Documentation ¶
Overview ¶
Package has auto-generated kube type wrappers for raw types. +k8s:openapi-gen=true +k8s:deepcopy-gen=package
Index ¶
- Constants
- Variables
- type CaptureMode
- type ConnectionPoolSettings
- type ConnectionPoolSettings_HTTPSettings
- type ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy
- type ConnectionPoolSettings_TCPSettings
- type ConnectionPoolSettings_TCPSettings_TcpKeepalive
- type CorsPolicy
- type Destination
- type DestinationRule
- type DestinationRuleList
- type DestinationRuleSpec
- type Duration
- type EnvoyFilter
- type EnvoyFilterList
- type EnvoyFilterSpec
- type EnvoyFilter_ApplyTo
- type EnvoyFilter_DeprecatedListenerMatch
- type EnvoyFilter_DeprecatedListenerMatch_ListenerProtocol
- type EnvoyFilter_DeprecatedListenerMatch_ListenerType
- type EnvoyFilter_EnvoyConfigObjectMatch
- type EnvoyFilter_EnvoyConfigObjectPatch
- type EnvoyFilter_Filter
- type EnvoyFilter_Filter_FilterType
- type EnvoyFilter_InsertPosition
- type EnvoyFilter_InsertPosition_Index
- type EnvoyFilter_Patch
- type EnvoyFilter_PatchContext
- type EnvoyFilter_Patch_Operation
- type EnvoyFilter_ProxyMatch
- type Gateway
- type GatewayList
- type GatewaySpec
- type HTTPMatchRequest
- type HTTPRedirect
- type HTTPRetry
- type HTTPRewrite
- type HTTPRoute
- type HTTPRouteDestination
- type Headers
- type Headers_HeaderOperations
- type IstioEgressListener
- type IstioIngressListener
- type L4MatchAttributes
- type LoadBalancerSettings
- type LocalityLoadBalancerSetting
- type LocalityLoadBalancerSetting_Distribute
- type LocalityLoadBalancerSetting_Failover
- type OutboundTrafficPolicy
- type OutboundTrafficPolicy_Mode
- type OutlierDetection
- type Port
- type PortSelector
- type RouteDestination
- type Server
- type Server_TLSOptions
- type ServiceEntry
- type ServiceEntryList
- type ServiceEntrySpec
- type ServiceEntry_Endpoint
- type ServiceEntry_Location
- type ServiceEntry_Resolution
- type Sidecar
- type SidecarList
- type SidecarSpec
- type StringMatch
- type StringMatch_Exact
- type StringMatch_Prefix
- type StringMatch_Regex
- type Struct
- type Subset
- type TCPRoute
- type TLSMatchAttributes
- type TLSRoute
- type TLSSettings
- type TLSSettings_TLSmode
- type TrafficPolicy
- type TrafficPolicy_PortTrafficPolicy
- type Value
- type VirtualService
- type VirtualServiceList
- type VirtualServiceSpec
- type WorkloadSelector
Constants ¶
const (
// Package-wide consts from generator "register".
GroupName = "networking.istio.io"
)
Variables ¶
var ( // Package-wide variables from generator "register". SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha3"} )
Functions ¶
This section is empty.
Types ¶
type CaptureMode ¶
type CaptureMode int32
const ( // The default capture mode defined by the environment. CaptureMode_DEFAULT CaptureMode = 0 // Capture traffic using IPtables redirection. CaptureMode_IPTABLES CaptureMode = 1 // No traffic capture. When used in an egress listener, the application is // expected to explicitly communicate with the listener port or Unix // domain socket. When used in an ingress listener, care needs to be taken // to ensure that the listener port is not in use by other processes on // the host. CaptureMode_NONE CaptureMode = 2 )
type ConnectionPoolSettings ¶
type ConnectionPoolSettings struct { // Settings common to both HTTP and TCP upstream connections. Tcp *ConnectionPoolSettings_TCPSettings `protobuf:"bytes,1,opt,name=tcp,proto3" json:"tcp,omitempty"` // HTTP connection pool settings. Http *ConnectionPoolSettings_HTTPSettings `protobuf:"bytes,2,opt,name=http,proto3" json:"http,omitempty"` }
type ConnectionPoolSettings_HTTPSettings ¶
type ConnectionPoolSettings_HTTPSettings struct { // Maximum number of pending HTTP requests to a destination. Default 1024. Http1MaxPendingRequests int32 `` /* 135-byte string literal not displayed */ // Maximum number of requests to a backend. Default 1024. Http2MaxRequests int32 `protobuf:"varint,2,opt,name=http2_max_requests,json=http2MaxRequests,proto3" json:"http2_max_requests,omitempty"` // Maximum number of requests per connection to a backend. Setting this // parameter to 1 disables keep alive. Default 0, meaning "unlimited", // up to 2^29. MaxRequestsPerConnection int32 `` /* 138-byte string literal not displayed */ // Maximum number of retries that can be outstanding to all hosts in a // cluster at a given time. Defaults to 1024. MaxRetries int32 `protobuf:"varint,4,opt,name=max_retries,json=maxRetries,proto3" json:"max_retries,omitempty"` // The idle timeout for upstream connection pool connections. The idle timeout is defined as the period in which there are no active requests. // If not set, the default is 1 hour. When the idle timeout is reached the connection will be closed. // Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. Applies to both HTTP1.1 and HTTP2 connections. IdleTimeout *Duration `protobuf:"bytes,5,opt,name=idle_timeout,json=idleTimeout,proto3" json:"idle_timeout,omitempty"` // Specify if http1.1 connection should be upgraded to http2 for the associated destination. H2UpgradePolicy ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy `` /* 192-byte string literal not displayed */ }
type ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy ¶
type ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy int32
const ( // Use the global default. ConnectionPoolSettings_HTTPSettings_DEFAULT ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy = 0 // Do not upgrade the connection to http2. // This opt-out option overrides the default. ConnectionPoolSettings_HTTPSettings_DO_NOT_UPGRADE ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy = 1 // Upgrade the connection to http2. // This opt-in option overrides the default. ConnectionPoolSettings_HTTPSettings_UPGRADE ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy = 2 )
type ConnectionPoolSettings_TCPSettings ¶
type ConnectionPoolSettings_TCPSettings struct { // Maximum number of HTTP1 /TCP connections to a destination host. Default 1024. MaxConnections int32 `protobuf:"varint,1,opt,name=max_connections,json=maxConnections,proto3" json:"max_connections,omitempty"` // TCP connection timeout. ConnectTimeout *Duration `protobuf:"bytes,2,opt,name=connect_timeout,json=connectTimeout,proto3" json:"connect_timeout,omitempty"` // If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. TcpKeepalive *ConnectionPoolSettings_TCPSettings_TcpKeepalive `protobuf:"bytes,3,opt,name=tcp_keepalive,json=tcpKeepalive,proto3" json:"tcp_keepalive,omitempty"` }
type ConnectionPoolSettings_TCPSettings_TcpKeepalive ¶
type ConnectionPoolSettings_TCPSettings_TcpKeepalive struct { // Maximum number of keepalive probes to send without response before // deciding the connection is dead. Default is to use the OS level configuration // (unless overridden, Linux defaults to 9.) Probes uint32 `protobuf:"varint,1,opt,name=probes,proto3" json:"probes,omitempty"` // The time duration a connection needs to be idle before keep-alive // probes start being sent. Default is to use the OS level configuration // (unless overridden, Linux defaults to 7200s (ie 2 hours.) Time *Duration `protobuf:"bytes,2,opt,name=time,proto3" json:"time,omitempty"` // The time duration between keep-alive probes. // Default is to use the OS level configuration // (unless overridden, Linux defaults to 75s.) Interval *Duration `protobuf:"bytes,3,opt,name=interval,proto3" json:"interval,omitempty"` }
type CorsPolicy ¶
type CorsPolicy struct { // The list of origins that are allowed to perform CORS requests. The // content will be serialized into the Access-Control-Allow-Origin // header. Wildcard * will allow all origins. AllowOrigin []string `protobuf:"bytes,1,rep,name=allow_origin,json=allowOrigin,proto3" json:"allow_origin,omitempty"` // List of HTTP methods allowed to access the resource. The content will // be serialized into the Access-Control-Allow-Methods header. AllowMethods []string `protobuf:"bytes,2,rep,name=allow_methods,json=allowMethods,proto3" json:"allow_methods,omitempty"` // List of HTTP headers that can be used when requesting the // resource. Serialized to Access-Control-Allow-Headers header. AllowHeaders []string `protobuf:"bytes,3,rep,name=allow_headers,json=allowHeaders,proto3" json:"allow_headers,omitempty"` // A white list of HTTP headers that the browsers are allowed to // access. Serialized into Access-Control-Expose-Headers header. ExposeHeaders []string `protobuf:"bytes,4,rep,name=expose_headers,json=exposeHeaders,proto3" json:"expose_headers,omitempty"` // Specifies how long the results of a preflight request can be // cached. Translates to the `Access-Control-Max-Age` header. MaxAge *Duration `protobuf:"bytes,5,opt,name=max_age,json=maxAge,proto3" json:"max_age,omitempty"` // Indicates whether the caller is allowed to send the actual request // (not the preflight) using credentials. Translates to // `Access-Control-Allow-Credentials` header. AllowCredentials bool `protobuf:"bytes,6,opt,name=allow_credentials,json=allowCredentials,proto3" json:"allow_credentials,omitempty"` }
type Destination ¶
type Destination struct { Host string `protobuf:"bytes,1,opt,name=host,proto3" json:"host,omitempty"` Subset string `protobuf:"bytes,2,opt,name=subset,proto3" json:"subset,omitempty"` Port *PortSelector `protobuf:"bytes,3,opt,name=port,proto3" json:"port,omitempty"` }
type DestinationRule ¶
type DestinationRule struct { v1.TypeMeta `json:",inline"` // +optional v1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // Spec defines the implementation of this definition. // +optional Spec DestinationRuleSpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"` }
DestinationRule defines policies that apply to traffic intended for a service after routing has occurred.
<!-- go code generation tags +kubetype-gen +kubetype-gen:groupVersion=networking.istio.io/v1alpha3 +genclient +k8s:deepcopy-gen=true -->
type DestinationRuleList ¶
type DestinationRuleList struct { v1.TypeMeta `json:",inline"` // +optional v1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` Items []DestinationRule `json:"items" protobuf:"bytes,2,rep,name=items"` }
DestinationRuleList is a collection of DestinationRules.
type DestinationRuleSpec ¶
type DestinationRuleSpec struct { // The name of a service from the service registry. Service // names are looked up from the platform's service registry (e.g., // Kubernetes services, Consul services, etc.) and from the hosts // declared by [ServiceEntries](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry). Rules defined for // services that do not exist in the service registry will be ignored. // // *Note for Kubernetes users*: When short names are used (e.g. "reviews" // instead of "reviews.default.svc.cluster.local"), Istio will interpret // the short name based on the namespace of the rule, not the service. A // rule in the "default" namespace containing a host "reviews" will be // interpreted as "reviews.default.svc.cluster.local", irrespective of // the actual namespace associated with the reviews service. _To avoid // potential misconfigurations, it is recommended to always use fully // qualified domain names over short names._ // // Note that the host field applies to both HTTP and TCP services. Host string `protobuf:"bytes,1,opt,name=host,proto3" json:"host,omitempty"` // Traffic policies to apply (load balancing policy, connection pool // sizes, outlier detection). TrafficPolicy *TrafficPolicy `protobuf:"bytes,2,opt,name=traffic_policy,json=trafficPolicy,proto3" json:"traffic_policy,omitempty"` // One or more named sets that represent individual versions of a // service. Traffic policies can be overridden at subset level. Subsets []*Subset `protobuf:"bytes,3,rep,name=subsets,proto3" json:"subsets,omitempty"` // A list of namespaces to which this destination rule is exported. // The resolution of a destination rule to apply to a service occurs in the // context of a hierarchy of namespaces. Exporting a destination rule allows // it to be included in the resolution hierarchy for services in // other namespaces. This feature provides a mechanism for service owners // and mesh administrators to control the visibility of destination rules // across namespace boundaries. // // If no namespaces are specified then the destination rule is exported to all // namespaces by default. // // The value "." is reserved and defines an export to the same namespace that // the destination rule is declared in. Similarly, the value "*" is reserved and // defines an export to all namespaces. // // NOTE: in the current release, the `exportTo` value is restricted to // "." or "*" (i.e., the current namespace or all namespaces). ExportTo []string `protobuf:"bytes,4,rep,name=export_to,json=exportTo,proto3" json:"export_to,omitempty"` }
zk
type Duration ¶
type Duration struct { // Signed seconds of the span of time. Must be from -315,576,000,000 // to +315,576,000,000 inclusive. Note: these bounds are computed from: // 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years Seconds int64 `protobuf:"varint,1,opt,name=seconds,proto3" json:"seconds,omitempty"` // Signed fractions of a second at nanosecond resolution of the span // of time. Durations less than one second are represented with a 0 // `seconds` field and a positive or negative `nanos` field. For durations // of one second or more, a non-zero value for the `nanos` field must be // of the same sign as the `seconds` field. Must be from -999,999,999 // to +999,999,999 inclusive. Nanos int32 `protobuf:"varint,2,opt,name=nanos,proto3" json:"nanos,omitempty"` }
type EnvoyFilter ¶
type EnvoyFilter struct { v1.TypeMeta `json:",inline"` // +optional v1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // Spec defines the implementation of this definition. // +optional Spec EnvoyFilterSpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"` }
EnvoyFilter provides a mechanism to customize the Envoy configuration generated by Istio Pilot.
<!-- go code generation tags +kubetype-gen +kubetype-gen:groupVersion=networking.istio.io/v1alpha3 +genclient +k8s:deepcopy-gen=true -->
type EnvoyFilterList ¶
type EnvoyFilterList struct { v1.TypeMeta `json:",inline"` // +optional v1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` Items []EnvoyFilter `json:"items" protobuf:"bytes,2,rep,name=items"` }
EnvoyFilterList is a collection of EnvoyFilters.
type EnvoyFilterSpec ¶
type EnvoyFilterSpec struct { // Deprecated. Use workload_selector instead. // $hide_from_docs WorkloadLabels map[string]string `` // Deprecated: Do not use. /* 191-byte string literal not displayed */ // $hide_from_docs Filters []*EnvoyFilter_Filter `protobuf:"bytes,2,rep,name=filters,proto3" json:"filters,omitempty"` // Deprecated: Do not use. WorkloadSelector *WorkloadSelector `protobuf:"bytes,3,opt,name=workload_selector,json=workloadSelector,proto3" json:"workload_selector,omitempty"` // One or more patches with match conditions. ConfigPatches []*EnvoyFilter_EnvoyConfigObjectPatch `protobuf:"bytes,4,rep,name=config_patches,json=configPatches,proto3" json:"config_patches,omitempty"` }
type EnvoyFilter_ApplyTo ¶
type EnvoyFilter_ApplyTo int32
const ( EnvoyFilter_INVALID EnvoyFilter_ApplyTo = 0 // Applies the patch to the listener. EnvoyFilter_LISTENER EnvoyFilter_ApplyTo = 1 // Applies the patch to the filter chain. EnvoyFilter_FILTER_CHAIN EnvoyFilter_ApplyTo = 2 // Applies the patch to the network filter chain, to modify an // existing filter or add a new filter. EnvoyFilter_NETWORK_FILTER EnvoyFilter_ApplyTo = 3 // Applies the patch to the HTTP filter chain in the http // connection manager, to modify an existing filter or add a new // filter. EnvoyFilter_HTTP_FILTER EnvoyFilter_ApplyTo = 4 // Applies the patch to the Route configuration (rds output) // inside a HTTP connection manager. This does not apply to the // virtual host. Currently, only MERGE operation is allowed on the // route configuration objects. EnvoyFilter_ROUTE_CONFIGURATION EnvoyFilter_ApplyTo = 5 // Applies the patch to a virtual host inside a route configuration. EnvoyFilter_VIRTUAL_HOST EnvoyFilter_ApplyTo = 6 // Applies the patch to a route object inside the matched virtual // host in a route configuration. Currently, only MERGE operation // is allowed on the route objects. EnvoyFilter_HTTP_ROUTE EnvoyFilter_ApplyTo = 7 // Applies the patch to a cluster in a CDS output. Also used to add new clusters. EnvoyFilter_CLUSTER EnvoyFilter_ApplyTo = 8 )
type EnvoyFilter_DeprecatedListenerMatch ¶
type EnvoyFilter_DeprecatedListenerMatch struct { // The service port/gateway port to which traffic is being // sent/received. If not specified, matches all listeners. Even though // inbound listeners are generated for the instance/pod ports, only // service ports should be used to match listeners. PortNumber uint32 `protobuf:"varint,1,opt,name=port_number,json=portNumber,proto3" json:"port_number,omitempty"` // Instead of using specific port numbers, a set of ports matching a // given port name prefix can be selected. E.g., "mongo" selects ports // named mongo-port, mongo, mongoDB, MONGO, etc. Matching is case // insensitive. PortNamePrefix string `protobuf:"bytes,2,opt,name=port_name_prefix,json=portNamePrefix,proto3" json:"port_name_prefix,omitempty"` // Inbound vs outbound sidecar listener or gateway listener. If not specified, // matches all listeners. ListenerType EnvoyFilter_DeprecatedListenerMatch_ListenerType `` /* 178-byte string literal not displayed */ // Selects a class of listeners for the same protocol. Use the protocol // selection to select all HTTP listeners (includes HTTP2/gRPC/HTTPS // where Envoy terminates TLS) or all TCP listeners (includes HTTPS // passthrough using SNI). When adding a HTTP filter, the listenerProtocol // should be set to HTTP. ListenerProtocol EnvoyFilter_DeprecatedListenerMatch_ListenerProtocol `` /* 194-byte string literal not displayed */ // One or more IP addresses to which the listener is bound. If // specified, should match at least one address in the list. Address []string `protobuf:"bytes,5,rep,name=address,proto3" json:"address,omitempty"` }
type EnvoyFilter_DeprecatedListenerMatch_ListenerProtocol ¶
type EnvoyFilter_DeprecatedListenerMatch_ListenerProtocol int32
const ( // All protocols EnvoyFilter_DeprecatedListenerMatch_ALL EnvoyFilter_DeprecatedListenerMatch_ListenerProtocol = 0 // HTTP or HTTPS (with termination) / HTTP2/gRPC EnvoyFilter_DeprecatedListenerMatch_HTTP EnvoyFilter_DeprecatedListenerMatch_ListenerProtocol = 1 // Any non-HTTP listener EnvoyFilter_DeprecatedListenerMatch_TCP EnvoyFilter_DeprecatedListenerMatch_ListenerProtocol = 2 )
type EnvoyFilter_DeprecatedListenerMatch_ListenerType ¶
type EnvoyFilter_DeprecatedListenerMatch_ListenerType int32
const ( // All listeners EnvoyFilter_DeprecatedListenerMatch_ANY EnvoyFilter_DeprecatedListenerMatch_ListenerType = 0 // Inbound listener in sidecar EnvoyFilter_DeprecatedListenerMatch_SIDECAR_INBOUND EnvoyFilter_DeprecatedListenerMatch_ListenerType = 1 // Outbound listener in sidecar EnvoyFilter_DeprecatedListenerMatch_SIDECAR_OUTBOUND EnvoyFilter_DeprecatedListenerMatch_ListenerType = 2 // Gateway listener EnvoyFilter_DeprecatedListenerMatch_GATEWAY EnvoyFilter_DeprecatedListenerMatch_ListenerType = 3 )
type EnvoyFilter_EnvoyConfigObjectMatch ¶
type EnvoyFilter_EnvoyConfigObjectMatch struct { // The specific config generation context to match on. Istio Pilot // generates envoy configuration in the context of a gateway, // inbound traffic to sidecar and outbound traffic from sidecar. Context EnvoyFilter_PatchContext `protobuf:"varint,1,opt,name=context,proto3,enum=istio.networking.v1alpha3.EnvoyFilter_PatchContext" json:"context,omitempty"` // Match on properties associated with a proxy. Proxy *EnvoyFilter_ProxyMatch `protobuf:"bytes,2,opt,name=proxy,proto3" json:"proxy,omitempty"` // Types that are valid to be assigned to ObjectTypes: // *EnvoyFilter_EnvoyConfigObjectMatch_Listener // *EnvoyFilter_EnvoyConfigObjectMatch_RouteConfiguration // *EnvoyFilter_EnvoyConfigObjectMatch_Cluster ObjectTypes isEnvoyFilter_EnvoyConfigObjectMatch_ObjectTypes `protobuf_oneof:"object_types"` }
type EnvoyFilter_EnvoyConfigObjectPatch ¶
type EnvoyFilter_EnvoyConfigObjectPatch struct { ApplyTo EnvoyFilter_ApplyTo `` /* 134-byte string literal not displayed */ // Match on listener/route configuration/cluster. Match *EnvoyFilter_EnvoyConfigObjectMatch `protobuf:"bytes,2,opt,name=match,proto3" json:"match,omitempty"` // The patch to apply along with the operation. Patch *EnvoyFilter_Patch `protobuf:"bytes,3,opt,name=patch,proto3" json:"patch,omitempty"` }
type EnvoyFilter_Filter ¶
type EnvoyFilter_Filter struct { ListenerMatch *EnvoyFilter_DeprecatedListenerMatch `protobuf:"bytes,1,opt,name=listener_match,json=listenerMatch,proto3" json:"listener_match,omitempty"` // Insert position in the filter chain. Defaults to FIRST InsertPosition *EnvoyFilter_InsertPosition `protobuf:"bytes,2,opt,name=insert_position,json=insertPosition,proto3" json:"insert_position,omitempty"` // The type of filter to instantiate. FilterType EnvoyFilter_Filter_FilterType `` /* 153-byte string literal not displayed */ // The name of the filter to instantiate. The name must match a supported // filter _compiled into_ Envoy. FilterName string `protobuf:"bytes,4,opt,name=filter_name,json=filterName,proto3" json:"filter_name,omitempty"` // Filter specific configuration which depends on the filter being // instantiated. FilterConfig *types.Struct `protobuf:"bytes,5,opt,name=filter_config,json=filterConfig,proto3" json:"filter_config,omitempty"` }
type EnvoyFilter_Filter_FilterType ¶
type EnvoyFilter_Filter_FilterType int32
const ( // placeholder EnvoyFilter_Filter_INVALID EnvoyFilter_Filter_FilterType = 0 // Http filter EnvoyFilter_Filter_HTTP EnvoyFilter_Filter_FilterType = 1 // Network filter EnvoyFilter_Filter_NETWORK EnvoyFilter_Filter_FilterType = 2 )
type EnvoyFilter_InsertPosition ¶
type EnvoyFilter_InsertPosition struct { // Position of this filter in the filter chain. Index EnvoyFilter_InsertPosition_Index `` /* 128-byte string literal not displayed */ // If BEFORE or AFTER position is specified, specify the name of the // filter relative to which this filter should be inserted. RelativeTo string `protobuf:"bytes,2,opt,name=relative_to,json=relativeTo,proto3" json:"relative_to,omitempty"` }
type EnvoyFilter_InsertPosition_Index ¶
type EnvoyFilter_InsertPosition_Index int32
const ( // Insert first EnvoyFilter_InsertPosition_FIRST EnvoyFilter_InsertPosition_Index = 0 // Insert last EnvoyFilter_InsertPosition_LAST EnvoyFilter_InsertPosition_Index = 1 // Insert before the named filter. EnvoyFilter_InsertPosition_BEFORE EnvoyFilter_InsertPosition_Index = 2 // Insert after the named filter. EnvoyFilter_InsertPosition_AFTER EnvoyFilter_InsertPosition_Index = 3 )
type EnvoyFilter_Patch ¶
type EnvoyFilter_Patch struct { // Determines how the patch should be applied. Operation EnvoyFilter_Patch_Operation `` /* 131-byte string literal not displayed */ // The JSON config of the object being patched. This will be merged using // json merge semantics with the existing proto in the path. Value *Struct `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"` }
type EnvoyFilter_PatchContext ¶
type EnvoyFilter_PatchContext int32
const ( // All listeners/routes/clusters in both sidecars and gateways. EnvoyFilter_ANY EnvoyFilter_PatchContext = 0 // Inbound listener/route/cluster in sidecar. EnvoyFilter_SIDECAR_INBOUND EnvoyFilter_PatchContext = 1 // Outbound listener/route/cluster in sidecar. EnvoyFilter_SIDECAR_OUTBOUND EnvoyFilter_PatchContext = 2 // Gateway listener/route/cluster. EnvoyFilter_GATEWAY EnvoyFilter_PatchContext = 3 )
type EnvoyFilter_Patch_Operation ¶
type EnvoyFilter_Patch_Operation int32
const ( EnvoyFilter_Patch_INVALID EnvoyFilter_Patch_Operation = 0 // Merge the provided config with the generated config using // json merge semantics. EnvoyFilter_Patch_MERGE EnvoyFilter_Patch_Operation = 1 // Add the provided config to an existing list (of listeners, // clusters, virtual hosts, network filters, or http // filters). This operation will be ignored when applyTo is set // to ROUTE_CONFIGURATION, or HTTP_ROUTE. EnvoyFilter_Patch_ADD EnvoyFilter_Patch_Operation = 2 // Remove the selected object from the list (of listeners, // clusters, virtual hosts, network filters, or http // filters). Does not require a value to be specified. This // operation will be ignored when applyTo is set to // ROUTE_CONFIGURATION, or HTTP_ROUTE. EnvoyFilter_Patch_REMOVE EnvoyFilter_Patch_Operation = 3 // Insert operation on an array of named objects. This operation // is typically useful only in the context of filters, where the // order of filters matter. For clusters and virtual hosts, // order of the element in the array does not matter. Insert // before the selected filter or sub filter. If no filter is // selected, the specified filter will be inserted at the front // of the list. EnvoyFilter_Patch_INSERT_BEFORE EnvoyFilter_Patch_Operation = 4 // Insert operation on an array of named objects. This operation // is typically useful only in the context of filters, where the // order of filters matter. For clusters and virtual hosts, // order of the element in the array does not matter. Insert // after the selected filter or sub filter. If no filter is // selected, the specified filter will be inserted at the end // of the list. EnvoyFilter_Patch_INSERT_AFTER EnvoyFilter_Patch_Operation = 5 )
type EnvoyFilter_ProxyMatch ¶
type Gateway ¶
type Gateway struct { v1.TypeMeta `json:",inline"` // +optional v1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // Spec defines the implementation of this definition. // +optional Spec GatewaySpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"` }
Gateway describes a load balancer operating at the edge of the mesh receiving incoming or outgoing HTTP/TCP connections.
<!-- go code generation tags +kubetype-gen +kubetype-gen:groupVersion=networking.istio.io/v1alpha3 +genclient +k8s:deepcopy-gen=true -->
type GatewayList ¶
type GatewayList struct { v1.TypeMeta `json:",inline"` // +optional v1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` Items []Gateway `json:"items" protobuf:"bytes,2,rep,name=items"` }
GatewayList is a collection of Gateways.
type GatewaySpec ¶
type GatewaySpec struct { // A list of server specifications. Servers []*Server `protobuf:"bytes,1,rep,name=servers,proto3" json:"servers,omitempty"` // One or more labels that indicate a specific set of pods/VMs // on which this gateway configuration should be applied. The scope of // label search is restricted to the configuration namespace in which the // the resource is present. In other words, the Gateway resource must // reside in the same namespace as the gateway workload instance. Selector map[string]string `` /* 157-byte string literal not displayed */ }
type HTTPMatchRequest ¶
type HTTPMatchRequest struct { Name string `protobuf:"bytes,11,opt,name=name,proto3" json:"name,omitempty"` Uri *StringMatch `protobuf:"bytes,1,opt,name=uri,proto3" json:"uri,omitempty"` Scheme *StringMatch `protobuf:"bytes,2,opt,name=scheme,proto3" json:"scheme,omitempty"` Method *StringMatch `protobuf:"bytes,3,opt,name=method,proto3" json:"method,omitempty"` Authority *StringMatch `protobuf:"bytes,4,opt,name=authority,proto3" json:"authority,omitempty"` Headers map[string]*StringMatch `` /* 155-byte string literal not displayed */ Port uint32 `protobuf:"varint,6,opt,name=port,proto3" json:"port,omitempty"` SourceLabels map[string]string `` /* 185-byte string literal not displayed */ // $hide_from_docs Gateways []string `protobuf:"bytes,8,rep,name=gateways,proto3" json:"gateways,omitempty"` QueryParams map[string]*StringMatch `` /* 182-byte string literal not displayed */ IgnoreUriCase bool `protobuf:"varint,10,opt,name=ignore_uri_case,json=ignoreUriCase,proto3" json:"ignore_uri_case,omitempty"` }
type HTTPRedirect ¶
type HTTPRedirect struct { // On a redirect, overwrite the Path portion of the URL with this // value. Note that the entire path will be replaced, irrespective of the // request URI being matched as an exact path or prefix. Uri string `protobuf:"bytes,1,opt,name=uri,proto3" json:"uri,omitempty"` // On a redirect, overwrite the Authority/Host portion of the URL with // this value. Authority string `protobuf:"bytes,2,opt,name=authority,proto3" json:"authority,omitempty"` // On a redirect, Specifies the HTTP status code to use in the redirect // response. The default response code is MOVED_PERMANENTLY (301). RedirectCode uint32 `protobuf:"varint,3,opt,name=redirect_code,json=redirectCode,proto3" json:"redirect_code,omitempty"` }
type HTTPRetry ¶
type HTTPRetry struct { Attempts int32 `protobuf:"varint,1,opt,name=attempts,proto3" json:"attempts,omitempty"` PerTryTimeout *Duration `protobuf:"bytes,2,opt,name=per_try_timeout,json=perTryTimeout,proto3" json:"per_try_timeout,omitempty"` RetryOn string `protobuf:"bytes,3,opt,name=retry_on,json=retryOn,proto3" json:"retry_on,omitempty"` }
type HTTPRewrite ¶
type HTTPRewrite struct { // rewrite the path (or the prefix) portion of the URI with this // value. If the original URI was matched based on prefix, the value // provided in this field will replace the corresponding matched prefix. Uri string `protobuf:"bytes,1,opt,name=uri,proto3" json:"uri,omitempty"` // rewrite the Authority/Host header with this value. Authority string `protobuf:"bytes,2,opt,name=authority,proto3" json:"authority,omitempty"` }
type HTTPRoute ¶
type HTTPRoute struct { // The name assigned to the route for debugging purposes. The // route's name will be concatenated with the match's name and will // be logged in the access logs for requests matching this // route/match. Name string `protobuf:"bytes,17,opt,name=name,proto3" json:"name,omitempty"` // Match conditions to be satisfied for the rule to be // activated. All conditions inside a single match block have AND // semantics, while the list of match blocks have OR semantics. The rule // is matched if any one of the match blocks succeed. Match []*HTTPMatchRequest `protobuf:"bytes,1,rep,name=match,proto3" json:"match,omitempty"` // A http rule can either redirect or forward (default) traffic. The // forwarding target can be one of several versions of a service (see // glossary in beginning of document). Weights associated with the // service version determine the proportion of traffic it receives. Route []*HTTPRouteDestination `protobuf:"bytes,2,rep,name=route,proto3" json:"route,omitempty"` // A http rule can either redirect or forward (default) traffic. If // traffic passthrough option is specified in the rule, // route/redirect will be ignored. The redirect primitive can be used to // send a HTTP 301 redirect to a different URI or Authority. Redirect *HTTPRedirect `protobuf:"bytes,3,opt,name=redirect,proto3" json:"redirect,omitempty"` // Rewrite HTTP URIs and Authority headers. Rewrite cannot be used with // Redirect primitive. Rewrite will be performed before forwarding. Rewrite *HTTPRewrite `protobuf:"bytes,4,opt,name=rewrite,proto3" json:"rewrite,omitempty"` // Deprecated. Websocket upgrades are done automatically starting from Istio 1.0. // $hide_from_docs WebsocketUpgrade bool `protobuf:"varint,5,opt,name=websocket_upgrade,json=websocketUpgrade,proto3" json:"websocket_upgrade,omitempty"` // Timeout for HTTP requests. Timeout *Duration `protobuf:"bytes,6,opt,name=timeout,proto3" json:"timeout,omitempty"` // Retry policy for HTTP requests. Retries *HTTPRetry `protobuf:"bytes,7,opt,name=retries,proto3" json:"retries,omitempty"` // Fault injection policy to apply on HTTP traffic at the client side. // Note that timeouts or retries will not be enabled when faults are // enabled on the client side. //zk unnecessary //Fault *HTTPFaultInjection `protobuf:"bytes,8,opt,name=fault,proto3" json:"fault,omitempty"` // Mirror HTTP traffic to a another destination in addition to forwarding // the requests to the intended destination. Mirrored traffic is on a // best effort basis where the sidecar/gateway will not wait for the // mirrored cluster to respond before returning the response from the // original destination. Statistics will be generated for the mirrored // destination. Mirror *Destination `protobuf:"bytes,9,opt,name=mirror,proto3" json:"mirror,omitempty"` // Percentage of the traffic to be mirrored by the `mirror` field. // If this field is absent, all the traffic (100%) will be mirrored. // Max value is 100. MirrorPercent *uint32 `protobuf:"bytes,18,opt,name=mirror_percent,json=mirrorPercent,proto3" json:"mirror_percent,omitempty"` // Cross-Origin Resource Sharing policy (CORS). Refer to // [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) // for further details about cross origin resource sharing. CorsPolicy *CorsPolicy `protobuf:"bytes,10,opt,name=cors_policy,json=corsPolicy,proto3" json:"cors_policy,omitempty"` // $hide_from_docs AppendHeaders map[string]string `` // Deprecated: Do not use. /* 189-byte string literal not displayed */ // $hide_from_docs RemoveResponseHeaders []string `` // Deprecated: Do not use. /* 127-byte string literal not displayed */ // $hide_from_docs AppendResponseHeaders map[string]string `` // Deprecated: Do not use. /* 215-byte string literal not displayed */ // $hide_from_docs RemoveRequestHeaders []string `protobuf:"bytes,14,rep,name=remove_request_headers,json=removeRequestHeaders,proto3" json:"remove_request_headers,omitempty"` // Deprecated: Do not use. // $hide_from_docs AppendRequestHeaders map[string]string `` // Deprecated: Do not use. /* 212-byte string literal not displayed */ // Header manipulation rules Headers *Headers `protobuf:"bytes,16,opt,name=headers,proto3" json:"headers,omitempty"` }
type HTTPRouteDestination ¶
type HTTPRouteDestination struct { // Destination uniquely identifies the instances of a service // to which the request/connection should be forwarded to. Destination *Destination `protobuf:"bytes,1,opt,name=destination,proto3" json:"destination,omitempty"` // The proportion of traffic to be forwarded to the service // version. (0-100). Sum of weights across destinations SHOULD BE == 100. // If there is only one destination in a rule, the weight value is assumed to // be 100. Weight int32 `protobuf:"varint,2,opt,name=weight,proto3" json:"weight,omitempty"` // Use of `remove_response_header` is deprecated. Use the `headers` // field instead. RemoveResponseHeaders []string `` // Deprecated: Do not use. /* 126-byte string literal not displayed */ // Use of `append_response_headers` is deprecated. Use the `headers` // field instead. AppendResponseHeaders map[string]string `` // Deprecated: Do not use. /* 214-byte string literal not displayed */ // Use of `remove_request_headers` is deprecated. Use the `headers` // field instead. RemoveRequestHeaders []string `protobuf:"bytes,5,rep,name=remove_request_headers,json=removeRequestHeaders,proto3" json:"remove_request_headers,omitempty"` // Deprecated: Do not use. // Use of `append_request_headers` is deprecated. Use the `headers` // field instead. AppendRequestHeaders map[string]string `` // Deprecated: Do not use. /* 211-byte string literal not displayed */ // Header manipulation rules Headers *Headers `protobuf:"bytes,7,opt,name=headers,proto3" json:"headers,omitempty"` }
type Headers ¶
type Headers struct { Request *Headers_HeaderOperations `protobuf:"bytes,1,opt,name=request,proto3" json:"request,omitempty"` Response *Headers_HeaderOperations `protobuf:"bytes,2,opt,name=response,proto3" json:"response,omitempty"` }
type IstioEgressListener ¶
type IstioEgressListener struct { Port *Port `protobuf:"bytes,1,opt,name=port,proto3" json:"port,omitempty"` Bind string `protobuf:"bytes,2,opt,name=bind,proto3" json:"bind,omitempty"` CaptureMode CaptureMode `` /* 138-byte string literal not displayed */ Hosts []string `protobuf:"bytes,4,rep,name=hosts,proto3" json:"hosts,omitempty"` }
type IstioIngressListener ¶
type IstioIngressListener struct { // The port associated with the listener. Port *Port `protobuf:"bytes,1,opt,name=port,proto3" json:"port,omitempty"` // The IP to which the listener should be bound. Must be in the // format `x.x.x.x`. Unix domain socket addresses are not allowed in // the bind field for ingress listeners. If omitted, Istio will // automatically configure the defaults based on imported services // and the workload instances to which this configuration is applied // to. Bind string `protobuf:"bytes,2,opt,name=bind,proto3" json:"bind,omitempty"` // The captureMode option dictates how traffic to the listener is // expected to be captured (or not). CaptureMode CaptureMode `` /* 138-byte string literal not displayed */ // The loopback IP endpoint or Unix domain socket to which // traffic should be forwarded to. This configuration can be used to // redirect traffic arriving at the bind `IP:Port` on the sidecar to a `localhost:port` // or Unix domain socket where the application workload instance is listening for // connections. Format should be `127.0.0.1:PORT` or `unix:///path/to/socket` DefaultEndpoint string `protobuf:"bytes,4,opt,name=default_endpoint,json=defaultEndpoint,proto3" json:"default_endpoint,omitempty"` }
type L4MatchAttributes ¶
type L4MatchAttributes struct { DestinationSubnets []string `protobuf:"bytes,1,rep,name=destination_subnets,json=destinationSubnets,proto3" json:"destination_subnets,omitempty"` Port uint32 `protobuf:"varint,2,opt,name=port,proto3" json:"port,omitempty"` SourceSubnet string `protobuf:"bytes,3,opt,name=source_subnet,json=sourceSubnet,proto3" json:"source_subnet,omitempty"` SourceLabels map[string]string `` /* 185-byte string literal not displayed */ Gateways []string `protobuf:"bytes,5,rep,name=gateways,proto3" json:"gateways,omitempty"` }
type LoadBalancerSettings ¶
type LoadBalancerSettings struct { // Upstream load balancing policy. // // Types that are valid to be assigned to LbPolicy: // *LoadBalancerSettings_Simple // *LoadBalancerSettings_ConsistentHash //zk todo //LbPolicy isLoadBalancerSettings_LbPolicy `protobuf_oneof:"lb_policy"` // Locality load balancer settings, this will override mesh wide settings in entirety, meaning no merging would be performed // between this object and the object one in MeshConfig LocalityLbSetting *LocalityLoadBalancerSetting `protobuf:"bytes,3,opt,name=locality_lb_setting,json=localityLbSetting,proto3" json:"locality_lb_setting,omitempty"` }
type LocalityLoadBalancerSetting ¶
type LocalityLoadBalancerSetting struct { // Optional: only one of distribute or failover can be set. // Explicitly specify loadbalancing weight across different zones and geographical locations. // Refer to [Locality weighted load balancing](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/locality_weight) // If empty, the locality weight is set according to the endpoints number within it. Distribute []*LocalityLoadBalancerSetting_Distribute `protobuf:"bytes,1,rep,name=distribute,proto3" json:"distribute,omitempty"` // Optional: only failover or distribute can be set. // Explicitly specify the region traffic will land on when endpoints in local region becomes unhealthy. // Should be used together with OutlierDetection to detect unhealthy endpoints. // Note: if no OutlierDetection specified, this will not take effect. Failover []*LocalityLoadBalancerSetting_Failover `protobuf:"bytes,2,rep,name=failover,proto3" json:"failover,omitempty"` }
type LocalityLoadBalancerSetting_Distribute ¶
type LocalityLoadBalancerSetting_Distribute struct { // Originating locality, '/' separated, e.g. 'region/zone/sub_zone'. From string `protobuf:"bytes,1,opt,name=from,proto3" json:"from,omitempty"` // Map of upstream localities to traffic distribution weights. The sum of // all weights should be == 100. Any locality not assigned a weight will // receive no traffic. To map[string]uint32 `` /* 146-byte string literal not displayed */ }
type LocalityLoadBalancerSetting_Failover ¶
type LocalityLoadBalancerSetting_Failover struct { // Originating region. From string `protobuf:"bytes,1,opt,name=from,proto3" json:"from,omitempty"` // Destination region the traffic will fail over to when endpoints in // the 'from' region becomes unhealthy. To string `protobuf:"bytes,2,opt,name=to,proto3" json:"to,omitempty"` }
type OutboundTrafficPolicy ¶
type OutboundTrafficPolicy struct {
Mode OutboundTrafficPolicy_Mode `protobuf:"varint,1,opt,name=mode,proto3,enum=istio.networking.v1alpha3.OutboundTrafficPolicy_Mode" json:"mode,omitempty"`
}
type OutboundTrafficPolicy_Mode ¶
type OutboundTrafficPolicy_Mode int32
const ( // Outbound traffic will be restricted to services defined in the // service registry as well as those defined through `ServiceEntry` configurations. OutboundTrafficPolicy_REGISTRY_ONLY OutboundTrafficPolicy_Mode = 0 // Outbound traffic to unknown destinations will be allowed, in case // there are no services or `ServiceEntry` configurations for the destination port. OutboundTrafficPolicy_ALLOW_ANY OutboundTrafficPolicy_Mode = 1 )
type OutlierDetection ¶
type OutlierDetection struct { // Number of errors before a host is ejected from the connection // pool. Defaults to 5. When the upstream host is accessed over HTTP, a // 502, 503, or 504 return code qualifies as an error. When the upstream host // is accessed over an opaque TCP connection, connect timeouts and // connection error/failure events qualify as an error. ConsecutiveErrors int32 `protobuf:"varint,1,opt,name=consecutive_errors,json=consecutiveErrors,proto3" json:"consecutive_errors,omitempty"` // Time interval between ejection sweep analysis. format: // 1h/1m/1s/1ms. MUST BE >=1ms. Default is 10s. Interval *Duration `protobuf:"bytes,2,opt,name=interval,proto3" json:"interval,omitempty"` // Minimum ejection duration. A host will remain ejected for a period // equal to the product of minimum ejection duration and the number of // times the host has been ejected. This technique allows the system to // automatically increase the ejection period for unhealthy upstream // servers. format: 1h/1m/1s/1ms. MUST BE >=1ms. Default is 30s. BaseEjectionTime *Duration `protobuf:"bytes,3,opt,name=base_ejection_time,json=baseEjectionTime,proto3" json:"base_ejection_time,omitempty"` // Maximum % of hosts in the load balancing pool for the upstream // service that can be ejected. Defaults to 10%. MaxEjectionPercent int32 `protobuf:"varint,4,opt,name=max_ejection_percent,json=maxEjectionPercent,proto3" json:"max_ejection_percent,omitempty"` // Outlier detection will be enabled as long as the associated load balancing // pool has at least min_health_percent hosts in healthy mode. When the // percentage of healthy hosts in the load balancing pool drops below this // threshold, outlier detection will be disabled and the proxy will load balance // across all hosts in the pool (healthy and unhealthy). The threshold can be // disabled by setting it to 0%. The default is 0% as it's not typically // applicable in k8s environments with few pods per service. MinHealthPercent int32 `protobuf:"varint,5,opt,name=min_health_percent,json=minHealthPercent,proto3" json:"min_health_percent,omitempty"` }
type Port ¶
type Port struct { // A valid non-negative integer port number. Number uint32 `protobuf:"varint,1,opt,name=number,proto3" json:"number,omitempty"` // The protocol exposed on the port. // MUST BE one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TLS. // TLS implies the connection will be routed based on the SNI header to // the destination without terminating the TLS connection. Protocol string `protobuf:"bytes,2,opt,name=protocol,proto3" json:"protocol,omitempty"` // Label assigned to the port. Name string `protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"` }
type PortSelector ¶
type PortSelector struct { // Valid port number Number uint32 `protobuf:"varint,1,opt,name=number,proto3" json:"number,omitempty"` }
type RouteDestination ¶
type RouteDestination struct { Destination *Destination `protobuf:"bytes,1,opt,name=destination,proto3" json:"destination,omitempty"` Weight int32 `protobuf:"varint,2,opt,name=weight,proto3" json:"weight,omitempty"` }
type Server ¶
type Server struct { Port *Port `protobuf:"bytes,1,opt,name=port,proto3" json:"port,omitempty"` Bind string `protobuf:"bytes,4,opt,name=bind,proto3" json:"bind,omitempty"` Hosts []string `protobuf:"bytes,2,rep,name=hosts,proto3" json:"hosts,omitempty"` Tls *Server_TLSOptions `protobuf:"bytes,3,opt,name=tls,proto3" json:"tls,omitempty"` DefaultEndpoint string `protobuf:"bytes,5,opt,name=default_endpoint,json=defaultEndpoint,proto3" json:"default_endpoint,omitempty"` }
type Server_TLSOptions ¶
type Server_TLSOptions struct { HttpsRedirect bool `json:"https_redirect,omitempty"` Mode string `json:"mode,omitempty"` ServerCertificate string `json:"server_certificate,omitempty"` PrivateKey string `json:"private_key,omitempty"` CaCertificates string `json:"ca_certificates,omitempty"` SubjectAltNames []string `json:"subject_alt_names,omitempty"` }
type ServiceEntry ¶
type ServiceEntry struct { v1.TypeMeta `json:",inline"` // +optional v1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // Spec defines the implementation of this definition. // +optional Spec ServiceEntrySpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"` }
ServiceEntry enables adding additional entries into Istio's internal service registry.
<!-- go code generation tags +kubetype-gen +kubetype-gen:groupVersion=networking.istio.io/v1alpha3 +genclient +k8s:deepcopy-gen=true -->
type ServiceEntryList ¶
type ServiceEntryList struct { v1.TypeMeta `json:",inline"` // +optional v1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` Items []ServiceEntry `json:"items" protobuf:"bytes,2,rep,name=items"` }
ServiceEntryList is a collection of ServiceEntries.
type ServiceEntrySpec ¶
type ServiceEntrySpec struct { Hosts []string `protobuf:"bytes,1,rep,name=hosts,proto3" json:"hosts,omitempty"` Addresses []string `protobuf:"bytes,2,rep,name=addresses,proto3" json:"addresses,omitempty"` // The ports associated with the external service. If the // Endpoints are Unix domain socket addresses, there must be exactly one // port. Ports []*Port `protobuf:"bytes,3,rep,name=ports,proto3" json:"ports,omitempty"` // Specify whether the service should be considered external to the mesh // or part of the mesh. Location ServiceEntry_Location `protobuf:"varint,4,opt,name=location,proto3,enum=istio.networking.v1alpha3.ServiceEntry_Location" json:"location,omitempty"` Resolution ServiceEntry_Resolution `` /* 129-byte string literal not displayed */ // One or more endpoints associated with the service. Endpoints []*ServiceEntry_Endpoint `protobuf:"bytes,6,rep,name=endpoints,proto3" json:"endpoints,omitempty"` ExportTo []string `protobuf:"bytes,7,rep,name=export_to,json=exportTo,proto3" json:"export_to,omitempty"` SubjectAltNames []string `protobuf:"bytes,8,rep,name=subject_alt_names,json=subjectAltNames,proto3" json:"subject_alt_names,omitempty"` }
type ServiceEntry_Endpoint ¶
type ServiceEntry_Endpoint struct { Address string `protobuf:"bytes,1,opt,name=address,proto3" json:"address,omitempty"` Ports map[string]uint32 `` /* 152-byte string literal not displayed */ // One or more labels associated with the endpoint. Labels map[string]string `` /* 153-byte string literal not displayed */ Network string `protobuf:"bytes,4,opt,name=network,proto3" json:"network,omitempty"` Locality string `protobuf:"bytes,5,opt,name=locality,proto3" json:"locality,omitempty"` Weight uint32 `protobuf:"varint,6,opt,name=weight,proto3" json:"weight,omitempty"` }
type ServiceEntry_Location ¶
type ServiceEntry_Location int32
const ( // Signifies that the service is external to the mesh. Typically used // to indicate external services consumed through APIs. ServiceEntry_MESH_EXTERNAL ServiceEntry_Location = 0 // Signifies that the service is part of the mesh. Typically used to // indicate services added explicitly as part of expanding the service // mesh to include unmanaged infrastructure (e.g., VMs added to a // Kubernetes based service mesh). ServiceEntry_MESH_INTERNAL ServiceEntry_Location = 1 )
type ServiceEntry_Resolution ¶
type ServiceEntry_Resolution int32
const ( ServiceEntry_NONE ServiceEntry_Resolution = 0 // Use the static IP addresses specified in endpoints (see below) as the // backing instances associated with the service. ServiceEntry_STATIC ServiceEntry_Resolution = 1 ServiceEntry_DNS ServiceEntry_Resolution = 2 )
type Sidecar ¶
type Sidecar struct { v1.TypeMeta `json:",inline"` // +optional v1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // Spec defines the implementation of this definition. // +optional //zk Spec SidecarSpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"` }
`Sidecar` describes the configuration of the sidecar proxy that mediates inbound and outbound communication of the workload instance to which it is attached.
<!-- go code generation tags +kubetype-gen +kubetype-gen:groupVersion=networking.istio.io/v1alpha3 +genclient +k8s:deepcopy-gen=true -->
type SidecarList ¶
type SidecarList struct { v1.TypeMeta `json:",inline"` // +optional v1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` Items []Sidecar `json:"items" protobuf:"bytes,2,rep,name=items"` }
SidecarList is a collection of Sidecars.
type SidecarSpec ¶
type SidecarSpec struct { // Criteria used to select the specific set of pods/VMs on which this // `Sidecar` configuration should be applied. If omitted, the `Sidecar` // configuration will be applied to all workload instances in the same namespace. WorkloadSelector *WorkloadSelector `protobuf:"bytes,1,opt,name=workload_selector,json=workloadSelector,proto3" json:"workload_selector,omitempty"` // Ingress specifies the configuration of the sidecar for processing // inbound traffic to the attached workload instance. If omitted, Istio will // automatically configure the sidecar based on the information about the workload // obtained from the orchestration platform (e.g., exposed ports, services, // etc.). If specified, inbound ports are configured if and only if the // workload instance is associated with a service. Ingress []*IstioIngressListener `protobuf:"bytes,2,rep,name=ingress,proto3" json:"ingress,omitempty"` // Egress specifies the configuration of the sidecar for processing // outbound traffic from the attached workload instance to other services in the // mesh. Egress []*IstioEgressListener `protobuf:"bytes,3,rep,name=egress,proto3" json:"egress,omitempty"` // This allows to configure the outbound traffic policy. // If your application uses one or more external // services that are not known apriori, setting the policy to `ALLOW_ANY` // will cause the sidecars to route any unknown traffic originating from // the application to its requested destination. OutboundTrafficPolicy *OutboundTrafficPolicy `` /* 126-byte string literal not displayed */ }
type StringMatch ¶
type StringMatch struct {
MatchType isStringMatch_MatchType `protobuf_oneof:"match_type"`
}
type StringMatch_Exact ¶
type StringMatch_Exact struct {
Exact string `protobuf:"bytes,1,opt,name=exact,proto3,oneof"`
}
type StringMatch_Prefix ¶
type StringMatch_Prefix struct {
Prefix string `protobuf:"bytes,2,opt,name=prefix,proto3,oneof"`
}
type StringMatch_Regex ¶
type StringMatch_Regex struct {
Regex string `protobuf:"bytes,3,opt,name=regex,proto3,oneof"`
}
type Subset ¶
type Subset struct { // Name of the subset. The service name and the subset name can // be used for traffic splitting in a route rule. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // Labels apply a filter over the endpoints of a service in the // service registry. See route rules for examples of usage. Labels map[string]string `` /* 153-byte string literal not displayed */ // Traffic policies that apply to this subset. Subsets inherit the // traffic policies specified at the DestinationRule level. Settings // specified at the subset level will override the corresponding settings // specified at the DestinationRule level. TrafficPolicy *TrafficPolicy `protobuf:"bytes,3,opt,name=traffic_policy,json=trafficPolicy,proto3" json:"traffic_policy,omitempty"` }
type TCPRoute ¶
type TCPRoute struct { Match []*L4MatchAttributes `protobuf:"bytes,1,rep,name=match,proto3" json:"match,omitempty"` // The destination to which the connection should be forwarded to. Route []*RouteDestination `protobuf:"bytes,2,rep,name=route,proto3" json:"route,omitempty"` }
type TLSMatchAttributes ¶
type TLSMatchAttributes struct { // SNI (server name indicator) to match on. Wildcard prefixes // can be used in the SNI value, e.g., *.com will match foo.example.com // as well as example.com. An SNI value must be a subset (i.e., fall // within the domain) of the corresponding virtual serivce's hosts. SniHosts []string `protobuf:"bytes,1,rep,name=sni_hosts,json=sniHosts,proto3" json:"sni_hosts,omitempty"` // IPv4 or IPv6 ip addresses of destination with optional subnet. E.g., // a.b.c.d/xx form or just a.b.c.d. DestinationSubnets []string `protobuf:"bytes,2,rep,name=destination_subnets,json=destinationSubnets,proto3" json:"destination_subnets,omitempty"` // Specifies the port on the host that is being addressed. Many services // only expose a single port or label ports with the protocols they // support, in these cases it is not required to explicitly select the // port. Port uint32 `protobuf:"varint,3,opt,name=port,proto3" json:"port,omitempty"` // IPv4 or IPv6 ip address of source with optional subnet. E.g., a.b.c.d/xx // form or just a.b.c.d // $hide_from_docs SourceSubnet string `protobuf:"bytes,4,opt,name=source_subnet,json=sourceSubnet,proto3" json:"source_subnet,omitempty"` // One or more labels that constrain the applicability of a rule to // workloads with the given labels. If the VirtualService has a list of // gateways specified at the top, it should include the reserved gateway // `mesh` in order for this field to be applicable. SourceLabels map[string]string `` /* 185-byte string literal not displayed */ // Names of gateways where the rule should be applied to. Gateway names // at the top of the VirtualService (if any) are overridden. The gateway // match is independent of sourceLabels. Gateways []string `protobuf:"bytes,6,rep,name=gateways,proto3" json:"gateways,omitempty"` }
type TLSRoute ¶
type TLSRoute struct { // Match conditions to be satisfied for the rule to be // activated. All conditions inside a single match block have AND // semantics, while the list of match blocks have OR semantics. The rule // is matched if any one of the match blocks succeed. Match []*TLSMatchAttributes `protobuf:"bytes,1,rep,name=match,proto3" json:"match,omitempty"` // The destination to which the connection should be forwarded to. Route []*RouteDestination `protobuf:"bytes,2,rep,name=route,proto3" json:"route,omitempty"` }
type TLSSettings ¶
type TLSSettings struct { // Indicates whether connections to this port should be secured // using TLS. The value of this field determines how TLS is enforced. Mode TLSSettings_TLSmode `protobuf:"varint,1,opt,name=mode,proto3,enum=istio.networking.v1alpha3.TLSSettings_TLSmode" json:"mode,omitempty"` // REQUIRED if mode is `MUTUAL`. The path to the file holding the // client-side TLS certificate to use. // Should be empty if mode is `ISTIO_MUTUAL`. ClientCertificate string `protobuf:"bytes,2,opt,name=client_certificate,json=clientCertificate,proto3" json:"client_certificate,omitempty"` // REQUIRED if mode is `MUTUAL`. The path to the file holding the // client's private key. // Should be empty if mode is `ISTIO_MUTUAL`. PrivateKey string `protobuf:"bytes,3,opt,name=private_key,json=privateKey,proto3" json:"private_key,omitempty"` // OPTIONAL: The path to the file containing certificate authority // certificates to use in verifying a presented server certificate. If // omitted, the proxy will not verify the server's certificate. // Should be empty if mode is `ISTIO_MUTUAL`. CaCertificates string `protobuf:"bytes,4,opt,name=ca_certificates,json=caCertificates,proto3" json:"ca_certificates,omitempty"` // A list of alternate names to verify the subject identity in the // certificate. If specified, the proxy will verify that the server // certificate's subject alt name matches one of the specified values. // If specified, this list overrides the value of subject_alt_names // from the ServiceEntry. SubjectAltNames []string `protobuf:"bytes,5,rep,name=subject_alt_names,json=subjectAltNames,proto3" json:"subject_alt_names,omitempty"` // SNI string to present to the server during TLS handshake. Sni string `protobuf:"bytes,6,opt,name=sni,proto3" json:"sni,omitempty"` }
type TLSSettings_TLSmode ¶
type TLSSettings_TLSmode int32
const ( // Do not setup a TLS connection to the upstream endpoint. TLSSettings_DISABLE TLSSettings_TLSmode = 0 // Originate a TLS connection to the upstream endpoint. TLSSettings_SIMPLE TLSSettings_TLSmode = 1 // Secure connections to the upstream using mutual TLS by presenting // client certificates for authentication. TLSSettings_MUTUAL TLSSettings_TLSmode = 2 // Secure connections to the upstream using mutual TLS by presenting // client certificates for authentication. // Compared to Mutual mode, this mode uses certificates generated // automatically by Istio for mTLS authentication. When this mode is // used, all other fields in `TLSSettings` should be empty. TLSSettings_ISTIO_MUTUAL TLSSettings_TLSmode = 3 )
type TrafficPolicy ¶
type TrafficPolicy struct { // Settings controlling the load balancer algorithms. LoadBalancer *LoadBalancerSettings `protobuf:"bytes,1,opt,name=load_balancer,json=loadBalancer,proto3" json:"load_balancer,omitempty"` // Settings controlling the volume of connections to an upstream service ConnectionPool *ConnectionPoolSettings `protobuf:"bytes,2,opt,name=connection_pool,json=connectionPool,proto3" json:"connection_pool,omitempty"` // Settings controlling eviction of unhealthy hosts from the load balancing pool OutlierDetection *OutlierDetection `protobuf:"bytes,3,opt,name=outlier_detection,json=outlierDetection,proto3" json:"outlier_detection,omitempty"` // TLS related settings for connections to the upstream service. Tls *TLSSettings `protobuf:"bytes,4,opt,name=tls,proto3" json:"tls,omitempty"` // Traffic policies specific to individual ports. Note that port level // settings will override the destination-level settings. Traffic // settings specified at the destination-level will not be inherited when // overridden by port-level settings, i.e. default values will be applied // to fields omitted in port-level traffic policies. PortLevelSettings []*TrafficPolicy_PortTrafficPolicy `protobuf:"bytes,5,rep,name=port_level_settings,json=portLevelSettings,proto3" json:"port_level_settings,omitempty"` }
type TrafficPolicy_PortTrafficPolicy ¶
type TrafficPolicy_PortTrafficPolicy struct { // Specifies the number of a port on the destination service // on which this policy is being applied. // Port *PortSelector `protobuf:"bytes,1,opt,name=port,proto3" json:"port,omitempty"` // Settings controlling the load balancer algorithms. LoadBalancer *LoadBalancerSettings `protobuf:"bytes,2,opt,name=load_balancer,json=loadBalancer,proto3" json:"load_balancer,omitempty"` // Settings controlling the volume of connections to an upstream service ConnectionPool *ConnectionPoolSettings `protobuf:"bytes,3,opt,name=connection_pool,json=connectionPool,proto3" json:"connection_pool,omitempty"` // Settings controlling eviction of unhealthy hosts from the load balancing pool OutlierDetection *OutlierDetection `protobuf:"bytes,4,opt,name=outlier_detection,json=outlierDetection,proto3" json:"outlier_detection,omitempty"` // TLS related settings for connections to the upstream service. Tls *TLSSettings `protobuf:"bytes,5,opt,name=tls,proto3" json:"tls,omitempty"` }
type VirtualService ¶
type VirtualService struct { v1.TypeMeta `json:",inline"` // +optional v1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` // Spec defines the implementation of this definition. // +optional Spec VirtualServiceSpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"` }
Configuration affecting traffic routing.
<!-- go code generation tags +kubetype-gen +kubetype-gen:groupVersion=networking.istio.io/v1alpha3 +genclient +k8s:deepcopy-gen=true -->
type VirtualServiceList ¶
type VirtualServiceList struct { v1.TypeMeta `json:",inline"` // +optional v1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` Items []VirtualService `json:"items" protobuf:"bytes,2,rep,name=items"` }
VirtualServiceList is a collection of VirtualServices.
type VirtualServiceSpec ¶
type VirtualServiceSpec struct { Hosts []string `protobuf:"bytes,1,rep,name=hosts,proto3" json:"hosts,omitempty"` Gateways []string `protobuf:"bytes,2,rep,name=gateways,proto3" json:"gateways,omitempty"` Http []*HTTPRoute `protobuf:"bytes,3,rep,name=http,proto3" json:"http,omitempty"` Tls []*TLSRoute `protobuf:"bytes,5,rep,name=tls,proto3" json:"tls,omitempty"` Tcp []*TCPRoute `protobuf:"bytes,4,rep,name=tcp,proto3" json:"tcp,omitempty"` ExportTo []string `protobuf:"bytes,6,rep,name=export_to,json=exportTo,proto3" json:"export_to,omitempty"` }