istio.io/istio@v0.0.0-20240520182934-d79c90f27776/manifests/charts/base/crds/crd-all.gen.yaml (about) 1 # DO NOT EDIT - Generated by Cue OpenAPI generator based on Istio APIs. 2 apiVersion: apiextensions.k8s.io/v1 3 kind: CustomResourceDefinition 4 metadata: 5 annotations: 6 "helm.sh/resource-policy": keep 7 labels: 8 app: istio-pilot 9 chart: istio 10 heritage: Tiller 11 release: istio 12 name: wasmplugins.extensions.istio.io 13 spec: 14 group: extensions.istio.io 15 names: 16 categories: 17 - istio-io 18 - extensions-istio-io 19 kind: WasmPlugin 20 listKind: WasmPluginList 21 plural: wasmplugins 22 singular: wasmplugin 23 scope: Namespaced 24 versions: 25 - additionalPrinterColumns: 26 - description: 'CreationTimestamp is a timestamp representing the server time 27 when this object was created. It is not guaranteed to be set in happens-before 28 order across separate operations. Clients may not set this value. It is represented 29 in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for 30 lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' 31 jsonPath: .metadata.creationTimestamp 32 name: Age 33 type: date 34 name: v1alpha1 35 schema: 36 openAPIV3Schema: 37 properties: 38 spec: 39 description: 'Extend the functionality provided by the Istio proxy through 40 WebAssembly filters. See more details at: https://istio.io/docs/reference/config/proxy_extensions/wasm-plugin.html' 41 properties: 42 failStrategy: 43 description: |- 44 Specifies the failure behavior for the plugin due to fatal errors. 45 46 Valid Options: FAIL_CLOSE, FAIL_OPEN 47 enum: 48 - FAIL_CLOSE 49 - FAIL_OPEN 50 type: string 51 imagePullPolicy: 52 description: |- 53 The pull behaviour to be applied when fetching Wasm module by either OCI image or `http/https`. 54 55 Valid Options: IfNotPresent, Always 56 enum: 57 - UNSPECIFIED_POLICY 58 - IfNotPresent 59 - Always 60 type: string 61 imagePullSecret: 62 description: Credentials to use for OCI image pulling. 63 maxLength: 253 64 minLength: 1 65 type: string 66 match: 67 description: Specifies the criteria to determine which traffic is 68 passed to WasmPlugin. 69 items: 70 properties: 71 mode: 72 description: |- 73 Criteria for selecting traffic by their direction. 74 75 Valid Options: CLIENT, SERVER, CLIENT_AND_SERVER 76 enum: 77 - UNDEFINED 78 - CLIENT 79 - SERVER 80 - CLIENT_AND_SERVER 81 type: string 82 ports: 83 description: Criteria for selecting traffic by their destination 84 port. 85 items: 86 properties: 87 number: 88 maximum: 65535 89 minimum: 1 90 type: integer 91 required: 92 - number 93 type: object 94 type: array 95 x-kubernetes-list-map-keys: 96 - number 97 x-kubernetes-list-type: map 98 type: object 99 type: array 100 phase: 101 description: |- 102 Determines where in the filter chain this `WasmPlugin` is to be injected. 103 104 Valid Options: AUTHN, AUTHZ, STATS 105 enum: 106 - UNSPECIFIED_PHASE 107 - AUTHN 108 - AUTHZ 109 - STATS 110 type: string 111 pluginConfig: 112 description: The configuration that will be passed on to the plugin. 113 type: object 114 x-kubernetes-preserve-unknown-fields: true 115 pluginName: 116 description: The plugin name to be used in the Envoy configuration 117 (used to be called `rootID`). 118 maxLength: 256 119 minLength: 1 120 type: string 121 priority: 122 description: Determines ordering of `WasmPlugins` in the same `phase`. 123 format: int32 124 nullable: true 125 type: integer 126 selector: 127 description: Criteria used to select the specific set of pods/VMs 128 on which this plugin configuration should be applied. 129 properties: 130 matchLabels: 131 additionalProperties: 132 type: string 133 description: One or more labels that indicate a specific set of 134 pods/VMs on which a policy should be applied. 135 type: object 136 type: object 137 sha256: 138 description: SHA256 checksum that will be used to verify Wasm module 139 or OCI container. 140 pattern: (^$|^[a-f0-9]{64}$) 141 type: string 142 targetRef: 143 properties: 144 group: 145 description: group is the group of the target resource. 146 type: string 147 kind: 148 description: kind is kind of the target resource. 149 type: string 150 name: 151 description: name is the name of the target resource. 152 type: string 153 namespace: 154 description: namespace is the namespace of the referent. 155 type: string 156 type: object 157 targetRefs: 158 description: Optional. 159 items: 160 properties: 161 group: 162 description: group is the group of the target resource. 163 type: string 164 kind: 165 description: kind is kind of the target resource. 166 type: string 167 name: 168 description: name is the name of the target resource. 169 type: string 170 namespace: 171 description: namespace is the namespace of the referent. 172 type: string 173 type: object 174 type: array 175 type: 176 description: |- 177 Specifies the type of Wasm Extension to be used. 178 179 Valid Options: HTTP, NETWORK 180 enum: 181 - UNSPECIFIED_PLUGIN_TYPE 182 - HTTP 183 - NETWORK 184 type: string 185 url: 186 description: URL of a Wasm module or OCI container. 187 minLength: 1 188 type: string 189 x-kubernetes-validations: 190 - message: url must have schema one of [http, https, file, oci] 191 rule: 'isURL(self) ? (url(self).getScheme() in ['''', ''http'', 192 ''https'', ''oci'', ''file'']) : (isURL(''http://'' + self) && 193 url(''http://'' +self).getScheme() in ['''', ''http'', ''https'', 194 ''oci'', ''file''])' 195 verificationKey: 196 type: string 197 vmConfig: 198 description: Configuration for a Wasm VM. 199 properties: 200 env: 201 description: Specifies environment variables to be injected to 202 this VM. 203 items: 204 properties: 205 name: 206 description: Name of the environment variable. 207 maxLength: 256 208 minLength: 1 209 type: string 210 value: 211 description: Value for the environment variable. 212 maxLength: 2048 213 type: string 214 valueFrom: 215 description: |- 216 Source for the environment variable's value. 217 218 Valid Options: INLINE, HOST 219 enum: 220 - INLINE 221 - HOST 222 type: string 223 required: 224 - name 225 type: object 226 x-kubernetes-validations: 227 - message: value may only be set when valueFrom is INLINE 228 rule: '(has(self.valueFrom) ? self.valueFrom : '''') != ''HOST'' 229 || !has(self.value)' 230 maxItems: 256 231 type: array 232 x-kubernetes-list-map-keys: 233 - name 234 x-kubernetes-list-type: map 235 type: object 236 required: 237 - url 238 type: object 239 status: 240 type: object 241 x-kubernetes-preserve-unknown-fields: true 242 required: 243 - spec 244 type: object 245 served: true 246 storage: true 247 subresources: 248 status: {} 249 --- 250 apiVersion: apiextensions.k8s.io/v1 251 kind: CustomResourceDefinition 252 metadata: 253 annotations: 254 "helm.sh/resource-policy": keep 255 labels: 256 app: istio-pilot 257 chart: istio 258 heritage: Tiller 259 release: istio 260 name: destinationrules.networking.istio.io 261 spec: 262 group: networking.istio.io 263 names: 264 categories: 265 - istio-io 266 - networking-istio-io 267 kind: DestinationRule 268 listKind: DestinationRuleList 269 plural: destinationrules 270 shortNames: 271 - dr 272 singular: destinationrule 273 scope: Namespaced 274 versions: 275 - additionalPrinterColumns: 276 - description: The name of a service from the service registry 277 jsonPath: .spec.host 278 name: Host 279 type: string 280 - description: 'CreationTimestamp is a timestamp representing the server time 281 when this object was created. It is not guaranteed to be set in happens-before 282 order across separate operations. Clients may not set this value. It is represented 283 in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for 284 lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' 285 jsonPath: .metadata.creationTimestamp 286 name: Age 287 type: date 288 name: v1 289 schema: 290 openAPIV3Schema: 291 properties: 292 spec: 293 description: 'Configuration affecting load balancing, outlier detection, 294 etc. See more details at: https://istio.io/docs/reference/config/networking/destination-rule.html' 295 properties: 296 exportTo: 297 description: A list of namespaces to which this destination rule is 298 exported. 299 items: 300 type: string 301 type: array 302 host: 303 description: The name of a service from the service registry. 304 type: string 305 subsets: 306 description: One or more named sets that represent individual versions 307 of a service. 308 items: 309 properties: 310 labels: 311 additionalProperties: 312 type: string 313 description: Labels apply a filter over the endpoints of a service 314 in the service registry. 315 type: object 316 name: 317 description: Name of the subset. 318 type: string 319 trafficPolicy: 320 description: Traffic policies that apply to this subset. 321 properties: 322 connectionPool: 323 properties: 324 http: 325 description: HTTP connection pool settings. 326 properties: 327 h2UpgradePolicy: 328 description: |- 329 Specify if http1.1 connection should be upgraded to http2 for the associated destination. 330 331 Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE 332 enum: 333 - DEFAULT 334 - DO_NOT_UPGRADE 335 - UPGRADE 336 type: string 337 http1MaxPendingRequests: 338 description: Maximum number of requests that will 339 be queued while waiting for a ready connection 340 pool connection. 341 format: int32 342 type: integer 343 http2MaxRequests: 344 description: Maximum number of active requests to 345 a destination. 346 format: int32 347 type: integer 348 idleTimeout: 349 description: The idle timeout for upstream connection 350 pool connections. 351 type: string 352 maxConcurrentStreams: 353 description: The maximum number of concurrent streams 354 allowed for a peer on one HTTP/2 connection. 355 format: int32 356 type: integer 357 maxRequestsPerConnection: 358 description: Maximum number of requests per connection 359 to a backend. 360 format: int32 361 type: integer 362 maxRetries: 363 description: Maximum number of retries that can 364 be outstanding to all hosts in a cluster at a 365 given time. 366 format: int32 367 type: integer 368 useClientProtocol: 369 description: If set to true, client protocol will 370 be preserved while initiating connection to backend. 371 type: boolean 372 type: object 373 tcp: 374 description: Settings common to both HTTP and TCP upstream 375 connections. 376 properties: 377 connectTimeout: 378 description: TCP connection timeout. 379 type: string 380 idleTimeout: 381 description: The idle timeout for TCP connections. 382 type: string 383 maxConnectionDuration: 384 description: The maximum duration of a connection. 385 type: string 386 maxConnections: 387 description: Maximum number of HTTP1 /TCP connections 388 to a destination host. 389 format: int32 390 type: integer 391 tcpKeepalive: 392 description: If set then set SO_KEEPALIVE on the 393 socket to enable TCP Keepalives. 394 properties: 395 interval: 396 description: The time duration between keep-alive 397 probes. 398 type: string 399 probes: 400 description: Maximum number of keepalive probes 401 to send without response before deciding the 402 connection is dead. 403 maximum: 4294967295 404 minimum: 0 405 type: integer 406 time: 407 description: The time duration a connection 408 needs to be idle before keep-alive probes 409 start being sent. 410 type: string 411 type: object 412 type: object 413 type: object 414 loadBalancer: 415 description: Settings controlling the load balancer algorithms. 416 oneOf: 417 - not: 418 anyOf: 419 - required: 420 - simple 421 - required: 422 - consistentHash 423 - required: 424 - simple 425 - required: 426 - consistentHash 427 properties: 428 consistentHash: 429 allOf: 430 - oneOf: 431 - not: 432 anyOf: 433 - required: 434 - httpHeaderName 435 - required: 436 - httpCookie 437 - required: 438 - useSourceIp 439 - required: 440 - httpQueryParameterName 441 - required: 442 - httpHeaderName 443 - required: 444 - httpCookie 445 - required: 446 - useSourceIp 447 - required: 448 - httpQueryParameterName 449 - oneOf: 450 - not: 451 anyOf: 452 - required: 453 - ringHash 454 - required: 455 - maglev 456 - required: 457 - ringHash 458 - required: 459 - maglev 460 properties: 461 httpCookie: 462 description: Hash based on HTTP cookie. 463 properties: 464 name: 465 description: Name of the cookie. 466 type: string 467 path: 468 description: Path to set for the cookie. 469 type: string 470 ttl: 471 description: Lifetime of the cookie. 472 type: string 473 required: 474 - name 475 type: object 476 httpHeaderName: 477 description: Hash based on a specific HTTP header. 478 type: string 479 httpQueryParameterName: 480 description: Hash based on a specific HTTP query 481 parameter. 482 type: string 483 maglev: 484 description: The Maglev load balancer implements 485 consistent hashing to backend hosts. 486 properties: 487 tableSize: 488 description: The table size for Maglev hashing. 489 minimum: 0 490 type: integer 491 type: object 492 minimumRingSize: 493 description: Deprecated. 494 minimum: 0 495 type: integer 496 ringHash: 497 description: The ring/modulo hash load balancer 498 implements consistent hashing to backend hosts. 499 properties: 500 minimumRingSize: 501 description: The minimum number of virtual nodes 502 to use for the hash ring. 503 minimum: 0 504 type: integer 505 type: object 506 useSourceIp: 507 description: Hash based on the source IP address. 508 type: boolean 509 type: object 510 localityLbSetting: 511 properties: 512 distribute: 513 description: 'Optional: only one of distribute, 514 failover or failoverPriority can be set.' 515 items: 516 properties: 517 from: 518 description: Originating locality, '/' separated, 519 e.g. 520 type: string 521 to: 522 additionalProperties: 523 maximum: 4294967295 524 minimum: 0 525 type: integer 526 description: Map of upstream localities to 527 traffic distribution weights. 528 type: object 529 type: object 530 type: array 531 enabled: 532 description: enable locality load balancing, this 533 is DestinationRule-level and will override mesh 534 wide settings in entirety. 535 nullable: true 536 type: boolean 537 failover: 538 description: 'Optional: only one of distribute, 539 failover or failoverPriority can be set.' 540 items: 541 properties: 542 from: 543 description: Originating region. 544 type: string 545 to: 546 description: Destination region the traffic 547 will fail over to when endpoints in the 548 'from' region becomes unhealthy. 549 type: string 550 type: object 551 type: array 552 failoverPriority: 553 description: failoverPriority is an ordered list 554 of labels used to sort endpoints to do priority 555 based load balancing. 556 items: 557 type: string 558 type: array 559 type: object 560 simple: 561 description: |2- 562 563 564 Valid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST 565 enum: 566 - UNSPECIFIED 567 - LEAST_CONN 568 - RANDOM 569 - PASSTHROUGH 570 - ROUND_ROBIN 571 - LEAST_REQUEST 572 type: string 573 warmupDurationSecs: 574 description: Represents the warmup duration of Service. 575 type: string 576 type: object 577 outlierDetection: 578 properties: 579 baseEjectionTime: 580 description: Minimum ejection duration. 581 type: string 582 consecutive5xxErrors: 583 description: Number of 5xx errors before a host is ejected 584 from the connection pool. 585 maximum: 4294967295 586 minimum: 0 587 nullable: true 588 type: integer 589 consecutiveErrors: 590 format: int32 591 type: integer 592 consecutiveGatewayErrors: 593 description: Number of gateway errors before a host 594 is ejected from the connection pool. 595 maximum: 4294967295 596 minimum: 0 597 nullable: true 598 type: integer 599 consecutiveLocalOriginFailures: 600 description: The number of consecutive locally originated 601 failures before ejection occurs. 602 maximum: 4294967295 603 minimum: 0 604 nullable: true 605 type: integer 606 interval: 607 description: Time interval between ejection sweep analysis. 608 type: string 609 maxEjectionPercent: 610 description: Maximum % of hosts in the load balancing 611 pool for the upstream service that can be ejected. 612 format: int32 613 type: integer 614 minHealthPercent: 615 description: Outlier detection will be enabled as long 616 as the associated load balancing pool has at least 617 min_health_percent hosts in healthy mode. 618 format: int32 619 type: integer 620 splitExternalLocalOriginErrors: 621 description: Determines whether to distinguish local 622 origin failures from external errors. 623 type: boolean 624 type: object 625 portLevelSettings: 626 description: Traffic policies specific to individual ports. 627 items: 628 properties: 629 connectionPool: 630 properties: 631 http: 632 description: HTTP connection pool settings. 633 properties: 634 h2UpgradePolicy: 635 description: |- 636 Specify if http1.1 connection should be upgraded to http2 for the associated destination. 637 638 Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE 639 enum: 640 - DEFAULT 641 - DO_NOT_UPGRADE 642 - UPGRADE 643 type: string 644 http1MaxPendingRequests: 645 description: Maximum number of requests that 646 will be queued while waiting for a ready 647 connection pool connection. 648 format: int32 649 type: integer 650 http2MaxRequests: 651 description: Maximum number of active requests 652 to a destination. 653 format: int32 654 type: integer 655 idleTimeout: 656 description: The idle timeout for upstream 657 connection pool connections. 658 type: string 659 maxConcurrentStreams: 660 description: The maximum number of concurrent 661 streams allowed for a peer on one HTTP/2 662 connection. 663 format: int32 664 type: integer 665 maxRequestsPerConnection: 666 description: Maximum number of requests per 667 connection to a backend. 668 format: int32 669 type: integer 670 maxRetries: 671 description: Maximum number of retries that 672 can be outstanding to all hosts in a cluster 673 at a given time. 674 format: int32 675 type: integer 676 useClientProtocol: 677 description: If set to true, client protocol 678 will be preserved while initiating connection 679 to backend. 680 type: boolean 681 type: object 682 tcp: 683 description: Settings common to both HTTP and 684 TCP upstream connections. 685 properties: 686 connectTimeout: 687 description: TCP connection timeout. 688 type: string 689 idleTimeout: 690 description: The idle timeout for TCP connections. 691 type: string 692 maxConnectionDuration: 693 description: The maximum duration of a connection. 694 type: string 695 maxConnections: 696 description: Maximum number of HTTP1 /TCP 697 connections to a destination host. 698 format: int32 699 type: integer 700 tcpKeepalive: 701 description: If set then set SO_KEEPALIVE 702 on the socket to enable TCP Keepalives. 703 properties: 704 interval: 705 description: The time duration between 706 keep-alive probes. 707 type: string 708 probes: 709 description: Maximum number of keepalive 710 probes to send without response before 711 deciding the connection is dead. 712 maximum: 4294967295 713 minimum: 0 714 type: integer 715 time: 716 description: The time duration a connection 717 needs to be idle before keep-alive probes 718 start being sent. 719 type: string 720 type: object 721 type: object 722 type: object 723 loadBalancer: 724 description: Settings controlling the load balancer 725 algorithms. 726 oneOf: 727 - not: 728 anyOf: 729 - required: 730 - simple 731 - required: 732 - consistentHash 733 - required: 734 - simple 735 - required: 736 - consistentHash 737 properties: 738 consistentHash: 739 allOf: 740 - oneOf: 741 - not: 742 anyOf: 743 - required: 744 - httpHeaderName 745 - required: 746 - httpCookie 747 - required: 748 - useSourceIp 749 - required: 750 - httpQueryParameterName 751 - required: 752 - httpHeaderName 753 - required: 754 - httpCookie 755 - required: 756 - useSourceIp 757 - required: 758 - httpQueryParameterName 759 - oneOf: 760 - not: 761 anyOf: 762 - required: 763 - ringHash 764 - required: 765 - maglev 766 - required: 767 - ringHash 768 - required: 769 - maglev 770 properties: 771 httpCookie: 772 description: Hash based on HTTP cookie. 773 properties: 774 name: 775 description: Name of the cookie. 776 type: string 777 path: 778 description: Path to set for the cookie. 779 type: string 780 ttl: 781 description: Lifetime of the cookie. 782 type: string 783 required: 784 - name 785 type: object 786 httpHeaderName: 787 description: Hash based on a specific HTTP 788 header. 789 type: string 790 httpQueryParameterName: 791 description: Hash based on a specific HTTP 792 query parameter. 793 type: string 794 maglev: 795 description: The Maglev load balancer implements 796 consistent hashing to backend hosts. 797 properties: 798 tableSize: 799 description: The table size for Maglev 800 hashing. 801 minimum: 0 802 type: integer 803 type: object 804 minimumRingSize: 805 description: Deprecated. 806 minimum: 0 807 type: integer 808 ringHash: 809 description: The ring/modulo hash load balancer 810 implements consistent hashing to backend 811 hosts. 812 properties: 813 minimumRingSize: 814 description: The minimum number of virtual 815 nodes to use for the hash ring. 816 minimum: 0 817 type: integer 818 type: object 819 useSourceIp: 820 description: Hash based on the source IP address. 821 type: boolean 822 type: object 823 localityLbSetting: 824 properties: 825 distribute: 826 description: 'Optional: only one of distribute, 827 failover or failoverPriority can be set.' 828 items: 829 properties: 830 from: 831 description: Originating locality, '/' 832 separated, e.g. 833 type: string 834 to: 835 additionalProperties: 836 maximum: 4294967295 837 minimum: 0 838 type: integer 839 description: Map of upstream localities 840 to traffic distribution weights. 841 type: object 842 type: object 843 type: array 844 enabled: 845 description: enable locality load balancing, 846 this is DestinationRule-level and will override 847 mesh wide settings in entirety. 848 nullable: true 849 type: boolean 850 failover: 851 description: 'Optional: only one of distribute, 852 failover or failoverPriority can be set.' 853 items: 854 properties: 855 from: 856 description: Originating region. 857 type: string 858 to: 859 description: Destination region the 860 traffic will fail over to when endpoints 861 in the 'from' region becomes unhealthy. 862 type: string 863 type: object 864 type: array 865 failoverPriority: 866 description: failoverPriority is an ordered 867 list of labels used to sort endpoints to 868 do priority based load balancing. 869 items: 870 type: string 871 type: array 872 type: object 873 simple: 874 description: |2- 875 876 877 Valid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST 878 enum: 879 - UNSPECIFIED 880 - LEAST_CONN 881 - RANDOM 882 - PASSTHROUGH 883 - ROUND_ROBIN 884 - LEAST_REQUEST 885 type: string 886 warmupDurationSecs: 887 description: Represents the warmup duration of 888 Service. 889 type: string 890 type: object 891 outlierDetection: 892 properties: 893 baseEjectionTime: 894 description: Minimum ejection duration. 895 type: string 896 consecutive5xxErrors: 897 description: Number of 5xx errors before a host 898 is ejected from the connection pool. 899 maximum: 4294967295 900 minimum: 0 901 nullable: true 902 type: integer 903 consecutiveErrors: 904 format: int32 905 type: integer 906 consecutiveGatewayErrors: 907 description: Number of gateway errors before a 908 host is ejected from the connection pool. 909 maximum: 4294967295 910 minimum: 0 911 nullable: true 912 type: integer 913 consecutiveLocalOriginFailures: 914 description: The number of consecutive locally 915 originated failures before ejection occurs. 916 maximum: 4294967295 917 minimum: 0 918 nullable: true 919 type: integer 920 interval: 921 description: Time interval between ejection sweep 922 analysis. 923 type: string 924 maxEjectionPercent: 925 description: Maximum % of hosts in the load balancing 926 pool for the upstream service that can be ejected. 927 format: int32 928 type: integer 929 minHealthPercent: 930 description: Outlier detection will be enabled 931 as long as the associated load balancing pool 932 has at least min_health_percent hosts in healthy 933 mode. 934 format: int32 935 type: integer 936 splitExternalLocalOriginErrors: 937 description: Determines whether to distinguish 938 local origin failures from external errors. 939 type: boolean 940 type: object 941 port: 942 description: Specifies the number of a port on the 943 destination service on which this policy is being 944 applied. 945 properties: 946 number: 947 maximum: 4294967295 948 minimum: 0 949 type: integer 950 type: object 951 tls: 952 description: TLS related settings for connections 953 to the upstream service. 954 properties: 955 caCertificates: 956 description: 'OPTIONAL: The path to the file containing 957 certificate authority certificates to use in 958 verifying a presented server certificate.' 959 type: string 960 caCrl: 961 description: 'OPTIONAL: The path to the file containing 962 the certificate revocation list (CRL) to use 963 in verifying a presented server certificate.' 964 type: string 965 clientCertificate: 966 description: REQUIRED if mode is `MUTUAL`. 967 type: string 968 credentialName: 969 description: The name of the secret that holds 970 the TLS certs for the client including the CA 971 certificates. 972 type: string 973 insecureSkipVerify: 974 description: '`insecureSkipVerify` specifies whether 975 the proxy should skip verifying the CA signature 976 and SAN for the server certificate corresponding 977 to the host.' 978 nullable: true 979 type: boolean 980 mode: 981 description: |- 982 Indicates whether connections to this port should be secured using TLS. 983 984 Valid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL 985 enum: 986 - DISABLE 987 - SIMPLE 988 - MUTUAL 989 - ISTIO_MUTUAL 990 type: string 991 privateKey: 992 description: REQUIRED if mode is `MUTUAL`. 993 type: string 994 sni: 995 description: SNI string to present to the server 996 during TLS handshake. 997 type: string 998 subjectAltNames: 999 description: A list of alternate names to verify 1000 the subject identity in the certificate. 1001 items: 1002 type: string 1003 type: array 1004 type: object 1005 type: object 1006 type: array 1007 proxyProtocol: 1008 description: The upstream PROXY protocol settings. 1009 properties: 1010 version: 1011 description: |- 1012 The PROXY protocol version to use. 1013 1014 Valid Options: V1, V2 1015 enum: 1016 - V1 1017 - V2 1018 type: string 1019 type: object 1020 tls: 1021 description: TLS related settings for connections to the 1022 upstream service. 1023 properties: 1024 caCertificates: 1025 description: 'OPTIONAL: The path to the file containing 1026 certificate authority certificates to use in verifying 1027 a presented server certificate.' 1028 type: string 1029 caCrl: 1030 description: 'OPTIONAL: The path to the file containing 1031 the certificate revocation list (CRL) to use in verifying 1032 a presented server certificate.' 1033 type: string 1034 clientCertificate: 1035 description: REQUIRED if mode is `MUTUAL`. 1036 type: string 1037 credentialName: 1038 description: The name of the secret that holds the TLS 1039 certs for the client including the CA certificates. 1040 type: string 1041 insecureSkipVerify: 1042 description: '`insecureSkipVerify` specifies whether 1043 the proxy should skip verifying the CA signature and 1044 SAN for the server certificate corresponding to the 1045 host.' 1046 nullable: true 1047 type: boolean 1048 mode: 1049 description: |- 1050 Indicates whether connections to this port should be secured using TLS. 1051 1052 Valid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL 1053 enum: 1054 - DISABLE 1055 - SIMPLE 1056 - MUTUAL 1057 - ISTIO_MUTUAL 1058 type: string 1059 privateKey: 1060 description: REQUIRED if mode is `MUTUAL`. 1061 type: string 1062 sni: 1063 description: SNI string to present to the server during 1064 TLS handshake. 1065 type: string 1066 subjectAltNames: 1067 description: A list of alternate names to verify the 1068 subject identity in the certificate. 1069 items: 1070 type: string 1071 type: array 1072 type: object 1073 tunnel: 1074 description: Configuration of tunneling TCP over other transport 1075 or application layers for the host configured in the DestinationRule. 1076 properties: 1077 protocol: 1078 description: Specifies which protocol to use for tunneling 1079 the downstream connection. 1080 type: string 1081 targetHost: 1082 description: Specifies a host to which the downstream 1083 connection is tunneled. 1084 type: string 1085 targetPort: 1086 description: Specifies a port to which the downstream 1087 connection is tunneled. 1088 maximum: 4294967295 1089 minimum: 0 1090 type: integer 1091 required: 1092 - targetHost 1093 - targetPort 1094 type: object 1095 type: object 1096 required: 1097 - name 1098 type: object 1099 type: array 1100 trafficPolicy: 1101 description: Traffic policies to apply (load balancing policy, connection 1102 pool sizes, outlier detection). 1103 properties: 1104 connectionPool: 1105 properties: 1106 http: 1107 description: HTTP connection pool settings. 1108 properties: 1109 h2UpgradePolicy: 1110 description: |- 1111 Specify if http1.1 connection should be upgraded to http2 for the associated destination. 1112 1113 Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE 1114 enum: 1115 - DEFAULT 1116 - DO_NOT_UPGRADE 1117 - UPGRADE 1118 type: string 1119 http1MaxPendingRequests: 1120 description: Maximum number of requests that will be queued 1121 while waiting for a ready connection pool connection. 1122 format: int32 1123 type: integer 1124 http2MaxRequests: 1125 description: Maximum number of active requests to a destination. 1126 format: int32 1127 type: integer 1128 idleTimeout: 1129 description: The idle timeout for upstream connection 1130 pool connections. 1131 type: string 1132 maxConcurrentStreams: 1133 description: The maximum number of concurrent streams 1134 allowed for a peer on one HTTP/2 connection. 1135 format: int32 1136 type: integer 1137 maxRequestsPerConnection: 1138 description: Maximum number of requests per connection 1139 to a backend. 1140 format: int32 1141 type: integer 1142 maxRetries: 1143 description: Maximum number of retries that can be outstanding 1144 to all hosts in a cluster at a given time. 1145 format: int32 1146 type: integer 1147 useClientProtocol: 1148 description: If set to true, client protocol will be preserved 1149 while initiating connection to backend. 1150 type: boolean 1151 type: object 1152 tcp: 1153 description: Settings common to both HTTP and TCP upstream 1154 connections. 1155 properties: 1156 connectTimeout: 1157 description: TCP connection timeout. 1158 type: string 1159 idleTimeout: 1160 description: The idle timeout for TCP connections. 1161 type: string 1162 maxConnectionDuration: 1163 description: The maximum duration of a connection. 1164 type: string 1165 maxConnections: 1166 description: Maximum number of HTTP1 /TCP connections 1167 to a destination host. 1168 format: int32 1169 type: integer 1170 tcpKeepalive: 1171 description: If set then set SO_KEEPALIVE on the socket 1172 to enable TCP Keepalives. 1173 properties: 1174 interval: 1175 description: The time duration between keep-alive 1176 probes. 1177 type: string 1178 probes: 1179 description: Maximum number of keepalive probes to 1180 send without response before deciding the connection 1181 is dead. 1182 maximum: 4294967295 1183 minimum: 0 1184 type: integer 1185 time: 1186 description: The time duration a connection needs 1187 to be idle before keep-alive probes start being 1188 sent. 1189 type: string 1190 type: object 1191 type: object 1192 type: object 1193 loadBalancer: 1194 description: Settings controlling the load balancer algorithms. 1195 oneOf: 1196 - not: 1197 anyOf: 1198 - required: 1199 - simple 1200 - required: 1201 - consistentHash 1202 - required: 1203 - simple 1204 - required: 1205 - consistentHash 1206 properties: 1207 consistentHash: 1208 allOf: 1209 - oneOf: 1210 - not: 1211 anyOf: 1212 - required: 1213 - httpHeaderName 1214 - required: 1215 - httpCookie 1216 - required: 1217 - useSourceIp 1218 - required: 1219 - httpQueryParameterName 1220 - required: 1221 - httpHeaderName 1222 - required: 1223 - httpCookie 1224 - required: 1225 - useSourceIp 1226 - required: 1227 - httpQueryParameterName 1228 - oneOf: 1229 - not: 1230 anyOf: 1231 - required: 1232 - ringHash 1233 - required: 1234 - maglev 1235 - required: 1236 - ringHash 1237 - required: 1238 - maglev 1239 properties: 1240 httpCookie: 1241 description: Hash based on HTTP cookie. 1242 properties: 1243 name: 1244 description: Name of the cookie. 1245 type: string 1246 path: 1247 description: Path to set for the cookie. 1248 type: string 1249 ttl: 1250 description: Lifetime of the cookie. 1251 type: string 1252 required: 1253 - name 1254 type: object 1255 httpHeaderName: 1256 description: Hash based on a specific HTTP header. 1257 type: string 1258 httpQueryParameterName: 1259 description: Hash based on a specific HTTP query parameter. 1260 type: string 1261 maglev: 1262 description: The Maglev load balancer implements consistent 1263 hashing to backend hosts. 1264 properties: 1265 tableSize: 1266 description: The table size for Maglev hashing. 1267 minimum: 0 1268 type: integer 1269 type: object 1270 minimumRingSize: 1271 description: Deprecated. 1272 minimum: 0 1273 type: integer 1274 ringHash: 1275 description: The ring/modulo hash load balancer implements 1276 consistent hashing to backend hosts. 1277 properties: 1278 minimumRingSize: 1279 description: The minimum number of virtual nodes to 1280 use for the hash ring. 1281 minimum: 0 1282 type: integer 1283 type: object 1284 useSourceIp: 1285 description: Hash based on the source IP address. 1286 type: boolean 1287 type: object 1288 localityLbSetting: 1289 properties: 1290 distribute: 1291 description: 'Optional: only one of distribute, failover 1292 or failoverPriority can be set.' 1293 items: 1294 properties: 1295 from: 1296 description: Originating locality, '/' separated, 1297 e.g. 1298 type: string 1299 to: 1300 additionalProperties: 1301 maximum: 4294967295 1302 minimum: 0 1303 type: integer 1304 description: Map of upstream localities to traffic 1305 distribution weights. 1306 type: object 1307 type: object 1308 type: array 1309 enabled: 1310 description: enable locality load balancing, this is DestinationRule-level 1311 and will override mesh wide settings in entirety. 1312 nullable: true 1313 type: boolean 1314 failover: 1315 description: 'Optional: only one of distribute, failover 1316 or failoverPriority can be set.' 1317 items: 1318 properties: 1319 from: 1320 description: Originating region. 1321 type: string 1322 to: 1323 description: Destination region the traffic will 1324 fail over to when endpoints in the 'from' region 1325 becomes unhealthy. 1326 type: string 1327 type: object 1328 type: array 1329 failoverPriority: 1330 description: failoverPriority is an ordered list of labels 1331 used to sort endpoints to do priority based load balancing. 1332 items: 1333 type: string 1334 type: array 1335 type: object 1336 simple: 1337 description: |2- 1338 1339 1340 Valid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST 1341 enum: 1342 - UNSPECIFIED 1343 - LEAST_CONN 1344 - RANDOM 1345 - PASSTHROUGH 1346 - ROUND_ROBIN 1347 - LEAST_REQUEST 1348 type: string 1349 warmupDurationSecs: 1350 description: Represents the warmup duration of Service. 1351 type: string 1352 type: object 1353 outlierDetection: 1354 properties: 1355 baseEjectionTime: 1356 description: Minimum ejection duration. 1357 type: string 1358 consecutive5xxErrors: 1359 description: Number of 5xx errors before a host is ejected 1360 from the connection pool. 1361 maximum: 4294967295 1362 minimum: 0 1363 nullable: true 1364 type: integer 1365 consecutiveErrors: 1366 format: int32 1367 type: integer 1368 consecutiveGatewayErrors: 1369 description: Number of gateway errors before a host is ejected 1370 from the connection pool. 1371 maximum: 4294967295 1372 minimum: 0 1373 nullable: true 1374 type: integer 1375 consecutiveLocalOriginFailures: 1376 description: The number of consecutive locally originated 1377 failures before ejection occurs. 1378 maximum: 4294967295 1379 minimum: 0 1380 nullable: true 1381 type: integer 1382 interval: 1383 description: Time interval between ejection sweep analysis. 1384 type: string 1385 maxEjectionPercent: 1386 description: Maximum % of hosts in the load balancing pool 1387 for the upstream service that can be ejected. 1388 format: int32 1389 type: integer 1390 minHealthPercent: 1391 description: Outlier detection will be enabled as long as 1392 the associated load balancing pool has at least min_health_percent 1393 hosts in healthy mode. 1394 format: int32 1395 type: integer 1396 splitExternalLocalOriginErrors: 1397 description: Determines whether to distinguish local origin 1398 failures from external errors. 1399 type: boolean 1400 type: object 1401 portLevelSettings: 1402 description: Traffic policies specific to individual ports. 1403 items: 1404 properties: 1405 connectionPool: 1406 properties: 1407 http: 1408 description: HTTP connection pool settings. 1409 properties: 1410 h2UpgradePolicy: 1411 description: |- 1412 Specify if http1.1 connection should be upgraded to http2 for the associated destination. 1413 1414 Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE 1415 enum: 1416 - DEFAULT 1417 - DO_NOT_UPGRADE 1418 - UPGRADE 1419 type: string 1420 http1MaxPendingRequests: 1421 description: Maximum number of requests that will 1422 be queued while waiting for a ready connection 1423 pool connection. 1424 format: int32 1425 type: integer 1426 http2MaxRequests: 1427 description: Maximum number of active requests to 1428 a destination. 1429 format: int32 1430 type: integer 1431 idleTimeout: 1432 description: The idle timeout for upstream connection 1433 pool connections. 1434 type: string 1435 maxConcurrentStreams: 1436 description: The maximum number of concurrent streams 1437 allowed for a peer on one HTTP/2 connection. 1438 format: int32 1439 type: integer 1440 maxRequestsPerConnection: 1441 description: Maximum number of requests per connection 1442 to a backend. 1443 format: int32 1444 type: integer 1445 maxRetries: 1446 description: Maximum number of retries that can 1447 be outstanding to all hosts in a cluster at a 1448 given time. 1449 format: int32 1450 type: integer 1451 useClientProtocol: 1452 description: If set to true, client protocol will 1453 be preserved while initiating connection to backend. 1454 type: boolean 1455 type: object 1456 tcp: 1457 description: Settings common to both HTTP and TCP upstream 1458 connections. 1459 properties: 1460 connectTimeout: 1461 description: TCP connection timeout. 1462 type: string 1463 idleTimeout: 1464 description: The idle timeout for TCP connections. 1465 type: string 1466 maxConnectionDuration: 1467 description: The maximum duration of a connection. 1468 type: string 1469 maxConnections: 1470 description: Maximum number of HTTP1 /TCP connections 1471 to a destination host. 1472 format: int32 1473 type: integer 1474 tcpKeepalive: 1475 description: If set then set SO_KEEPALIVE on the 1476 socket to enable TCP Keepalives. 1477 properties: 1478 interval: 1479 description: The time duration between keep-alive 1480 probes. 1481 type: string 1482 probes: 1483 description: Maximum number of keepalive probes 1484 to send without response before deciding the 1485 connection is dead. 1486 maximum: 4294967295 1487 minimum: 0 1488 type: integer 1489 time: 1490 description: The time duration a connection 1491 needs to be idle before keep-alive probes 1492 start being sent. 1493 type: string 1494 type: object 1495 type: object 1496 type: object 1497 loadBalancer: 1498 description: Settings controlling the load balancer algorithms. 1499 oneOf: 1500 - not: 1501 anyOf: 1502 - required: 1503 - simple 1504 - required: 1505 - consistentHash 1506 - required: 1507 - simple 1508 - required: 1509 - consistentHash 1510 properties: 1511 consistentHash: 1512 allOf: 1513 - oneOf: 1514 - not: 1515 anyOf: 1516 - required: 1517 - httpHeaderName 1518 - required: 1519 - httpCookie 1520 - required: 1521 - useSourceIp 1522 - required: 1523 - httpQueryParameterName 1524 - required: 1525 - httpHeaderName 1526 - required: 1527 - httpCookie 1528 - required: 1529 - useSourceIp 1530 - required: 1531 - httpQueryParameterName 1532 - oneOf: 1533 - not: 1534 anyOf: 1535 - required: 1536 - ringHash 1537 - required: 1538 - maglev 1539 - required: 1540 - ringHash 1541 - required: 1542 - maglev 1543 properties: 1544 httpCookie: 1545 description: Hash based on HTTP cookie. 1546 properties: 1547 name: 1548 description: Name of the cookie. 1549 type: string 1550 path: 1551 description: Path to set for the cookie. 1552 type: string 1553 ttl: 1554 description: Lifetime of the cookie. 1555 type: string 1556 required: 1557 - name 1558 type: object 1559 httpHeaderName: 1560 description: Hash based on a specific HTTP header. 1561 type: string 1562 httpQueryParameterName: 1563 description: Hash based on a specific HTTP query 1564 parameter. 1565 type: string 1566 maglev: 1567 description: The Maglev load balancer implements 1568 consistent hashing to backend hosts. 1569 properties: 1570 tableSize: 1571 description: The table size for Maglev hashing. 1572 minimum: 0 1573 type: integer 1574 type: object 1575 minimumRingSize: 1576 description: Deprecated. 1577 minimum: 0 1578 type: integer 1579 ringHash: 1580 description: The ring/modulo hash load balancer 1581 implements consistent hashing to backend hosts. 1582 properties: 1583 minimumRingSize: 1584 description: The minimum number of virtual nodes 1585 to use for the hash ring. 1586 minimum: 0 1587 type: integer 1588 type: object 1589 useSourceIp: 1590 description: Hash based on the source IP address. 1591 type: boolean 1592 type: object 1593 localityLbSetting: 1594 properties: 1595 distribute: 1596 description: 'Optional: only one of distribute, 1597 failover or failoverPriority can be set.' 1598 items: 1599 properties: 1600 from: 1601 description: Originating locality, '/' separated, 1602 e.g. 1603 type: string 1604 to: 1605 additionalProperties: 1606 maximum: 4294967295 1607 minimum: 0 1608 type: integer 1609 description: Map of upstream localities to 1610 traffic distribution weights. 1611 type: object 1612 type: object 1613 type: array 1614 enabled: 1615 description: enable locality load balancing, this 1616 is DestinationRule-level and will override mesh 1617 wide settings in entirety. 1618 nullable: true 1619 type: boolean 1620 failover: 1621 description: 'Optional: only one of distribute, 1622 failover or failoverPriority can be set.' 1623 items: 1624 properties: 1625 from: 1626 description: Originating region. 1627 type: string 1628 to: 1629 description: Destination region the traffic 1630 will fail over to when endpoints in the 1631 'from' region becomes unhealthy. 1632 type: string 1633 type: object 1634 type: array 1635 failoverPriority: 1636 description: failoverPriority is an ordered list 1637 of labels used to sort endpoints to do priority 1638 based load balancing. 1639 items: 1640 type: string 1641 type: array 1642 type: object 1643 simple: 1644 description: |2- 1645 1646 1647 Valid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST 1648 enum: 1649 - UNSPECIFIED 1650 - LEAST_CONN 1651 - RANDOM 1652 - PASSTHROUGH 1653 - ROUND_ROBIN 1654 - LEAST_REQUEST 1655 type: string 1656 warmupDurationSecs: 1657 description: Represents the warmup duration of Service. 1658 type: string 1659 type: object 1660 outlierDetection: 1661 properties: 1662 baseEjectionTime: 1663 description: Minimum ejection duration. 1664 type: string 1665 consecutive5xxErrors: 1666 description: Number of 5xx errors before a host is ejected 1667 from the connection pool. 1668 maximum: 4294967295 1669 minimum: 0 1670 nullable: true 1671 type: integer 1672 consecutiveErrors: 1673 format: int32 1674 type: integer 1675 consecutiveGatewayErrors: 1676 description: Number of gateway errors before a host 1677 is ejected from the connection pool. 1678 maximum: 4294967295 1679 minimum: 0 1680 nullable: true 1681 type: integer 1682 consecutiveLocalOriginFailures: 1683 description: The number of consecutive locally originated 1684 failures before ejection occurs. 1685 maximum: 4294967295 1686 minimum: 0 1687 nullable: true 1688 type: integer 1689 interval: 1690 description: Time interval between ejection sweep analysis. 1691 type: string 1692 maxEjectionPercent: 1693 description: Maximum % of hosts in the load balancing 1694 pool for the upstream service that can be ejected. 1695 format: int32 1696 type: integer 1697 minHealthPercent: 1698 description: Outlier detection will be enabled as long 1699 as the associated load balancing pool has at least 1700 min_health_percent hosts in healthy mode. 1701 format: int32 1702 type: integer 1703 splitExternalLocalOriginErrors: 1704 description: Determines whether to distinguish local 1705 origin failures from external errors. 1706 type: boolean 1707 type: object 1708 port: 1709 description: Specifies the number of a port on the destination 1710 service on which this policy is being applied. 1711 properties: 1712 number: 1713 maximum: 4294967295 1714 minimum: 0 1715 type: integer 1716 type: object 1717 tls: 1718 description: TLS related settings for connections to the 1719 upstream service. 1720 properties: 1721 caCertificates: 1722 description: 'OPTIONAL: The path to the file containing 1723 certificate authority certificates to use in verifying 1724 a presented server certificate.' 1725 type: string 1726 caCrl: 1727 description: 'OPTIONAL: The path to the file containing 1728 the certificate revocation list (CRL) to use in verifying 1729 a presented server certificate.' 1730 type: string 1731 clientCertificate: 1732 description: REQUIRED if mode is `MUTUAL`. 1733 type: string 1734 credentialName: 1735 description: The name of the secret that holds the TLS 1736 certs for the client including the CA certificates. 1737 type: string 1738 insecureSkipVerify: 1739 description: '`insecureSkipVerify` specifies whether 1740 the proxy should skip verifying the CA signature and 1741 SAN for the server certificate corresponding to the 1742 host.' 1743 nullable: true 1744 type: boolean 1745 mode: 1746 description: |- 1747 Indicates whether connections to this port should be secured using TLS. 1748 1749 Valid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL 1750 enum: 1751 - DISABLE 1752 - SIMPLE 1753 - MUTUAL 1754 - ISTIO_MUTUAL 1755 type: string 1756 privateKey: 1757 description: REQUIRED if mode is `MUTUAL`. 1758 type: string 1759 sni: 1760 description: SNI string to present to the server during 1761 TLS handshake. 1762 type: string 1763 subjectAltNames: 1764 description: A list of alternate names to verify the 1765 subject identity in the certificate. 1766 items: 1767 type: string 1768 type: array 1769 type: object 1770 type: object 1771 type: array 1772 proxyProtocol: 1773 description: The upstream PROXY protocol settings. 1774 properties: 1775 version: 1776 description: |- 1777 The PROXY protocol version to use. 1778 1779 Valid Options: V1, V2 1780 enum: 1781 - V1 1782 - V2 1783 type: string 1784 type: object 1785 tls: 1786 description: TLS related settings for connections to the upstream 1787 service. 1788 properties: 1789 caCertificates: 1790 description: 'OPTIONAL: The path to the file containing certificate 1791 authority certificates to use in verifying a presented server 1792 certificate.' 1793 type: string 1794 caCrl: 1795 description: 'OPTIONAL: The path to the file containing the 1796 certificate revocation list (CRL) to use in verifying a 1797 presented server certificate.' 1798 type: string 1799 clientCertificate: 1800 description: REQUIRED if mode is `MUTUAL`. 1801 type: string 1802 credentialName: 1803 description: The name of the secret that holds the TLS certs 1804 for the client including the CA certificates. 1805 type: string 1806 insecureSkipVerify: 1807 description: '`insecureSkipVerify` specifies whether the proxy 1808 should skip verifying the CA signature and SAN for the server 1809 certificate corresponding to the host.' 1810 nullable: true 1811 type: boolean 1812 mode: 1813 description: |- 1814 Indicates whether connections to this port should be secured using TLS. 1815 1816 Valid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL 1817 enum: 1818 - DISABLE 1819 - SIMPLE 1820 - MUTUAL 1821 - ISTIO_MUTUAL 1822 type: string 1823 privateKey: 1824 description: REQUIRED if mode is `MUTUAL`. 1825 type: string 1826 sni: 1827 description: SNI string to present to the server during TLS 1828 handshake. 1829 type: string 1830 subjectAltNames: 1831 description: A list of alternate names to verify the subject 1832 identity in the certificate. 1833 items: 1834 type: string 1835 type: array 1836 type: object 1837 tunnel: 1838 description: Configuration of tunneling TCP over other transport 1839 or application layers for the host configured in the DestinationRule. 1840 properties: 1841 protocol: 1842 description: Specifies which protocol to use for tunneling 1843 the downstream connection. 1844 type: string 1845 targetHost: 1846 description: Specifies a host to which the downstream connection 1847 is tunneled. 1848 type: string 1849 targetPort: 1850 description: Specifies a port to which the downstream connection 1851 is tunneled. 1852 maximum: 4294967295 1853 minimum: 0 1854 type: integer 1855 required: 1856 - targetHost 1857 - targetPort 1858 type: object 1859 type: object 1860 workloadSelector: 1861 description: Criteria used to select the specific set of pods/VMs 1862 on which this `DestinationRule` configuration should be applied. 1863 properties: 1864 matchLabels: 1865 additionalProperties: 1866 type: string 1867 description: One or more labels that indicate a specific set of 1868 pods/VMs on which a policy should be applied. 1869 type: object 1870 type: object 1871 required: 1872 - host 1873 type: object 1874 status: 1875 type: object 1876 x-kubernetes-preserve-unknown-fields: true 1877 type: object 1878 served: true 1879 storage: false 1880 subresources: 1881 status: {} 1882 - additionalPrinterColumns: 1883 - description: The name of a service from the service registry 1884 jsonPath: .spec.host 1885 name: Host 1886 type: string 1887 - description: 'CreationTimestamp is a timestamp representing the server time 1888 when this object was created. It is not guaranteed to be set in happens-before 1889 order across separate operations. Clients may not set this value. It is represented 1890 in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for 1891 lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' 1892 jsonPath: .metadata.creationTimestamp 1893 name: Age 1894 type: date 1895 name: v1alpha3 1896 schema: 1897 openAPIV3Schema: 1898 properties: 1899 spec: 1900 description: 'Configuration affecting load balancing, outlier detection, 1901 etc. See more details at: https://istio.io/docs/reference/config/networking/destination-rule.html' 1902 properties: 1903 exportTo: 1904 description: A list of namespaces to which this destination rule is 1905 exported. 1906 items: 1907 type: string 1908 type: array 1909 host: 1910 description: The name of a service from the service registry. 1911 type: string 1912 subsets: 1913 description: One or more named sets that represent individual versions 1914 of a service. 1915 items: 1916 properties: 1917 labels: 1918 additionalProperties: 1919 type: string 1920 description: Labels apply a filter over the endpoints of a service 1921 in the service registry. 1922 type: object 1923 name: 1924 description: Name of the subset. 1925 type: string 1926 trafficPolicy: 1927 description: Traffic policies that apply to this subset. 1928 properties: 1929 connectionPool: 1930 properties: 1931 http: 1932 description: HTTP connection pool settings. 1933 properties: 1934 h2UpgradePolicy: 1935 description: |- 1936 Specify if http1.1 connection should be upgraded to http2 for the associated destination. 1937 1938 Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE 1939 enum: 1940 - DEFAULT 1941 - DO_NOT_UPGRADE 1942 - UPGRADE 1943 type: string 1944 http1MaxPendingRequests: 1945 description: Maximum number of requests that will 1946 be queued while waiting for a ready connection 1947 pool connection. 1948 format: int32 1949 type: integer 1950 http2MaxRequests: 1951 description: Maximum number of active requests to 1952 a destination. 1953 format: int32 1954 type: integer 1955 idleTimeout: 1956 description: The idle timeout for upstream connection 1957 pool connections. 1958 type: string 1959 maxConcurrentStreams: 1960 description: The maximum number of concurrent streams 1961 allowed for a peer on one HTTP/2 connection. 1962 format: int32 1963 type: integer 1964 maxRequestsPerConnection: 1965 description: Maximum number of requests per connection 1966 to a backend. 1967 format: int32 1968 type: integer 1969 maxRetries: 1970 description: Maximum number of retries that can 1971 be outstanding to all hosts in a cluster at a 1972 given time. 1973 format: int32 1974 type: integer 1975 useClientProtocol: 1976 description: If set to true, client protocol will 1977 be preserved while initiating connection to backend. 1978 type: boolean 1979 type: object 1980 tcp: 1981 description: Settings common to both HTTP and TCP upstream 1982 connections. 1983 properties: 1984 connectTimeout: 1985 description: TCP connection timeout. 1986 type: string 1987 idleTimeout: 1988 description: The idle timeout for TCP connections. 1989 type: string 1990 maxConnectionDuration: 1991 description: The maximum duration of a connection. 1992 type: string 1993 maxConnections: 1994 description: Maximum number of HTTP1 /TCP connections 1995 to a destination host. 1996 format: int32 1997 type: integer 1998 tcpKeepalive: 1999 description: If set then set SO_KEEPALIVE on the 2000 socket to enable TCP Keepalives. 2001 properties: 2002 interval: 2003 description: The time duration between keep-alive 2004 probes. 2005 type: string 2006 probes: 2007 description: Maximum number of keepalive probes 2008 to send without response before deciding the 2009 connection is dead. 2010 maximum: 4294967295 2011 minimum: 0 2012 type: integer 2013 time: 2014 description: The time duration a connection 2015 needs to be idle before keep-alive probes 2016 start being sent. 2017 type: string 2018 type: object 2019 type: object 2020 type: object 2021 loadBalancer: 2022 description: Settings controlling the load balancer algorithms. 2023 oneOf: 2024 - not: 2025 anyOf: 2026 - required: 2027 - simple 2028 - required: 2029 - consistentHash 2030 - required: 2031 - simple 2032 - required: 2033 - consistentHash 2034 properties: 2035 consistentHash: 2036 allOf: 2037 - oneOf: 2038 - not: 2039 anyOf: 2040 - required: 2041 - httpHeaderName 2042 - required: 2043 - httpCookie 2044 - required: 2045 - useSourceIp 2046 - required: 2047 - httpQueryParameterName 2048 - required: 2049 - httpHeaderName 2050 - required: 2051 - httpCookie 2052 - required: 2053 - useSourceIp 2054 - required: 2055 - httpQueryParameterName 2056 - oneOf: 2057 - not: 2058 anyOf: 2059 - required: 2060 - ringHash 2061 - required: 2062 - maglev 2063 - required: 2064 - ringHash 2065 - required: 2066 - maglev 2067 properties: 2068 httpCookie: 2069 description: Hash based on HTTP cookie. 2070 properties: 2071 name: 2072 description: Name of the cookie. 2073 type: string 2074 path: 2075 description: Path to set for the cookie. 2076 type: string 2077 ttl: 2078 description: Lifetime of the cookie. 2079 type: string 2080 required: 2081 - name 2082 type: object 2083 httpHeaderName: 2084 description: Hash based on a specific HTTP header. 2085 type: string 2086 httpQueryParameterName: 2087 description: Hash based on a specific HTTP query 2088 parameter. 2089 type: string 2090 maglev: 2091 description: The Maglev load balancer implements 2092 consistent hashing to backend hosts. 2093 properties: 2094 tableSize: 2095 description: The table size for Maglev hashing. 2096 minimum: 0 2097 type: integer 2098 type: object 2099 minimumRingSize: 2100 description: Deprecated. 2101 minimum: 0 2102 type: integer 2103 ringHash: 2104 description: The ring/modulo hash load balancer 2105 implements consistent hashing to backend hosts. 2106 properties: 2107 minimumRingSize: 2108 description: The minimum number of virtual nodes 2109 to use for the hash ring. 2110 minimum: 0 2111 type: integer 2112 type: object 2113 useSourceIp: 2114 description: Hash based on the source IP address. 2115 type: boolean 2116 type: object 2117 localityLbSetting: 2118 properties: 2119 distribute: 2120 description: 'Optional: only one of distribute, 2121 failover or failoverPriority can be set.' 2122 items: 2123 properties: 2124 from: 2125 description: Originating locality, '/' separated, 2126 e.g. 2127 type: string 2128 to: 2129 additionalProperties: 2130 maximum: 4294967295 2131 minimum: 0 2132 type: integer 2133 description: Map of upstream localities to 2134 traffic distribution weights. 2135 type: object 2136 type: object 2137 type: array 2138 enabled: 2139 description: enable locality load balancing, this 2140 is DestinationRule-level and will override mesh 2141 wide settings in entirety. 2142 nullable: true 2143 type: boolean 2144 failover: 2145 description: 'Optional: only one of distribute, 2146 failover or failoverPriority can be set.' 2147 items: 2148 properties: 2149 from: 2150 description: Originating region. 2151 type: string 2152 to: 2153 description: Destination region the traffic 2154 will fail over to when endpoints in the 2155 'from' region becomes unhealthy. 2156 type: string 2157 type: object 2158 type: array 2159 failoverPriority: 2160 description: failoverPriority is an ordered list 2161 of labels used to sort endpoints to do priority 2162 based load balancing. 2163 items: 2164 type: string 2165 type: array 2166 type: object 2167 simple: 2168 description: |2- 2169 2170 2171 Valid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST 2172 enum: 2173 - UNSPECIFIED 2174 - LEAST_CONN 2175 - RANDOM 2176 - PASSTHROUGH 2177 - ROUND_ROBIN 2178 - LEAST_REQUEST 2179 type: string 2180 warmupDurationSecs: 2181 description: Represents the warmup duration of Service. 2182 type: string 2183 type: object 2184 outlierDetection: 2185 properties: 2186 baseEjectionTime: 2187 description: Minimum ejection duration. 2188 type: string 2189 consecutive5xxErrors: 2190 description: Number of 5xx errors before a host is ejected 2191 from the connection pool. 2192 maximum: 4294967295 2193 minimum: 0 2194 nullable: true 2195 type: integer 2196 consecutiveErrors: 2197 format: int32 2198 type: integer 2199 consecutiveGatewayErrors: 2200 description: Number of gateway errors before a host 2201 is ejected from the connection pool. 2202 maximum: 4294967295 2203 minimum: 0 2204 nullable: true 2205 type: integer 2206 consecutiveLocalOriginFailures: 2207 description: The number of consecutive locally originated 2208 failures before ejection occurs. 2209 maximum: 4294967295 2210 minimum: 0 2211 nullable: true 2212 type: integer 2213 interval: 2214 description: Time interval between ejection sweep analysis. 2215 type: string 2216 maxEjectionPercent: 2217 description: Maximum % of hosts in the load balancing 2218 pool for the upstream service that can be ejected. 2219 format: int32 2220 type: integer 2221 minHealthPercent: 2222 description: Outlier detection will be enabled as long 2223 as the associated load balancing pool has at least 2224 min_health_percent hosts in healthy mode. 2225 format: int32 2226 type: integer 2227 splitExternalLocalOriginErrors: 2228 description: Determines whether to distinguish local 2229 origin failures from external errors. 2230 type: boolean 2231 type: object 2232 portLevelSettings: 2233 description: Traffic policies specific to individual ports. 2234 items: 2235 properties: 2236 connectionPool: 2237 properties: 2238 http: 2239 description: HTTP connection pool settings. 2240 properties: 2241 h2UpgradePolicy: 2242 description: |- 2243 Specify if http1.1 connection should be upgraded to http2 for the associated destination. 2244 2245 Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE 2246 enum: 2247 - DEFAULT 2248 - DO_NOT_UPGRADE 2249 - UPGRADE 2250 type: string 2251 http1MaxPendingRequests: 2252 description: Maximum number of requests that 2253 will be queued while waiting for a ready 2254 connection pool connection. 2255 format: int32 2256 type: integer 2257 http2MaxRequests: 2258 description: Maximum number of active requests 2259 to a destination. 2260 format: int32 2261 type: integer 2262 idleTimeout: 2263 description: The idle timeout for upstream 2264 connection pool connections. 2265 type: string 2266 maxConcurrentStreams: 2267 description: The maximum number of concurrent 2268 streams allowed for a peer on one HTTP/2 2269 connection. 2270 format: int32 2271 type: integer 2272 maxRequestsPerConnection: 2273 description: Maximum number of requests per 2274 connection to a backend. 2275 format: int32 2276 type: integer 2277 maxRetries: 2278 description: Maximum number of retries that 2279 can be outstanding to all hosts in a cluster 2280 at a given time. 2281 format: int32 2282 type: integer 2283 useClientProtocol: 2284 description: If set to true, client protocol 2285 will be preserved while initiating connection 2286 to backend. 2287 type: boolean 2288 type: object 2289 tcp: 2290 description: Settings common to both HTTP and 2291 TCP upstream connections. 2292 properties: 2293 connectTimeout: 2294 description: TCP connection timeout. 2295 type: string 2296 idleTimeout: 2297 description: The idle timeout for TCP connections. 2298 type: string 2299 maxConnectionDuration: 2300 description: The maximum duration of a connection. 2301 type: string 2302 maxConnections: 2303 description: Maximum number of HTTP1 /TCP 2304 connections to a destination host. 2305 format: int32 2306 type: integer 2307 tcpKeepalive: 2308 description: If set then set SO_KEEPALIVE 2309 on the socket to enable TCP Keepalives. 2310 properties: 2311 interval: 2312 description: The time duration between 2313 keep-alive probes. 2314 type: string 2315 probes: 2316 description: Maximum number of keepalive 2317 probes to send without response before 2318 deciding the connection is dead. 2319 maximum: 4294967295 2320 minimum: 0 2321 type: integer 2322 time: 2323 description: The time duration a connection 2324 needs to be idle before keep-alive probes 2325 start being sent. 2326 type: string 2327 type: object 2328 type: object 2329 type: object 2330 loadBalancer: 2331 description: Settings controlling the load balancer 2332 algorithms. 2333 oneOf: 2334 - not: 2335 anyOf: 2336 - required: 2337 - simple 2338 - required: 2339 - consistentHash 2340 - required: 2341 - simple 2342 - required: 2343 - consistentHash 2344 properties: 2345 consistentHash: 2346 allOf: 2347 - oneOf: 2348 - not: 2349 anyOf: 2350 - required: 2351 - httpHeaderName 2352 - required: 2353 - httpCookie 2354 - required: 2355 - useSourceIp 2356 - required: 2357 - httpQueryParameterName 2358 - required: 2359 - httpHeaderName 2360 - required: 2361 - httpCookie 2362 - required: 2363 - useSourceIp 2364 - required: 2365 - httpQueryParameterName 2366 - oneOf: 2367 - not: 2368 anyOf: 2369 - required: 2370 - ringHash 2371 - required: 2372 - maglev 2373 - required: 2374 - ringHash 2375 - required: 2376 - maglev 2377 properties: 2378 httpCookie: 2379 description: Hash based on HTTP cookie. 2380 properties: 2381 name: 2382 description: Name of the cookie. 2383 type: string 2384 path: 2385 description: Path to set for the cookie. 2386 type: string 2387 ttl: 2388 description: Lifetime of the cookie. 2389 type: string 2390 required: 2391 - name 2392 type: object 2393 httpHeaderName: 2394 description: Hash based on a specific HTTP 2395 header. 2396 type: string 2397 httpQueryParameterName: 2398 description: Hash based on a specific HTTP 2399 query parameter. 2400 type: string 2401 maglev: 2402 description: The Maglev load balancer implements 2403 consistent hashing to backend hosts. 2404 properties: 2405 tableSize: 2406 description: The table size for Maglev 2407 hashing. 2408 minimum: 0 2409 type: integer 2410 type: object 2411 minimumRingSize: 2412 description: Deprecated. 2413 minimum: 0 2414 type: integer 2415 ringHash: 2416 description: The ring/modulo hash load balancer 2417 implements consistent hashing to backend 2418 hosts. 2419 properties: 2420 minimumRingSize: 2421 description: The minimum number of virtual 2422 nodes to use for the hash ring. 2423 minimum: 0 2424 type: integer 2425 type: object 2426 useSourceIp: 2427 description: Hash based on the source IP address. 2428 type: boolean 2429 type: object 2430 localityLbSetting: 2431 properties: 2432 distribute: 2433 description: 'Optional: only one of distribute, 2434 failover or failoverPriority can be set.' 2435 items: 2436 properties: 2437 from: 2438 description: Originating locality, '/' 2439 separated, e.g. 2440 type: string 2441 to: 2442 additionalProperties: 2443 maximum: 4294967295 2444 minimum: 0 2445 type: integer 2446 description: Map of upstream localities 2447 to traffic distribution weights. 2448 type: object 2449 type: object 2450 type: array 2451 enabled: 2452 description: enable locality load balancing, 2453 this is DestinationRule-level and will override 2454 mesh wide settings in entirety. 2455 nullable: true 2456 type: boolean 2457 failover: 2458 description: 'Optional: only one of distribute, 2459 failover or failoverPriority can be set.' 2460 items: 2461 properties: 2462 from: 2463 description: Originating region. 2464 type: string 2465 to: 2466 description: Destination region the 2467 traffic will fail over to when endpoints 2468 in the 'from' region becomes unhealthy. 2469 type: string 2470 type: object 2471 type: array 2472 failoverPriority: 2473 description: failoverPriority is an ordered 2474 list of labels used to sort endpoints to 2475 do priority based load balancing. 2476 items: 2477 type: string 2478 type: array 2479 type: object 2480 simple: 2481 description: |2- 2482 2483 2484 Valid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST 2485 enum: 2486 - UNSPECIFIED 2487 - LEAST_CONN 2488 - RANDOM 2489 - PASSTHROUGH 2490 - ROUND_ROBIN 2491 - LEAST_REQUEST 2492 type: string 2493 warmupDurationSecs: 2494 description: Represents the warmup duration of 2495 Service. 2496 type: string 2497 type: object 2498 outlierDetection: 2499 properties: 2500 baseEjectionTime: 2501 description: Minimum ejection duration. 2502 type: string 2503 consecutive5xxErrors: 2504 description: Number of 5xx errors before a host 2505 is ejected from the connection pool. 2506 maximum: 4294967295 2507 minimum: 0 2508 nullable: true 2509 type: integer 2510 consecutiveErrors: 2511 format: int32 2512 type: integer 2513 consecutiveGatewayErrors: 2514 description: Number of gateway errors before a 2515 host is ejected from the connection pool. 2516 maximum: 4294967295 2517 minimum: 0 2518 nullable: true 2519 type: integer 2520 consecutiveLocalOriginFailures: 2521 description: The number of consecutive locally 2522 originated failures before ejection occurs. 2523 maximum: 4294967295 2524 minimum: 0 2525 nullable: true 2526 type: integer 2527 interval: 2528 description: Time interval between ejection sweep 2529 analysis. 2530 type: string 2531 maxEjectionPercent: 2532 description: Maximum % of hosts in the load balancing 2533 pool for the upstream service that can be ejected. 2534 format: int32 2535 type: integer 2536 minHealthPercent: 2537 description: Outlier detection will be enabled 2538 as long as the associated load balancing pool 2539 has at least min_health_percent hosts in healthy 2540 mode. 2541 format: int32 2542 type: integer 2543 splitExternalLocalOriginErrors: 2544 description: Determines whether to distinguish 2545 local origin failures from external errors. 2546 type: boolean 2547 type: object 2548 port: 2549 description: Specifies the number of a port on the 2550 destination service on which this policy is being 2551 applied. 2552 properties: 2553 number: 2554 maximum: 4294967295 2555 minimum: 0 2556 type: integer 2557 type: object 2558 tls: 2559 description: TLS related settings for connections 2560 to the upstream service. 2561 properties: 2562 caCertificates: 2563 description: 'OPTIONAL: The path to the file containing 2564 certificate authority certificates to use in 2565 verifying a presented server certificate.' 2566 type: string 2567 caCrl: 2568 description: 'OPTIONAL: The path to the file containing 2569 the certificate revocation list (CRL) to use 2570 in verifying a presented server certificate.' 2571 type: string 2572 clientCertificate: 2573 description: REQUIRED if mode is `MUTUAL`. 2574 type: string 2575 credentialName: 2576 description: The name of the secret that holds 2577 the TLS certs for the client including the CA 2578 certificates. 2579 type: string 2580 insecureSkipVerify: 2581 description: '`insecureSkipVerify` specifies whether 2582 the proxy should skip verifying the CA signature 2583 and SAN for the server certificate corresponding 2584 to the host.' 2585 nullable: true 2586 type: boolean 2587 mode: 2588 description: |- 2589 Indicates whether connections to this port should be secured using TLS. 2590 2591 Valid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL 2592 enum: 2593 - DISABLE 2594 - SIMPLE 2595 - MUTUAL 2596 - ISTIO_MUTUAL 2597 type: string 2598 privateKey: 2599 description: REQUIRED if mode is `MUTUAL`. 2600 type: string 2601 sni: 2602 description: SNI string to present to the server 2603 during TLS handshake. 2604 type: string 2605 subjectAltNames: 2606 description: A list of alternate names to verify 2607 the subject identity in the certificate. 2608 items: 2609 type: string 2610 type: array 2611 type: object 2612 type: object 2613 type: array 2614 proxyProtocol: 2615 description: The upstream PROXY protocol settings. 2616 properties: 2617 version: 2618 description: |- 2619 The PROXY protocol version to use. 2620 2621 Valid Options: V1, V2 2622 enum: 2623 - V1 2624 - V2 2625 type: string 2626 type: object 2627 tls: 2628 description: TLS related settings for connections to the 2629 upstream service. 2630 properties: 2631 caCertificates: 2632 description: 'OPTIONAL: The path to the file containing 2633 certificate authority certificates to use in verifying 2634 a presented server certificate.' 2635 type: string 2636 caCrl: 2637 description: 'OPTIONAL: The path to the file containing 2638 the certificate revocation list (CRL) to use in verifying 2639 a presented server certificate.' 2640 type: string 2641 clientCertificate: 2642 description: REQUIRED if mode is `MUTUAL`. 2643 type: string 2644 credentialName: 2645 description: The name of the secret that holds the TLS 2646 certs for the client including the CA certificates. 2647 type: string 2648 insecureSkipVerify: 2649 description: '`insecureSkipVerify` specifies whether 2650 the proxy should skip verifying the CA signature and 2651 SAN for the server certificate corresponding to the 2652 host.' 2653 nullable: true 2654 type: boolean 2655 mode: 2656 description: |- 2657 Indicates whether connections to this port should be secured using TLS. 2658 2659 Valid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL 2660 enum: 2661 - DISABLE 2662 - SIMPLE 2663 - MUTUAL 2664 - ISTIO_MUTUAL 2665 type: string 2666 privateKey: 2667 description: REQUIRED if mode is `MUTUAL`. 2668 type: string 2669 sni: 2670 description: SNI string to present to the server during 2671 TLS handshake. 2672 type: string 2673 subjectAltNames: 2674 description: A list of alternate names to verify the 2675 subject identity in the certificate. 2676 items: 2677 type: string 2678 type: array 2679 type: object 2680 tunnel: 2681 description: Configuration of tunneling TCP over other transport 2682 or application layers for the host configured in the DestinationRule. 2683 properties: 2684 protocol: 2685 description: Specifies which protocol to use for tunneling 2686 the downstream connection. 2687 type: string 2688 targetHost: 2689 description: Specifies a host to which the downstream 2690 connection is tunneled. 2691 type: string 2692 targetPort: 2693 description: Specifies a port to which the downstream 2694 connection is tunneled. 2695 maximum: 4294967295 2696 minimum: 0 2697 type: integer 2698 required: 2699 - targetHost 2700 - targetPort 2701 type: object 2702 type: object 2703 required: 2704 - name 2705 type: object 2706 type: array 2707 trafficPolicy: 2708 description: Traffic policies to apply (load balancing policy, connection 2709 pool sizes, outlier detection). 2710 properties: 2711 connectionPool: 2712 properties: 2713 http: 2714 description: HTTP connection pool settings. 2715 properties: 2716 h2UpgradePolicy: 2717 description: |- 2718 Specify if http1.1 connection should be upgraded to http2 for the associated destination. 2719 2720 Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE 2721 enum: 2722 - DEFAULT 2723 - DO_NOT_UPGRADE 2724 - UPGRADE 2725 type: string 2726 http1MaxPendingRequests: 2727 description: Maximum number of requests that will be queued 2728 while waiting for a ready connection pool connection. 2729 format: int32 2730 type: integer 2731 http2MaxRequests: 2732 description: Maximum number of active requests to a destination. 2733 format: int32 2734 type: integer 2735 idleTimeout: 2736 description: The idle timeout for upstream connection 2737 pool connections. 2738 type: string 2739 maxConcurrentStreams: 2740 description: The maximum number of concurrent streams 2741 allowed for a peer on one HTTP/2 connection. 2742 format: int32 2743 type: integer 2744 maxRequestsPerConnection: 2745 description: Maximum number of requests per connection 2746 to a backend. 2747 format: int32 2748 type: integer 2749 maxRetries: 2750 description: Maximum number of retries that can be outstanding 2751 to all hosts in a cluster at a given time. 2752 format: int32 2753 type: integer 2754 useClientProtocol: 2755 description: If set to true, client protocol will be preserved 2756 while initiating connection to backend. 2757 type: boolean 2758 type: object 2759 tcp: 2760 description: Settings common to both HTTP and TCP upstream 2761 connections. 2762 properties: 2763 connectTimeout: 2764 description: TCP connection timeout. 2765 type: string 2766 idleTimeout: 2767 description: The idle timeout for TCP connections. 2768 type: string 2769 maxConnectionDuration: 2770 description: The maximum duration of a connection. 2771 type: string 2772 maxConnections: 2773 description: Maximum number of HTTP1 /TCP connections 2774 to a destination host. 2775 format: int32 2776 type: integer 2777 tcpKeepalive: 2778 description: If set then set SO_KEEPALIVE on the socket 2779 to enable TCP Keepalives. 2780 properties: 2781 interval: 2782 description: The time duration between keep-alive 2783 probes. 2784 type: string 2785 probes: 2786 description: Maximum number of keepalive probes to 2787 send without response before deciding the connection 2788 is dead. 2789 maximum: 4294967295 2790 minimum: 0 2791 type: integer 2792 time: 2793 description: The time duration a connection needs 2794 to be idle before keep-alive probes start being 2795 sent. 2796 type: string 2797 type: object 2798 type: object 2799 type: object 2800 loadBalancer: 2801 description: Settings controlling the load balancer algorithms. 2802 oneOf: 2803 - not: 2804 anyOf: 2805 - required: 2806 - simple 2807 - required: 2808 - consistentHash 2809 - required: 2810 - simple 2811 - required: 2812 - consistentHash 2813 properties: 2814 consistentHash: 2815 allOf: 2816 - oneOf: 2817 - not: 2818 anyOf: 2819 - required: 2820 - httpHeaderName 2821 - required: 2822 - httpCookie 2823 - required: 2824 - useSourceIp 2825 - required: 2826 - httpQueryParameterName 2827 - required: 2828 - httpHeaderName 2829 - required: 2830 - httpCookie 2831 - required: 2832 - useSourceIp 2833 - required: 2834 - httpQueryParameterName 2835 - oneOf: 2836 - not: 2837 anyOf: 2838 - required: 2839 - ringHash 2840 - required: 2841 - maglev 2842 - required: 2843 - ringHash 2844 - required: 2845 - maglev 2846 properties: 2847 httpCookie: 2848 description: Hash based on HTTP cookie. 2849 properties: 2850 name: 2851 description: Name of the cookie. 2852 type: string 2853 path: 2854 description: Path to set for the cookie. 2855 type: string 2856 ttl: 2857 description: Lifetime of the cookie. 2858 type: string 2859 required: 2860 - name 2861 type: object 2862 httpHeaderName: 2863 description: Hash based on a specific HTTP header. 2864 type: string 2865 httpQueryParameterName: 2866 description: Hash based on a specific HTTP query parameter. 2867 type: string 2868 maglev: 2869 description: The Maglev load balancer implements consistent 2870 hashing to backend hosts. 2871 properties: 2872 tableSize: 2873 description: The table size for Maglev hashing. 2874 minimum: 0 2875 type: integer 2876 type: object 2877 minimumRingSize: 2878 description: Deprecated. 2879 minimum: 0 2880 type: integer 2881 ringHash: 2882 description: The ring/modulo hash load balancer implements 2883 consistent hashing to backend hosts. 2884 properties: 2885 minimumRingSize: 2886 description: The minimum number of virtual nodes to 2887 use for the hash ring. 2888 minimum: 0 2889 type: integer 2890 type: object 2891 useSourceIp: 2892 description: Hash based on the source IP address. 2893 type: boolean 2894 type: object 2895 localityLbSetting: 2896 properties: 2897 distribute: 2898 description: 'Optional: only one of distribute, failover 2899 or failoverPriority can be set.' 2900 items: 2901 properties: 2902 from: 2903 description: Originating locality, '/' separated, 2904 e.g. 2905 type: string 2906 to: 2907 additionalProperties: 2908 maximum: 4294967295 2909 minimum: 0 2910 type: integer 2911 description: Map of upstream localities to traffic 2912 distribution weights. 2913 type: object 2914 type: object 2915 type: array 2916 enabled: 2917 description: enable locality load balancing, this is DestinationRule-level 2918 and will override mesh wide settings in entirety. 2919 nullable: true 2920 type: boolean 2921 failover: 2922 description: 'Optional: only one of distribute, failover 2923 or failoverPriority can be set.' 2924 items: 2925 properties: 2926 from: 2927 description: Originating region. 2928 type: string 2929 to: 2930 description: Destination region the traffic will 2931 fail over to when endpoints in the 'from' region 2932 becomes unhealthy. 2933 type: string 2934 type: object 2935 type: array 2936 failoverPriority: 2937 description: failoverPriority is an ordered list of labels 2938 used to sort endpoints to do priority based load balancing. 2939 items: 2940 type: string 2941 type: array 2942 type: object 2943 simple: 2944 description: |2- 2945 2946 2947 Valid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST 2948 enum: 2949 - UNSPECIFIED 2950 - LEAST_CONN 2951 - RANDOM 2952 - PASSTHROUGH 2953 - ROUND_ROBIN 2954 - LEAST_REQUEST 2955 type: string 2956 warmupDurationSecs: 2957 description: Represents the warmup duration of Service. 2958 type: string 2959 type: object 2960 outlierDetection: 2961 properties: 2962 baseEjectionTime: 2963 description: Minimum ejection duration. 2964 type: string 2965 consecutive5xxErrors: 2966 description: Number of 5xx errors before a host is ejected 2967 from the connection pool. 2968 maximum: 4294967295 2969 minimum: 0 2970 nullable: true 2971 type: integer 2972 consecutiveErrors: 2973 format: int32 2974 type: integer 2975 consecutiveGatewayErrors: 2976 description: Number of gateway errors before a host is ejected 2977 from the connection pool. 2978 maximum: 4294967295 2979 minimum: 0 2980 nullable: true 2981 type: integer 2982 consecutiveLocalOriginFailures: 2983 description: The number of consecutive locally originated 2984 failures before ejection occurs. 2985 maximum: 4294967295 2986 minimum: 0 2987 nullable: true 2988 type: integer 2989 interval: 2990 description: Time interval between ejection sweep analysis. 2991 type: string 2992 maxEjectionPercent: 2993 description: Maximum % of hosts in the load balancing pool 2994 for the upstream service that can be ejected. 2995 format: int32 2996 type: integer 2997 minHealthPercent: 2998 description: Outlier detection will be enabled as long as 2999 the associated load balancing pool has at least min_health_percent 3000 hosts in healthy mode. 3001 format: int32 3002 type: integer 3003 splitExternalLocalOriginErrors: 3004 description: Determines whether to distinguish local origin 3005 failures from external errors. 3006 type: boolean 3007 type: object 3008 portLevelSettings: 3009 description: Traffic policies specific to individual ports. 3010 items: 3011 properties: 3012 connectionPool: 3013 properties: 3014 http: 3015 description: HTTP connection pool settings. 3016 properties: 3017 h2UpgradePolicy: 3018 description: |- 3019 Specify if http1.1 connection should be upgraded to http2 for the associated destination. 3020 3021 Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE 3022 enum: 3023 - DEFAULT 3024 - DO_NOT_UPGRADE 3025 - UPGRADE 3026 type: string 3027 http1MaxPendingRequests: 3028 description: Maximum number of requests that will 3029 be queued while waiting for a ready connection 3030 pool connection. 3031 format: int32 3032 type: integer 3033 http2MaxRequests: 3034 description: Maximum number of active requests to 3035 a destination. 3036 format: int32 3037 type: integer 3038 idleTimeout: 3039 description: The idle timeout for upstream connection 3040 pool connections. 3041 type: string 3042 maxConcurrentStreams: 3043 description: The maximum number of concurrent streams 3044 allowed for a peer on one HTTP/2 connection. 3045 format: int32 3046 type: integer 3047 maxRequestsPerConnection: 3048 description: Maximum number of requests per connection 3049 to a backend. 3050 format: int32 3051 type: integer 3052 maxRetries: 3053 description: Maximum number of retries that can 3054 be outstanding to all hosts in a cluster at a 3055 given time. 3056 format: int32 3057 type: integer 3058 useClientProtocol: 3059 description: If set to true, client protocol will 3060 be preserved while initiating connection to backend. 3061 type: boolean 3062 type: object 3063 tcp: 3064 description: Settings common to both HTTP and TCP upstream 3065 connections. 3066 properties: 3067 connectTimeout: 3068 description: TCP connection timeout. 3069 type: string 3070 idleTimeout: 3071 description: The idle timeout for TCP connections. 3072 type: string 3073 maxConnectionDuration: 3074 description: The maximum duration of a connection. 3075 type: string 3076 maxConnections: 3077 description: Maximum number of HTTP1 /TCP connections 3078 to a destination host. 3079 format: int32 3080 type: integer 3081 tcpKeepalive: 3082 description: If set then set SO_KEEPALIVE on the 3083 socket to enable TCP Keepalives. 3084 properties: 3085 interval: 3086 description: The time duration between keep-alive 3087 probes. 3088 type: string 3089 probes: 3090 description: Maximum number of keepalive probes 3091 to send without response before deciding the 3092 connection is dead. 3093 maximum: 4294967295 3094 minimum: 0 3095 type: integer 3096 time: 3097 description: The time duration a connection 3098 needs to be idle before keep-alive probes 3099 start being sent. 3100 type: string 3101 type: object 3102 type: object 3103 type: object 3104 loadBalancer: 3105 description: Settings controlling the load balancer algorithms. 3106 oneOf: 3107 - not: 3108 anyOf: 3109 - required: 3110 - simple 3111 - required: 3112 - consistentHash 3113 - required: 3114 - simple 3115 - required: 3116 - consistentHash 3117 properties: 3118 consistentHash: 3119 allOf: 3120 - oneOf: 3121 - not: 3122 anyOf: 3123 - required: 3124 - httpHeaderName 3125 - required: 3126 - httpCookie 3127 - required: 3128 - useSourceIp 3129 - required: 3130 - httpQueryParameterName 3131 - required: 3132 - httpHeaderName 3133 - required: 3134 - httpCookie 3135 - required: 3136 - useSourceIp 3137 - required: 3138 - httpQueryParameterName 3139 - oneOf: 3140 - not: 3141 anyOf: 3142 - required: 3143 - ringHash 3144 - required: 3145 - maglev 3146 - required: 3147 - ringHash 3148 - required: 3149 - maglev 3150 properties: 3151 httpCookie: 3152 description: Hash based on HTTP cookie. 3153 properties: 3154 name: 3155 description: Name of the cookie. 3156 type: string 3157 path: 3158 description: Path to set for the cookie. 3159 type: string 3160 ttl: 3161 description: Lifetime of the cookie. 3162 type: string 3163 required: 3164 - name 3165 type: object 3166 httpHeaderName: 3167 description: Hash based on a specific HTTP header. 3168 type: string 3169 httpQueryParameterName: 3170 description: Hash based on a specific HTTP query 3171 parameter. 3172 type: string 3173 maglev: 3174 description: The Maglev load balancer implements 3175 consistent hashing to backend hosts. 3176 properties: 3177 tableSize: 3178 description: The table size for Maglev hashing. 3179 minimum: 0 3180 type: integer 3181 type: object 3182 minimumRingSize: 3183 description: Deprecated. 3184 minimum: 0 3185 type: integer 3186 ringHash: 3187 description: The ring/modulo hash load balancer 3188 implements consistent hashing to backend hosts. 3189 properties: 3190 minimumRingSize: 3191 description: The minimum number of virtual nodes 3192 to use for the hash ring. 3193 minimum: 0 3194 type: integer 3195 type: object 3196 useSourceIp: 3197 description: Hash based on the source IP address. 3198 type: boolean 3199 type: object 3200 localityLbSetting: 3201 properties: 3202 distribute: 3203 description: 'Optional: only one of distribute, 3204 failover or failoverPriority can be set.' 3205 items: 3206 properties: 3207 from: 3208 description: Originating locality, '/' separated, 3209 e.g. 3210 type: string 3211 to: 3212 additionalProperties: 3213 maximum: 4294967295 3214 minimum: 0 3215 type: integer 3216 description: Map of upstream localities to 3217 traffic distribution weights. 3218 type: object 3219 type: object 3220 type: array 3221 enabled: 3222 description: enable locality load balancing, this 3223 is DestinationRule-level and will override mesh 3224 wide settings in entirety. 3225 nullable: true 3226 type: boolean 3227 failover: 3228 description: 'Optional: only one of distribute, 3229 failover or failoverPriority can be set.' 3230 items: 3231 properties: 3232 from: 3233 description: Originating region. 3234 type: string 3235 to: 3236 description: Destination region the traffic 3237 will fail over to when endpoints in the 3238 'from' region becomes unhealthy. 3239 type: string 3240 type: object 3241 type: array 3242 failoverPriority: 3243 description: failoverPriority is an ordered list 3244 of labels used to sort endpoints to do priority 3245 based load balancing. 3246 items: 3247 type: string 3248 type: array 3249 type: object 3250 simple: 3251 description: |2- 3252 3253 3254 Valid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST 3255 enum: 3256 - UNSPECIFIED 3257 - LEAST_CONN 3258 - RANDOM 3259 - PASSTHROUGH 3260 - ROUND_ROBIN 3261 - LEAST_REQUEST 3262 type: string 3263 warmupDurationSecs: 3264 description: Represents the warmup duration of Service. 3265 type: string 3266 type: object 3267 outlierDetection: 3268 properties: 3269 baseEjectionTime: 3270 description: Minimum ejection duration. 3271 type: string 3272 consecutive5xxErrors: 3273 description: Number of 5xx errors before a host is ejected 3274 from the connection pool. 3275 maximum: 4294967295 3276 minimum: 0 3277 nullable: true 3278 type: integer 3279 consecutiveErrors: 3280 format: int32 3281 type: integer 3282 consecutiveGatewayErrors: 3283 description: Number of gateway errors before a host 3284 is ejected from the connection pool. 3285 maximum: 4294967295 3286 minimum: 0 3287 nullable: true 3288 type: integer 3289 consecutiveLocalOriginFailures: 3290 description: The number of consecutive locally originated 3291 failures before ejection occurs. 3292 maximum: 4294967295 3293 minimum: 0 3294 nullable: true 3295 type: integer 3296 interval: 3297 description: Time interval between ejection sweep analysis. 3298 type: string 3299 maxEjectionPercent: 3300 description: Maximum % of hosts in the load balancing 3301 pool for the upstream service that can be ejected. 3302 format: int32 3303 type: integer 3304 minHealthPercent: 3305 description: Outlier detection will be enabled as long 3306 as the associated load balancing pool has at least 3307 min_health_percent hosts in healthy mode. 3308 format: int32 3309 type: integer 3310 splitExternalLocalOriginErrors: 3311 description: Determines whether to distinguish local 3312 origin failures from external errors. 3313 type: boolean 3314 type: object 3315 port: 3316 description: Specifies the number of a port on the destination 3317 service on which this policy is being applied. 3318 properties: 3319 number: 3320 maximum: 4294967295 3321 minimum: 0 3322 type: integer 3323 type: object 3324 tls: 3325 description: TLS related settings for connections to the 3326 upstream service. 3327 properties: 3328 caCertificates: 3329 description: 'OPTIONAL: The path to the file containing 3330 certificate authority certificates to use in verifying 3331 a presented server certificate.' 3332 type: string 3333 caCrl: 3334 description: 'OPTIONAL: The path to the file containing 3335 the certificate revocation list (CRL) to use in verifying 3336 a presented server certificate.' 3337 type: string 3338 clientCertificate: 3339 description: REQUIRED if mode is `MUTUAL`. 3340 type: string 3341 credentialName: 3342 description: The name of the secret that holds the TLS 3343 certs for the client including the CA certificates. 3344 type: string 3345 insecureSkipVerify: 3346 description: '`insecureSkipVerify` specifies whether 3347 the proxy should skip verifying the CA signature and 3348 SAN for the server certificate corresponding to the 3349 host.' 3350 nullable: true 3351 type: boolean 3352 mode: 3353 description: |- 3354 Indicates whether connections to this port should be secured using TLS. 3355 3356 Valid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL 3357 enum: 3358 - DISABLE 3359 - SIMPLE 3360 - MUTUAL 3361 - ISTIO_MUTUAL 3362 type: string 3363 privateKey: 3364 description: REQUIRED if mode is `MUTUAL`. 3365 type: string 3366 sni: 3367 description: SNI string to present to the server during 3368 TLS handshake. 3369 type: string 3370 subjectAltNames: 3371 description: A list of alternate names to verify the 3372 subject identity in the certificate. 3373 items: 3374 type: string 3375 type: array 3376 type: object 3377 type: object 3378 type: array 3379 proxyProtocol: 3380 description: The upstream PROXY protocol settings. 3381 properties: 3382 version: 3383 description: |- 3384 The PROXY protocol version to use. 3385 3386 Valid Options: V1, V2 3387 enum: 3388 - V1 3389 - V2 3390 type: string 3391 type: object 3392 tls: 3393 description: TLS related settings for connections to the upstream 3394 service. 3395 properties: 3396 caCertificates: 3397 description: 'OPTIONAL: The path to the file containing certificate 3398 authority certificates to use in verifying a presented server 3399 certificate.' 3400 type: string 3401 caCrl: 3402 description: 'OPTIONAL: The path to the file containing the 3403 certificate revocation list (CRL) to use in verifying a 3404 presented server certificate.' 3405 type: string 3406 clientCertificate: 3407 description: REQUIRED if mode is `MUTUAL`. 3408 type: string 3409 credentialName: 3410 description: The name of the secret that holds the TLS certs 3411 for the client including the CA certificates. 3412 type: string 3413 insecureSkipVerify: 3414 description: '`insecureSkipVerify` specifies whether the proxy 3415 should skip verifying the CA signature and SAN for the server 3416 certificate corresponding to the host.' 3417 nullable: true 3418 type: boolean 3419 mode: 3420 description: |- 3421 Indicates whether connections to this port should be secured using TLS. 3422 3423 Valid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL 3424 enum: 3425 - DISABLE 3426 - SIMPLE 3427 - MUTUAL 3428 - ISTIO_MUTUAL 3429 type: string 3430 privateKey: 3431 description: REQUIRED if mode is `MUTUAL`. 3432 type: string 3433 sni: 3434 description: SNI string to present to the server during TLS 3435 handshake. 3436 type: string 3437 subjectAltNames: 3438 description: A list of alternate names to verify the subject 3439 identity in the certificate. 3440 items: 3441 type: string 3442 type: array 3443 type: object 3444 tunnel: 3445 description: Configuration of tunneling TCP over other transport 3446 or application layers for the host configured in the DestinationRule. 3447 properties: 3448 protocol: 3449 description: Specifies which protocol to use for tunneling 3450 the downstream connection. 3451 type: string 3452 targetHost: 3453 description: Specifies a host to which the downstream connection 3454 is tunneled. 3455 type: string 3456 targetPort: 3457 description: Specifies a port to which the downstream connection 3458 is tunneled. 3459 maximum: 4294967295 3460 minimum: 0 3461 type: integer 3462 required: 3463 - targetHost 3464 - targetPort 3465 type: object 3466 type: object 3467 workloadSelector: 3468 description: Criteria used to select the specific set of pods/VMs 3469 on which this `DestinationRule` configuration should be applied. 3470 properties: 3471 matchLabels: 3472 additionalProperties: 3473 type: string 3474 description: One or more labels that indicate a specific set of 3475 pods/VMs on which a policy should be applied. 3476 type: object 3477 type: object 3478 required: 3479 - host 3480 type: object 3481 status: 3482 type: object 3483 x-kubernetes-preserve-unknown-fields: true 3484 type: object 3485 served: true 3486 storage: false 3487 subresources: 3488 status: {} 3489 - additionalPrinterColumns: 3490 - description: The name of a service from the service registry 3491 jsonPath: .spec.host 3492 name: Host 3493 type: string 3494 - description: 'CreationTimestamp is a timestamp representing the server time 3495 when this object was created. It is not guaranteed to be set in happens-before 3496 order across separate operations. Clients may not set this value. It is represented 3497 in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for 3498 lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' 3499 jsonPath: .metadata.creationTimestamp 3500 name: Age 3501 type: date 3502 name: v1beta1 3503 schema: 3504 openAPIV3Schema: 3505 properties: 3506 spec: 3507 description: 'Configuration affecting load balancing, outlier detection, 3508 etc. See more details at: https://istio.io/docs/reference/config/networking/destination-rule.html' 3509 properties: 3510 exportTo: 3511 description: A list of namespaces to which this destination rule is 3512 exported. 3513 items: 3514 type: string 3515 type: array 3516 host: 3517 description: The name of a service from the service registry. 3518 type: string 3519 subsets: 3520 description: One or more named sets that represent individual versions 3521 of a service. 3522 items: 3523 properties: 3524 labels: 3525 additionalProperties: 3526 type: string 3527 description: Labels apply a filter over the endpoints of a service 3528 in the service registry. 3529 type: object 3530 name: 3531 description: Name of the subset. 3532 type: string 3533 trafficPolicy: 3534 description: Traffic policies that apply to this subset. 3535 properties: 3536 connectionPool: 3537 properties: 3538 http: 3539 description: HTTP connection pool settings. 3540 properties: 3541 h2UpgradePolicy: 3542 description: |- 3543 Specify if http1.1 connection should be upgraded to http2 for the associated destination. 3544 3545 Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE 3546 enum: 3547 - DEFAULT 3548 - DO_NOT_UPGRADE 3549 - UPGRADE 3550 type: string 3551 http1MaxPendingRequests: 3552 description: Maximum number of requests that will 3553 be queued while waiting for a ready connection 3554 pool connection. 3555 format: int32 3556 type: integer 3557 http2MaxRequests: 3558 description: Maximum number of active requests to 3559 a destination. 3560 format: int32 3561 type: integer 3562 idleTimeout: 3563 description: The idle timeout for upstream connection 3564 pool connections. 3565 type: string 3566 maxConcurrentStreams: 3567 description: The maximum number of concurrent streams 3568 allowed for a peer on one HTTP/2 connection. 3569 format: int32 3570 type: integer 3571 maxRequestsPerConnection: 3572 description: Maximum number of requests per connection 3573 to a backend. 3574 format: int32 3575 type: integer 3576 maxRetries: 3577 description: Maximum number of retries that can 3578 be outstanding to all hosts in a cluster at a 3579 given time. 3580 format: int32 3581 type: integer 3582 useClientProtocol: 3583 description: If set to true, client protocol will 3584 be preserved while initiating connection to backend. 3585 type: boolean 3586 type: object 3587 tcp: 3588 description: Settings common to both HTTP and TCP upstream 3589 connections. 3590 properties: 3591 connectTimeout: 3592 description: TCP connection timeout. 3593 type: string 3594 idleTimeout: 3595 description: The idle timeout for TCP connections. 3596 type: string 3597 maxConnectionDuration: 3598 description: The maximum duration of a connection. 3599 type: string 3600 maxConnections: 3601 description: Maximum number of HTTP1 /TCP connections 3602 to a destination host. 3603 format: int32 3604 type: integer 3605 tcpKeepalive: 3606 description: If set then set SO_KEEPALIVE on the 3607 socket to enable TCP Keepalives. 3608 properties: 3609 interval: 3610 description: The time duration between keep-alive 3611 probes. 3612 type: string 3613 probes: 3614 description: Maximum number of keepalive probes 3615 to send without response before deciding the 3616 connection is dead. 3617 maximum: 4294967295 3618 minimum: 0 3619 type: integer 3620 time: 3621 description: The time duration a connection 3622 needs to be idle before keep-alive probes 3623 start being sent. 3624 type: string 3625 type: object 3626 type: object 3627 type: object 3628 loadBalancer: 3629 description: Settings controlling the load balancer algorithms. 3630 oneOf: 3631 - not: 3632 anyOf: 3633 - required: 3634 - simple 3635 - required: 3636 - consistentHash 3637 - required: 3638 - simple 3639 - required: 3640 - consistentHash 3641 properties: 3642 consistentHash: 3643 allOf: 3644 - oneOf: 3645 - not: 3646 anyOf: 3647 - required: 3648 - httpHeaderName 3649 - required: 3650 - httpCookie 3651 - required: 3652 - useSourceIp 3653 - required: 3654 - httpQueryParameterName 3655 - required: 3656 - httpHeaderName 3657 - required: 3658 - httpCookie 3659 - required: 3660 - useSourceIp 3661 - required: 3662 - httpQueryParameterName 3663 - oneOf: 3664 - not: 3665 anyOf: 3666 - required: 3667 - ringHash 3668 - required: 3669 - maglev 3670 - required: 3671 - ringHash 3672 - required: 3673 - maglev 3674 properties: 3675 httpCookie: 3676 description: Hash based on HTTP cookie. 3677 properties: 3678 name: 3679 description: Name of the cookie. 3680 type: string 3681 path: 3682 description: Path to set for the cookie. 3683 type: string 3684 ttl: 3685 description: Lifetime of the cookie. 3686 type: string 3687 required: 3688 - name 3689 type: object 3690 httpHeaderName: 3691 description: Hash based on a specific HTTP header. 3692 type: string 3693 httpQueryParameterName: 3694 description: Hash based on a specific HTTP query 3695 parameter. 3696 type: string 3697 maglev: 3698 description: The Maglev load balancer implements 3699 consistent hashing to backend hosts. 3700 properties: 3701 tableSize: 3702 description: The table size for Maglev hashing. 3703 minimum: 0 3704 type: integer 3705 type: object 3706 minimumRingSize: 3707 description: Deprecated. 3708 minimum: 0 3709 type: integer 3710 ringHash: 3711 description: The ring/modulo hash load balancer 3712 implements consistent hashing to backend hosts. 3713 properties: 3714 minimumRingSize: 3715 description: The minimum number of virtual nodes 3716 to use for the hash ring. 3717 minimum: 0 3718 type: integer 3719 type: object 3720 useSourceIp: 3721 description: Hash based on the source IP address. 3722 type: boolean 3723 type: object 3724 localityLbSetting: 3725 properties: 3726 distribute: 3727 description: 'Optional: only one of distribute, 3728 failover or failoverPriority can be set.' 3729 items: 3730 properties: 3731 from: 3732 description: Originating locality, '/' separated, 3733 e.g. 3734 type: string 3735 to: 3736 additionalProperties: 3737 maximum: 4294967295 3738 minimum: 0 3739 type: integer 3740 description: Map of upstream localities to 3741 traffic distribution weights. 3742 type: object 3743 type: object 3744 type: array 3745 enabled: 3746 description: enable locality load balancing, this 3747 is DestinationRule-level and will override mesh 3748 wide settings in entirety. 3749 nullable: true 3750 type: boolean 3751 failover: 3752 description: 'Optional: only one of distribute, 3753 failover or failoverPriority can be set.' 3754 items: 3755 properties: 3756 from: 3757 description: Originating region. 3758 type: string 3759 to: 3760 description: Destination region the traffic 3761 will fail over to when endpoints in the 3762 'from' region becomes unhealthy. 3763 type: string 3764 type: object 3765 type: array 3766 failoverPriority: 3767 description: failoverPriority is an ordered list 3768 of labels used to sort endpoints to do priority 3769 based load balancing. 3770 items: 3771 type: string 3772 type: array 3773 type: object 3774 simple: 3775 description: |2- 3776 3777 3778 Valid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST 3779 enum: 3780 - UNSPECIFIED 3781 - LEAST_CONN 3782 - RANDOM 3783 - PASSTHROUGH 3784 - ROUND_ROBIN 3785 - LEAST_REQUEST 3786 type: string 3787 warmupDurationSecs: 3788 description: Represents the warmup duration of Service. 3789 type: string 3790 type: object 3791 outlierDetection: 3792 properties: 3793 baseEjectionTime: 3794 description: Minimum ejection duration. 3795 type: string 3796 consecutive5xxErrors: 3797 description: Number of 5xx errors before a host is ejected 3798 from the connection pool. 3799 maximum: 4294967295 3800 minimum: 0 3801 nullable: true 3802 type: integer 3803 consecutiveErrors: 3804 format: int32 3805 type: integer 3806 consecutiveGatewayErrors: 3807 description: Number of gateway errors before a host 3808 is ejected from the connection pool. 3809 maximum: 4294967295 3810 minimum: 0 3811 nullable: true 3812 type: integer 3813 consecutiveLocalOriginFailures: 3814 description: The number of consecutive locally originated 3815 failures before ejection occurs. 3816 maximum: 4294967295 3817 minimum: 0 3818 nullable: true 3819 type: integer 3820 interval: 3821 description: Time interval between ejection sweep analysis. 3822 type: string 3823 maxEjectionPercent: 3824 description: Maximum % of hosts in the load balancing 3825 pool for the upstream service that can be ejected. 3826 format: int32 3827 type: integer 3828 minHealthPercent: 3829 description: Outlier detection will be enabled as long 3830 as the associated load balancing pool has at least 3831 min_health_percent hosts in healthy mode. 3832 format: int32 3833 type: integer 3834 splitExternalLocalOriginErrors: 3835 description: Determines whether to distinguish local 3836 origin failures from external errors. 3837 type: boolean 3838 type: object 3839 portLevelSettings: 3840 description: Traffic policies specific to individual ports. 3841 items: 3842 properties: 3843 connectionPool: 3844 properties: 3845 http: 3846 description: HTTP connection pool settings. 3847 properties: 3848 h2UpgradePolicy: 3849 description: |- 3850 Specify if http1.1 connection should be upgraded to http2 for the associated destination. 3851 3852 Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE 3853 enum: 3854 - DEFAULT 3855 - DO_NOT_UPGRADE 3856 - UPGRADE 3857 type: string 3858 http1MaxPendingRequests: 3859 description: Maximum number of requests that 3860 will be queued while waiting for a ready 3861 connection pool connection. 3862 format: int32 3863 type: integer 3864 http2MaxRequests: 3865 description: Maximum number of active requests 3866 to a destination. 3867 format: int32 3868 type: integer 3869 idleTimeout: 3870 description: The idle timeout for upstream 3871 connection pool connections. 3872 type: string 3873 maxConcurrentStreams: 3874 description: The maximum number of concurrent 3875 streams allowed for a peer on one HTTP/2 3876 connection. 3877 format: int32 3878 type: integer 3879 maxRequestsPerConnection: 3880 description: Maximum number of requests per 3881 connection to a backend. 3882 format: int32 3883 type: integer 3884 maxRetries: 3885 description: Maximum number of retries that 3886 can be outstanding to all hosts in a cluster 3887 at a given time. 3888 format: int32 3889 type: integer 3890 useClientProtocol: 3891 description: If set to true, client protocol 3892 will be preserved while initiating connection 3893 to backend. 3894 type: boolean 3895 type: object 3896 tcp: 3897 description: Settings common to both HTTP and 3898 TCP upstream connections. 3899 properties: 3900 connectTimeout: 3901 description: TCP connection timeout. 3902 type: string 3903 idleTimeout: 3904 description: The idle timeout for TCP connections. 3905 type: string 3906 maxConnectionDuration: 3907 description: The maximum duration of a connection. 3908 type: string 3909 maxConnections: 3910 description: Maximum number of HTTP1 /TCP 3911 connections to a destination host. 3912 format: int32 3913 type: integer 3914 tcpKeepalive: 3915 description: If set then set SO_KEEPALIVE 3916 on the socket to enable TCP Keepalives. 3917 properties: 3918 interval: 3919 description: The time duration between 3920 keep-alive probes. 3921 type: string 3922 probes: 3923 description: Maximum number of keepalive 3924 probes to send without response before 3925 deciding the connection is dead. 3926 maximum: 4294967295 3927 minimum: 0 3928 type: integer 3929 time: 3930 description: The time duration a connection 3931 needs to be idle before keep-alive probes 3932 start being sent. 3933 type: string 3934 type: object 3935 type: object 3936 type: object 3937 loadBalancer: 3938 description: Settings controlling the load balancer 3939 algorithms. 3940 oneOf: 3941 - not: 3942 anyOf: 3943 - required: 3944 - simple 3945 - required: 3946 - consistentHash 3947 - required: 3948 - simple 3949 - required: 3950 - consistentHash 3951 properties: 3952 consistentHash: 3953 allOf: 3954 - oneOf: 3955 - not: 3956 anyOf: 3957 - required: 3958 - httpHeaderName 3959 - required: 3960 - httpCookie 3961 - required: 3962 - useSourceIp 3963 - required: 3964 - httpQueryParameterName 3965 - required: 3966 - httpHeaderName 3967 - required: 3968 - httpCookie 3969 - required: 3970 - useSourceIp 3971 - required: 3972 - httpQueryParameterName 3973 - oneOf: 3974 - not: 3975 anyOf: 3976 - required: 3977 - ringHash 3978 - required: 3979 - maglev 3980 - required: 3981 - ringHash 3982 - required: 3983 - maglev 3984 properties: 3985 httpCookie: 3986 description: Hash based on HTTP cookie. 3987 properties: 3988 name: 3989 description: Name of the cookie. 3990 type: string 3991 path: 3992 description: Path to set for the cookie. 3993 type: string 3994 ttl: 3995 description: Lifetime of the cookie. 3996 type: string 3997 required: 3998 - name 3999 type: object 4000 httpHeaderName: 4001 description: Hash based on a specific HTTP 4002 header. 4003 type: string 4004 httpQueryParameterName: 4005 description: Hash based on a specific HTTP 4006 query parameter. 4007 type: string 4008 maglev: 4009 description: The Maglev load balancer implements 4010 consistent hashing to backend hosts. 4011 properties: 4012 tableSize: 4013 description: The table size for Maglev 4014 hashing. 4015 minimum: 0 4016 type: integer 4017 type: object 4018 minimumRingSize: 4019 description: Deprecated. 4020 minimum: 0 4021 type: integer 4022 ringHash: 4023 description: The ring/modulo hash load balancer 4024 implements consistent hashing to backend 4025 hosts. 4026 properties: 4027 minimumRingSize: 4028 description: The minimum number of virtual 4029 nodes to use for the hash ring. 4030 minimum: 0 4031 type: integer 4032 type: object 4033 useSourceIp: 4034 description: Hash based on the source IP address. 4035 type: boolean 4036 type: object 4037 localityLbSetting: 4038 properties: 4039 distribute: 4040 description: 'Optional: only one of distribute, 4041 failover or failoverPriority can be set.' 4042 items: 4043 properties: 4044 from: 4045 description: Originating locality, '/' 4046 separated, e.g. 4047 type: string 4048 to: 4049 additionalProperties: 4050 maximum: 4294967295 4051 minimum: 0 4052 type: integer 4053 description: Map of upstream localities 4054 to traffic distribution weights. 4055 type: object 4056 type: object 4057 type: array 4058 enabled: 4059 description: enable locality load balancing, 4060 this is DestinationRule-level and will override 4061 mesh wide settings in entirety. 4062 nullable: true 4063 type: boolean 4064 failover: 4065 description: 'Optional: only one of distribute, 4066 failover or failoverPriority can be set.' 4067 items: 4068 properties: 4069 from: 4070 description: Originating region. 4071 type: string 4072 to: 4073 description: Destination region the 4074 traffic will fail over to when endpoints 4075 in the 'from' region becomes unhealthy. 4076 type: string 4077 type: object 4078 type: array 4079 failoverPriority: 4080 description: failoverPriority is an ordered 4081 list of labels used to sort endpoints to 4082 do priority based load balancing. 4083 items: 4084 type: string 4085 type: array 4086 type: object 4087 simple: 4088 description: |2- 4089 4090 4091 Valid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST 4092 enum: 4093 - UNSPECIFIED 4094 - LEAST_CONN 4095 - RANDOM 4096 - PASSTHROUGH 4097 - ROUND_ROBIN 4098 - LEAST_REQUEST 4099 type: string 4100 warmupDurationSecs: 4101 description: Represents the warmup duration of 4102 Service. 4103 type: string 4104 type: object 4105 outlierDetection: 4106 properties: 4107 baseEjectionTime: 4108 description: Minimum ejection duration. 4109 type: string 4110 consecutive5xxErrors: 4111 description: Number of 5xx errors before a host 4112 is ejected from the connection pool. 4113 maximum: 4294967295 4114 minimum: 0 4115 nullable: true 4116 type: integer 4117 consecutiveErrors: 4118 format: int32 4119 type: integer 4120 consecutiveGatewayErrors: 4121 description: Number of gateway errors before a 4122 host is ejected from the connection pool. 4123 maximum: 4294967295 4124 minimum: 0 4125 nullable: true 4126 type: integer 4127 consecutiveLocalOriginFailures: 4128 description: The number of consecutive locally 4129 originated failures before ejection occurs. 4130 maximum: 4294967295 4131 minimum: 0 4132 nullable: true 4133 type: integer 4134 interval: 4135 description: Time interval between ejection sweep 4136 analysis. 4137 type: string 4138 maxEjectionPercent: 4139 description: Maximum % of hosts in the load balancing 4140 pool for the upstream service that can be ejected. 4141 format: int32 4142 type: integer 4143 minHealthPercent: 4144 description: Outlier detection will be enabled 4145 as long as the associated load balancing pool 4146 has at least min_health_percent hosts in healthy 4147 mode. 4148 format: int32 4149 type: integer 4150 splitExternalLocalOriginErrors: 4151 description: Determines whether to distinguish 4152 local origin failures from external errors. 4153 type: boolean 4154 type: object 4155 port: 4156 description: Specifies the number of a port on the 4157 destination service on which this policy is being 4158 applied. 4159 properties: 4160 number: 4161 maximum: 4294967295 4162 minimum: 0 4163 type: integer 4164 type: object 4165 tls: 4166 description: TLS related settings for connections 4167 to the upstream service. 4168 properties: 4169 caCertificates: 4170 description: 'OPTIONAL: The path to the file containing 4171 certificate authority certificates to use in 4172 verifying a presented server certificate.' 4173 type: string 4174 caCrl: 4175 description: 'OPTIONAL: The path to the file containing 4176 the certificate revocation list (CRL) to use 4177 in verifying a presented server certificate.' 4178 type: string 4179 clientCertificate: 4180 description: REQUIRED if mode is `MUTUAL`. 4181 type: string 4182 credentialName: 4183 description: The name of the secret that holds 4184 the TLS certs for the client including the CA 4185 certificates. 4186 type: string 4187 insecureSkipVerify: 4188 description: '`insecureSkipVerify` specifies whether 4189 the proxy should skip verifying the CA signature 4190 and SAN for the server certificate corresponding 4191 to the host.' 4192 nullable: true 4193 type: boolean 4194 mode: 4195 description: |- 4196 Indicates whether connections to this port should be secured using TLS. 4197 4198 Valid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL 4199 enum: 4200 - DISABLE 4201 - SIMPLE 4202 - MUTUAL 4203 - ISTIO_MUTUAL 4204 type: string 4205 privateKey: 4206 description: REQUIRED if mode is `MUTUAL`. 4207 type: string 4208 sni: 4209 description: SNI string to present to the server 4210 during TLS handshake. 4211 type: string 4212 subjectAltNames: 4213 description: A list of alternate names to verify 4214 the subject identity in the certificate. 4215 items: 4216 type: string 4217 type: array 4218 type: object 4219 type: object 4220 type: array 4221 proxyProtocol: 4222 description: The upstream PROXY protocol settings. 4223 properties: 4224 version: 4225 description: |- 4226 The PROXY protocol version to use. 4227 4228 Valid Options: V1, V2 4229 enum: 4230 - V1 4231 - V2 4232 type: string 4233 type: object 4234 tls: 4235 description: TLS related settings for connections to the 4236 upstream service. 4237 properties: 4238 caCertificates: 4239 description: 'OPTIONAL: The path to the file containing 4240 certificate authority certificates to use in verifying 4241 a presented server certificate.' 4242 type: string 4243 caCrl: 4244 description: 'OPTIONAL: The path to the file containing 4245 the certificate revocation list (CRL) to use in verifying 4246 a presented server certificate.' 4247 type: string 4248 clientCertificate: 4249 description: REQUIRED if mode is `MUTUAL`. 4250 type: string 4251 credentialName: 4252 description: The name of the secret that holds the TLS 4253 certs for the client including the CA certificates. 4254 type: string 4255 insecureSkipVerify: 4256 description: '`insecureSkipVerify` specifies whether 4257 the proxy should skip verifying the CA signature and 4258 SAN for the server certificate corresponding to the 4259 host.' 4260 nullable: true 4261 type: boolean 4262 mode: 4263 description: |- 4264 Indicates whether connections to this port should be secured using TLS. 4265 4266 Valid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL 4267 enum: 4268 - DISABLE 4269 - SIMPLE 4270 - MUTUAL 4271 - ISTIO_MUTUAL 4272 type: string 4273 privateKey: 4274 description: REQUIRED if mode is `MUTUAL`. 4275 type: string 4276 sni: 4277 description: SNI string to present to the server during 4278 TLS handshake. 4279 type: string 4280 subjectAltNames: 4281 description: A list of alternate names to verify the 4282 subject identity in the certificate. 4283 items: 4284 type: string 4285 type: array 4286 type: object 4287 tunnel: 4288 description: Configuration of tunneling TCP over other transport 4289 or application layers for the host configured in the DestinationRule. 4290 properties: 4291 protocol: 4292 description: Specifies which protocol to use for tunneling 4293 the downstream connection. 4294 type: string 4295 targetHost: 4296 description: Specifies a host to which the downstream 4297 connection is tunneled. 4298 type: string 4299 targetPort: 4300 description: Specifies a port to which the downstream 4301 connection is tunneled. 4302 maximum: 4294967295 4303 minimum: 0 4304 type: integer 4305 required: 4306 - targetHost 4307 - targetPort 4308 type: object 4309 type: object 4310 required: 4311 - name 4312 type: object 4313 type: array 4314 trafficPolicy: 4315 description: Traffic policies to apply (load balancing policy, connection 4316 pool sizes, outlier detection). 4317 properties: 4318 connectionPool: 4319 properties: 4320 http: 4321 description: HTTP connection pool settings. 4322 properties: 4323 h2UpgradePolicy: 4324 description: |- 4325 Specify if http1.1 connection should be upgraded to http2 for the associated destination. 4326 4327 Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE 4328 enum: 4329 - DEFAULT 4330 - DO_NOT_UPGRADE 4331 - UPGRADE 4332 type: string 4333 http1MaxPendingRequests: 4334 description: Maximum number of requests that will be queued 4335 while waiting for a ready connection pool connection. 4336 format: int32 4337 type: integer 4338 http2MaxRequests: 4339 description: Maximum number of active requests to a destination. 4340 format: int32 4341 type: integer 4342 idleTimeout: 4343 description: The idle timeout for upstream connection 4344 pool connections. 4345 type: string 4346 maxConcurrentStreams: 4347 description: The maximum number of concurrent streams 4348 allowed for a peer on one HTTP/2 connection. 4349 format: int32 4350 type: integer 4351 maxRequestsPerConnection: 4352 description: Maximum number of requests per connection 4353 to a backend. 4354 format: int32 4355 type: integer 4356 maxRetries: 4357 description: Maximum number of retries that can be outstanding 4358 to all hosts in a cluster at a given time. 4359 format: int32 4360 type: integer 4361 useClientProtocol: 4362 description: If set to true, client protocol will be preserved 4363 while initiating connection to backend. 4364 type: boolean 4365 type: object 4366 tcp: 4367 description: Settings common to both HTTP and TCP upstream 4368 connections. 4369 properties: 4370 connectTimeout: 4371 description: TCP connection timeout. 4372 type: string 4373 idleTimeout: 4374 description: The idle timeout for TCP connections. 4375 type: string 4376 maxConnectionDuration: 4377 description: The maximum duration of a connection. 4378 type: string 4379 maxConnections: 4380 description: Maximum number of HTTP1 /TCP connections 4381 to a destination host. 4382 format: int32 4383 type: integer 4384 tcpKeepalive: 4385 description: If set then set SO_KEEPALIVE on the socket 4386 to enable TCP Keepalives. 4387 properties: 4388 interval: 4389 description: The time duration between keep-alive 4390 probes. 4391 type: string 4392 probes: 4393 description: Maximum number of keepalive probes to 4394 send without response before deciding the connection 4395 is dead. 4396 maximum: 4294967295 4397 minimum: 0 4398 type: integer 4399 time: 4400 description: The time duration a connection needs 4401 to be idle before keep-alive probes start being 4402 sent. 4403 type: string 4404 type: object 4405 type: object 4406 type: object 4407 loadBalancer: 4408 description: Settings controlling the load balancer algorithms. 4409 oneOf: 4410 - not: 4411 anyOf: 4412 - required: 4413 - simple 4414 - required: 4415 - consistentHash 4416 - required: 4417 - simple 4418 - required: 4419 - consistentHash 4420 properties: 4421 consistentHash: 4422 allOf: 4423 - oneOf: 4424 - not: 4425 anyOf: 4426 - required: 4427 - httpHeaderName 4428 - required: 4429 - httpCookie 4430 - required: 4431 - useSourceIp 4432 - required: 4433 - httpQueryParameterName 4434 - required: 4435 - httpHeaderName 4436 - required: 4437 - httpCookie 4438 - required: 4439 - useSourceIp 4440 - required: 4441 - httpQueryParameterName 4442 - oneOf: 4443 - not: 4444 anyOf: 4445 - required: 4446 - ringHash 4447 - required: 4448 - maglev 4449 - required: 4450 - ringHash 4451 - required: 4452 - maglev 4453 properties: 4454 httpCookie: 4455 description: Hash based on HTTP cookie. 4456 properties: 4457 name: 4458 description: Name of the cookie. 4459 type: string 4460 path: 4461 description: Path to set for the cookie. 4462 type: string 4463 ttl: 4464 description: Lifetime of the cookie. 4465 type: string 4466 required: 4467 - name 4468 type: object 4469 httpHeaderName: 4470 description: Hash based on a specific HTTP header. 4471 type: string 4472 httpQueryParameterName: 4473 description: Hash based on a specific HTTP query parameter. 4474 type: string 4475 maglev: 4476 description: The Maglev load balancer implements consistent 4477 hashing to backend hosts. 4478 properties: 4479 tableSize: 4480 description: The table size for Maglev hashing. 4481 minimum: 0 4482 type: integer 4483 type: object 4484 minimumRingSize: 4485 description: Deprecated. 4486 minimum: 0 4487 type: integer 4488 ringHash: 4489 description: The ring/modulo hash load balancer implements 4490 consistent hashing to backend hosts. 4491 properties: 4492 minimumRingSize: 4493 description: The minimum number of virtual nodes to 4494 use for the hash ring. 4495 minimum: 0 4496 type: integer 4497 type: object 4498 useSourceIp: 4499 description: Hash based on the source IP address. 4500 type: boolean 4501 type: object 4502 localityLbSetting: 4503 properties: 4504 distribute: 4505 description: 'Optional: only one of distribute, failover 4506 or failoverPriority can be set.' 4507 items: 4508 properties: 4509 from: 4510 description: Originating locality, '/' separated, 4511 e.g. 4512 type: string 4513 to: 4514 additionalProperties: 4515 maximum: 4294967295 4516 minimum: 0 4517 type: integer 4518 description: Map of upstream localities to traffic 4519 distribution weights. 4520 type: object 4521 type: object 4522 type: array 4523 enabled: 4524 description: enable locality load balancing, this is DestinationRule-level 4525 and will override mesh wide settings in entirety. 4526 nullable: true 4527 type: boolean 4528 failover: 4529 description: 'Optional: only one of distribute, failover 4530 or failoverPriority can be set.' 4531 items: 4532 properties: 4533 from: 4534 description: Originating region. 4535 type: string 4536 to: 4537 description: Destination region the traffic will 4538 fail over to when endpoints in the 'from' region 4539 becomes unhealthy. 4540 type: string 4541 type: object 4542 type: array 4543 failoverPriority: 4544 description: failoverPriority is an ordered list of labels 4545 used to sort endpoints to do priority based load balancing. 4546 items: 4547 type: string 4548 type: array 4549 type: object 4550 simple: 4551 description: |2- 4552 4553 4554 Valid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST 4555 enum: 4556 - UNSPECIFIED 4557 - LEAST_CONN 4558 - RANDOM 4559 - PASSTHROUGH 4560 - ROUND_ROBIN 4561 - LEAST_REQUEST 4562 type: string 4563 warmupDurationSecs: 4564 description: Represents the warmup duration of Service. 4565 type: string 4566 type: object 4567 outlierDetection: 4568 properties: 4569 baseEjectionTime: 4570 description: Minimum ejection duration. 4571 type: string 4572 consecutive5xxErrors: 4573 description: Number of 5xx errors before a host is ejected 4574 from the connection pool. 4575 maximum: 4294967295 4576 minimum: 0 4577 nullable: true 4578 type: integer 4579 consecutiveErrors: 4580 format: int32 4581 type: integer 4582 consecutiveGatewayErrors: 4583 description: Number of gateway errors before a host is ejected 4584 from the connection pool. 4585 maximum: 4294967295 4586 minimum: 0 4587 nullable: true 4588 type: integer 4589 consecutiveLocalOriginFailures: 4590 description: The number of consecutive locally originated 4591 failures before ejection occurs. 4592 maximum: 4294967295 4593 minimum: 0 4594 nullable: true 4595 type: integer 4596 interval: 4597 description: Time interval between ejection sweep analysis. 4598 type: string 4599 maxEjectionPercent: 4600 description: Maximum % of hosts in the load balancing pool 4601 for the upstream service that can be ejected. 4602 format: int32 4603 type: integer 4604 minHealthPercent: 4605 description: Outlier detection will be enabled as long as 4606 the associated load balancing pool has at least min_health_percent 4607 hosts in healthy mode. 4608 format: int32 4609 type: integer 4610 splitExternalLocalOriginErrors: 4611 description: Determines whether to distinguish local origin 4612 failures from external errors. 4613 type: boolean 4614 type: object 4615 portLevelSettings: 4616 description: Traffic policies specific to individual ports. 4617 items: 4618 properties: 4619 connectionPool: 4620 properties: 4621 http: 4622 description: HTTP connection pool settings. 4623 properties: 4624 h2UpgradePolicy: 4625 description: |- 4626 Specify if http1.1 connection should be upgraded to http2 for the associated destination. 4627 4628 Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE 4629 enum: 4630 - DEFAULT 4631 - DO_NOT_UPGRADE 4632 - UPGRADE 4633 type: string 4634 http1MaxPendingRequests: 4635 description: Maximum number of requests that will 4636 be queued while waiting for a ready connection 4637 pool connection. 4638 format: int32 4639 type: integer 4640 http2MaxRequests: 4641 description: Maximum number of active requests to 4642 a destination. 4643 format: int32 4644 type: integer 4645 idleTimeout: 4646 description: The idle timeout for upstream connection 4647 pool connections. 4648 type: string 4649 maxConcurrentStreams: 4650 description: The maximum number of concurrent streams 4651 allowed for a peer on one HTTP/2 connection. 4652 format: int32 4653 type: integer 4654 maxRequestsPerConnection: 4655 description: Maximum number of requests per connection 4656 to a backend. 4657 format: int32 4658 type: integer 4659 maxRetries: 4660 description: Maximum number of retries that can 4661 be outstanding to all hosts in a cluster at a 4662 given time. 4663 format: int32 4664 type: integer 4665 useClientProtocol: 4666 description: If set to true, client protocol will 4667 be preserved while initiating connection to backend. 4668 type: boolean 4669 type: object 4670 tcp: 4671 description: Settings common to both HTTP and TCP upstream 4672 connections. 4673 properties: 4674 connectTimeout: 4675 description: TCP connection timeout. 4676 type: string 4677 idleTimeout: 4678 description: The idle timeout for TCP connections. 4679 type: string 4680 maxConnectionDuration: 4681 description: The maximum duration of a connection. 4682 type: string 4683 maxConnections: 4684 description: Maximum number of HTTP1 /TCP connections 4685 to a destination host. 4686 format: int32 4687 type: integer 4688 tcpKeepalive: 4689 description: If set then set SO_KEEPALIVE on the 4690 socket to enable TCP Keepalives. 4691 properties: 4692 interval: 4693 description: The time duration between keep-alive 4694 probes. 4695 type: string 4696 probes: 4697 description: Maximum number of keepalive probes 4698 to send without response before deciding the 4699 connection is dead. 4700 maximum: 4294967295 4701 minimum: 0 4702 type: integer 4703 time: 4704 description: The time duration a connection 4705 needs to be idle before keep-alive probes 4706 start being sent. 4707 type: string 4708 type: object 4709 type: object 4710 type: object 4711 loadBalancer: 4712 description: Settings controlling the load balancer algorithms. 4713 oneOf: 4714 - not: 4715 anyOf: 4716 - required: 4717 - simple 4718 - required: 4719 - consistentHash 4720 - required: 4721 - simple 4722 - required: 4723 - consistentHash 4724 properties: 4725 consistentHash: 4726 allOf: 4727 - oneOf: 4728 - not: 4729 anyOf: 4730 - required: 4731 - httpHeaderName 4732 - required: 4733 - httpCookie 4734 - required: 4735 - useSourceIp 4736 - required: 4737 - httpQueryParameterName 4738 - required: 4739 - httpHeaderName 4740 - required: 4741 - httpCookie 4742 - required: 4743 - useSourceIp 4744 - required: 4745 - httpQueryParameterName 4746 - oneOf: 4747 - not: 4748 anyOf: 4749 - required: 4750 - ringHash 4751 - required: 4752 - maglev 4753 - required: 4754 - ringHash 4755 - required: 4756 - maglev 4757 properties: 4758 httpCookie: 4759 description: Hash based on HTTP cookie. 4760 properties: 4761 name: 4762 description: Name of the cookie. 4763 type: string 4764 path: 4765 description: Path to set for the cookie. 4766 type: string 4767 ttl: 4768 description: Lifetime of the cookie. 4769 type: string 4770 required: 4771 - name 4772 type: object 4773 httpHeaderName: 4774 description: Hash based on a specific HTTP header. 4775 type: string 4776 httpQueryParameterName: 4777 description: Hash based on a specific HTTP query 4778 parameter. 4779 type: string 4780 maglev: 4781 description: The Maglev load balancer implements 4782 consistent hashing to backend hosts. 4783 properties: 4784 tableSize: 4785 description: The table size for Maglev hashing. 4786 minimum: 0 4787 type: integer 4788 type: object 4789 minimumRingSize: 4790 description: Deprecated. 4791 minimum: 0 4792 type: integer 4793 ringHash: 4794 description: The ring/modulo hash load balancer 4795 implements consistent hashing to backend hosts. 4796 properties: 4797 minimumRingSize: 4798 description: The minimum number of virtual nodes 4799 to use for the hash ring. 4800 minimum: 0 4801 type: integer 4802 type: object 4803 useSourceIp: 4804 description: Hash based on the source IP address. 4805 type: boolean 4806 type: object 4807 localityLbSetting: 4808 properties: 4809 distribute: 4810 description: 'Optional: only one of distribute, 4811 failover or failoverPriority can be set.' 4812 items: 4813 properties: 4814 from: 4815 description: Originating locality, '/' separated, 4816 e.g. 4817 type: string 4818 to: 4819 additionalProperties: 4820 maximum: 4294967295 4821 minimum: 0 4822 type: integer 4823 description: Map of upstream localities to 4824 traffic distribution weights. 4825 type: object 4826 type: object 4827 type: array 4828 enabled: 4829 description: enable locality load balancing, this 4830 is DestinationRule-level and will override mesh 4831 wide settings in entirety. 4832 nullable: true 4833 type: boolean 4834 failover: 4835 description: 'Optional: only one of distribute, 4836 failover or failoverPriority can be set.' 4837 items: 4838 properties: 4839 from: 4840 description: Originating region. 4841 type: string 4842 to: 4843 description: Destination region the traffic 4844 will fail over to when endpoints in the 4845 'from' region becomes unhealthy. 4846 type: string 4847 type: object 4848 type: array 4849 failoverPriority: 4850 description: failoverPriority is an ordered list 4851 of labels used to sort endpoints to do priority 4852 based load balancing. 4853 items: 4854 type: string 4855 type: array 4856 type: object 4857 simple: 4858 description: |2- 4859 4860 4861 Valid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST 4862 enum: 4863 - UNSPECIFIED 4864 - LEAST_CONN 4865 - RANDOM 4866 - PASSTHROUGH 4867 - ROUND_ROBIN 4868 - LEAST_REQUEST 4869 type: string 4870 warmupDurationSecs: 4871 description: Represents the warmup duration of Service. 4872 type: string 4873 type: object 4874 outlierDetection: 4875 properties: 4876 baseEjectionTime: 4877 description: Minimum ejection duration. 4878 type: string 4879 consecutive5xxErrors: 4880 description: Number of 5xx errors before a host is ejected 4881 from the connection pool. 4882 maximum: 4294967295 4883 minimum: 0 4884 nullable: true 4885 type: integer 4886 consecutiveErrors: 4887 format: int32 4888 type: integer 4889 consecutiveGatewayErrors: 4890 description: Number of gateway errors before a host 4891 is ejected from the connection pool. 4892 maximum: 4294967295 4893 minimum: 0 4894 nullable: true 4895 type: integer 4896 consecutiveLocalOriginFailures: 4897 description: The number of consecutive locally originated 4898 failures before ejection occurs. 4899 maximum: 4294967295 4900 minimum: 0 4901 nullable: true 4902 type: integer 4903 interval: 4904 description: Time interval between ejection sweep analysis. 4905 type: string 4906 maxEjectionPercent: 4907 description: Maximum % of hosts in the load balancing 4908 pool for the upstream service that can be ejected. 4909 format: int32 4910 type: integer 4911 minHealthPercent: 4912 description: Outlier detection will be enabled as long 4913 as the associated load balancing pool has at least 4914 min_health_percent hosts in healthy mode. 4915 format: int32 4916 type: integer 4917 splitExternalLocalOriginErrors: 4918 description: Determines whether to distinguish local 4919 origin failures from external errors. 4920 type: boolean 4921 type: object 4922 port: 4923 description: Specifies the number of a port on the destination 4924 service on which this policy is being applied. 4925 properties: 4926 number: 4927 maximum: 4294967295 4928 minimum: 0 4929 type: integer 4930 type: object 4931 tls: 4932 description: TLS related settings for connections to the 4933 upstream service. 4934 properties: 4935 caCertificates: 4936 description: 'OPTIONAL: The path to the file containing 4937 certificate authority certificates to use in verifying 4938 a presented server certificate.' 4939 type: string 4940 caCrl: 4941 description: 'OPTIONAL: The path to the file containing 4942 the certificate revocation list (CRL) to use in verifying 4943 a presented server certificate.' 4944 type: string 4945 clientCertificate: 4946 description: REQUIRED if mode is `MUTUAL`. 4947 type: string 4948 credentialName: 4949 description: The name of the secret that holds the TLS 4950 certs for the client including the CA certificates. 4951 type: string 4952 insecureSkipVerify: 4953 description: '`insecureSkipVerify` specifies whether 4954 the proxy should skip verifying the CA signature and 4955 SAN for the server certificate corresponding to the 4956 host.' 4957 nullable: true 4958 type: boolean 4959 mode: 4960 description: |- 4961 Indicates whether connections to this port should be secured using TLS. 4962 4963 Valid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL 4964 enum: 4965 - DISABLE 4966 - SIMPLE 4967 - MUTUAL 4968 - ISTIO_MUTUAL 4969 type: string 4970 privateKey: 4971 description: REQUIRED if mode is `MUTUAL`. 4972 type: string 4973 sni: 4974 description: SNI string to present to the server during 4975 TLS handshake. 4976 type: string 4977 subjectAltNames: 4978 description: A list of alternate names to verify the 4979 subject identity in the certificate. 4980 items: 4981 type: string 4982 type: array 4983 type: object 4984 type: object 4985 type: array 4986 proxyProtocol: 4987 description: The upstream PROXY protocol settings. 4988 properties: 4989 version: 4990 description: |- 4991 The PROXY protocol version to use. 4992 4993 Valid Options: V1, V2 4994 enum: 4995 - V1 4996 - V2 4997 type: string 4998 type: object 4999 tls: 5000 description: TLS related settings for connections to the upstream 5001 service. 5002 properties: 5003 caCertificates: 5004 description: 'OPTIONAL: The path to the file containing certificate 5005 authority certificates to use in verifying a presented server 5006 certificate.' 5007 type: string 5008 caCrl: 5009 description: 'OPTIONAL: The path to the file containing the 5010 certificate revocation list (CRL) to use in verifying a 5011 presented server certificate.' 5012 type: string 5013 clientCertificate: 5014 description: REQUIRED if mode is `MUTUAL`. 5015 type: string 5016 credentialName: 5017 description: The name of the secret that holds the TLS certs 5018 for the client including the CA certificates. 5019 type: string 5020 insecureSkipVerify: 5021 description: '`insecureSkipVerify` specifies whether the proxy 5022 should skip verifying the CA signature and SAN for the server 5023 certificate corresponding to the host.' 5024 nullable: true 5025 type: boolean 5026 mode: 5027 description: |- 5028 Indicates whether connections to this port should be secured using TLS. 5029 5030 Valid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL 5031 enum: 5032 - DISABLE 5033 - SIMPLE 5034 - MUTUAL 5035 - ISTIO_MUTUAL 5036 type: string 5037 privateKey: 5038 description: REQUIRED if mode is `MUTUAL`. 5039 type: string 5040 sni: 5041 description: SNI string to present to the server during TLS 5042 handshake. 5043 type: string 5044 subjectAltNames: 5045 description: A list of alternate names to verify the subject 5046 identity in the certificate. 5047 items: 5048 type: string 5049 type: array 5050 type: object 5051 tunnel: 5052 description: Configuration of tunneling TCP over other transport 5053 or application layers for the host configured in the DestinationRule. 5054 properties: 5055 protocol: 5056 description: Specifies which protocol to use for tunneling 5057 the downstream connection. 5058 type: string 5059 targetHost: 5060 description: Specifies a host to which the downstream connection 5061 is tunneled. 5062 type: string 5063 targetPort: 5064 description: Specifies a port to which the downstream connection 5065 is tunneled. 5066 maximum: 4294967295 5067 minimum: 0 5068 type: integer 5069 required: 5070 - targetHost 5071 - targetPort 5072 type: object 5073 type: object 5074 workloadSelector: 5075 description: Criteria used to select the specific set of pods/VMs 5076 on which this `DestinationRule` configuration should be applied. 5077 properties: 5078 matchLabels: 5079 additionalProperties: 5080 type: string 5081 description: One or more labels that indicate a specific set of 5082 pods/VMs on which a policy should be applied. 5083 type: object 5084 type: object 5085 required: 5086 - host 5087 type: object 5088 status: 5089 type: object 5090 x-kubernetes-preserve-unknown-fields: true 5091 type: object 5092 served: true 5093 storage: true 5094 subresources: 5095 status: {} 5096 --- 5097 apiVersion: apiextensions.k8s.io/v1 5098 kind: CustomResourceDefinition 5099 metadata: 5100 annotations: 5101 "helm.sh/resource-policy": keep 5102 labels: 5103 app: istio-pilot 5104 chart: istio 5105 heritage: Tiller 5106 release: istio 5107 name: envoyfilters.networking.istio.io 5108 spec: 5109 group: networking.istio.io 5110 names: 5111 categories: 5112 - istio-io 5113 - networking-istio-io 5114 kind: EnvoyFilter 5115 listKind: EnvoyFilterList 5116 plural: envoyfilters 5117 singular: envoyfilter 5118 scope: Namespaced 5119 versions: 5120 - name: v1alpha3 5121 schema: 5122 openAPIV3Schema: 5123 properties: 5124 spec: 5125 description: 'Customizing Envoy configuration generated by Istio. See 5126 more details at: https://istio.io/docs/reference/config/networking/envoy-filter.html' 5127 properties: 5128 configPatches: 5129 description: One or more patches with match conditions. 5130 items: 5131 properties: 5132 applyTo: 5133 description: |- 5134 Specifies where in the Envoy configuration, the patch should be applied. 5135 5136 Valid Options: LISTENER, FILTER_CHAIN, NETWORK_FILTER, HTTP_FILTER, ROUTE_CONFIGURATION, VIRTUAL_HOST, HTTP_ROUTE, CLUSTER, EXTENSION_CONFIG, BOOTSTRAP, LISTENER_FILTER 5137 enum: 5138 - INVALID 5139 - LISTENER 5140 - FILTER_CHAIN 5141 - NETWORK_FILTER 5142 - HTTP_FILTER 5143 - ROUTE_CONFIGURATION 5144 - VIRTUAL_HOST 5145 - HTTP_ROUTE 5146 - CLUSTER 5147 - EXTENSION_CONFIG 5148 - BOOTSTRAP 5149 - LISTENER_FILTER 5150 type: string 5151 match: 5152 description: Match on listener/route configuration/cluster. 5153 oneOf: 5154 - not: 5155 anyOf: 5156 - required: 5157 - listener 5158 - required: 5159 - routeConfiguration 5160 - required: 5161 - cluster 5162 - required: 5163 - listener 5164 - required: 5165 - routeConfiguration 5166 - required: 5167 - cluster 5168 properties: 5169 cluster: 5170 description: Match on envoy cluster attributes. 5171 properties: 5172 name: 5173 description: The exact name of the cluster to match. 5174 type: string 5175 portNumber: 5176 description: The service port for which this cluster 5177 was generated. 5178 maximum: 4294967295 5179 minimum: 0 5180 type: integer 5181 service: 5182 description: The fully qualified service name for this 5183 cluster. 5184 type: string 5185 subset: 5186 description: The subset associated with the service. 5187 type: string 5188 type: object 5189 context: 5190 description: |- 5191 The specific config generation context to match on. 5192 5193 Valid Options: ANY, SIDECAR_INBOUND, SIDECAR_OUTBOUND, GATEWAY 5194 enum: 5195 - ANY 5196 - SIDECAR_INBOUND 5197 - SIDECAR_OUTBOUND 5198 - GATEWAY 5199 type: string 5200 listener: 5201 description: Match on envoy listener attributes. 5202 properties: 5203 filterChain: 5204 description: Match a specific filter chain in a listener. 5205 properties: 5206 applicationProtocols: 5207 description: Applies only to sidecars. 5208 type: string 5209 destinationPort: 5210 description: The destination_port value used by 5211 a filter chain's match condition. 5212 maximum: 4294967295 5213 minimum: 0 5214 type: integer 5215 filter: 5216 description: The name of a specific filter to apply 5217 the patch to. 5218 properties: 5219 name: 5220 description: The filter name to match on. 5221 type: string 5222 subFilter: 5223 description: The next level filter within this 5224 filter to match upon. 5225 properties: 5226 name: 5227 description: The filter name to match on. 5228 type: string 5229 type: object 5230 type: object 5231 name: 5232 description: The name assigned to the filter chain. 5233 type: string 5234 sni: 5235 description: The SNI value used by a filter chain's 5236 match condition. 5237 type: string 5238 transportProtocol: 5239 description: Applies only to `SIDECAR_INBOUND` context. 5240 type: string 5241 type: object 5242 listenerFilter: 5243 description: Match a specific listener filter. 5244 type: string 5245 name: 5246 description: Match a specific listener by its name. 5247 type: string 5248 portName: 5249 type: string 5250 portNumber: 5251 description: The service port/gateway port to which 5252 traffic is being sent/received. 5253 maximum: 4294967295 5254 minimum: 0 5255 type: integer 5256 type: object 5257 proxy: 5258 description: Match on properties associated with a proxy. 5259 properties: 5260 metadata: 5261 additionalProperties: 5262 type: string 5263 description: Match on the node metadata supplied by 5264 a proxy when connecting to Istio Pilot. 5265 type: object 5266 proxyVersion: 5267 description: A regular expression in golang regex format 5268 (RE2) that can be used to select proxies using a specific 5269 version of istio proxy. 5270 type: string 5271 type: object 5272 routeConfiguration: 5273 description: Match on envoy HTTP route configuration attributes. 5274 properties: 5275 gateway: 5276 description: The Istio gateway config's namespace/name 5277 for which this route configuration was generated. 5278 type: string 5279 name: 5280 description: Route configuration name to match on. 5281 type: string 5282 portName: 5283 description: Applicable only for GATEWAY context. 5284 type: string 5285 portNumber: 5286 description: The service port number or gateway server 5287 port number for which this route configuration was 5288 generated. 5289 maximum: 4294967295 5290 minimum: 0 5291 type: integer 5292 vhost: 5293 description: Match a specific virtual host in a route 5294 configuration and apply the patch to the virtual host. 5295 properties: 5296 name: 5297 description: The VirtualHosts objects generated 5298 by Istio are named as host:port, where the host 5299 typically corresponds to the VirtualService's 5300 host field or the hostname of a service in the 5301 registry. 5302 type: string 5303 route: 5304 description: Match a specific route within the virtual 5305 host. 5306 properties: 5307 action: 5308 description: |- 5309 Match a route with specific action type. 5310 5311 Valid Options: ANY, ROUTE, REDIRECT, DIRECT_RESPONSE 5312 enum: 5313 - ANY 5314 - ROUTE 5315 - REDIRECT 5316 - DIRECT_RESPONSE 5317 type: string 5318 name: 5319 description: The Route objects generated by 5320 default are named as default. 5321 type: string 5322 type: object 5323 type: object 5324 type: object 5325 type: object 5326 patch: 5327 description: The patch to apply along with the operation. 5328 properties: 5329 filterClass: 5330 description: |- 5331 Determines the filter insertion order. 5332 5333 Valid Options: AUTHN, AUTHZ, STATS 5334 enum: 5335 - UNSPECIFIED 5336 - AUTHN 5337 - AUTHZ 5338 - STATS 5339 type: string 5340 operation: 5341 description: |- 5342 Determines how the patch should be applied. 5343 5344 Valid Options: MERGE, ADD, REMOVE, INSERT_BEFORE, INSERT_AFTER, INSERT_FIRST, REPLACE 5345 enum: 5346 - INVALID 5347 - MERGE 5348 - ADD 5349 - REMOVE 5350 - INSERT_BEFORE 5351 - INSERT_AFTER 5352 - INSERT_FIRST 5353 - REPLACE 5354 type: string 5355 value: 5356 description: The JSON config of the object being patched. 5357 type: object 5358 x-kubernetes-preserve-unknown-fields: true 5359 type: object 5360 type: object 5361 type: array 5362 priority: 5363 description: Priority defines the order in which patch sets are applied 5364 within a context. 5365 format: int32 5366 type: integer 5367 targetRefs: 5368 description: Optional. 5369 items: 5370 properties: 5371 group: 5372 description: group is the group of the target resource. 5373 type: string 5374 kind: 5375 description: kind is kind of the target resource. 5376 type: string 5377 name: 5378 description: name is the name of the target resource. 5379 type: string 5380 namespace: 5381 description: namespace is the namespace of the referent. 5382 type: string 5383 type: object 5384 type: array 5385 workloadSelector: 5386 description: Criteria used to select the specific set of pods/VMs 5387 on which this patch configuration should be applied. 5388 properties: 5389 labels: 5390 additionalProperties: 5391 type: string 5392 description: One or more labels that indicate a specific set of 5393 pods/VMs on which the configuration should be applied. 5394 type: object 5395 type: object 5396 type: object 5397 status: 5398 type: object 5399 x-kubernetes-preserve-unknown-fields: true 5400 type: object 5401 served: true 5402 storage: true 5403 subresources: 5404 status: {} 5405 --- 5406 apiVersion: apiextensions.k8s.io/v1 5407 kind: CustomResourceDefinition 5408 metadata: 5409 annotations: 5410 "helm.sh/resource-policy": keep 5411 labels: 5412 app: istio-pilot 5413 chart: istio 5414 heritage: Tiller 5415 release: istio 5416 name: gateways.networking.istio.io 5417 spec: 5418 group: networking.istio.io 5419 names: 5420 categories: 5421 - istio-io 5422 - networking-istio-io 5423 kind: Gateway 5424 listKind: GatewayList 5425 plural: gateways 5426 shortNames: 5427 - gw 5428 singular: gateway 5429 scope: Namespaced 5430 versions: 5431 - name: v1 5432 schema: 5433 openAPIV3Schema: 5434 properties: 5435 spec: 5436 description: 'Configuration affecting edge load balancer. See more details 5437 at: https://istio.io/docs/reference/config/networking/gateway.html' 5438 properties: 5439 selector: 5440 additionalProperties: 5441 type: string 5442 description: One or more labels that indicate a specific set of pods/VMs 5443 on which this gateway configuration should be applied. 5444 type: object 5445 servers: 5446 description: A list of server specifications. 5447 items: 5448 properties: 5449 bind: 5450 description: The ip or the Unix domain socket to which the listener 5451 should be bound to. 5452 type: string 5453 defaultEndpoint: 5454 type: string 5455 hosts: 5456 description: One or more hosts exposed by this gateway. 5457 items: 5458 type: string 5459 type: array 5460 name: 5461 description: An optional name of the server, when set must be 5462 unique across all servers. 5463 type: string 5464 port: 5465 description: The Port on which the proxy should listen for incoming 5466 connections. 5467 properties: 5468 name: 5469 description: Label assigned to the port. 5470 type: string 5471 number: 5472 description: A valid non-negative integer port number. 5473 maximum: 4294967295 5474 minimum: 0 5475 type: integer 5476 protocol: 5477 description: The protocol exposed on the port. 5478 type: string 5479 targetPort: 5480 maximum: 4294967295 5481 minimum: 0 5482 type: integer 5483 required: 5484 - number 5485 - protocol 5486 - name 5487 type: object 5488 tls: 5489 description: Set of TLS related options that govern the server's 5490 behavior. 5491 properties: 5492 caCertificates: 5493 description: REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`. 5494 type: string 5495 caCrl: 5496 description: 'OPTIONAL: The path to the file containing 5497 the certificate revocation list (CRL) to use in verifying 5498 a presented client side certificate.' 5499 type: string 5500 cipherSuites: 5501 description: 'Optional: If specified, only support the specified 5502 cipher list.' 5503 items: 5504 type: string 5505 type: array 5506 credentialName: 5507 description: For gateways running on Kubernetes, the name 5508 of the secret that holds the TLS certs including the CA 5509 certificates. 5510 type: string 5511 httpsRedirect: 5512 description: If set to true, the load balancer will send 5513 a 301 redirect for all http connections, asking the clients 5514 to use HTTPS. 5515 type: boolean 5516 maxProtocolVersion: 5517 description: |- 5518 Optional: Maximum TLS protocol version. 5519 5520 Valid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 5521 enum: 5522 - TLS_AUTO 5523 - TLSV1_0 5524 - TLSV1_1 5525 - TLSV1_2 5526 - TLSV1_3 5527 type: string 5528 minProtocolVersion: 5529 description: |- 5530 Optional: Minimum TLS protocol version. 5531 5532 Valid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 5533 enum: 5534 - TLS_AUTO 5535 - TLSV1_0 5536 - TLSV1_1 5537 - TLSV1_2 5538 - TLSV1_3 5539 type: string 5540 mode: 5541 description: |- 5542 Optional: Indicates whether connections to this port should be secured using TLS. 5543 5544 Valid Options: PASSTHROUGH, SIMPLE, MUTUAL, AUTO_PASSTHROUGH, ISTIO_MUTUAL, OPTIONAL_MUTUAL 5545 enum: 5546 - PASSTHROUGH 5547 - SIMPLE 5548 - MUTUAL 5549 - AUTO_PASSTHROUGH 5550 - ISTIO_MUTUAL 5551 - OPTIONAL_MUTUAL 5552 type: string 5553 privateKey: 5554 description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. 5555 type: string 5556 serverCertificate: 5557 description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. 5558 type: string 5559 subjectAltNames: 5560 description: A list of alternate names to verify the subject 5561 identity in the certificate presented by the client. 5562 items: 5563 type: string 5564 type: array 5565 verifyCertificateHash: 5566 description: An optional list of hex-encoded SHA-256 hashes 5567 of the authorized client certificates. 5568 items: 5569 type: string 5570 type: array 5571 verifyCertificateSpki: 5572 description: An optional list of base64-encoded SHA-256 5573 hashes of the SPKIs of authorized client certificates. 5574 items: 5575 type: string 5576 type: array 5577 type: object 5578 required: 5579 - port 5580 - hosts 5581 type: object 5582 type: array 5583 type: object 5584 status: 5585 type: object 5586 x-kubernetes-preserve-unknown-fields: true 5587 type: object 5588 served: true 5589 storage: false 5590 subresources: 5591 status: {} 5592 - name: v1alpha3 5593 schema: 5594 openAPIV3Schema: 5595 properties: 5596 spec: 5597 description: 'Configuration affecting edge load balancer. See more details 5598 at: https://istio.io/docs/reference/config/networking/gateway.html' 5599 properties: 5600 selector: 5601 additionalProperties: 5602 type: string 5603 description: One or more labels that indicate a specific set of pods/VMs 5604 on which this gateway configuration should be applied. 5605 type: object 5606 servers: 5607 description: A list of server specifications. 5608 items: 5609 properties: 5610 bind: 5611 description: The ip or the Unix domain socket to which the listener 5612 should be bound to. 5613 type: string 5614 defaultEndpoint: 5615 type: string 5616 hosts: 5617 description: One or more hosts exposed by this gateway. 5618 items: 5619 type: string 5620 type: array 5621 name: 5622 description: An optional name of the server, when set must be 5623 unique across all servers. 5624 type: string 5625 port: 5626 description: The Port on which the proxy should listen for incoming 5627 connections. 5628 properties: 5629 name: 5630 description: Label assigned to the port. 5631 type: string 5632 number: 5633 description: A valid non-negative integer port number. 5634 maximum: 4294967295 5635 minimum: 0 5636 type: integer 5637 protocol: 5638 description: The protocol exposed on the port. 5639 type: string 5640 targetPort: 5641 maximum: 4294967295 5642 minimum: 0 5643 type: integer 5644 required: 5645 - number 5646 - protocol 5647 - name 5648 type: object 5649 tls: 5650 description: Set of TLS related options that govern the server's 5651 behavior. 5652 properties: 5653 caCertificates: 5654 description: REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`. 5655 type: string 5656 caCrl: 5657 description: 'OPTIONAL: The path to the file containing 5658 the certificate revocation list (CRL) to use in verifying 5659 a presented client side certificate.' 5660 type: string 5661 cipherSuites: 5662 description: 'Optional: If specified, only support the specified 5663 cipher list.' 5664 items: 5665 type: string 5666 type: array 5667 credentialName: 5668 description: For gateways running on Kubernetes, the name 5669 of the secret that holds the TLS certs including the CA 5670 certificates. 5671 type: string 5672 httpsRedirect: 5673 description: If set to true, the load balancer will send 5674 a 301 redirect for all http connections, asking the clients 5675 to use HTTPS. 5676 type: boolean 5677 maxProtocolVersion: 5678 description: |- 5679 Optional: Maximum TLS protocol version. 5680 5681 Valid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 5682 enum: 5683 - TLS_AUTO 5684 - TLSV1_0 5685 - TLSV1_1 5686 - TLSV1_2 5687 - TLSV1_3 5688 type: string 5689 minProtocolVersion: 5690 description: |- 5691 Optional: Minimum TLS protocol version. 5692 5693 Valid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 5694 enum: 5695 - TLS_AUTO 5696 - TLSV1_0 5697 - TLSV1_1 5698 - TLSV1_2 5699 - TLSV1_3 5700 type: string 5701 mode: 5702 description: |- 5703 Optional: Indicates whether connections to this port should be secured using TLS. 5704 5705 Valid Options: PASSTHROUGH, SIMPLE, MUTUAL, AUTO_PASSTHROUGH, ISTIO_MUTUAL, OPTIONAL_MUTUAL 5706 enum: 5707 - PASSTHROUGH 5708 - SIMPLE 5709 - MUTUAL 5710 - AUTO_PASSTHROUGH 5711 - ISTIO_MUTUAL 5712 - OPTIONAL_MUTUAL 5713 type: string 5714 privateKey: 5715 description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. 5716 type: string 5717 serverCertificate: 5718 description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. 5719 type: string 5720 subjectAltNames: 5721 description: A list of alternate names to verify the subject 5722 identity in the certificate presented by the client. 5723 items: 5724 type: string 5725 type: array 5726 verifyCertificateHash: 5727 description: An optional list of hex-encoded SHA-256 hashes 5728 of the authorized client certificates. 5729 items: 5730 type: string 5731 type: array 5732 verifyCertificateSpki: 5733 description: An optional list of base64-encoded SHA-256 5734 hashes of the SPKIs of authorized client certificates. 5735 items: 5736 type: string 5737 type: array 5738 type: object 5739 required: 5740 - port 5741 - hosts 5742 type: object 5743 type: array 5744 type: object 5745 status: 5746 type: object 5747 x-kubernetes-preserve-unknown-fields: true 5748 type: object 5749 served: true 5750 storage: false 5751 subresources: 5752 status: {} 5753 - name: v1beta1 5754 schema: 5755 openAPIV3Schema: 5756 properties: 5757 spec: 5758 description: 'Configuration affecting edge load balancer. See more details 5759 at: https://istio.io/docs/reference/config/networking/gateway.html' 5760 properties: 5761 selector: 5762 additionalProperties: 5763 type: string 5764 description: One or more labels that indicate a specific set of pods/VMs 5765 on which this gateway configuration should be applied. 5766 type: object 5767 servers: 5768 description: A list of server specifications. 5769 items: 5770 properties: 5771 bind: 5772 description: The ip or the Unix domain socket to which the listener 5773 should be bound to. 5774 type: string 5775 defaultEndpoint: 5776 type: string 5777 hosts: 5778 description: One or more hosts exposed by this gateway. 5779 items: 5780 type: string 5781 type: array 5782 name: 5783 description: An optional name of the server, when set must be 5784 unique across all servers. 5785 type: string 5786 port: 5787 description: The Port on which the proxy should listen for incoming 5788 connections. 5789 properties: 5790 name: 5791 description: Label assigned to the port. 5792 type: string 5793 number: 5794 description: A valid non-negative integer port number. 5795 maximum: 4294967295 5796 minimum: 0 5797 type: integer 5798 protocol: 5799 description: The protocol exposed on the port. 5800 type: string 5801 targetPort: 5802 maximum: 4294967295 5803 minimum: 0 5804 type: integer 5805 required: 5806 - number 5807 - protocol 5808 - name 5809 type: object 5810 tls: 5811 description: Set of TLS related options that govern the server's 5812 behavior. 5813 properties: 5814 caCertificates: 5815 description: REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`. 5816 type: string 5817 caCrl: 5818 description: 'OPTIONAL: The path to the file containing 5819 the certificate revocation list (CRL) to use in verifying 5820 a presented client side certificate.' 5821 type: string 5822 cipherSuites: 5823 description: 'Optional: If specified, only support the specified 5824 cipher list.' 5825 items: 5826 type: string 5827 type: array 5828 credentialName: 5829 description: For gateways running on Kubernetes, the name 5830 of the secret that holds the TLS certs including the CA 5831 certificates. 5832 type: string 5833 httpsRedirect: 5834 description: If set to true, the load balancer will send 5835 a 301 redirect for all http connections, asking the clients 5836 to use HTTPS. 5837 type: boolean 5838 maxProtocolVersion: 5839 description: |- 5840 Optional: Maximum TLS protocol version. 5841 5842 Valid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 5843 enum: 5844 - TLS_AUTO 5845 - TLSV1_0 5846 - TLSV1_1 5847 - TLSV1_2 5848 - TLSV1_3 5849 type: string 5850 minProtocolVersion: 5851 description: |- 5852 Optional: Minimum TLS protocol version. 5853 5854 Valid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 5855 enum: 5856 - TLS_AUTO 5857 - TLSV1_0 5858 - TLSV1_1 5859 - TLSV1_2 5860 - TLSV1_3 5861 type: string 5862 mode: 5863 description: |- 5864 Optional: Indicates whether connections to this port should be secured using TLS. 5865 5866 Valid Options: PASSTHROUGH, SIMPLE, MUTUAL, AUTO_PASSTHROUGH, ISTIO_MUTUAL, OPTIONAL_MUTUAL 5867 enum: 5868 - PASSTHROUGH 5869 - SIMPLE 5870 - MUTUAL 5871 - AUTO_PASSTHROUGH 5872 - ISTIO_MUTUAL 5873 - OPTIONAL_MUTUAL 5874 type: string 5875 privateKey: 5876 description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. 5877 type: string 5878 serverCertificate: 5879 description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. 5880 type: string 5881 subjectAltNames: 5882 description: A list of alternate names to verify the subject 5883 identity in the certificate presented by the client. 5884 items: 5885 type: string 5886 type: array 5887 verifyCertificateHash: 5888 description: An optional list of hex-encoded SHA-256 hashes 5889 of the authorized client certificates. 5890 items: 5891 type: string 5892 type: array 5893 verifyCertificateSpki: 5894 description: An optional list of base64-encoded SHA-256 5895 hashes of the SPKIs of authorized client certificates. 5896 items: 5897 type: string 5898 type: array 5899 type: object 5900 required: 5901 - port 5902 - hosts 5903 type: object 5904 type: array 5905 type: object 5906 status: 5907 type: object 5908 x-kubernetes-preserve-unknown-fields: true 5909 type: object 5910 served: true 5911 storage: true 5912 subresources: 5913 status: {} 5914 --- 5915 apiVersion: apiextensions.k8s.io/v1 5916 kind: CustomResourceDefinition 5917 metadata: 5918 annotations: 5919 "helm.sh/resource-policy": keep 5920 labels: 5921 app: istio-pilot 5922 chart: istio 5923 heritage: Tiller 5924 release: istio 5925 name: proxyconfigs.networking.istio.io 5926 spec: 5927 group: networking.istio.io 5928 names: 5929 categories: 5930 - istio-io 5931 - networking-istio-io 5932 kind: ProxyConfig 5933 listKind: ProxyConfigList 5934 plural: proxyconfigs 5935 singular: proxyconfig 5936 scope: Namespaced 5937 versions: 5938 - name: v1beta1 5939 schema: 5940 openAPIV3Schema: 5941 properties: 5942 spec: 5943 description: 'Provides configuration for individual workloads. See more 5944 details at: https://istio.io/docs/reference/config/networking/proxy-config.html' 5945 properties: 5946 concurrency: 5947 description: The number of worker threads to run. 5948 format: int32 5949 nullable: true 5950 type: integer 5951 environmentVariables: 5952 additionalProperties: 5953 type: string 5954 description: Additional environment variables for the proxy. 5955 type: object 5956 image: 5957 description: Specifies the details of the proxy image. 5958 properties: 5959 imageType: 5960 description: The image type of the image. 5961 type: string 5962 type: object 5963 selector: 5964 description: Optional. 5965 properties: 5966 matchLabels: 5967 additionalProperties: 5968 type: string 5969 description: One or more labels that indicate a specific set of 5970 pods/VMs on which a policy should be applied. 5971 type: object 5972 type: object 5973 type: object 5974 status: 5975 type: object 5976 x-kubernetes-preserve-unknown-fields: true 5977 type: object 5978 served: true 5979 storage: true 5980 subresources: 5981 status: {} 5982 --- 5983 apiVersion: apiextensions.k8s.io/v1 5984 kind: CustomResourceDefinition 5985 metadata: 5986 annotations: 5987 "helm.sh/resource-policy": keep 5988 labels: 5989 app: istio-pilot 5990 chart: istio 5991 heritage: Tiller 5992 release: istio 5993 name: serviceentries.networking.istio.io 5994 spec: 5995 group: networking.istio.io 5996 names: 5997 categories: 5998 - istio-io 5999 - networking-istio-io 6000 kind: ServiceEntry 6001 listKind: ServiceEntryList 6002 plural: serviceentries 6003 shortNames: 6004 - se 6005 singular: serviceentry 6006 scope: Namespaced 6007 versions: 6008 - additionalPrinterColumns: 6009 - description: The hosts associated with the ServiceEntry 6010 jsonPath: .spec.hosts 6011 name: Hosts 6012 type: string 6013 - description: Whether the service is external to the mesh or part of the mesh 6014 (MESH_EXTERNAL or MESH_INTERNAL) 6015 jsonPath: .spec.location 6016 name: Location 6017 type: string 6018 - description: Service resolution mode for the hosts (NONE, STATIC, or DNS) 6019 jsonPath: .spec.resolution 6020 name: Resolution 6021 type: string 6022 - description: 'CreationTimestamp is a timestamp representing the server time 6023 when this object was created. It is not guaranteed to be set in happens-before 6024 order across separate operations. Clients may not set this value. It is represented 6025 in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for 6026 lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' 6027 jsonPath: .metadata.creationTimestamp 6028 name: Age 6029 type: date 6030 name: v1 6031 schema: 6032 openAPIV3Schema: 6033 properties: 6034 spec: 6035 description: 'Configuration affecting service registry. See more details 6036 at: https://istio.io/docs/reference/config/networking/service-entry.html' 6037 properties: 6038 addresses: 6039 description: The virtual IP addresses associated with the service. 6040 items: 6041 type: string 6042 type: array 6043 endpoints: 6044 description: One or more endpoints associated with the service. 6045 items: 6046 properties: 6047 address: 6048 description: Address associated with the network endpoint without 6049 the port. 6050 type: string 6051 labels: 6052 additionalProperties: 6053 type: string 6054 description: One or more labels associated with the endpoint. 6055 type: object 6056 locality: 6057 description: The locality associated with the endpoint. 6058 type: string 6059 network: 6060 description: Network enables Istio to group endpoints resident 6061 in the same L3 domain/network. 6062 type: string 6063 ports: 6064 additionalProperties: 6065 maximum: 4294967295 6066 minimum: 0 6067 type: integer 6068 description: Set of ports associated with the endpoint. 6069 type: object 6070 serviceAccount: 6071 description: The service account associated with the workload 6072 if a sidecar is present in the workload. 6073 type: string 6074 weight: 6075 description: The load balancing weight associated with the endpoint. 6076 maximum: 4294967295 6077 minimum: 0 6078 type: integer 6079 type: object 6080 type: array 6081 exportTo: 6082 description: A list of namespaces to which this service is exported. 6083 items: 6084 type: string 6085 type: array 6086 hosts: 6087 description: The hosts associated with the ServiceEntry. 6088 items: 6089 type: string 6090 type: array 6091 location: 6092 description: |- 6093 Specify whether the service should be considered external to the mesh or part of the mesh. 6094 6095 Valid Options: MESH_EXTERNAL, MESH_INTERNAL 6096 enum: 6097 - MESH_EXTERNAL 6098 - MESH_INTERNAL 6099 type: string 6100 ports: 6101 description: The ports associated with the external service. 6102 items: 6103 properties: 6104 name: 6105 description: Label assigned to the port. 6106 type: string 6107 number: 6108 description: A valid non-negative integer port number. 6109 maximum: 4294967295 6110 minimum: 0 6111 type: integer 6112 protocol: 6113 description: The protocol exposed on the port. 6114 type: string 6115 targetPort: 6116 description: The port number on the endpoint where the traffic 6117 will be received. 6118 maximum: 4294967295 6119 minimum: 0 6120 type: integer 6121 required: 6122 - number 6123 - name 6124 type: object 6125 type: array 6126 resolution: 6127 description: |- 6128 Service resolution mode for the hosts. 6129 6130 Valid Options: NONE, STATIC, DNS, DNS_ROUND_ROBIN 6131 enum: 6132 - NONE 6133 - STATIC 6134 - DNS 6135 - DNS_ROUND_ROBIN 6136 type: string 6137 subjectAltNames: 6138 description: If specified, the proxy will verify that the server certificate's 6139 subject alternate name matches one of the specified values. 6140 items: 6141 type: string 6142 type: array 6143 workloadSelector: 6144 description: Applicable only for MESH_INTERNAL services. 6145 properties: 6146 labels: 6147 additionalProperties: 6148 type: string 6149 description: One or more labels that indicate a specific set of 6150 pods/VMs on which the configuration should be applied. 6151 type: object 6152 type: object 6153 required: 6154 - hosts 6155 type: object 6156 status: 6157 type: object 6158 x-kubernetes-preserve-unknown-fields: true 6159 type: object 6160 served: true 6161 storage: false 6162 subresources: 6163 status: {} 6164 - additionalPrinterColumns: 6165 - description: The hosts associated with the ServiceEntry 6166 jsonPath: .spec.hosts 6167 name: Hosts 6168 type: string 6169 - description: Whether the service is external to the mesh or part of the mesh 6170 (MESH_EXTERNAL or MESH_INTERNAL) 6171 jsonPath: .spec.location 6172 name: Location 6173 type: string 6174 - description: Service resolution mode for the hosts (NONE, STATIC, or DNS) 6175 jsonPath: .spec.resolution 6176 name: Resolution 6177 type: string 6178 - description: 'CreationTimestamp is a timestamp representing the server time 6179 when this object was created. It is not guaranteed to be set in happens-before 6180 order across separate operations. Clients may not set this value. It is represented 6181 in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for 6182 lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' 6183 jsonPath: .metadata.creationTimestamp 6184 name: Age 6185 type: date 6186 name: v1alpha3 6187 schema: 6188 openAPIV3Schema: 6189 properties: 6190 spec: 6191 description: 'Configuration affecting service registry. See more details 6192 at: https://istio.io/docs/reference/config/networking/service-entry.html' 6193 properties: 6194 addresses: 6195 description: The virtual IP addresses associated with the service. 6196 items: 6197 type: string 6198 type: array 6199 endpoints: 6200 description: One or more endpoints associated with the service. 6201 items: 6202 properties: 6203 address: 6204 description: Address associated with the network endpoint without 6205 the port. 6206 type: string 6207 labels: 6208 additionalProperties: 6209 type: string 6210 description: One or more labels associated with the endpoint. 6211 type: object 6212 locality: 6213 description: The locality associated with the endpoint. 6214 type: string 6215 network: 6216 description: Network enables Istio to group endpoints resident 6217 in the same L3 domain/network. 6218 type: string 6219 ports: 6220 additionalProperties: 6221 maximum: 4294967295 6222 minimum: 0 6223 type: integer 6224 description: Set of ports associated with the endpoint. 6225 type: object 6226 serviceAccount: 6227 description: The service account associated with the workload 6228 if a sidecar is present in the workload. 6229 type: string 6230 weight: 6231 description: The load balancing weight associated with the endpoint. 6232 maximum: 4294967295 6233 minimum: 0 6234 type: integer 6235 type: object 6236 type: array 6237 exportTo: 6238 description: A list of namespaces to which this service is exported. 6239 items: 6240 type: string 6241 type: array 6242 hosts: 6243 description: The hosts associated with the ServiceEntry. 6244 items: 6245 type: string 6246 type: array 6247 location: 6248 description: |- 6249 Specify whether the service should be considered external to the mesh or part of the mesh. 6250 6251 Valid Options: MESH_EXTERNAL, MESH_INTERNAL 6252 enum: 6253 - MESH_EXTERNAL 6254 - MESH_INTERNAL 6255 type: string 6256 ports: 6257 description: The ports associated with the external service. 6258 items: 6259 properties: 6260 name: 6261 description: Label assigned to the port. 6262 type: string 6263 number: 6264 description: A valid non-negative integer port number. 6265 maximum: 4294967295 6266 minimum: 0 6267 type: integer 6268 protocol: 6269 description: The protocol exposed on the port. 6270 type: string 6271 targetPort: 6272 description: The port number on the endpoint where the traffic 6273 will be received. 6274 maximum: 4294967295 6275 minimum: 0 6276 type: integer 6277 required: 6278 - number 6279 - name 6280 type: object 6281 type: array 6282 resolution: 6283 description: |- 6284 Service resolution mode for the hosts. 6285 6286 Valid Options: NONE, STATIC, DNS, DNS_ROUND_ROBIN 6287 enum: 6288 - NONE 6289 - STATIC 6290 - DNS 6291 - DNS_ROUND_ROBIN 6292 type: string 6293 subjectAltNames: 6294 description: If specified, the proxy will verify that the server certificate's 6295 subject alternate name matches one of the specified values. 6296 items: 6297 type: string 6298 type: array 6299 workloadSelector: 6300 description: Applicable only for MESH_INTERNAL services. 6301 properties: 6302 labels: 6303 additionalProperties: 6304 type: string 6305 description: One or more labels that indicate a specific set of 6306 pods/VMs on which the configuration should be applied. 6307 type: object 6308 type: object 6309 required: 6310 - hosts 6311 type: object 6312 status: 6313 type: object 6314 x-kubernetes-preserve-unknown-fields: true 6315 type: object 6316 served: true 6317 storage: false 6318 subresources: 6319 status: {} 6320 - additionalPrinterColumns: 6321 - description: The hosts associated with the ServiceEntry 6322 jsonPath: .spec.hosts 6323 name: Hosts 6324 type: string 6325 - description: Whether the service is external to the mesh or part of the mesh 6326 (MESH_EXTERNAL or MESH_INTERNAL) 6327 jsonPath: .spec.location 6328 name: Location 6329 type: string 6330 - description: Service resolution mode for the hosts (NONE, STATIC, or DNS) 6331 jsonPath: .spec.resolution 6332 name: Resolution 6333 type: string 6334 - description: 'CreationTimestamp is a timestamp representing the server time 6335 when this object was created. It is not guaranteed to be set in happens-before 6336 order across separate operations. Clients may not set this value. It is represented 6337 in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for 6338 lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' 6339 jsonPath: .metadata.creationTimestamp 6340 name: Age 6341 type: date 6342 name: v1beta1 6343 schema: 6344 openAPIV3Schema: 6345 properties: 6346 spec: 6347 description: 'Configuration affecting service registry. See more details 6348 at: https://istio.io/docs/reference/config/networking/service-entry.html' 6349 properties: 6350 addresses: 6351 description: The virtual IP addresses associated with the service. 6352 items: 6353 type: string 6354 type: array 6355 endpoints: 6356 description: One or more endpoints associated with the service. 6357 items: 6358 properties: 6359 address: 6360 description: Address associated with the network endpoint without 6361 the port. 6362 type: string 6363 labels: 6364 additionalProperties: 6365 type: string 6366 description: One or more labels associated with the endpoint. 6367 type: object 6368 locality: 6369 description: The locality associated with the endpoint. 6370 type: string 6371 network: 6372 description: Network enables Istio to group endpoints resident 6373 in the same L3 domain/network. 6374 type: string 6375 ports: 6376 additionalProperties: 6377 maximum: 4294967295 6378 minimum: 0 6379 type: integer 6380 description: Set of ports associated with the endpoint. 6381 type: object 6382 serviceAccount: 6383 description: The service account associated with the workload 6384 if a sidecar is present in the workload. 6385 type: string 6386 weight: 6387 description: The load balancing weight associated with the endpoint. 6388 maximum: 4294967295 6389 minimum: 0 6390 type: integer 6391 type: object 6392 type: array 6393 exportTo: 6394 description: A list of namespaces to which this service is exported. 6395 items: 6396 type: string 6397 type: array 6398 hosts: 6399 description: The hosts associated with the ServiceEntry. 6400 items: 6401 type: string 6402 type: array 6403 location: 6404 description: |- 6405 Specify whether the service should be considered external to the mesh or part of the mesh. 6406 6407 Valid Options: MESH_EXTERNAL, MESH_INTERNAL 6408 enum: 6409 - MESH_EXTERNAL 6410 - MESH_INTERNAL 6411 type: string 6412 ports: 6413 description: The ports associated with the external service. 6414 items: 6415 properties: 6416 name: 6417 description: Label assigned to the port. 6418 type: string 6419 number: 6420 description: A valid non-negative integer port number. 6421 maximum: 4294967295 6422 minimum: 0 6423 type: integer 6424 protocol: 6425 description: The protocol exposed on the port. 6426 type: string 6427 targetPort: 6428 description: The port number on the endpoint where the traffic 6429 will be received. 6430 maximum: 4294967295 6431 minimum: 0 6432 type: integer 6433 required: 6434 - number 6435 - name 6436 type: object 6437 type: array 6438 resolution: 6439 description: |- 6440 Service resolution mode for the hosts. 6441 6442 Valid Options: NONE, STATIC, DNS, DNS_ROUND_ROBIN 6443 enum: 6444 - NONE 6445 - STATIC 6446 - DNS 6447 - DNS_ROUND_ROBIN 6448 type: string 6449 subjectAltNames: 6450 description: If specified, the proxy will verify that the server certificate's 6451 subject alternate name matches one of the specified values. 6452 items: 6453 type: string 6454 type: array 6455 workloadSelector: 6456 description: Applicable only for MESH_INTERNAL services. 6457 properties: 6458 labels: 6459 additionalProperties: 6460 type: string 6461 description: One or more labels that indicate a specific set of 6462 pods/VMs on which the configuration should be applied. 6463 type: object 6464 type: object 6465 required: 6466 - hosts 6467 type: object 6468 status: 6469 type: object 6470 x-kubernetes-preserve-unknown-fields: true 6471 type: object 6472 served: true 6473 storage: true 6474 subresources: 6475 status: {} 6476 --- 6477 apiVersion: apiextensions.k8s.io/v1 6478 kind: CustomResourceDefinition 6479 metadata: 6480 annotations: 6481 "helm.sh/resource-policy": keep 6482 labels: 6483 app: istio-pilot 6484 chart: istio 6485 heritage: Tiller 6486 release: istio 6487 name: sidecars.networking.istio.io 6488 spec: 6489 group: networking.istio.io 6490 names: 6491 categories: 6492 - istio-io 6493 - networking-istio-io 6494 kind: Sidecar 6495 listKind: SidecarList 6496 plural: sidecars 6497 singular: sidecar 6498 scope: Namespaced 6499 versions: 6500 - name: v1 6501 schema: 6502 openAPIV3Schema: 6503 properties: 6504 spec: 6505 description: 'Configuration affecting network reachability of a sidecar. 6506 See more details at: https://istio.io/docs/reference/config/networking/sidecar.html' 6507 properties: 6508 egress: 6509 description: Egress specifies the configuration of the sidecar for 6510 processing outbound traffic from the attached workload instance 6511 to other services in the mesh. 6512 items: 6513 properties: 6514 bind: 6515 description: The IP(IPv4 or IPv6) or the Unix domain socket 6516 to which the listener should be bound to. 6517 type: string 6518 captureMode: 6519 description: |- 6520 When the bind address is an IP, the captureMode option dictates how traffic to the listener is expected to be captured (or not). 6521 6522 Valid Options: DEFAULT, IPTABLES, NONE 6523 enum: 6524 - DEFAULT 6525 - IPTABLES 6526 - NONE 6527 type: string 6528 hosts: 6529 description: One or more service hosts exposed by the listener 6530 in `namespace/dnsName` format. 6531 items: 6532 type: string 6533 type: array 6534 port: 6535 description: The port associated with the listener. 6536 properties: 6537 name: 6538 description: Label assigned to the port. 6539 type: string 6540 number: 6541 description: A valid non-negative integer port number. 6542 maximum: 4294967295 6543 minimum: 0 6544 type: integer 6545 protocol: 6546 description: The protocol exposed on the port. 6547 type: string 6548 targetPort: 6549 maximum: 4294967295 6550 minimum: 0 6551 type: integer 6552 type: object 6553 required: 6554 - hosts 6555 type: object 6556 type: array 6557 inboundConnectionPool: 6558 description: Settings controlling the volume of connections Envoy 6559 will accept from the network. 6560 properties: 6561 http: 6562 description: HTTP connection pool settings. 6563 properties: 6564 h2UpgradePolicy: 6565 description: |- 6566 Specify if http1.1 connection should be upgraded to http2 for the associated destination. 6567 6568 Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE 6569 enum: 6570 - DEFAULT 6571 - DO_NOT_UPGRADE 6572 - UPGRADE 6573 type: string 6574 http1MaxPendingRequests: 6575 description: Maximum number of requests that will be queued 6576 while waiting for a ready connection pool connection. 6577 format: int32 6578 type: integer 6579 http2MaxRequests: 6580 description: Maximum number of active requests to a destination. 6581 format: int32 6582 type: integer 6583 idleTimeout: 6584 description: The idle timeout for upstream connection pool 6585 connections. 6586 type: string 6587 maxConcurrentStreams: 6588 description: The maximum number of concurrent streams allowed 6589 for a peer on one HTTP/2 connection. 6590 format: int32 6591 type: integer 6592 maxRequestsPerConnection: 6593 description: Maximum number of requests per connection to 6594 a backend. 6595 format: int32 6596 type: integer 6597 maxRetries: 6598 description: Maximum number of retries that can be outstanding 6599 to all hosts in a cluster at a given time. 6600 format: int32 6601 type: integer 6602 useClientProtocol: 6603 description: If set to true, client protocol will be preserved 6604 while initiating connection to backend. 6605 type: boolean 6606 type: object 6607 tcp: 6608 description: Settings common to both HTTP and TCP upstream connections. 6609 properties: 6610 connectTimeout: 6611 description: TCP connection timeout. 6612 type: string 6613 idleTimeout: 6614 description: The idle timeout for TCP connections. 6615 type: string 6616 maxConnectionDuration: 6617 description: The maximum duration of a connection. 6618 type: string 6619 maxConnections: 6620 description: Maximum number of HTTP1 /TCP connections to a 6621 destination host. 6622 format: int32 6623 type: integer 6624 tcpKeepalive: 6625 description: If set then set SO_KEEPALIVE on the socket to 6626 enable TCP Keepalives. 6627 properties: 6628 interval: 6629 description: The time duration between keep-alive probes. 6630 type: string 6631 probes: 6632 description: Maximum number of keepalive probes to send 6633 without response before deciding the connection is dead. 6634 maximum: 4294967295 6635 minimum: 0 6636 type: integer 6637 time: 6638 description: The time duration a connection needs to be 6639 idle before keep-alive probes start being sent. 6640 type: string 6641 type: object 6642 type: object 6643 type: object 6644 ingress: 6645 description: Ingress specifies the configuration of the sidecar for 6646 processing inbound traffic to the attached workload instance. 6647 items: 6648 properties: 6649 bind: 6650 description: The IP(IPv4 or IPv6) to which the listener should 6651 be bound. 6652 type: string 6653 captureMode: 6654 description: |- 6655 The captureMode option dictates how traffic to the listener is expected to be captured (or not). 6656 6657 Valid Options: DEFAULT, IPTABLES, NONE 6658 enum: 6659 - DEFAULT 6660 - IPTABLES 6661 - NONE 6662 type: string 6663 connectionPool: 6664 description: Settings controlling the volume of connections 6665 Envoy will accept from the network. 6666 properties: 6667 http: 6668 description: HTTP connection pool settings. 6669 properties: 6670 h2UpgradePolicy: 6671 description: |- 6672 Specify if http1.1 connection should be upgraded to http2 for the associated destination. 6673 6674 Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE 6675 enum: 6676 - DEFAULT 6677 - DO_NOT_UPGRADE 6678 - UPGRADE 6679 type: string 6680 http1MaxPendingRequests: 6681 description: Maximum number of requests that will be 6682 queued while waiting for a ready connection pool connection. 6683 format: int32 6684 type: integer 6685 http2MaxRequests: 6686 description: Maximum number of active requests to a 6687 destination. 6688 format: int32 6689 type: integer 6690 idleTimeout: 6691 description: The idle timeout for upstream connection 6692 pool connections. 6693 type: string 6694 maxConcurrentStreams: 6695 description: The maximum number of concurrent streams 6696 allowed for a peer on one HTTP/2 connection. 6697 format: int32 6698 type: integer 6699 maxRequestsPerConnection: 6700 description: Maximum number of requests per connection 6701 to a backend. 6702 format: int32 6703 type: integer 6704 maxRetries: 6705 description: Maximum number of retries that can be outstanding 6706 to all hosts in a cluster at a given time. 6707 format: int32 6708 type: integer 6709 useClientProtocol: 6710 description: If set to true, client protocol will be 6711 preserved while initiating connection to backend. 6712 type: boolean 6713 type: object 6714 tcp: 6715 description: Settings common to both HTTP and TCP upstream 6716 connections. 6717 properties: 6718 connectTimeout: 6719 description: TCP connection timeout. 6720 type: string 6721 idleTimeout: 6722 description: The idle timeout for TCP connections. 6723 type: string 6724 maxConnectionDuration: 6725 description: The maximum duration of a connection. 6726 type: string 6727 maxConnections: 6728 description: Maximum number of HTTP1 /TCP connections 6729 to a destination host. 6730 format: int32 6731 type: integer 6732 tcpKeepalive: 6733 description: If set then set SO_KEEPALIVE on the socket 6734 to enable TCP Keepalives. 6735 properties: 6736 interval: 6737 description: The time duration between keep-alive 6738 probes. 6739 type: string 6740 probes: 6741 description: Maximum number of keepalive probes 6742 to send without response before deciding the connection 6743 is dead. 6744 maximum: 4294967295 6745 minimum: 0 6746 type: integer 6747 time: 6748 description: The time duration a connection needs 6749 to be idle before keep-alive probes start being 6750 sent. 6751 type: string 6752 type: object 6753 type: object 6754 type: object 6755 defaultEndpoint: 6756 description: The IP endpoint or Unix domain socket to which 6757 traffic should be forwarded to. 6758 type: string 6759 port: 6760 description: The port associated with the listener. 6761 properties: 6762 name: 6763 description: Label assigned to the port. 6764 type: string 6765 number: 6766 description: A valid non-negative integer port number. 6767 maximum: 4294967295 6768 minimum: 0 6769 type: integer 6770 protocol: 6771 description: The protocol exposed on the port. 6772 type: string 6773 targetPort: 6774 maximum: 4294967295 6775 minimum: 0 6776 type: integer 6777 type: object 6778 tls: 6779 description: Set of TLS related options that will enable TLS 6780 termination on the sidecar for requests originating from outside 6781 the mesh. 6782 properties: 6783 caCertificates: 6784 description: REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`. 6785 type: string 6786 caCrl: 6787 description: 'OPTIONAL: The path to the file containing 6788 the certificate revocation list (CRL) to use in verifying 6789 a presented client side certificate.' 6790 type: string 6791 cipherSuites: 6792 description: 'Optional: If specified, only support the specified 6793 cipher list.' 6794 items: 6795 type: string 6796 type: array 6797 credentialName: 6798 description: For gateways running on Kubernetes, the name 6799 of the secret that holds the TLS certs including the CA 6800 certificates. 6801 type: string 6802 httpsRedirect: 6803 description: If set to true, the load balancer will send 6804 a 301 redirect for all http connections, asking the clients 6805 to use HTTPS. 6806 type: boolean 6807 maxProtocolVersion: 6808 description: |- 6809 Optional: Maximum TLS protocol version. 6810 6811 Valid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 6812 enum: 6813 - TLS_AUTO 6814 - TLSV1_0 6815 - TLSV1_1 6816 - TLSV1_2 6817 - TLSV1_3 6818 type: string 6819 minProtocolVersion: 6820 description: |- 6821 Optional: Minimum TLS protocol version. 6822 6823 Valid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 6824 enum: 6825 - TLS_AUTO 6826 - TLSV1_0 6827 - TLSV1_1 6828 - TLSV1_2 6829 - TLSV1_3 6830 type: string 6831 mode: 6832 description: |- 6833 Optional: Indicates whether connections to this port should be secured using TLS. 6834 6835 Valid Options: PASSTHROUGH, SIMPLE, MUTUAL, AUTO_PASSTHROUGH, ISTIO_MUTUAL, OPTIONAL_MUTUAL 6836 enum: 6837 - PASSTHROUGH 6838 - SIMPLE 6839 - MUTUAL 6840 - AUTO_PASSTHROUGH 6841 - ISTIO_MUTUAL 6842 - OPTIONAL_MUTUAL 6843 type: string 6844 privateKey: 6845 description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. 6846 type: string 6847 serverCertificate: 6848 description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. 6849 type: string 6850 subjectAltNames: 6851 description: A list of alternate names to verify the subject 6852 identity in the certificate presented by the client. 6853 items: 6854 type: string 6855 type: array 6856 verifyCertificateHash: 6857 description: An optional list of hex-encoded SHA-256 hashes 6858 of the authorized client certificates. 6859 items: 6860 type: string 6861 type: array 6862 verifyCertificateSpki: 6863 description: An optional list of base64-encoded SHA-256 6864 hashes of the SPKIs of authorized client certificates. 6865 items: 6866 type: string 6867 type: array 6868 type: object 6869 required: 6870 - port 6871 type: object 6872 type: array 6873 outboundTrafficPolicy: 6874 description: Configuration for the outbound traffic policy. 6875 properties: 6876 egressProxy: 6877 properties: 6878 host: 6879 description: The name of a service from the service registry. 6880 type: string 6881 port: 6882 description: Specifies the port on the host that is being 6883 addressed. 6884 properties: 6885 number: 6886 maximum: 4294967295 6887 minimum: 0 6888 type: integer 6889 type: object 6890 subset: 6891 description: The name of a subset within the service. 6892 type: string 6893 required: 6894 - host 6895 type: object 6896 mode: 6897 description: |2- 6898 6899 6900 Valid Options: REGISTRY_ONLY, ALLOW_ANY 6901 enum: 6902 - REGISTRY_ONLY 6903 - ALLOW_ANY 6904 type: string 6905 type: object 6906 workloadSelector: 6907 description: Criteria used to select the specific set of pods/VMs 6908 on which this `Sidecar` configuration should be applied. 6909 properties: 6910 labels: 6911 additionalProperties: 6912 type: string 6913 description: One or more labels that indicate a specific set of 6914 pods/VMs on which the configuration should be applied. 6915 type: object 6916 type: object 6917 type: object 6918 status: 6919 type: object 6920 x-kubernetes-preserve-unknown-fields: true 6921 type: object 6922 served: true 6923 storage: false 6924 subresources: 6925 status: {} 6926 - name: v1alpha3 6927 schema: 6928 openAPIV3Schema: 6929 properties: 6930 spec: 6931 description: 'Configuration affecting network reachability of a sidecar. 6932 See more details at: https://istio.io/docs/reference/config/networking/sidecar.html' 6933 properties: 6934 egress: 6935 description: Egress specifies the configuration of the sidecar for 6936 processing outbound traffic from the attached workload instance 6937 to other services in the mesh. 6938 items: 6939 properties: 6940 bind: 6941 description: The IP(IPv4 or IPv6) or the Unix domain socket 6942 to which the listener should be bound to. 6943 type: string 6944 captureMode: 6945 description: |- 6946 When the bind address is an IP, the captureMode option dictates how traffic to the listener is expected to be captured (or not). 6947 6948 Valid Options: DEFAULT, IPTABLES, NONE 6949 enum: 6950 - DEFAULT 6951 - IPTABLES 6952 - NONE 6953 type: string 6954 hosts: 6955 description: One or more service hosts exposed by the listener 6956 in `namespace/dnsName` format. 6957 items: 6958 type: string 6959 type: array 6960 port: 6961 description: The port associated with the listener. 6962 properties: 6963 name: 6964 description: Label assigned to the port. 6965 type: string 6966 number: 6967 description: A valid non-negative integer port number. 6968 maximum: 4294967295 6969 minimum: 0 6970 type: integer 6971 protocol: 6972 description: The protocol exposed on the port. 6973 type: string 6974 targetPort: 6975 maximum: 4294967295 6976 minimum: 0 6977 type: integer 6978 type: object 6979 required: 6980 - hosts 6981 type: object 6982 type: array 6983 inboundConnectionPool: 6984 description: Settings controlling the volume of connections Envoy 6985 will accept from the network. 6986 properties: 6987 http: 6988 description: HTTP connection pool settings. 6989 properties: 6990 h2UpgradePolicy: 6991 description: |- 6992 Specify if http1.1 connection should be upgraded to http2 for the associated destination. 6993 6994 Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE 6995 enum: 6996 - DEFAULT 6997 - DO_NOT_UPGRADE 6998 - UPGRADE 6999 type: string 7000 http1MaxPendingRequests: 7001 description: Maximum number of requests that will be queued 7002 while waiting for a ready connection pool connection. 7003 format: int32 7004 type: integer 7005 http2MaxRequests: 7006 description: Maximum number of active requests to a destination. 7007 format: int32 7008 type: integer 7009 idleTimeout: 7010 description: The idle timeout for upstream connection pool 7011 connections. 7012 type: string 7013 maxConcurrentStreams: 7014 description: The maximum number of concurrent streams allowed 7015 for a peer on one HTTP/2 connection. 7016 format: int32 7017 type: integer 7018 maxRequestsPerConnection: 7019 description: Maximum number of requests per connection to 7020 a backend. 7021 format: int32 7022 type: integer 7023 maxRetries: 7024 description: Maximum number of retries that can be outstanding 7025 to all hosts in a cluster at a given time. 7026 format: int32 7027 type: integer 7028 useClientProtocol: 7029 description: If set to true, client protocol will be preserved 7030 while initiating connection to backend. 7031 type: boolean 7032 type: object 7033 tcp: 7034 description: Settings common to both HTTP and TCP upstream connections. 7035 properties: 7036 connectTimeout: 7037 description: TCP connection timeout. 7038 type: string 7039 idleTimeout: 7040 description: The idle timeout for TCP connections. 7041 type: string 7042 maxConnectionDuration: 7043 description: The maximum duration of a connection. 7044 type: string 7045 maxConnections: 7046 description: Maximum number of HTTP1 /TCP connections to a 7047 destination host. 7048 format: int32 7049 type: integer 7050 tcpKeepalive: 7051 description: If set then set SO_KEEPALIVE on the socket to 7052 enable TCP Keepalives. 7053 properties: 7054 interval: 7055 description: The time duration between keep-alive probes. 7056 type: string 7057 probes: 7058 description: Maximum number of keepalive probes to send 7059 without response before deciding the connection is dead. 7060 maximum: 4294967295 7061 minimum: 0 7062 type: integer 7063 time: 7064 description: The time duration a connection needs to be 7065 idle before keep-alive probes start being sent. 7066 type: string 7067 type: object 7068 type: object 7069 type: object 7070 ingress: 7071 description: Ingress specifies the configuration of the sidecar for 7072 processing inbound traffic to the attached workload instance. 7073 items: 7074 properties: 7075 bind: 7076 description: The IP(IPv4 or IPv6) to which the listener should 7077 be bound. 7078 type: string 7079 captureMode: 7080 description: |- 7081 The captureMode option dictates how traffic to the listener is expected to be captured (or not). 7082 7083 Valid Options: DEFAULT, IPTABLES, NONE 7084 enum: 7085 - DEFAULT 7086 - IPTABLES 7087 - NONE 7088 type: string 7089 connectionPool: 7090 description: Settings controlling the volume of connections 7091 Envoy will accept from the network. 7092 properties: 7093 http: 7094 description: HTTP connection pool settings. 7095 properties: 7096 h2UpgradePolicy: 7097 description: |- 7098 Specify if http1.1 connection should be upgraded to http2 for the associated destination. 7099 7100 Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE 7101 enum: 7102 - DEFAULT 7103 - DO_NOT_UPGRADE 7104 - UPGRADE 7105 type: string 7106 http1MaxPendingRequests: 7107 description: Maximum number of requests that will be 7108 queued while waiting for a ready connection pool connection. 7109 format: int32 7110 type: integer 7111 http2MaxRequests: 7112 description: Maximum number of active requests to a 7113 destination. 7114 format: int32 7115 type: integer 7116 idleTimeout: 7117 description: The idle timeout for upstream connection 7118 pool connections. 7119 type: string 7120 maxConcurrentStreams: 7121 description: The maximum number of concurrent streams 7122 allowed for a peer on one HTTP/2 connection. 7123 format: int32 7124 type: integer 7125 maxRequestsPerConnection: 7126 description: Maximum number of requests per connection 7127 to a backend. 7128 format: int32 7129 type: integer 7130 maxRetries: 7131 description: Maximum number of retries that can be outstanding 7132 to all hosts in a cluster at a given time. 7133 format: int32 7134 type: integer 7135 useClientProtocol: 7136 description: If set to true, client protocol will be 7137 preserved while initiating connection to backend. 7138 type: boolean 7139 type: object 7140 tcp: 7141 description: Settings common to both HTTP and TCP upstream 7142 connections. 7143 properties: 7144 connectTimeout: 7145 description: TCP connection timeout. 7146 type: string 7147 idleTimeout: 7148 description: The idle timeout for TCP connections. 7149 type: string 7150 maxConnectionDuration: 7151 description: The maximum duration of a connection. 7152 type: string 7153 maxConnections: 7154 description: Maximum number of HTTP1 /TCP connections 7155 to a destination host. 7156 format: int32 7157 type: integer 7158 tcpKeepalive: 7159 description: If set then set SO_KEEPALIVE on the socket 7160 to enable TCP Keepalives. 7161 properties: 7162 interval: 7163 description: The time duration between keep-alive 7164 probes. 7165 type: string 7166 probes: 7167 description: Maximum number of keepalive probes 7168 to send without response before deciding the connection 7169 is dead. 7170 maximum: 4294967295 7171 minimum: 0 7172 type: integer 7173 time: 7174 description: The time duration a connection needs 7175 to be idle before keep-alive probes start being 7176 sent. 7177 type: string 7178 type: object 7179 type: object 7180 type: object 7181 defaultEndpoint: 7182 description: The IP endpoint or Unix domain socket to which 7183 traffic should be forwarded to. 7184 type: string 7185 port: 7186 description: The port associated with the listener. 7187 properties: 7188 name: 7189 description: Label assigned to the port. 7190 type: string 7191 number: 7192 description: A valid non-negative integer port number. 7193 maximum: 4294967295 7194 minimum: 0 7195 type: integer 7196 protocol: 7197 description: The protocol exposed on the port. 7198 type: string 7199 targetPort: 7200 maximum: 4294967295 7201 minimum: 0 7202 type: integer 7203 type: object 7204 tls: 7205 description: Set of TLS related options that will enable TLS 7206 termination on the sidecar for requests originating from outside 7207 the mesh. 7208 properties: 7209 caCertificates: 7210 description: REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`. 7211 type: string 7212 caCrl: 7213 description: 'OPTIONAL: The path to the file containing 7214 the certificate revocation list (CRL) to use in verifying 7215 a presented client side certificate.' 7216 type: string 7217 cipherSuites: 7218 description: 'Optional: If specified, only support the specified 7219 cipher list.' 7220 items: 7221 type: string 7222 type: array 7223 credentialName: 7224 description: For gateways running on Kubernetes, the name 7225 of the secret that holds the TLS certs including the CA 7226 certificates. 7227 type: string 7228 httpsRedirect: 7229 description: If set to true, the load balancer will send 7230 a 301 redirect for all http connections, asking the clients 7231 to use HTTPS. 7232 type: boolean 7233 maxProtocolVersion: 7234 description: |- 7235 Optional: Maximum TLS protocol version. 7236 7237 Valid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 7238 enum: 7239 - TLS_AUTO 7240 - TLSV1_0 7241 - TLSV1_1 7242 - TLSV1_2 7243 - TLSV1_3 7244 type: string 7245 minProtocolVersion: 7246 description: |- 7247 Optional: Minimum TLS protocol version. 7248 7249 Valid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 7250 enum: 7251 - TLS_AUTO 7252 - TLSV1_0 7253 - TLSV1_1 7254 - TLSV1_2 7255 - TLSV1_3 7256 type: string 7257 mode: 7258 description: |- 7259 Optional: Indicates whether connections to this port should be secured using TLS. 7260 7261 Valid Options: PASSTHROUGH, SIMPLE, MUTUAL, AUTO_PASSTHROUGH, ISTIO_MUTUAL, OPTIONAL_MUTUAL 7262 enum: 7263 - PASSTHROUGH 7264 - SIMPLE 7265 - MUTUAL 7266 - AUTO_PASSTHROUGH 7267 - ISTIO_MUTUAL 7268 - OPTIONAL_MUTUAL 7269 type: string 7270 privateKey: 7271 description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. 7272 type: string 7273 serverCertificate: 7274 description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. 7275 type: string 7276 subjectAltNames: 7277 description: A list of alternate names to verify the subject 7278 identity in the certificate presented by the client. 7279 items: 7280 type: string 7281 type: array 7282 verifyCertificateHash: 7283 description: An optional list of hex-encoded SHA-256 hashes 7284 of the authorized client certificates. 7285 items: 7286 type: string 7287 type: array 7288 verifyCertificateSpki: 7289 description: An optional list of base64-encoded SHA-256 7290 hashes of the SPKIs of authorized client certificates. 7291 items: 7292 type: string 7293 type: array 7294 type: object 7295 required: 7296 - port 7297 type: object 7298 type: array 7299 outboundTrafficPolicy: 7300 description: Configuration for the outbound traffic policy. 7301 properties: 7302 egressProxy: 7303 properties: 7304 host: 7305 description: The name of a service from the service registry. 7306 type: string 7307 port: 7308 description: Specifies the port on the host that is being 7309 addressed. 7310 properties: 7311 number: 7312 maximum: 4294967295 7313 minimum: 0 7314 type: integer 7315 type: object 7316 subset: 7317 description: The name of a subset within the service. 7318 type: string 7319 required: 7320 - host 7321 type: object 7322 mode: 7323 description: |2- 7324 7325 7326 Valid Options: REGISTRY_ONLY, ALLOW_ANY 7327 enum: 7328 - REGISTRY_ONLY 7329 - ALLOW_ANY 7330 type: string 7331 type: object 7332 workloadSelector: 7333 description: Criteria used to select the specific set of pods/VMs 7334 on which this `Sidecar` configuration should be applied. 7335 properties: 7336 labels: 7337 additionalProperties: 7338 type: string 7339 description: One or more labels that indicate a specific set of 7340 pods/VMs on which the configuration should be applied. 7341 type: object 7342 type: object 7343 type: object 7344 status: 7345 type: object 7346 x-kubernetes-preserve-unknown-fields: true 7347 type: object 7348 served: true 7349 storage: false 7350 subresources: 7351 status: {} 7352 - name: v1beta1 7353 schema: 7354 openAPIV3Schema: 7355 properties: 7356 spec: 7357 description: 'Configuration affecting network reachability of a sidecar. 7358 See more details at: https://istio.io/docs/reference/config/networking/sidecar.html' 7359 properties: 7360 egress: 7361 description: Egress specifies the configuration of the sidecar for 7362 processing outbound traffic from the attached workload instance 7363 to other services in the mesh. 7364 items: 7365 properties: 7366 bind: 7367 description: The IP(IPv4 or IPv6) or the Unix domain socket 7368 to which the listener should be bound to. 7369 type: string 7370 captureMode: 7371 description: |- 7372 When the bind address is an IP, the captureMode option dictates how traffic to the listener is expected to be captured (or not). 7373 7374 Valid Options: DEFAULT, IPTABLES, NONE 7375 enum: 7376 - DEFAULT 7377 - IPTABLES 7378 - NONE 7379 type: string 7380 hosts: 7381 description: One or more service hosts exposed by the listener 7382 in `namespace/dnsName` format. 7383 items: 7384 type: string 7385 type: array 7386 port: 7387 description: The port associated with the listener. 7388 properties: 7389 name: 7390 description: Label assigned to the port. 7391 type: string 7392 number: 7393 description: A valid non-negative integer port number. 7394 maximum: 4294967295 7395 minimum: 0 7396 type: integer 7397 protocol: 7398 description: The protocol exposed on the port. 7399 type: string 7400 targetPort: 7401 maximum: 4294967295 7402 minimum: 0 7403 type: integer 7404 type: object 7405 required: 7406 - hosts 7407 type: object 7408 type: array 7409 inboundConnectionPool: 7410 description: Settings controlling the volume of connections Envoy 7411 will accept from the network. 7412 properties: 7413 http: 7414 description: HTTP connection pool settings. 7415 properties: 7416 h2UpgradePolicy: 7417 description: |- 7418 Specify if http1.1 connection should be upgraded to http2 for the associated destination. 7419 7420 Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE 7421 enum: 7422 - DEFAULT 7423 - DO_NOT_UPGRADE 7424 - UPGRADE 7425 type: string 7426 http1MaxPendingRequests: 7427 description: Maximum number of requests that will be queued 7428 while waiting for a ready connection pool connection. 7429 format: int32 7430 type: integer 7431 http2MaxRequests: 7432 description: Maximum number of active requests to a destination. 7433 format: int32 7434 type: integer 7435 idleTimeout: 7436 description: The idle timeout for upstream connection pool 7437 connections. 7438 type: string 7439 maxConcurrentStreams: 7440 description: The maximum number of concurrent streams allowed 7441 for a peer on one HTTP/2 connection. 7442 format: int32 7443 type: integer 7444 maxRequestsPerConnection: 7445 description: Maximum number of requests per connection to 7446 a backend. 7447 format: int32 7448 type: integer 7449 maxRetries: 7450 description: Maximum number of retries that can be outstanding 7451 to all hosts in a cluster at a given time. 7452 format: int32 7453 type: integer 7454 useClientProtocol: 7455 description: If set to true, client protocol will be preserved 7456 while initiating connection to backend. 7457 type: boolean 7458 type: object 7459 tcp: 7460 description: Settings common to both HTTP and TCP upstream connections. 7461 properties: 7462 connectTimeout: 7463 description: TCP connection timeout. 7464 type: string 7465 idleTimeout: 7466 description: The idle timeout for TCP connections. 7467 type: string 7468 maxConnectionDuration: 7469 description: The maximum duration of a connection. 7470 type: string 7471 maxConnections: 7472 description: Maximum number of HTTP1 /TCP connections to a 7473 destination host. 7474 format: int32 7475 type: integer 7476 tcpKeepalive: 7477 description: If set then set SO_KEEPALIVE on the socket to 7478 enable TCP Keepalives. 7479 properties: 7480 interval: 7481 description: The time duration between keep-alive probes. 7482 type: string 7483 probes: 7484 description: Maximum number of keepalive probes to send 7485 without response before deciding the connection is dead. 7486 maximum: 4294967295 7487 minimum: 0 7488 type: integer 7489 time: 7490 description: The time duration a connection needs to be 7491 idle before keep-alive probes start being sent. 7492 type: string 7493 type: object 7494 type: object 7495 type: object 7496 ingress: 7497 description: Ingress specifies the configuration of the sidecar for 7498 processing inbound traffic to the attached workload instance. 7499 items: 7500 properties: 7501 bind: 7502 description: The IP(IPv4 or IPv6) to which the listener should 7503 be bound. 7504 type: string 7505 captureMode: 7506 description: |- 7507 The captureMode option dictates how traffic to the listener is expected to be captured (or not). 7508 7509 Valid Options: DEFAULT, IPTABLES, NONE 7510 enum: 7511 - DEFAULT 7512 - IPTABLES 7513 - NONE 7514 type: string 7515 connectionPool: 7516 description: Settings controlling the volume of connections 7517 Envoy will accept from the network. 7518 properties: 7519 http: 7520 description: HTTP connection pool settings. 7521 properties: 7522 h2UpgradePolicy: 7523 description: |- 7524 Specify if http1.1 connection should be upgraded to http2 for the associated destination. 7525 7526 Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE 7527 enum: 7528 - DEFAULT 7529 - DO_NOT_UPGRADE 7530 - UPGRADE 7531 type: string 7532 http1MaxPendingRequests: 7533 description: Maximum number of requests that will be 7534 queued while waiting for a ready connection pool connection. 7535 format: int32 7536 type: integer 7537 http2MaxRequests: 7538 description: Maximum number of active requests to a 7539 destination. 7540 format: int32 7541 type: integer 7542 idleTimeout: 7543 description: The idle timeout for upstream connection 7544 pool connections. 7545 type: string 7546 maxConcurrentStreams: 7547 description: The maximum number of concurrent streams 7548 allowed for a peer on one HTTP/2 connection. 7549 format: int32 7550 type: integer 7551 maxRequestsPerConnection: 7552 description: Maximum number of requests per connection 7553 to a backend. 7554 format: int32 7555 type: integer 7556 maxRetries: 7557 description: Maximum number of retries that can be outstanding 7558 to all hosts in a cluster at a given time. 7559 format: int32 7560 type: integer 7561 useClientProtocol: 7562 description: If set to true, client protocol will be 7563 preserved while initiating connection to backend. 7564 type: boolean 7565 type: object 7566 tcp: 7567 description: Settings common to both HTTP and TCP upstream 7568 connections. 7569 properties: 7570 connectTimeout: 7571 description: TCP connection timeout. 7572 type: string 7573 idleTimeout: 7574 description: The idle timeout for TCP connections. 7575 type: string 7576 maxConnectionDuration: 7577 description: The maximum duration of a connection. 7578 type: string 7579 maxConnections: 7580 description: Maximum number of HTTP1 /TCP connections 7581 to a destination host. 7582 format: int32 7583 type: integer 7584 tcpKeepalive: 7585 description: If set then set SO_KEEPALIVE on the socket 7586 to enable TCP Keepalives. 7587 properties: 7588 interval: 7589 description: The time duration between keep-alive 7590 probes. 7591 type: string 7592 probes: 7593 description: Maximum number of keepalive probes 7594 to send without response before deciding the connection 7595 is dead. 7596 maximum: 4294967295 7597 minimum: 0 7598 type: integer 7599 time: 7600 description: The time duration a connection needs 7601 to be idle before keep-alive probes start being 7602 sent. 7603 type: string 7604 type: object 7605 type: object 7606 type: object 7607 defaultEndpoint: 7608 description: The IP endpoint or Unix domain socket to which 7609 traffic should be forwarded to. 7610 type: string 7611 port: 7612 description: The port associated with the listener. 7613 properties: 7614 name: 7615 description: Label assigned to the port. 7616 type: string 7617 number: 7618 description: A valid non-negative integer port number. 7619 maximum: 4294967295 7620 minimum: 0 7621 type: integer 7622 protocol: 7623 description: The protocol exposed on the port. 7624 type: string 7625 targetPort: 7626 maximum: 4294967295 7627 minimum: 0 7628 type: integer 7629 type: object 7630 tls: 7631 description: Set of TLS related options that will enable TLS 7632 termination on the sidecar for requests originating from outside 7633 the mesh. 7634 properties: 7635 caCertificates: 7636 description: REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`. 7637 type: string 7638 caCrl: 7639 description: 'OPTIONAL: The path to the file containing 7640 the certificate revocation list (CRL) to use in verifying 7641 a presented client side certificate.' 7642 type: string 7643 cipherSuites: 7644 description: 'Optional: If specified, only support the specified 7645 cipher list.' 7646 items: 7647 type: string 7648 type: array 7649 credentialName: 7650 description: For gateways running on Kubernetes, the name 7651 of the secret that holds the TLS certs including the CA 7652 certificates. 7653 type: string 7654 httpsRedirect: 7655 description: If set to true, the load balancer will send 7656 a 301 redirect for all http connections, asking the clients 7657 to use HTTPS. 7658 type: boolean 7659 maxProtocolVersion: 7660 description: |- 7661 Optional: Maximum TLS protocol version. 7662 7663 Valid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 7664 enum: 7665 - TLS_AUTO 7666 - TLSV1_0 7667 - TLSV1_1 7668 - TLSV1_2 7669 - TLSV1_3 7670 type: string 7671 minProtocolVersion: 7672 description: |- 7673 Optional: Minimum TLS protocol version. 7674 7675 Valid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 7676 enum: 7677 - TLS_AUTO 7678 - TLSV1_0 7679 - TLSV1_1 7680 - TLSV1_2 7681 - TLSV1_3 7682 type: string 7683 mode: 7684 description: |- 7685 Optional: Indicates whether connections to this port should be secured using TLS. 7686 7687 Valid Options: PASSTHROUGH, SIMPLE, MUTUAL, AUTO_PASSTHROUGH, ISTIO_MUTUAL, OPTIONAL_MUTUAL 7688 enum: 7689 - PASSTHROUGH 7690 - SIMPLE 7691 - MUTUAL 7692 - AUTO_PASSTHROUGH 7693 - ISTIO_MUTUAL 7694 - OPTIONAL_MUTUAL 7695 type: string 7696 privateKey: 7697 description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. 7698 type: string 7699 serverCertificate: 7700 description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. 7701 type: string 7702 subjectAltNames: 7703 description: A list of alternate names to verify the subject 7704 identity in the certificate presented by the client. 7705 items: 7706 type: string 7707 type: array 7708 verifyCertificateHash: 7709 description: An optional list of hex-encoded SHA-256 hashes 7710 of the authorized client certificates. 7711 items: 7712 type: string 7713 type: array 7714 verifyCertificateSpki: 7715 description: An optional list of base64-encoded SHA-256 7716 hashes of the SPKIs of authorized client certificates. 7717 items: 7718 type: string 7719 type: array 7720 type: object 7721 required: 7722 - port 7723 type: object 7724 type: array 7725 outboundTrafficPolicy: 7726 description: Configuration for the outbound traffic policy. 7727 properties: 7728 egressProxy: 7729 properties: 7730 host: 7731 description: The name of a service from the service registry. 7732 type: string 7733 port: 7734 description: Specifies the port on the host that is being 7735 addressed. 7736 properties: 7737 number: 7738 maximum: 4294967295 7739 minimum: 0 7740 type: integer 7741 type: object 7742 subset: 7743 description: The name of a subset within the service. 7744 type: string 7745 required: 7746 - host 7747 type: object 7748 mode: 7749 description: |2- 7750 7751 7752 Valid Options: REGISTRY_ONLY, ALLOW_ANY 7753 enum: 7754 - REGISTRY_ONLY 7755 - ALLOW_ANY 7756 type: string 7757 type: object 7758 workloadSelector: 7759 description: Criteria used to select the specific set of pods/VMs 7760 on which this `Sidecar` configuration should be applied. 7761 properties: 7762 labels: 7763 additionalProperties: 7764 type: string 7765 description: One or more labels that indicate a specific set of 7766 pods/VMs on which the configuration should be applied. 7767 type: object 7768 type: object 7769 type: object 7770 status: 7771 type: object 7772 x-kubernetes-preserve-unknown-fields: true 7773 type: object 7774 served: true 7775 storage: true 7776 subresources: 7777 status: {} 7778 --- 7779 apiVersion: apiextensions.k8s.io/v1 7780 kind: CustomResourceDefinition 7781 metadata: 7782 annotations: 7783 "helm.sh/resource-policy": keep 7784 labels: 7785 app: istio-pilot 7786 chart: istio 7787 heritage: Tiller 7788 release: istio 7789 name: virtualservices.networking.istio.io 7790 spec: 7791 group: networking.istio.io 7792 names: 7793 categories: 7794 - istio-io 7795 - networking-istio-io 7796 kind: VirtualService 7797 listKind: VirtualServiceList 7798 plural: virtualservices 7799 shortNames: 7800 - vs 7801 singular: virtualservice 7802 scope: Namespaced 7803 versions: 7804 - additionalPrinterColumns: 7805 - description: The names of gateways and sidecars that should apply these routes 7806 jsonPath: .spec.gateways 7807 name: Gateways 7808 type: string 7809 - description: The destination hosts to which traffic is being sent 7810 jsonPath: .spec.hosts 7811 name: Hosts 7812 type: string 7813 - description: 'CreationTimestamp is a timestamp representing the server time 7814 when this object was created. It is not guaranteed to be set in happens-before 7815 order across separate operations. Clients may not set this value. It is represented 7816 in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for 7817 lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' 7818 jsonPath: .metadata.creationTimestamp 7819 name: Age 7820 type: date 7821 name: v1 7822 schema: 7823 openAPIV3Schema: 7824 properties: 7825 spec: 7826 description: 'Configuration affecting label/content routing, sni routing, 7827 etc. See more details at: https://istio.io/docs/reference/config/networking/virtual-service.html' 7828 properties: 7829 exportTo: 7830 description: A list of namespaces to which this virtual service is 7831 exported. 7832 items: 7833 type: string 7834 type: array 7835 gateways: 7836 description: The names of gateways and sidecars that should apply 7837 these routes. 7838 items: 7839 type: string 7840 type: array 7841 hosts: 7842 description: The destination hosts to which traffic is being sent. 7843 items: 7844 type: string 7845 type: array 7846 http: 7847 description: An ordered list of route rules for HTTP traffic. 7848 items: 7849 properties: 7850 corsPolicy: 7851 description: Cross-Origin Resource Sharing policy (CORS). 7852 properties: 7853 allowCredentials: 7854 description: Indicates whether the caller is allowed to 7855 send the actual request (not the preflight) using credentials. 7856 nullable: true 7857 type: boolean 7858 allowHeaders: 7859 description: List of HTTP headers that can be used when 7860 requesting the resource. 7861 items: 7862 type: string 7863 type: array 7864 allowMethods: 7865 description: List of HTTP methods allowed to access the 7866 resource. 7867 items: 7868 type: string 7869 type: array 7870 allowOrigin: 7871 items: 7872 type: string 7873 type: array 7874 allowOrigins: 7875 description: String patterns that match allowed origins. 7876 items: 7877 oneOf: 7878 - not: 7879 anyOf: 7880 - required: 7881 - exact 7882 - required: 7883 - prefix 7884 - required: 7885 - regex 7886 - required: 7887 - exact 7888 - required: 7889 - prefix 7890 - required: 7891 - regex 7892 properties: 7893 exact: 7894 type: string 7895 prefix: 7896 type: string 7897 regex: 7898 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 7899 type: string 7900 type: object 7901 type: array 7902 exposeHeaders: 7903 description: A list of HTTP headers that the browsers are 7904 allowed to access. 7905 items: 7906 type: string 7907 type: array 7908 maxAge: 7909 description: Specifies how long the results of a preflight 7910 request can be cached. 7911 type: string 7912 unmatchedPreflights: 7913 description: |- 7914 Indicates whether preflight requests not matching the configured allowed origin shouldn't be forwarded to the upstream. 7915 7916 Valid Options: FORWARD, IGNORE 7917 enum: 7918 - UNSPECIFIED 7919 - FORWARD 7920 - IGNORE 7921 type: string 7922 type: object 7923 delegate: 7924 description: Delegate is used to specify the particular VirtualService 7925 which can be used to define delegate HTTPRoute. 7926 properties: 7927 name: 7928 description: Name specifies the name of the delegate VirtualService. 7929 type: string 7930 namespace: 7931 description: Namespace specifies the namespace where the 7932 delegate VirtualService resides. 7933 type: string 7934 type: object 7935 directResponse: 7936 description: A HTTP rule can either return a direct_response, 7937 redirect or forward (default) traffic. 7938 properties: 7939 body: 7940 description: Specifies the content of the response body. 7941 oneOf: 7942 - not: 7943 anyOf: 7944 - required: 7945 - string 7946 - required: 7947 - bytes 7948 - required: 7949 - string 7950 - required: 7951 - bytes 7952 properties: 7953 bytes: 7954 description: response body as base64 encoded bytes. 7955 format: binary 7956 type: string 7957 string: 7958 type: string 7959 type: object 7960 status: 7961 description: Specifies the HTTP response status to be returned. 7962 maximum: 4294967295 7963 minimum: 0 7964 type: integer 7965 required: 7966 - status 7967 type: object 7968 fault: 7969 description: Fault injection policy to apply on HTTP traffic 7970 at the client side. 7971 properties: 7972 abort: 7973 description: Abort Http request attempts and return error 7974 codes back to downstream service, giving the impression 7975 that the upstream service is faulty. 7976 oneOf: 7977 - not: 7978 anyOf: 7979 - required: 7980 - httpStatus 7981 - required: 7982 - grpcStatus 7983 - required: 7984 - http2Error 7985 - required: 7986 - httpStatus 7987 - required: 7988 - grpcStatus 7989 - required: 7990 - http2Error 7991 properties: 7992 grpcStatus: 7993 description: GRPC status code to use to abort the request. 7994 type: string 7995 http2Error: 7996 type: string 7997 httpStatus: 7998 description: HTTP status code to use to abort the Http 7999 request. 8000 format: int32 8001 type: integer 8002 percentage: 8003 description: Percentage of requests to be aborted with 8004 the error code provided. 8005 properties: 8006 value: 8007 format: double 8008 type: number 8009 type: object 8010 type: object 8011 delay: 8012 description: Delay requests before forwarding, emulating 8013 various failures such as network issues, overloaded upstream 8014 service, etc. 8015 oneOf: 8016 - not: 8017 anyOf: 8018 - required: 8019 - fixedDelay 8020 - required: 8021 - exponentialDelay 8022 - required: 8023 - fixedDelay 8024 - required: 8025 - exponentialDelay 8026 properties: 8027 exponentialDelay: 8028 type: string 8029 fixedDelay: 8030 description: Add a fixed delay before forwarding the 8031 request. 8032 type: string 8033 percent: 8034 description: Percentage of requests on which the delay 8035 will be injected (0-100). 8036 format: int32 8037 type: integer 8038 percentage: 8039 description: Percentage of requests on which the delay 8040 will be injected. 8041 properties: 8042 value: 8043 format: double 8044 type: number 8045 type: object 8046 type: object 8047 type: object 8048 headers: 8049 properties: 8050 request: 8051 properties: 8052 add: 8053 additionalProperties: 8054 type: string 8055 type: object 8056 remove: 8057 items: 8058 type: string 8059 type: array 8060 set: 8061 additionalProperties: 8062 type: string 8063 type: object 8064 type: object 8065 response: 8066 properties: 8067 add: 8068 additionalProperties: 8069 type: string 8070 type: object 8071 remove: 8072 items: 8073 type: string 8074 type: array 8075 set: 8076 additionalProperties: 8077 type: string 8078 type: object 8079 type: object 8080 type: object 8081 match: 8082 description: Match conditions to be satisfied for the rule to 8083 be activated. 8084 items: 8085 properties: 8086 authority: 8087 description: 'HTTP Authority values are case-sensitive 8088 and formatted as follows: - `exact: "value"` for exact 8089 string match - `prefix: "value"` for prefix-based match 8090 - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).' 8091 oneOf: 8092 - not: 8093 anyOf: 8094 - required: 8095 - exact 8096 - required: 8097 - prefix 8098 - required: 8099 - regex 8100 - required: 8101 - exact 8102 - required: 8103 - prefix 8104 - required: 8105 - regex 8106 properties: 8107 exact: 8108 type: string 8109 prefix: 8110 type: string 8111 regex: 8112 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 8113 type: string 8114 type: object 8115 gateways: 8116 description: Names of gateways where the rule should be 8117 applied. 8118 items: 8119 type: string 8120 type: array 8121 headers: 8122 additionalProperties: 8123 oneOf: 8124 - not: 8125 anyOf: 8126 - required: 8127 - exact 8128 - required: 8129 - prefix 8130 - required: 8131 - regex 8132 - required: 8133 - exact 8134 - required: 8135 - prefix 8136 - required: 8137 - regex 8138 properties: 8139 exact: 8140 type: string 8141 prefix: 8142 type: string 8143 regex: 8144 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 8145 type: string 8146 type: object 8147 description: The header keys must be lowercase and use 8148 hyphen as the separator, e.g. 8149 type: object 8150 ignoreUriCase: 8151 description: Flag to specify whether the URI matching 8152 should be case-insensitive. 8153 type: boolean 8154 method: 8155 description: 'HTTP Method values are case-sensitive and 8156 formatted as follows: - `exact: "value"` for exact string 8157 match - `prefix: "value"` for prefix-based match - `regex: 8158 "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).' 8159 oneOf: 8160 - not: 8161 anyOf: 8162 - required: 8163 - exact 8164 - required: 8165 - prefix 8166 - required: 8167 - regex 8168 - required: 8169 - exact 8170 - required: 8171 - prefix 8172 - required: 8173 - regex 8174 properties: 8175 exact: 8176 type: string 8177 prefix: 8178 type: string 8179 regex: 8180 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 8181 type: string 8182 type: object 8183 name: 8184 description: The name assigned to a match. 8185 type: string 8186 port: 8187 description: Specifies the ports on the host that is being 8188 addressed. 8189 maximum: 4294967295 8190 minimum: 0 8191 type: integer 8192 queryParams: 8193 additionalProperties: 8194 oneOf: 8195 - not: 8196 anyOf: 8197 - required: 8198 - exact 8199 - required: 8200 - prefix 8201 - required: 8202 - regex 8203 - required: 8204 - exact 8205 - required: 8206 - prefix 8207 - required: 8208 - regex 8209 properties: 8210 exact: 8211 type: string 8212 prefix: 8213 type: string 8214 regex: 8215 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 8216 type: string 8217 type: object 8218 description: Query parameters for matching. 8219 type: object 8220 scheme: 8221 description: 'URI Scheme values are case-sensitive and 8222 formatted as follows: - `exact: "value"` for exact string 8223 match - `prefix: "value"` for prefix-based match - `regex: 8224 "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).' 8225 oneOf: 8226 - not: 8227 anyOf: 8228 - required: 8229 - exact 8230 - required: 8231 - prefix 8232 - required: 8233 - regex 8234 - required: 8235 - exact 8236 - required: 8237 - prefix 8238 - required: 8239 - regex 8240 properties: 8241 exact: 8242 type: string 8243 prefix: 8244 type: string 8245 regex: 8246 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 8247 type: string 8248 type: object 8249 sourceLabels: 8250 additionalProperties: 8251 type: string 8252 description: One or more labels that constrain the applicability 8253 of a rule to source (client) workloads with the given 8254 labels. 8255 type: object 8256 sourceNamespace: 8257 description: Source namespace constraining the applicability 8258 of a rule to workloads in that namespace. 8259 type: string 8260 statPrefix: 8261 description: The human readable prefix to use when emitting 8262 statistics for this route. 8263 type: string 8264 uri: 8265 description: 'URI to match values are case-sensitive and 8266 formatted as follows: - `exact: "value"` for exact string 8267 match - `prefix: "value"` for prefix-based match - `regex: 8268 "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).' 8269 oneOf: 8270 - not: 8271 anyOf: 8272 - required: 8273 - exact 8274 - required: 8275 - prefix 8276 - required: 8277 - regex 8278 - required: 8279 - exact 8280 - required: 8281 - prefix 8282 - required: 8283 - regex 8284 properties: 8285 exact: 8286 type: string 8287 prefix: 8288 type: string 8289 regex: 8290 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 8291 type: string 8292 type: object 8293 withoutHeaders: 8294 additionalProperties: 8295 oneOf: 8296 - not: 8297 anyOf: 8298 - required: 8299 - exact 8300 - required: 8301 - prefix 8302 - required: 8303 - regex 8304 - required: 8305 - exact 8306 - required: 8307 - prefix 8308 - required: 8309 - regex 8310 properties: 8311 exact: 8312 type: string 8313 prefix: 8314 type: string 8315 regex: 8316 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 8317 type: string 8318 type: object 8319 description: withoutHeader has the same syntax with the 8320 header, but has opposite meaning. 8321 type: object 8322 type: object 8323 type: array 8324 mirror: 8325 description: Mirror HTTP traffic to a another destination in 8326 addition to forwarding the requests to the intended destination. 8327 properties: 8328 host: 8329 description: The name of a service from the service registry. 8330 type: string 8331 port: 8332 description: Specifies the port on the host that is being 8333 addressed. 8334 properties: 8335 number: 8336 maximum: 4294967295 8337 minimum: 0 8338 type: integer 8339 type: object 8340 subset: 8341 description: The name of a subset within the service. 8342 type: string 8343 required: 8344 - host 8345 type: object 8346 mirror_percent: 8347 maximum: 4294967295 8348 minimum: 0 8349 nullable: true 8350 type: integer 8351 mirrorPercent: 8352 maximum: 4294967295 8353 minimum: 0 8354 nullable: true 8355 type: integer 8356 mirrorPercentage: 8357 description: Percentage of the traffic to be mirrored by the 8358 `mirror` field. 8359 properties: 8360 value: 8361 format: double 8362 type: number 8363 type: object 8364 mirrors: 8365 description: Specifies the destinations to mirror HTTP traffic 8366 in addition to the original destination. 8367 items: 8368 properties: 8369 destination: 8370 description: Destination specifies the target of the mirror 8371 operation. 8372 properties: 8373 host: 8374 description: The name of a service from the service 8375 registry. 8376 type: string 8377 port: 8378 description: Specifies the port on the host that is 8379 being addressed. 8380 properties: 8381 number: 8382 maximum: 4294967295 8383 minimum: 0 8384 type: integer 8385 type: object 8386 subset: 8387 description: The name of a subset within the service. 8388 type: string 8389 required: 8390 - host 8391 type: object 8392 percentage: 8393 description: Percentage of the traffic to be mirrored 8394 by the `destination` field. 8395 properties: 8396 value: 8397 format: double 8398 type: number 8399 type: object 8400 required: 8401 - destination 8402 type: object 8403 type: array 8404 name: 8405 description: The name assigned to the route for debugging purposes. 8406 type: string 8407 redirect: 8408 description: A HTTP rule can either return a direct_response, 8409 redirect or forward (default) traffic. 8410 oneOf: 8411 - not: 8412 anyOf: 8413 - required: 8414 - port 8415 - required: 8416 - derivePort 8417 - required: 8418 - port 8419 - required: 8420 - derivePort 8421 properties: 8422 authority: 8423 description: On a redirect, overwrite the Authority/Host 8424 portion of the URL with this value. 8425 type: string 8426 derivePort: 8427 description: |- 8428 On a redirect, dynamically set the port: * FROM_PROTOCOL_DEFAULT: automatically set to 80 for HTTP and 443 for HTTPS. 8429 8430 Valid Options: FROM_PROTOCOL_DEFAULT, FROM_REQUEST_PORT 8431 enum: 8432 - FROM_PROTOCOL_DEFAULT 8433 - FROM_REQUEST_PORT 8434 type: string 8435 port: 8436 description: On a redirect, overwrite the port portion of 8437 the URL with this value. 8438 maximum: 4294967295 8439 minimum: 0 8440 type: integer 8441 redirectCode: 8442 description: On a redirect, Specifies the HTTP status code 8443 to use in the redirect response. 8444 maximum: 4294967295 8445 minimum: 0 8446 type: integer 8447 scheme: 8448 description: On a redirect, overwrite the scheme portion 8449 of the URL with this value. 8450 type: string 8451 uri: 8452 description: On a redirect, overwrite the Path portion of 8453 the URL with this value. 8454 type: string 8455 type: object 8456 retries: 8457 description: Retry policy for HTTP requests. 8458 properties: 8459 attempts: 8460 description: Number of retries to be allowed for a given 8461 request. 8462 format: int32 8463 type: integer 8464 perTryTimeout: 8465 description: Timeout per attempt for a given request, including 8466 the initial call and any retries. 8467 type: string 8468 retryOn: 8469 description: Specifies the conditions under which retry 8470 takes place. 8471 type: string 8472 retryRemoteLocalities: 8473 description: Flag to specify whether the retries should 8474 retry to other localities. 8475 nullable: true 8476 type: boolean 8477 type: object 8478 rewrite: 8479 description: Rewrite HTTP URIs and Authority headers. 8480 properties: 8481 authority: 8482 description: rewrite the Authority/Host header with this 8483 value. 8484 type: string 8485 uri: 8486 description: rewrite the path (or the prefix) portion of 8487 the URI with this value. 8488 type: string 8489 uriRegexRewrite: 8490 description: rewrite the path portion of the URI with the 8491 specified regex. 8492 properties: 8493 match: 8494 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 8495 type: string 8496 rewrite: 8497 description: The string that should replace into matching 8498 portions of original URI. 8499 type: string 8500 type: object 8501 type: object 8502 route: 8503 description: A HTTP rule can either return a direct_response, 8504 redirect or forward (default) traffic. 8505 items: 8506 properties: 8507 destination: 8508 description: Destination uniquely identifies the instances 8509 of a service to which the request/connection should 8510 be forwarded to. 8511 properties: 8512 host: 8513 description: The name of a service from the service 8514 registry. 8515 type: string 8516 port: 8517 description: Specifies the port on the host that is 8518 being addressed. 8519 properties: 8520 number: 8521 maximum: 4294967295 8522 minimum: 0 8523 type: integer 8524 type: object 8525 subset: 8526 description: The name of a subset within the service. 8527 type: string 8528 required: 8529 - host 8530 type: object 8531 headers: 8532 properties: 8533 request: 8534 properties: 8535 add: 8536 additionalProperties: 8537 type: string 8538 type: object 8539 remove: 8540 items: 8541 type: string 8542 type: array 8543 set: 8544 additionalProperties: 8545 type: string 8546 type: object 8547 type: object 8548 response: 8549 properties: 8550 add: 8551 additionalProperties: 8552 type: string 8553 type: object 8554 remove: 8555 items: 8556 type: string 8557 type: array 8558 set: 8559 additionalProperties: 8560 type: string 8561 type: object 8562 type: object 8563 type: object 8564 weight: 8565 description: Weight specifies the relative proportion 8566 of traffic to be forwarded to the destination. 8567 format: int32 8568 type: integer 8569 required: 8570 - destination 8571 type: object 8572 type: array 8573 timeout: 8574 description: Timeout for HTTP requests, default is disabled. 8575 type: string 8576 type: object 8577 type: array 8578 tcp: 8579 description: An ordered list of route rules for opaque TCP traffic. 8580 items: 8581 properties: 8582 match: 8583 description: Match conditions to be satisfied for the rule to 8584 be activated. 8585 items: 8586 properties: 8587 destinationSubnets: 8588 description: IPv4 or IPv6 ip addresses of destination 8589 with optional subnet. 8590 items: 8591 type: string 8592 type: array 8593 gateways: 8594 description: Names of gateways where the rule should be 8595 applied. 8596 items: 8597 type: string 8598 type: array 8599 port: 8600 description: Specifies the port on the host that is being 8601 addressed. 8602 maximum: 4294967295 8603 minimum: 0 8604 type: integer 8605 sourceLabels: 8606 additionalProperties: 8607 type: string 8608 description: One or more labels that constrain the applicability 8609 of a rule to workloads with the given labels. 8610 type: object 8611 sourceNamespace: 8612 description: Source namespace constraining the applicability 8613 of a rule to workloads in that namespace. 8614 type: string 8615 sourceSubnet: 8616 type: string 8617 type: object 8618 type: array 8619 route: 8620 description: The destination to which the connection should 8621 be forwarded to. 8622 items: 8623 properties: 8624 destination: 8625 description: Destination uniquely identifies the instances 8626 of a service to which the request/connection should 8627 be forwarded to. 8628 properties: 8629 host: 8630 description: The name of a service from the service 8631 registry. 8632 type: string 8633 port: 8634 description: Specifies the port on the host that is 8635 being addressed. 8636 properties: 8637 number: 8638 maximum: 4294967295 8639 minimum: 0 8640 type: integer 8641 type: object 8642 subset: 8643 description: The name of a subset within the service. 8644 type: string 8645 required: 8646 - host 8647 type: object 8648 weight: 8649 description: Weight specifies the relative proportion 8650 of traffic to be forwarded to the destination. 8651 format: int32 8652 type: integer 8653 required: 8654 - destination 8655 type: object 8656 type: array 8657 type: object 8658 type: array 8659 tls: 8660 description: An ordered list of route rule for non-terminated TLS 8661 & HTTPS traffic. 8662 items: 8663 properties: 8664 match: 8665 description: Match conditions to be satisfied for the rule to 8666 be activated. 8667 items: 8668 properties: 8669 destinationSubnets: 8670 description: IPv4 or IPv6 ip addresses of destination 8671 with optional subnet. 8672 items: 8673 type: string 8674 type: array 8675 gateways: 8676 description: Names of gateways where the rule should be 8677 applied. 8678 items: 8679 type: string 8680 type: array 8681 port: 8682 description: Specifies the port on the host that is being 8683 addressed. 8684 maximum: 4294967295 8685 minimum: 0 8686 type: integer 8687 sniHosts: 8688 description: SNI (server name indicator) to match on. 8689 items: 8690 type: string 8691 type: array 8692 sourceLabels: 8693 additionalProperties: 8694 type: string 8695 description: One or more labels that constrain the applicability 8696 of a rule to workloads with the given labels. 8697 type: object 8698 sourceNamespace: 8699 description: Source namespace constraining the applicability 8700 of a rule to workloads in that namespace. 8701 type: string 8702 required: 8703 - sniHosts 8704 type: object 8705 type: array 8706 route: 8707 description: The destination to which the connection should 8708 be forwarded to. 8709 items: 8710 properties: 8711 destination: 8712 description: Destination uniquely identifies the instances 8713 of a service to which the request/connection should 8714 be forwarded to. 8715 properties: 8716 host: 8717 description: The name of a service from the service 8718 registry. 8719 type: string 8720 port: 8721 description: Specifies the port on the host that is 8722 being addressed. 8723 properties: 8724 number: 8725 maximum: 4294967295 8726 minimum: 0 8727 type: integer 8728 type: object 8729 subset: 8730 description: The name of a subset within the service. 8731 type: string 8732 required: 8733 - host 8734 type: object 8735 weight: 8736 description: Weight specifies the relative proportion 8737 of traffic to be forwarded to the destination. 8738 format: int32 8739 type: integer 8740 required: 8741 - destination 8742 type: object 8743 type: array 8744 required: 8745 - match 8746 type: object 8747 type: array 8748 type: object 8749 status: 8750 type: object 8751 x-kubernetes-preserve-unknown-fields: true 8752 type: object 8753 served: true 8754 storage: false 8755 subresources: 8756 status: {} 8757 - additionalPrinterColumns: 8758 - description: The names of gateways and sidecars that should apply these routes 8759 jsonPath: .spec.gateways 8760 name: Gateways 8761 type: string 8762 - description: The destination hosts to which traffic is being sent 8763 jsonPath: .spec.hosts 8764 name: Hosts 8765 type: string 8766 - description: 'CreationTimestamp is a timestamp representing the server time 8767 when this object was created. It is not guaranteed to be set in happens-before 8768 order across separate operations. Clients may not set this value. It is represented 8769 in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for 8770 lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' 8771 jsonPath: .metadata.creationTimestamp 8772 name: Age 8773 type: date 8774 name: v1alpha3 8775 schema: 8776 openAPIV3Schema: 8777 properties: 8778 spec: 8779 description: 'Configuration affecting label/content routing, sni routing, 8780 etc. See more details at: https://istio.io/docs/reference/config/networking/virtual-service.html' 8781 properties: 8782 exportTo: 8783 description: A list of namespaces to which this virtual service is 8784 exported. 8785 items: 8786 type: string 8787 type: array 8788 gateways: 8789 description: The names of gateways and sidecars that should apply 8790 these routes. 8791 items: 8792 type: string 8793 type: array 8794 hosts: 8795 description: The destination hosts to which traffic is being sent. 8796 items: 8797 type: string 8798 type: array 8799 http: 8800 description: An ordered list of route rules for HTTP traffic. 8801 items: 8802 properties: 8803 corsPolicy: 8804 description: Cross-Origin Resource Sharing policy (CORS). 8805 properties: 8806 allowCredentials: 8807 description: Indicates whether the caller is allowed to 8808 send the actual request (not the preflight) using credentials. 8809 nullable: true 8810 type: boolean 8811 allowHeaders: 8812 description: List of HTTP headers that can be used when 8813 requesting the resource. 8814 items: 8815 type: string 8816 type: array 8817 allowMethods: 8818 description: List of HTTP methods allowed to access the 8819 resource. 8820 items: 8821 type: string 8822 type: array 8823 allowOrigin: 8824 items: 8825 type: string 8826 type: array 8827 allowOrigins: 8828 description: String patterns that match allowed origins. 8829 items: 8830 oneOf: 8831 - not: 8832 anyOf: 8833 - required: 8834 - exact 8835 - required: 8836 - prefix 8837 - required: 8838 - regex 8839 - required: 8840 - exact 8841 - required: 8842 - prefix 8843 - required: 8844 - regex 8845 properties: 8846 exact: 8847 type: string 8848 prefix: 8849 type: string 8850 regex: 8851 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 8852 type: string 8853 type: object 8854 type: array 8855 exposeHeaders: 8856 description: A list of HTTP headers that the browsers are 8857 allowed to access. 8858 items: 8859 type: string 8860 type: array 8861 maxAge: 8862 description: Specifies how long the results of a preflight 8863 request can be cached. 8864 type: string 8865 unmatchedPreflights: 8866 description: |- 8867 Indicates whether preflight requests not matching the configured allowed origin shouldn't be forwarded to the upstream. 8868 8869 Valid Options: FORWARD, IGNORE 8870 enum: 8871 - UNSPECIFIED 8872 - FORWARD 8873 - IGNORE 8874 type: string 8875 type: object 8876 delegate: 8877 description: Delegate is used to specify the particular VirtualService 8878 which can be used to define delegate HTTPRoute. 8879 properties: 8880 name: 8881 description: Name specifies the name of the delegate VirtualService. 8882 type: string 8883 namespace: 8884 description: Namespace specifies the namespace where the 8885 delegate VirtualService resides. 8886 type: string 8887 type: object 8888 directResponse: 8889 description: A HTTP rule can either return a direct_response, 8890 redirect or forward (default) traffic. 8891 properties: 8892 body: 8893 description: Specifies the content of the response body. 8894 oneOf: 8895 - not: 8896 anyOf: 8897 - required: 8898 - string 8899 - required: 8900 - bytes 8901 - required: 8902 - string 8903 - required: 8904 - bytes 8905 properties: 8906 bytes: 8907 description: response body as base64 encoded bytes. 8908 format: binary 8909 type: string 8910 string: 8911 type: string 8912 type: object 8913 status: 8914 description: Specifies the HTTP response status to be returned. 8915 maximum: 4294967295 8916 minimum: 0 8917 type: integer 8918 required: 8919 - status 8920 type: object 8921 fault: 8922 description: Fault injection policy to apply on HTTP traffic 8923 at the client side. 8924 properties: 8925 abort: 8926 description: Abort Http request attempts and return error 8927 codes back to downstream service, giving the impression 8928 that the upstream service is faulty. 8929 oneOf: 8930 - not: 8931 anyOf: 8932 - required: 8933 - httpStatus 8934 - required: 8935 - grpcStatus 8936 - required: 8937 - http2Error 8938 - required: 8939 - httpStatus 8940 - required: 8941 - grpcStatus 8942 - required: 8943 - http2Error 8944 properties: 8945 grpcStatus: 8946 description: GRPC status code to use to abort the request. 8947 type: string 8948 http2Error: 8949 type: string 8950 httpStatus: 8951 description: HTTP status code to use to abort the Http 8952 request. 8953 format: int32 8954 type: integer 8955 percentage: 8956 description: Percentage of requests to be aborted with 8957 the error code provided. 8958 properties: 8959 value: 8960 format: double 8961 type: number 8962 type: object 8963 type: object 8964 delay: 8965 description: Delay requests before forwarding, emulating 8966 various failures such as network issues, overloaded upstream 8967 service, etc. 8968 oneOf: 8969 - not: 8970 anyOf: 8971 - required: 8972 - fixedDelay 8973 - required: 8974 - exponentialDelay 8975 - required: 8976 - fixedDelay 8977 - required: 8978 - exponentialDelay 8979 properties: 8980 exponentialDelay: 8981 type: string 8982 fixedDelay: 8983 description: Add a fixed delay before forwarding the 8984 request. 8985 type: string 8986 percent: 8987 description: Percentage of requests on which the delay 8988 will be injected (0-100). 8989 format: int32 8990 type: integer 8991 percentage: 8992 description: Percentage of requests on which the delay 8993 will be injected. 8994 properties: 8995 value: 8996 format: double 8997 type: number 8998 type: object 8999 type: object 9000 type: object 9001 headers: 9002 properties: 9003 request: 9004 properties: 9005 add: 9006 additionalProperties: 9007 type: string 9008 type: object 9009 remove: 9010 items: 9011 type: string 9012 type: array 9013 set: 9014 additionalProperties: 9015 type: string 9016 type: object 9017 type: object 9018 response: 9019 properties: 9020 add: 9021 additionalProperties: 9022 type: string 9023 type: object 9024 remove: 9025 items: 9026 type: string 9027 type: array 9028 set: 9029 additionalProperties: 9030 type: string 9031 type: object 9032 type: object 9033 type: object 9034 match: 9035 description: Match conditions to be satisfied for the rule to 9036 be activated. 9037 items: 9038 properties: 9039 authority: 9040 description: 'HTTP Authority values are case-sensitive 9041 and formatted as follows: - `exact: "value"` for exact 9042 string match - `prefix: "value"` for prefix-based match 9043 - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).' 9044 oneOf: 9045 - not: 9046 anyOf: 9047 - required: 9048 - exact 9049 - required: 9050 - prefix 9051 - required: 9052 - regex 9053 - required: 9054 - exact 9055 - required: 9056 - prefix 9057 - required: 9058 - regex 9059 properties: 9060 exact: 9061 type: string 9062 prefix: 9063 type: string 9064 regex: 9065 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 9066 type: string 9067 type: object 9068 gateways: 9069 description: Names of gateways where the rule should be 9070 applied. 9071 items: 9072 type: string 9073 type: array 9074 headers: 9075 additionalProperties: 9076 oneOf: 9077 - not: 9078 anyOf: 9079 - required: 9080 - exact 9081 - required: 9082 - prefix 9083 - required: 9084 - regex 9085 - required: 9086 - exact 9087 - required: 9088 - prefix 9089 - required: 9090 - regex 9091 properties: 9092 exact: 9093 type: string 9094 prefix: 9095 type: string 9096 regex: 9097 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 9098 type: string 9099 type: object 9100 description: The header keys must be lowercase and use 9101 hyphen as the separator, e.g. 9102 type: object 9103 ignoreUriCase: 9104 description: Flag to specify whether the URI matching 9105 should be case-insensitive. 9106 type: boolean 9107 method: 9108 description: 'HTTP Method values are case-sensitive and 9109 formatted as follows: - `exact: "value"` for exact string 9110 match - `prefix: "value"` for prefix-based match - `regex: 9111 "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).' 9112 oneOf: 9113 - not: 9114 anyOf: 9115 - required: 9116 - exact 9117 - required: 9118 - prefix 9119 - required: 9120 - regex 9121 - required: 9122 - exact 9123 - required: 9124 - prefix 9125 - required: 9126 - regex 9127 properties: 9128 exact: 9129 type: string 9130 prefix: 9131 type: string 9132 regex: 9133 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 9134 type: string 9135 type: object 9136 name: 9137 description: The name assigned to a match. 9138 type: string 9139 port: 9140 description: Specifies the ports on the host that is being 9141 addressed. 9142 maximum: 4294967295 9143 minimum: 0 9144 type: integer 9145 queryParams: 9146 additionalProperties: 9147 oneOf: 9148 - not: 9149 anyOf: 9150 - required: 9151 - exact 9152 - required: 9153 - prefix 9154 - required: 9155 - regex 9156 - required: 9157 - exact 9158 - required: 9159 - prefix 9160 - required: 9161 - regex 9162 properties: 9163 exact: 9164 type: string 9165 prefix: 9166 type: string 9167 regex: 9168 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 9169 type: string 9170 type: object 9171 description: Query parameters for matching. 9172 type: object 9173 scheme: 9174 description: 'URI Scheme values are case-sensitive and 9175 formatted as follows: - `exact: "value"` for exact string 9176 match - `prefix: "value"` for prefix-based match - `regex: 9177 "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).' 9178 oneOf: 9179 - not: 9180 anyOf: 9181 - required: 9182 - exact 9183 - required: 9184 - prefix 9185 - required: 9186 - regex 9187 - required: 9188 - exact 9189 - required: 9190 - prefix 9191 - required: 9192 - regex 9193 properties: 9194 exact: 9195 type: string 9196 prefix: 9197 type: string 9198 regex: 9199 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 9200 type: string 9201 type: object 9202 sourceLabels: 9203 additionalProperties: 9204 type: string 9205 description: One or more labels that constrain the applicability 9206 of a rule to source (client) workloads with the given 9207 labels. 9208 type: object 9209 sourceNamespace: 9210 description: Source namespace constraining the applicability 9211 of a rule to workloads in that namespace. 9212 type: string 9213 statPrefix: 9214 description: The human readable prefix to use when emitting 9215 statistics for this route. 9216 type: string 9217 uri: 9218 description: 'URI to match values are case-sensitive and 9219 formatted as follows: - `exact: "value"` for exact string 9220 match - `prefix: "value"` for prefix-based match - `regex: 9221 "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).' 9222 oneOf: 9223 - not: 9224 anyOf: 9225 - required: 9226 - exact 9227 - required: 9228 - prefix 9229 - required: 9230 - regex 9231 - required: 9232 - exact 9233 - required: 9234 - prefix 9235 - required: 9236 - regex 9237 properties: 9238 exact: 9239 type: string 9240 prefix: 9241 type: string 9242 regex: 9243 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 9244 type: string 9245 type: object 9246 withoutHeaders: 9247 additionalProperties: 9248 oneOf: 9249 - not: 9250 anyOf: 9251 - required: 9252 - exact 9253 - required: 9254 - prefix 9255 - required: 9256 - regex 9257 - required: 9258 - exact 9259 - required: 9260 - prefix 9261 - required: 9262 - regex 9263 properties: 9264 exact: 9265 type: string 9266 prefix: 9267 type: string 9268 regex: 9269 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 9270 type: string 9271 type: object 9272 description: withoutHeader has the same syntax with the 9273 header, but has opposite meaning. 9274 type: object 9275 type: object 9276 type: array 9277 mirror: 9278 description: Mirror HTTP traffic to a another destination in 9279 addition to forwarding the requests to the intended destination. 9280 properties: 9281 host: 9282 description: The name of a service from the service registry. 9283 type: string 9284 port: 9285 description: Specifies the port on the host that is being 9286 addressed. 9287 properties: 9288 number: 9289 maximum: 4294967295 9290 minimum: 0 9291 type: integer 9292 type: object 9293 subset: 9294 description: The name of a subset within the service. 9295 type: string 9296 required: 9297 - host 9298 type: object 9299 mirror_percent: 9300 maximum: 4294967295 9301 minimum: 0 9302 nullable: true 9303 type: integer 9304 mirrorPercent: 9305 maximum: 4294967295 9306 minimum: 0 9307 nullable: true 9308 type: integer 9309 mirrorPercentage: 9310 description: Percentage of the traffic to be mirrored by the 9311 `mirror` field. 9312 properties: 9313 value: 9314 format: double 9315 type: number 9316 type: object 9317 mirrors: 9318 description: Specifies the destinations to mirror HTTP traffic 9319 in addition to the original destination. 9320 items: 9321 properties: 9322 destination: 9323 description: Destination specifies the target of the mirror 9324 operation. 9325 properties: 9326 host: 9327 description: The name of a service from the service 9328 registry. 9329 type: string 9330 port: 9331 description: Specifies the port on the host that is 9332 being addressed. 9333 properties: 9334 number: 9335 maximum: 4294967295 9336 minimum: 0 9337 type: integer 9338 type: object 9339 subset: 9340 description: The name of a subset within the service. 9341 type: string 9342 required: 9343 - host 9344 type: object 9345 percentage: 9346 description: Percentage of the traffic to be mirrored 9347 by the `destination` field. 9348 properties: 9349 value: 9350 format: double 9351 type: number 9352 type: object 9353 required: 9354 - destination 9355 type: object 9356 type: array 9357 name: 9358 description: The name assigned to the route for debugging purposes. 9359 type: string 9360 redirect: 9361 description: A HTTP rule can either return a direct_response, 9362 redirect or forward (default) traffic. 9363 oneOf: 9364 - not: 9365 anyOf: 9366 - required: 9367 - port 9368 - required: 9369 - derivePort 9370 - required: 9371 - port 9372 - required: 9373 - derivePort 9374 properties: 9375 authority: 9376 description: On a redirect, overwrite the Authority/Host 9377 portion of the URL with this value. 9378 type: string 9379 derivePort: 9380 description: |- 9381 On a redirect, dynamically set the port: * FROM_PROTOCOL_DEFAULT: automatically set to 80 for HTTP and 443 for HTTPS. 9382 9383 Valid Options: FROM_PROTOCOL_DEFAULT, FROM_REQUEST_PORT 9384 enum: 9385 - FROM_PROTOCOL_DEFAULT 9386 - FROM_REQUEST_PORT 9387 type: string 9388 port: 9389 description: On a redirect, overwrite the port portion of 9390 the URL with this value. 9391 maximum: 4294967295 9392 minimum: 0 9393 type: integer 9394 redirectCode: 9395 description: On a redirect, Specifies the HTTP status code 9396 to use in the redirect response. 9397 maximum: 4294967295 9398 minimum: 0 9399 type: integer 9400 scheme: 9401 description: On a redirect, overwrite the scheme portion 9402 of the URL with this value. 9403 type: string 9404 uri: 9405 description: On a redirect, overwrite the Path portion of 9406 the URL with this value. 9407 type: string 9408 type: object 9409 retries: 9410 description: Retry policy for HTTP requests. 9411 properties: 9412 attempts: 9413 description: Number of retries to be allowed for a given 9414 request. 9415 format: int32 9416 type: integer 9417 perTryTimeout: 9418 description: Timeout per attempt for a given request, including 9419 the initial call and any retries. 9420 type: string 9421 retryOn: 9422 description: Specifies the conditions under which retry 9423 takes place. 9424 type: string 9425 retryRemoteLocalities: 9426 description: Flag to specify whether the retries should 9427 retry to other localities. 9428 nullable: true 9429 type: boolean 9430 type: object 9431 rewrite: 9432 description: Rewrite HTTP URIs and Authority headers. 9433 properties: 9434 authority: 9435 description: rewrite the Authority/Host header with this 9436 value. 9437 type: string 9438 uri: 9439 description: rewrite the path (or the prefix) portion of 9440 the URI with this value. 9441 type: string 9442 uriRegexRewrite: 9443 description: rewrite the path portion of the URI with the 9444 specified regex. 9445 properties: 9446 match: 9447 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 9448 type: string 9449 rewrite: 9450 description: The string that should replace into matching 9451 portions of original URI. 9452 type: string 9453 type: object 9454 type: object 9455 route: 9456 description: A HTTP rule can either return a direct_response, 9457 redirect or forward (default) traffic. 9458 items: 9459 properties: 9460 destination: 9461 description: Destination uniquely identifies the instances 9462 of a service to which the request/connection should 9463 be forwarded to. 9464 properties: 9465 host: 9466 description: The name of a service from the service 9467 registry. 9468 type: string 9469 port: 9470 description: Specifies the port on the host that is 9471 being addressed. 9472 properties: 9473 number: 9474 maximum: 4294967295 9475 minimum: 0 9476 type: integer 9477 type: object 9478 subset: 9479 description: The name of a subset within the service. 9480 type: string 9481 required: 9482 - host 9483 type: object 9484 headers: 9485 properties: 9486 request: 9487 properties: 9488 add: 9489 additionalProperties: 9490 type: string 9491 type: object 9492 remove: 9493 items: 9494 type: string 9495 type: array 9496 set: 9497 additionalProperties: 9498 type: string 9499 type: object 9500 type: object 9501 response: 9502 properties: 9503 add: 9504 additionalProperties: 9505 type: string 9506 type: object 9507 remove: 9508 items: 9509 type: string 9510 type: array 9511 set: 9512 additionalProperties: 9513 type: string 9514 type: object 9515 type: object 9516 type: object 9517 weight: 9518 description: Weight specifies the relative proportion 9519 of traffic to be forwarded to the destination. 9520 format: int32 9521 type: integer 9522 required: 9523 - destination 9524 type: object 9525 type: array 9526 timeout: 9527 description: Timeout for HTTP requests, default is disabled. 9528 type: string 9529 type: object 9530 type: array 9531 tcp: 9532 description: An ordered list of route rules for opaque TCP traffic. 9533 items: 9534 properties: 9535 match: 9536 description: Match conditions to be satisfied for the rule to 9537 be activated. 9538 items: 9539 properties: 9540 destinationSubnets: 9541 description: IPv4 or IPv6 ip addresses of destination 9542 with optional subnet. 9543 items: 9544 type: string 9545 type: array 9546 gateways: 9547 description: Names of gateways where the rule should be 9548 applied. 9549 items: 9550 type: string 9551 type: array 9552 port: 9553 description: Specifies the port on the host that is being 9554 addressed. 9555 maximum: 4294967295 9556 minimum: 0 9557 type: integer 9558 sourceLabels: 9559 additionalProperties: 9560 type: string 9561 description: One or more labels that constrain the applicability 9562 of a rule to workloads with the given labels. 9563 type: object 9564 sourceNamespace: 9565 description: Source namespace constraining the applicability 9566 of a rule to workloads in that namespace. 9567 type: string 9568 sourceSubnet: 9569 type: string 9570 type: object 9571 type: array 9572 route: 9573 description: The destination to which the connection should 9574 be forwarded to. 9575 items: 9576 properties: 9577 destination: 9578 description: Destination uniquely identifies the instances 9579 of a service to which the request/connection should 9580 be forwarded to. 9581 properties: 9582 host: 9583 description: The name of a service from the service 9584 registry. 9585 type: string 9586 port: 9587 description: Specifies the port on the host that is 9588 being addressed. 9589 properties: 9590 number: 9591 maximum: 4294967295 9592 minimum: 0 9593 type: integer 9594 type: object 9595 subset: 9596 description: The name of a subset within the service. 9597 type: string 9598 required: 9599 - host 9600 type: object 9601 weight: 9602 description: Weight specifies the relative proportion 9603 of traffic to be forwarded to the destination. 9604 format: int32 9605 type: integer 9606 required: 9607 - destination 9608 type: object 9609 type: array 9610 type: object 9611 type: array 9612 tls: 9613 description: An ordered list of route rule for non-terminated TLS 9614 & HTTPS traffic. 9615 items: 9616 properties: 9617 match: 9618 description: Match conditions to be satisfied for the rule to 9619 be activated. 9620 items: 9621 properties: 9622 destinationSubnets: 9623 description: IPv4 or IPv6 ip addresses of destination 9624 with optional subnet. 9625 items: 9626 type: string 9627 type: array 9628 gateways: 9629 description: Names of gateways where the rule should be 9630 applied. 9631 items: 9632 type: string 9633 type: array 9634 port: 9635 description: Specifies the port on the host that is being 9636 addressed. 9637 maximum: 4294967295 9638 minimum: 0 9639 type: integer 9640 sniHosts: 9641 description: SNI (server name indicator) to match on. 9642 items: 9643 type: string 9644 type: array 9645 sourceLabels: 9646 additionalProperties: 9647 type: string 9648 description: One or more labels that constrain the applicability 9649 of a rule to workloads with the given labels. 9650 type: object 9651 sourceNamespace: 9652 description: Source namespace constraining the applicability 9653 of a rule to workloads in that namespace. 9654 type: string 9655 required: 9656 - sniHosts 9657 type: object 9658 type: array 9659 route: 9660 description: The destination to which the connection should 9661 be forwarded to. 9662 items: 9663 properties: 9664 destination: 9665 description: Destination uniquely identifies the instances 9666 of a service to which the request/connection should 9667 be forwarded to. 9668 properties: 9669 host: 9670 description: The name of a service from the service 9671 registry. 9672 type: string 9673 port: 9674 description: Specifies the port on the host that is 9675 being addressed. 9676 properties: 9677 number: 9678 maximum: 4294967295 9679 minimum: 0 9680 type: integer 9681 type: object 9682 subset: 9683 description: The name of a subset within the service. 9684 type: string 9685 required: 9686 - host 9687 type: object 9688 weight: 9689 description: Weight specifies the relative proportion 9690 of traffic to be forwarded to the destination. 9691 format: int32 9692 type: integer 9693 required: 9694 - destination 9695 type: object 9696 type: array 9697 required: 9698 - match 9699 type: object 9700 type: array 9701 type: object 9702 status: 9703 type: object 9704 x-kubernetes-preserve-unknown-fields: true 9705 type: object 9706 served: true 9707 storage: false 9708 subresources: 9709 status: {} 9710 - additionalPrinterColumns: 9711 - description: The names of gateways and sidecars that should apply these routes 9712 jsonPath: .spec.gateways 9713 name: Gateways 9714 type: string 9715 - description: The destination hosts to which traffic is being sent 9716 jsonPath: .spec.hosts 9717 name: Hosts 9718 type: string 9719 - description: 'CreationTimestamp is a timestamp representing the server time 9720 when this object was created. It is not guaranteed to be set in happens-before 9721 order across separate operations. Clients may not set this value. It is represented 9722 in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for 9723 lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' 9724 jsonPath: .metadata.creationTimestamp 9725 name: Age 9726 type: date 9727 name: v1beta1 9728 schema: 9729 openAPIV3Schema: 9730 properties: 9731 spec: 9732 description: 'Configuration affecting label/content routing, sni routing, 9733 etc. See more details at: https://istio.io/docs/reference/config/networking/virtual-service.html' 9734 properties: 9735 exportTo: 9736 description: A list of namespaces to which this virtual service is 9737 exported. 9738 items: 9739 type: string 9740 type: array 9741 gateways: 9742 description: The names of gateways and sidecars that should apply 9743 these routes. 9744 items: 9745 type: string 9746 type: array 9747 hosts: 9748 description: The destination hosts to which traffic is being sent. 9749 items: 9750 type: string 9751 type: array 9752 http: 9753 description: An ordered list of route rules for HTTP traffic. 9754 items: 9755 properties: 9756 corsPolicy: 9757 description: Cross-Origin Resource Sharing policy (CORS). 9758 properties: 9759 allowCredentials: 9760 description: Indicates whether the caller is allowed to 9761 send the actual request (not the preflight) using credentials. 9762 nullable: true 9763 type: boolean 9764 allowHeaders: 9765 description: List of HTTP headers that can be used when 9766 requesting the resource. 9767 items: 9768 type: string 9769 type: array 9770 allowMethods: 9771 description: List of HTTP methods allowed to access the 9772 resource. 9773 items: 9774 type: string 9775 type: array 9776 allowOrigin: 9777 items: 9778 type: string 9779 type: array 9780 allowOrigins: 9781 description: String patterns that match allowed origins. 9782 items: 9783 oneOf: 9784 - not: 9785 anyOf: 9786 - required: 9787 - exact 9788 - required: 9789 - prefix 9790 - required: 9791 - regex 9792 - required: 9793 - exact 9794 - required: 9795 - prefix 9796 - required: 9797 - regex 9798 properties: 9799 exact: 9800 type: string 9801 prefix: 9802 type: string 9803 regex: 9804 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 9805 type: string 9806 type: object 9807 type: array 9808 exposeHeaders: 9809 description: A list of HTTP headers that the browsers are 9810 allowed to access. 9811 items: 9812 type: string 9813 type: array 9814 maxAge: 9815 description: Specifies how long the results of a preflight 9816 request can be cached. 9817 type: string 9818 unmatchedPreflights: 9819 description: |- 9820 Indicates whether preflight requests not matching the configured allowed origin shouldn't be forwarded to the upstream. 9821 9822 Valid Options: FORWARD, IGNORE 9823 enum: 9824 - UNSPECIFIED 9825 - FORWARD 9826 - IGNORE 9827 type: string 9828 type: object 9829 delegate: 9830 description: Delegate is used to specify the particular VirtualService 9831 which can be used to define delegate HTTPRoute. 9832 properties: 9833 name: 9834 description: Name specifies the name of the delegate VirtualService. 9835 type: string 9836 namespace: 9837 description: Namespace specifies the namespace where the 9838 delegate VirtualService resides. 9839 type: string 9840 type: object 9841 directResponse: 9842 description: A HTTP rule can either return a direct_response, 9843 redirect or forward (default) traffic. 9844 properties: 9845 body: 9846 description: Specifies the content of the response body. 9847 oneOf: 9848 - not: 9849 anyOf: 9850 - required: 9851 - string 9852 - required: 9853 - bytes 9854 - required: 9855 - string 9856 - required: 9857 - bytes 9858 properties: 9859 bytes: 9860 description: response body as base64 encoded bytes. 9861 format: binary 9862 type: string 9863 string: 9864 type: string 9865 type: object 9866 status: 9867 description: Specifies the HTTP response status to be returned. 9868 maximum: 4294967295 9869 minimum: 0 9870 type: integer 9871 required: 9872 - status 9873 type: object 9874 fault: 9875 description: Fault injection policy to apply on HTTP traffic 9876 at the client side. 9877 properties: 9878 abort: 9879 description: Abort Http request attempts and return error 9880 codes back to downstream service, giving the impression 9881 that the upstream service is faulty. 9882 oneOf: 9883 - not: 9884 anyOf: 9885 - required: 9886 - httpStatus 9887 - required: 9888 - grpcStatus 9889 - required: 9890 - http2Error 9891 - required: 9892 - httpStatus 9893 - required: 9894 - grpcStatus 9895 - required: 9896 - http2Error 9897 properties: 9898 grpcStatus: 9899 description: GRPC status code to use to abort the request. 9900 type: string 9901 http2Error: 9902 type: string 9903 httpStatus: 9904 description: HTTP status code to use to abort the Http 9905 request. 9906 format: int32 9907 type: integer 9908 percentage: 9909 description: Percentage of requests to be aborted with 9910 the error code provided. 9911 properties: 9912 value: 9913 format: double 9914 type: number 9915 type: object 9916 type: object 9917 delay: 9918 description: Delay requests before forwarding, emulating 9919 various failures such as network issues, overloaded upstream 9920 service, etc. 9921 oneOf: 9922 - not: 9923 anyOf: 9924 - required: 9925 - fixedDelay 9926 - required: 9927 - exponentialDelay 9928 - required: 9929 - fixedDelay 9930 - required: 9931 - exponentialDelay 9932 properties: 9933 exponentialDelay: 9934 type: string 9935 fixedDelay: 9936 description: Add a fixed delay before forwarding the 9937 request. 9938 type: string 9939 percent: 9940 description: Percentage of requests on which the delay 9941 will be injected (0-100). 9942 format: int32 9943 type: integer 9944 percentage: 9945 description: Percentage of requests on which the delay 9946 will be injected. 9947 properties: 9948 value: 9949 format: double 9950 type: number 9951 type: object 9952 type: object 9953 type: object 9954 headers: 9955 properties: 9956 request: 9957 properties: 9958 add: 9959 additionalProperties: 9960 type: string 9961 type: object 9962 remove: 9963 items: 9964 type: string 9965 type: array 9966 set: 9967 additionalProperties: 9968 type: string 9969 type: object 9970 type: object 9971 response: 9972 properties: 9973 add: 9974 additionalProperties: 9975 type: string 9976 type: object 9977 remove: 9978 items: 9979 type: string 9980 type: array 9981 set: 9982 additionalProperties: 9983 type: string 9984 type: object 9985 type: object 9986 type: object 9987 match: 9988 description: Match conditions to be satisfied for the rule to 9989 be activated. 9990 items: 9991 properties: 9992 authority: 9993 description: 'HTTP Authority values are case-sensitive 9994 and formatted as follows: - `exact: "value"` for exact 9995 string match - `prefix: "value"` for prefix-based match 9996 - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).' 9997 oneOf: 9998 - not: 9999 anyOf: 10000 - required: 10001 - exact 10002 - required: 10003 - prefix 10004 - required: 10005 - regex 10006 - required: 10007 - exact 10008 - required: 10009 - prefix 10010 - required: 10011 - regex 10012 properties: 10013 exact: 10014 type: string 10015 prefix: 10016 type: string 10017 regex: 10018 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 10019 type: string 10020 type: object 10021 gateways: 10022 description: Names of gateways where the rule should be 10023 applied. 10024 items: 10025 type: string 10026 type: array 10027 headers: 10028 additionalProperties: 10029 oneOf: 10030 - not: 10031 anyOf: 10032 - required: 10033 - exact 10034 - required: 10035 - prefix 10036 - required: 10037 - regex 10038 - required: 10039 - exact 10040 - required: 10041 - prefix 10042 - required: 10043 - regex 10044 properties: 10045 exact: 10046 type: string 10047 prefix: 10048 type: string 10049 regex: 10050 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 10051 type: string 10052 type: object 10053 description: The header keys must be lowercase and use 10054 hyphen as the separator, e.g. 10055 type: object 10056 ignoreUriCase: 10057 description: Flag to specify whether the URI matching 10058 should be case-insensitive. 10059 type: boolean 10060 method: 10061 description: 'HTTP Method values are case-sensitive and 10062 formatted as follows: - `exact: "value"` for exact string 10063 match - `prefix: "value"` for prefix-based match - `regex: 10064 "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).' 10065 oneOf: 10066 - not: 10067 anyOf: 10068 - required: 10069 - exact 10070 - required: 10071 - prefix 10072 - required: 10073 - regex 10074 - required: 10075 - exact 10076 - required: 10077 - prefix 10078 - required: 10079 - regex 10080 properties: 10081 exact: 10082 type: string 10083 prefix: 10084 type: string 10085 regex: 10086 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 10087 type: string 10088 type: object 10089 name: 10090 description: The name assigned to a match. 10091 type: string 10092 port: 10093 description: Specifies the ports on the host that is being 10094 addressed. 10095 maximum: 4294967295 10096 minimum: 0 10097 type: integer 10098 queryParams: 10099 additionalProperties: 10100 oneOf: 10101 - not: 10102 anyOf: 10103 - required: 10104 - exact 10105 - required: 10106 - prefix 10107 - required: 10108 - regex 10109 - required: 10110 - exact 10111 - required: 10112 - prefix 10113 - required: 10114 - regex 10115 properties: 10116 exact: 10117 type: string 10118 prefix: 10119 type: string 10120 regex: 10121 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 10122 type: string 10123 type: object 10124 description: Query parameters for matching. 10125 type: object 10126 scheme: 10127 description: 'URI Scheme values are case-sensitive and 10128 formatted as follows: - `exact: "value"` for exact string 10129 match - `prefix: "value"` for prefix-based match - `regex: 10130 "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).' 10131 oneOf: 10132 - not: 10133 anyOf: 10134 - required: 10135 - exact 10136 - required: 10137 - prefix 10138 - required: 10139 - regex 10140 - required: 10141 - exact 10142 - required: 10143 - prefix 10144 - required: 10145 - regex 10146 properties: 10147 exact: 10148 type: string 10149 prefix: 10150 type: string 10151 regex: 10152 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 10153 type: string 10154 type: object 10155 sourceLabels: 10156 additionalProperties: 10157 type: string 10158 description: One or more labels that constrain the applicability 10159 of a rule to source (client) workloads with the given 10160 labels. 10161 type: object 10162 sourceNamespace: 10163 description: Source namespace constraining the applicability 10164 of a rule to workloads in that namespace. 10165 type: string 10166 statPrefix: 10167 description: The human readable prefix to use when emitting 10168 statistics for this route. 10169 type: string 10170 uri: 10171 description: 'URI to match values are case-sensitive and 10172 formatted as follows: - `exact: "value"` for exact string 10173 match - `prefix: "value"` for prefix-based match - `regex: 10174 "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).' 10175 oneOf: 10176 - not: 10177 anyOf: 10178 - required: 10179 - exact 10180 - required: 10181 - prefix 10182 - required: 10183 - regex 10184 - required: 10185 - exact 10186 - required: 10187 - prefix 10188 - required: 10189 - regex 10190 properties: 10191 exact: 10192 type: string 10193 prefix: 10194 type: string 10195 regex: 10196 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 10197 type: string 10198 type: object 10199 withoutHeaders: 10200 additionalProperties: 10201 oneOf: 10202 - not: 10203 anyOf: 10204 - required: 10205 - exact 10206 - required: 10207 - prefix 10208 - required: 10209 - regex 10210 - required: 10211 - exact 10212 - required: 10213 - prefix 10214 - required: 10215 - regex 10216 properties: 10217 exact: 10218 type: string 10219 prefix: 10220 type: string 10221 regex: 10222 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 10223 type: string 10224 type: object 10225 description: withoutHeader has the same syntax with the 10226 header, but has opposite meaning. 10227 type: object 10228 type: object 10229 type: array 10230 mirror: 10231 description: Mirror HTTP traffic to a another destination in 10232 addition to forwarding the requests to the intended destination. 10233 properties: 10234 host: 10235 description: The name of a service from the service registry. 10236 type: string 10237 port: 10238 description: Specifies the port on the host that is being 10239 addressed. 10240 properties: 10241 number: 10242 maximum: 4294967295 10243 minimum: 0 10244 type: integer 10245 type: object 10246 subset: 10247 description: The name of a subset within the service. 10248 type: string 10249 required: 10250 - host 10251 type: object 10252 mirror_percent: 10253 maximum: 4294967295 10254 minimum: 0 10255 nullable: true 10256 type: integer 10257 mirrorPercent: 10258 maximum: 4294967295 10259 minimum: 0 10260 nullable: true 10261 type: integer 10262 mirrorPercentage: 10263 description: Percentage of the traffic to be mirrored by the 10264 `mirror` field. 10265 properties: 10266 value: 10267 format: double 10268 type: number 10269 type: object 10270 mirrors: 10271 description: Specifies the destinations to mirror HTTP traffic 10272 in addition to the original destination. 10273 items: 10274 properties: 10275 destination: 10276 description: Destination specifies the target of the mirror 10277 operation. 10278 properties: 10279 host: 10280 description: The name of a service from the service 10281 registry. 10282 type: string 10283 port: 10284 description: Specifies the port on the host that is 10285 being addressed. 10286 properties: 10287 number: 10288 maximum: 4294967295 10289 minimum: 0 10290 type: integer 10291 type: object 10292 subset: 10293 description: The name of a subset within the service. 10294 type: string 10295 required: 10296 - host 10297 type: object 10298 percentage: 10299 description: Percentage of the traffic to be mirrored 10300 by the `destination` field. 10301 properties: 10302 value: 10303 format: double 10304 type: number 10305 type: object 10306 required: 10307 - destination 10308 type: object 10309 type: array 10310 name: 10311 description: The name assigned to the route for debugging purposes. 10312 type: string 10313 redirect: 10314 description: A HTTP rule can either return a direct_response, 10315 redirect or forward (default) traffic. 10316 oneOf: 10317 - not: 10318 anyOf: 10319 - required: 10320 - port 10321 - required: 10322 - derivePort 10323 - required: 10324 - port 10325 - required: 10326 - derivePort 10327 properties: 10328 authority: 10329 description: On a redirect, overwrite the Authority/Host 10330 portion of the URL with this value. 10331 type: string 10332 derivePort: 10333 description: |- 10334 On a redirect, dynamically set the port: * FROM_PROTOCOL_DEFAULT: automatically set to 80 for HTTP and 443 for HTTPS. 10335 10336 Valid Options: FROM_PROTOCOL_DEFAULT, FROM_REQUEST_PORT 10337 enum: 10338 - FROM_PROTOCOL_DEFAULT 10339 - FROM_REQUEST_PORT 10340 type: string 10341 port: 10342 description: On a redirect, overwrite the port portion of 10343 the URL with this value. 10344 maximum: 4294967295 10345 minimum: 0 10346 type: integer 10347 redirectCode: 10348 description: On a redirect, Specifies the HTTP status code 10349 to use in the redirect response. 10350 maximum: 4294967295 10351 minimum: 0 10352 type: integer 10353 scheme: 10354 description: On a redirect, overwrite the scheme portion 10355 of the URL with this value. 10356 type: string 10357 uri: 10358 description: On a redirect, overwrite the Path portion of 10359 the URL with this value. 10360 type: string 10361 type: object 10362 retries: 10363 description: Retry policy for HTTP requests. 10364 properties: 10365 attempts: 10366 description: Number of retries to be allowed for a given 10367 request. 10368 format: int32 10369 type: integer 10370 perTryTimeout: 10371 description: Timeout per attempt for a given request, including 10372 the initial call and any retries. 10373 type: string 10374 retryOn: 10375 description: Specifies the conditions under which retry 10376 takes place. 10377 type: string 10378 retryRemoteLocalities: 10379 description: Flag to specify whether the retries should 10380 retry to other localities. 10381 nullable: true 10382 type: boolean 10383 type: object 10384 rewrite: 10385 description: Rewrite HTTP URIs and Authority headers. 10386 properties: 10387 authority: 10388 description: rewrite the Authority/Host header with this 10389 value. 10390 type: string 10391 uri: 10392 description: rewrite the path (or the prefix) portion of 10393 the URI with this value. 10394 type: string 10395 uriRegexRewrite: 10396 description: rewrite the path portion of the URI with the 10397 specified regex. 10398 properties: 10399 match: 10400 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 10401 type: string 10402 rewrite: 10403 description: The string that should replace into matching 10404 portions of original URI. 10405 type: string 10406 type: object 10407 type: object 10408 route: 10409 description: A HTTP rule can either return a direct_response, 10410 redirect or forward (default) traffic. 10411 items: 10412 properties: 10413 destination: 10414 description: Destination uniquely identifies the instances 10415 of a service to which the request/connection should 10416 be forwarded to. 10417 properties: 10418 host: 10419 description: The name of a service from the service 10420 registry. 10421 type: string 10422 port: 10423 description: Specifies the port on the host that is 10424 being addressed. 10425 properties: 10426 number: 10427 maximum: 4294967295 10428 minimum: 0 10429 type: integer 10430 type: object 10431 subset: 10432 description: The name of a subset within the service. 10433 type: string 10434 required: 10435 - host 10436 type: object 10437 headers: 10438 properties: 10439 request: 10440 properties: 10441 add: 10442 additionalProperties: 10443 type: string 10444 type: object 10445 remove: 10446 items: 10447 type: string 10448 type: array 10449 set: 10450 additionalProperties: 10451 type: string 10452 type: object 10453 type: object 10454 response: 10455 properties: 10456 add: 10457 additionalProperties: 10458 type: string 10459 type: object 10460 remove: 10461 items: 10462 type: string 10463 type: array 10464 set: 10465 additionalProperties: 10466 type: string 10467 type: object 10468 type: object 10469 type: object 10470 weight: 10471 description: Weight specifies the relative proportion 10472 of traffic to be forwarded to the destination. 10473 format: int32 10474 type: integer 10475 required: 10476 - destination 10477 type: object 10478 type: array 10479 timeout: 10480 description: Timeout for HTTP requests, default is disabled. 10481 type: string 10482 type: object 10483 type: array 10484 tcp: 10485 description: An ordered list of route rules for opaque TCP traffic. 10486 items: 10487 properties: 10488 match: 10489 description: Match conditions to be satisfied for the rule to 10490 be activated. 10491 items: 10492 properties: 10493 destinationSubnets: 10494 description: IPv4 or IPv6 ip addresses of destination 10495 with optional subnet. 10496 items: 10497 type: string 10498 type: array 10499 gateways: 10500 description: Names of gateways where the rule should be 10501 applied. 10502 items: 10503 type: string 10504 type: array 10505 port: 10506 description: Specifies the port on the host that is being 10507 addressed. 10508 maximum: 4294967295 10509 minimum: 0 10510 type: integer 10511 sourceLabels: 10512 additionalProperties: 10513 type: string 10514 description: One or more labels that constrain the applicability 10515 of a rule to workloads with the given labels. 10516 type: object 10517 sourceNamespace: 10518 description: Source namespace constraining the applicability 10519 of a rule to workloads in that namespace. 10520 type: string 10521 sourceSubnet: 10522 type: string 10523 type: object 10524 type: array 10525 route: 10526 description: The destination to which the connection should 10527 be forwarded to. 10528 items: 10529 properties: 10530 destination: 10531 description: Destination uniquely identifies the instances 10532 of a service to which the request/connection should 10533 be forwarded to. 10534 properties: 10535 host: 10536 description: The name of a service from the service 10537 registry. 10538 type: string 10539 port: 10540 description: Specifies the port on the host that is 10541 being addressed. 10542 properties: 10543 number: 10544 maximum: 4294967295 10545 minimum: 0 10546 type: integer 10547 type: object 10548 subset: 10549 description: The name of a subset within the service. 10550 type: string 10551 required: 10552 - host 10553 type: object 10554 weight: 10555 description: Weight specifies the relative proportion 10556 of traffic to be forwarded to the destination. 10557 format: int32 10558 type: integer 10559 required: 10560 - destination 10561 type: object 10562 type: array 10563 type: object 10564 type: array 10565 tls: 10566 description: An ordered list of route rule for non-terminated TLS 10567 & HTTPS traffic. 10568 items: 10569 properties: 10570 match: 10571 description: Match conditions to be satisfied for the rule to 10572 be activated. 10573 items: 10574 properties: 10575 destinationSubnets: 10576 description: IPv4 or IPv6 ip addresses of destination 10577 with optional subnet. 10578 items: 10579 type: string 10580 type: array 10581 gateways: 10582 description: Names of gateways where the rule should be 10583 applied. 10584 items: 10585 type: string 10586 type: array 10587 port: 10588 description: Specifies the port on the host that is being 10589 addressed. 10590 maximum: 4294967295 10591 minimum: 0 10592 type: integer 10593 sniHosts: 10594 description: SNI (server name indicator) to match on. 10595 items: 10596 type: string 10597 type: array 10598 sourceLabels: 10599 additionalProperties: 10600 type: string 10601 description: One or more labels that constrain the applicability 10602 of a rule to workloads with the given labels. 10603 type: object 10604 sourceNamespace: 10605 description: Source namespace constraining the applicability 10606 of a rule to workloads in that namespace. 10607 type: string 10608 required: 10609 - sniHosts 10610 type: object 10611 type: array 10612 route: 10613 description: The destination to which the connection should 10614 be forwarded to. 10615 items: 10616 properties: 10617 destination: 10618 description: Destination uniquely identifies the instances 10619 of a service to which the request/connection should 10620 be forwarded to. 10621 properties: 10622 host: 10623 description: The name of a service from the service 10624 registry. 10625 type: string 10626 port: 10627 description: Specifies the port on the host that is 10628 being addressed. 10629 properties: 10630 number: 10631 maximum: 4294967295 10632 minimum: 0 10633 type: integer 10634 type: object 10635 subset: 10636 description: The name of a subset within the service. 10637 type: string 10638 required: 10639 - host 10640 type: object 10641 weight: 10642 description: Weight specifies the relative proportion 10643 of traffic to be forwarded to the destination. 10644 format: int32 10645 type: integer 10646 required: 10647 - destination 10648 type: object 10649 type: array 10650 required: 10651 - match 10652 type: object 10653 type: array 10654 type: object 10655 status: 10656 type: object 10657 x-kubernetes-preserve-unknown-fields: true 10658 type: object 10659 served: true 10660 storage: true 10661 subresources: 10662 status: {} 10663 --- 10664 apiVersion: apiextensions.k8s.io/v1 10665 kind: CustomResourceDefinition 10666 metadata: 10667 annotations: 10668 "helm.sh/resource-policy": keep 10669 labels: 10670 app: istio-pilot 10671 chart: istio 10672 heritage: Tiller 10673 release: istio 10674 name: workloadentries.networking.istio.io 10675 spec: 10676 group: networking.istio.io 10677 names: 10678 categories: 10679 - istio-io 10680 - networking-istio-io 10681 kind: WorkloadEntry 10682 listKind: WorkloadEntryList 10683 plural: workloadentries 10684 shortNames: 10685 - we 10686 singular: workloadentry 10687 scope: Namespaced 10688 versions: 10689 - additionalPrinterColumns: 10690 - description: 'CreationTimestamp is a timestamp representing the server time 10691 when this object was created. It is not guaranteed to be set in happens-before 10692 order across separate operations. Clients may not set this value. It is represented 10693 in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for 10694 lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' 10695 jsonPath: .metadata.creationTimestamp 10696 name: Age 10697 type: date 10698 - description: Address associated with the network endpoint. 10699 jsonPath: .spec.address 10700 name: Address 10701 type: string 10702 name: v1 10703 schema: 10704 openAPIV3Schema: 10705 properties: 10706 spec: 10707 description: 'Configuration affecting VMs onboarded into the mesh. See 10708 more details at: https://istio.io/docs/reference/config/networking/workload-entry.html' 10709 properties: 10710 address: 10711 description: Address associated with the network endpoint without 10712 the port. 10713 type: string 10714 labels: 10715 additionalProperties: 10716 type: string 10717 description: One or more labels associated with the endpoint. 10718 type: object 10719 locality: 10720 description: The locality associated with the endpoint. 10721 type: string 10722 network: 10723 description: Network enables Istio to group endpoints resident in 10724 the same L3 domain/network. 10725 type: string 10726 ports: 10727 additionalProperties: 10728 maximum: 4294967295 10729 minimum: 0 10730 type: integer 10731 description: Set of ports associated with the endpoint. 10732 type: object 10733 serviceAccount: 10734 description: The service account associated with the workload if a 10735 sidecar is present in the workload. 10736 type: string 10737 weight: 10738 description: The load balancing weight associated with the endpoint. 10739 maximum: 4294967295 10740 minimum: 0 10741 type: integer 10742 type: object 10743 status: 10744 type: object 10745 x-kubernetes-preserve-unknown-fields: true 10746 type: object 10747 served: true 10748 storage: false 10749 subresources: 10750 status: {} 10751 - additionalPrinterColumns: 10752 - description: 'CreationTimestamp is a timestamp representing the server time 10753 when this object was created. It is not guaranteed to be set in happens-before 10754 order across separate operations. Clients may not set this value. It is represented 10755 in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for 10756 lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' 10757 jsonPath: .metadata.creationTimestamp 10758 name: Age 10759 type: date 10760 - description: Address associated with the network endpoint. 10761 jsonPath: .spec.address 10762 name: Address 10763 type: string 10764 name: v1alpha3 10765 schema: 10766 openAPIV3Schema: 10767 properties: 10768 spec: 10769 description: 'Configuration affecting VMs onboarded into the mesh. See 10770 more details at: https://istio.io/docs/reference/config/networking/workload-entry.html' 10771 properties: 10772 address: 10773 description: Address associated with the network endpoint without 10774 the port. 10775 type: string 10776 labels: 10777 additionalProperties: 10778 type: string 10779 description: One or more labels associated with the endpoint. 10780 type: object 10781 locality: 10782 description: The locality associated with the endpoint. 10783 type: string 10784 network: 10785 description: Network enables Istio to group endpoints resident in 10786 the same L3 domain/network. 10787 type: string 10788 ports: 10789 additionalProperties: 10790 maximum: 4294967295 10791 minimum: 0 10792 type: integer 10793 description: Set of ports associated with the endpoint. 10794 type: object 10795 serviceAccount: 10796 description: The service account associated with the workload if a 10797 sidecar is present in the workload. 10798 type: string 10799 weight: 10800 description: The load balancing weight associated with the endpoint. 10801 maximum: 4294967295 10802 minimum: 0 10803 type: integer 10804 type: object 10805 status: 10806 type: object 10807 x-kubernetes-preserve-unknown-fields: true 10808 type: object 10809 served: true 10810 storage: false 10811 subresources: 10812 status: {} 10813 - additionalPrinterColumns: 10814 - description: 'CreationTimestamp is a timestamp representing the server time 10815 when this object was created. It is not guaranteed to be set in happens-before 10816 order across separate operations. Clients may not set this value. It is represented 10817 in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for 10818 lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' 10819 jsonPath: .metadata.creationTimestamp 10820 name: Age 10821 type: date 10822 - description: Address associated with the network endpoint. 10823 jsonPath: .spec.address 10824 name: Address 10825 type: string 10826 name: v1beta1 10827 schema: 10828 openAPIV3Schema: 10829 properties: 10830 spec: 10831 description: 'Configuration affecting VMs onboarded into the mesh. See 10832 more details at: https://istio.io/docs/reference/config/networking/workload-entry.html' 10833 properties: 10834 address: 10835 description: Address associated with the network endpoint without 10836 the port. 10837 type: string 10838 labels: 10839 additionalProperties: 10840 type: string 10841 description: One or more labels associated with the endpoint. 10842 type: object 10843 locality: 10844 description: The locality associated with the endpoint. 10845 type: string 10846 network: 10847 description: Network enables Istio to group endpoints resident in 10848 the same L3 domain/network. 10849 type: string 10850 ports: 10851 additionalProperties: 10852 maximum: 4294967295 10853 minimum: 0 10854 type: integer 10855 description: Set of ports associated with the endpoint. 10856 type: object 10857 serviceAccount: 10858 description: The service account associated with the workload if a 10859 sidecar is present in the workload. 10860 type: string 10861 weight: 10862 description: The load balancing weight associated with the endpoint. 10863 maximum: 4294967295 10864 minimum: 0 10865 type: integer 10866 type: object 10867 status: 10868 type: object 10869 x-kubernetes-preserve-unknown-fields: true 10870 type: object 10871 served: true 10872 storage: true 10873 subresources: 10874 status: {} 10875 --- 10876 apiVersion: apiextensions.k8s.io/v1 10877 kind: CustomResourceDefinition 10878 metadata: 10879 labels: 10880 app: istio-pilot 10881 chart: istio 10882 heritage: Tiller 10883 release: istio 10884 name: workloadgroups.networking.istio.io 10885 spec: 10886 group: networking.istio.io 10887 names: 10888 categories: 10889 - istio-io 10890 - networking-istio-io 10891 kind: WorkloadGroup 10892 listKind: WorkloadGroupList 10893 plural: workloadgroups 10894 shortNames: 10895 - wg 10896 singular: workloadgroup 10897 scope: Namespaced 10898 versions: 10899 - additionalPrinterColumns: 10900 - description: 'CreationTimestamp is a timestamp representing the server time 10901 when this object was created. It is not guaranteed to be set in happens-before 10902 order across separate operations. Clients may not set this value. It is represented 10903 in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for 10904 lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' 10905 jsonPath: .metadata.creationTimestamp 10906 name: Age 10907 type: date 10908 name: v1 10909 schema: 10910 openAPIV3Schema: 10911 properties: 10912 spec: 10913 description: 'Describes a collection of workload instances. See more details 10914 at: https://istio.io/docs/reference/config/networking/workload-group.html' 10915 properties: 10916 metadata: 10917 description: Metadata that will be used for all corresponding `WorkloadEntries`. 10918 properties: 10919 annotations: 10920 additionalProperties: 10921 type: string 10922 type: object 10923 labels: 10924 additionalProperties: 10925 type: string 10926 type: object 10927 type: object 10928 probe: 10929 description: '`ReadinessProbe` describes the configuration the user 10930 must provide for healthchecking on their workload.' 10931 oneOf: 10932 - not: 10933 anyOf: 10934 - required: 10935 - httpGet 10936 - required: 10937 - tcpSocket 10938 - required: 10939 - exec 10940 - required: 10941 - httpGet 10942 - required: 10943 - tcpSocket 10944 - required: 10945 - exec 10946 properties: 10947 exec: 10948 description: Health is determined by how the command that is executed 10949 exited. 10950 properties: 10951 command: 10952 description: Command to run. 10953 items: 10954 type: string 10955 type: array 10956 type: object 10957 failureThreshold: 10958 description: Minimum consecutive failures for the probe to be 10959 considered failed after having succeeded. 10960 format: int32 10961 type: integer 10962 httpGet: 10963 description: '`httpGet` is performed to a given endpoint and the 10964 status/able to connect determines health.' 10965 properties: 10966 host: 10967 description: Host name to connect to, defaults to the pod 10968 IP. 10969 type: string 10970 httpHeaders: 10971 description: Headers the proxy will pass on to make the request. 10972 items: 10973 properties: 10974 name: 10975 type: string 10976 value: 10977 type: string 10978 type: object 10979 type: array 10980 path: 10981 description: Path to access on the HTTP server. 10982 type: string 10983 port: 10984 description: Port on which the endpoint lives. 10985 maximum: 4294967295 10986 minimum: 0 10987 type: integer 10988 scheme: 10989 type: string 10990 required: 10991 - port 10992 type: object 10993 initialDelaySeconds: 10994 description: Number of seconds after the container has started 10995 before readiness probes are initiated. 10996 format: int32 10997 type: integer 10998 periodSeconds: 10999 description: How often (in seconds) to perform the probe. 11000 format: int32 11001 type: integer 11002 successThreshold: 11003 description: Minimum consecutive successes for the probe to be 11004 considered successful after having failed. 11005 format: int32 11006 type: integer 11007 tcpSocket: 11008 description: Health is determined by if the proxy is able to connect. 11009 properties: 11010 host: 11011 type: string 11012 port: 11013 maximum: 4294967295 11014 minimum: 0 11015 type: integer 11016 required: 11017 - port 11018 type: object 11019 timeoutSeconds: 11020 description: Number of seconds after which the probe times out. 11021 format: int32 11022 type: integer 11023 type: object 11024 template: 11025 description: Template to be used for the generation of `WorkloadEntry` 11026 resources that belong to this `WorkloadGroup`. 11027 properties: 11028 address: 11029 description: Address associated with the network endpoint without 11030 the port. 11031 type: string 11032 labels: 11033 additionalProperties: 11034 type: string 11035 description: One or more labels associated with the endpoint. 11036 type: object 11037 locality: 11038 description: The locality associated with the endpoint. 11039 type: string 11040 network: 11041 description: Network enables Istio to group endpoints resident 11042 in the same L3 domain/network. 11043 type: string 11044 ports: 11045 additionalProperties: 11046 maximum: 4294967295 11047 minimum: 0 11048 type: integer 11049 description: Set of ports associated with the endpoint. 11050 type: object 11051 serviceAccount: 11052 description: The service account associated with the workload 11053 if a sidecar is present in the workload. 11054 type: string 11055 weight: 11056 description: The load balancing weight associated with the endpoint. 11057 maximum: 4294967295 11058 minimum: 0 11059 type: integer 11060 type: object 11061 required: 11062 - template 11063 type: object 11064 status: 11065 type: object 11066 x-kubernetes-preserve-unknown-fields: true 11067 type: object 11068 served: true 11069 storage: false 11070 subresources: 11071 status: {} 11072 - additionalPrinterColumns: 11073 - description: 'CreationTimestamp is a timestamp representing the server time 11074 when this object was created. It is not guaranteed to be set in happens-before 11075 order across separate operations. Clients may not set this value. It is represented 11076 in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for 11077 lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' 11078 jsonPath: .metadata.creationTimestamp 11079 name: Age 11080 type: date 11081 name: v1alpha3 11082 schema: 11083 openAPIV3Schema: 11084 properties: 11085 spec: 11086 description: 'Describes a collection of workload instances. See more details 11087 at: https://istio.io/docs/reference/config/networking/workload-group.html' 11088 properties: 11089 metadata: 11090 description: Metadata that will be used for all corresponding `WorkloadEntries`. 11091 properties: 11092 annotations: 11093 additionalProperties: 11094 type: string 11095 type: object 11096 labels: 11097 additionalProperties: 11098 type: string 11099 type: object 11100 type: object 11101 probe: 11102 description: '`ReadinessProbe` describes the configuration the user 11103 must provide for healthchecking on their workload.' 11104 oneOf: 11105 - not: 11106 anyOf: 11107 - required: 11108 - httpGet 11109 - required: 11110 - tcpSocket 11111 - required: 11112 - exec 11113 - required: 11114 - httpGet 11115 - required: 11116 - tcpSocket 11117 - required: 11118 - exec 11119 properties: 11120 exec: 11121 description: Health is determined by how the command that is executed 11122 exited. 11123 properties: 11124 command: 11125 description: Command to run. 11126 items: 11127 type: string 11128 type: array 11129 type: object 11130 failureThreshold: 11131 description: Minimum consecutive failures for the probe to be 11132 considered failed after having succeeded. 11133 format: int32 11134 type: integer 11135 httpGet: 11136 description: '`httpGet` is performed to a given endpoint and the 11137 status/able to connect determines health.' 11138 properties: 11139 host: 11140 description: Host name to connect to, defaults to the pod 11141 IP. 11142 type: string 11143 httpHeaders: 11144 description: Headers the proxy will pass on to make the request. 11145 items: 11146 properties: 11147 name: 11148 type: string 11149 value: 11150 type: string 11151 type: object 11152 type: array 11153 path: 11154 description: Path to access on the HTTP server. 11155 type: string 11156 port: 11157 description: Port on which the endpoint lives. 11158 maximum: 4294967295 11159 minimum: 0 11160 type: integer 11161 scheme: 11162 type: string 11163 required: 11164 - port 11165 type: object 11166 initialDelaySeconds: 11167 description: Number of seconds after the container has started 11168 before readiness probes are initiated. 11169 format: int32 11170 type: integer 11171 periodSeconds: 11172 description: How often (in seconds) to perform the probe. 11173 format: int32 11174 type: integer 11175 successThreshold: 11176 description: Minimum consecutive successes for the probe to be 11177 considered successful after having failed. 11178 format: int32 11179 type: integer 11180 tcpSocket: 11181 description: Health is determined by if the proxy is able to connect. 11182 properties: 11183 host: 11184 type: string 11185 port: 11186 maximum: 4294967295 11187 minimum: 0 11188 type: integer 11189 required: 11190 - port 11191 type: object 11192 timeoutSeconds: 11193 description: Number of seconds after which the probe times out. 11194 format: int32 11195 type: integer 11196 type: object 11197 template: 11198 description: Template to be used for the generation of `WorkloadEntry` 11199 resources that belong to this `WorkloadGroup`. 11200 properties: 11201 address: 11202 description: Address associated with the network endpoint without 11203 the port. 11204 type: string 11205 labels: 11206 additionalProperties: 11207 type: string 11208 description: One or more labels associated with the endpoint. 11209 type: object 11210 locality: 11211 description: The locality associated with the endpoint. 11212 type: string 11213 network: 11214 description: Network enables Istio to group endpoints resident 11215 in the same L3 domain/network. 11216 type: string 11217 ports: 11218 additionalProperties: 11219 maximum: 4294967295 11220 minimum: 0 11221 type: integer 11222 description: Set of ports associated with the endpoint. 11223 type: object 11224 serviceAccount: 11225 description: The service account associated with the workload 11226 if a sidecar is present in the workload. 11227 type: string 11228 weight: 11229 description: The load balancing weight associated with the endpoint. 11230 maximum: 4294967295 11231 minimum: 0 11232 type: integer 11233 type: object 11234 required: 11235 - template 11236 type: object 11237 status: 11238 type: object 11239 x-kubernetes-preserve-unknown-fields: true 11240 type: object 11241 served: true 11242 storage: false 11243 subresources: 11244 status: {} 11245 - additionalPrinterColumns: 11246 - description: 'CreationTimestamp is a timestamp representing the server time 11247 when this object was created. It is not guaranteed to be set in happens-before 11248 order across separate operations. Clients may not set this value. It is represented 11249 in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for 11250 lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' 11251 jsonPath: .metadata.creationTimestamp 11252 name: Age 11253 type: date 11254 name: v1beta1 11255 schema: 11256 openAPIV3Schema: 11257 properties: 11258 spec: 11259 description: 'Describes a collection of workload instances. See more details 11260 at: https://istio.io/docs/reference/config/networking/workload-group.html' 11261 properties: 11262 metadata: 11263 description: Metadata that will be used for all corresponding `WorkloadEntries`. 11264 properties: 11265 annotations: 11266 additionalProperties: 11267 type: string 11268 type: object 11269 labels: 11270 additionalProperties: 11271 type: string 11272 type: object 11273 type: object 11274 probe: 11275 description: '`ReadinessProbe` describes the configuration the user 11276 must provide for healthchecking on their workload.' 11277 oneOf: 11278 - not: 11279 anyOf: 11280 - required: 11281 - httpGet 11282 - required: 11283 - tcpSocket 11284 - required: 11285 - exec 11286 - required: 11287 - httpGet 11288 - required: 11289 - tcpSocket 11290 - required: 11291 - exec 11292 properties: 11293 exec: 11294 description: Health is determined by how the command that is executed 11295 exited. 11296 properties: 11297 command: 11298 description: Command to run. 11299 items: 11300 type: string 11301 type: array 11302 type: object 11303 failureThreshold: 11304 description: Minimum consecutive failures for the probe to be 11305 considered failed after having succeeded. 11306 format: int32 11307 type: integer 11308 httpGet: 11309 description: '`httpGet` is performed to a given endpoint and the 11310 status/able to connect determines health.' 11311 properties: 11312 host: 11313 description: Host name to connect to, defaults to the pod 11314 IP. 11315 type: string 11316 httpHeaders: 11317 description: Headers the proxy will pass on to make the request. 11318 items: 11319 properties: 11320 name: 11321 type: string 11322 value: 11323 type: string 11324 type: object 11325 type: array 11326 path: 11327 description: Path to access on the HTTP server. 11328 type: string 11329 port: 11330 description: Port on which the endpoint lives. 11331 maximum: 4294967295 11332 minimum: 0 11333 type: integer 11334 scheme: 11335 type: string 11336 required: 11337 - port 11338 type: object 11339 initialDelaySeconds: 11340 description: Number of seconds after the container has started 11341 before readiness probes are initiated. 11342 format: int32 11343 type: integer 11344 periodSeconds: 11345 description: How often (in seconds) to perform the probe. 11346 format: int32 11347 type: integer 11348 successThreshold: 11349 description: Minimum consecutive successes for the probe to be 11350 considered successful after having failed. 11351 format: int32 11352 type: integer 11353 tcpSocket: 11354 description: Health is determined by if the proxy is able to connect. 11355 properties: 11356 host: 11357 type: string 11358 port: 11359 maximum: 4294967295 11360 minimum: 0 11361 type: integer 11362 required: 11363 - port 11364 type: object 11365 timeoutSeconds: 11366 description: Number of seconds after which the probe times out. 11367 format: int32 11368 type: integer 11369 type: object 11370 template: 11371 description: Template to be used for the generation of `WorkloadEntry` 11372 resources that belong to this `WorkloadGroup`. 11373 properties: 11374 address: 11375 description: Address associated with the network endpoint without 11376 the port. 11377 type: string 11378 labels: 11379 additionalProperties: 11380 type: string 11381 description: One or more labels associated with the endpoint. 11382 type: object 11383 locality: 11384 description: The locality associated with the endpoint. 11385 type: string 11386 network: 11387 description: Network enables Istio to group endpoints resident 11388 in the same L3 domain/network. 11389 type: string 11390 ports: 11391 additionalProperties: 11392 maximum: 4294967295 11393 minimum: 0 11394 type: integer 11395 description: Set of ports associated with the endpoint. 11396 type: object 11397 serviceAccount: 11398 description: The service account associated with the workload 11399 if a sidecar is present in the workload. 11400 type: string 11401 weight: 11402 description: The load balancing weight associated with the endpoint. 11403 maximum: 4294967295 11404 minimum: 0 11405 type: integer 11406 type: object 11407 required: 11408 - template 11409 type: object 11410 status: 11411 type: object 11412 x-kubernetes-preserve-unknown-fields: true 11413 type: object 11414 served: true 11415 storage: true 11416 subresources: 11417 status: {} 11418 --- 11419 apiVersion: apiextensions.k8s.io/v1 11420 kind: CustomResourceDefinition 11421 metadata: 11422 annotations: 11423 "helm.sh/resource-policy": keep 11424 labels: 11425 app: istio-pilot 11426 chart: istio 11427 heritage: Tiller 11428 istio: security 11429 release: istio 11430 name: authorizationpolicies.security.istio.io 11431 spec: 11432 group: security.istio.io 11433 names: 11434 categories: 11435 - istio-io 11436 - security-istio-io 11437 kind: AuthorizationPolicy 11438 listKind: AuthorizationPolicyList 11439 plural: authorizationpolicies 11440 shortNames: 11441 - ap 11442 singular: authorizationpolicy 11443 scope: Namespaced 11444 versions: 11445 - additionalPrinterColumns: 11446 - description: The operation to take. 11447 jsonPath: .spec.action 11448 name: Action 11449 type: string 11450 - description: 'CreationTimestamp is a timestamp representing the server time 11451 when this object was created. It is not guaranteed to be set in happens-before 11452 order across separate operations. Clients may not set this value. It is represented 11453 in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for 11454 lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' 11455 jsonPath: .metadata.creationTimestamp 11456 name: Age 11457 type: date 11458 name: v1 11459 schema: 11460 openAPIV3Schema: 11461 properties: 11462 spec: 11463 description: 'Configuration for access control on workloads. See more 11464 details at: https://istio.io/docs/reference/config/security/authorization-policy.html' 11465 oneOf: 11466 - not: 11467 anyOf: 11468 - required: 11469 - provider 11470 - required: 11471 - provider 11472 properties: 11473 action: 11474 description: |- 11475 Optional. 11476 11477 Valid Options: ALLOW, DENY, AUDIT, CUSTOM 11478 enum: 11479 - ALLOW 11480 - DENY 11481 - AUDIT 11482 - CUSTOM 11483 type: string 11484 provider: 11485 description: Specifies detailed configuration of the CUSTOM action. 11486 properties: 11487 name: 11488 description: Specifies the name of the extension provider. 11489 type: string 11490 type: object 11491 rules: 11492 description: Optional. 11493 items: 11494 properties: 11495 from: 11496 description: Optional. 11497 items: 11498 properties: 11499 source: 11500 description: Source specifies the source of a request. 11501 properties: 11502 ipBlocks: 11503 description: Optional. 11504 items: 11505 type: string 11506 type: array 11507 namespaces: 11508 description: Optional. 11509 items: 11510 type: string 11511 type: array 11512 notIpBlocks: 11513 description: Optional. 11514 items: 11515 type: string 11516 type: array 11517 notNamespaces: 11518 description: Optional. 11519 items: 11520 type: string 11521 type: array 11522 notPrincipals: 11523 description: Optional. 11524 items: 11525 type: string 11526 type: array 11527 notRemoteIpBlocks: 11528 description: Optional. 11529 items: 11530 type: string 11531 type: array 11532 notRequestPrincipals: 11533 description: Optional. 11534 items: 11535 type: string 11536 type: array 11537 principals: 11538 description: Optional. 11539 items: 11540 type: string 11541 type: array 11542 remoteIpBlocks: 11543 description: Optional. 11544 items: 11545 type: string 11546 type: array 11547 requestPrincipals: 11548 description: Optional. 11549 items: 11550 type: string 11551 type: array 11552 type: object 11553 type: object 11554 type: array 11555 to: 11556 description: Optional. 11557 items: 11558 properties: 11559 operation: 11560 description: Operation specifies the operation of a request. 11561 properties: 11562 hosts: 11563 description: Optional. 11564 items: 11565 type: string 11566 type: array 11567 methods: 11568 description: Optional. 11569 items: 11570 type: string 11571 type: array 11572 notHosts: 11573 description: Optional. 11574 items: 11575 type: string 11576 type: array 11577 notMethods: 11578 description: Optional. 11579 items: 11580 type: string 11581 type: array 11582 notPaths: 11583 description: Optional. 11584 items: 11585 type: string 11586 type: array 11587 notPorts: 11588 description: Optional. 11589 items: 11590 type: string 11591 type: array 11592 paths: 11593 description: Optional. 11594 items: 11595 type: string 11596 type: array 11597 ports: 11598 description: Optional. 11599 items: 11600 type: string 11601 type: array 11602 type: object 11603 type: object 11604 type: array 11605 when: 11606 description: Optional. 11607 items: 11608 properties: 11609 key: 11610 description: The name of an Istio attribute. 11611 type: string 11612 notValues: 11613 description: Optional. 11614 items: 11615 type: string 11616 type: array 11617 values: 11618 description: Optional. 11619 items: 11620 type: string 11621 type: array 11622 required: 11623 - key 11624 type: object 11625 type: array 11626 type: object 11627 type: array 11628 selector: 11629 description: Optional. 11630 properties: 11631 matchLabels: 11632 additionalProperties: 11633 type: string 11634 description: One or more labels that indicate a specific set of 11635 pods/VMs on which a policy should be applied. 11636 type: object 11637 type: object 11638 targetRef: 11639 properties: 11640 group: 11641 description: group is the group of the target resource. 11642 type: string 11643 kind: 11644 description: kind is kind of the target resource. 11645 type: string 11646 name: 11647 description: name is the name of the target resource. 11648 type: string 11649 namespace: 11650 description: namespace is the namespace of the referent. 11651 type: string 11652 type: object 11653 targetRefs: 11654 description: Optional. 11655 items: 11656 properties: 11657 group: 11658 description: group is the group of the target resource. 11659 type: string 11660 kind: 11661 description: kind is kind of the target resource. 11662 type: string 11663 name: 11664 description: name is the name of the target resource. 11665 type: string 11666 namespace: 11667 description: namespace is the namespace of the referent. 11668 type: string 11669 type: object 11670 type: array 11671 type: object 11672 status: 11673 type: object 11674 x-kubernetes-preserve-unknown-fields: true 11675 type: object 11676 served: true 11677 storage: false 11678 subresources: 11679 status: {} 11680 - additionalPrinterColumns: 11681 - description: The operation to take. 11682 jsonPath: .spec.action 11683 name: Action 11684 type: string 11685 - description: 'CreationTimestamp is a timestamp representing the server time 11686 when this object was created. It is not guaranteed to be set in happens-before 11687 order across separate operations. Clients may not set this value. It is represented 11688 in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for 11689 lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' 11690 jsonPath: .metadata.creationTimestamp 11691 name: Age 11692 type: date 11693 name: v1beta1 11694 schema: 11695 openAPIV3Schema: 11696 properties: 11697 spec: 11698 description: 'Configuration for access control on workloads. See more 11699 details at: https://istio.io/docs/reference/config/security/authorization-policy.html' 11700 oneOf: 11701 - not: 11702 anyOf: 11703 - required: 11704 - provider 11705 - required: 11706 - provider 11707 properties: 11708 action: 11709 description: |- 11710 Optional. 11711 11712 Valid Options: ALLOW, DENY, AUDIT, CUSTOM 11713 enum: 11714 - ALLOW 11715 - DENY 11716 - AUDIT 11717 - CUSTOM 11718 type: string 11719 provider: 11720 description: Specifies detailed configuration of the CUSTOM action. 11721 properties: 11722 name: 11723 description: Specifies the name of the extension provider. 11724 type: string 11725 type: object 11726 rules: 11727 description: Optional. 11728 items: 11729 properties: 11730 from: 11731 description: Optional. 11732 items: 11733 properties: 11734 source: 11735 description: Source specifies the source of a request. 11736 properties: 11737 ipBlocks: 11738 description: Optional. 11739 items: 11740 type: string 11741 type: array 11742 namespaces: 11743 description: Optional. 11744 items: 11745 type: string 11746 type: array 11747 notIpBlocks: 11748 description: Optional. 11749 items: 11750 type: string 11751 type: array 11752 notNamespaces: 11753 description: Optional. 11754 items: 11755 type: string 11756 type: array 11757 notPrincipals: 11758 description: Optional. 11759 items: 11760 type: string 11761 type: array 11762 notRemoteIpBlocks: 11763 description: Optional. 11764 items: 11765 type: string 11766 type: array 11767 notRequestPrincipals: 11768 description: Optional. 11769 items: 11770 type: string 11771 type: array 11772 principals: 11773 description: Optional. 11774 items: 11775 type: string 11776 type: array 11777 remoteIpBlocks: 11778 description: Optional. 11779 items: 11780 type: string 11781 type: array 11782 requestPrincipals: 11783 description: Optional. 11784 items: 11785 type: string 11786 type: array 11787 type: object 11788 type: object 11789 type: array 11790 to: 11791 description: Optional. 11792 items: 11793 properties: 11794 operation: 11795 description: Operation specifies the operation of a request. 11796 properties: 11797 hosts: 11798 description: Optional. 11799 items: 11800 type: string 11801 type: array 11802 methods: 11803 description: Optional. 11804 items: 11805 type: string 11806 type: array 11807 notHosts: 11808 description: Optional. 11809 items: 11810 type: string 11811 type: array 11812 notMethods: 11813 description: Optional. 11814 items: 11815 type: string 11816 type: array 11817 notPaths: 11818 description: Optional. 11819 items: 11820 type: string 11821 type: array 11822 notPorts: 11823 description: Optional. 11824 items: 11825 type: string 11826 type: array 11827 paths: 11828 description: Optional. 11829 items: 11830 type: string 11831 type: array 11832 ports: 11833 description: Optional. 11834 items: 11835 type: string 11836 type: array 11837 type: object 11838 type: object 11839 type: array 11840 when: 11841 description: Optional. 11842 items: 11843 properties: 11844 key: 11845 description: The name of an Istio attribute. 11846 type: string 11847 notValues: 11848 description: Optional. 11849 items: 11850 type: string 11851 type: array 11852 values: 11853 description: Optional. 11854 items: 11855 type: string 11856 type: array 11857 required: 11858 - key 11859 type: object 11860 type: array 11861 type: object 11862 type: array 11863 selector: 11864 description: Optional. 11865 properties: 11866 matchLabels: 11867 additionalProperties: 11868 type: string 11869 description: One or more labels that indicate a specific set of 11870 pods/VMs on which a policy should be applied. 11871 type: object 11872 type: object 11873 targetRef: 11874 properties: 11875 group: 11876 description: group is the group of the target resource. 11877 type: string 11878 kind: 11879 description: kind is kind of the target resource. 11880 type: string 11881 name: 11882 description: name is the name of the target resource. 11883 type: string 11884 namespace: 11885 description: namespace is the namespace of the referent. 11886 type: string 11887 type: object 11888 targetRefs: 11889 description: Optional. 11890 items: 11891 properties: 11892 group: 11893 description: group is the group of the target resource. 11894 type: string 11895 kind: 11896 description: kind is kind of the target resource. 11897 type: string 11898 name: 11899 description: name is the name of the target resource. 11900 type: string 11901 namespace: 11902 description: namespace is the namespace of the referent. 11903 type: string 11904 type: object 11905 type: array 11906 type: object 11907 status: 11908 type: object 11909 x-kubernetes-preserve-unknown-fields: true 11910 type: object 11911 served: true 11912 storage: true 11913 subresources: 11914 status: {} 11915 --- 11916 apiVersion: apiextensions.k8s.io/v1 11917 kind: CustomResourceDefinition 11918 metadata: 11919 annotations: 11920 "helm.sh/resource-policy": keep 11921 labels: 11922 app: istio-pilot 11923 chart: istio 11924 heritage: Tiller 11925 istio: security 11926 release: istio 11927 name: peerauthentications.security.istio.io 11928 spec: 11929 group: security.istio.io 11930 names: 11931 categories: 11932 - istio-io 11933 - security-istio-io 11934 kind: PeerAuthentication 11935 listKind: PeerAuthenticationList 11936 plural: peerauthentications 11937 shortNames: 11938 - pa 11939 singular: peerauthentication 11940 scope: Namespaced 11941 versions: 11942 - additionalPrinterColumns: 11943 - description: Defines the mTLS mode used for peer authentication. 11944 jsonPath: .spec.mtls.mode 11945 name: Mode 11946 type: string 11947 - description: 'CreationTimestamp is a timestamp representing the server time 11948 when this object was created. It is not guaranteed to be set in happens-before 11949 order across separate operations. Clients may not set this value. It is represented 11950 in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for 11951 lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' 11952 jsonPath: .metadata.creationTimestamp 11953 name: Age 11954 type: date 11955 name: v1 11956 schema: 11957 openAPIV3Schema: 11958 properties: 11959 spec: 11960 description: 'Peer authentication configuration for workloads. See more 11961 details at: https://istio.io/docs/reference/config/security/peer_authentication.html' 11962 properties: 11963 mtls: 11964 description: Mutual TLS settings for workload. 11965 properties: 11966 mode: 11967 description: |- 11968 Defines the mTLS mode used for peer authentication. 11969 11970 Valid Options: DISABLE, PERMISSIVE, STRICT 11971 enum: 11972 - UNSET 11973 - DISABLE 11974 - PERMISSIVE 11975 - STRICT 11976 type: string 11977 type: object 11978 portLevelMtls: 11979 additionalProperties: 11980 properties: 11981 mode: 11982 description: |- 11983 Defines the mTLS mode used for peer authentication. 11984 11985 Valid Options: DISABLE, PERMISSIVE, STRICT 11986 enum: 11987 - UNSET 11988 - DISABLE 11989 - PERMISSIVE 11990 - STRICT 11991 type: string 11992 type: object 11993 description: Port specific mutual TLS settings. 11994 type: object 11995 selector: 11996 description: The selector determines the workloads to apply the PeerAuthentication 11997 on. 11998 properties: 11999 matchLabels: 12000 additionalProperties: 12001 type: string 12002 description: One or more labels that indicate a specific set of 12003 pods/VMs on which a policy should be applied. 12004 type: object 12005 type: object 12006 type: object 12007 status: 12008 type: object 12009 x-kubernetes-preserve-unknown-fields: true 12010 type: object 12011 served: true 12012 storage: false 12013 subresources: 12014 status: {} 12015 - additionalPrinterColumns: 12016 - description: Defines the mTLS mode used for peer authentication. 12017 jsonPath: .spec.mtls.mode 12018 name: Mode 12019 type: string 12020 - description: 'CreationTimestamp is a timestamp representing the server time 12021 when this object was created. It is not guaranteed to be set in happens-before 12022 order across separate operations. Clients may not set this value. It is represented 12023 in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for 12024 lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' 12025 jsonPath: .metadata.creationTimestamp 12026 name: Age 12027 type: date 12028 name: v1beta1 12029 schema: 12030 openAPIV3Schema: 12031 properties: 12032 spec: 12033 description: 'Peer authentication configuration for workloads. See more 12034 details at: https://istio.io/docs/reference/config/security/peer_authentication.html' 12035 properties: 12036 mtls: 12037 description: Mutual TLS settings for workload. 12038 properties: 12039 mode: 12040 description: |- 12041 Defines the mTLS mode used for peer authentication. 12042 12043 Valid Options: DISABLE, PERMISSIVE, STRICT 12044 enum: 12045 - UNSET 12046 - DISABLE 12047 - PERMISSIVE 12048 - STRICT 12049 type: string 12050 type: object 12051 portLevelMtls: 12052 additionalProperties: 12053 properties: 12054 mode: 12055 description: |- 12056 Defines the mTLS mode used for peer authentication. 12057 12058 Valid Options: DISABLE, PERMISSIVE, STRICT 12059 enum: 12060 - UNSET 12061 - DISABLE 12062 - PERMISSIVE 12063 - STRICT 12064 type: string 12065 type: object 12066 description: Port specific mutual TLS settings. 12067 type: object 12068 selector: 12069 description: The selector determines the workloads to apply the PeerAuthentication 12070 on. 12071 properties: 12072 matchLabels: 12073 additionalProperties: 12074 type: string 12075 description: One or more labels that indicate a specific set of 12076 pods/VMs on which a policy should be applied. 12077 type: object 12078 type: object 12079 type: object 12080 status: 12081 type: object 12082 x-kubernetes-preserve-unknown-fields: true 12083 type: object 12084 served: true 12085 storage: true 12086 subresources: 12087 status: {} 12088 --- 12089 apiVersion: apiextensions.k8s.io/v1 12090 kind: CustomResourceDefinition 12091 metadata: 12092 annotations: 12093 "helm.sh/resource-policy": keep 12094 labels: 12095 app: istio-pilot 12096 chart: istio 12097 heritage: Tiller 12098 istio: security 12099 release: istio 12100 name: requestauthentications.security.istio.io 12101 spec: 12102 group: security.istio.io 12103 names: 12104 categories: 12105 - istio-io 12106 - security-istio-io 12107 kind: RequestAuthentication 12108 listKind: RequestAuthenticationList 12109 plural: requestauthentications 12110 shortNames: 12111 - ra 12112 singular: requestauthentication 12113 scope: Namespaced 12114 versions: 12115 - name: v1 12116 schema: 12117 openAPIV3Schema: 12118 properties: 12119 spec: 12120 description: 'Request authentication configuration for workloads. See 12121 more details at: https://istio.io/docs/reference/config/security/request_authentication.html' 12122 properties: 12123 jwtRules: 12124 description: Define the list of JWTs that can be validated at the 12125 selected workloads' proxy. 12126 items: 12127 properties: 12128 audiences: 12129 description: The list of JWT [audiences](https://tools.ietf.org/html/rfc7519#section-4.1.3) 12130 that are allowed to access. 12131 items: 12132 type: string 12133 type: array 12134 forwardOriginalToken: 12135 description: If set to true, the original token will be kept 12136 for the upstream request. 12137 type: boolean 12138 fromCookies: 12139 description: List of cookie names from which JWT is expected. 12140 items: 12141 type: string 12142 type: array 12143 fromHeaders: 12144 description: List of header locations from which JWT is expected. 12145 items: 12146 properties: 12147 name: 12148 description: The HTTP header name. 12149 type: string 12150 prefix: 12151 description: The prefix that should be stripped before 12152 decoding the token. 12153 type: string 12154 required: 12155 - name 12156 type: object 12157 type: array 12158 fromParams: 12159 description: List of query parameters from which JWT is expected. 12160 items: 12161 type: string 12162 type: array 12163 issuer: 12164 description: Identifies the issuer that issued the JWT. 12165 type: string 12166 jwks: 12167 description: JSON Web Key Set of public keys to validate signature 12168 of the JWT. 12169 type: string 12170 jwks_uri: 12171 description: URL of the provider's public key set to validate 12172 signature of the JWT. 12173 type: string 12174 jwksUri: 12175 description: URL of the provider's public key set to validate 12176 signature of the JWT. 12177 type: string 12178 outputClaimToHeaders: 12179 description: This field specifies a list of operations to copy 12180 the claim to HTTP headers on a successfully verified token. 12181 items: 12182 properties: 12183 claim: 12184 description: The name of the claim to be copied from. 12185 type: string 12186 header: 12187 description: The name of the header to be created. 12188 type: string 12189 type: object 12190 type: array 12191 outputPayloadToHeader: 12192 description: This field specifies the header name to output 12193 a successfully verified JWT payload to the backend. 12194 type: string 12195 timeout: 12196 description: The maximum amount of time that the resolver, determined 12197 by the PILOT_JWT_ENABLE_REMOTE_JWKS environment variable, 12198 will spend waiting for the JWKS to be fetched. 12199 type: string 12200 required: 12201 - issuer 12202 type: object 12203 type: array 12204 selector: 12205 description: Optional. 12206 properties: 12207 matchLabels: 12208 additionalProperties: 12209 type: string 12210 description: One or more labels that indicate a specific set of 12211 pods/VMs on which a policy should be applied. 12212 type: object 12213 type: object 12214 targetRef: 12215 properties: 12216 group: 12217 description: group is the group of the target resource. 12218 type: string 12219 kind: 12220 description: kind is kind of the target resource. 12221 type: string 12222 name: 12223 description: name is the name of the target resource. 12224 type: string 12225 namespace: 12226 description: namespace is the namespace of the referent. 12227 type: string 12228 type: object 12229 targetRefs: 12230 description: Optional. 12231 items: 12232 properties: 12233 group: 12234 description: group is the group of the target resource. 12235 type: string 12236 kind: 12237 description: kind is kind of the target resource. 12238 type: string 12239 name: 12240 description: name is the name of the target resource. 12241 type: string 12242 namespace: 12243 description: namespace is the namespace of the referent. 12244 type: string 12245 type: object 12246 type: array 12247 type: object 12248 status: 12249 type: object 12250 x-kubernetes-preserve-unknown-fields: true 12251 type: object 12252 served: true 12253 storage: false 12254 subresources: 12255 status: {} 12256 - name: v1beta1 12257 schema: 12258 openAPIV3Schema: 12259 properties: 12260 spec: 12261 description: 'Request authentication configuration for workloads. See 12262 more details at: https://istio.io/docs/reference/config/security/request_authentication.html' 12263 properties: 12264 jwtRules: 12265 description: Define the list of JWTs that can be validated at the 12266 selected workloads' proxy. 12267 items: 12268 properties: 12269 audiences: 12270 description: The list of JWT [audiences](https://tools.ietf.org/html/rfc7519#section-4.1.3) 12271 that are allowed to access. 12272 items: 12273 type: string 12274 type: array 12275 forwardOriginalToken: 12276 description: If set to true, the original token will be kept 12277 for the upstream request. 12278 type: boolean 12279 fromCookies: 12280 description: List of cookie names from which JWT is expected. 12281 items: 12282 type: string 12283 type: array 12284 fromHeaders: 12285 description: List of header locations from which JWT is expected. 12286 items: 12287 properties: 12288 name: 12289 description: The HTTP header name. 12290 type: string 12291 prefix: 12292 description: The prefix that should be stripped before 12293 decoding the token. 12294 type: string 12295 required: 12296 - name 12297 type: object 12298 type: array 12299 fromParams: 12300 description: List of query parameters from which JWT is expected. 12301 items: 12302 type: string 12303 type: array 12304 issuer: 12305 description: Identifies the issuer that issued the JWT. 12306 type: string 12307 jwks: 12308 description: JSON Web Key Set of public keys to validate signature 12309 of the JWT. 12310 type: string 12311 jwks_uri: 12312 description: URL of the provider's public key set to validate 12313 signature of the JWT. 12314 type: string 12315 jwksUri: 12316 description: URL of the provider's public key set to validate 12317 signature of the JWT. 12318 type: string 12319 outputClaimToHeaders: 12320 description: This field specifies a list of operations to copy 12321 the claim to HTTP headers on a successfully verified token. 12322 items: 12323 properties: 12324 claim: 12325 description: The name of the claim to be copied from. 12326 type: string 12327 header: 12328 description: The name of the header to be created. 12329 type: string 12330 type: object 12331 type: array 12332 outputPayloadToHeader: 12333 description: This field specifies the header name to output 12334 a successfully verified JWT payload to the backend. 12335 type: string 12336 timeout: 12337 description: The maximum amount of time that the resolver, determined 12338 by the PILOT_JWT_ENABLE_REMOTE_JWKS environment variable, 12339 will spend waiting for the JWKS to be fetched. 12340 type: string 12341 required: 12342 - issuer 12343 type: object 12344 type: array 12345 selector: 12346 description: Optional. 12347 properties: 12348 matchLabels: 12349 additionalProperties: 12350 type: string 12351 description: One or more labels that indicate a specific set of 12352 pods/VMs on which a policy should be applied. 12353 type: object 12354 type: object 12355 targetRef: 12356 properties: 12357 group: 12358 description: group is the group of the target resource. 12359 type: string 12360 kind: 12361 description: kind is kind of the target resource. 12362 type: string 12363 name: 12364 description: name is the name of the target resource. 12365 type: string 12366 namespace: 12367 description: namespace is the namespace of the referent. 12368 type: string 12369 type: object 12370 targetRefs: 12371 description: Optional. 12372 items: 12373 properties: 12374 group: 12375 description: group is the group of the target resource. 12376 type: string 12377 kind: 12378 description: kind is kind of the target resource. 12379 type: string 12380 name: 12381 description: name is the name of the target resource. 12382 type: string 12383 namespace: 12384 description: namespace is the namespace of the referent. 12385 type: string 12386 type: object 12387 type: array 12388 type: object 12389 status: 12390 type: object 12391 x-kubernetes-preserve-unknown-fields: true 12392 type: object 12393 served: true 12394 storage: true 12395 subresources: 12396 status: {} 12397 --- 12398 apiVersion: apiextensions.k8s.io/v1 12399 kind: CustomResourceDefinition 12400 metadata: 12401 annotations: 12402 "helm.sh/resource-policy": keep 12403 labels: 12404 app: istio-pilot 12405 chart: istio 12406 heritage: Tiller 12407 istio: telemetry 12408 release: istio 12409 name: telemetries.telemetry.istio.io 12410 spec: 12411 group: telemetry.istio.io 12412 names: 12413 categories: 12414 - istio-io 12415 - telemetry-istio-io 12416 kind: Telemetry 12417 listKind: TelemetryList 12418 plural: telemetries 12419 shortNames: 12420 - telemetry 12421 singular: telemetry 12422 scope: Namespaced 12423 versions: 12424 - additionalPrinterColumns: 12425 - description: 'CreationTimestamp is a timestamp representing the server time 12426 when this object was created. It is not guaranteed to be set in happens-before 12427 order across separate operations. Clients may not set this value. It is represented 12428 in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for 12429 lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' 12430 jsonPath: .metadata.creationTimestamp 12431 name: Age 12432 type: date 12433 name: v1 12434 schema: 12435 openAPIV3Schema: 12436 properties: 12437 spec: 12438 description: 'Telemetry configuration for workloads. See more details 12439 at: https://istio.io/docs/reference/config/telemetry.html' 12440 properties: 12441 accessLogging: 12442 description: Optional. 12443 items: 12444 properties: 12445 disabled: 12446 description: Controls logging. 12447 nullable: true 12448 type: boolean 12449 filter: 12450 description: Optional. 12451 properties: 12452 expression: 12453 description: CEL expression for selecting when requests/connections 12454 should be logged. 12455 type: string 12456 type: object 12457 match: 12458 description: Allows tailoring of logging behavior to specific 12459 conditions. 12460 properties: 12461 mode: 12462 description: |- 12463 This determines whether or not to apply the access logging configuration based on the direction of traffic relative to the proxied workload. 12464 12465 Valid Options: CLIENT_AND_SERVER, CLIENT, SERVER 12466 enum: 12467 - CLIENT_AND_SERVER 12468 - CLIENT 12469 - SERVER 12470 type: string 12471 type: object 12472 providers: 12473 description: Optional. 12474 items: 12475 properties: 12476 name: 12477 description: Required. 12478 minLength: 1 12479 type: string 12480 required: 12481 - name 12482 type: object 12483 type: array 12484 type: object 12485 type: array 12486 metrics: 12487 description: Optional. 12488 items: 12489 properties: 12490 overrides: 12491 description: Optional. 12492 items: 12493 properties: 12494 disabled: 12495 description: Optional. 12496 nullable: true 12497 type: boolean 12498 match: 12499 description: Match allows providing the scope of the override. 12500 oneOf: 12501 - not: 12502 anyOf: 12503 - required: 12504 - metric 12505 - required: 12506 - customMetric 12507 - required: 12508 - metric 12509 - required: 12510 - customMetric 12511 properties: 12512 customMetric: 12513 description: Allows free-form specification of a metric. 12514 minLength: 1 12515 type: string 12516 metric: 12517 description: |- 12518 One of the well-known [Istio Standard Metrics](https://istio.io/latest/docs/reference/config/metrics/). 12519 12520 Valid Options: ALL_METRICS, REQUEST_COUNT, REQUEST_DURATION, REQUEST_SIZE, RESPONSE_SIZE, TCP_OPENED_CONNECTIONS, TCP_CLOSED_CONNECTIONS, TCP_SENT_BYTES, TCP_RECEIVED_BYTES, GRPC_REQUEST_MESSAGES, GRPC_RESPONSE_MESSAGES 12521 enum: 12522 - ALL_METRICS 12523 - REQUEST_COUNT 12524 - REQUEST_DURATION 12525 - REQUEST_SIZE 12526 - RESPONSE_SIZE 12527 - TCP_OPENED_CONNECTIONS 12528 - TCP_CLOSED_CONNECTIONS 12529 - TCP_SENT_BYTES 12530 - TCP_RECEIVED_BYTES 12531 - GRPC_REQUEST_MESSAGES 12532 - GRPC_RESPONSE_MESSAGES 12533 type: string 12534 mode: 12535 description: |- 12536 Controls which mode of metrics generation is selected: `CLIENT`, `SERVER`, or `CLIENT_AND_SERVER`. 12537 12538 Valid Options: CLIENT_AND_SERVER, CLIENT, SERVER 12539 enum: 12540 - CLIENT_AND_SERVER 12541 - CLIENT 12542 - SERVER 12543 type: string 12544 type: object 12545 tagOverrides: 12546 additionalProperties: 12547 properties: 12548 operation: 12549 description: |- 12550 Operation controls whether or not to update/add a tag, or to remove it. 12551 12552 Valid Options: UPSERT, REMOVE 12553 enum: 12554 - UPSERT 12555 - REMOVE 12556 type: string 12557 value: 12558 description: Value is only considered if the operation 12559 is `UPSERT`. 12560 type: string 12561 type: object 12562 x-kubernetes-validations: 12563 - message: value must be set when operation is UPSERT 12564 rule: '((has(self.operation) ? self.operation : '''') 12565 == ''UPSERT'') ? self.value != '''' : true' 12566 - message: value must not be set when operation is REMOVE 12567 rule: '((has(self.operation) ? self.operation : '''') 12568 == ''REMOVE'') ? !has(self.value) : true' 12569 description: Optional. 12570 type: object 12571 type: object 12572 type: array 12573 providers: 12574 description: Optional. 12575 items: 12576 properties: 12577 name: 12578 description: Required. 12579 minLength: 1 12580 type: string 12581 required: 12582 - name 12583 type: object 12584 type: array 12585 reportingInterval: 12586 description: Optional. 12587 type: string 12588 type: object 12589 type: array 12590 selector: 12591 description: Optional. 12592 properties: 12593 matchLabels: 12594 additionalProperties: 12595 type: string 12596 description: One or more labels that indicate a specific set of 12597 pods/VMs on which a policy should be applied. 12598 type: object 12599 type: object 12600 targetRef: 12601 properties: 12602 group: 12603 description: group is the group of the target resource. 12604 type: string 12605 kind: 12606 description: kind is kind of the target resource. 12607 type: string 12608 name: 12609 description: name is the name of the target resource. 12610 type: string 12611 namespace: 12612 description: namespace is the namespace of the referent. 12613 type: string 12614 type: object 12615 targetRefs: 12616 description: Optional. 12617 items: 12618 properties: 12619 group: 12620 description: group is the group of the target resource. 12621 type: string 12622 kind: 12623 description: kind is kind of the target resource. 12624 type: string 12625 name: 12626 description: name is the name of the target resource. 12627 type: string 12628 namespace: 12629 description: namespace is the namespace of the referent. 12630 type: string 12631 type: object 12632 type: array 12633 tracing: 12634 description: Optional. 12635 items: 12636 properties: 12637 customTags: 12638 additionalProperties: 12639 oneOf: 12640 - not: 12641 anyOf: 12642 - required: 12643 - literal 12644 - required: 12645 - environment 12646 - required: 12647 - header 12648 - required: 12649 - literal 12650 - required: 12651 - environment 12652 - required: 12653 - header 12654 properties: 12655 environment: 12656 description: Environment adds the value of an environment 12657 variable to each span. 12658 properties: 12659 defaultValue: 12660 description: Optional. 12661 type: string 12662 name: 12663 description: Name of the environment variable from 12664 which to extract the tag value. 12665 minLength: 1 12666 type: string 12667 required: 12668 - name 12669 type: object 12670 header: 12671 description: RequestHeader adds the value of an header 12672 from the request to each span. 12673 properties: 12674 defaultValue: 12675 description: Optional. 12676 type: string 12677 name: 12678 description: Name of the header from which to extract 12679 the tag value. 12680 minLength: 1 12681 type: string 12682 required: 12683 - name 12684 type: object 12685 literal: 12686 description: Literal adds the same, hard-coded value to 12687 each span. 12688 properties: 12689 value: 12690 description: The tag value to use. 12691 minLength: 1 12692 type: string 12693 required: 12694 - value 12695 type: object 12696 type: object 12697 description: Optional. 12698 type: object 12699 disableSpanReporting: 12700 description: Controls span reporting. 12701 nullable: true 12702 type: boolean 12703 match: 12704 description: Allows tailoring of behavior to specific conditions. 12705 properties: 12706 mode: 12707 description: |- 12708 This determines whether or not to apply the tracing configuration based on the direction of traffic relative to the proxied workload. 12709 12710 Valid Options: CLIENT_AND_SERVER, CLIENT, SERVER 12711 enum: 12712 - CLIENT_AND_SERVER 12713 - CLIENT 12714 - SERVER 12715 type: string 12716 type: object 12717 providers: 12718 description: Optional. 12719 items: 12720 properties: 12721 name: 12722 description: Required. 12723 minLength: 1 12724 type: string 12725 required: 12726 - name 12727 type: object 12728 type: array 12729 randomSamplingPercentage: 12730 description: Controls the rate at which traffic will be selected 12731 for tracing if no prior sampling decision has been made. 12732 format: double 12733 maximum: 100 12734 minimum: 0 12735 nullable: true 12736 type: number 12737 useRequestIdForTraceSampling: 12738 nullable: true 12739 type: boolean 12740 type: object 12741 type: array 12742 type: object 12743 status: 12744 type: object 12745 x-kubernetes-preserve-unknown-fields: true 12746 type: object 12747 served: true 12748 storage: false 12749 subresources: 12750 status: {} 12751 - additionalPrinterColumns: 12752 - description: 'CreationTimestamp is a timestamp representing the server time 12753 when this object was created. It is not guaranteed to be set in happens-before 12754 order across separate operations. Clients may not set this value. It is represented 12755 in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for 12756 lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' 12757 jsonPath: .metadata.creationTimestamp 12758 name: Age 12759 type: date 12760 name: v1alpha1 12761 schema: 12762 openAPIV3Schema: 12763 properties: 12764 spec: 12765 description: 'Telemetry configuration for workloads. See more details 12766 at: https://istio.io/docs/reference/config/telemetry.html' 12767 properties: 12768 accessLogging: 12769 description: Optional. 12770 items: 12771 properties: 12772 disabled: 12773 description: Controls logging. 12774 nullable: true 12775 type: boolean 12776 filter: 12777 description: Optional. 12778 properties: 12779 expression: 12780 description: CEL expression for selecting when requests/connections 12781 should be logged. 12782 type: string 12783 type: object 12784 match: 12785 description: Allows tailoring of logging behavior to specific 12786 conditions. 12787 properties: 12788 mode: 12789 description: |- 12790 This determines whether or not to apply the access logging configuration based on the direction of traffic relative to the proxied workload. 12791 12792 Valid Options: CLIENT_AND_SERVER, CLIENT, SERVER 12793 enum: 12794 - CLIENT_AND_SERVER 12795 - CLIENT 12796 - SERVER 12797 type: string 12798 type: object 12799 providers: 12800 description: Optional. 12801 items: 12802 properties: 12803 name: 12804 description: Required. 12805 minLength: 1 12806 type: string 12807 required: 12808 - name 12809 type: object 12810 type: array 12811 type: object 12812 type: array 12813 metrics: 12814 description: Optional. 12815 items: 12816 properties: 12817 overrides: 12818 description: Optional. 12819 items: 12820 properties: 12821 disabled: 12822 description: Optional. 12823 nullable: true 12824 type: boolean 12825 match: 12826 description: Match allows providing the scope of the override. 12827 oneOf: 12828 - not: 12829 anyOf: 12830 - required: 12831 - metric 12832 - required: 12833 - customMetric 12834 - required: 12835 - metric 12836 - required: 12837 - customMetric 12838 properties: 12839 customMetric: 12840 description: Allows free-form specification of a metric. 12841 minLength: 1 12842 type: string 12843 metric: 12844 description: |- 12845 One of the well-known [Istio Standard Metrics](https://istio.io/latest/docs/reference/config/metrics/). 12846 12847 Valid Options: ALL_METRICS, REQUEST_COUNT, REQUEST_DURATION, REQUEST_SIZE, RESPONSE_SIZE, TCP_OPENED_CONNECTIONS, TCP_CLOSED_CONNECTIONS, TCP_SENT_BYTES, TCP_RECEIVED_BYTES, GRPC_REQUEST_MESSAGES, GRPC_RESPONSE_MESSAGES 12848 enum: 12849 - ALL_METRICS 12850 - REQUEST_COUNT 12851 - REQUEST_DURATION 12852 - REQUEST_SIZE 12853 - RESPONSE_SIZE 12854 - TCP_OPENED_CONNECTIONS 12855 - TCP_CLOSED_CONNECTIONS 12856 - TCP_SENT_BYTES 12857 - TCP_RECEIVED_BYTES 12858 - GRPC_REQUEST_MESSAGES 12859 - GRPC_RESPONSE_MESSAGES 12860 type: string 12861 mode: 12862 description: |- 12863 Controls which mode of metrics generation is selected: `CLIENT`, `SERVER`, or `CLIENT_AND_SERVER`. 12864 12865 Valid Options: CLIENT_AND_SERVER, CLIENT, SERVER 12866 enum: 12867 - CLIENT_AND_SERVER 12868 - CLIENT 12869 - SERVER 12870 type: string 12871 type: object 12872 tagOverrides: 12873 additionalProperties: 12874 properties: 12875 operation: 12876 description: |- 12877 Operation controls whether or not to update/add a tag, or to remove it. 12878 12879 Valid Options: UPSERT, REMOVE 12880 enum: 12881 - UPSERT 12882 - REMOVE 12883 type: string 12884 value: 12885 description: Value is only considered if the operation 12886 is `UPSERT`. 12887 type: string 12888 type: object 12889 x-kubernetes-validations: 12890 - message: value must be set when operation is UPSERT 12891 rule: '((has(self.operation) ? self.operation : '''') 12892 == ''UPSERT'') ? self.value != '''' : true' 12893 - message: value must not be set when operation is REMOVE 12894 rule: '((has(self.operation) ? self.operation : '''') 12895 == ''REMOVE'') ? !has(self.value) : true' 12896 description: Optional. 12897 type: object 12898 type: object 12899 type: array 12900 providers: 12901 description: Optional. 12902 items: 12903 properties: 12904 name: 12905 description: Required. 12906 minLength: 1 12907 type: string 12908 required: 12909 - name 12910 type: object 12911 type: array 12912 reportingInterval: 12913 description: Optional. 12914 type: string 12915 type: object 12916 type: array 12917 selector: 12918 description: Optional. 12919 properties: 12920 matchLabels: 12921 additionalProperties: 12922 type: string 12923 description: One or more labels that indicate a specific set of 12924 pods/VMs on which a policy should be applied. 12925 type: object 12926 type: object 12927 targetRef: 12928 properties: 12929 group: 12930 description: group is the group of the target resource. 12931 type: string 12932 kind: 12933 description: kind is kind of the target resource. 12934 type: string 12935 name: 12936 description: name is the name of the target resource. 12937 type: string 12938 namespace: 12939 description: namespace is the namespace of the referent. 12940 type: string 12941 type: object 12942 targetRefs: 12943 description: Optional. 12944 items: 12945 properties: 12946 group: 12947 description: group is the group of the target resource. 12948 type: string 12949 kind: 12950 description: kind is kind of the target resource. 12951 type: string 12952 name: 12953 description: name is the name of the target resource. 12954 type: string 12955 namespace: 12956 description: namespace is the namespace of the referent. 12957 type: string 12958 type: object 12959 type: array 12960 tracing: 12961 description: Optional. 12962 items: 12963 properties: 12964 customTags: 12965 additionalProperties: 12966 oneOf: 12967 - not: 12968 anyOf: 12969 - required: 12970 - literal 12971 - required: 12972 - environment 12973 - required: 12974 - header 12975 - required: 12976 - literal 12977 - required: 12978 - environment 12979 - required: 12980 - header 12981 properties: 12982 environment: 12983 description: Environment adds the value of an environment 12984 variable to each span. 12985 properties: 12986 defaultValue: 12987 description: Optional. 12988 type: string 12989 name: 12990 description: Name of the environment variable from 12991 which to extract the tag value. 12992 minLength: 1 12993 type: string 12994 required: 12995 - name 12996 type: object 12997 header: 12998 description: RequestHeader adds the value of an header 12999 from the request to each span. 13000 properties: 13001 defaultValue: 13002 description: Optional. 13003 type: string 13004 name: 13005 description: Name of the header from which to extract 13006 the tag value. 13007 minLength: 1 13008 type: string 13009 required: 13010 - name 13011 type: object 13012 literal: 13013 description: Literal adds the same, hard-coded value to 13014 each span. 13015 properties: 13016 value: 13017 description: The tag value to use. 13018 minLength: 1 13019 type: string 13020 required: 13021 - value 13022 type: object 13023 type: object 13024 description: Optional. 13025 type: object 13026 disableSpanReporting: 13027 description: Controls span reporting. 13028 nullable: true 13029 type: boolean 13030 match: 13031 description: Allows tailoring of behavior to specific conditions. 13032 properties: 13033 mode: 13034 description: |- 13035 This determines whether or not to apply the tracing configuration based on the direction of traffic relative to the proxied workload. 13036 13037 Valid Options: CLIENT_AND_SERVER, CLIENT, SERVER 13038 enum: 13039 - CLIENT_AND_SERVER 13040 - CLIENT 13041 - SERVER 13042 type: string 13043 type: object 13044 providers: 13045 description: Optional. 13046 items: 13047 properties: 13048 name: 13049 description: Required. 13050 minLength: 1 13051 type: string 13052 required: 13053 - name 13054 type: object 13055 type: array 13056 randomSamplingPercentage: 13057 description: Controls the rate at which traffic will be selected 13058 for tracing if no prior sampling decision has been made. 13059 format: double 13060 maximum: 100 13061 minimum: 0 13062 nullable: true 13063 type: number 13064 useRequestIdForTraceSampling: 13065 nullable: true 13066 type: boolean 13067 type: object 13068 type: array 13069 type: object 13070 status: 13071 type: object 13072 x-kubernetes-preserve-unknown-fields: true 13073 type: object 13074 served: true 13075 storage: true 13076 subresources: 13077 status: {}