Documentation ¶
Overview ¶
Code generated by protoc-gen-deepcopy. DO NOT EDIT.
Code generated by protoc-gen-jsonshim. DO NOT EDIT.
Index ¶
- Variables
- type PolicyTargetReference
- func (in *PolicyTargetReference) DeepCopy() *PolicyTargetReference
- func (in *PolicyTargetReference) DeepCopyInterface() interface{}
- func (in *PolicyTargetReference) DeepCopyInto(out *PolicyTargetReference)
- func (*PolicyTargetReference) Descriptor() ([]byte, []int)deprecated
- func (x *PolicyTargetReference) GetGroup() string
- func (x *PolicyTargetReference) GetKind() string
- func (x *PolicyTargetReference) GetName() string
- func (x *PolicyTargetReference) GetNamespace() string
- func (this *PolicyTargetReference) MarshalJSON() ([]byte, error)
- func (*PolicyTargetReference) ProtoMessage()
- func (x *PolicyTargetReference) ProtoReflect() protoreflect.Message
- func (x *PolicyTargetReference) Reset()
- func (x *PolicyTargetReference) String() string
- func (this *PolicyTargetReference) UnmarshalJSON(b []byte) error
- type PortSelector
- func (in *PortSelector) DeepCopy() *PortSelector
- func (in *PortSelector) DeepCopyInterface() interface{}
- func (in *PortSelector) DeepCopyInto(out *PortSelector)
- func (*PortSelector) Descriptor() ([]byte, []int)deprecated
- func (x *PortSelector) GetNumber() uint32
- func (this *PortSelector) MarshalJSON() ([]byte, error)
- func (*PortSelector) ProtoMessage()
- func (x *PortSelector) ProtoReflect() protoreflect.Message
- func (x *PortSelector) Reset()
- func (x *PortSelector) String() string
- func (this *PortSelector) UnmarshalJSON(b []byte) error
- type WorkloadMode
- func (WorkloadMode) Descriptor() protoreflect.EnumDescriptor
- func (x WorkloadMode) Enum() *WorkloadMode
- func (WorkloadMode) EnumDescriptor() ([]byte, []int)deprecated
- func (x WorkloadMode) Number() protoreflect.EnumNumber
- func (x WorkloadMode) String() string
- func (WorkloadMode) Type() protoreflect.EnumType
- type WorkloadSelector
- func (in *WorkloadSelector) DeepCopy() *WorkloadSelector
- func (in *WorkloadSelector) DeepCopyInterface() interface{}
- func (in *WorkloadSelector) DeepCopyInto(out *WorkloadSelector)
- func (*WorkloadSelector) Descriptor() ([]byte, []int)deprecated
- func (x *WorkloadSelector) GetMatchLabels() map[string]string
- func (this *WorkloadSelector) MarshalJSON() ([]byte, error)
- func (*WorkloadSelector) ProtoMessage()
- func (x *WorkloadSelector) ProtoReflect() protoreflect.Message
- func (x *WorkloadSelector) Reset()
- func (x *WorkloadSelector) String() string
- func (this *WorkloadSelector) UnmarshalJSON(b []byte) error
Constants ¶
This section is empty.
Variables ¶
var ( WorkloadMode_name = map[int32]string{ 0: "UNDEFINED", 1: "CLIENT", 2: "SERVER", 3: "CLIENT_AND_SERVER", } WorkloadMode_value = map[string]int32{ "UNDEFINED": 0, "CLIENT": 1, "SERVER": 2, "CLIENT_AND_SERVER": 3, } )
Enum value maps for WorkloadMode.
var ( SelectorMarshaler = &jsonpb.Marshaler{} SelectorUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} )
var File_type_v1beta1_selector_proto protoreflect.FileDescriptor
Functions ¶
This section is empty.
Types ¶
type PolicyTargetReference ¶ added in v1.20.0
type PolicyTargetReference struct { // group is the group of the target resource. // +kubebuilder:validation:MaxLength=253 // +kubebuilder:validation:Pattern=`^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$` Group string `protobuf:"bytes,1,opt,name=group,proto3" json:"group,omitempty"` // kind is kind of the target resource. // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=63 // +kubebuilder:validation:Pattern=`^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$` Kind string `protobuf:"bytes,2,opt,name=kind,proto3" json:"kind,omitempty"` // name is the name of the target resource. // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=253 Name string `protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"` // namespace is the namespace of the referent. When unspecified, the local // namespace is inferred. // +kubebuilder:validation:XValidation:message="cross namespace referencing is not currently supported",rule="self.size() == 0" Namespace string `protobuf:"bytes,4,opt,name=namespace,proto3" json:"namespace,omitempty"` // contains filtered or unexported fields }
PolicyTargetReference format as defined by [GEP-2648](https://gateway-api.sigs.k8s.io/geps/gep-2648/#direct-policy-design-rules).
PolicyTargetReference specifies the targeted resource which the policy should be applied to. It must only target a single resource at a time, but it can be used to target larger resources such as Gateways that may apply to multiple child resources. The PolicyTargetReference will be used instead of a WorkloadSelector in the RequestAuthentication, AuthorizationPolicy, Telemetry, and WasmPlugin CRDs to target a Kubernetes Gateway.
The following is an example of an AuthorizationPolicy bound to a waypoint proxy using a PolicyTargetReference. The example sets `action` to `DENY` to create a deny policy. It denies all the requests with `POST` method on port `8080` directed through the `waypoint` Gateway in the `foo` namespace.
```yaml apiVersion: security.istio.io/v1 kind: AuthorizationPolicy metadata:
name: httpbin namespace: foo
spec:
targetRefs: - name: waypoint kind: Gateway group: gateway.networking.k8s.io action: DENY rules: - to: - operation: methods: ["POST"] ports: ["8080"]
``` +kubebuilder:validation:XValidation:message="Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway",rule="[self.group, self.kind] in [['core','Service'], [”,'Service'], ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]"
func (*PolicyTargetReference) DeepCopy ¶ added in v1.20.0
func (in *PolicyTargetReference) DeepCopy() *PolicyTargetReference
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyTargetReference. Required by controller-gen.
func (*PolicyTargetReference) DeepCopyInterface ¶ added in v1.20.0
func (in *PolicyTargetReference) DeepCopyInterface() interface{}
DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new PolicyTargetReference. Required by controller-gen.
func (*PolicyTargetReference) DeepCopyInto ¶ added in v1.20.0
func (in *PolicyTargetReference) DeepCopyInto(out *PolicyTargetReference)
DeepCopyInto supports using PolicyTargetReference within kubernetes types, where deepcopy-gen is used.
func (*PolicyTargetReference) Descriptor
deprecated
added in
v1.20.0
func (*PolicyTargetReference) Descriptor() ([]byte, []int)
Deprecated: Use PolicyTargetReference.ProtoReflect.Descriptor instead.
func (*PolicyTargetReference) GetGroup ¶ added in v1.20.0
func (x *PolicyTargetReference) GetGroup() string
func (*PolicyTargetReference) GetKind ¶ added in v1.20.0
func (x *PolicyTargetReference) GetKind() string
func (*PolicyTargetReference) GetName ¶ added in v1.20.0
func (x *PolicyTargetReference) GetName() string
func (*PolicyTargetReference) GetNamespace ¶ added in v1.20.0
func (x *PolicyTargetReference) GetNamespace() string
func (*PolicyTargetReference) MarshalJSON ¶ added in v1.20.0
func (this *PolicyTargetReference) MarshalJSON() ([]byte, error)
MarshalJSON is a custom marshaler for PolicyTargetReference
func (*PolicyTargetReference) ProtoMessage ¶ added in v1.20.0
func (*PolicyTargetReference) ProtoMessage()
func (*PolicyTargetReference) ProtoReflect ¶ added in v1.20.0
func (x *PolicyTargetReference) ProtoReflect() protoreflect.Message
func (*PolicyTargetReference) Reset ¶ added in v1.20.0
func (x *PolicyTargetReference) Reset()
func (*PolicyTargetReference) String ¶ added in v1.20.0
func (x *PolicyTargetReference) String() string
func (*PolicyTargetReference) UnmarshalJSON ¶ added in v1.20.0
func (this *PolicyTargetReference) UnmarshalJSON(b []byte) error
UnmarshalJSON is a custom unmarshaler for PolicyTargetReference
type PortSelector ¶
type PortSelector struct { // Port number // +kubebuilder:validation:Minimum=1 // +kubebuilder:validation:Maximum=65535 Number uint32 `protobuf:"varint,1,opt,name=number,proto3" json:"number,omitempty"` // contains filtered or unexported fields }
PortSelector is the criteria for specifying if a policy can be applied to a listener having a specific port.
func (*PortSelector) DeepCopy ¶
func (in *PortSelector) DeepCopy() *PortSelector
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PortSelector. Required by controller-gen.
func (*PortSelector) DeepCopyInterface ¶
func (in *PortSelector) DeepCopyInterface() interface{}
DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new PortSelector. Required by controller-gen.
func (*PortSelector) DeepCopyInto ¶
func (in *PortSelector) DeepCopyInto(out *PortSelector)
DeepCopyInto supports using PortSelector within kubernetes types, where deepcopy-gen is used.
func (*PortSelector) Descriptor
deprecated
func (*PortSelector) Descriptor() ([]byte, []int)
Deprecated: Use PortSelector.ProtoReflect.Descriptor instead.
func (*PortSelector) GetNumber ¶
func (x *PortSelector) GetNumber() uint32
func (*PortSelector) MarshalJSON ¶
func (this *PortSelector) MarshalJSON() ([]byte, error)
MarshalJSON is a custom marshaler for PortSelector
func (*PortSelector) ProtoMessage ¶
func (*PortSelector) ProtoMessage()
func (*PortSelector) ProtoReflect ¶
func (x *PortSelector) ProtoReflect() protoreflect.Message
func (*PortSelector) Reset ¶
func (x *PortSelector) Reset()
func (*PortSelector) String ¶
func (x *PortSelector) String() string
func (*PortSelector) UnmarshalJSON ¶
func (this *PortSelector) UnmarshalJSON(b []byte) error
UnmarshalJSON is a custom unmarshaler for PortSelector
type WorkloadMode ¶
type WorkloadMode int32
WorkloadMode allows selection of the role of the underlying workload in network traffic. A workload is considered as acting as a SERVER if it is the destination of the traffic (that is, traffic direction, from the perspective of the workload is *inbound*). If the workload is the source of the network traffic, it is considered to be in CLIENT mode (traffic is *outbound* from the workload).
const ( // Default value, which will be interpreted by its own usage. WorkloadMode_UNDEFINED WorkloadMode = 0 // Selects for scenarios when the workload is the // source of the network traffic. In addition, // if the workload is a gateway, selects this. WorkloadMode_CLIENT WorkloadMode = 1 // Selects for scenarios when the workload is the // destination of the network traffic. WorkloadMode_SERVER WorkloadMode = 2 // Selects for scenarios when the workload is either the // source or destination of the network traffic. WorkloadMode_CLIENT_AND_SERVER WorkloadMode = 3 )
func (WorkloadMode) Descriptor ¶
func (WorkloadMode) Descriptor() protoreflect.EnumDescriptor
func (WorkloadMode) Enum ¶
func (x WorkloadMode) Enum() *WorkloadMode
func (WorkloadMode) EnumDescriptor
deprecated
func (WorkloadMode) EnumDescriptor() ([]byte, []int)
Deprecated: Use WorkloadMode.Descriptor instead.
func (WorkloadMode) Number ¶
func (x WorkloadMode) Number() protoreflect.EnumNumber
func (WorkloadMode) String ¶
func (x WorkloadMode) String() string
func (WorkloadMode) Type ¶
func (WorkloadMode) Type() protoreflect.EnumType
type WorkloadSelector ¶
type WorkloadSelector struct { // One or more labels that indicate a specific set of pods/VMs // on which a policy should be applied. The scope of label search is restricted to // the configuration namespace in which the resource is present. // +kubebuilder:validation:XValidation:message="wildcard not allowed in label key match",rule="self.all(key, !key.contains('*'))" // +kubebuilder:validation:XValidation:message="key must not be empty",rule="self.all(key, key.size() != 0)" // +protoc-gen-crd:map-value-validation:XValidation:message="wildcard not allowed in label value match",rule="!self.contains('*')" // +protoc-gen-crd:map-value-validation:MaxLength=63 // +kubebuilder:validation:MaxProperties=4096 MatchLabels map[string]string `` /* 182-byte string literal not displayed */ // contains filtered or unexported fields }
WorkloadSelector specifies the criteria used to determine if a policy can be applied to a proxy. The matching criteria includes the metadata associated with a proxy, workload instance info such as labels attached to the pod/VM, or any other info that the proxy provides to Istio during the initial handshake. If multiple conditions are specified, all conditions need to match in order for the workload instance to be selected. Currently, only label based selection mechanism is supported.
func (*WorkloadSelector) DeepCopy ¶
func (in *WorkloadSelector) DeepCopy() *WorkloadSelector
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadSelector. Required by controller-gen.
func (*WorkloadSelector) DeepCopyInterface ¶
func (in *WorkloadSelector) DeepCopyInterface() interface{}
DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadSelector. Required by controller-gen.
func (*WorkloadSelector) DeepCopyInto ¶
func (in *WorkloadSelector) DeepCopyInto(out *WorkloadSelector)
DeepCopyInto supports using WorkloadSelector within kubernetes types, where deepcopy-gen is used.
func (*WorkloadSelector) Descriptor
deprecated
func (*WorkloadSelector) Descriptor() ([]byte, []int)
Deprecated: Use WorkloadSelector.ProtoReflect.Descriptor instead.
func (*WorkloadSelector) GetMatchLabels ¶
func (x *WorkloadSelector) GetMatchLabels() map[string]string
func (*WorkloadSelector) MarshalJSON ¶
func (this *WorkloadSelector) MarshalJSON() ([]byte, error)
MarshalJSON is a custom marshaler for WorkloadSelector
func (*WorkloadSelector) ProtoMessage ¶
func (*WorkloadSelector) ProtoMessage()
func (*WorkloadSelector) ProtoReflect ¶
func (x *WorkloadSelector) ProtoReflect() protoreflect.Message
func (*WorkloadSelector) Reset ¶
func (x *WorkloadSelector) Reset()
func (*WorkloadSelector) String ¶
func (x *WorkloadSelector) String() string
func (*WorkloadSelector) UnmarshalJSON ¶
func (this *WorkloadSelector) UnmarshalJSON(b []byte) error
UnmarshalJSON is a custom unmarshaler for WorkloadSelector