github.com/looshlee/beatles@v0.0.0-20220727174639-742810ab631c/test/k8sT/manifests/istio-crds.yaml (about) 1 --- 2 # Source: istio-init/templates/serviceaccount.yaml 3 apiVersion: v1 4 kind: ServiceAccount 5 metadata: 6 name: istio-init-service-account 7 namespace: istio-system 8 labels: 9 app: istio-init 10 istio: init 11 --- 12 # Source: istio-init/templates/configmap-crd-10.yaml 13 apiVersion: v1 14 kind: ConfigMap 15 metadata: 16 namespace: istio-system 17 name: istio-crd-10 18 data: 19 crd-10.yaml: |- 20 apiVersion: apiextensions.k8s.io/v1beta1 21 kind: CustomResourceDefinition 22 metadata: 23 annotations: 24 "helm.sh/resource-policy": keep 25 labels: 26 app: mixer 27 chart: istio 28 heritage: Tiller 29 istio: core 30 package: istio.io.mixer 31 release: istio 32 name: attributemanifests.config.istio.io 33 spec: 34 group: config.istio.io 35 names: 36 categories: 37 - istio-io 38 - policy-istio-io 39 kind: attributemanifest 40 plural: attributemanifests 41 singular: attributemanifest 42 scope: Namespaced 43 subresources: 44 status: {} 45 validation: 46 openAPIV3Schema: 47 properties: 48 spec: 49 description: 'Describes the rules used to configure Mixer''s policy and 50 telemetry features. See more details at: https://istio.io/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html' 51 properties: 52 attributes: 53 additionalProperties: 54 properties: 55 description: 56 description: A human-readable description of the attribute's purpose. 57 format: string 58 type: string 59 valueType: 60 description: The type of data carried by this attribute. 61 enum: 62 - VALUE_TYPE_UNSPECIFIED 63 - STRING 64 - INT64 65 - DOUBLE 66 - BOOL 67 - TIMESTAMP 68 - IP_ADDRESS 69 - EMAIL_ADDRESS 70 - URI 71 - DNS_NAME 72 - DURATION 73 - STRING_MAP 74 type: string 75 type: object 76 description: The set of attributes this Istio component will be responsible 77 for producing at runtime. 78 type: object 79 name: 80 description: Name of the component producing these attributes. 81 format: string 82 type: string 83 revision: 84 description: The revision of this document. 85 format: string 86 type: string 87 type: object 88 type: object 89 versions: 90 - name: v1alpha2 91 served: true 92 storage: true 93 94 --- 95 apiVersion: apiextensions.k8s.io/v1beta1 96 kind: CustomResourceDefinition 97 metadata: 98 annotations: 99 "helm.sh/resource-policy": keep 100 labels: 101 app: istio-pilot 102 heritage: Tiller 103 istio: rbac 104 release: istio 105 name: clusterrbacconfigs.rbac.istio.io 106 spec: 107 group: rbac.istio.io 108 names: 109 categories: 110 - istio-io 111 - rbac-istio-io 112 kind: ClusterRbacConfig 113 plural: clusterrbacconfigs 114 singular: clusterrbacconfig 115 scope: Cluster 116 subresources: 117 status: {} 118 validation: 119 openAPIV3Schema: 120 properties: 121 spec: 122 description: 'Configuration for Role Based Access Control. See more details 123 at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html' 124 properties: 125 enforcementMode: 126 enum: 127 - ENFORCED 128 - PERMISSIVE 129 type: string 130 exclusion: 131 description: A list of services or namespaces that should not be enforced 132 by Istio RBAC policies. 133 properties: 134 namespaces: 135 description: A list of namespaces. 136 items: 137 format: string 138 type: string 139 type: array 140 services: 141 description: A list of services. 142 items: 143 format: string 144 type: string 145 type: array 146 type: object 147 inclusion: 148 description: A list of services or namespaces that should be enforced 149 by Istio RBAC policies. 150 properties: 151 namespaces: 152 description: A list of namespaces. 153 items: 154 format: string 155 type: string 156 type: array 157 services: 158 description: A list of services. 159 items: 160 format: string 161 type: string 162 type: array 163 type: object 164 mode: 165 description: Istio RBAC mode. 166 enum: 167 - "OFF" 168 - "ON" 169 - ON_WITH_INCLUSION 170 - ON_WITH_EXCLUSION 171 type: string 172 type: object 173 type: object 174 versions: 175 - name: v1alpha1 176 served: true 177 storage: true 178 179 --- 180 apiVersion: apiextensions.k8s.io/v1beta1 181 kind: CustomResourceDefinition 182 metadata: 183 annotations: 184 "helm.sh/resource-policy": keep 185 labels: 186 app: istio-pilot 187 chart: istio 188 heritage: Tiller 189 release: istio 190 name: destinationrules.networking.istio.io 191 spec: 192 additionalPrinterColumns: 193 - JSONPath: .spec.host 194 description: The name of a service from the service registry 195 name: Host 196 type: string 197 - JSONPath: .metadata.creationTimestamp 198 description: |- 199 CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. 200 Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata 201 name: Age 202 type: date 203 group: networking.istio.io 204 names: 205 categories: 206 - istio-io 207 - networking-istio-io 208 kind: DestinationRule 209 listKind: DestinationRuleList 210 plural: destinationrules 211 shortNames: 212 - dr 213 singular: destinationrule 214 scope: Namespaced 215 subresources: 216 status: {} 217 validation: 218 openAPIV3Schema: 219 properties: 220 spec: 221 description: 'Configuration affecting load balancing, outlier detection, 222 etc. See more details at: https://istio.io/docs/reference/config/networking/v1alpha3/destination-rule.html' 223 properties: 224 exportTo: 225 description: A list of namespaces to which this destination rule is 226 exported. 227 items: 228 format: string 229 type: string 230 type: array 231 host: 232 description: The name of a service from the service registry. 233 format: string 234 type: string 235 subsets: 236 items: 237 properties: 238 labels: 239 additionalProperties: 240 format: string 241 type: string 242 type: object 243 name: 244 description: Name of the subset. 245 format: string 246 type: string 247 trafficPolicy: 248 description: Traffic policies that apply to this subset. 249 properties: 250 connectionPool: 251 properties: 252 http: 253 description: HTTP connection pool settings. 254 properties: 255 h2UpgradePolicy: 256 description: Specify if http1.1 connection should 257 be upgraded to http2 for the associated destination. 258 enum: 259 - DEFAULT 260 - DO_NOT_UPGRADE 261 - UPGRADE 262 type: string 263 http1MaxPendingRequests: 264 description: Maximum number of pending HTTP requests 265 to a destination. 266 format: int32 267 type: integer 268 http2MaxRequests: 269 description: Maximum number of requests to a backend. 270 format: int32 271 type: integer 272 idleTimeout: 273 description: The idle timeout for upstream connection 274 pool connections. 275 type: string 276 maxRequestsPerConnection: 277 description: Maximum number of requests per connection 278 to a backend. 279 format: int32 280 type: integer 281 maxRetries: 282 format: int32 283 type: integer 284 type: object 285 tcp: 286 description: Settings common to both HTTP and TCP upstream 287 connections. 288 properties: 289 connectTimeout: 290 description: TCP connection timeout. 291 type: string 292 maxConnections: 293 description: Maximum number of HTTP1 /TCP connections 294 to a destination host. 295 format: int32 296 type: integer 297 tcpKeepalive: 298 description: If set then set SO_KEEPALIVE on the socket 299 to enable TCP Keepalives. 300 properties: 301 interval: 302 description: The time duration between keep-alive 303 probes. 304 type: string 305 probes: 306 type: integer 307 time: 308 type: string 309 type: object 310 type: object 311 type: object 312 loadBalancer: 313 description: Settings controlling the load balancer algorithms. 314 oneOf: 315 - required: 316 - simple 317 - properties: 318 consistentHash: 319 oneOf: 320 - required: 321 - httpHeaderName 322 - required: 323 - httpCookie 324 - required: 325 - useSourceIp 326 required: 327 - consistentHash 328 properties: 329 consistentHash: 330 properties: 331 httpCookie: 332 description: Hash based on HTTP cookie. 333 properties: 334 name: 335 description: Name of the cookie. 336 format: string 337 type: string 338 path: 339 description: Path to set for the cookie. 340 format: string 341 type: string 342 ttl: 343 description: Lifetime of the cookie. 344 type: string 345 type: object 346 httpHeaderName: 347 description: Hash based on a specific HTTP header. 348 format: string 349 type: string 350 minimumRingSize: 351 type: integer 352 useSourceIp: 353 description: Hash based on the source IP address. 354 type: boolean 355 type: object 356 simple: 357 enum: 358 - ROUND_ROBIN 359 - LEAST_CONN 360 - RANDOM 361 - PASSTHROUGH 362 type: string 363 type: object 364 outlierDetection: 365 properties: 366 baseEjectionTime: 367 description: Minimum ejection duration. 368 type: string 369 consecutiveErrors: 370 format: int32 371 type: integer 372 interval: 373 description: Time interval between ejection sweep analysis. 374 type: string 375 maxEjectionPercent: 376 format: int32 377 type: integer 378 minHealthPercent: 379 format: int32 380 type: integer 381 type: object 382 portLevelSettings: 383 description: Traffic policies specific to individual ports. 384 items: 385 properties: 386 connectionPool: 387 properties: 388 http: 389 description: HTTP connection pool settings. 390 properties: 391 h2UpgradePolicy: 392 description: Specify if http1.1 connection should 393 be upgraded to http2 for the associated destination. 394 enum: 395 - DEFAULT 396 - DO_NOT_UPGRADE 397 - UPGRADE 398 type: string 399 http1MaxPendingRequests: 400 description: Maximum number of pending HTTP 401 requests to a destination. 402 format: int32 403 type: integer 404 http2MaxRequests: 405 description: Maximum number of requests to a 406 backend. 407 format: int32 408 type: integer 409 idleTimeout: 410 description: The idle timeout for upstream connection 411 pool connections. 412 type: string 413 maxRequestsPerConnection: 414 description: Maximum number of requests per 415 connection to a backend. 416 format: int32 417 type: integer 418 maxRetries: 419 format: int32 420 type: integer 421 type: object 422 tcp: 423 description: Settings common to both HTTP and TCP 424 upstream connections. 425 properties: 426 connectTimeout: 427 description: TCP connection timeout. 428 type: string 429 maxConnections: 430 description: Maximum number of HTTP1 /TCP connections 431 to a destination host. 432 format: int32 433 type: integer 434 tcpKeepalive: 435 description: If set then set SO_KEEPALIVE on 436 the socket to enable TCP Keepalives. 437 properties: 438 interval: 439 description: The time duration between keep-alive 440 probes. 441 type: string 442 probes: 443 type: integer 444 time: 445 type: string 446 type: object 447 type: object 448 type: object 449 loadBalancer: 450 description: Settings controlling the load balancer 451 algorithms. 452 oneOf: 453 - required: 454 - simple 455 - properties: 456 consistentHash: 457 oneOf: 458 - required: 459 - httpHeaderName 460 - required: 461 - httpCookie 462 - required: 463 - useSourceIp 464 required: 465 - consistentHash 466 properties: 467 consistentHash: 468 properties: 469 httpCookie: 470 description: Hash based on HTTP cookie. 471 properties: 472 name: 473 description: Name of the cookie. 474 format: string 475 type: string 476 path: 477 description: Path to set for the cookie. 478 format: string 479 type: string 480 ttl: 481 description: Lifetime of the cookie. 482 type: string 483 type: object 484 httpHeaderName: 485 description: Hash based on a specific HTTP header. 486 format: string 487 type: string 488 minimumRingSize: 489 type: integer 490 useSourceIp: 491 description: Hash based on the source IP address. 492 type: boolean 493 type: object 494 simple: 495 enum: 496 - ROUND_ROBIN 497 - LEAST_CONN 498 - RANDOM 499 - PASSTHROUGH 500 type: string 501 type: object 502 outlierDetection: 503 properties: 504 baseEjectionTime: 505 description: Minimum ejection duration. 506 type: string 507 consecutiveErrors: 508 format: int32 509 type: integer 510 interval: 511 description: Time interval between ejection sweep 512 analysis. 513 type: string 514 maxEjectionPercent: 515 format: int32 516 type: integer 517 minHealthPercent: 518 format: int32 519 type: integer 520 type: object 521 port: 522 properties: 523 number: 524 type: integer 525 type: object 526 tls: 527 description: TLS related settings for connections to 528 the upstream service. 529 properties: 530 caCertificates: 531 format: string 532 type: string 533 clientCertificate: 534 description: REQUIRED if mode is `MUTUAL`. 535 format: string 536 type: string 537 mode: 538 enum: 539 - DISABLE 540 - SIMPLE 541 - MUTUAL 542 - ISTIO_MUTUAL 543 type: string 544 privateKey: 545 description: REQUIRED if mode is `MUTUAL`. 546 format: string 547 type: string 548 sni: 549 description: SNI string to present to the server 550 during TLS handshake. 551 format: string 552 type: string 553 subjectAltNames: 554 items: 555 format: string 556 type: string 557 type: array 558 type: object 559 type: object 560 type: array 561 tls: 562 description: TLS related settings for connections to the upstream 563 service. 564 properties: 565 caCertificates: 566 format: string 567 type: string 568 clientCertificate: 569 description: REQUIRED if mode is `MUTUAL`. 570 format: string 571 type: string 572 mode: 573 enum: 574 - DISABLE 575 - SIMPLE 576 - MUTUAL 577 - ISTIO_MUTUAL 578 type: string 579 privateKey: 580 description: REQUIRED if mode is `MUTUAL`. 581 format: string 582 type: string 583 sni: 584 description: SNI string to present to the server during 585 TLS handshake. 586 format: string 587 type: string 588 subjectAltNames: 589 items: 590 format: string 591 type: string 592 type: array 593 type: object 594 type: object 595 type: object 596 type: array 597 trafficPolicy: 598 properties: 599 connectionPool: 600 properties: 601 http: 602 description: HTTP connection pool settings. 603 properties: 604 h2UpgradePolicy: 605 description: Specify if http1.1 connection should be upgraded 606 to http2 for the associated destination. 607 enum: 608 - DEFAULT 609 - DO_NOT_UPGRADE 610 - UPGRADE 611 type: string 612 http1MaxPendingRequests: 613 description: Maximum number of pending HTTP requests to 614 a destination. 615 format: int32 616 type: integer 617 http2MaxRequests: 618 description: Maximum number of requests to a backend. 619 format: int32 620 type: integer 621 idleTimeout: 622 description: The idle timeout for upstream connection pool 623 connections. 624 type: string 625 maxRequestsPerConnection: 626 description: Maximum number of requests per connection to 627 a backend. 628 format: int32 629 type: integer 630 maxRetries: 631 format: int32 632 type: integer 633 type: object 634 tcp: 635 description: Settings common to both HTTP and TCP upstream connections. 636 properties: 637 connectTimeout: 638 description: TCP connection timeout. 639 type: string 640 maxConnections: 641 description: Maximum number of HTTP1 /TCP connections to 642 a destination host. 643 format: int32 644 type: integer 645 tcpKeepalive: 646 description: If set then set SO_KEEPALIVE on the socket 647 to enable TCP Keepalives. 648 properties: 649 interval: 650 description: The time duration between keep-alive probes. 651 type: string 652 probes: 653 type: integer 654 time: 655 type: string 656 type: object 657 type: object 658 type: object 659 loadBalancer: 660 description: Settings controlling the load balancer algorithms. 661 oneOf: 662 - required: 663 - simple 664 - properties: 665 consistentHash: 666 oneOf: 667 - required: 668 - httpHeaderName 669 - required: 670 - httpCookie 671 - required: 672 - useSourceIp 673 required: 674 - consistentHash 675 properties: 676 consistentHash: 677 properties: 678 httpCookie: 679 description: Hash based on HTTP cookie. 680 properties: 681 name: 682 description: Name of the cookie. 683 format: string 684 type: string 685 path: 686 description: Path to set for the cookie. 687 format: string 688 type: string 689 ttl: 690 description: Lifetime of the cookie. 691 type: string 692 type: object 693 httpHeaderName: 694 description: Hash based on a specific HTTP header. 695 format: string 696 type: string 697 minimumRingSize: 698 type: integer 699 useSourceIp: 700 description: Hash based on the source IP address. 701 type: boolean 702 type: object 703 simple: 704 enum: 705 - ROUND_ROBIN 706 - LEAST_CONN 707 - RANDOM 708 - PASSTHROUGH 709 type: string 710 type: object 711 outlierDetection: 712 properties: 713 baseEjectionTime: 714 description: Minimum ejection duration. 715 type: string 716 consecutiveErrors: 717 format: int32 718 type: integer 719 interval: 720 description: Time interval between ejection sweep analysis. 721 type: string 722 maxEjectionPercent: 723 format: int32 724 type: integer 725 minHealthPercent: 726 format: int32 727 type: integer 728 type: object 729 portLevelSettings: 730 description: Traffic policies specific to individual ports. 731 items: 732 properties: 733 connectionPool: 734 properties: 735 http: 736 description: HTTP connection pool settings. 737 properties: 738 h2UpgradePolicy: 739 description: Specify if http1.1 connection should 740 be upgraded to http2 for the associated destination. 741 enum: 742 - DEFAULT 743 - DO_NOT_UPGRADE 744 - UPGRADE 745 type: string 746 http1MaxPendingRequests: 747 description: Maximum number of pending HTTP requests 748 to a destination. 749 format: int32 750 type: integer 751 http2MaxRequests: 752 description: Maximum number of requests to a backend. 753 format: int32 754 type: integer 755 idleTimeout: 756 description: The idle timeout for upstream connection 757 pool connections. 758 type: string 759 maxRequestsPerConnection: 760 description: Maximum number of requests per connection 761 to a backend. 762 format: int32 763 type: integer 764 maxRetries: 765 format: int32 766 type: integer 767 type: object 768 tcp: 769 description: Settings common to both HTTP and TCP upstream 770 connections. 771 properties: 772 connectTimeout: 773 description: TCP connection timeout. 774 type: string 775 maxConnections: 776 description: Maximum number of HTTP1 /TCP connections 777 to a destination host. 778 format: int32 779 type: integer 780 tcpKeepalive: 781 description: If set then set SO_KEEPALIVE on the socket 782 to enable TCP Keepalives. 783 properties: 784 interval: 785 description: The time duration between keep-alive 786 probes. 787 type: string 788 probes: 789 type: integer 790 time: 791 type: string 792 type: object 793 type: object 794 type: object 795 loadBalancer: 796 description: Settings controlling the load balancer algorithms. 797 oneOf: 798 - required: 799 - simple 800 - properties: 801 consistentHash: 802 oneOf: 803 - required: 804 - httpHeaderName 805 - required: 806 - httpCookie 807 - required: 808 - useSourceIp 809 required: 810 - consistentHash 811 properties: 812 consistentHash: 813 properties: 814 httpCookie: 815 description: Hash based on HTTP cookie. 816 properties: 817 name: 818 description: Name of the cookie. 819 format: string 820 type: string 821 path: 822 description: Path to set for the cookie. 823 format: string 824 type: string 825 ttl: 826 description: Lifetime of the cookie. 827 type: string 828 type: object 829 httpHeaderName: 830 description: Hash based on a specific HTTP header. 831 format: string 832 type: string 833 minimumRingSize: 834 type: integer 835 useSourceIp: 836 description: Hash based on the source IP address. 837 type: boolean 838 type: object 839 simple: 840 enum: 841 - ROUND_ROBIN 842 - LEAST_CONN 843 - RANDOM 844 - PASSTHROUGH 845 type: string 846 type: object 847 outlierDetection: 848 properties: 849 baseEjectionTime: 850 description: Minimum ejection duration. 851 type: string 852 consecutiveErrors: 853 format: int32 854 type: integer 855 interval: 856 description: Time interval between ejection sweep analysis. 857 type: string 858 maxEjectionPercent: 859 format: int32 860 type: integer 861 minHealthPercent: 862 format: int32 863 type: integer 864 type: object 865 port: 866 properties: 867 number: 868 type: integer 869 type: object 870 tls: 871 description: TLS related settings for connections to the upstream 872 service. 873 properties: 874 caCertificates: 875 format: string 876 type: string 877 clientCertificate: 878 description: REQUIRED if mode is `MUTUAL`. 879 format: string 880 type: string 881 mode: 882 enum: 883 - DISABLE 884 - SIMPLE 885 - MUTUAL 886 - ISTIO_MUTUAL 887 type: string 888 privateKey: 889 description: REQUIRED if mode is `MUTUAL`. 890 format: string 891 type: string 892 sni: 893 description: SNI string to present to the server during 894 TLS handshake. 895 format: string 896 type: string 897 subjectAltNames: 898 items: 899 format: string 900 type: string 901 type: array 902 type: object 903 type: object 904 type: array 905 tls: 906 description: TLS related settings for connections to the upstream 907 service. 908 properties: 909 caCertificates: 910 format: string 911 type: string 912 clientCertificate: 913 description: REQUIRED if mode is `MUTUAL`. 914 format: string 915 type: string 916 mode: 917 enum: 918 - DISABLE 919 - SIMPLE 920 - MUTUAL 921 - ISTIO_MUTUAL 922 type: string 923 privateKey: 924 description: REQUIRED if mode is `MUTUAL`. 925 format: string 926 type: string 927 sni: 928 description: SNI string to present to the server during TLS 929 handshake. 930 format: string 931 type: string 932 subjectAltNames: 933 items: 934 format: string 935 type: string 936 type: array 937 type: object 938 type: object 939 type: object 940 type: object 941 versions: 942 - name: v1alpha3 943 served: true 944 storage: true 945 946 --- 947 apiVersion: apiextensions.k8s.io/v1beta1 948 kind: CustomResourceDefinition 949 metadata: 950 annotations: 951 "helm.sh/resource-policy": keep 952 labels: 953 app: istio-pilot 954 chart: istio 955 heritage: Tiller 956 release: istio 957 name: envoyfilters.networking.istio.io 958 spec: 959 group: networking.istio.io 960 names: 961 categories: 962 - istio-io 963 - networking-istio-io 964 kind: EnvoyFilter 965 plural: envoyfilters 966 singular: envoyfilter 967 scope: Namespaced 968 subresources: 969 status: {} 970 validation: 971 openAPIV3Schema: 972 properties: 973 spec: 974 description: 'Customizing Envoy configuration generated by Istio. See more 975 details at: https://istio.io/docs/reference/config/networking/v1alpha3/envoy-filter.html' 976 properties: 977 configPatches: 978 description: One or more patches with match conditions. 979 items: 980 properties: 981 applyTo: 982 enum: 983 - INVALID 984 - LISTENER 985 - FILTER_CHAIN 986 - NETWORK_FILTER 987 - HTTP_FILTER 988 - ROUTE_CONFIGURATION 989 - VIRTUAL_HOST 990 - HTTP_ROUTE 991 - CLUSTER 992 type: string 993 match: 994 description: Match on listener/route configuration/cluster. 995 oneOf: 996 - required: 997 - listener 998 - required: 999 - routeConfiguration 1000 - required: 1001 - cluster 1002 properties: 1003 cluster: 1004 description: Match on envoy cluster attributes. 1005 properties: 1006 name: 1007 description: The exact name of the cluster to match. 1008 format: string 1009 type: string 1010 portNumber: 1011 description: The service port for which this cluster was 1012 generated. 1013 type: integer 1014 service: 1015 description: The fully qualified service name for this 1016 cluster. 1017 format: string 1018 type: string 1019 subset: 1020 description: The subset associated with the service. 1021 format: string 1022 type: string 1023 type: object 1024 context: 1025 description: The specific config generation context to match 1026 on. 1027 enum: 1028 - ANY 1029 - SIDECAR_INBOUND 1030 - SIDECAR_OUTBOUND 1031 - GATEWAY 1032 type: string 1033 listener: 1034 description: Match on envoy listener attributes. 1035 properties: 1036 filterChain: 1037 description: Match a specific filter chain in a listener. 1038 properties: 1039 applicationProtocols: 1040 description: Applies only to sidecars. 1041 format: string 1042 type: string 1043 filter: 1044 description: The name of a specific filter to apply 1045 the patch to. 1046 properties: 1047 name: 1048 description: The filter name to match on. 1049 format: string 1050 type: string 1051 subFilter: 1052 properties: 1053 name: 1054 description: The filter name to match on. 1055 format: string 1056 type: string 1057 type: object 1058 type: object 1059 name: 1060 description: The name assigned to the filter chain. 1061 format: string 1062 type: string 1063 sni: 1064 description: The SNI value used by a filter chain's 1065 match condition. 1066 format: string 1067 type: string 1068 transportProtocol: 1069 description: Applies only to SIDECAR_INBOUND context. 1070 format: string 1071 type: string 1072 type: object 1073 name: 1074 description: Match a specific listener by its name. 1075 format: string 1076 type: string 1077 portName: 1078 format: string 1079 type: string 1080 portNumber: 1081 type: integer 1082 type: object 1083 proxy: 1084 description: Match on properties associated with a proxy. 1085 properties: 1086 metadata: 1087 additionalProperties: 1088 format: string 1089 type: string 1090 type: object 1091 proxyVersion: 1092 format: string 1093 type: string 1094 type: object 1095 routeConfiguration: 1096 description: Match on envoy HTTP route configuration attributes. 1097 properties: 1098 gateway: 1099 format: string 1100 type: string 1101 name: 1102 description: Route configuration name to match on. 1103 format: string 1104 type: string 1105 portName: 1106 description: Applicable only for GATEWAY context. 1107 format: string 1108 type: string 1109 portNumber: 1110 type: integer 1111 vhost: 1112 properties: 1113 name: 1114 format: string 1115 type: string 1116 route: 1117 description: Match a specific route within the virtual 1118 host. 1119 properties: 1120 action: 1121 description: Match a route with specific action 1122 type. 1123 enum: 1124 - ANY 1125 - ROUTE 1126 - REDIRECT 1127 - DIRECT_RESPONSE 1128 type: string 1129 name: 1130 format: string 1131 type: string 1132 type: object 1133 type: object 1134 type: object 1135 type: object 1136 patch: 1137 description: The patch to apply along with the operation. 1138 properties: 1139 operation: 1140 description: Determines how the patch should be applied. 1141 enum: 1142 - INVALID 1143 - MERGE 1144 - ADD 1145 - REMOVE 1146 - INSERT_BEFORE 1147 - INSERT_AFTER 1148 type: string 1149 value: 1150 description: The JSON config of the object being patched. 1151 type: object 1152 type: object 1153 type: object 1154 type: array 1155 filters: 1156 items: 1157 properties: 1158 filterConfig: 1159 type: object 1160 filterName: 1161 description: The name of the filter to instantiate. 1162 format: string 1163 type: string 1164 filterType: 1165 description: The type of filter to instantiate. 1166 enum: 1167 - INVALID 1168 - HTTP 1169 - NETWORK 1170 type: string 1171 insertPosition: 1172 description: Insert position in the filter chain. 1173 properties: 1174 index: 1175 description: Position of this filter in the filter chain. 1176 enum: 1177 - FIRST 1178 - LAST 1179 - BEFORE 1180 - AFTER 1181 type: string 1182 relativeTo: 1183 format: string 1184 type: string 1185 type: object 1186 listenerMatch: 1187 properties: 1188 address: 1189 description: One or more IP addresses to which the listener 1190 is bound. 1191 items: 1192 format: string 1193 type: string 1194 type: array 1195 listenerProtocol: 1196 description: Selects a class of listeners for the same protocol. 1197 enum: 1198 - ALL 1199 - HTTP 1200 - TCP 1201 type: string 1202 listenerType: 1203 description: Inbound vs outbound sidecar listener or gateway 1204 listener. 1205 enum: 1206 - ANY 1207 - SIDECAR_INBOUND 1208 - SIDECAR_OUTBOUND 1209 - GATEWAY 1210 type: string 1211 portNamePrefix: 1212 format: string 1213 type: string 1214 portNumber: 1215 type: integer 1216 type: object 1217 type: object 1218 type: array 1219 workloadLabels: 1220 additionalProperties: 1221 format: string 1222 type: string 1223 description: Deprecated. 1224 type: object 1225 workloadSelector: 1226 properties: 1227 labels: 1228 additionalProperties: 1229 format: string 1230 type: string 1231 type: object 1232 type: object 1233 type: object 1234 type: object 1235 versions: 1236 - name: v1alpha3 1237 served: true 1238 storage: true 1239 1240 --- 1241 apiVersion: apiextensions.k8s.io/v1beta1 1242 kind: CustomResourceDefinition 1243 metadata: 1244 annotations: 1245 "helm.sh/resource-policy": keep 1246 labels: 1247 app: istio-pilot 1248 chart: istio 1249 heritage: Tiller 1250 release: istio 1251 name: gateways.networking.istio.io 1252 spec: 1253 group: networking.istio.io 1254 names: 1255 categories: 1256 - istio-io 1257 - networking-istio-io 1258 kind: Gateway 1259 plural: gateways 1260 shortNames: 1261 - gw 1262 singular: gateway 1263 scope: Namespaced 1264 subresources: 1265 status: {} 1266 validation: 1267 openAPIV3Schema: 1268 properties: 1269 spec: 1270 description: 'Configuration affecting edge load balancer. See more details 1271 at: https://istio.io/docs/reference/config/networking/v1alpha3/gateway.html' 1272 properties: 1273 selector: 1274 additionalProperties: 1275 format: string 1276 type: string 1277 type: object 1278 servers: 1279 description: A list of server specifications. 1280 items: 1281 properties: 1282 bind: 1283 format: string 1284 type: string 1285 defaultEndpoint: 1286 format: string 1287 type: string 1288 hosts: 1289 description: One or more hosts exposed by this gateway. 1290 items: 1291 format: string 1292 type: string 1293 type: array 1294 port: 1295 properties: 1296 name: 1297 description: Label assigned to the port. 1298 format: string 1299 type: string 1300 number: 1301 description: A valid non-negative integer port number. 1302 type: integer 1303 protocol: 1304 description: The protocol exposed on the port. 1305 format: string 1306 type: string 1307 type: object 1308 tls: 1309 description: Set of TLS related options that govern the server's 1310 behavior. 1311 properties: 1312 caCertificates: 1313 description: REQUIRED if mode is `MUTUAL`. 1314 format: string 1315 type: string 1316 cipherSuites: 1317 description: 'Optional: If specified, only support the specified 1318 cipher list.' 1319 items: 1320 format: string 1321 type: string 1322 type: array 1323 credentialName: 1324 format: string 1325 type: string 1326 httpsRedirect: 1327 type: boolean 1328 maxProtocolVersion: 1329 description: 'Optional: Maximum TLS protocol version.' 1330 enum: 1331 - TLS_AUTO 1332 - TLSV1_0 1333 - TLSV1_1 1334 - TLSV1_2 1335 - TLSV1_3 1336 type: string 1337 minProtocolVersion: 1338 description: 'Optional: Minimum TLS protocol version.' 1339 enum: 1340 - TLS_AUTO 1341 - TLSV1_0 1342 - TLSV1_1 1343 - TLSV1_2 1344 - TLSV1_3 1345 type: string 1346 mode: 1347 enum: 1348 - PASSTHROUGH 1349 - SIMPLE 1350 - MUTUAL 1351 - AUTO_PASSTHROUGH 1352 - ISTIO_MUTUAL 1353 type: string 1354 privateKey: 1355 description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. 1356 format: string 1357 type: string 1358 serverCertificate: 1359 description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. 1360 format: string 1361 type: string 1362 subjectAltNames: 1363 items: 1364 format: string 1365 type: string 1366 type: array 1367 verifyCertificateHash: 1368 items: 1369 format: string 1370 type: string 1371 type: array 1372 verifyCertificateSpki: 1373 items: 1374 format: string 1375 type: string 1376 type: array 1377 type: object 1378 type: object 1379 type: array 1380 type: object 1381 type: object 1382 versions: 1383 - name: v1alpha3 1384 served: true 1385 storage: true 1386 1387 --- 1388 apiVersion: apiextensions.k8s.io/v1beta1 1389 kind: CustomResourceDefinition 1390 metadata: 1391 annotations: 1392 "helm.sh/resource-policy": keep 1393 labels: 1394 app: istio-mixer 1395 chart: istio 1396 heritage: Tiller 1397 release: istio 1398 name: httpapispecbindings.config.istio.io 1399 spec: 1400 group: config.istio.io 1401 names: 1402 categories: 1403 - istio-io 1404 - apim-istio-io 1405 kind: HTTPAPISpecBinding 1406 plural: httpapispecbindings 1407 singular: httpapispecbinding 1408 scope: Namespaced 1409 subresources: 1410 status: {} 1411 validation: 1412 openAPIV3Schema: 1413 properties: 1414 spec: 1415 properties: 1416 api_specs: 1417 items: 1418 properties: 1419 name: 1420 description: The short name of the HTTPAPISpec. 1421 format: string 1422 type: string 1423 namespace: 1424 description: Optional namespace of the HTTPAPISpec. 1425 format: string 1426 type: string 1427 type: object 1428 type: array 1429 apiSpecs: 1430 items: 1431 properties: 1432 name: 1433 description: The short name of the HTTPAPISpec. 1434 format: string 1435 type: string 1436 namespace: 1437 description: Optional namespace of the HTTPAPISpec. 1438 format: string 1439 type: string 1440 type: object 1441 type: array 1442 services: 1443 description: One or more services to map the listed HTTPAPISpec onto. 1444 items: 1445 properties: 1446 domain: 1447 description: Domain suffix used to construct the service FQDN 1448 in implementations that support such specification. 1449 format: string 1450 type: string 1451 labels: 1452 additionalProperties: 1453 format: string 1454 type: string 1455 description: Optional one or more labels that uniquely identify 1456 the service version. 1457 type: object 1458 name: 1459 description: The short name of the service such as "foo". 1460 format: string 1461 type: string 1462 namespace: 1463 description: Optional namespace of the service. 1464 format: string 1465 type: string 1466 service: 1467 description: The service FQDN. 1468 format: string 1469 type: string 1470 type: object 1471 type: array 1472 type: object 1473 type: object 1474 versions: 1475 - name: v1alpha2 1476 served: true 1477 storage: true 1478 1479 --- 1480 apiVersion: apiextensions.k8s.io/v1beta1 1481 kind: CustomResourceDefinition 1482 metadata: 1483 annotations: 1484 "helm.sh/resource-policy": keep 1485 labels: 1486 app: istio-mixer 1487 chart: istio 1488 heritage: Tiller 1489 release: istio 1490 name: httpapispecs.config.istio.io 1491 spec: 1492 group: config.istio.io 1493 names: 1494 categories: 1495 - istio-io 1496 - apim-istio-io 1497 kind: HTTPAPISpec 1498 plural: httpapispecs 1499 singular: httpapispec 1500 scope: Namespaced 1501 subresources: 1502 status: {} 1503 validation: 1504 openAPIV3Schema: 1505 properties: 1506 spec: 1507 properties: 1508 api_keys: 1509 items: 1510 oneOf: 1511 - required: 1512 - query 1513 - required: 1514 - header 1515 - required: 1516 - cookie 1517 properties: 1518 cookie: 1519 format: string 1520 type: string 1521 header: 1522 description: API key is sent in a request header. 1523 format: string 1524 type: string 1525 query: 1526 description: API Key is sent as a query parameter. 1527 format: string 1528 type: string 1529 type: object 1530 type: array 1531 apiKeys: 1532 items: 1533 oneOf: 1534 - required: 1535 - query 1536 - required: 1537 - header 1538 - required: 1539 - cookie 1540 properties: 1541 cookie: 1542 format: string 1543 type: string 1544 header: 1545 description: API key is sent in a request header. 1546 format: string 1547 type: string 1548 query: 1549 description: API Key is sent as a query parameter. 1550 format: string 1551 type: string 1552 type: object 1553 type: array 1554 attributes: 1555 properties: 1556 attributes: 1557 additionalProperties: 1558 oneOf: 1559 - required: 1560 - stringValue 1561 - required: 1562 - int64Value 1563 - required: 1564 - doubleValue 1565 - required: 1566 - boolValue 1567 - required: 1568 - bytesValue 1569 - required: 1570 - timestampValue 1571 - required: 1572 - durationValue 1573 - required: 1574 - stringMapValue 1575 properties: 1576 boolValue: 1577 type: boolean 1578 bytesValue: 1579 format: binary 1580 type: string 1581 doubleValue: 1582 format: double 1583 type: number 1584 durationValue: 1585 type: string 1586 int64Value: 1587 format: int64 1588 type: integer 1589 stringMapValue: 1590 properties: 1591 entries: 1592 additionalProperties: 1593 format: string 1594 type: string 1595 description: Holds a set of name/value pairs. 1596 type: object 1597 type: object 1598 stringValue: 1599 format: string 1600 type: string 1601 timestampValue: 1602 format: dateTime 1603 type: string 1604 type: object 1605 description: A map of attribute name to its value. 1606 type: object 1607 type: object 1608 patterns: 1609 description: List of HTTP patterns to match. 1610 items: 1611 oneOf: 1612 - required: 1613 - uriTemplate 1614 - required: 1615 - regex 1616 properties: 1617 attributes: 1618 properties: 1619 attributes: 1620 additionalProperties: 1621 oneOf: 1622 - required: 1623 - stringValue 1624 - required: 1625 - int64Value 1626 - required: 1627 - doubleValue 1628 - required: 1629 - boolValue 1630 - required: 1631 - bytesValue 1632 - required: 1633 - timestampValue 1634 - required: 1635 - durationValue 1636 - required: 1637 - stringMapValue 1638 properties: 1639 boolValue: 1640 type: boolean 1641 bytesValue: 1642 format: binary 1643 type: string 1644 doubleValue: 1645 format: double 1646 type: number 1647 durationValue: 1648 type: string 1649 int64Value: 1650 format: int64 1651 type: integer 1652 stringMapValue: 1653 properties: 1654 entries: 1655 additionalProperties: 1656 format: string 1657 type: string 1658 description: Holds a set of name/value pairs. 1659 type: object 1660 type: object 1661 stringValue: 1662 format: string 1663 type: string 1664 timestampValue: 1665 format: dateTime 1666 type: string 1667 type: object 1668 description: A map of attribute name to its value. 1669 type: object 1670 type: object 1671 httpMethod: 1672 format: string 1673 type: string 1674 regex: 1675 format: string 1676 type: string 1677 uriTemplate: 1678 format: string 1679 type: string 1680 type: object 1681 type: array 1682 type: object 1683 type: object 1684 versions: 1685 - name: v1alpha2 1686 served: true 1687 storage: true 1688 1689 --- 1690 apiVersion: apiextensions.k8s.io/v1beta1 1691 kind: CustomResourceDefinition 1692 metadata: 1693 annotations: 1694 "helm.sh/resource-policy": keep 1695 labels: 1696 app: istio-citadel 1697 chart: istio 1698 heritage: Tiller 1699 release: istio 1700 name: meshpolicies.authentication.istio.io 1701 spec: 1702 group: authentication.istio.io 1703 names: 1704 categories: 1705 - istio-io 1706 - authentication-istio-io 1707 kind: MeshPolicy 1708 listKind: MeshPolicyList 1709 plural: meshpolicies 1710 singular: meshpolicy 1711 scope: Cluster 1712 subresources: 1713 status: {} 1714 validation: 1715 openAPIV3Schema: 1716 properties: 1717 spec: 1718 description: 'Authentication policy for Istio services. See more details 1719 at: https://istio.io/docs/reference/config/istio.authentication.v1alpha1.html' 1720 properties: 1721 originIsOptional: 1722 type: boolean 1723 origins: 1724 description: List of authentication methods that can be used for origin 1725 authentication. 1726 items: 1727 properties: 1728 jwt: 1729 description: Jwt params for the method. 1730 properties: 1731 audiences: 1732 items: 1733 format: string 1734 type: string 1735 type: array 1736 issuer: 1737 description: Identifies the issuer that issued the JWT. 1738 format: string 1739 type: string 1740 jwks: 1741 description: JSON Web Key Set of public keys to validate signature 1742 of the JWT. 1743 format: string 1744 type: string 1745 jwks_uri: 1746 format: string 1747 type: string 1748 jwksUri: 1749 format: string 1750 type: string 1751 jwt_headers: 1752 description: JWT is sent in a request header. 1753 items: 1754 format: string 1755 type: string 1756 type: array 1757 jwtHeaders: 1758 description: JWT is sent in a request header. 1759 items: 1760 format: string 1761 type: string 1762 type: array 1763 jwtParams: 1764 description: JWT is sent in a query parameter. 1765 items: 1766 format: string 1767 type: string 1768 type: array 1769 trigger_rules: 1770 items: 1771 properties: 1772 excluded_paths: 1773 description: List of paths to be excluded from the request. 1774 items: 1775 oneOf: 1776 - required: 1777 - exact 1778 - required: 1779 - prefix 1780 - required: 1781 - suffix 1782 - required: 1783 - regex 1784 properties: 1785 exact: 1786 description: exact string match. 1787 format: string 1788 type: string 1789 prefix: 1790 description: prefix-based match. 1791 format: string 1792 type: string 1793 regex: 1794 description: ECMAscript style regex-based match 1795 as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). 1796 format: string 1797 type: string 1798 suffix: 1799 description: suffix-based match. 1800 format: string 1801 type: string 1802 type: object 1803 type: array 1804 excludedPaths: 1805 description: List of paths to be excluded from the request. 1806 items: 1807 oneOf: 1808 - required: 1809 - exact 1810 - required: 1811 - prefix 1812 - required: 1813 - suffix 1814 - required: 1815 - regex 1816 properties: 1817 exact: 1818 description: exact string match. 1819 format: string 1820 type: string 1821 prefix: 1822 description: prefix-based match. 1823 format: string 1824 type: string 1825 regex: 1826 description: ECMAscript style regex-based match 1827 as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). 1828 format: string 1829 type: string 1830 suffix: 1831 description: suffix-based match. 1832 format: string 1833 type: string 1834 type: object 1835 type: array 1836 included_paths: 1837 description: List of paths that the request must include. 1838 items: 1839 oneOf: 1840 - required: 1841 - exact 1842 - required: 1843 - prefix 1844 - required: 1845 - suffix 1846 - required: 1847 - regex 1848 properties: 1849 exact: 1850 description: exact string match. 1851 format: string 1852 type: string 1853 prefix: 1854 description: prefix-based match. 1855 format: string 1856 type: string 1857 regex: 1858 description: ECMAscript style regex-based match 1859 as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). 1860 format: string 1861 type: string 1862 suffix: 1863 description: suffix-based match. 1864 format: string 1865 type: string 1866 type: object 1867 type: array 1868 includedPaths: 1869 description: List of paths that the request must include. 1870 items: 1871 oneOf: 1872 - required: 1873 - exact 1874 - required: 1875 - prefix 1876 - required: 1877 - suffix 1878 - required: 1879 - regex 1880 properties: 1881 exact: 1882 description: exact string match. 1883 format: string 1884 type: string 1885 prefix: 1886 description: prefix-based match. 1887 format: string 1888 type: string 1889 regex: 1890 description: ECMAscript style regex-based match 1891 as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). 1892 format: string 1893 type: string 1894 suffix: 1895 description: suffix-based match. 1896 format: string 1897 type: string 1898 type: object 1899 type: array 1900 type: object 1901 type: array 1902 triggerRules: 1903 items: 1904 properties: 1905 excluded_paths: 1906 description: List of paths to be excluded from the request. 1907 items: 1908 oneOf: 1909 - required: 1910 - exact 1911 - required: 1912 - prefix 1913 - required: 1914 - suffix 1915 - required: 1916 - regex 1917 properties: 1918 exact: 1919 description: exact string match. 1920 format: string 1921 type: string 1922 prefix: 1923 description: prefix-based match. 1924 format: string 1925 type: string 1926 regex: 1927 description: ECMAscript style regex-based match 1928 as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). 1929 format: string 1930 type: string 1931 suffix: 1932 description: suffix-based match. 1933 format: string 1934 type: string 1935 type: object 1936 type: array 1937 excludedPaths: 1938 description: List of paths to be excluded from the request. 1939 items: 1940 oneOf: 1941 - required: 1942 - exact 1943 - required: 1944 - prefix 1945 - required: 1946 - suffix 1947 - required: 1948 - regex 1949 properties: 1950 exact: 1951 description: exact string match. 1952 format: string 1953 type: string 1954 prefix: 1955 description: prefix-based match. 1956 format: string 1957 type: string 1958 regex: 1959 description: ECMAscript style regex-based match 1960 as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). 1961 format: string 1962 type: string 1963 suffix: 1964 description: suffix-based match. 1965 format: string 1966 type: string 1967 type: object 1968 type: array 1969 included_paths: 1970 description: List of paths that the request must include. 1971 items: 1972 oneOf: 1973 - required: 1974 - exact 1975 - required: 1976 - prefix 1977 - required: 1978 - suffix 1979 - required: 1980 - regex 1981 properties: 1982 exact: 1983 description: exact string match. 1984 format: string 1985 type: string 1986 prefix: 1987 description: prefix-based match. 1988 format: string 1989 type: string 1990 regex: 1991 description: ECMAscript style regex-based match 1992 as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). 1993 format: string 1994 type: string 1995 suffix: 1996 description: suffix-based match. 1997 format: string 1998 type: string 1999 type: object 2000 type: array 2001 includedPaths: 2002 description: List of paths that the request must include. 2003 items: 2004 oneOf: 2005 - required: 2006 - exact 2007 - required: 2008 - prefix 2009 - required: 2010 - suffix 2011 - required: 2012 - regex 2013 properties: 2014 exact: 2015 description: exact string match. 2016 format: string 2017 type: string 2018 prefix: 2019 description: prefix-based match. 2020 format: string 2021 type: string 2022 regex: 2023 description: ECMAscript style regex-based match 2024 as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). 2025 format: string 2026 type: string 2027 suffix: 2028 description: suffix-based match. 2029 format: string 2030 type: string 2031 type: object 2032 type: array 2033 type: object 2034 type: array 2035 type: object 2036 type: object 2037 type: array 2038 peerIsOptional: 2039 type: boolean 2040 peers: 2041 description: List of authentication methods that can be used for peer 2042 authentication. 2043 items: 2044 oneOf: 2045 - required: 2046 - mtls 2047 - required: 2048 - jwt 2049 properties: 2050 jwt: 2051 properties: 2052 audiences: 2053 items: 2054 format: string 2055 type: string 2056 type: array 2057 issuer: 2058 description: Identifies the issuer that issued the JWT. 2059 format: string 2060 type: string 2061 jwks: 2062 description: JSON Web Key Set of public keys to validate signature 2063 of the JWT. 2064 format: string 2065 type: string 2066 jwks_uri: 2067 format: string 2068 type: string 2069 jwksUri: 2070 format: string 2071 type: string 2072 jwt_headers: 2073 description: JWT is sent in a request header. 2074 items: 2075 format: string 2076 type: string 2077 type: array 2078 jwtHeaders: 2079 description: JWT is sent in a request header. 2080 items: 2081 format: string 2082 type: string 2083 type: array 2084 jwtParams: 2085 description: JWT is sent in a query parameter. 2086 items: 2087 format: string 2088 type: string 2089 type: array 2090 trigger_rules: 2091 items: 2092 properties: 2093 excluded_paths: 2094 description: List of paths to be excluded from the request. 2095 items: 2096 oneOf: 2097 - required: 2098 - exact 2099 - required: 2100 - prefix 2101 - required: 2102 - suffix 2103 - required: 2104 - regex 2105 properties: 2106 exact: 2107 description: exact string match. 2108 format: string 2109 type: string 2110 prefix: 2111 description: prefix-based match. 2112 format: string 2113 type: string 2114 regex: 2115 description: ECMAscript style regex-based match 2116 as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). 2117 format: string 2118 type: string 2119 suffix: 2120 description: suffix-based match. 2121 format: string 2122 type: string 2123 type: object 2124 type: array 2125 excludedPaths: 2126 description: List of paths to be excluded from the request. 2127 items: 2128 oneOf: 2129 - required: 2130 - exact 2131 - required: 2132 - prefix 2133 - required: 2134 - suffix 2135 - required: 2136 - regex 2137 properties: 2138 exact: 2139 description: exact string match. 2140 format: string 2141 type: string 2142 prefix: 2143 description: prefix-based match. 2144 format: string 2145 type: string 2146 regex: 2147 description: ECMAscript style regex-based match 2148 as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). 2149 format: string 2150 type: string 2151 suffix: 2152 description: suffix-based match. 2153 format: string 2154 type: string 2155 type: object 2156 type: array 2157 included_paths: 2158 description: List of paths that the request must include. 2159 items: 2160 oneOf: 2161 - required: 2162 - exact 2163 - required: 2164 - prefix 2165 - required: 2166 - suffix 2167 - required: 2168 - regex 2169 properties: 2170 exact: 2171 description: exact string match. 2172 format: string 2173 type: string 2174 prefix: 2175 description: prefix-based match. 2176 format: string 2177 type: string 2178 regex: 2179 description: ECMAscript style regex-based match 2180 as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). 2181 format: string 2182 type: string 2183 suffix: 2184 description: suffix-based match. 2185 format: string 2186 type: string 2187 type: object 2188 type: array 2189 includedPaths: 2190 description: List of paths that the request must include. 2191 items: 2192 oneOf: 2193 - required: 2194 - exact 2195 - required: 2196 - prefix 2197 - required: 2198 - suffix 2199 - required: 2200 - regex 2201 properties: 2202 exact: 2203 description: exact string match. 2204 format: string 2205 type: string 2206 prefix: 2207 description: prefix-based match. 2208 format: string 2209 type: string 2210 regex: 2211 description: ECMAscript style regex-based match 2212 as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). 2213 format: string 2214 type: string 2215 suffix: 2216 description: suffix-based match. 2217 format: string 2218 type: string 2219 type: object 2220 type: array 2221 type: object 2222 type: array 2223 triggerRules: 2224 items: 2225 properties: 2226 excluded_paths: 2227 description: List of paths to be excluded from the request. 2228 items: 2229 oneOf: 2230 - required: 2231 - exact 2232 - required: 2233 - prefix 2234 - required: 2235 - suffix 2236 - required: 2237 - regex 2238 properties: 2239 exact: 2240 description: exact string match. 2241 format: string 2242 type: string 2243 prefix: 2244 description: prefix-based match. 2245 format: string 2246 type: string 2247 regex: 2248 description: ECMAscript style regex-based match 2249 as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). 2250 format: string 2251 type: string 2252 suffix: 2253 description: suffix-based match. 2254 format: string 2255 type: string 2256 type: object 2257 type: array 2258 excludedPaths: 2259 description: List of paths to be excluded from the request. 2260 items: 2261 oneOf: 2262 - required: 2263 - exact 2264 - required: 2265 - prefix 2266 - required: 2267 - suffix 2268 - required: 2269 - regex 2270 properties: 2271 exact: 2272 description: exact string match. 2273 format: string 2274 type: string 2275 prefix: 2276 description: prefix-based match. 2277 format: string 2278 type: string 2279 regex: 2280 description: ECMAscript style regex-based match 2281 as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). 2282 format: string 2283 type: string 2284 suffix: 2285 description: suffix-based match. 2286 format: string 2287 type: string 2288 type: object 2289 type: array 2290 included_paths: 2291 description: List of paths that the request must include. 2292 items: 2293 oneOf: 2294 - required: 2295 - exact 2296 - required: 2297 - prefix 2298 - required: 2299 - suffix 2300 - required: 2301 - regex 2302 properties: 2303 exact: 2304 description: exact string match. 2305 format: string 2306 type: string 2307 prefix: 2308 description: prefix-based match. 2309 format: string 2310 type: string 2311 regex: 2312 description: ECMAscript style regex-based match 2313 as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). 2314 format: string 2315 type: string 2316 suffix: 2317 description: suffix-based match. 2318 format: string 2319 type: string 2320 type: object 2321 type: array 2322 includedPaths: 2323 description: List of paths that the request must include. 2324 items: 2325 oneOf: 2326 - required: 2327 - exact 2328 - required: 2329 - prefix 2330 - required: 2331 - suffix 2332 - required: 2333 - regex 2334 properties: 2335 exact: 2336 description: exact string match. 2337 format: string 2338 type: string 2339 prefix: 2340 description: prefix-based match. 2341 format: string 2342 type: string 2343 regex: 2344 description: ECMAscript style regex-based match 2345 as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). 2346 format: string 2347 type: string 2348 suffix: 2349 description: suffix-based match. 2350 format: string 2351 type: string 2352 type: object 2353 type: array 2354 type: object 2355 type: array 2356 type: object 2357 mtls: 2358 description: Set if mTLS is used. 2359 properties: 2360 allowTls: 2361 description: WILL BE DEPRECATED, if set, will translates to 2362 `TLS_PERMISSIVE` mode. 2363 type: boolean 2364 mode: 2365 description: Defines the mode of mTLS authentication. 2366 enum: 2367 - STRICT 2368 - PERMISSIVE 2369 type: string 2370 type: object 2371 type: object 2372 type: array 2373 principalBinding: 2374 description: Define whether peer or origin identity should be use for 2375 principal. 2376 enum: 2377 - USE_PEER 2378 - USE_ORIGIN 2379 type: string 2380 targets: 2381 description: List rules to select workloads that the policy should be 2382 applied on. 2383 items: 2384 properties: 2385 labels: 2386 additionalProperties: 2387 format: string 2388 type: string 2389 type: object 2390 name: 2391 description: The name must be a short name from the service registry. 2392 format: string 2393 type: string 2394 ports: 2395 description: Specifies the ports. 2396 items: 2397 oneOf: 2398 - required: 2399 - number 2400 - required: 2401 - name 2402 properties: 2403 name: 2404 format: string 2405 type: string 2406 number: 2407 type: integer 2408 type: object 2409 type: array 2410 type: object 2411 type: array 2412 type: object 2413 type: object 2414 versions: 2415 - name: v1alpha1 2416 served: true 2417 storage: true 2418 2419 --- 2420 apiVersion: apiextensions.k8s.io/v1beta1 2421 kind: CustomResourceDefinition 2422 metadata: 2423 annotations: 2424 "helm.sh/resource-policy": keep 2425 labels: 2426 app: istio-citadel 2427 chart: istio 2428 heritage: Tiller 2429 release: istio 2430 name: policies.authentication.istio.io 2431 spec: 2432 group: authentication.istio.io 2433 names: 2434 categories: 2435 - istio-io 2436 - authentication-istio-io 2437 kind: Policy 2438 plural: policies 2439 singular: policy 2440 scope: Namespaced 2441 subresources: 2442 status: {} 2443 validation: 2444 openAPIV3Schema: 2445 properties: 2446 spec: 2447 description: 'Authentication policy for Istio services. See more details 2448 at: https://istio.io/docs/reference/config/istio.authentication.v1alpha1.html' 2449 properties: 2450 originIsOptional: 2451 type: boolean 2452 origins: 2453 description: List of authentication methods that can be used for origin 2454 authentication. 2455 items: 2456 properties: 2457 jwt: 2458 description: Jwt params for the method. 2459 properties: 2460 audiences: 2461 items: 2462 format: string 2463 type: string 2464 type: array 2465 issuer: 2466 description: Identifies the issuer that issued the JWT. 2467 format: string 2468 type: string 2469 jwks: 2470 description: JSON Web Key Set of public keys to validate signature 2471 of the JWT. 2472 format: string 2473 type: string 2474 jwks_uri: 2475 format: string 2476 type: string 2477 jwksUri: 2478 format: string 2479 type: string 2480 jwt_headers: 2481 description: JWT is sent in a request header. 2482 items: 2483 format: string 2484 type: string 2485 type: array 2486 jwtHeaders: 2487 description: JWT is sent in a request header. 2488 items: 2489 format: string 2490 type: string 2491 type: array 2492 jwtParams: 2493 description: JWT is sent in a query parameter. 2494 items: 2495 format: string 2496 type: string 2497 type: array 2498 trigger_rules: 2499 items: 2500 properties: 2501 excluded_paths: 2502 description: List of paths to be excluded from the request. 2503 items: 2504 oneOf: 2505 - required: 2506 - exact 2507 - required: 2508 - prefix 2509 - required: 2510 - suffix 2511 - required: 2512 - regex 2513 properties: 2514 exact: 2515 description: exact string match. 2516 format: string 2517 type: string 2518 prefix: 2519 description: prefix-based match. 2520 format: string 2521 type: string 2522 regex: 2523 description: ECMAscript style regex-based match 2524 as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). 2525 format: string 2526 type: string 2527 suffix: 2528 description: suffix-based match. 2529 format: string 2530 type: string 2531 type: object 2532 type: array 2533 excludedPaths: 2534 description: List of paths to be excluded from the request. 2535 items: 2536 oneOf: 2537 - required: 2538 - exact 2539 - required: 2540 - prefix 2541 - required: 2542 - suffix 2543 - required: 2544 - regex 2545 properties: 2546 exact: 2547 description: exact string match. 2548 format: string 2549 type: string 2550 prefix: 2551 description: prefix-based match. 2552 format: string 2553 type: string 2554 regex: 2555 description: ECMAscript style regex-based match 2556 as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). 2557 format: string 2558 type: string 2559 suffix: 2560 description: suffix-based match. 2561 format: string 2562 type: string 2563 type: object 2564 type: array 2565 included_paths: 2566 description: List of paths that the request must include. 2567 items: 2568 oneOf: 2569 - required: 2570 - exact 2571 - required: 2572 - prefix 2573 - required: 2574 - suffix 2575 - required: 2576 - regex 2577 properties: 2578 exact: 2579 description: exact string match. 2580 format: string 2581 type: string 2582 prefix: 2583 description: prefix-based match. 2584 format: string 2585 type: string 2586 regex: 2587 description: ECMAscript style regex-based match 2588 as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). 2589 format: string 2590 type: string 2591 suffix: 2592 description: suffix-based match. 2593 format: string 2594 type: string 2595 type: object 2596 type: array 2597 includedPaths: 2598 description: List of paths that the request must include. 2599 items: 2600 oneOf: 2601 - required: 2602 - exact 2603 - required: 2604 - prefix 2605 - required: 2606 - suffix 2607 - required: 2608 - regex 2609 properties: 2610 exact: 2611 description: exact string match. 2612 format: string 2613 type: string 2614 prefix: 2615 description: prefix-based match. 2616 format: string 2617 type: string 2618 regex: 2619 description: ECMAscript style regex-based match 2620 as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). 2621 format: string 2622 type: string 2623 suffix: 2624 description: suffix-based match. 2625 format: string 2626 type: string 2627 type: object 2628 type: array 2629 type: object 2630 type: array 2631 triggerRules: 2632 items: 2633 properties: 2634 excluded_paths: 2635 description: List of paths to be excluded from the request. 2636 items: 2637 oneOf: 2638 - required: 2639 - exact 2640 - required: 2641 - prefix 2642 - required: 2643 - suffix 2644 - required: 2645 - regex 2646 properties: 2647 exact: 2648 description: exact string match. 2649 format: string 2650 type: string 2651 prefix: 2652 description: prefix-based match. 2653 format: string 2654 type: string 2655 regex: 2656 description: ECMAscript style regex-based match 2657 as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). 2658 format: string 2659 type: string 2660 suffix: 2661 description: suffix-based match. 2662 format: string 2663 type: string 2664 type: object 2665 type: array 2666 excludedPaths: 2667 description: List of paths to be excluded from the request. 2668 items: 2669 oneOf: 2670 - required: 2671 - exact 2672 - required: 2673 - prefix 2674 - required: 2675 - suffix 2676 - required: 2677 - regex 2678 properties: 2679 exact: 2680 description: exact string match. 2681 format: string 2682 type: string 2683 prefix: 2684 description: prefix-based match. 2685 format: string 2686 type: string 2687 regex: 2688 description: ECMAscript style regex-based match 2689 as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). 2690 format: string 2691 type: string 2692 suffix: 2693 description: suffix-based match. 2694 format: string 2695 type: string 2696 type: object 2697 type: array 2698 included_paths: 2699 description: List of paths that the request must include. 2700 items: 2701 oneOf: 2702 - required: 2703 - exact 2704 - required: 2705 - prefix 2706 - required: 2707 - suffix 2708 - required: 2709 - regex 2710 properties: 2711 exact: 2712 description: exact string match. 2713 format: string 2714 type: string 2715 prefix: 2716 description: prefix-based match. 2717 format: string 2718 type: string 2719 regex: 2720 description: ECMAscript style regex-based match 2721 as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). 2722 format: string 2723 type: string 2724 suffix: 2725 description: suffix-based match. 2726 format: string 2727 type: string 2728 type: object 2729 type: array 2730 includedPaths: 2731 description: List of paths that the request must include. 2732 items: 2733 oneOf: 2734 - required: 2735 - exact 2736 - required: 2737 - prefix 2738 - required: 2739 - suffix 2740 - required: 2741 - regex 2742 properties: 2743 exact: 2744 description: exact string match. 2745 format: string 2746 type: string 2747 prefix: 2748 description: prefix-based match. 2749 format: string 2750 type: string 2751 regex: 2752 description: ECMAscript style regex-based match 2753 as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). 2754 format: string 2755 type: string 2756 suffix: 2757 description: suffix-based match. 2758 format: string 2759 type: string 2760 type: object 2761 type: array 2762 type: object 2763 type: array 2764 type: object 2765 type: object 2766 type: array 2767 peerIsOptional: 2768 type: boolean 2769 peers: 2770 description: List of authentication methods that can be used for peer 2771 authentication. 2772 items: 2773 oneOf: 2774 - required: 2775 - mtls 2776 - required: 2777 - jwt 2778 properties: 2779 jwt: 2780 properties: 2781 audiences: 2782 items: 2783 format: string 2784 type: string 2785 type: array 2786 issuer: 2787 description: Identifies the issuer that issued the JWT. 2788 format: string 2789 type: string 2790 jwks: 2791 description: JSON Web Key Set of public keys to validate signature 2792 of the JWT. 2793 format: string 2794 type: string 2795 jwks_uri: 2796 format: string 2797 type: string 2798 jwksUri: 2799 format: string 2800 type: string 2801 jwt_headers: 2802 description: JWT is sent in a request header. 2803 items: 2804 format: string 2805 type: string 2806 type: array 2807 jwtHeaders: 2808 description: JWT is sent in a request header. 2809 items: 2810 format: string 2811 type: string 2812 type: array 2813 jwtParams: 2814 description: JWT is sent in a query parameter. 2815 items: 2816 format: string 2817 type: string 2818 type: array 2819 trigger_rules: 2820 items: 2821 properties: 2822 excluded_paths: 2823 description: List of paths to be excluded from the request. 2824 items: 2825 oneOf: 2826 - required: 2827 - exact 2828 - required: 2829 - prefix 2830 - required: 2831 - suffix 2832 - required: 2833 - regex 2834 properties: 2835 exact: 2836 description: exact string match. 2837 format: string 2838 type: string 2839 prefix: 2840 description: prefix-based match. 2841 format: string 2842 type: string 2843 regex: 2844 description: ECMAscript style regex-based match 2845 as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). 2846 format: string 2847 type: string 2848 suffix: 2849 description: suffix-based match. 2850 format: string 2851 type: string 2852 type: object 2853 type: array 2854 excludedPaths: 2855 description: List of paths to be excluded from the request. 2856 items: 2857 oneOf: 2858 - required: 2859 - exact 2860 - required: 2861 - prefix 2862 - required: 2863 - suffix 2864 - required: 2865 - regex 2866 properties: 2867 exact: 2868 description: exact string match. 2869 format: string 2870 type: string 2871 prefix: 2872 description: prefix-based match. 2873 format: string 2874 type: string 2875 regex: 2876 description: ECMAscript style regex-based match 2877 as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). 2878 format: string 2879 type: string 2880 suffix: 2881 description: suffix-based match. 2882 format: string 2883 type: string 2884 type: object 2885 type: array 2886 included_paths: 2887 description: List of paths that the request must include. 2888 items: 2889 oneOf: 2890 - required: 2891 - exact 2892 - required: 2893 - prefix 2894 - required: 2895 - suffix 2896 - required: 2897 - regex 2898 properties: 2899 exact: 2900 description: exact string match. 2901 format: string 2902 type: string 2903 prefix: 2904 description: prefix-based match. 2905 format: string 2906 type: string 2907 regex: 2908 description: ECMAscript style regex-based match 2909 as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). 2910 format: string 2911 type: string 2912 suffix: 2913 description: suffix-based match. 2914 format: string 2915 type: string 2916 type: object 2917 type: array 2918 includedPaths: 2919 description: List of paths that the request must include. 2920 items: 2921 oneOf: 2922 - required: 2923 - exact 2924 - required: 2925 - prefix 2926 - required: 2927 - suffix 2928 - required: 2929 - regex 2930 properties: 2931 exact: 2932 description: exact string match. 2933 format: string 2934 type: string 2935 prefix: 2936 description: prefix-based match. 2937 format: string 2938 type: string 2939 regex: 2940 description: ECMAscript style regex-based match 2941 as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). 2942 format: string 2943 type: string 2944 suffix: 2945 description: suffix-based match. 2946 format: string 2947 type: string 2948 type: object 2949 type: array 2950 type: object 2951 type: array 2952 triggerRules: 2953 items: 2954 properties: 2955 excluded_paths: 2956 description: List of paths to be excluded from the request. 2957 items: 2958 oneOf: 2959 - required: 2960 - exact 2961 - required: 2962 - prefix 2963 - required: 2964 - suffix 2965 - required: 2966 - regex 2967 properties: 2968 exact: 2969 description: exact string match. 2970 format: string 2971 type: string 2972 prefix: 2973 description: prefix-based match. 2974 format: string 2975 type: string 2976 regex: 2977 description: ECMAscript style regex-based match 2978 as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). 2979 format: string 2980 type: string 2981 suffix: 2982 description: suffix-based match. 2983 format: string 2984 type: string 2985 type: object 2986 type: array 2987 excludedPaths: 2988 description: List of paths to be excluded from the request. 2989 items: 2990 oneOf: 2991 - required: 2992 - exact 2993 - required: 2994 - prefix 2995 - required: 2996 - suffix 2997 - required: 2998 - regex 2999 properties: 3000 exact: 3001 description: exact string match. 3002 format: string 3003 type: string 3004 prefix: 3005 description: prefix-based match. 3006 format: string 3007 type: string 3008 regex: 3009 description: ECMAscript style regex-based match 3010 as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). 3011 format: string 3012 type: string 3013 suffix: 3014 description: suffix-based match. 3015 format: string 3016 type: string 3017 type: object 3018 type: array 3019 included_paths: 3020 description: List of paths that the request must include. 3021 items: 3022 oneOf: 3023 - required: 3024 - exact 3025 - required: 3026 - prefix 3027 - required: 3028 - suffix 3029 - required: 3030 - regex 3031 properties: 3032 exact: 3033 description: exact string match. 3034 format: string 3035 type: string 3036 prefix: 3037 description: prefix-based match. 3038 format: string 3039 type: string 3040 regex: 3041 description: ECMAscript style regex-based match 3042 as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). 3043 format: string 3044 type: string 3045 suffix: 3046 description: suffix-based match. 3047 format: string 3048 type: string 3049 type: object 3050 type: array 3051 includedPaths: 3052 description: List of paths that the request must include. 3053 items: 3054 oneOf: 3055 - required: 3056 - exact 3057 - required: 3058 - prefix 3059 - required: 3060 - suffix 3061 - required: 3062 - regex 3063 properties: 3064 exact: 3065 description: exact string match. 3066 format: string 3067 type: string 3068 prefix: 3069 description: prefix-based match. 3070 format: string 3071 type: string 3072 regex: 3073 description: ECMAscript style regex-based match 3074 as defined by [EDCA-262](http://en.cppreference.com/w/cpp/regex/ecmascript). 3075 format: string 3076 type: string 3077 suffix: 3078 description: suffix-based match. 3079 format: string 3080 type: string 3081 type: object 3082 type: array 3083 type: object 3084 type: array 3085 type: object 3086 mtls: 3087 description: Set if mTLS is used. 3088 properties: 3089 allowTls: 3090 description: WILL BE DEPRECATED, if set, will translates to 3091 `TLS_PERMISSIVE` mode. 3092 type: boolean 3093 mode: 3094 description: Defines the mode of mTLS authentication. 3095 enum: 3096 - STRICT 3097 - PERMISSIVE 3098 type: string 3099 type: object 3100 type: object 3101 type: array 3102 principalBinding: 3103 description: Define whether peer or origin identity should be use for 3104 principal. 3105 enum: 3106 - USE_PEER 3107 - USE_ORIGIN 3108 type: string 3109 targets: 3110 description: List rules to select workloads that the policy should be 3111 applied on. 3112 items: 3113 properties: 3114 labels: 3115 additionalProperties: 3116 format: string 3117 type: string 3118 type: object 3119 name: 3120 description: The name must be a short name from the service registry. 3121 format: string 3122 type: string 3123 ports: 3124 description: Specifies the ports. 3125 items: 3126 oneOf: 3127 - required: 3128 - number 3129 - required: 3130 - name 3131 properties: 3132 name: 3133 format: string 3134 type: string 3135 number: 3136 type: integer 3137 type: object 3138 type: array 3139 type: object 3140 type: array 3141 type: object 3142 type: object 3143 versions: 3144 - name: v1alpha1 3145 served: true 3146 storage: true 3147 3148 --- 3149 apiVersion: apiextensions.k8s.io/v1beta1 3150 kind: CustomResourceDefinition 3151 metadata: 3152 annotations: 3153 "helm.sh/resource-policy": keep 3154 labels: 3155 app: istio-mixer 3156 chart: istio 3157 heritage: Tiller 3158 release: istio 3159 name: quotaspecbindings.config.istio.io 3160 spec: 3161 group: config.istio.io 3162 names: 3163 categories: 3164 - istio-io 3165 - apim-istio-io 3166 kind: QuotaSpecBinding 3167 plural: quotaspecbindings 3168 singular: quotaspecbinding 3169 scope: Namespaced 3170 subresources: 3171 status: {} 3172 validation: 3173 openAPIV3Schema: 3174 properties: 3175 spec: 3176 properties: 3177 quotaSpecs: 3178 items: 3179 properties: 3180 name: 3181 description: The short name of the QuotaSpec. 3182 format: string 3183 type: string 3184 namespace: 3185 description: Optional namespace of the QuotaSpec. 3186 format: string 3187 type: string 3188 type: object 3189 type: array 3190 services: 3191 description: One or more services to map the listed QuotaSpec onto. 3192 items: 3193 properties: 3194 domain: 3195 description: Domain suffix used to construct the service FQDN 3196 in implementations that support such specification. 3197 format: string 3198 type: string 3199 labels: 3200 additionalProperties: 3201 format: string 3202 type: string 3203 description: Optional one or more labels that uniquely identify 3204 the service version. 3205 type: object 3206 name: 3207 description: The short name of the service such as "foo". 3208 format: string 3209 type: string 3210 namespace: 3211 description: Optional namespace of the service. 3212 format: string 3213 type: string 3214 service: 3215 description: The service FQDN. 3216 format: string 3217 type: string 3218 type: object 3219 type: array 3220 type: object 3221 type: object 3222 versions: 3223 - name: v1alpha2 3224 served: true 3225 storage: true 3226 3227 --- 3228 apiVersion: apiextensions.k8s.io/v1beta1 3229 kind: CustomResourceDefinition 3230 metadata: 3231 annotations: 3232 "helm.sh/resource-policy": keep 3233 labels: 3234 app: istio-mixer 3235 chart: istio 3236 heritage: Tiller 3237 release: istio 3238 name: quotaspecs.config.istio.io 3239 spec: 3240 group: config.istio.io 3241 names: 3242 categories: 3243 - istio-io 3244 - apim-istio-io 3245 kind: QuotaSpec 3246 plural: quotaspecs 3247 singular: quotaspec 3248 scope: Namespaced 3249 subresources: 3250 status: {} 3251 validation: 3252 openAPIV3Schema: 3253 properties: 3254 spec: 3255 description: Determines the quotas used for individual requests. 3256 properties: 3257 rules: 3258 description: A list of Quota rules. 3259 items: 3260 properties: 3261 match: 3262 description: If empty, match all request. 3263 items: 3264 properties: 3265 clause: 3266 additionalProperties: 3267 oneOf: 3268 - required: 3269 - exact 3270 - required: 3271 - prefix 3272 - required: 3273 - regex 3274 properties: 3275 exact: 3276 format: string 3277 type: string 3278 prefix: 3279 format: string 3280 type: string 3281 regex: 3282 format: string 3283 type: string 3284 type: object 3285 description: Map of attribute names to StringMatch type. 3286 type: object 3287 type: object 3288 type: array 3289 quotas: 3290 description: The list of quotas to charge. 3291 items: 3292 properties: 3293 charge: 3294 format: int32 3295 type: integer 3296 quota: 3297 format: string 3298 type: string 3299 type: object 3300 type: array 3301 type: object 3302 type: array 3303 type: object 3304 type: object 3305 versions: 3306 - name: v1alpha2 3307 served: true 3308 storage: true 3309 3310 --- 3311 apiVersion: apiextensions.k8s.io/v1beta1 3312 kind: CustomResourceDefinition 3313 metadata: 3314 annotations: 3315 "helm.sh/resource-policy": keep 3316 labels: 3317 app: mixer 3318 chart: istio 3319 heritage: Tiller 3320 istio: rbac 3321 package: istio.io.mixer 3322 release: istio 3323 name: rbacconfigs.rbac.istio.io 3324 spec: 3325 group: rbac.istio.io 3326 names: 3327 categories: 3328 - istio-io 3329 - rbac-istio-io 3330 kind: RbacConfig 3331 plural: rbacconfigs 3332 singular: rbacconfig 3333 scope: Namespaced 3334 subresources: 3335 status: {} 3336 validation: 3337 openAPIV3Schema: 3338 properties: 3339 spec: 3340 description: 'Configuration for Role Based Access Control. See more details 3341 at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html' 3342 properties: 3343 enforcementMode: 3344 enum: 3345 - ENFORCED 3346 - PERMISSIVE 3347 type: string 3348 exclusion: 3349 description: A list of services or namespaces that should not be enforced 3350 by Istio RBAC policies. 3351 properties: 3352 namespaces: 3353 description: A list of namespaces. 3354 items: 3355 format: string 3356 type: string 3357 type: array 3358 services: 3359 description: A list of services. 3360 items: 3361 format: string 3362 type: string 3363 type: array 3364 type: object 3365 inclusion: 3366 description: A list of services or namespaces that should be enforced 3367 by Istio RBAC policies. 3368 properties: 3369 namespaces: 3370 description: A list of namespaces. 3371 items: 3372 format: string 3373 type: string 3374 type: array 3375 services: 3376 description: A list of services. 3377 items: 3378 format: string 3379 type: string 3380 type: array 3381 type: object 3382 mode: 3383 description: Istio RBAC mode. 3384 enum: 3385 - "OFF" 3386 - "ON" 3387 - ON_WITH_INCLUSION 3388 - ON_WITH_EXCLUSION 3389 type: string 3390 type: object 3391 type: object 3392 versions: 3393 - name: v1alpha1 3394 served: true 3395 storage: true 3396 3397 --- 3398 apiVersion: apiextensions.k8s.io/v1beta1 3399 kind: CustomResourceDefinition 3400 metadata: 3401 annotations: 3402 "helm.sh/resource-policy": keep 3403 labels: 3404 app: mixer 3405 chart: istio 3406 heritage: Tiller 3407 istio: core 3408 package: istio.io.mixer 3409 release: istio 3410 name: rules.config.istio.io 3411 spec: 3412 group: config.istio.io 3413 names: 3414 categories: 3415 - istio-io 3416 - policy-istio-io 3417 kind: rule 3418 plural: rules 3419 singular: rule 3420 scope: Namespaced 3421 subresources: 3422 status: {} 3423 validation: 3424 openAPIV3Schema: 3425 properties: 3426 spec: 3427 description: 'Describes the rules used to configure Mixer''s policy and 3428 telemetry features. See more details at: https://istio.io/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1.html' 3429 properties: 3430 actions: 3431 description: The actions that will be executed when match evaluates 3432 to `true`. 3433 items: 3434 properties: 3435 handler: 3436 description: Fully qualified name of the handler to invoke. 3437 format: string 3438 type: string 3439 instances: 3440 items: 3441 format: string 3442 type: string 3443 type: array 3444 name: 3445 description: A handle to refer to the results of the action. 3446 format: string 3447 type: string 3448 type: object 3449 type: array 3450 match: 3451 description: Match is an attribute based predicate. 3452 format: string 3453 type: string 3454 requestHeaderOperations: 3455 items: 3456 properties: 3457 name: 3458 description: Header name literal value. 3459 format: string 3460 type: string 3461 operation: 3462 description: Header operation type. 3463 enum: 3464 - REPLACE 3465 - REMOVE 3466 - APPEND 3467 type: string 3468 values: 3469 description: Header value expressions. 3470 items: 3471 format: string 3472 type: string 3473 type: array 3474 type: object 3475 type: array 3476 responseHeaderOperations: 3477 items: 3478 properties: 3479 name: 3480 description: Header name literal value. 3481 format: string 3482 type: string 3483 operation: 3484 description: Header operation type. 3485 enum: 3486 - REPLACE 3487 - REMOVE 3488 - APPEND 3489 type: string 3490 values: 3491 description: Header value expressions. 3492 items: 3493 format: string 3494 type: string 3495 type: array 3496 type: object 3497 type: array 3498 sampling: 3499 properties: 3500 random: 3501 description: Provides filtering of actions based on random selection 3502 per request. 3503 properties: 3504 attributeExpression: 3505 description: Specifies an attribute expression to use to override 3506 the numerator in the `percent_sampled` field. 3507 format: string 3508 type: string 3509 percentSampled: 3510 description: The default sampling rate, expressed as a percentage. 3511 properties: 3512 denominator: 3513 description: Specifies the denominator. 3514 enum: 3515 - HUNDRED 3516 - TEN_THOUSAND 3517 type: string 3518 numerator: 3519 description: Specifies the numerator. 3520 type: integer 3521 type: object 3522 useIndependentRandomness: 3523 description: By default sampling will be based on the value 3524 of the request header `x-request-id`. 3525 type: boolean 3526 type: object 3527 rateLimit: 3528 properties: 3529 maxUnsampledEntries: 3530 description: Number of entries to allow during the `sampling_duration` 3531 before sampling is enforced. 3532 format: int64 3533 type: integer 3534 samplingDuration: 3535 description: Window in which to enforce the sampling rate. 3536 type: string 3537 samplingRate: 3538 description: The rate at which to sample entries once the unsampled 3539 limit has been reached. 3540 format: int64 3541 type: integer 3542 type: object 3543 type: object 3544 type: object 3545 type: object 3546 versions: 3547 - name: v1alpha2 3548 served: true 3549 storage: true 3550 3551 --- 3552 apiVersion: apiextensions.k8s.io/v1beta1 3553 kind: CustomResourceDefinition 3554 metadata: 3555 annotations: 3556 "helm.sh/resource-policy": keep 3557 labels: 3558 app: istio-pilot 3559 chart: istio 3560 heritage: Tiller 3561 release: istio 3562 name: serviceentries.networking.istio.io 3563 spec: 3564 additionalPrinterColumns: 3565 - JSONPath: .spec.hosts 3566 description: The hosts associated with the ServiceEntry 3567 name: Hosts 3568 type: string 3569 - JSONPath: .spec.location 3570 description: Whether the service is external to the mesh or part of the mesh (MESH_EXTERNAL 3571 or MESH_INTERNAL) 3572 name: Location 3573 type: string 3574 - JSONPath: .spec.resolution 3575 description: Service discovery mode for the hosts (NONE, STATIC, or DNS) 3576 name: Resolution 3577 type: string 3578 - JSONPath: .metadata.creationTimestamp 3579 description: |- 3580 CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. 3581 Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata 3582 name: Age 3583 type: date 3584 group: networking.istio.io 3585 names: 3586 categories: 3587 - istio-io 3588 - networking-istio-io 3589 kind: ServiceEntry 3590 listKind: ServiceEntryList 3591 plural: serviceentries 3592 shortNames: 3593 - se 3594 singular: serviceentry 3595 scope: Namespaced 3596 subresources: 3597 status: {} 3598 validation: 3599 openAPIV3Schema: 3600 properties: 3601 spec: 3602 description: 'Configuration affecting service registry. See more details 3603 at: https://istio.io/docs/reference/config/networking/v1alpha3/service-entry.html' 3604 properties: 3605 addresses: 3606 description: The virtual IP addresses associated with the service. 3607 items: 3608 format: string 3609 type: string 3610 type: array 3611 endpoints: 3612 description: One or more endpoints associated with the service. 3613 items: 3614 properties: 3615 address: 3616 format: string 3617 type: string 3618 labels: 3619 additionalProperties: 3620 format: string 3621 type: string 3622 description: One or more labels associated with the endpoint. 3623 type: object 3624 locality: 3625 description: The locality associated with the endpoint. 3626 format: string 3627 type: string 3628 network: 3629 format: string 3630 type: string 3631 ports: 3632 additionalProperties: 3633 type: integer 3634 description: Set of ports associated with the endpoint. 3635 type: object 3636 weight: 3637 description: The load balancing weight associated with the endpoint. 3638 type: integer 3639 type: object 3640 type: array 3641 exportTo: 3642 description: A list of namespaces to which this service is exported. 3643 items: 3644 format: string 3645 type: string 3646 type: array 3647 hosts: 3648 description: The hosts associated with the ServiceEntry. 3649 items: 3650 format: string 3651 type: string 3652 type: array 3653 location: 3654 enum: 3655 - MESH_EXTERNAL 3656 - MESH_INTERNAL 3657 type: string 3658 ports: 3659 description: The ports associated with the external service. 3660 items: 3661 properties: 3662 name: 3663 description: Label assigned to the port. 3664 format: string 3665 type: string 3666 number: 3667 description: A valid non-negative integer port number. 3668 type: integer 3669 protocol: 3670 description: The protocol exposed on the port. 3671 format: string 3672 type: string 3673 type: object 3674 type: array 3675 resolution: 3676 description: Service discovery mode for the hosts. 3677 enum: 3678 - NONE 3679 - STATIC 3680 - DNS 3681 type: string 3682 subjectAltNames: 3683 items: 3684 format: string 3685 type: string 3686 type: array 3687 type: object 3688 type: object 3689 versions: 3690 - name: v1alpha3 3691 served: true 3692 storage: true 3693 3694 --- 3695 apiVersion: apiextensions.k8s.io/v1beta1 3696 kind: CustomResourceDefinition 3697 metadata: 3698 annotations: 3699 "helm.sh/resource-policy": keep 3700 labels: 3701 app: mixer 3702 chart: istio 3703 heritage: Tiller 3704 istio: rbac 3705 package: istio.io.mixer 3706 release: istio 3707 name: servicerolebindings.rbac.istio.io 3708 spec: 3709 additionalPrinterColumns: 3710 - JSONPath: .spec.roleRef.name 3711 description: The name of the ServiceRole object being referenced 3712 name: Reference 3713 type: string 3714 - JSONPath: .metadata.creationTimestamp 3715 description: |- 3716 CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. 3717 Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata 3718 name: Age 3719 type: date 3720 group: rbac.istio.io 3721 names: 3722 categories: 3723 - istio-io 3724 - rbac-istio-io 3725 kind: ServiceRoleBinding 3726 plural: servicerolebindings 3727 singular: servicerolebinding 3728 scope: Namespaced 3729 subresources: 3730 status: {} 3731 validation: 3732 openAPIV3Schema: 3733 properties: 3734 spec: 3735 description: 'Configuration for Role Based Access Control. See more details 3736 at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html' 3737 properties: 3738 actions: 3739 items: 3740 properties: 3741 constraints: 3742 description: Optional. 3743 items: 3744 properties: 3745 key: 3746 description: Key of the constraint. 3747 format: string 3748 type: string 3749 values: 3750 description: List of valid values for the constraint. 3751 items: 3752 format: string 3753 type: string 3754 type: array 3755 type: object 3756 type: array 3757 hosts: 3758 items: 3759 format: string 3760 type: string 3761 type: array 3762 methods: 3763 description: Optional. 3764 items: 3765 format: string 3766 type: string 3767 type: array 3768 notHosts: 3769 items: 3770 format: string 3771 type: string 3772 type: array 3773 notMethods: 3774 items: 3775 format: string 3776 type: string 3777 type: array 3778 notPaths: 3779 items: 3780 format: string 3781 type: string 3782 type: array 3783 notPorts: 3784 items: 3785 format: int32 3786 type: integer 3787 type: array 3788 paths: 3789 description: Optional. 3790 items: 3791 format: string 3792 type: string 3793 type: array 3794 ports: 3795 items: 3796 format: int32 3797 type: integer 3798 type: array 3799 services: 3800 description: A list of service names. 3801 items: 3802 format: string 3803 type: string 3804 type: array 3805 type: object 3806 type: array 3807 mode: 3808 enum: 3809 - ENFORCED 3810 - PERMISSIVE 3811 type: string 3812 role: 3813 format: string 3814 type: string 3815 roleRef: 3816 description: Reference to the ServiceRole object. 3817 properties: 3818 kind: 3819 description: The type of the role being referenced. 3820 format: string 3821 type: string 3822 name: 3823 description: The name of the ServiceRole object being referenced. 3824 format: string 3825 type: string 3826 type: object 3827 subjects: 3828 description: List of subjects that are assigned the ServiceRole object. 3829 items: 3830 properties: 3831 group: 3832 format: string 3833 type: string 3834 groups: 3835 items: 3836 format: string 3837 type: string 3838 type: array 3839 ips: 3840 items: 3841 format: string 3842 type: string 3843 type: array 3844 names: 3845 items: 3846 format: string 3847 type: string 3848 type: array 3849 namespaces: 3850 items: 3851 format: string 3852 type: string 3853 type: array 3854 notGroups: 3855 items: 3856 format: string 3857 type: string 3858 type: array 3859 notIps: 3860 items: 3861 format: string 3862 type: string 3863 type: array 3864 notNames: 3865 items: 3866 format: string 3867 type: string 3868 type: array 3869 notNamespaces: 3870 items: 3871 format: string 3872 type: string 3873 type: array 3874 properties: 3875 additionalProperties: 3876 format: string 3877 type: string 3878 description: Optional. 3879 type: object 3880 user: 3881 description: Optional. 3882 format: string 3883 type: string 3884 type: object 3885 type: array 3886 type: object 3887 type: object 3888 versions: 3889 - name: v1alpha1 3890 served: true 3891 storage: true 3892 3893 --- 3894 apiVersion: apiextensions.k8s.io/v1beta1 3895 kind: CustomResourceDefinition 3896 metadata: 3897 annotations: 3898 "helm.sh/resource-policy": keep 3899 labels: 3900 app: mixer 3901 chart: istio 3902 heritage: Tiller 3903 istio: rbac 3904 package: istio.io.mixer 3905 release: istio 3906 name: serviceroles.rbac.istio.io 3907 spec: 3908 group: rbac.istio.io 3909 names: 3910 categories: 3911 - istio-io 3912 - rbac-istio-io 3913 kind: ServiceRole 3914 plural: serviceroles 3915 singular: servicerole 3916 scope: Namespaced 3917 subresources: 3918 status: {} 3919 validation: 3920 openAPIV3Schema: 3921 properties: 3922 spec: 3923 description: 'Configuration for Role Based Access Control. See more details 3924 at: https://istio.io/docs/reference/config/authorization/istio.rbac.v1alpha1.html' 3925 properties: 3926 rules: 3927 description: The set of access rules (permissions) that the role has. 3928 items: 3929 properties: 3930 constraints: 3931 description: Optional. 3932 items: 3933 properties: 3934 key: 3935 description: Key of the constraint. 3936 format: string 3937 type: string 3938 values: 3939 description: List of valid values for the constraint. 3940 items: 3941 format: string 3942 type: string 3943 type: array 3944 type: object 3945 type: array 3946 hosts: 3947 items: 3948 format: string 3949 type: string 3950 type: array 3951 methods: 3952 description: Optional. 3953 items: 3954 format: string 3955 type: string 3956 type: array 3957 notHosts: 3958 items: 3959 format: string 3960 type: string 3961 type: array 3962 notMethods: 3963 items: 3964 format: string 3965 type: string 3966 type: array 3967 notPaths: 3968 items: 3969 format: string 3970 type: string 3971 type: array 3972 notPorts: 3973 items: 3974 format: int32 3975 type: integer 3976 type: array 3977 paths: 3978 description: Optional. 3979 items: 3980 format: string 3981 type: string 3982 type: array 3983 ports: 3984 items: 3985 format: int32 3986 type: integer 3987 type: array 3988 services: 3989 description: A list of service names. 3990 items: 3991 format: string 3992 type: string 3993 type: array 3994 type: object 3995 type: array 3996 type: object 3997 type: object 3998 versions: 3999 - name: v1alpha1 4000 served: true 4001 storage: true 4002 4003 --- 4004 apiVersion: apiextensions.k8s.io/v1beta1 4005 kind: CustomResourceDefinition 4006 metadata: 4007 annotations: 4008 "helm.sh/resource-policy": keep 4009 labels: 4010 app: istio-pilot 4011 chart: istio 4012 heritage: Tiller 4013 release: istio 4014 name: virtualservices.networking.istio.io 4015 spec: 4016 additionalPrinterColumns: 4017 - JSONPath: .spec.gateways 4018 description: The names of gateways and sidecars that should apply these routes 4019 name: Gateways 4020 type: string 4021 - JSONPath: .spec.hosts 4022 description: The destination hosts to which traffic is being sent 4023 name: Hosts 4024 type: string 4025 - JSONPath: .metadata.creationTimestamp 4026 description: |- 4027 CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. 4028 Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata 4029 name: Age 4030 type: date 4031 group: networking.istio.io 4032 names: 4033 categories: 4034 - istio-io 4035 - networking-istio-io 4036 kind: VirtualService 4037 listKind: VirtualServiceList 4038 plural: virtualservices 4039 shortNames: 4040 - vs 4041 singular: virtualservice 4042 scope: Namespaced 4043 subresources: 4044 status: {} 4045 validation: 4046 openAPIV3Schema: 4047 properties: 4048 spec: 4049 description: 'Configuration affecting label/content routing, sni routing, 4050 etc. See more details at: https://istio.io/docs/reference/config/networking/v1alpha3/virtual-service.html' 4051 properties: 4052 exportTo: 4053 description: A list of namespaces to which this virtual service is exported. 4054 items: 4055 format: string 4056 type: string 4057 type: array 4058 gateways: 4059 description: The names of gateways and sidecars that should apply these 4060 routes. 4061 items: 4062 format: string 4063 type: string 4064 type: array 4065 hosts: 4066 description: The destination hosts to which traffic is being sent. 4067 items: 4068 format: string 4069 type: string 4070 type: array 4071 http: 4072 description: An ordered list of route rules for HTTP traffic. 4073 items: 4074 properties: 4075 appendHeaders: 4076 additionalProperties: 4077 format: string 4078 type: string 4079 type: object 4080 appendRequestHeaders: 4081 additionalProperties: 4082 format: string 4083 type: string 4084 type: object 4085 appendResponseHeaders: 4086 additionalProperties: 4087 format: string 4088 type: string 4089 type: object 4090 corsPolicy: 4091 description: Cross-Origin Resource Sharing policy (CORS). 4092 properties: 4093 allowCredentials: 4094 nullable: true 4095 type: boolean 4096 allowHeaders: 4097 items: 4098 format: string 4099 type: string 4100 type: array 4101 allowMethods: 4102 description: List of HTTP methods allowed to access the resource. 4103 items: 4104 format: string 4105 type: string 4106 type: array 4107 allowOrigin: 4108 description: The list of origins that are allowed to perform 4109 CORS requests. 4110 items: 4111 format: string 4112 type: string 4113 type: array 4114 exposeHeaders: 4115 items: 4116 format: string 4117 type: string 4118 type: array 4119 maxAge: 4120 type: string 4121 type: object 4122 fault: 4123 description: Fault injection policy to apply on HTTP traffic at 4124 the client side. 4125 properties: 4126 abort: 4127 oneOf: 4128 - properties: 4129 percent: {} 4130 required: 4131 - httpStatus 4132 - properties: 4133 percent: {} 4134 required: 4135 - grpcStatus 4136 - properties: 4137 percent: {} 4138 required: 4139 - http2Error 4140 properties: 4141 grpcStatus: 4142 format: string 4143 type: string 4144 http2Error: 4145 format: string 4146 type: string 4147 httpStatus: 4148 description: HTTP status code to use to abort the Http 4149 request. 4150 format: int32 4151 type: integer 4152 percent: 4153 description: Percentage of requests to be aborted with 4154 the error code provided (0-100). 4155 format: int32 4156 type: integer 4157 percentage: 4158 description: Percentage of requests to be aborted with 4159 the error code provided. 4160 properties: 4161 value: 4162 format: double 4163 type: number 4164 type: object 4165 type: object 4166 delay: 4167 oneOf: 4168 - properties: 4169 percent: {} 4170 required: 4171 - fixedDelay 4172 - properties: 4173 percent: {} 4174 required: 4175 - exponentialDelay 4176 properties: 4177 exponentialDelay: 4178 type: string 4179 fixedDelay: 4180 description: Add a fixed delay before forwarding the request. 4181 type: string 4182 percent: 4183 description: Percentage of requests on which the delay 4184 will be injected (0-100). 4185 format: int32 4186 type: integer 4187 percentage: 4188 description: Percentage of requests on which the delay 4189 will be injected. 4190 properties: 4191 value: 4192 format: double 4193 type: number 4194 type: object 4195 type: object 4196 type: object 4197 headers: 4198 properties: 4199 request: 4200 properties: 4201 add: 4202 additionalProperties: 4203 format: string 4204 type: string 4205 type: object 4206 remove: 4207 items: 4208 format: string 4209 type: string 4210 type: array 4211 set: 4212 additionalProperties: 4213 format: string 4214 type: string 4215 type: object 4216 type: object 4217 response: 4218 properties: 4219 add: 4220 additionalProperties: 4221 format: string 4222 type: string 4223 type: object 4224 remove: 4225 items: 4226 format: string 4227 type: string 4228 type: array 4229 set: 4230 additionalProperties: 4231 format: string 4232 type: string 4233 type: object 4234 type: object 4235 type: object 4236 match: 4237 items: 4238 properties: 4239 authority: 4240 oneOf: 4241 - required: 4242 - exact 4243 - required: 4244 - prefix 4245 - required: 4246 - regex 4247 properties: 4248 exact: 4249 format: string 4250 type: string 4251 prefix: 4252 format: string 4253 type: string 4254 regex: 4255 format: string 4256 type: string 4257 type: object 4258 gateways: 4259 items: 4260 format: string 4261 type: string 4262 type: array 4263 headers: 4264 additionalProperties: 4265 oneOf: 4266 - required: 4267 - exact 4268 - required: 4269 - prefix 4270 - required: 4271 - regex 4272 properties: 4273 exact: 4274 format: string 4275 type: string 4276 prefix: 4277 format: string 4278 type: string 4279 regex: 4280 format: string 4281 type: string 4282 type: object 4283 type: object 4284 ignoreUriCase: 4285 description: Flag to specify whether the URI matching should 4286 be case-insensitive. 4287 type: boolean 4288 method: 4289 oneOf: 4290 - required: 4291 - exact 4292 - required: 4293 - prefix 4294 - required: 4295 - regex 4296 properties: 4297 exact: 4298 format: string 4299 type: string 4300 prefix: 4301 format: string 4302 type: string 4303 regex: 4304 format: string 4305 type: string 4306 type: object 4307 name: 4308 description: The name assigned to a match. 4309 format: string 4310 type: string 4311 port: 4312 description: Specifies the ports on the host that is being 4313 addressed. 4314 type: integer 4315 queryParams: 4316 additionalProperties: 4317 oneOf: 4318 - required: 4319 - exact 4320 - required: 4321 - prefix 4322 - required: 4323 - regex 4324 properties: 4325 exact: 4326 format: string 4327 type: string 4328 prefix: 4329 format: string 4330 type: string 4331 regex: 4332 format: string 4333 type: string 4334 type: object 4335 description: Query parameters for matching. 4336 type: object 4337 scheme: 4338 oneOf: 4339 - required: 4340 - exact 4341 - required: 4342 - prefix 4343 - required: 4344 - regex 4345 properties: 4346 exact: 4347 format: string 4348 type: string 4349 prefix: 4350 format: string 4351 type: string 4352 regex: 4353 format: string 4354 type: string 4355 type: object 4356 sourceLabels: 4357 additionalProperties: 4358 format: string 4359 type: string 4360 type: object 4361 uri: 4362 oneOf: 4363 - required: 4364 - exact 4365 - required: 4366 - prefix 4367 - required: 4368 - regex 4369 properties: 4370 exact: 4371 format: string 4372 type: string 4373 prefix: 4374 format: string 4375 type: string 4376 regex: 4377 format: string 4378 type: string 4379 type: object 4380 type: object 4381 type: array 4382 mirror: 4383 properties: 4384 host: 4385 description: The name of a service from the service registry. 4386 format: string 4387 type: string 4388 port: 4389 description: Specifies the port on the host that is being 4390 addressed. 4391 properties: 4392 number: 4393 type: integer 4394 type: object 4395 subset: 4396 description: The name of a subset within the service. 4397 format: string 4398 type: string 4399 type: object 4400 mirror_percent: 4401 description: Percentage of the traffic to be mirrored by the `mirror` 4402 field. 4403 nullable: true 4404 type: integer 4405 mirrorPercent: 4406 description: Percentage of the traffic to be mirrored by the `mirror` 4407 field. 4408 nullable: true 4409 type: integer 4410 name: 4411 description: The name assigned to the route for debugging purposes. 4412 format: string 4413 type: string 4414 redirect: 4415 description: A http rule can either redirect or forward (default) 4416 traffic. 4417 properties: 4418 authority: 4419 format: string 4420 type: string 4421 redirectCode: 4422 type: integer 4423 uri: 4424 format: string 4425 type: string 4426 type: object 4427 removeRequestHeaders: 4428 items: 4429 format: string 4430 type: string 4431 type: array 4432 removeResponseHeaders: 4433 items: 4434 format: string 4435 type: string 4436 type: array 4437 retries: 4438 description: Retry policy for HTTP requests. 4439 properties: 4440 attempts: 4441 description: Number of retries for a given request. 4442 format: int32 4443 type: integer 4444 perTryTimeout: 4445 description: Timeout per retry attempt for a given request. 4446 type: string 4447 retryOn: 4448 description: Specifies the conditions under which retry takes 4449 place. 4450 format: string 4451 type: string 4452 type: object 4453 rewrite: 4454 description: Rewrite HTTP URIs and Authority headers. 4455 properties: 4456 authority: 4457 description: rewrite the Authority/Host header with this value. 4458 format: string 4459 type: string 4460 uri: 4461 format: string 4462 type: string 4463 type: object 4464 route: 4465 description: A http rule can either redirect or forward (default) 4466 traffic. 4467 items: 4468 properties: 4469 appendRequestHeaders: 4470 additionalProperties: 4471 format: string 4472 type: string 4473 description: Use of `append_request_headers` is deprecated. 4474 type: object 4475 appendResponseHeaders: 4476 additionalProperties: 4477 format: string 4478 type: string 4479 description: Use of `append_response_headers` is deprecated. 4480 type: object 4481 destination: 4482 properties: 4483 host: 4484 description: The name of a service from the service 4485 registry. 4486 format: string 4487 type: string 4488 port: 4489 description: Specifies the port on the host that is 4490 being addressed. 4491 properties: 4492 number: 4493 type: integer 4494 type: object 4495 subset: 4496 description: The name of a subset within the service. 4497 format: string 4498 type: string 4499 type: object 4500 headers: 4501 properties: 4502 request: 4503 properties: 4504 add: 4505 additionalProperties: 4506 format: string 4507 type: string 4508 type: object 4509 remove: 4510 items: 4511 format: string 4512 type: string 4513 type: array 4514 set: 4515 additionalProperties: 4516 format: string 4517 type: string 4518 type: object 4519 type: object 4520 response: 4521 properties: 4522 add: 4523 additionalProperties: 4524 format: string 4525 type: string 4526 type: object 4527 remove: 4528 items: 4529 format: string 4530 type: string 4531 type: array 4532 set: 4533 additionalProperties: 4534 format: string 4535 type: string 4536 type: object 4537 type: object 4538 type: object 4539 removeRequestHeaders: 4540 description: Use of `remove_request_headers` is deprecated. 4541 items: 4542 format: string 4543 type: string 4544 type: array 4545 removeResponseHeaders: 4546 description: Use of `remove_response_header` is deprecated. 4547 items: 4548 format: string 4549 type: string 4550 type: array 4551 weight: 4552 format: int32 4553 type: integer 4554 type: object 4555 type: array 4556 timeout: 4557 description: Timeout for HTTP requests. 4558 type: string 4559 websocketUpgrade: 4560 description: Deprecated. 4561 type: boolean 4562 type: object 4563 type: array 4564 tcp: 4565 description: An ordered list of route rules for opaque TCP traffic. 4566 items: 4567 properties: 4568 match: 4569 items: 4570 properties: 4571 destinationSubnets: 4572 description: IPv4 or IPv6 ip addresses of destination with 4573 optional subnet. 4574 items: 4575 format: string 4576 type: string 4577 type: array 4578 gateways: 4579 description: Names of gateways where the rule should be 4580 applied to. 4581 items: 4582 format: string 4583 type: string 4584 type: array 4585 port: 4586 description: Specifies the port on the host that is being 4587 addressed. 4588 type: integer 4589 sourceLabels: 4590 additionalProperties: 4591 format: string 4592 type: string 4593 type: object 4594 sourceSubnet: 4595 description: IPv4 or IPv6 ip address of source with optional 4596 subnet. 4597 format: string 4598 type: string 4599 type: object 4600 type: array 4601 route: 4602 description: The destination to which the connection should be 4603 forwarded to. 4604 items: 4605 properties: 4606 destination: 4607 properties: 4608 host: 4609 description: The name of a service from the service 4610 registry. 4611 format: string 4612 type: string 4613 port: 4614 description: Specifies the port on the host that is 4615 being addressed. 4616 properties: 4617 number: 4618 type: integer 4619 type: object 4620 subset: 4621 description: The name of a subset within the service. 4622 format: string 4623 type: string 4624 type: object 4625 weight: 4626 format: int32 4627 type: integer 4628 type: object 4629 type: array 4630 type: object 4631 type: array 4632 tls: 4633 items: 4634 properties: 4635 match: 4636 items: 4637 properties: 4638 destinationSubnets: 4639 description: IPv4 or IPv6 ip addresses of destination with 4640 optional subnet. 4641 items: 4642 format: string 4643 type: string 4644 type: array 4645 gateways: 4646 description: Names of gateways where the rule should be 4647 applied to. 4648 items: 4649 format: string 4650 type: string 4651 type: array 4652 port: 4653 description: Specifies the port on the host that is being 4654 addressed. 4655 type: integer 4656 sniHosts: 4657 description: SNI (server name indicator) to match on. 4658 items: 4659 format: string 4660 type: string 4661 type: array 4662 sourceLabels: 4663 additionalProperties: 4664 format: string 4665 type: string 4666 type: object 4667 sourceSubnet: 4668 description: IPv4 or IPv6 ip address of source with optional 4669 subnet. 4670 format: string 4671 type: string 4672 type: object 4673 type: array 4674 route: 4675 description: The destination to which the connection should be 4676 forwarded to. 4677 items: 4678 properties: 4679 destination: 4680 properties: 4681 host: 4682 description: The name of a service from the service 4683 registry. 4684 format: string 4685 type: string 4686 port: 4687 description: Specifies the port on the host that is 4688 being addressed. 4689 properties: 4690 number: 4691 type: integer 4692 type: object 4693 subset: 4694 description: The name of a subset within the service. 4695 format: string 4696 type: string 4697 type: object 4698 weight: 4699 format: int32 4700 type: integer 4701 type: object 4702 type: array 4703 type: object 4704 type: array 4705 type: object 4706 type: object 4707 versions: 4708 - name: v1alpha3 4709 served: true 4710 storage: true 4711 4712 --- 4713 kind: CustomResourceDefinition 4714 apiVersion: apiextensions.k8s.io/v1beta1 4715 metadata: 4716 name: adapters.config.istio.io 4717 labels: 4718 app: mixer 4719 package: adapter 4720 istio: mixer-adapter 4721 chart: istio 4722 heritage: Tiller 4723 release: istio 4724 annotations: 4725 "helm.sh/resource-policy": keep 4726 spec: 4727 group: config.istio.io 4728 names: 4729 kind: adapter 4730 plural: adapters 4731 singular: adapter 4732 categories: 4733 - istio-io 4734 - policy-istio-io 4735 scope: Namespaced 4736 subresources: 4737 status: {} 4738 versions: 4739 - name: v1alpha2 4740 served: true 4741 storage: true 4742 4743 --- 4744 kind: CustomResourceDefinition 4745 apiVersion: apiextensions.k8s.io/v1beta1 4746 metadata: 4747 name: instances.config.istio.io 4748 labels: 4749 app: mixer 4750 package: instance 4751 istio: mixer-instance 4752 chart: istio 4753 heritage: Tiller 4754 release: istio 4755 annotations: 4756 "helm.sh/resource-policy": keep 4757 spec: 4758 group: config.istio.io 4759 names: 4760 kind: instance 4761 plural: instances 4762 singular: instance 4763 categories: 4764 - istio-io 4765 - policy-istio-io 4766 scope: Namespaced 4767 subresources: 4768 status: {} 4769 versions: 4770 - name: v1alpha2 4771 served: true 4772 storage: true 4773 4774 --- 4775 kind: CustomResourceDefinition 4776 apiVersion: apiextensions.k8s.io/v1beta1 4777 metadata: 4778 name: templates.config.istio.io 4779 labels: 4780 app: mixer 4781 package: template 4782 istio: mixer-template 4783 chart: istio 4784 heritage: Tiller 4785 release: istio 4786 annotations: 4787 "helm.sh/resource-policy": keep 4788 spec: 4789 group: config.istio.io 4790 names: 4791 kind: template 4792 plural: templates 4793 singular: template 4794 categories: 4795 - istio-io 4796 - policy-istio-io 4797 scope: Namespaced 4798 subresources: 4799 status: {} 4800 versions: 4801 - name: v1alpha2 4802 served: true 4803 storage: true 4804 4805 --- 4806 kind: CustomResourceDefinition 4807 apiVersion: apiextensions.k8s.io/v1beta1 4808 metadata: 4809 name: handlers.config.istio.io 4810 labels: 4811 app: mixer 4812 package: handler 4813 istio: mixer-handler 4814 chart: istio 4815 heritage: Tiller 4816 release: istio 4817 annotations: 4818 "helm.sh/resource-policy": keep 4819 spec: 4820 group: config.istio.io 4821 names: 4822 kind: handler 4823 plural: handlers 4824 singular: handler 4825 categories: 4826 - istio-io 4827 - policy-istio-io 4828 scope: Namespaced 4829 subresources: 4830 status: {} 4831 versions: 4832 - name: v1alpha2 4833 served: true 4834 storage: true 4835 4836 --- 4837 --- 4838 # Source: istio-init/templates/configmap-crd-11.yaml 4839 apiVersion: v1 4840 kind: ConfigMap 4841 metadata: 4842 namespace: istio-system 4843 name: istio-crd-11 4844 data: 4845 crd-11.yaml: |- 4846 apiVersion: apiextensions.k8s.io/v1beta1 4847 kind: CustomResourceDefinition 4848 metadata: 4849 annotations: 4850 "helm.sh/resource-policy": keep 4851 labels: 4852 app: istio-pilot 4853 chart: istio 4854 heritage: Tiller 4855 release: istio 4856 name: sidecars.networking.istio.io 4857 spec: 4858 group: networking.istio.io 4859 names: 4860 categories: 4861 - istio-io 4862 - networking-istio-io 4863 kind: Sidecar 4864 plural: sidecars 4865 singular: sidecar 4866 scope: Namespaced 4867 subresources: 4868 status: {} 4869 validation: 4870 openAPIV3Schema: 4871 properties: 4872 spec: 4873 description: 'Configuration affecting network reachability of a sidecar. 4874 See more details at: https://istio.io/docs/reference/config/networking/v1alpha3/sidecar.html' 4875 properties: 4876 egress: 4877 items: 4878 properties: 4879 bind: 4880 format: string 4881 type: string 4882 captureMode: 4883 enum: 4884 - DEFAULT 4885 - IPTABLES 4886 - NONE 4887 type: string 4888 hosts: 4889 items: 4890 format: string 4891 type: string 4892 type: array 4893 port: 4894 description: The port associated with the listener. 4895 properties: 4896 name: 4897 description: Label assigned to the port. 4898 format: string 4899 type: string 4900 number: 4901 description: A valid non-negative integer port number. 4902 type: integer 4903 protocol: 4904 description: The protocol exposed on the port. 4905 format: string 4906 type: string 4907 type: object 4908 type: object 4909 type: array 4910 ingress: 4911 items: 4912 properties: 4913 bind: 4914 description: The ip to which the listener should be bound. 4915 format: string 4916 type: string 4917 captureMode: 4918 enum: 4919 - DEFAULT 4920 - IPTABLES 4921 - NONE 4922 type: string 4923 defaultEndpoint: 4924 format: string 4925 type: string 4926 port: 4927 description: The port associated with the listener. 4928 properties: 4929 name: 4930 description: Label assigned to the port. 4931 format: string 4932 type: string 4933 number: 4934 description: A valid non-negative integer port number. 4935 type: integer 4936 protocol: 4937 description: The protocol exposed on the port. 4938 format: string 4939 type: string 4940 type: object 4941 type: object 4942 type: array 4943 outboundTrafficPolicy: 4944 description: This allows to configure the outbound traffic policy. 4945 properties: 4946 mode: 4947 enum: 4948 - REGISTRY_ONLY 4949 - ALLOW_ANY 4950 type: string 4951 type: object 4952 workloadSelector: 4953 properties: 4954 labels: 4955 additionalProperties: 4956 format: string 4957 type: string 4958 type: object 4959 type: object 4960 type: object 4961 type: object 4962 versions: 4963 - name: v1alpha3 4964 served: true 4965 storage: true 4966 4967 --- 4968 --- 4969 # Source: istio-init/templates/configmap-crd-14.yaml 4970 apiVersion: v1 4971 kind: ConfigMap 4972 metadata: 4973 namespace: istio-system 4974 name: istio-crd-14 4975 data: 4976 crd-14.yaml: |- 4977 apiVersion: apiextensions.k8s.io/v1beta1 4978 kind: CustomResourceDefinition 4979 metadata: 4980 labels: 4981 app: istio-pilot 4982 heritage: Tiller 4983 istio: security 4984 release: istio 4985 name: authorizationpolicies.security.istio.io 4986 spec: 4987 group: security.istio.io 4988 names: 4989 categories: 4990 - istio-io 4991 - security-istio-io 4992 kind: AuthorizationPolicy 4993 plural: authorizationpolicies 4994 singular: authorizationpolicy 4995 scope: Namespaced 4996 subresources: 4997 status: {} 4998 validation: 4999 openAPIV3Schema: 5000 properties: 5001 spec: 5002 description: 'Configuration for access control on workloads. See more details 5003 at: https://istio.io/docs/reference/config/security/v1beta1/authorization-policy.html' 5004 properties: 5005 rules: 5006 description: Optional. 5007 items: 5008 properties: 5009 from: 5010 description: Optional. 5011 items: 5012 properties: 5013 source: 5014 description: Source specifies the source of a request. 5015 properties: 5016 ipBlocks: 5017 description: Optional. 5018 items: 5019 format: string 5020 type: string 5021 type: array 5022 namespaces: 5023 description: Optional. 5024 items: 5025 format: string 5026 type: string 5027 type: array 5028 principals: 5029 description: Optional. 5030 items: 5031 format: string 5032 type: string 5033 type: array 5034 requestPrincipals: 5035 description: Optional. 5036 items: 5037 format: string 5038 type: string 5039 type: array 5040 type: object 5041 type: object 5042 type: array 5043 to: 5044 description: Optional. 5045 items: 5046 properties: 5047 operation: 5048 description: Operation specifies the operation of a request. 5049 properties: 5050 hosts: 5051 description: Optional. 5052 items: 5053 format: string 5054 type: string 5055 type: array 5056 methods: 5057 description: Optional. 5058 items: 5059 format: string 5060 type: string 5061 type: array 5062 paths: 5063 description: Optional. 5064 items: 5065 format: string 5066 type: string 5067 type: array 5068 ports: 5069 description: Optional. 5070 items: 5071 format: string 5072 type: string 5073 type: array 5074 type: object 5075 type: object 5076 type: array 5077 when: 5078 description: Optional. 5079 items: 5080 properties: 5081 key: 5082 description: The name of an Istio attribute. 5083 format: string 5084 type: string 5085 values: 5086 description: The allowed values for the attribute. 5087 items: 5088 format: string 5089 type: string 5090 type: array 5091 type: object 5092 type: array 5093 type: object 5094 type: array 5095 selector: 5096 description: Optional. 5097 properties: 5098 matchLabels: 5099 additionalProperties: 5100 format: string 5101 type: string 5102 type: object 5103 type: object 5104 type: object 5105 type: object 5106 versions: 5107 - name: v1beta1 5108 served: true 5109 storage: true 5110 5111 --- 5112 --- 5113 # Source: istio-init/templates/clusterrole.yaml 5114 apiVersion: rbac.authorization.k8s.io/v1 5115 kind: ClusterRole 5116 metadata: 5117 name: istio-init-istio-system 5118 labels: 5119 app: istio-init 5120 istio: init 5121 rules: 5122 - apiGroups: ["apiextensions.k8s.io"] 5123 resources: ["customresourcedefinitions"] 5124 verbs: ["create", "get", "list", "watch", "patch"] 5125 --- 5126 # Source: istio-init/templates/clusterrolebinding.yaml 5127 apiVersion: rbac.authorization.k8s.io/v1 5128 kind: ClusterRoleBinding 5129 metadata: 5130 name: istio-init-admin-role-binding-istio-system 5131 labels: 5132 app: istio-init 5133 istio: init 5134 roleRef: 5135 apiGroup: rbac.authorization.k8s.io 5136 kind: ClusterRole 5137 name: istio-init-istio-system 5138 subjects: 5139 - kind: ServiceAccount 5140 name: istio-init-service-account 5141 namespace: istio-system 5142 --- 5143 # Source: istio-init/templates/job-crd-10.yaml 5144 apiVersion: batch/v1 5145 kind: Job 5146 metadata: 5147 namespace: istio-system 5148 name: istio-init-crd-10-1.4.6 5149 spec: 5150 template: 5151 metadata: 5152 annotations: 5153 sidecar.istio.io/inject: "false" 5154 spec: 5155 serviceAccountName: istio-init-service-account 5156 containers: 5157 - name: istio-init-crd-10 5158 image: "docker.io/istio/kubectl:1.4.6" 5159 imagePullPolicy: IfNotPresent 5160 resources: 5161 limits: 5162 cpu: 100m 5163 memory: 200Mi 5164 requests: 5165 cpu: 10m 5166 memory: 50Mi 5167 volumeMounts: 5168 - name: crd-10 5169 mountPath: /etc/istio/crd-10 5170 readOnly: true 5171 command: ["kubectl", "apply", "-f", "/etc/istio/crd-10/crd-10.yaml"] 5172 volumes: 5173 - name: crd-10 5174 configMap: 5175 name: istio-crd-10 5176 restartPolicy: OnFailure 5177 --- 5178 # Source: istio-init/templates/job-crd-11.yaml 5179 apiVersion: batch/v1 5180 kind: Job 5181 metadata: 5182 namespace: istio-system 5183 name: istio-init-crd-11-1.4.6 5184 spec: 5185 template: 5186 metadata: 5187 annotations: 5188 sidecar.istio.io/inject: "false" 5189 spec: 5190 serviceAccountName: istio-init-service-account 5191 containers: 5192 - name: istio-init-crd-11 5193 image: "docker.io/istio/kubectl:1.4.6" 5194 imagePullPolicy: IfNotPresent 5195 resources: 5196 limits: 5197 cpu: 100m 5198 memory: 200Mi 5199 requests: 5200 cpu: 10m 5201 memory: 50Mi 5202 volumeMounts: 5203 - name: crd-11 5204 mountPath: /etc/istio/crd-11 5205 readOnly: true 5206 command: ["kubectl", "apply", "-f", "/etc/istio/crd-11/crd-11.yaml"] 5207 volumes: 5208 - name: crd-11 5209 configMap: 5210 name: istio-crd-11 5211 restartPolicy: OnFailure 5212 --- 5213 # Source: istio-init/templates/job-crd-14.yaml 5214 apiVersion: batch/v1 5215 kind: Job 5216 metadata: 5217 namespace: istio-system 5218 name: istio-init-crd-14-1.4.6 5219 spec: 5220 template: 5221 metadata: 5222 annotations: 5223 sidecar.istio.io/inject: "false" 5224 spec: 5225 serviceAccountName: istio-init-service-account 5226 containers: 5227 - name: istio-init-crd-14 5228 image: "docker.io/istio/kubectl:1.4.6" 5229 imagePullPolicy: IfNotPresent 5230 resources: 5231 limits: 5232 cpu: 100m 5233 memory: 200Mi 5234 requests: 5235 cpu: 10m 5236 memory: 50Mi 5237 volumeMounts: 5238 - name: crd-14 5239 mountPath: /etc/istio/crd-14 5240 readOnly: true 5241 command: ["kubectl", "apply", "-f", "/etc/istio/crd-14/crd-14.yaml"] 5242 volumes: 5243 - name: crd-14 5244 configMap: 5245 name: istio-crd-14 5246 restartPolicy: OnFailure