v1beta1

package
v1.24.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 6, 2024 License: Apache-2.0 Imports: 8 Imported by: 61

Documentation

Overview

Code generated by protoc-gen-deepcopy. DO NOT EDIT.

Code generated by protoc-gen-jsonshim. DO NOT EDIT.

Index

Constants

This section is empty.

Variables

View Source
var (
	WorkloadMode_name = map[int32]string{
		0: "UNDEFINED",
		1: "CLIENT",
		2: "SERVER",
		3: "CLIENT_AND_SERVER",
	}
	WorkloadMode_value = map[string]int32{
		"UNDEFINED":         0,
		"CLIENT":            1,
		"SERVER":            2,
		"CLIENT_AND_SERVER": 3,
	}
)

Enum value maps for WorkloadMode.

View Source
var (
	SelectorMarshaler   = &jsonpb.Marshaler{}
	SelectorUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true}
)
View Source
var File_type_v1beta1_selector_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type PolicyTargetReference added in v1.20.0

type PolicyTargetReference struct {

	// group is the group of the target resource.
	// +kubebuilder:validation:MaxLength=253
	// +kubebuilder:validation:Pattern=`^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$`
	Group string `protobuf:"bytes,1,opt,name=group,proto3" json:"group,omitempty"`
	// kind is kind of the target resource.
	// +kubebuilder:validation:MinLength=1
	// +kubebuilder:validation:MaxLength=63
	// +kubebuilder:validation:Pattern=`^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$`
	Kind string `protobuf:"bytes,2,opt,name=kind,proto3" json:"kind,omitempty"`
	// name is the name of the target resource.
	// +kubebuilder:validation:MinLength=1
	// +kubebuilder:validation:MaxLength=253
	Name string `protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"`
	// namespace is the namespace of the referent. When unspecified, the local
	// namespace is inferred.
	// +kubebuilder:validation:XValidation:message="cross namespace referencing is not currently supported",rule="self.size() == 0"
	Namespace string `protobuf:"bytes,4,opt,name=namespace,proto3" json:"namespace,omitempty"`
	// contains filtered or unexported fields
}

PolicyTargetReference format as defined by [GEP-2648](https://gateway-api.sigs.k8s.io/geps/gep-2648/#direct-policy-design-rules).

PolicyTargetReference specifies the targeted resource which the policy should be applied to. It must only target a single resource at a time, but it can be used to target larger resources such as Gateways that may apply to multiple child resources. The PolicyTargetReference will be used instead of a WorkloadSelector in the RequestAuthentication, AuthorizationPolicy, Telemetry, and WasmPlugin CRDs to target a Kubernetes Gateway.

The following is an example of an AuthorizationPolicy bound to a waypoint proxy using a PolicyTargetReference. The example sets `action` to `DENY` to create a deny policy. It denies all the requests with `POST` method on port `8080` directed through the `waypoint` Gateway in the `foo` namespace.

```yaml apiVersion: security.istio.io/v1 kind: AuthorizationPolicy metadata:

name: httpbin
namespace: foo

spec:

targetRefs:
- name: waypoint
  kind: Gateway
  group: gateway.networking.k8s.io
action: DENY
rules:
- to:
  - operation:
      methods: ["POST"]
      ports: ["8080"]

``` +kubebuilder:validation:XValidation:message="Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway",rule="[self.group, self.kind] in [['core','Service'], [”,'Service'], ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"

func (*PolicyTargetReference) DeepCopy added in v1.20.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyTargetReference. Required by controller-gen.

func (*PolicyTargetReference) DeepCopyInterface added in v1.20.0

func (in *PolicyTargetReference) DeepCopyInterface() interface{}

DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new PolicyTargetReference. Required by controller-gen.

func (*PolicyTargetReference) DeepCopyInto added in v1.20.0

func (in *PolicyTargetReference) DeepCopyInto(out *PolicyTargetReference)

DeepCopyInto supports using PolicyTargetReference within kubernetes types, where deepcopy-gen is used.

func (*PolicyTargetReference) Descriptor deprecated added in v1.20.0

func (*PolicyTargetReference) Descriptor() ([]byte, []int)

Deprecated: Use PolicyTargetReference.ProtoReflect.Descriptor instead.

func (*PolicyTargetReference) GetGroup added in v1.20.0

func (x *PolicyTargetReference) GetGroup() string

func (*PolicyTargetReference) GetKind added in v1.20.0

func (x *PolicyTargetReference) GetKind() string

func (*PolicyTargetReference) GetName added in v1.20.0

func (x *PolicyTargetReference) GetName() string

func (*PolicyTargetReference) GetNamespace added in v1.20.0

func (x *PolicyTargetReference) GetNamespace() string

func (*PolicyTargetReference) MarshalJSON added in v1.20.0

func (this *PolicyTargetReference) MarshalJSON() ([]byte, error)

MarshalJSON is a custom marshaler for PolicyTargetReference

func (*PolicyTargetReference) ProtoMessage added in v1.20.0

func (*PolicyTargetReference) ProtoMessage()

func (*PolicyTargetReference) ProtoReflect added in v1.20.0

func (x *PolicyTargetReference) ProtoReflect() protoreflect.Message

func (*PolicyTargetReference) Reset added in v1.20.0

func (x *PolicyTargetReference) Reset()

func (*PolicyTargetReference) String added in v1.20.0

func (x *PolicyTargetReference) String() string

func (*PolicyTargetReference) UnmarshalJSON added in v1.20.0

func (this *PolicyTargetReference) UnmarshalJSON(b []byte) error

UnmarshalJSON is a custom unmarshaler for PolicyTargetReference

type PortSelector

type PortSelector struct {

	// Port number
	// +kubebuilder:validation:Minimum=1
	// +kubebuilder:validation:Maximum=65535
	Number uint32 `protobuf:"varint,1,opt,name=number,proto3" json:"number,omitempty"`
	// contains filtered or unexported fields
}

PortSelector is the criteria for specifying if a policy can be applied to a listener having a specific port.

func (*PortSelector) DeepCopy

func (in *PortSelector) DeepCopy() *PortSelector

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PortSelector. Required by controller-gen.

func (*PortSelector) DeepCopyInterface

func (in *PortSelector) DeepCopyInterface() interface{}

DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new PortSelector. Required by controller-gen.

func (*PortSelector) DeepCopyInto

func (in *PortSelector) DeepCopyInto(out *PortSelector)

DeepCopyInto supports using PortSelector within kubernetes types, where deepcopy-gen is used.

func (*PortSelector) Descriptor deprecated

func (*PortSelector) Descriptor() ([]byte, []int)

Deprecated: Use PortSelector.ProtoReflect.Descriptor instead.

func (*PortSelector) GetNumber

func (x *PortSelector) GetNumber() uint32

func (*PortSelector) MarshalJSON

func (this *PortSelector) MarshalJSON() ([]byte, error)

MarshalJSON is a custom marshaler for PortSelector

func (*PortSelector) ProtoMessage

func (*PortSelector) ProtoMessage()

func (*PortSelector) ProtoReflect

func (x *PortSelector) ProtoReflect() protoreflect.Message

func (*PortSelector) Reset

func (x *PortSelector) Reset()

func (*PortSelector) String

func (x *PortSelector) String() string

func (*PortSelector) UnmarshalJSON

func (this *PortSelector) UnmarshalJSON(b []byte) error

UnmarshalJSON is a custom unmarshaler for PortSelector

type WorkloadMode

type WorkloadMode int32

WorkloadMode allows selection of the role of the underlying workload in network traffic. A workload is considered as acting as a SERVER if it is the destination of the traffic (that is, traffic direction, from the perspective of the workload is *inbound*). If the workload is the source of the network traffic, it is considered to be in CLIENT mode (traffic is *outbound* from the workload).

const (
	// Default value, which will be interpreted by its own usage.
	WorkloadMode_UNDEFINED WorkloadMode = 0
	// Selects for scenarios when the workload is the
	// source of the network traffic. In addition,
	// if the workload is a gateway, selects this.
	WorkloadMode_CLIENT WorkloadMode = 1
	// Selects for scenarios when the workload is the
	// destination of the network traffic.
	WorkloadMode_SERVER WorkloadMode = 2
	// Selects for scenarios when the workload is either the
	// source or destination of the network traffic.
	WorkloadMode_CLIENT_AND_SERVER WorkloadMode = 3
)

func (WorkloadMode) Descriptor

func (WorkloadMode) Enum

func (x WorkloadMode) Enum() *WorkloadMode

func (WorkloadMode) EnumDescriptor deprecated

func (WorkloadMode) EnumDescriptor() ([]byte, []int)

Deprecated: Use WorkloadMode.Descriptor instead.

func (WorkloadMode) Number

func (WorkloadMode) String

func (x WorkloadMode) String() string

func (WorkloadMode) Type

type WorkloadSelector

type WorkloadSelector struct {

	// One or more labels that indicate a specific set of pods/VMs
	// on which a policy should be applied. The scope of label search is restricted to
	// the configuration namespace in which the resource is present.
	// +kubebuilder:validation:XValidation:message="wildcard not allowed in label key match",rule="self.all(key, !key.contains('*'))"
	// +kubebuilder:validation:XValidation:message="key must not be empty",rule="self.all(key, key.size() != 0)"
	// +protoc-gen-crd:map-value-validation:XValidation:message="wildcard not allowed in label value match",rule="!self.contains('*')"
	// +protoc-gen-crd:map-value-validation:MaxLength=63
	// +kubebuilder:validation:MaxProperties=4096
	MatchLabels map[string]string `` /* 182-byte string literal not displayed */
	// contains filtered or unexported fields
}

WorkloadSelector specifies the criteria used to determine if a policy can be applied to a proxy. The matching criteria includes the metadata associated with a proxy, workload instance info such as labels attached to the pod/VM, or any other info that the proxy provides to Istio during the initial handshake. If multiple conditions are specified, all conditions need to match in order for the workload instance to be selected. Currently, only label based selection mechanism is supported.

func (*WorkloadSelector) DeepCopy

func (in *WorkloadSelector) DeepCopy() *WorkloadSelector

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadSelector. Required by controller-gen.

func (*WorkloadSelector) DeepCopyInterface

func (in *WorkloadSelector) DeepCopyInterface() interface{}

DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadSelector. Required by controller-gen.

func (*WorkloadSelector) DeepCopyInto

func (in *WorkloadSelector) DeepCopyInto(out *WorkloadSelector)

DeepCopyInto supports using WorkloadSelector within kubernetes types, where deepcopy-gen is used.

func (*WorkloadSelector) Descriptor deprecated

func (*WorkloadSelector) Descriptor() ([]byte, []int)

Deprecated: Use WorkloadSelector.ProtoReflect.Descriptor instead.

func (*WorkloadSelector) GetMatchLabels

func (x *WorkloadSelector) GetMatchLabels() map[string]string

func (*WorkloadSelector) MarshalJSON

func (this *WorkloadSelector) MarshalJSON() ([]byte, error)

MarshalJSON is a custom marshaler for WorkloadSelector

func (*WorkloadSelector) ProtoMessage

func (*WorkloadSelector) ProtoMessage()

func (*WorkloadSelector) ProtoReflect

func (x *WorkloadSelector) ProtoReflect() protoreflect.Message

func (*WorkloadSelector) Reset

func (x *WorkloadSelector) Reset()

func (*WorkloadSelector) String

func (x *WorkloadSelector) String() string

func (*WorkloadSelector) UnmarshalJSON

func (this *WorkloadSelector) UnmarshalJSON(b []byte) error

UnmarshalJSON is a custom unmarshaler for WorkloadSelector

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL