluginChainSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PluginChainSpec.

func (*PluginChainSpec) DeepCopyInto

func (in *PluginChainSpec) DeepCopyInto(out *PluginChainSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PluginChainsSpec

type PluginChainsSpec struct {
	// InboundTCPChains defines inbound tcp chains
	InboundTCPChains []*PluginChainSpec `json:"inbound-tcp"`

	// InboundHTTPChains defines inbound http chains
	InboundHTTPChains []*PluginChainSpec `json:"inbound-http"`

	// OutboundTCPChains defines outbound tcp chains
	OutboundTCPChains []*PluginChainSpec `json:"outbound-tcp"`

	// OutboundHTTPChains defines outbound http chains
	OutboundHTTPChains []*PluginChainSpec `json:"outbound-http"`
}

PluginChainsSpec is the type to represent plugin chains.

func (*PluginChainsSpec) DeepCopy

func (in *PluginChainsSpec) DeepCopy() *PluginChainsSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PluginChainsSpec.

func (*PluginChainsSpec) DeepCopyInto

func (in *PluginChainsSpec) DeepCopyInto(out *PluginChainsSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ProviderSpec

type ProviderSpec struct {
	// CertManager specifies the cert-manager provider configuration
	// +optional
	CertManager *CertManagerProviderSpec `json:"certManager,omitempty"`

	// Vault specifies the vault provider configuration
	// +optional
	Vault *VaultProviderSpec `json:"vault,omitempty"`

	// Tresor specifies the Tresor provider configuration
	// +optional
	Tresor *TresorProviderSpec `json:"tresor,omitempty"`
}

ProviderSpec defines the certificate provider used by the mesh control plane

func (*ProviderSpec) DeepCopy

func (in *ProviderSpec) DeepCopy() *ProviderSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProviderSpec.

func (*ProviderSpec) DeepCopyInto

func (in *ProviderSpec) DeepCopyInto(out *ProviderSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ProxyTag added in v1.2.0

type ProxyTag struct {
	// +kubebuilder:default="orig-host"
	// SrcHostHeader defines the src host header.
	SrcHostHeader string `json:"srcHostHeader"`

	// +kubebuilder:default="proxy-tag"
	// DstHostHeader defines the dst host header.
	DstHostHeader string `json:"dstHostHeader"`
}

func (*ProxyTag) DeepCopy added in v1.2.0

func (in *ProxyTag) DeepCopy() *ProxyTag

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyTag.

func (*ProxyTag) DeepCopyInto added in v1.2.0

func (in *ProxyTag) DeepCopyInto(out *ProxyTag)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RemoteLoggingSpec

type RemoteLoggingSpec struct {
	// Enable defines a boolean indicating if the sidecars are enabled for remote logging.
	Enable bool `json:"enable"`

	// Level defines the remote logging's level.
	Level uint16 `json:"level,omitempty"`

	// Port defines the remote logging's port.
	Port int16 `json:"port,omitempty"`

	// Address defines the remote logging's hostname.
	Address string `json:"address,omitempty"`

	// Endpoint defines the API endpoint for remote logging requests sent to the collector.
	Endpoint string `json:"endpoint,omitempty"`

	// Authorization defines the access entity that allows to authorize someone in remote logging service.
	Authorization string `json:"authorization,omitempty"`

	// SampledFraction defines the sampled fraction.
	SampledFraction *string `json:"sampledFraction,omitempty"`

	// SecretName defines the name of the secret that contains the configuration for remote logging.
	SecretName string `json:"secretName,omitempty"`
}

RemoteLoggingSpec is the type to represent FSM's remote logging configuration.

func (*RemoteLoggingSpec) DeepCopy

func (in *RemoteLoggingSpec) DeepCopy() *RemoteLoggingSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RemoteLoggingSpec.

func (*RemoteLoggingSpec) DeepCopyInto

func (in *RemoteLoggingSpec) DeepCopyInto(out *RemoteLoggingSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RepoServerSpec

type RepoServerSpec struct {
	// IPAddr of the pipy repo server
	IPAddr string `json:"ipaddr"`

	// Port defines the pipy repo server's port.
	Port int16 `json:"port,omitempty"`

	// Codebase is the folder used by fsmController
	Codebase string `json:"codebase"`
}

RepoServerSpec is the type to represent repo server.

func (*RepoServerSpec) DeepCopy

func (in *RepoServerSpec) DeepCopy() *RepoServerSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RepoServerSpec.

func (*RepoServerSpec) DeepCopyInto

func (in *RepoServerSpec) DeepCopyInto(out *RepoServerSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ResolveAddr added in v1.3.9

type ResolveAddr struct {
	// IPv4 defines a ipv4 address for resolve DN.
	IPv4 string `json:"ipv4"`

	// IPv6 defines a ipv6 address for resolve DN.
	IPv6 string `json:"ipv6,omitempty"`
}

ResolveAddr is the type to represent FSM's Resolve Addr configuration.

func (*ResolveAddr) DeepCopy added in v1.3.9

func (in *ResolveAddr) DeepCopy() *ResolveAddr

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResolveAddr.

func (*ResolveAddr) DeepCopyInto added in v1.3.9

func (in *ResolveAddr) DeepCopyInto(out *ResolveAddr)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ResolveDN added in v1.2.0

type ResolveDN struct {
	// DN defines resolve DN.
	DN string `json:"dn"`

	// IPs defines ip addresses for resolve DN.
	IPs []*ResolveAddr `json:"ips"`
}

ResolveDN is the type to represent FSM's Resolve DN configuration.

func (*ResolveDN) DeepCopy added in v1.2.0

func (in *ResolveDN) DeepCopy() *ResolveDN

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResolveDN.

func (*ResolveDN) DeepCopyInto added in v1.2.0

func (in *ResolveDN) DeepCopyInto(out *ResolveDN)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SSLPassthrough

type SSLPassthrough struct {
	// +kubebuilder:default=false
	// Enabled defines if ssl passthrough is enabled.
	Enabled bool `json:"enabled"`

	// +kubebuilder:default=443
	// +kubebuilder:validation:Minimum=1
	// +kubebuilder:validation:Maximum=65535
	// UpstreamPort defines the upstream port of ssl passthrough.
	UpstreamPort int32 `json:"upstreamPort"`
}

SSLPassthrough is the type to represent ssl passthrough.

func (*SSLPassthrough) DeepCopy

func (in *SSLPassthrough) DeepCopy() *SSLPassthrough

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SSLPassthrough.

func (*SSLPassthrough) DeepCopyInto

func (in *SSLPassthrough) DeepCopyInto(out *SSLPassthrough)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretKeyReferenceSpec

type SecretKeyReferenceSpec struct {
	// Name specifies the name of the secret in which the Vault token is stored
	Name string `json:"name"`

	// Key specifies the key whose value is the Vault token
	Key string `json:"key"`

	// Namespace specifies the namespace of the secret in which the Vault token is stored
	Namespace string `json:"namespace"`
}

SecretKeyReferenceSpec defines the configuration of the secret reference

func (*SecretKeyReferenceSpec) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretKeyReferenceSpec.

func (*SecretKeyReferenceSpec) DeepCopyInto

func (in *SecretKeyReferenceSpec) DeepCopyInto(out *SecretKeyReferenceSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ServiceAccessMode added in v1.3.8

type ServiceAccessMode string

ServiceAccessMode is a type alias representing the mode service accessed. +kubebuilder:validation:Enum=ip;domain;mixed

const (
	//ServiceAccessModeIP defines the ip service access mode
	ServiceAccessModeIP ServiceAccessMode = "ip"

	//ServiceAccessModeDomain defines the domain service access mode
	ServiceAccessModeDomain ServiceAccessMode = "domain"

	//ServiceAccessModeMixed defines the mixed service access mode
	ServiceAccessModeMixed ServiceAccessMode = "mixed"
)

type ServiceAccessNames added in v1.3.8

type ServiceAccessNames struct {
	// +kubebuilder:default=false
	// +optional
	MustWithServicePort bool `json:"mustWithServicePort,omitempty"`

	// +kubebuilder:default=true
	// +optional
	WithTrustDomain bool `json:"withTrustDomain,omitempty"`

	// +kubebuilder:default={withNamespace: true}
	// +optional
	CloudServiceAccessNames *CloudServiceAccessNames `json:"cloud,omitempty"`
}

func (*ServiceAccessNames) DeepCopy added in v1.3.8

func (in *ServiceAccessNames) DeepCopy() *ServiceAccessNames

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccessNames.

func (*ServiceAccessNames) DeepCopyInto added in v1.3.8

func (in *ServiceAccessNames) DeepCopyInto(out *ServiceAccessNames)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ServiceLBSpec

type ServiceLBSpec struct {
	// +kubebuilder:default=false
	// Enabled defines if service lb is enabled.
	Enabled bool `json:"enabled"`

	// +kubebuilder:default="flomesh/mirrored-klipper-lb:v0.4.7"
	// Image defines the service lb image.
	Image string `json:"image"`
}

ServiceLBSpec is the type to represent service lb.

func (*ServiceLBSpec) DeepCopy

func (in *ServiceLBSpec) DeepCopy() *ServiceLBSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceLBSpec.

func (*ServiceLBSpec) DeepCopyInto

func (in *ServiceLBSpec) DeepCopyInto(out *ServiceLBSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SidecarSpec

type SidecarSpec struct {
	// EnablePrivilegedInitContainer defines a boolean indicating whether the init container for a meshed pod should run as privileged.
	EnablePrivilegedInitContainer bool `json:"enablePrivilegedInitContainer"`

	// +kubebuilder:default=true
	// +optional
	CompressConfig bool `json:"compressConfig"`

	// LogLevel defines the logging level for the sidecar's logs. Non developers should generally never set this value. In production environments the LogLevel should be set to error.
	LogLevel string `json:"logLevel,omitempty"`

	// SidecarImage defines the container image used for the proxy sidecar.
	SidecarImage string `json:"sidecarImage,omitempty"`

	// SidecarDisabledMTLS defines whether mTLS is disabled.
	SidecarDisabledMTLS bool `json:"sidecarDisabledMTLS"`

	// MaxDataPlaneConnections defines the maximum allowed data plane connections from a proxy sidecar to the FSM controller.
	MaxDataPlaneConnections int `json:"maxDataPlaneConnections,omitempty"`

	// ConfigResyncInterval defines the resync interval for regular proxy broadcast updates.
	ConfigResyncInterval string `json:"configResyncInterval,omitempty"`

	// SidecarTimeout defines the connect/idle/read/write timeout.
	SidecarTimeout int `json:"sidecarTimeout,omitempty"`

	// Resources defines the compute resources for the sidecar.
	Resources corev1.ResourceRequirements `json:"resources,omitempty"`

	// InitResources defines the compute resources for init container.
	InitResources corev1.ResourceRequirements `json:"initResources,omitempty"`

	// HealthcheckResources defines the compute resources for init container.
	HealthcheckResources corev1.ResourceRequirements `json:"healthcheckResources,omitempty"`

	// TLSMinProtocolVersion defines the minimum TLS protocol version that the sidecar supports. Valid TLS protocol versions are TLS_AUTO, TLSv1_0, TLSv1_1, TLSv1_2 and TLSv1_3.
	TLSMinProtocolVersion string `json:"tlsMinProtocolVersion,omitempty"`

	// TLSMaxProtocolVersion defines the maximum TLS protocol version that the sidecar supports. Valid TLS protocol versions are TLS_AUTO, TLSv1_0, TLSv1_1, TLSv1_2 and TLSv1_3.
	TLSMaxProtocolVersion string `json:"tlsMaxProtocolVersion,omitempty"`

	// CipherSuites defines a list of ciphers that listener supports when negotiating TLS 1.0-1.2. This setting has no effect when negotiating TLS 1.3. For valid cipher names, see the latest OpenSSL ciphers manual page. E.g. https://www.openssl.org/docs/man1.1.1/apps/ciphers.html.
	CipherSuites []string `json:"cipherSuites,omitempty"`

	// ECDHCurves defines a list of ECDH curves that TLS connection supports. If not specified, the curves are [X25519, P-256] for non-FIPS build and P-256 for builds using BoringSSL FIPS.
	ECDHCurves []string `json:"ecdhCurves,omitempty"`

	// LocalProxyMode defines the network interface the proxy will use to send traffic to the backend service application. Acceptable values are [`Localhost`, `PodIP`]. The default is `Localhost`
	LocalProxyMode LocalProxyMode `json:"localProxyMode,omitempty"`

	// LocalDNSProxy improves the performance of your computer by caching the responses coming from your DNS servers
	LocalDNSProxy LocalDNSProxy `json:"localDNSProxy,omitempty"`
}

SidecarSpec is the type used to represent the specifications for the proxy sidecar.

func (*SidecarSpec) DeepCopy

func (in *SidecarSpec) DeepCopy() *SidecarSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SidecarSpec.

func (*SidecarSpec) DeepCopyInto

func (in *SidecarSpec) DeepCopyInto(out *SidecarSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TLS

type TLS struct {
	// +kubebuilder:default=false
	// Enabled defines if tls is enabled.
	Enabled bool `json:"enabled"`

	// +kubebuilder:default=443
	// +kubebuilder:validation:Minimum=1
	// +kubebuilder:validation:Maximum=65535
	// Bind defines the bind port of tls.
	Bind int32 `json:"bind" validate:"gte=1,lte=65535"`

	// +kubebuilder:default=8443
	// +kubebuilder:validation:Minimum=1
	// +kubebuilder:validation:Maximum=65535
	// Listen defines the listen port of tls.
	Listen int32 `json:"listen" validate:"gte=1,lte=65535"`

	// +kubebuilder:default=30607
	// +kubebuilder:validation:Minimum=1
	// +kubebuilder:validation:Maximum=65535
	// NodePort defines the node port of tls.
	NodePort int32 `json:"nodePort" validate:"gte=0,lte=65535"`

	// +kubebuilder:default=false
	// MTLS defines if mTLS is enabled.
	MTLS bool `json:"mTLS"`

	// +kubebuilder:default={enabled: false, upstreamPort: 443}
	// +optional
	// SSLPassthrough defines the ssl passthrough configuration of tls.
	SSLPassthrough *SSLPassthrough `json:"sslPassthrough"`
}

TLS is the type to represent tls.

func (*TLS) DeepCopy

func (in *TLS) DeepCopy() *TLS

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLS.

func (*TLS) DeepCopyInto

func (in *TLS) DeepCopyInto(out *TLS)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TracingSpec

type TracingSpec struct {
	// Enable defines a boolean indicating if the sidecars are enabled for tracing.
	Enable bool `json:"enable"`

	// Port defines the tracing collector's port.
	Port int16 `json:"port,omitempty"`

	// Address defines the tracing collectio's hostname.
	Address string `json:"address,omitempty"`

	// Endpoint defines the API endpoint for tracing requests sent to the collector.
	Endpoint string `json:"endpoint,omitempty"`

	// SampledFraction defines the sampled fraction.
	SampledFraction *string `json:"sampledFraction,omitempty"`
}

TracingSpec is the type to represent FSM's tracing configuration.

func (*TracingSpec) DeepCopy

func (in *TracingSpec) DeepCopy() *TracingSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TracingSpec.

func (*TracingSpec) DeepCopyInto

func (in *TracingSpec) DeepCopyInto(out *TracingSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TrafficSpec

type TrafficSpec struct {
	// InterceptionMode defines a string indicating which traffic interception mode is used.
	InterceptionMode string `json:"interceptionMode"`

	// EnableEgress defines a boolean indicating if mesh-wide Egress is enabled.
	EnableEgress bool `json:"enableEgress"`

	// OutboundIPRangeExclusionList defines a global list of IP address ranges to exclude from outbound traffic interception by the sidecar proxy.
	OutboundIPRangeExclusionList []string `json:"outboundIPRangeExclusionList"`

	// OutboundIPRangeInclusionList defines a global list of IP address ranges to include for outbound traffic interception by the sidecar proxy.
	// IP addresses outside this range will be excluded from outbound traffic interception by the sidecar proxy.
	OutboundIPRangeInclusionList []string `json:"outboundIPRangeInclusionList"`

	// OutboundPortExclusionList defines a global list of ports to exclude from outbound traffic interception by the sidecar proxy.
	OutboundPortExclusionList []int `json:"outboundPortExclusionList"`

	// InboundPortExclusionList defines a global list of ports to exclude from inbound traffic interception by the sidecar proxy.
	InboundPortExclusionList []int `json:"inboundPortExclusionList"`

	// EnablePermissiveTrafficPolicyMode defines a boolean indicating if permissive traffic policy mode is enabled mesh-wide.
	EnablePermissiveTrafficPolicyMode bool `json:"enablePermissiveTrafficPolicyMode"`

	// InboundExternalAuthorization defines a ruleset that, if enabled, will configure a remote external authorization endpoint
	// for all inbound and ingress traffic in the mesh.
	InboundExternalAuthorization ExternalAuthzSpec `json:"inboundExternalAuthorization,omitempty"`

	// NetworkInterfaceExclusionList defines a global list of network interface
	// names to exclude from inbound and outbound traffic interception by the
	// sidecar proxy.
	NetworkInterfaceExclusionList []string `json:"networkInterfaceExclusionList"`

	// HTTP1PerRequestLoadBalancing defines a boolean indicating if load balancing based on request is enabled for http1.
	HTTP1PerRequestLoadBalancing bool `json:"http1PerRequestLoadBalancing"`

	// HTTP1PerRequestLoadBalancing defines a boolean indicating if load balancing based on request is enabled for http2.
	HTTP2PerRequestLoadBalancing bool `json:"http2PerRequestLoadBalancing"`

	// ServiceAccessMode defines a string indicating service access mode.
	// +kubebuilder:default=mixed
	ServiceAccessMode ServiceAccessMode `json:"serviceAccessMode"`

	// +kubebuilder:default={mustWithServicePort: false, withTrustDomain: true}
	// +optional
	ServiceAccessNames *ServiceAccessNames `json:"serviceAccessNames,omitempty"`
}

TrafficSpec is the type used to represent FSM's traffic management configuration.

func (*TrafficSpec) DeepCopy

func (in *TrafficSpec) DeepCopy() *TrafficSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrafficSpec.

func (*TrafficSpec) DeepCopyInto

func (in *TrafficSpec) DeepCopyInto(out *TrafficSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TresorCASpec

type TresorCASpec struct {
	// SecretRef specifies the secret in which the root certificate is stored
	SecretRef corev1.SecretReference `json:"secretRef"`
}

TresorCASpec defines the configuration of Tresor's root certificate

func (*TresorCASpec) DeepCopy

func (in *TresorCASpec) DeepCopy() *TresorCASpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TresorCASpec.

func (*TresorCASpec) DeepCopyInto

func (in *TresorCASpec) DeepCopyInto(out *TresorCASpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TresorProviderSpec

type TresorProviderSpec struct {
	// CA specifies Tresor's ca configuration
	CA TresorCASpec `json:"ca"`
}

TresorProviderSpec defines the configuration of the Tresor provider

func (*TresorProviderSpec) DeepCopy

func (in *TresorProviderSpec) DeepCopy() *TresorProviderSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TresorProviderSpec.

func (*TresorProviderSpec) DeepCopyInto

func (in *TresorProviderSpec) DeepCopyInto(out *TresorProviderSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultProviderSpec

type VaultProviderSpec struct {
	// Host specifies the name of the Vault server
	Host string `json:"host"`

	// Port specifies the port of the Vault server
	Port int `json:"port"`

	// Role specifies the name of the role for use by mesh control plane
	Role string `json:"role"`

	// Protocol specifies the protocol for connections to Vault
	Protocol string `json:"protocol"`

	// Token specifies the configuration of the token to be used by mesh control plane
	// to connect to Vault
	Token VaultTokenSpec `json:"token"`
}

VaultProviderSpec defines the configuration of the Vault provider

func (*VaultProviderSpec) DeepCopy

func (in *VaultProviderSpec) DeepCopy() *VaultProviderSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultProviderSpec.

func (*VaultProviderSpec) DeepCopyInto

func (in *VaultProviderSpec) DeepCopyInto(out *VaultProviderSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VaultTokenSpec

type VaultTokenSpec struct {
	// SecretKeyRef specifies the secret in which the Vault token is stored
	SecretKeyRef SecretKeyReferenceSpec `json:"secretKeyRef"`
}

VaultTokenSpec defines the configuration of the Vault token

func (*VaultTokenSpec) DeepCopy

func (in *VaultTokenSpec) DeepCopy() *VaultTokenSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultTokenSpec.

func (*VaultTokenSpec) DeepCopyInto

func (in *VaultTokenSpec) DeepCopyInto(out *VaultTokenSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WildcardDN added in v1.2.0

type WildcardDN struct {
	// Enable defines a boolean indicating if wildcard are enabled for local DNS Proxy.
	Enable bool `json:"enable"`

	// LOs defines loopback addresses for resolve DN.
	LOs []*ResolveAddr `json:"los"`

	// IPs defines ip addresses for resolve DN.
	IPs []*ResolveAddr `json:"ips"`
}

WildcardDN is the type to represent FSM's Wildcard DN configuration.

func (*WildcardDN) DeepCopy added in v1.2.0

func (in *WildcardDN) DeepCopy() *WildcardDN

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WildcardDN.

func (*WildcardDN) DeepCopyInto added in v1.2.0

func (in *WildcardDN) DeepCopyInto(out *WildcardDN)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL