istio.io/istio@v0.0.0-20240520182934-d79c90f27776/manifests/charts/istiod-remote/templates/crd-all.gen.yaml (about) 1 {{- if .Values.global.configCluster }} 2 # DO NOT EDIT - Generated by Cue OpenAPI generator based on Istio APIs. 3 apiVersion: apiextensions.k8s.io/v1 4 kind: CustomResourceDefinition 5 metadata: 6 annotations: 7 "helm.sh/resource-policy": keep 8 labels: 9 app: istio-pilot 10 chart: istio 11 heritage: Tiller 12 release: istio 13 name: wasmplugins.extensions.istio.io 14 spec: 15 group: extensions.istio.io 16 names: 17 categories: 18 - istio-io 19 - extensions-istio-io 20 kind: WasmPlugin 21 listKind: WasmPluginList 22 plural: wasmplugins 23 singular: wasmplugin 24 scope: Namespaced 25 versions: 26 - additionalPrinterColumns: 27 - description: 'CreationTimestamp is a timestamp representing the server time 28 when this object was created. It is not guaranteed to be set in happens-before 29 order across separate operations. Clients may not set this value. It is represented 30 in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for 31 lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' 32 jsonPath: .metadata.creationTimestamp 33 name: Age 34 type: date 35 name: v1alpha1 36 schema: 37 openAPIV3Schema: 38 properties: 39 spec: 40 description: 'Extend the functionality provided by the Istio proxy through 41 WebAssembly filters. See more details at: https://istio.io/docs/reference/config/proxy_extensions/wasm-plugin.html' 42 properties: 43 failStrategy: 44 description: |- 45 Specifies the failure behavior for the plugin due to fatal errors. 46 47 Valid Options: FAIL_CLOSE, FAIL_OPEN 48 enum: 49 - FAIL_CLOSE 50 - FAIL_OPEN 51 type: string 52 imagePullPolicy: 53 description: |- 54 The pull behaviour to be applied when fetching Wasm module by either OCI image or `http/https`. 55 56 Valid Options: IfNotPresent, Always 57 enum: 58 - UNSPECIFIED_POLICY 59 - IfNotPresent 60 - Always 61 type: string 62 imagePullSecret: 63 description: Credentials to use for OCI image pulling. 64 maxLength: 253 65 minLength: 1 66 type: string 67 match: 68 description: Specifies the criteria to determine which traffic is 69 passed to WasmPlugin. 70 items: 71 properties: 72 mode: 73 description: |- 74 Criteria for selecting traffic by their direction. 75 76 Valid Options: CLIENT, SERVER, CLIENT_AND_SERVER 77 enum: 78 - UNDEFINED 79 - CLIENT 80 - SERVER 81 - CLIENT_AND_SERVER 82 type: string 83 ports: 84 description: Criteria for selecting traffic by their destination 85 port. 86 items: 87 properties: 88 number: 89 maximum: 65535 90 minimum: 1 91 type: integer 92 required: 93 - number 94 type: object 95 type: array 96 x-kubernetes-list-map-keys: 97 - number 98 x-kubernetes-list-type: map 99 type: object 100 type: array 101 phase: 102 description: |- 103 Determines where in the filter chain this `WasmPlugin` is to be injected. 104 105 Valid Options: AUTHN, AUTHZ, STATS 106 enum: 107 - UNSPECIFIED_PHASE 108 - AUTHN 109 - AUTHZ 110 - STATS 111 type: string 112 pluginConfig: 113 description: The configuration that will be passed on to the plugin. 114 type: object 115 x-kubernetes-preserve-unknown-fields: true 116 pluginName: 117 description: The plugin name to be used in the Envoy configuration 118 (used to be called `rootID`). 119 maxLength: 256 120 minLength: 1 121 type: string 122 priority: 123 description: Determines ordering of `WasmPlugins` in the same `phase`. 124 format: int32 125 nullable: true 126 type: integer 127 selector: 128 description: Criteria used to select the specific set of pods/VMs 129 on which this plugin configuration should be applied. 130 properties: 131 matchLabels: 132 additionalProperties: 133 type: string 134 description: One or more labels that indicate a specific set of 135 pods/VMs on which a policy should be applied. 136 type: object 137 type: object 138 sha256: 139 description: SHA256 checksum that will be used to verify Wasm module 140 or OCI container. 141 pattern: (^$|^[a-f0-9]{64}$) 142 type: string 143 targetRef: 144 properties: 145 group: 146 description: group is the group of the target resource. 147 type: string 148 kind: 149 description: kind is kind of the target resource. 150 type: string 151 name: 152 description: name is the name of the target resource. 153 type: string 154 namespace: 155 description: namespace is the namespace of the referent. 156 type: string 157 type: object 158 targetRefs: 159 description: Optional. 160 items: 161 properties: 162 group: 163 description: group is the group of the target resource. 164 type: string 165 kind: 166 description: kind is kind of the target resource. 167 type: string 168 name: 169 description: name is the name of the target resource. 170 type: string 171 namespace: 172 description: namespace is the namespace of the referent. 173 type: string 174 type: object 175 type: array 176 type: 177 description: |- 178 Specifies the type of Wasm Extension to be used. 179 180 Valid Options: HTTP, NETWORK 181 enum: 182 - UNSPECIFIED_PLUGIN_TYPE 183 - HTTP 184 - NETWORK 185 type: string 186 url: 187 description: URL of a Wasm module or OCI container. 188 minLength: 1 189 type: string 190 x-kubernetes-validations: 191 - message: url must have schema one of [http, https, file, oci] 192 rule: 'isURL(self) ? (url(self).getScheme() in ['''', ''http'', 193 ''https'', ''oci'', ''file'']) : (isURL(''http://'' + self) && 194 url(''http://'' +self).getScheme() in ['''', ''http'', ''https'', 195 ''oci'', ''file''])' 196 verificationKey: 197 type: string 198 vmConfig: 199 description: Configuration for a Wasm VM. 200 properties: 201 env: 202 description: Specifies environment variables to be injected to 203 this VM. 204 items: 205 properties: 206 name: 207 description: Name of the environment variable. 208 maxLength: 256 209 minLength: 1 210 type: string 211 value: 212 description: Value for the environment variable. 213 maxLength: 2048 214 type: string 215 valueFrom: 216 description: |- 217 Source for the environment variable's value. 218 219 Valid Options: INLINE, HOST 220 enum: 221 - INLINE 222 - HOST 223 type: string 224 required: 225 - name 226 type: object 227 x-kubernetes-validations: 228 - message: value may only be set when valueFrom is INLINE 229 rule: '(has(self.valueFrom) ? self.valueFrom : '''') != ''HOST'' 230 || !has(self.value)' 231 maxItems: 256 232 type: array 233 x-kubernetes-list-map-keys: 234 - name 235 x-kubernetes-list-type: map 236 type: object 237 required: 238 - url 239 type: object 240 status: 241 type: object 242 x-kubernetes-preserve-unknown-fields: true 243 required: 244 - spec 245 type: object 246 served: true 247 storage: true 248 subresources: 249 status: {} 250 --- 251 apiVersion: apiextensions.k8s.io/v1 252 kind: CustomResourceDefinition 253 metadata: 254 annotations: 255 "helm.sh/resource-policy": keep 256 labels: 257 app: istio-pilot 258 chart: istio 259 heritage: Tiller 260 release: istio 261 name: destinationrules.networking.istio.io 262 spec: 263 group: networking.istio.io 264 names: 265 categories: 266 - istio-io 267 - networking-istio-io 268 kind: DestinationRule 269 listKind: DestinationRuleList 270 plural: destinationrules 271 shortNames: 272 - dr 273 singular: destinationrule 274 scope: Namespaced 275 versions: 276 - additionalPrinterColumns: 277 - description: The name of a service from the service registry 278 jsonPath: .spec.host 279 name: Host 280 type: string 281 - description: 'CreationTimestamp is a timestamp representing the server time 282 when this object was created. It is not guaranteed to be set in happens-before 283 order across separate operations. Clients may not set this value. It is represented 284 in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for 285 lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' 286 jsonPath: .metadata.creationTimestamp 287 name: Age 288 type: date 289 name: v1 290 schema: 291 openAPIV3Schema: 292 properties: 293 spec: 294 description: 'Configuration affecting load balancing, outlier detection, 295 etc. See more details at: https://istio.io/docs/reference/config/networking/destination-rule.html' 296 properties: 297 exportTo: 298 description: A list of namespaces to which this destination rule is 299 exported. 300 items: 301 type: string 302 type: array 303 host: 304 description: The name of a service from the service registry. 305 type: string 306 subsets: 307 description: One or more named sets that represent individual versions 308 of a service. 309 items: 310 properties: 311 labels: 312 additionalProperties: 313 type: string 314 description: Labels apply a filter over the endpoints of a service 315 in the service registry. 316 type: object 317 name: 318 description: Name of the subset. 319 type: string 320 trafficPolicy: 321 description: Traffic policies that apply to this subset. 322 properties: 323 connectionPool: 324 properties: 325 http: 326 description: HTTP connection pool settings. 327 properties: 328 h2UpgradePolicy: 329 description: |- 330 Specify if http1.1 connection should be upgraded to http2 for the associated destination. 331 332 Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE 333 enum: 334 - DEFAULT 335 - DO_NOT_UPGRADE 336 - UPGRADE 337 type: string 338 http1MaxPendingRequests: 339 description: Maximum number of requests that will 340 be queued while waiting for a ready connection 341 pool connection. 342 format: int32 343 type: integer 344 http2MaxRequests: 345 description: Maximum number of active requests to 346 a destination. 347 format: int32 348 type: integer 349 idleTimeout: 350 description: The idle timeout for upstream connection 351 pool connections. 352 type: string 353 maxConcurrentStreams: 354 description: The maximum number of concurrent streams 355 allowed for a peer on one HTTP/2 connection. 356 format: int32 357 type: integer 358 maxRequestsPerConnection: 359 description: Maximum number of requests per connection 360 to a backend. 361 format: int32 362 type: integer 363 maxRetries: 364 description: Maximum number of retries that can 365 be outstanding to all hosts in a cluster at a 366 given time. 367 format: int32 368 type: integer 369 useClientProtocol: 370 description: If set to true, client protocol will 371 be preserved while initiating connection to backend. 372 type: boolean 373 type: object 374 tcp: 375 description: Settings common to both HTTP and TCP upstream 376 connections. 377 properties: 378 connectTimeout: 379 description: TCP connection timeout. 380 type: string 381 idleTimeout: 382 description: The idle timeout for TCP connections. 383 type: string 384 maxConnectionDuration: 385 description: The maximum duration of a connection. 386 type: string 387 maxConnections: 388 description: Maximum number of HTTP1 /TCP connections 389 to a destination host. 390 format: int32 391 type: integer 392 tcpKeepalive: 393 description: If set then set SO_KEEPALIVE on the 394 socket to enable TCP Keepalives. 395 properties: 396 interval: 397 description: The time duration between keep-alive 398 probes. 399 type: string 400 probes: 401 description: Maximum number of keepalive probes 402 to send without response before deciding the 403 connection is dead. 404 maximum: 4294967295 405 minimum: 0 406 type: integer 407 time: 408 description: The time duration a connection 409 needs to be idle before keep-alive probes 410 start being sent. 411 type: string 412 type: object 413 type: object 414 type: object 415 loadBalancer: 416 description: Settings controlling the load balancer algorithms. 417 oneOf: 418 - not: 419 anyOf: 420 - required: 421 - simple 422 - required: 423 - consistentHash 424 - required: 425 - simple 426 - required: 427 - consistentHash 428 properties: 429 consistentHash: 430 allOf: 431 - oneOf: 432 - not: 433 anyOf: 434 - required: 435 - httpHeaderName 436 - required: 437 - httpCookie 438 - required: 439 - useSourceIp 440 - required: 441 - httpQueryParameterName 442 - required: 443 - httpHeaderName 444 - required: 445 - httpCookie 446 - required: 447 - useSourceIp 448 - required: 449 - httpQueryParameterName 450 - oneOf: 451 - not: 452 anyOf: 453 - required: 454 - ringHash 455 - required: 456 - maglev 457 - required: 458 - ringHash 459 - required: 460 - maglev 461 properties: 462 httpCookie: 463 description: Hash based on HTTP cookie. 464 properties: 465 name: 466 description: Name of the cookie. 467 type: string 468 path: 469 description: Path to set for the cookie. 470 type: string 471 ttl: 472 description: Lifetime of the cookie. 473 type: string 474 required: 475 - name 476 type: object 477 httpHeaderName: 478 description: Hash based on a specific HTTP header. 479 type: string 480 httpQueryParameterName: 481 description: Hash based on a specific HTTP query 482 parameter. 483 type: string 484 maglev: 485 description: The Maglev load balancer implements 486 consistent hashing to backend hosts. 487 properties: 488 tableSize: 489 description: The table size for Maglev hashing. 490 minimum: 0 491 type: integer 492 type: object 493 minimumRingSize: 494 description: Deprecated. 495 minimum: 0 496 type: integer 497 ringHash: 498 description: The ring/modulo hash load balancer 499 implements consistent hashing to backend hosts. 500 properties: 501 minimumRingSize: 502 description: The minimum number of virtual nodes 503 to use for the hash ring. 504 minimum: 0 505 type: integer 506 type: object 507 useSourceIp: 508 description: Hash based on the source IP address. 509 type: boolean 510 type: object 511 localityLbSetting: 512 properties: 513 distribute: 514 description: 'Optional: only one of distribute, 515 failover or failoverPriority can be set.' 516 items: 517 properties: 518 from: 519 description: Originating locality, '/' separated, 520 e.g. 521 type: string 522 to: 523 additionalProperties: 524 maximum: 4294967295 525 minimum: 0 526 type: integer 527 description: Map of upstream localities to 528 traffic distribution weights. 529 type: object 530 type: object 531 type: array 532 enabled: 533 description: enable locality load balancing, this 534 is DestinationRule-level and will override mesh 535 wide settings in entirety. 536 nullable: true 537 type: boolean 538 failover: 539 description: 'Optional: only one of distribute, 540 failover or failoverPriority can be set.' 541 items: 542 properties: 543 from: 544 description: Originating region. 545 type: string 546 to: 547 description: Destination region the traffic 548 will fail over to when endpoints in the 549 'from' region becomes unhealthy. 550 type: string 551 type: object 552 type: array 553 failoverPriority: 554 description: failoverPriority is an ordered list 555 of labels used to sort endpoints to do priority 556 based load balancing. 557 items: 558 type: string 559 type: array 560 type: object 561 simple: 562 description: |2- 563 564 565 Valid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST 566 enum: 567 - UNSPECIFIED 568 - LEAST_CONN 569 - RANDOM 570 - PASSTHROUGH 571 - ROUND_ROBIN 572 - LEAST_REQUEST 573 type: string 574 warmupDurationSecs: 575 description: Represents the warmup duration of Service. 576 type: string 577 type: object 578 outlierDetection: 579 properties: 580 baseEjectionTime: 581 description: Minimum ejection duration. 582 type: string 583 consecutive5xxErrors: 584 description: Number of 5xx errors before a host is ejected 585 from the connection pool. 586 maximum: 4294967295 587 minimum: 0 588 nullable: true 589 type: integer 590 consecutiveErrors: 591 format: int32 592 type: integer 593 consecutiveGatewayErrors: 594 description: Number of gateway errors before a host 595 is ejected from the connection pool. 596 maximum: 4294967295 597 minimum: 0 598 nullable: true 599 type: integer 600 consecutiveLocalOriginFailures: 601 description: The number of consecutive locally originated 602 failures before ejection occurs. 603 maximum: 4294967295 604 minimum: 0 605 nullable: true 606 type: integer 607 interval: 608 description: Time interval between ejection sweep analysis. 609 type: string 610 maxEjectionPercent: 611 description: Maximum % of hosts in the load balancing 612 pool for the upstream service that can be ejected. 613 format: int32 614 type: integer 615 minHealthPercent: 616 description: Outlier detection will be enabled as long 617 as the associated load balancing pool has at least 618 min_health_percent hosts in healthy mode. 619 format: int32 620 type: integer 621 splitExternalLocalOriginErrors: 622 description: Determines whether to distinguish local 623 origin failures from external errors. 624 type: boolean 625 type: object 626 portLevelSettings: 627 description: Traffic policies specific to individual ports. 628 items: 629 properties: 630 connectionPool: 631 properties: 632 http: 633 description: HTTP connection pool settings. 634 properties: 635 h2UpgradePolicy: 636 description: |- 637 Specify if http1.1 connection should be upgraded to http2 for the associated destination. 638 639 Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE 640 enum: 641 - DEFAULT 642 - DO_NOT_UPGRADE 643 - UPGRADE 644 type: string 645 http1MaxPendingRequests: 646 description: Maximum number of requests that 647 will be queued while waiting for a ready 648 connection pool connection. 649 format: int32 650 type: integer 651 http2MaxRequests: 652 description: Maximum number of active requests 653 to a destination. 654 format: int32 655 type: integer 656 idleTimeout: 657 description: The idle timeout for upstream 658 connection pool connections. 659 type: string 660 maxConcurrentStreams: 661 description: The maximum number of concurrent 662 streams allowed for a peer on one HTTP/2 663 connection. 664 format: int32 665 type: integer 666 maxRequestsPerConnection: 667 description: Maximum number of requests per 668 connection to a backend. 669 format: int32 670 type: integer 671 maxRetries: 672 description: Maximum number of retries that 673 can be outstanding to all hosts in a cluster 674 at a given time. 675 format: int32 676 type: integer 677 useClientProtocol: 678 description: If set to true, client protocol 679 will be preserved while initiating connection 680 to backend. 681 type: boolean 682 type: object 683 tcp: 684 description: Settings common to both HTTP and 685 TCP upstream connections. 686 properties: 687 connectTimeout: 688 description: TCP connection timeout. 689 type: string 690 idleTimeout: 691 description: The idle timeout for TCP connections. 692 type: string 693 maxConnectionDuration: 694 description: The maximum duration of a connection. 695 type: string 696 maxConnections: 697 description: Maximum number of HTTP1 /TCP 698 connections to a destination host. 699 format: int32 700 type: integer 701 tcpKeepalive: 702 description: If set then set SO_KEEPALIVE 703 on the socket to enable TCP Keepalives. 704 properties: 705 interval: 706 description: The time duration between 707 keep-alive probes. 708 type: string 709 probes: 710 description: Maximum number of keepalive 711 probes to send without response before 712 deciding the connection is dead. 713 maximum: 4294967295 714 minimum: 0 715 type: integer 716 time: 717 description: The time duration a connection 718 needs to be idle before keep-alive probes 719 start being sent. 720 type: string 721 type: object 722 type: object 723 type: object 724 loadBalancer: 725 description: Settings controlling the load balancer 726 algorithms. 727 oneOf: 728 - not: 729 anyOf: 730 - required: 731 - simple 732 - required: 733 - consistentHash 734 - required: 735 - simple 736 - required: 737 - consistentHash 738 properties: 739 consistentHash: 740 allOf: 741 - oneOf: 742 - not: 743 anyOf: 744 - required: 745 - httpHeaderName 746 - required: 747 - httpCookie 748 - required: 749 - useSourceIp 750 - required: 751 - httpQueryParameterName 752 - required: 753 - httpHeaderName 754 - required: 755 - httpCookie 756 - required: 757 - useSourceIp 758 - required: 759 - httpQueryParameterName 760 - oneOf: 761 - not: 762 anyOf: 763 - required: 764 - ringHash 765 - required: 766 - maglev 767 - required: 768 - ringHash 769 - required: 770 - maglev 771 properties: 772 httpCookie: 773 description: Hash based on HTTP cookie. 774 properties: 775 name: 776 description: Name of the cookie. 777 type: string 778 path: 779 description: Path to set for the cookie. 780 type: string 781 ttl: 782 description: Lifetime of the cookie. 783 type: string 784 required: 785 - name 786 type: object 787 httpHeaderName: 788 description: Hash based on a specific HTTP 789 header. 790 type: string 791 httpQueryParameterName: 792 description: Hash based on a specific HTTP 793 query parameter. 794 type: string 795 maglev: 796 description: The Maglev load balancer implements 797 consistent hashing to backend hosts. 798 properties: 799 tableSize: 800 description: The table size for Maglev 801 hashing. 802 minimum: 0 803 type: integer 804 type: object 805 minimumRingSize: 806 description: Deprecated. 807 minimum: 0 808 type: integer 809 ringHash: 810 description: The ring/modulo hash load balancer 811 implements consistent hashing to backend 812 hosts. 813 properties: 814 minimumRingSize: 815 description: The minimum number of virtual 816 nodes to use for the hash ring. 817 minimum: 0 818 type: integer 819 type: object 820 useSourceIp: 821 description: Hash based on the source IP address. 822 type: boolean 823 type: object 824 localityLbSetting: 825 properties: 826 distribute: 827 description: 'Optional: only one of distribute, 828 failover or failoverPriority can be set.' 829 items: 830 properties: 831 from: 832 description: Originating locality, '/' 833 separated, e.g. 834 type: string 835 to: 836 additionalProperties: 837 maximum: 4294967295 838 minimum: 0 839 type: integer 840 description: Map of upstream localities 841 to traffic distribution weights. 842 type: object 843 type: object 844 type: array 845 enabled: 846 description: enable locality load balancing, 847 this is DestinationRule-level and will override 848 mesh wide settings in entirety. 849 nullable: true 850 type: boolean 851 failover: 852 description: 'Optional: only one of distribute, 853 failover or failoverPriority can be set.' 854 items: 855 properties: 856 from: 857 description: Originating region. 858 type: string 859 to: 860 description: Destination region the 861 traffic will fail over to when endpoints 862 in the 'from' region becomes unhealthy. 863 type: string 864 type: object 865 type: array 866 failoverPriority: 867 description: failoverPriority is an ordered 868 list of labels used to sort endpoints to 869 do priority based load balancing. 870 items: 871 type: string 872 type: array 873 type: object 874 simple: 875 description: |2- 876 877 878 Valid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST 879 enum: 880 - UNSPECIFIED 881 - LEAST_CONN 882 - RANDOM 883 - PASSTHROUGH 884 - ROUND_ROBIN 885 - LEAST_REQUEST 886 type: string 887 warmupDurationSecs: 888 description: Represents the warmup duration of 889 Service. 890 type: string 891 type: object 892 outlierDetection: 893 properties: 894 baseEjectionTime: 895 description: Minimum ejection duration. 896 type: string 897 consecutive5xxErrors: 898 description: Number of 5xx errors before a host 899 is ejected from the connection pool. 900 maximum: 4294967295 901 minimum: 0 902 nullable: true 903 type: integer 904 consecutiveErrors: 905 format: int32 906 type: integer 907 consecutiveGatewayErrors: 908 description: Number of gateway errors before a 909 host is ejected from the connection pool. 910 maximum: 4294967295 911 minimum: 0 912 nullable: true 913 type: integer 914 consecutiveLocalOriginFailures: 915 description: The number of consecutive locally 916 originated failures before ejection occurs. 917 maximum: 4294967295 918 minimum: 0 919 nullable: true 920 type: integer 921 interval: 922 description: Time interval between ejection sweep 923 analysis. 924 type: string 925 maxEjectionPercent: 926 description: Maximum % of hosts in the load balancing 927 pool for the upstream service that can be ejected. 928 format: int32 929 type: integer 930 minHealthPercent: 931 description: Outlier detection will be enabled 932 as long as the associated load balancing pool 933 has at least min_health_percent hosts in healthy 934 mode. 935 format: int32 936 type: integer 937 splitExternalLocalOriginErrors: 938 description: Determines whether to distinguish 939 local origin failures from external errors. 940 type: boolean 941 type: object 942 port: 943 description: Specifies the number of a port on the 944 destination service on which this policy is being 945 applied. 946 properties: 947 number: 948 maximum: 4294967295 949 minimum: 0 950 type: integer 951 type: object 952 tls: 953 description: TLS related settings for connections 954 to the upstream service. 955 properties: 956 caCertificates: 957 description: 'OPTIONAL: The path to the file containing 958 certificate authority certificates to use in 959 verifying a presented server certificate.' 960 type: string 961 caCrl: 962 description: 'OPTIONAL: The path to the file containing 963 the certificate revocation list (CRL) to use 964 in verifying a presented server certificate.' 965 type: string 966 clientCertificate: 967 description: REQUIRED if mode is `MUTUAL`. 968 type: string 969 credentialName: 970 description: The name of the secret that holds 971 the TLS certs for the client including the CA 972 certificates. 973 type: string 974 insecureSkipVerify: 975 description: '`insecureSkipVerify` specifies whether 976 the proxy should skip verifying the CA signature 977 and SAN for the server certificate corresponding 978 to the host.' 979 nullable: true 980 type: boolean 981 mode: 982 description: |- 983 Indicates whether connections to this port should be secured using TLS. 984 985 Valid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL 986 enum: 987 - DISABLE 988 - SIMPLE 989 - MUTUAL 990 - ISTIO_MUTUAL 991 type: string 992 privateKey: 993 description: REQUIRED if mode is `MUTUAL`. 994 type: string 995 sni: 996 description: SNI string to present to the server 997 during TLS handshake. 998 type: string 999 subjectAltNames: 1000 description: A list of alternate names to verify 1001 the subject identity in the certificate. 1002 items: 1003 type: string 1004 type: array 1005 type: object 1006 type: object 1007 type: array 1008 proxyProtocol: 1009 description: The upstream PROXY protocol settings. 1010 properties: 1011 version: 1012 description: |- 1013 The PROXY protocol version to use. 1014 1015 Valid Options: V1, V2 1016 enum: 1017 - V1 1018 - V2 1019 type: string 1020 type: object 1021 tls: 1022 description: TLS related settings for connections to the 1023 upstream service. 1024 properties: 1025 caCertificates: 1026 description: 'OPTIONAL: The path to the file containing 1027 certificate authority certificates to use in verifying 1028 a presented server certificate.' 1029 type: string 1030 caCrl: 1031 description: 'OPTIONAL: The path to the file containing 1032 the certificate revocation list (CRL) to use in verifying 1033 a presented server certificate.' 1034 type: string 1035 clientCertificate: 1036 description: REQUIRED if mode is `MUTUAL`. 1037 type: string 1038 credentialName: 1039 description: The name of the secret that holds the TLS 1040 certs for the client including the CA certificates. 1041 type: string 1042 insecureSkipVerify: 1043 description: '`insecureSkipVerify` specifies whether 1044 the proxy should skip verifying the CA signature and 1045 SAN for the server certificate corresponding to the 1046 host.' 1047 nullable: true 1048 type: boolean 1049 mode: 1050 description: |- 1051 Indicates whether connections to this port should be secured using TLS. 1052 1053 Valid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL 1054 enum: 1055 - DISABLE 1056 - SIMPLE 1057 - MUTUAL 1058 - ISTIO_MUTUAL 1059 type: string 1060 privateKey: 1061 description: REQUIRED if mode is `MUTUAL`. 1062 type: string 1063 sni: 1064 description: SNI string to present to the server during 1065 TLS handshake. 1066 type: string 1067 subjectAltNames: 1068 description: A list of alternate names to verify the 1069 subject identity in the certificate. 1070 items: 1071 type: string 1072 type: array 1073 type: object 1074 tunnel: 1075 description: Configuration of tunneling TCP over other transport 1076 or application layers for the host configured in the DestinationRule. 1077 properties: 1078 protocol: 1079 description: Specifies which protocol to use for tunneling 1080 the downstream connection. 1081 type: string 1082 targetHost: 1083 description: Specifies a host to which the downstream 1084 connection is tunneled. 1085 type: string 1086 targetPort: 1087 description: Specifies a port to which the downstream 1088 connection is tunneled. 1089 maximum: 4294967295 1090 minimum: 0 1091 type: integer 1092 required: 1093 - targetHost 1094 - targetPort 1095 type: object 1096 type: object 1097 required: 1098 - name 1099 type: object 1100 type: array 1101 trafficPolicy: 1102 description: Traffic policies to apply (load balancing policy, connection 1103 pool sizes, outlier detection). 1104 properties: 1105 connectionPool: 1106 properties: 1107 http: 1108 description: HTTP connection pool settings. 1109 properties: 1110 h2UpgradePolicy: 1111 description: |- 1112 Specify if http1.1 connection should be upgraded to http2 for the associated destination. 1113 1114 Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE 1115 enum: 1116 - DEFAULT 1117 - DO_NOT_UPGRADE 1118 - UPGRADE 1119 type: string 1120 http1MaxPendingRequests: 1121 description: Maximum number of requests that will be queued 1122 while waiting for a ready connection pool connection. 1123 format: int32 1124 type: integer 1125 http2MaxRequests: 1126 description: Maximum number of active requests to a destination. 1127 format: int32 1128 type: integer 1129 idleTimeout: 1130 description: The idle timeout for upstream connection 1131 pool connections. 1132 type: string 1133 maxConcurrentStreams: 1134 description: The maximum number of concurrent streams 1135 allowed for a peer on one HTTP/2 connection. 1136 format: int32 1137 type: integer 1138 maxRequestsPerConnection: 1139 description: Maximum number of requests per connection 1140 to a backend. 1141 format: int32 1142 type: integer 1143 maxRetries: 1144 description: Maximum number of retries that can be outstanding 1145 to all hosts in a cluster at a given time. 1146 format: int32 1147 type: integer 1148 useClientProtocol: 1149 description: If set to true, client protocol will be preserved 1150 while initiating connection to backend. 1151 type: boolean 1152 type: object 1153 tcp: 1154 description: Settings common to both HTTP and TCP upstream 1155 connections. 1156 properties: 1157 connectTimeout: 1158 description: TCP connection timeout. 1159 type: string 1160 idleTimeout: 1161 description: The idle timeout for TCP connections. 1162 type: string 1163 maxConnectionDuration: 1164 description: The maximum duration of a connection. 1165 type: string 1166 maxConnections: 1167 description: Maximum number of HTTP1 /TCP connections 1168 to a destination host. 1169 format: int32 1170 type: integer 1171 tcpKeepalive: 1172 description: If set then set SO_KEEPALIVE on the socket 1173 to enable TCP Keepalives. 1174 properties: 1175 interval: 1176 description: The time duration between keep-alive 1177 probes. 1178 type: string 1179 probes: 1180 description: Maximum number of keepalive probes to 1181 send without response before deciding the connection 1182 is dead. 1183 maximum: 4294967295 1184 minimum: 0 1185 type: integer 1186 time: 1187 description: The time duration a connection needs 1188 to be idle before keep-alive probes start being 1189 sent. 1190 type: string 1191 type: object 1192 type: object 1193 type: object 1194 loadBalancer: 1195 description: Settings controlling the load balancer algorithms. 1196 oneOf: 1197 - not: 1198 anyOf: 1199 - required: 1200 - simple 1201 - required: 1202 - consistentHash 1203 - required: 1204 - simple 1205 - required: 1206 - consistentHash 1207 properties: 1208 consistentHash: 1209 allOf: 1210 - oneOf: 1211 - not: 1212 anyOf: 1213 - required: 1214 - httpHeaderName 1215 - required: 1216 - httpCookie 1217 - required: 1218 - useSourceIp 1219 - required: 1220 - httpQueryParameterName 1221 - required: 1222 - httpHeaderName 1223 - required: 1224 - httpCookie 1225 - required: 1226 - useSourceIp 1227 - required: 1228 - httpQueryParameterName 1229 - oneOf: 1230 - not: 1231 anyOf: 1232 - required: 1233 - ringHash 1234 - required: 1235 - maglev 1236 - required: 1237 - ringHash 1238 - required: 1239 - maglev 1240 properties: 1241 httpCookie: 1242 description: Hash based on HTTP cookie. 1243 properties: 1244 name: 1245 description: Name of the cookie. 1246 type: string 1247 path: 1248 description: Path to set for the cookie. 1249 type: string 1250 ttl: 1251 description: Lifetime of the cookie. 1252 type: string 1253 required: 1254 - name 1255 type: object 1256 httpHeaderName: 1257 description: Hash based on a specific HTTP header. 1258 type: string 1259 httpQueryParameterName: 1260 description: Hash based on a specific HTTP query parameter. 1261 type: string 1262 maglev: 1263 description: The Maglev load balancer implements consistent 1264 hashing to backend hosts. 1265 properties: 1266 tableSize: 1267 description: The table size for Maglev hashing. 1268 minimum: 0 1269 type: integer 1270 type: object 1271 minimumRingSize: 1272 description: Deprecated. 1273 minimum: 0 1274 type: integer 1275 ringHash: 1276 description: The ring/modulo hash load balancer implements 1277 consistent hashing to backend hosts. 1278 properties: 1279 minimumRingSize: 1280 description: The minimum number of virtual nodes to 1281 use for the hash ring. 1282 minimum: 0 1283 type: integer 1284 type: object 1285 useSourceIp: 1286 description: Hash based on the source IP address. 1287 type: boolean 1288 type: object 1289 localityLbSetting: 1290 properties: 1291 distribute: 1292 description: 'Optional: only one of distribute, failover 1293 or failoverPriority can be set.' 1294 items: 1295 properties: 1296 from: 1297 description: Originating locality, '/' separated, 1298 e.g. 1299 type: string 1300 to: 1301 additionalProperties: 1302 maximum: 4294967295 1303 minimum: 0 1304 type: integer 1305 description: Map of upstream localities to traffic 1306 distribution weights. 1307 type: object 1308 type: object 1309 type: array 1310 enabled: 1311 description: enable locality load balancing, this is DestinationRule-level 1312 and will override mesh wide settings in entirety. 1313 nullable: true 1314 type: boolean 1315 failover: 1316 description: 'Optional: only one of distribute, failover 1317 or failoverPriority can be set.' 1318 items: 1319 properties: 1320 from: 1321 description: Originating region. 1322 type: string 1323 to: 1324 description: Destination region the traffic will 1325 fail over to when endpoints in the 'from' region 1326 becomes unhealthy. 1327 type: string 1328 type: object 1329 type: array 1330 failoverPriority: 1331 description: failoverPriority is an ordered list of labels 1332 used to sort endpoints to do priority based load balancing. 1333 items: 1334 type: string 1335 type: array 1336 type: object 1337 simple: 1338 description: |2- 1339 1340 1341 Valid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST 1342 enum: 1343 - UNSPECIFIED 1344 - LEAST_CONN 1345 - RANDOM 1346 - PASSTHROUGH 1347 - ROUND_ROBIN 1348 - LEAST_REQUEST 1349 type: string 1350 warmupDurationSecs: 1351 description: Represents the warmup duration of Service. 1352 type: string 1353 type: object 1354 outlierDetection: 1355 properties: 1356 baseEjectionTime: 1357 description: Minimum ejection duration. 1358 type: string 1359 consecutive5xxErrors: 1360 description: Number of 5xx errors before a host is ejected 1361 from the connection pool. 1362 maximum: 4294967295 1363 minimum: 0 1364 nullable: true 1365 type: integer 1366 consecutiveErrors: 1367 format: int32 1368 type: integer 1369 consecutiveGatewayErrors: 1370 description: Number of gateway errors before a host is ejected 1371 from the connection pool. 1372 maximum: 4294967295 1373 minimum: 0 1374 nullable: true 1375 type: integer 1376 consecutiveLocalOriginFailures: 1377 description: The number of consecutive locally originated 1378 failures before ejection occurs. 1379 maximum: 4294967295 1380 minimum: 0 1381 nullable: true 1382 type: integer 1383 interval: 1384 description: Time interval between ejection sweep analysis. 1385 type: string 1386 maxEjectionPercent: 1387 description: Maximum % of hosts in the load balancing pool 1388 for the upstream service that can be ejected. 1389 format: int32 1390 type: integer 1391 minHealthPercent: 1392 description: Outlier detection will be enabled as long as 1393 the associated load balancing pool has at least min_health_percent 1394 hosts in healthy mode. 1395 format: int32 1396 type: integer 1397 splitExternalLocalOriginErrors: 1398 description: Determines whether to distinguish local origin 1399 failures from external errors. 1400 type: boolean 1401 type: object 1402 portLevelSettings: 1403 description: Traffic policies specific to individual ports. 1404 items: 1405 properties: 1406 connectionPool: 1407 properties: 1408 http: 1409 description: HTTP connection pool settings. 1410 properties: 1411 h2UpgradePolicy: 1412 description: |- 1413 Specify if http1.1 connection should be upgraded to http2 for the associated destination. 1414 1415 Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE 1416 enum: 1417 - DEFAULT 1418 - DO_NOT_UPGRADE 1419 - UPGRADE 1420 type: string 1421 http1MaxPendingRequests: 1422 description: Maximum number of requests that will 1423 be queued while waiting for a ready connection 1424 pool connection. 1425 format: int32 1426 type: integer 1427 http2MaxRequests: 1428 description: Maximum number of active requests to 1429 a destination. 1430 format: int32 1431 type: integer 1432 idleTimeout: 1433 description: The idle timeout for upstream connection 1434 pool connections. 1435 type: string 1436 maxConcurrentStreams: 1437 description: The maximum number of concurrent streams 1438 allowed for a peer on one HTTP/2 connection. 1439 format: int32 1440 type: integer 1441 maxRequestsPerConnection: 1442 description: Maximum number of requests per connection 1443 to a backend. 1444 format: int32 1445 type: integer 1446 maxRetries: 1447 description: Maximum number of retries that can 1448 be outstanding to all hosts in a cluster at a 1449 given time. 1450 format: int32 1451 type: integer 1452 useClientProtocol: 1453 description: If set to true, client protocol will 1454 be preserved while initiating connection to backend. 1455 type: boolean 1456 type: object 1457 tcp: 1458 description: Settings common to both HTTP and TCP upstream 1459 connections. 1460 properties: 1461 connectTimeout: 1462 description: TCP connection timeout. 1463 type: string 1464 idleTimeout: 1465 description: The idle timeout for TCP connections. 1466 type: string 1467 maxConnectionDuration: 1468 description: The maximum duration of a connection. 1469 type: string 1470 maxConnections: 1471 description: Maximum number of HTTP1 /TCP connections 1472 to a destination host. 1473 format: int32 1474 type: integer 1475 tcpKeepalive: 1476 description: If set then set SO_KEEPALIVE on the 1477 socket to enable TCP Keepalives. 1478 properties: 1479 interval: 1480 description: The time duration between keep-alive 1481 probes. 1482 type: string 1483 probes: 1484 description: Maximum number of keepalive probes 1485 to send without response before deciding the 1486 connection is dead. 1487 maximum: 4294967295 1488 minimum: 0 1489 type: integer 1490 time: 1491 description: The time duration a connection 1492 needs to be idle before keep-alive probes 1493 start being sent. 1494 type: string 1495 type: object 1496 type: object 1497 type: object 1498 loadBalancer: 1499 description: Settings controlling the load balancer algorithms. 1500 oneOf: 1501 - not: 1502 anyOf: 1503 - required: 1504 - simple 1505 - required: 1506 - consistentHash 1507 - required: 1508 - simple 1509 - required: 1510 - consistentHash 1511 properties: 1512 consistentHash: 1513 allOf: 1514 - oneOf: 1515 - not: 1516 anyOf: 1517 - required: 1518 - httpHeaderName 1519 - required: 1520 - httpCookie 1521 - required: 1522 - useSourceIp 1523 - required: 1524 - httpQueryParameterName 1525 - required: 1526 - httpHeaderName 1527 - required: 1528 - httpCookie 1529 - required: 1530 - useSourceIp 1531 - required: 1532 - httpQueryParameterName 1533 - oneOf: 1534 - not: 1535 anyOf: 1536 - required: 1537 - ringHash 1538 - required: 1539 - maglev 1540 - required: 1541 - ringHash 1542 - required: 1543 - maglev 1544 properties: 1545 httpCookie: 1546 description: Hash based on HTTP cookie. 1547 properties: 1548 name: 1549 description: Name of the cookie. 1550 type: string 1551 path: 1552 description: Path to set for the cookie. 1553 type: string 1554 ttl: 1555 description: Lifetime of the cookie. 1556 type: string 1557 required: 1558 - name 1559 type: object 1560 httpHeaderName: 1561 description: Hash based on a specific HTTP header. 1562 type: string 1563 httpQueryParameterName: 1564 description: Hash based on a specific HTTP query 1565 parameter. 1566 type: string 1567 maglev: 1568 description: The Maglev load balancer implements 1569 consistent hashing to backend hosts. 1570 properties: 1571 tableSize: 1572 description: The table size for Maglev hashing. 1573 minimum: 0 1574 type: integer 1575 type: object 1576 minimumRingSize: 1577 description: Deprecated. 1578 minimum: 0 1579 type: integer 1580 ringHash: 1581 description: The ring/modulo hash load balancer 1582 implements consistent hashing to backend hosts. 1583 properties: 1584 minimumRingSize: 1585 description: The minimum number of virtual nodes 1586 to use for the hash ring. 1587 minimum: 0 1588 type: integer 1589 type: object 1590 useSourceIp: 1591 description: Hash based on the source IP address. 1592 type: boolean 1593 type: object 1594 localityLbSetting: 1595 properties: 1596 distribute: 1597 description: 'Optional: only one of distribute, 1598 failover or failoverPriority can be set.' 1599 items: 1600 properties: 1601 from: 1602 description: Originating locality, '/' separated, 1603 e.g. 1604 type: string 1605 to: 1606 additionalProperties: 1607 maximum: 4294967295 1608 minimum: 0 1609 type: integer 1610 description: Map of upstream localities to 1611 traffic distribution weights. 1612 type: object 1613 type: object 1614 type: array 1615 enabled: 1616 description: enable locality load balancing, this 1617 is DestinationRule-level and will override mesh 1618 wide settings in entirety. 1619 nullable: true 1620 type: boolean 1621 failover: 1622 description: 'Optional: only one of distribute, 1623 failover or failoverPriority can be set.' 1624 items: 1625 properties: 1626 from: 1627 description: Originating region. 1628 type: string 1629 to: 1630 description: Destination region the traffic 1631 will fail over to when endpoints in the 1632 'from' region becomes unhealthy. 1633 type: string 1634 type: object 1635 type: array 1636 failoverPriority: 1637 description: failoverPriority is an ordered list 1638 of labels used to sort endpoints to do priority 1639 based load balancing. 1640 items: 1641 type: string 1642 type: array 1643 type: object 1644 simple: 1645 description: |2- 1646 1647 1648 Valid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST 1649 enum: 1650 - UNSPECIFIED 1651 - LEAST_CONN 1652 - RANDOM 1653 - PASSTHROUGH 1654 - ROUND_ROBIN 1655 - LEAST_REQUEST 1656 type: string 1657 warmupDurationSecs: 1658 description: Represents the warmup duration of Service. 1659 type: string 1660 type: object 1661 outlierDetection: 1662 properties: 1663 baseEjectionTime: 1664 description: Minimum ejection duration. 1665 type: string 1666 consecutive5xxErrors: 1667 description: Number of 5xx errors before a host is ejected 1668 from the connection pool. 1669 maximum: 4294967295 1670 minimum: 0 1671 nullable: true 1672 type: integer 1673 consecutiveErrors: 1674 format: int32 1675 type: integer 1676 consecutiveGatewayErrors: 1677 description: Number of gateway errors before a host 1678 is ejected from the connection pool. 1679 maximum: 4294967295 1680 minimum: 0 1681 nullable: true 1682 type: integer 1683 consecutiveLocalOriginFailures: 1684 description: The number of consecutive locally originated 1685 failures before ejection occurs. 1686 maximum: 4294967295 1687 minimum: 0 1688 nullable: true 1689 type: integer 1690 interval: 1691 description: Time interval between ejection sweep analysis. 1692 type: string 1693 maxEjectionPercent: 1694 description: Maximum % of hosts in the load balancing 1695 pool for the upstream service that can be ejected. 1696 format: int32 1697 type: integer 1698 minHealthPercent: 1699 description: Outlier detection will be enabled as long 1700 as the associated load balancing pool has at least 1701 min_health_percent hosts in healthy mode. 1702 format: int32 1703 type: integer 1704 splitExternalLocalOriginErrors: 1705 description: Determines whether to distinguish local 1706 origin failures from external errors. 1707 type: boolean 1708 type: object 1709 port: 1710 description: Specifies the number of a port on the destination 1711 service on which this policy is being applied. 1712 properties: 1713 number: 1714 maximum: 4294967295 1715 minimum: 0 1716 type: integer 1717 type: object 1718 tls: 1719 description: TLS related settings for connections to the 1720 upstream service. 1721 properties: 1722 caCertificates: 1723 description: 'OPTIONAL: The path to the file containing 1724 certificate authority certificates to use in verifying 1725 a presented server certificate.' 1726 type: string 1727 caCrl: 1728 description: 'OPTIONAL: The path to the file containing 1729 the certificate revocation list (CRL) to use in verifying 1730 a presented server certificate.' 1731 type: string 1732 clientCertificate: 1733 description: REQUIRED if mode is `MUTUAL`. 1734 type: string 1735 credentialName: 1736 description: The name of the secret that holds the TLS 1737 certs for the client including the CA certificates. 1738 type: string 1739 insecureSkipVerify: 1740 description: '`insecureSkipVerify` specifies whether 1741 the proxy should skip verifying the CA signature and 1742 SAN for the server certificate corresponding to the 1743 host.' 1744 nullable: true 1745 type: boolean 1746 mode: 1747 description: |- 1748 Indicates whether connections to this port should be secured using TLS. 1749 1750 Valid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL 1751 enum: 1752 - DISABLE 1753 - SIMPLE 1754 - MUTUAL 1755 - ISTIO_MUTUAL 1756 type: string 1757 privateKey: 1758 description: REQUIRED if mode is `MUTUAL`. 1759 type: string 1760 sni: 1761 description: SNI string to present to the server during 1762 TLS handshake. 1763 type: string 1764 subjectAltNames: 1765 description: A list of alternate names to verify the 1766 subject identity in the certificate. 1767 items: 1768 type: string 1769 type: array 1770 type: object 1771 type: object 1772 type: array 1773 proxyProtocol: 1774 description: The upstream PROXY protocol settings. 1775 properties: 1776 version: 1777 description: |- 1778 The PROXY protocol version to use. 1779 1780 Valid Options: V1, V2 1781 enum: 1782 - V1 1783 - V2 1784 type: string 1785 type: object 1786 tls: 1787 description: TLS related settings for connections to the upstream 1788 service. 1789 properties: 1790 caCertificates: 1791 description: 'OPTIONAL: The path to the file containing certificate 1792 authority certificates to use in verifying a presented server 1793 certificate.' 1794 type: string 1795 caCrl: 1796 description: 'OPTIONAL: The path to the file containing the 1797 certificate revocation list (CRL) to use in verifying a 1798 presented server certificate.' 1799 type: string 1800 clientCertificate: 1801 description: REQUIRED if mode is `MUTUAL`. 1802 type: string 1803 credentialName: 1804 description: The name of the secret that holds the TLS certs 1805 for the client including the CA certificates. 1806 type: string 1807 insecureSkipVerify: 1808 description: '`insecureSkipVerify` specifies whether the proxy 1809 should skip verifying the CA signature and SAN for the server 1810 certificate corresponding to the host.' 1811 nullable: true 1812 type: boolean 1813 mode: 1814 description: |- 1815 Indicates whether connections to this port should be secured using TLS. 1816 1817 Valid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL 1818 enum: 1819 - DISABLE 1820 - SIMPLE 1821 - MUTUAL 1822 - ISTIO_MUTUAL 1823 type: string 1824 privateKey: 1825 description: REQUIRED if mode is `MUTUAL`. 1826 type: string 1827 sni: 1828 description: SNI string to present to the server during TLS 1829 handshake. 1830 type: string 1831 subjectAltNames: 1832 description: A list of alternate names to verify the subject 1833 identity in the certificate. 1834 items: 1835 type: string 1836 type: array 1837 type: object 1838 tunnel: 1839 description: Configuration of tunneling TCP over other transport 1840 or application layers for the host configured in the DestinationRule. 1841 properties: 1842 protocol: 1843 description: Specifies which protocol to use for tunneling 1844 the downstream connection. 1845 type: string 1846 targetHost: 1847 description: Specifies a host to which the downstream connection 1848 is tunneled. 1849 type: string 1850 targetPort: 1851 description: Specifies a port to which the downstream connection 1852 is tunneled. 1853 maximum: 4294967295 1854 minimum: 0 1855 type: integer 1856 required: 1857 - targetHost 1858 - targetPort 1859 type: object 1860 type: object 1861 workloadSelector: 1862 description: Criteria used to select the specific set of pods/VMs 1863 on which this `DestinationRule` configuration should be applied. 1864 properties: 1865 matchLabels: 1866 additionalProperties: 1867 type: string 1868 description: One or more labels that indicate a specific set of 1869 pods/VMs on which a policy should be applied. 1870 type: object 1871 type: object 1872 required: 1873 - host 1874 type: object 1875 status: 1876 type: object 1877 x-kubernetes-preserve-unknown-fields: true 1878 type: object 1879 served: true 1880 storage: false 1881 subresources: 1882 status: {} 1883 - additionalPrinterColumns: 1884 - description: The name of a service from the service registry 1885 jsonPath: .spec.host 1886 name: Host 1887 type: string 1888 - description: 'CreationTimestamp is a timestamp representing the server time 1889 when this object was created. It is not guaranteed to be set in happens-before 1890 order across separate operations. Clients may not set this value. It is represented 1891 in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for 1892 lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' 1893 jsonPath: .metadata.creationTimestamp 1894 name: Age 1895 type: date 1896 name: v1alpha3 1897 schema: 1898 openAPIV3Schema: 1899 properties: 1900 spec: 1901 description: 'Configuration affecting load balancing, outlier detection, 1902 etc. See more details at: https://istio.io/docs/reference/config/networking/destination-rule.html' 1903 properties: 1904 exportTo: 1905 description: A list of namespaces to which this destination rule is 1906 exported. 1907 items: 1908 type: string 1909 type: array 1910 host: 1911 description: The name of a service from the service registry. 1912 type: string 1913 subsets: 1914 description: One or more named sets that represent individual versions 1915 of a service. 1916 items: 1917 properties: 1918 labels: 1919 additionalProperties: 1920 type: string 1921 description: Labels apply a filter over the endpoints of a service 1922 in the service registry. 1923 type: object 1924 name: 1925 description: Name of the subset. 1926 type: string 1927 trafficPolicy: 1928 description: Traffic policies that apply to this subset. 1929 properties: 1930 connectionPool: 1931 properties: 1932 http: 1933 description: HTTP connection pool settings. 1934 properties: 1935 h2UpgradePolicy: 1936 description: |- 1937 Specify if http1.1 connection should be upgraded to http2 for the associated destination. 1938 1939 Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE 1940 enum: 1941 - DEFAULT 1942 - DO_NOT_UPGRADE 1943 - UPGRADE 1944 type: string 1945 http1MaxPendingRequests: 1946 description: Maximum number of requests that will 1947 be queued while waiting for a ready connection 1948 pool connection. 1949 format: int32 1950 type: integer 1951 http2MaxRequests: 1952 description: Maximum number of active requests to 1953 a destination. 1954 format: int32 1955 type: integer 1956 idleTimeout: 1957 description: The idle timeout for upstream connection 1958 pool connections. 1959 type: string 1960 maxConcurrentStreams: 1961 description: The maximum number of concurrent streams 1962 allowed for a peer on one HTTP/2 connection. 1963 format: int32 1964 type: integer 1965 maxRequestsPerConnection: 1966 description: Maximum number of requests per connection 1967 to a backend. 1968 format: int32 1969 type: integer 1970 maxRetries: 1971 description: Maximum number of retries that can 1972 be outstanding to all hosts in a cluster at a 1973 given time. 1974 format: int32 1975 type: integer 1976 useClientProtocol: 1977 description: If set to true, client protocol will 1978 be preserved while initiating connection to backend. 1979 type: boolean 1980 type: object 1981 tcp: 1982 description: Settings common to both HTTP and TCP upstream 1983 connections. 1984 properties: 1985 connectTimeout: 1986 description: TCP connection timeout. 1987 type: string 1988 idleTimeout: 1989 description: The idle timeout for TCP connections. 1990 type: string 1991 maxConnectionDuration: 1992 description: The maximum duration of a connection. 1993 type: string 1994 maxConnections: 1995 description: Maximum number of HTTP1 /TCP connections 1996 to a destination host. 1997 format: int32 1998 type: integer 1999 tcpKeepalive: 2000 description: If set then set SO_KEEPALIVE on the 2001 socket to enable TCP Keepalives. 2002 properties: 2003 interval: 2004 description: The time duration between keep-alive 2005 probes. 2006 type: string 2007 probes: 2008 description: Maximum number of keepalive probes 2009 to send without response before deciding the 2010 connection is dead. 2011 maximum: 4294967295 2012 minimum: 0 2013 type: integer 2014 time: 2015 description: The time duration a connection 2016 needs to be idle before keep-alive probes 2017 start being sent. 2018 type: string 2019 type: object 2020 type: object 2021 type: object 2022 loadBalancer: 2023 description: Settings controlling the load balancer algorithms. 2024 oneOf: 2025 - not: 2026 anyOf: 2027 - required: 2028 - simple 2029 - required: 2030 - consistentHash 2031 - required: 2032 - simple 2033 - required: 2034 - consistentHash 2035 properties: 2036 consistentHash: 2037 allOf: 2038 - oneOf: 2039 - not: 2040 anyOf: 2041 - required: 2042 - httpHeaderName 2043 - required: 2044 - httpCookie 2045 - required: 2046 - useSourceIp 2047 - required: 2048 - httpQueryParameterName 2049 - required: 2050 - httpHeaderName 2051 - required: 2052 - httpCookie 2053 - required: 2054 - useSourceIp 2055 - required: 2056 - httpQueryParameterName 2057 - oneOf: 2058 - not: 2059 anyOf: 2060 - required: 2061 - ringHash 2062 - required: 2063 - maglev 2064 - required: 2065 - ringHash 2066 - required: 2067 - maglev 2068 properties: 2069 httpCookie: 2070 description: Hash based on HTTP cookie. 2071 properties: 2072 name: 2073 description: Name of the cookie. 2074 type: string 2075 path: 2076 description: Path to set for the cookie. 2077 type: string 2078 ttl: 2079 description: Lifetime of the cookie. 2080 type: string 2081 required: 2082 - name 2083 type: object 2084 httpHeaderName: 2085 description: Hash based on a specific HTTP header. 2086 type: string 2087 httpQueryParameterName: 2088 description: Hash based on a specific HTTP query 2089 parameter. 2090 type: string 2091 maglev: 2092 description: The Maglev load balancer implements 2093 consistent hashing to backend hosts. 2094 properties: 2095 tableSize: 2096 description: The table size for Maglev hashing. 2097 minimum: 0 2098 type: integer 2099 type: object 2100 minimumRingSize: 2101 description: Deprecated. 2102 minimum: 0 2103 type: integer 2104 ringHash: 2105 description: The ring/modulo hash load balancer 2106 implements consistent hashing to backend hosts. 2107 properties: 2108 minimumRingSize: 2109 description: The minimum number of virtual nodes 2110 to use for the hash ring. 2111 minimum: 0 2112 type: integer 2113 type: object 2114 useSourceIp: 2115 description: Hash based on the source IP address. 2116 type: boolean 2117 type: object 2118 localityLbSetting: 2119 properties: 2120 distribute: 2121 description: 'Optional: only one of distribute, 2122 failover or failoverPriority can be set.' 2123 items: 2124 properties: 2125 from: 2126 description: Originating locality, '/' separated, 2127 e.g. 2128 type: string 2129 to: 2130 additionalProperties: 2131 maximum: 4294967295 2132 minimum: 0 2133 type: integer 2134 description: Map of upstream localities to 2135 traffic distribution weights. 2136 type: object 2137 type: object 2138 type: array 2139 enabled: 2140 description: enable locality load balancing, this 2141 is DestinationRule-level and will override mesh 2142 wide settings in entirety. 2143 nullable: true 2144 type: boolean 2145 failover: 2146 description: 'Optional: only one of distribute, 2147 failover or failoverPriority can be set.' 2148 items: 2149 properties: 2150 from: 2151 description: Originating region. 2152 type: string 2153 to: 2154 description: Destination region the traffic 2155 will fail over to when endpoints in the 2156 'from' region becomes unhealthy. 2157 type: string 2158 type: object 2159 type: array 2160 failoverPriority: 2161 description: failoverPriority is an ordered list 2162 of labels used to sort endpoints to do priority 2163 based load balancing. 2164 items: 2165 type: string 2166 type: array 2167 type: object 2168 simple: 2169 description: |2- 2170 2171 2172 Valid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST 2173 enum: 2174 - UNSPECIFIED 2175 - LEAST_CONN 2176 - RANDOM 2177 - PASSTHROUGH 2178 - ROUND_ROBIN 2179 - LEAST_REQUEST 2180 type: string 2181 warmupDurationSecs: 2182 description: Represents the warmup duration of Service. 2183 type: string 2184 type: object 2185 outlierDetection: 2186 properties: 2187 baseEjectionTime: 2188 description: Minimum ejection duration. 2189 type: string 2190 consecutive5xxErrors: 2191 description: Number of 5xx errors before a host is ejected 2192 from the connection pool. 2193 maximum: 4294967295 2194 minimum: 0 2195 nullable: true 2196 type: integer 2197 consecutiveErrors: 2198 format: int32 2199 type: integer 2200 consecutiveGatewayErrors: 2201 description: Number of gateway errors before a host 2202 is ejected from the connection pool. 2203 maximum: 4294967295 2204 minimum: 0 2205 nullable: true 2206 type: integer 2207 consecutiveLocalOriginFailures: 2208 description: The number of consecutive locally originated 2209 failures before ejection occurs. 2210 maximum: 4294967295 2211 minimum: 0 2212 nullable: true 2213 type: integer 2214 interval: 2215 description: Time interval between ejection sweep analysis. 2216 type: string 2217 maxEjectionPercent: 2218 description: Maximum % of hosts in the load balancing 2219 pool for the upstream service that can be ejected. 2220 format: int32 2221 type: integer 2222 minHealthPercent: 2223 description: Outlier detection will be enabled as long 2224 as the associated load balancing pool has at least 2225 min_health_percent hosts in healthy mode. 2226 format: int32 2227 type: integer 2228 splitExternalLocalOriginErrors: 2229 description: Determines whether to distinguish local 2230 origin failures from external errors. 2231 type: boolean 2232 type: object 2233 portLevelSettings: 2234 description: Traffic policies specific to individual ports. 2235 items: 2236 properties: 2237 connectionPool: 2238 properties: 2239 http: 2240 description: HTTP connection pool settings. 2241 properties: 2242 h2UpgradePolicy: 2243 description: |- 2244 Specify if http1.1 connection should be upgraded to http2 for the associated destination. 2245 2246 Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE 2247 enum: 2248 - DEFAULT 2249 - DO_NOT_UPGRADE 2250 - UPGRADE 2251 type: string 2252 http1MaxPendingRequests: 2253 description: Maximum number of requests that 2254 will be queued while waiting for a ready 2255 connection pool connection. 2256 format: int32 2257 type: integer 2258 http2MaxRequests: 2259 description: Maximum number of active requests 2260 to a destination. 2261 format: int32 2262 type: integer 2263 idleTimeout: 2264 description: The idle timeout for upstream 2265 connection pool connections. 2266 type: string 2267 maxConcurrentStreams: 2268 description: The maximum number of concurrent 2269 streams allowed for a peer on one HTTP/2 2270 connection. 2271 format: int32 2272 type: integer 2273 maxRequestsPerConnection: 2274 description: Maximum number of requests per 2275 connection to a backend. 2276 format: int32 2277 type: integer 2278 maxRetries: 2279 description: Maximum number of retries that 2280 can be outstanding to all hosts in a cluster 2281 at a given time. 2282 format: int32 2283 type: integer 2284 useClientProtocol: 2285 description: If set to true, client protocol 2286 will be preserved while initiating connection 2287 to backend. 2288 type: boolean 2289 type: object 2290 tcp: 2291 description: Settings common to both HTTP and 2292 TCP upstream connections. 2293 properties: 2294 connectTimeout: 2295 description: TCP connection timeout. 2296 type: string 2297 idleTimeout: 2298 description: The idle timeout for TCP connections. 2299 type: string 2300 maxConnectionDuration: 2301 description: The maximum duration of a connection. 2302 type: string 2303 maxConnections: 2304 description: Maximum number of HTTP1 /TCP 2305 connections to a destination host. 2306 format: int32 2307 type: integer 2308 tcpKeepalive: 2309 description: If set then set SO_KEEPALIVE 2310 on the socket to enable TCP Keepalives. 2311 properties: 2312 interval: 2313 description: The time duration between 2314 keep-alive probes. 2315 type: string 2316 probes: 2317 description: Maximum number of keepalive 2318 probes to send without response before 2319 deciding the connection is dead. 2320 maximum: 4294967295 2321 minimum: 0 2322 type: integer 2323 time: 2324 description: The time duration a connection 2325 needs to be idle before keep-alive probes 2326 start being sent. 2327 type: string 2328 type: object 2329 type: object 2330 type: object 2331 loadBalancer: 2332 description: Settings controlling the load balancer 2333 algorithms. 2334 oneOf: 2335 - not: 2336 anyOf: 2337 - required: 2338 - simple 2339 - required: 2340 - consistentHash 2341 - required: 2342 - simple 2343 - required: 2344 - consistentHash 2345 properties: 2346 consistentHash: 2347 allOf: 2348 - oneOf: 2349 - not: 2350 anyOf: 2351 - required: 2352 - httpHeaderName 2353 - required: 2354 - httpCookie 2355 - required: 2356 - useSourceIp 2357 - required: 2358 - httpQueryParameterName 2359 - required: 2360 - httpHeaderName 2361 - required: 2362 - httpCookie 2363 - required: 2364 - useSourceIp 2365 - required: 2366 - httpQueryParameterName 2367 - oneOf: 2368 - not: 2369 anyOf: 2370 - required: 2371 - ringHash 2372 - required: 2373 - maglev 2374 - required: 2375 - ringHash 2376 - required: 2377 - maglev 2378 properties: 2379 httpCookie: 2380 description: Hash based on HTTP cookie. 2381 properties: 2382 name: 2383 description: Name of the cookie. 2384 type: string 2385 path: 2386 description: Path to set for the cookie. 2387 type: string 2388 ttl: 2389 description: Lifetime of the cookie. 2390 type: string 2391 required: 2392 - name 2393 type: object 2394 httpHeaderName: 2395 description: Hash based on a specific HTTP 2396 header. 2397 type: string 2398 httpQueryParameterName: 2399 description: Hash based on a specific HTTP 2400 query parameter. 2401 type: string 2402 maglev: 2403 description: The Maglev load balancer implements 2404 consistent hashing to backend hosts. 2405 properties: 2406 tableSize: 2407 description: The table size for Maglev 2408 hashing. 2409 minimum: 0 2410 type: integer 2411 type: object 2412 minimumRingSize: 2413 description: Deprecated. 2414 minimum: 0 2415 type: integer 2416 ringHash: 2417 description: The ring/modulo hash load balancer 2418 implements consistent hashing to backend 2419 hosts. 2420 properties: 2421 minimumRingSize: 2422 description: The minimum number of virtual 2423 nodes to use for the hash ring. 2424 minimum: 0 2425 type: integer 2426 type: object 2427 useSourceIp: 2428 description: Hash based on the source IP address. 2429 type: boolean 2430 type: object 2431 localityLbSetting: 2432 properties: 2433 distribute: 2434 description: 'Optional: only one of distribute, 2435 failover or failoverPriority can be set.' 2436 items: 2437 properties: 2438 from: 2439 description: Originating locality, '/' 2440 separated, e.g. 2441 type: string 2442 to: 2443 additionalProperties: 2444 maximum: 4294967295 2445 minimum: 0 2446 type: integer 2447 description: Map of upstream localities 2448 to traffic distribution weights. 2449 type: object 2450 type: object 2451 type: array 2452 enabled: 2453 description: enable locality load balancing, 2454 this is DestinationRule-level and will override 2455 mesh wide settings in entirety. 2456 nullable: true 2457 type: boolean 2458 failover: 2459 description: 'Optional: only one of distribute, 2460 failover or failoverPriority can be set.' 2461 items: 2462 properties: 2463 from: 2464 description: Originating region. 2465 type: string 2466 to: 2467 description: Destination region the 2468 traffic will fail over to when endpoints 2469 in the 'from' region becomes unhealthy. 2470 type: string 2471 type: object 2472 type: array 2473 failoverPriority: 2474 description: failoverPriority is an ordered 2475 list of labels used to sort endpoints to 2476 do priority based load balancing. 2477 items: 2478 type: string 2479 type: array 2480 type: object 2481 simple: 2482 description: |2- 2483 2484 2485 Valid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST 2486 enum: 2487 - UNSPECIFIED 2488 - LEAST_CONN 2489 - RANDOM 2490 - PASSTHROUGH 2491 - ROUND_ROBIN 2492 - LEAST_REQUEST 2493 type: string 2494 warmupDurationSecs: 2495 description: Represents the warmup duration of 2496 Service. 2497 type: string 2498 type: object 2499 outlierDetection: 2500 properties: 2501 baseEjectionTime: 2502 description: Minimum ejection duration. 2503 type: string 2504 consecutive5xxErrors: 2505 description: Number of 5xx errors before a host 2506 is ejected from the connection pool. 2507 maximum: 4294967295 2508 minimum: 0 2509 nullable: true 2510 type: integer 2511 consecutiveErrors: 2512 format: int32 2513 type: integer 2514 consecutiveGatewayErrors: 2515 description: Number of gateway errors before a 2516 host is ejected from the connection pool. 2517 maximum: 4294967295 2518 minimum: 0 2519 nullable: true 2520 type: integer 2521 consecutiveLocalOriginFailures: 2522 description: The number of consecutive locally 2523 originated failures before ejection occurs. 2524 maximum: 4294967295 2525 minimum: 0 2526 nullable: true 2527 type: integer 2528 interval: 2529 description: Time interval between ejection sweep 2530 analysis. 2531 type: string 2532 maxEjectionPercent: 2533 description: Maximum % of hosts in the load balancing 2534 pool for the upstream service that can be ejected. 2535 format: int32 2536 type: integer 2537 minHealthPercent: 2538 description: Outlier detection will be enabled 2539 as long as the associated load balancing pool 2540 has at least min_health_percent hosts in healthy 2541 mode. 2542 format: int32 2543 type: integer 2544 splitExternalLocalOriginErrors: 2545 description: Determines whether to distinguish 2546 local origin failures from external errors. 2547 type: boolean 2548 type: object 2549 port: 2550 description: Specifies the number of a port on the 2551 destination service on which this policy is being 2552 applied. 2553 properties: 2554 number: 2555 maximum: 4294967295 2556 minimum: 0 2557 type: integer 2558 type: object 2559 tls: 2560 description: TLS related settings for connections 2561 to the upstream service. 2562 properties: 2563 caCertificates: 2564 description: 'OPTIONAL: The path to the file containing 2565 certificate authority certificates to use in 2566 verifying a presented server certificate.' 2567 type: string 2568 caCrl: 2569 description: 'OPTIONAL: The path to the file containing 2570 the certificate revocation list (CRL) to use 2571 in verifying a presented server certificate.' 2572 type: string 2573 clientCertificate: 2574 description: REQUIRED if mode is `MUTUAL`. 2575 type: string 2576 credentialName: 2577 description: The name of the secret that holds 2578 the TLS certs for the client including the CA 2579 certificates. 2580 type: string 2581 insecureSkipVerify: 2582 description: '`insecureSkipVerify` specifies whether 2583 the proxy should skip verifying the CA signature 2584 and SAN for the server certificate corresponding 2585 to the host.' 2586 nullable: true 2587 type: boolean 2588 mode: 2589 description: |- 2590 Indicates whether connections to this port should be secured using TLS. 2591 2592 Valid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL 2593 enum: 2594 - DISABLE 2595 - SIMPLE 2596 - MUTUAL 2597 - ISTIO_MUTUAL 2598 type: string 2599 privateKey: 2600 description: REQUIRED if mode is `MUTUAL`. 2601 type: string 2602 sni: 2603 description: SNI string to present to the server 2604 during TLS handshake. 2605 type: string 2606 subjectAltNames: 2607 description: A list of alternate names to verify 2608 the subject identity in the certificate. 2609 items: 2610 type: string 2611 type: array 2612 type: object 2613 type: object 2614 type: array 2615 proxyProtocol: 2616 description: The upstream PROXY protocol settings. 2617 properties: 2618 version: 2619 description: |- 2620 The PROXY protocol version to use. 2621 2622 Valid Options: V1, V2 2623 enum: 2624 - V1 2625 - V2 2626 type: string 2627 type: object 2628 tls: 2629 description: TLS related settings for connections to the 2630 upstream service. 2631 properties: 2632 caCertificates: 2633 description: 'OPTIONAL: The path to the file containing 2634 certificate authority certificates to use in verifying 2635 a presented server certificate.' 2636 type: string 2637 caCrl: 2638 description: 'OPTIONAL: The path to the file containing 2639 the certificate revocation list (CRL) to use in verifying 2640 a presented server certificate.' 2641 type: string 2642 clientCertificate: 2643 description: REQUIRED if mode is `MUTUAL`. 2644 type: string 2645 credentialName: 2646 description: The name of the secret that holds the TLS 2647 certs for the client including the CA certificates. 2648 type: string 2649 insecureSkipVerify: 2650 description: '`insecureSkipVerify` specifies whether 2651 the proxy should skip verifying the CA signature and 2652 SAN for the server certificate corresponding to the 2653 host.' 2654 nullable: true 2655 type: boolean 2656 mode: 2657 description: |- 2658 Indicates whether connections to this port should be secured using TLS. 2659 2660 Valid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL 2661 enum: 2662 - DISABLE 2663 - SIMPLE 2664 - MUTUAL 2665 - ISTIO_MUTUAL 2666 type: string 2667 privateKey: 2668 description: REQUIRED if mode is `MUTUAL`. 2669 type: string 2670 sni: 2671 description: SNI string to present to the server during 2672 TLS handshake. 2673 type: string 2674 subjectAltNames: 2675 description: A list of alternate names to verify the 2676 subject identity in the certificate. 2677 items: 2678 type: string 2679 type: array 2680 type: object 2681 tunnel: 2682 description: Configuration of tunneling TCP over other transport 2683 or application layers for the host configured in the DestinationRule. 2684 properties: 2685 protocol: 2686 description: Specifies which protocol to use for tunneling 2687 the downstream connection. 2688 type: string 2689 targetHost: 2690 description: Specifies a host to which the downstream 2691 connection is tunneled. 2692 type: string 2693 targetPort: 2694 description: Specifies a port to which the downstream 2695 connection is tunneled. 2696 maximum: 4294967295 2697 minimum: 0 2698 type: integer 2699 required: 2700 - targetHost 2701 - targetPort 2702 type: object 2703 type: object 2704 required: 2705 - name 2706 type: object 2707 type: array 2708 trafficPolicy: 2709 description: Traffic policies to apply (load balancing policy, connection 2710 pool sizes, outlier detection). 2711 properties: 2712 connectionPool: 2713 properties: 2714 http: 2715 description: HTTP connection pool settings. 2716 properties: 2717 h2UpgradePolicy: 2718 description: |- 2719 Specify if http1.1 connection should be upgraded to http2 for the associated destination. 2720 2721 Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE 2722 enum: 2723 - DEFAULT 2724 - DO_NOT_UPGRADE 2725 - UPGRADE 2726 type: string 2727 http1MaxPendingRequests: 2728 description: Maximum number of requests that will be queued 2729 while waiting for a ready connection pool connection. 2730 format: int32 2731 type: integer 2732 http2MaxRequests: 2733 description: Maximum number of active requests to a destination. 2734 format: int32 2735 type: integer 2736 idleTimeout: 2737 description: The idle timeout for upstream connection 2738 pool connections. 2739 type: string 2740 maxConcurrentStreams: 2741 description: The maximum number of concurrent streams 2742 allowed for a peer on one HTTP/2 connection. 2743 format: int32 2744 type: integer 2745 maxRequestsPerConnection: 2746 description: Maximum number of requests per connection 2747 to a backend. 2748 format: int32 2749 type: integer 2750 maxRetries: 2751 description: Maximum number of retries that can be outstanding 2752 to all hosts in a cluster at a given time. 2753 format: int32 2754 type: integer 2755 useClientProtocol: 2756 description: If set to true, client protocol will be preserved 2757 while initiating connection to backend. 2758 type: boolean 2759 type: object 2760 tcp: 2761 description: Settings common to both HTTP and TCP upstream 2762 connections. 2763 properties: 2764 connectTimeout: 2765 description: TCP connection timeout. 2766 type: string 2767 idleTimeout: 2768 description: The idle timeout for TCP connections. 2769 type: string 2770 maxConnectionDuration: 2771 description: The maximum duration of a connection. 2772 type: string 2773 maxConnections: 2774 description: Maximum number of HTTP1 /TCP connections 2775 to a destination host. 2776 format: int32 2777 type: integer 2778 tcpKeepalive: 2779 description: If set then set SO_KEEPALIVE on the socket 2780 to enable TCP Keepalives. 2781 properties: 2782 interval: 2783 description: The time duration between keep-alive 2784 probes. 2785 type: string 2786 probes: 2787 description: Maximum number of keepalive probes to 2788 send without response before deciding the connection 2789 is dead. 2790 maximum: 4294967295 2791 minimum: 0 2792 type: integer 2793 time: 2794 description: The time duration a connection needs 2795 to be idle before keep-alive probes start being 2796 sent. 2797 type: string 2798 type: object 2799 type: object 2800 type: object 2801 loadBalancer: 2802 description: Settings controlling the load balancer algorithms. 2803 oneOf: 2804 - not: 2805 anyOf: 2806 - required: 2807 - simple 2808 - required: 2809 - consistentHash 2810 - required: 2811 - simple 2812 - required: 2813 - consistentHash 2814 properties: 2815 consistentHash: 2816 allOf: 2817 - oneOf: 2818 - not: 2819 anyOf: 2820 - required: 2821 - httpHeaderName 2822 - required: 2823 - httpCookie 2824 - required: 2825 - useSourceIp 2826 - required: 2827 - httpQueryParameterName 2828 - required: 2829 - httpHeaderName 2830 - required: 2831 - httpCookie 2832 - required: 2833 - useSourceIp 2834 - required: 2835 - httpQueryParameterName 2836 - oneOf: 2837 - not: 2838 anyOf: 2839 - required: 2840 - ringHash 2841 - required: 2842 - maglev 2843 - required: 2844 - ringHash 2845 - required: 2846 - maglev 2847 properties: 2848 httpCookie: 2849 description: Hash based on HTTP cookie. 2850 properties: 2851 name: 2852 description: Name of the cookie. 2853 type: string 2854 path: 2855 description: Path to set for the cookie. 2856 type: string 2857 ttl: 2858 description: Lifetime of the cookie. 2859 type: string 2860 required: 2861 - name 2862 type: object 2863 httpHeaderName: 2864 description: Hash based on a specific HTTP header. 2865 type: string 2866 httpQueryParameterName: 2867 description: Hash based on a specific HTTP query parameter. 2868 type: string 2869 maglev: 2870 description: The Maglev load balancer implements consistent 2871 hashing to backend hosts. 2872 properties: 2873 tableSize: 2874 description: The table size for Maglev hashing. 2875 minimum: 0 2876 type: integer 2877 type: object 2878 minimumRingSize: 2879 description: Deprecated. 2880 minimum: 0 2881 type: integer 2882 ringHash: 2883 description: The ring/modulo hash load balancer implements 2884 consistent hashing to backend hosts. 2885 properties: 2886 minimumRingSize: 2887 description: The minimum number of virtual nodes to 2888 use for the hash ring. 2889 minimum: 0 2890 type: integer 2891 type: object 2892 useSourceIp: 2893 description: Hash based on the source IP address. 2894 type: boolean 2895 type: object 2896 localityLbSetting: 2897 properties: 2898 distribute: 2899 description: 'Optional: only one of distribute, failover 2900 or failoverPriority can be set.' 2901 items: 2902 properties: 2903 from: 2904 description: Originating locality, '/' separated, 2905 e.g. 2906 type: string 2907 to: 2908 additionalProperties: 2909 maximum: 4294967295 2910 minimum: 0 2911 type: integer 2912 description: Map of upstream localities to traffic 2913 distribution weights. 2914 type: object 2915 type: object 2916 type: array 2917 enabled: 2918 description: enable locality load balancing, this is DestinationRule-level 2919 and will override mesh wide settings in entirety. 2920 nullable: true 2921 type: boolean 2922 failover: 2923 description: 'Optional: only one of distribute, failover 2924 or failoverPriority can be set.' 2925 items: 2926 properties: 2927 from: 2928 description: Originating region. 2929 type: string 2930 to: 2931 description: Destination region the traffic will 2932 fail over to when endpoints in the 'from' region 2933 becomes unhealthy. 2934 type: string 2935 type: object 2936 type: array 2937 failoverPriority: 2938 description: failoverPriority is an ordered list of labels 2939 used to sort endpoints to do priority based load balancing. 2940 items: 2941 type: string 2942 type: array 2943 type: object 2944 simple: 2945 description: |2- 2946 2947 2948 Valid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST 2949 enum: 2950 - UNSPECIFIED 2951 - LEAST_CONN 2952 - RANDOM 2953 - PASSTHROUGH 2954 - ROUND_ROBIN 2955 - LEAST_REQUEST 2956 type: string 2957 warmupDurationSecs: 2958 description: Represents the warmup duration of Service. 2959 type: string 2960 type: object 2961 outlierDetection: 2962 properties: 2963 baseEjectionTime: 2964 description: Minimum ejection duration. 2965 type: string 2966 consecutive5xxErrors: 2967 description: Number of 5xx errors before a host is ejected 2968 from the connection pool. 2969 maximum: 4294967295 2970 minimum: 0 2971 nullable: true 2972 type: integer 2973 consecutiveErrors: 2974 format: int32 2975 type: integer 2976 consecutiveGatewayErrors: 2977 description: Number of gateway errors before a host is ejected 2978 from the connection pool. 2979 maximum: 4294967295 2980 minimum: 0 2981 nullable: true 2982 type: integer 2983 consecutiveLocalOriginFailures: 2984 description: The number of consecutive locally originated 2985 failures before ejection occurs. 2986 maximum: 4294967295 2987 minimum: 0 2988 nullable: true 2989 type: integer 2990 interval: 2991 description: Time interval between ejection sweep analysis. 2992 type: string 2993 maxEjectionPercent: 2994 description: Maximum % of hosts in the load balancing pool 2995 for the upstream service that can be ejected. 2996 format: int32 2997 type: integer 2998 minHealthPercent: 2999 description: Outlier detection will be enabled as long as 3000 the associated load balancing pool has at least min_health_percent 3001 hosts in healthy mode. 3002 format: int32 3003 type: integer 3004 splitExternalLocalOriginErrors: 3005 description: Determines whether to distinguish local origin 3006 failures from external errors. 3007 type: boolean 3008 type: object 3009 portLevelSettings: 3010 description: Traffic policies specific to individual ports. 3011 items: 3012 properties: 3013 connectionPool: 3014 properties: 3015 http: 3016 description: HTTP connection pool settings. 3017 properties: 3018 h2UpgradePolicy: 3019 description: |- 3020 Specify if http1.1 connection should be upgraded to http2 for the associated destination. 3021 3022 Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE 3023 enum: 3024 - DEFAULT 3025 - DO_NOT_UPGRADE 3026 - UPGRADE 3027 type: string 3028 http1MaxPendingRequests: 3029 description: Maximum number of requests that will 3030 be queued while waiting for a ready connection 3031 pool connection. 3032 format: int32 3033 type: integer 3034 http2MaxRequests: 3035 description: Maximum number of active requests to 3036 a destination. 3037 format: int32 3038 type: integer 3039 idleTimeout: 3040 description: The idle timeout for upstream connection 3041 pool connections. 3042 type: string 3043 maxConcurrentStreams: 3044 description: The maximum number of concurrent streams 3045 allowed for a peer on one HTTP/2 connection. 3046 format: int32 3047 type: integer 3048 maxRequestsPerConnection: 3049 description: Maximum number of requests per connection 3050 to a backend. 3051 format: int32 3052 type: integer 3053 maxRetries: 3054 description: Maximum number of retries that can 3055 be outstanding to all hosts in a cluster at a 3056 given time. 3057 format: int32 3058 type: integer 3059 useClientProtocol: 3060 description: If set to true, client protocol will 3061 be preserved while initiating connection to backend. 3062 type: boolean 3063 type: object 3064 tcp: 3065 description: Settings common to both HTTP and TCP upstream 3066 connections. 3067 properties: 3068 connectTimeout: 3069 description: TCP connection timeout. 3070 type: string 3071 idleTimeout: 3072 description: The idle timeout for TCP connections. 3073 type: string 3074 maxConnectionDuration: 3075 description: The maximum duration of a connection. 3076 type: string 3077 maxConnections: 3078 description: Maximum number of HTTP1 /TCP connections 3079 to a destination host. 3080 format: int32 3081 type: integer 3082 tcpKeepalive: 3083 description: If set then set SO_KEEPALIVE on the 3084 socket to enable TCP Keepalives. 3085 properties: 3086 interval: 3087 description: The time duration between keep-alive 3088 probes. 3089 type: string 3090 probes: 3091 description: Maximum number of keepalive probes 3092 to send without response before deciding the 3093 connection is dead. 3094 maximum: 4294967295 3095 minimum: 0 3096 type: integer 3097 time: 3098 description: The time duration a connection 3099 needs to be idle before keep-alive probes 3100 start being sent. 3101 type: string 3102 type: object 3103 type: object 3104 type: object 3105 loadBalancer: 3106 description: Settings controlling the load balancer algorithms. 3107 oneOf: 3108 - not: 3109 anyOf: 3110 - required: 3111 - simple 3112 - required: 3113 - consistentHash 3114 - required: 3115 - simple 3116 - required: 3117 - consistentHash 3118 properties: 3119 consistentHash: 3120 allOf: 3121 - oneOf: 3122 - not: 3123 anyOf: 3124 - required: 3125 - httpHeaderName 3126 - required: 3127 - httpCookie 3128 - required: 3129 - useSourceIp 3130 - required: 3131 - httpQueryParameterName 3132 - required: 3133 - httpHeaderName 3134 - required: 3135 - httpCookie 3136 - required: 3137 - useSourceIp 3138 - required: 3139 - httpQueryParameterName 3140 - oneOf: 3141 - not: 3142 anyOf: 3143 - required: 3144 - ringHash 3145 - required: 3146 - maglev 3147 - required: 3148 - ringHash 3149 - required: 3150 - maglev 3151 properties: 3152 httpCookie: 3153 description: Hash based on HTTP cookie. 3154 properties: 3155 name: 3156 description: Name of the cookie. 3157 type: string 3158 path: 3159 description: Path to set for the cookie. 3160 type: string 3161 ttl: 3162 description: Lifetime of the cookie. 3163 type: string 3164 required: 3165 - name 3166 type: object 3167 httpHeaderName: 3168 description: Hash based on a specific HTTP header. 3169 type: string 3170 httpQueryParameterName: 3171 description: Hash based on a specific HTTP query 3172 parameter. 3173 type: string 3174 maglev: 3175 description: The Maglev load balancer implements 3176 consistent hashing to backend hosts. 3177 properties: 3178 tableSize: 3179 description: The table size for Maglev hashing. 3180 minimum: 0 3181 type: integer 3182 type: object 3183 minimumRingSize: 3184 description: Deprecated. 3185 minimum: 0 3186 type: integer 3187 ringHash: 3188 description: The ring/modulo hash load balancer 3189 implements consistent hashing to backend hosts. 3190 properties: 3191 minimumRingSize: 3192 description: The minimum number of virtual nodes 3193 to use for the hash ring. 3194 minimum: 0 3195 type: integer 3196 type: object 3197 useSourceIp: 3198 description: Hash based on the source IP address. 3199 type: boolean 3200 type: object 3201 localityLbSetting: 3202 properties: 3203 distribute: 3204 description: 'Optional: only one of distribute, 3205 failover or failoverPriority can be set.' 3206 items: 3207 properties: 3208 from: 3209 description: Originating locality, '/' separated, 3210 e.g. 3211 type: string 3212 to: 3213 additionalProperties: 3214 maximum: 4294967295 3215 minimum: 0 3216 type: integer 3217 description: Map of upstream localities to 3218 traffic distribution weights. 3219 type: object 3220 type: object 3221 type: array 3222 enabled: 3223 description: enable locality load balancing, this 3224 is DestinationRule-level and will override mesh 3225 wide settings in entirety. 3226 nullable: true 3227 type: boolean 3228 failover: 3229 description: 'Optional: only one of distribute, 3230 failover or failoverPriority can be set.' 3231 items: 3232 properties: 3233 from: 3234 description: Originating region. 3235 type: string 3236 to: 3237 description: Destination region the traffic 3238 will fail over to when endpoints in the 3239 'from' region becomes unhealthy. 3240 type: string 3241 type: object 3242 type: array 3243 failoverPriority: 3244 description: failoverPriority is an ordered list 3245 of labels used to sort endpoints to do priority 3246 based load balancing. 3247 items: 3248 type: string 3249 type: array 3250 type: object 3251 simple: 3252 description: |2- 3253 3254 3255 Valid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST 3256 enum: 3257 - UNSPECIFIED 3258 - LEAST_CONN 3259 - RANDOM 3260 - PASSTHROUGH 3261 - ROUND_ROBIN 3262 - LEAST_REQUEST 3263 type: string 3264 warmupDurationSecs: 3265 description: Represents the warmup duration of Service. 3266 type: string 3267 type: object 3268 outlierDetection: 3269 properties: 3270 baseEjectionTime: 3271 description: Minimum ejection duration. 3272 type: string 3273 consecutive5xxErrors: 3274 description: Number of 5xx errors before a host is ejected 3275 from the connection pool. 3276 maximum: 4294967295 3277 minimum: 0 3278 nullable: true 3279 type: integer 3280 consecutiveErrors: 3281 format: int32 3282 type: integer 3283 consecutiveGatewayErrors: 3284 description: Number of gateway errors before a host 3285 is ejected from the connection pool. 3286 maximum: 4294967295 3287 minimum: 0 3288 nullable: true 3289 type: integer 3290 consecutiveLocalOriginFailures: 3291 description: The number of consecutive locally originated 3292 failures before ejection occurs. 3293 maximum: 4294967295 3294 minimum: 0 3295 nullable: true 3296 type: integer 3297 interval: 3298 description: Time interval between ejection sweep analysis. 3299 type: string 3300 maxEjectionPercent: 3301 description: Maximum % of hosts in the load balancing 3302 pool for the upstream service that can be ejected. 3303 format: int32 3304 type: integer 3305 minHealthPercent: 3306 description: Outlier detection will be enabled as long 3307 as the associated load balancing pool has at least 3308 min_health_percent hosts in healthy mode. 3309 format: int32 3310 type: integer 3311 splitExternalLocalOriginErrors: 3312 description: Determines whether to distinguish local 3313 origin failures from external errors. 3314 type: boolean 3315 type: object 3316 port: 3317 description: Specifies the number of a port on the destination 3318 service on which this policy is being applied. 3319 properties: 3320 number: 3321 maximum: 4294967295 3322 minimum: 0 3323 type: integer 3324 type: object 3325 tls: 3326 description: TLS related settings for connections to the 3327 upstream service. 3328 properties: 3329 caCertificates: 3330 description: 'OPTIONAL: The path to the file containing 3331 certificate authority certificates to use in verifying 3332 a presented server certificate.' 3333 type: string 3334 caCrl: 3335 description: 'OPTIONAL: The path to the file containing 3336 the certificate revocation list (CRL) to use in verifying 3337 a presented server certificate.' 3338 type: string 3339 clientCertificate: 3340 description: REQUIRED if mode is `MUTUAL`. 3341 type: string 3342 credentialName: 3343 description: The name of the secret that holds the TLS 3344 certs for the client including the CA certificates. 3345 type: string 3346 insecureSkipVerify: 3347 description: '`insecureSkipVerify` specifies whether 3348 the proxy should skip verifying the CA signature and 3349 SAN for the server certificate corresponding to the 3350 host.' 3351 nullable: true 3352 type: boolean 3353 mode: 3354 description: |- 3355 Indicates whether connections to this port should be secured using TLS. 3356 3357 Valid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL 3358 enum: 3359 - DISABLE 3360 - SIMPLE 3361 - MUTUAL 3362 - ISTIO_MUTUAL 3363 type: string 3364 privateKey: 3365 description: REQUIRED if mode is `MUTUAL`. 3366 type: string 3367 sni: 3368 description: SNI string to present to the server during 3369 TLS handshake. 3370 type: string 3371 subjectAltNames: 3372 description: A list of alternate names to verify the 3373 subject identity in the certificate. 3374 items: 3375 type: string 3376 type: array 3377 type: object 3378 type: object 3379 type: array 3380 proxyProtocol: 3381 description: The upstream PROXY protocol settings. 3382 properties: 3383 version: 3384 description: |- 3385 The PROXY protocol version to use. 3386 3387 Valid Options: V1, V2 3388 enum: 3389 - V1 3390 - V2 3391 type: string 3392 type: object 3393 tls: 3394 description: TLS related settings for connections to the upstream 3395 service. 3396 properties: 3397 caCertificates: 3398 description: 'OPTIONAL: The path to the file containing certificate 3399 authority certificates to use in verifying a presented server 3400 certificate.' 3401 type: string 3402 caCrl: 3403 description: 'OPTIONAL: The path to the file containing the 3404 certificate revocation list (CRL) to use in verifying a 3405 presented server certificate.' 3406 type: string 3407 clientCertificate: 3408 description: REQUIRED if mode is `MUTUAL`. 3409 type: string 3410 credentialName: 3411 description: The name of the secret that holds the TLS certs 3412 for the client including the CA certificates. 3413 type: string 3414 insecureSkipVerify: 3415 description: '`insecureSkipVerify` specifies whether the proxy 3416 should skip verifying the CA signature and SAN for the server 3417 certificate corresponding to the host.' 3418 nullable: true 3419 type: boolean 3420 mode: 3421 description: |- 3422 Indicates whether connections to this port should be secured using TLS. 3423 3424 Valid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL 3425 enum: 3426 - DISABLE 3427 - SIMPLE 3428 - MUTUAL 3429 - ISTIO_MUTUAL 3430 type: string 3431 privateKey: 3432 description: REQUIRED if mode is `MUTUAL`. 3433 type: string 3434 sni: 3435 description: SNI string to present to the server during TLS 3436 handshake. 3437 type: string 3438 subjectAltNames: 3439 description: A list of alternate names to verify the subject 3440 identity in the certificate. 3441 items: 3442 type: string 3443 type: array 3444 type: object 3445 tunnel: 3446 description: Configuration of tunneling TCP over other transport 3447 or application layers for the host configured in the DestinationRule. 3448 properties: 3449 protocol: 3450 description: Specifies which protocol to use for tunneling 3451 the downstream connection. 3452 type: string 3453 targetHost: 3454 description: Specifies a host to which the downstream connection 3455 is tunneled. 3456 type: string 3457 targetPort: 3458 description: Specifies a port to which the downstream connection 3459 is tunneled. 3460 maximum: 4294967295 3461 minimum: 0 3462 type: integer 3463 required: 3464 - targetHost 3465 - targetPort 3466 type: object 3467 type: object 3468 workloadSelector: 3469 description: Criteria used to select the specific set of pods/VMs 3470 on which this `DestinationRule` configuration should be applied. 3471 properties: 3472 matchLabels: 3473 additionalProperties: 3474 type: string 3475 description: One or more labels that indicate a specific set of 3476 pods/VMs on which a policy should be applied. 3477 type: object 3478 type: object 3479 required: 3480 - host 3481 type: object 3482 status: 3483 type: object 3484 x-kubernetes-preserve-unknown-fields: true 3485 type: object 3486 served: true 3487 storage: false 3488 subresources: 3489 status: {} 3490 - additionalPrinterColumns: 3491 - description: The name of a service from the service registry 3492 jsonPath: .spec.host 3493 name: Host 3494 type: string 3495 - description: 'CreationTimestamp is a timestamp representing the server time 3496 when this object was created. It is not guaranteed to be set in happens-before 3497 order across separate operations. Clients may not set this value. It is represented 3498 in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for 3499 lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' 3500 jsonPath: .metadata.creationTimestamp 3501 name: Age 3502 type: date 3503 name: v1beta1 3504 schema: 3505 openAPIV3Schema: 3506 properties: 3507 spec: 3508 description: 'Configuration affecting load balancing, outlier detection, 3509 etc. See more details at: https://istio.io/docs/reference/config/networking/destination-rule.html' 3510 properties: 3511 exportTo: 3512 description: A list of namespaces to which this destination rule is 3513 exported. 3514 items: 3515 type: string 3516 type: array 3517 host: 3518 description: The name of a service from the service registry. 3519 type: string 3520 subsets: 3521 description: One or more named sets that represent individual versions 3522 of a service. 3523 items: 3524 properties: 3525 labels: 3526 additionalProperties: 3527 type: string 3528 description: Labels apply a filter over the endpoints of a service 3529 in the service registry. 3530 type: object 3531 name: 3532 description: Name of the subset. 3533 type: string 3534 trafficPolicy: 3535 description: Traffic policies that apply to this subset. 3536 properties: 3537 connectionPool: 3538 properties: 3539 http: 3540 description: HTTP connection pool settings. 3541 properties: 3542 h2UpgradePolicy: 3543 description: |- 3544 Specify if http1.1 connection should be upgraded to http2 for the associated destination. 3545 3546 Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE 3547 enum: 3548 - DEFAULT 3549 - DO_NOT_UPGRADE 3550 - UPGRADE 3551 type: string 3552 http1MaxPendingRequests: 3553 description: Maximum number of requests that will 3554 be queued while waiting for a ready connection 3555 pool connection. 3556 format: int32 3557 type: integer 3558 http2MaxRequests: 3559 description: Maximum number of active requests to 3560 a destination. 3561 format: int32 3562 type: integer 3563 idleTimeout: 3564 description: The idle timeout for upstream connection 3565 pool connections. 3566 type: string 3567 maxConcurrentStreams: 3568 description: The maximum number of concurrent streams 3569 allowed for a peer on one HTTP/2 connection. 3570 format: int32 3571 type: integer 3572 maxRequestsPerConnection: 3573 description: Maximum number of requests per connection 3574 to a backend. 3575 format: int32 3576 type: integer 3577 maxRetries: 3578 description: Maximum number of retries that can 3579 be outstanding to all hosts in a cluster at a 3580 given time. 3581 format: int32 3582 type: integer 3583 useClientProtocol: 3584 description: If set to true, client protocol will 3585 be preserved while initiating connection to backend. 3586 type: boolean 3587 type: object 3588 tcp: 3589 description: Settings common to both HTTP and TCP upstream 3590 connections. 3591 properties: 3592 connectTimeout: 3593 description: TCP connection timeout. 3594 type: string 3595 idleTimeout: 3596 description: The idle timeout for TCP connections. 3597 type: string 3598 maxConnectionDuration: 3599 description: The maximum duration of a connection. 3600 type: string 3601 maxConnections: 3602 description: Maximum number of HTTP1 /TCP connections 3603 to a destination host. 3604 format: int32 3605 type: integer 3606 tcpKeepalive: 3607 description: If set then set SO_KEEPALIVE on the 3608 socket to enable TCP Keepalives. 3609 properties: 3610 interval: 3611 description: The time duration between keep-alive 3612 probes. 3613 type: string 3614 probes: 3615 description: Maximum number of keepalive probes 3616 to send without response before deciding the 3617 connection is dead. 3618 maximum: 4294967295 3619 minimum: 0 3620 type: integer 3621 time: 3622 description: The time duration a connection 3623 needs to be idle before keep-alive probes 3624 start being sent. 3625 type: string 3626 type: object 3627 type: object 3628 type: object 3629 loadBalancer: 3630 description: Settings controlling the load balancer algorithms. 3631 oneOf: 3632 - not: 3633 anyOf: 3634 - required: 3635 - simple 3636 - required: 3637 - consistentHash 3638 - required: 3639 - simple 3640 - required: 3641 - consistentHash 3642 properties: 3643 consistentHash: 3644 allOf: 3645 - oneOf: 3646 - not: 3647 anyOf: 3648 - required: 3649 - httpHeaderName 3650 - required: 3651 - httpCookie 3652 - required: 3653 - useSourceIp 3654 - required: 3655 - httpQueryParameterName 3656 - required: 3657 - httpHeaderName 3658 - required: 3659 - httpCookie 3660 - required: 3661 - useSourceIp 3662 - required: 3663 - httpQueryParameterName 3664 - oneOf: 3665 - not: 3666 anyOf: 3667 - required: 3668 - ringHash 3669 - required: 3670 - maglev 3671 - required: 3672 - ringHash 3673 - required: 3674 - maglev 3675 properties: 3676 httpCookie: 3677 description: Hash based on HTTP cookie. 3678 properties: 3679 name: 3680 description: Name of the cookie. 3681 type: string 3682 path: 3683 description: Path to set for the cookie. 3684 type: string 3685 ttl: 3686 description: Lifetime of the cookie. 3687 type: string 3688 required: 3689 - name 3690 type: object 3691 httpHeaderName: 3692 description: Hash based on a specific HTTP header. 3693 type: string 3694 httpQueryParameterName: 3695 description: Hash based on a specific HTTP query 3696 parameter. 3697 type: string 3698 maglev: 3699 description: The Maglev load balancer implements 3700 consistent hashing to backend hosts. 3701 properties: 3702 tableSize: 3703 description: The table size for Maglev hashing. 3704 minimum: 0 3705 type: integer 3706 type: object 3707 minimumRingSize: 3708 description: Deprecated. 3709 minimum: 0 3710 type: integer 3711 ringHash: 3712 description: The ring/modulo hash load balancer 3713 implements consistent hashing to backend hosts. 3714 properties: 3715 minimumRingSize: 3716 description: The minimum number of virtual nodes 3717 to use for the hash ring. 3718 minimum: 0 3719 type: integer 3720 type: object 3721 useSourceIp: 3722 description: Hash based on the source IP address. 3723 type: boolean 3724 type: object 3725 localityLbSetting: 3726 properties: 3727 distribute: 3728 description: 'Optional: only one of distribute, 3729 failover or failoverPriority can be set.' 3730 items: 3731 properties: 3732 from: 3733 description: Originating locality, '/' separated, 3734 e.g. 3735 type: string 3736 to: 3737 additionalProperties: 3738 maximum: 4294967295 3739 minimum: 0 3740 type: integer 3741 description: Map of upstream localities to 3742 traffic distribution weights. 3743 type: object 3744 type: object 3745 type: array 3746 enabled: 3747 description: enable locality load balancing, this 3748 is DestinationRule-level and will override mesh 3749 wide settings in entirety. 3750 nullable: true 3751 type: boolean 3752 failover: 3753 description: 'Optional: only one of distribute, 3754 failover or failoverPriority can be set.' 3755 items: 3756 properties: 3757 from: 3758 description: Originating region. 3759 type: string 3760 to: 3761 description: Destination region the traffic 3762 will fail over to when endpoints in the 3763 'from' region becomes unhealthy. 3764 type: string 3765 type: object 3766 type: array 3767 failoverPriority: 3768 description: failoverPriority is an ordered list 3769 of labels used to sort endpoints to do priority 3770 based load balancing. 3771 items: 3772 type: string 3773 type: array 3774 type: object 3775 simple: 3776 description: |2- 3777 3778 3779 Valid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST 3780 enum: 3781 - UNSPECIFIED 3782 - LEAST_CONN 3783 - RANDOM 3784 - PASSTHROUGH 3785 - ROUND_ROBIN 3786 - LEAST_REQUEST 3787 type: string 3788 warmupDurationSecs: 3789 description: Represents the warmup duration of Service. 3790 type: string 3791 type: object 3792 outlierDetection: 3793 properties: 3794 baseEjectionTime: 3795 description: Minimum ejection duration. 3796 type: string 3797 consecutive5xxErrors: 3798 description: Number of 5xx errors before a host is ejected 3799 from the connection pool. 3800 maximum: 4294967295 3801 minimum: 0 3802 nullable: true 3803 type: integer 3804 consecutiveErrors: 3805 format: int32 3806 type: integer 3807 consecutiveGatewayErrors: 3808 description: Number of gateway errors before a host 3809 is ejected from the connection pool. 3810 maximum: 4294967295 3811 minimum: 0 3812 nullable: true 3813 type: integer 3814 consecutiveLocalOriginFailures: 3815 description: The number of consecutive locally originated 3816 failures before ejection occurs. 3817 maximum: 4294967295 3818 minimum: 0 3819 nullable: true 3820 type: integer 3821 interval: 3822 description: Time interval between ejection sweep analysis. 3823 type: string 3824 maxEjectionPercent: 3825 description: Maximum % of hosts in the load balancing 3826 pool for the upstream service that can be ejected. 3827 format: int32 3828 type: integer 3829 minHealthPercent: 3830 description: Outlier detection will be enabled as long 3831 as the associated load balancing pool has at least 3832 min_health_percent hosts in healthy mode. 3833 format: int32 3834 type: integer 3835 splitExternalLocalOriginErrors: 3836 description: Determines whether to distinguish local 3837 origin failures from external errors. 3838 type: boolean 3839 type: object 3840 portLevelSettings: 3841 description: Traffic policies specific to individual ports. 3842 items: 3843 properties: 3844 connectionPool: 3845 properties: 3846 http: 3847 description: HTTP connection pool settings. 3848 properties: 3849 h2UpgradePolicy: 3850 description: |- 3851 Specify if http1.1 connection should be upgraded to http2 for the associated destination. 3852 3853 Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE 3854 enum: 3855 - DEFAULT 3856 - DO_NOT_UPGRADE 3857 - UPGRADE 3858 type: string 3859 http1MaxPendingRequests: 3860 description: Maximum number of requests that 3861 will be queued while waiting for a ready 3862 connection pool connection. 3863 format: int32 3864 type: integer 3865 http2MaxRequests: 3866 description: Maximum number of active requests 3867 to a destination. 3868 format: int32 3869 type: integer 3870 idleTimeout: 3871 description: The idle timeout for upstream 3872 connection pool connections. 3873 type: string 3874 maxConcurrentStreams: 3875 description: The maximum number of concurrent 3876 streams allowed for a peer on one HTTP/2 3877 connection. 3878 format: int32 3879 type: integer 3880 maxRequestsPerConnection: 3881 description: Maximum number of requests per 3882 connection to a backend. 3883 format: int32 3884 type: integer 3885 maxRetries: 3886 description: Maximum number of retries that 3887 can be outstanding to all hosts in a cluster 3888 at a given time. 3889 format: int32 3890 type: integer 3891 useClientProtocol: 3892 description: If set to true, client protocol 3893 will be preserved while initiating connection 3894 to backend. 3895 type: boolean 3896 type: object 3897 tcp: 3898 description: Settings common to both HTTP and 3899 TCP upstream connections. 3900 properties: 3901 connectTimeout: 3902 description: TCP connection timeout. 3903 type: string 3904 idleTimeout: 3905 description: The idle timeout for TCP connections. 3906 type: string 3907 maxConnectionDuration: 3908 description: The maximum duration of a connection. 3909 type: string 3910 maxConnections: 3911 description: Maximum number of HTTP1 /TCP 3912 connections to a destination host. 3913 format: int32 3914 type: integer 3915 tcpKeepalive: 3916 description: If set then set SO_KEEPALIVE 3917 on the socket to enable TCP Keepalives. 3918 properties: 3919 interval: 3920 description: The time duration between 3921 keep-alive probes. 3922 type: string 3923 probes: 3924 description: Maximum number of keepalive 3925 probes to send without response before 3926 deciding the connection is dead. 3927 maximum: 4294967295 3928 minimum: 0 3929 type: integer 3930 time: 3931 description: The time duration a connection 3932 needs to be idle before keep-alive probes 3933 start being sent. 3934 type: string 3935 type: object 3936 type: object 3937 type: object 3938 loadBalancer: 3939 description: Settings controlling the load balancer 3940 algorithms. 3941 oneOf: 3942 - not: 3943 anyOf: 3944 - required: 3945 - simple 3946 - required: 3947 - consistentHash 3948 - required: 3949 - simple 3950 - required: 3951 - consistentHash 3952 properties: 3953 consistentHash: 3954 allOf: 3955 - oneOf: 3956 - not: 3957 anyOf: 3958 - required: 3959 - httpHeaderName 3960 - required: 3961 - httpCookie 3962 - required: 3963 - useSourceIp 3964 - required: 3965 - httpQueryParameterName 3966 - required: 3967 - httpHeaderName 3968 - required: 3969 - httpCookie 3970 - required: 3971 - useSourceIp 3972 - required: 3973 - httpQueryParameterName 3974 - oneOf: 3975 - not: 3976 anyOf: 3977 - required: 3978 - ringHash 3979 - required: 3980 - maglev 3981 - required: 3982 - ringHash 3983 - required: 3984 - maglev 3985 properties: 3986 httpCookie: 3987 description: Hash based on HTTP cookie. 3988 properties: 3989 name: 3990 description: Name of the cookie. 3991 type: string 3992 path: 3993 description: Path to set for the cookie. 3994 type: string 3995 ttl: 3996 description: Lifetime of the cookie. 3997 type: string 3998 required: 3999 - name 4000 type: object 4001 httpHeaderName: 4002 description: Hash based on a specific HTTP 4003 header. 4004 type: string 4005 httpQueryParameterName: 4006 description: Hash based on a specific HTTP 4007 query parameter. 4008 type: string 4009 maglev: 4010 description: The Maglev load balancer implements 4011 consistent hashing to backend hosts. 4012 properties: 4013 tableSize: 4014 description: The table size for Maglev 4015 hashing. 4016 minimum: 0 4017 type: integer 4018 type: object 4019 minimumRingSize: 4020 description: Deprecated. 4021 minimum: 0 4022 type: integer 4023 ringHash: 4024 description: The ring/modulo hash load balancer 4025 implements consistent hashing to backend 4026 hosts. 4027 properties: 4028 minimumRingSize: 4029 description: The minimum number of virtual 4030 nodes to use for the hash ring. 4031 minimum: 0 4032 type: integer 4033 type: object 4034 useSourceIp: 4035 description: Hash based on the source IP address. 4036 type: boolean 4037 type: object 4038 localityLbSetting: 4039 properties: 4040 distribute: 4041 description: 'Optional: only one of distribute, 4042 failover or failoverPriority can be set.' 4043 items: 4044 properties: 4045 from: 4046 description: Originating locality, '/' 4047 separated, e.g. 4048 type: string 4049 to: 4050 additionalProperties: 4051 maximum: 4294967295 4052 minimum: 0 4053 type: integer 4054 description: Map of upstream localities 4055 to traffic distribution weights. 4056 type: object 4057 type: object 4058 type: array 4059 enabled: 4060 description: enable locality load balancing, 4061 this is DestinationRule-level and will override 4062 mesh wide settings in entirety. 4063 nullable: true 4064 type: boolean 4065 failover: 4066 description: 'Optional: only one of distribute, 4067 failover or failoverPriority can be set.' 4068 items: 4069 properties: 4070 from: 4071 description: Originating region. 4072 type: string 4073 to: 4074 description: Destination region the 4075 traffic will fail over to when endpoints 4076 in the 'from' region becomes unhealthy. 4077 type: string 4078 type: object 4079 type: array 4080 failoverPriority: 4081 description: failoverPriority is an ordered 4082 list of labels used to sort endpoints to 4083 do priority based load balancing. 4084 items: 4085 type: string 4086 type: array 4087 type: object 4088 simple: 4089 description: |2- 4090 4091 4092 Valid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST 4093 enum: 4094 - UNSPECIFIED 4095 - LEAST_CONN 4096 - RANDOM 4097 - PASSTHROUGH 4098 - ROUND_ROBIN 4099 - LEAST_REQUEST 4100 type: string 4101 warmupDurationSecs: 4102 description: Represents the warmup duration of 4103 Service. 4104 type: string 4105 type: object 4106 outlierDetection: 4107 properties: 4108 baseEjectionTime: 4109 description: Minimum ejection duration. 4110 type: string 4111 consecutive5xxErrors: 4112 description: Number of 5xx errors before a host 4113 is ejected from the connection pool. 4114 maximum: 4294967295 4115 minimum: 0 4116 nullable: true 4117 type: integer 4118 consecutiveErrors: 4119 format: int32 4120 type: integer 4121 consecutiveGatewayErrors: 4122 description: Number of gateway errors before a 4123 host is ejected from the connection pool. 4124 maximum: 4294967295 4125 minimum: 0 4126 nullable: true 4127 type: integer 4128 consecutiveLocalOriginFailures: 4129 description: The number of consecutive locally 4130 originated failures before ejection occurs. 4131 maximum: 4294967295 4132 minimum: 0 4133 nullable: true 4134 type: integer 4135 interval: 4136 description: Time interval between ejection sweep 4137 analysis. 4138 type: string 4139 maxEjectionPercent: 4140 description: Maximum % of hosts in the load balancing 4141 pool for the upstream service that can be ejected. 4142 format: int32 4143 type: integer 4144 minHealthPercent: 4145 description: Outlier detection will be enabled 4146 as long as the associated load balancing pool 4147 has at least min_health_percent hosts in healthy 4148 mode. 4149 format: int32 4150 type: integer 4151 splitExternalLocalOriginErrors: 4152 description: Determines whether to distinguish 4153 local origin failures from external errors. 4154 type: boolean 4155 type: object 4156 port: 4157 description: Specifies the number of a port on the 4158 destination service on which this policy is being 4159 applied. 4160 properties: 4161 number: 4162 maximum: 4294967295 4163 minimum: 0 4164 type: integer 4165 type: object 4166 tls: 4167 description: TLS related settings for connections 4168 to the upstream service. 4169 properties: 4170 caCertificates: 4171 description: 'OPTIONAL: The path to the file containing 4172 certificate authority certificates to use in 4173 verifying a presented server certificate.' 4174 type: string 4175 caCrl: 4176 description: 'OPTIONAL: The path to the file containing 4177 the certificate revocation list (CRL) to use 4178 in verifying a presented server certificate.' 4179 type: string 4180 clientCertificate: 4181 description: REQUIRED if mode is `MUTUAL`. 4182 type: string 4183 credentialName: 4184 description: The name of the secret that holds 4185 the TLS certs for the client including the CA 4186 certificates. 4187 type: string 4188 insecureSkipVerify: 4189 description: '`insecureSkipVerify` specifies whether 4190 the proxy should skip verifying the CA signature 4191 and SAN for the server certificate corresponding 4192 to the host.' 4193 nullable: true 4194 type: boolean 4195 mode: 4196 description: |- 4197 Indicates whether connections to this port should be secured using TLS. 4198 4199 Valid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL 4200 enum: 4201 - DISABLE 4202 - SIMPLE 4203 - MUTUAL 4204 - ISTIO_MUTUAL 4205 type: string 4206 privateKey: 4207 description: REQUIRED if mode is `MUTUAL`. 4208 type: string 4209 sni: 4210 description: SNI string to present to the server 4211 during TLS handshake. 4212 type: string 4213 subjectAltNames: 4214 description: A list of alternate names to verify 4215 the subject identity in the certificate. 4216 items: 4217 type: string 4218 type: array 4219 type: object 4220 type: object 4221 type: array 4222 proxyProtocol: 4223 description: The upstream PROXY protocol settings. 4224 properties: 4225 version: 4226 description: |- 4227 The PROXY protocol version to use. 4228 4229 Valid Options: V1, V2 4230 enum: 4231 - V1 4232 - V2 4233 type: string 4234 type: object 4235 tls: 4236 description: TLS related settings for connections to the 4237 upstream service. 4238 properties: 4239 caCertificates: 4240 description: 'OPTIONAL: The path to the file containing 4241 certificate authority certificates to use in verifying 4242 a presented server certificate.' 4243 type: string 4244 caCrl: 4245 description: 'OPTIONAL: The path to the file containing 4246 the certificate revocation list (CRL) to use in verifying 4247 a presented server certificate.' 4248 type: string 4249 clientCertificate: 4250 description: REQUIRED if mode is `MUTUAL`. 4251 type: string 4252 credentialName: 4253 description: The name of the secret that holds the TLS 4254 certs for the client including the CA certificates. 4255 type: string 4256 insecureSkipVerify: 4257 description: '`insecureSkipVerify` specifies whether 4258 the proxy should skip verifying the CA signature and 4259 SAN for the server certificate corresponding to the 4260 host.' 4261 nullable: true 4262 type: boolean 4263 mode: 4264 description: |- 4265 Indicates whether connections to this port should be secured using TLS. 4266 4267 Valid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL 4268 enum: 4269 - DISABLE 4270 - SIMPLE 4271 - MUTUAL 4272 - ISTIO_MUTUAL 4273 type: string 4274 privateKey: 4275 description: REQUIRED if mode is `MUTUAL`. 4276 type: string 4277 sni: 4278 description: SNI string to present to the server during 4279 TLS handshake. 4280 type: string 4281 subjectAltNames: 4282 description: A list of alternate names to verify the 4283 subject identity in the certificate. 4284 items: 4285 type: string 4286 type: array 4287 type: object 4288 tunnel: 4289 description: Configuration of tunneling TCP over other transport 4290 or application layers for the host configured in the DestinationRule. 4291 properties: 4292 protocol: 4293 description: Specifies which protocol to use for tunneling 4294 the downstream connection. 4295 type: string 4296 targetHost: 4297 description: Specifies a host to which the downstream 4298 connection is tunneled. 4299 type: string 4300 targetPort: 4301 description: Specifies a port to which the downstream 4302 connection is tunneled. 4303 maximum: 4294967295 4304 minimum: 0 4305 type: integer 4306 required: 4307 - targetHost 4308 - targetPort 4309 type: object 4310 type: object 4311 required: 4312 - name 4313 type: object 4314 type: array 4315 trafficPolicy: 4316 description: Traffic policies to apply (load balancing policy, connection 4317 pool sizes, outlier detection). 4318 properties: 4319 connectionPool: 4320 properties: 4321 http: 4322 description: HTTP connection pool settings. 4323 properties: 4324 h2UpgradePolicy: 4325 description: |- 4326 Specify if http1.1 connection should be upgraded to http2 for the associated destination. 4327 4328 Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE 4329 enum: 4330 - DEFAULT 4331 - DO_NOT_UPGRADE 4332 - UPGRADE 4333 type: string 4334 http1MaxPendingRequests: 4335 description: Maximum number of requests that will be queued 4336 while waiting for a ready connection pool connection. 4337 format: int32 4338 type: integer 4339 http2MaxRequests: 4340 description: Maximum number of active requests to a destination. 4341 format: int32 4342 type: integer 4343 idleTimeout: 4344 description: The idle timeout for upstream connection 4345 pool connections. 4346 type: string 4347 maxConcurrentStreams: 4348 description: The maximum number of concurrent streams 4349 allowed for a peer on one HTTP/2 connection. 4350 format: int32 4351 type: integer 4352 maxRequestsPerConnection: 4353 description: Maximum number of requests per connection 4354 to a backend. 4355 format: int32 4356 type: integer 4357 maxRetries: 4358 description: Maximum number of retries that can be outstanding 4359 to all hosts in a cluster at a given time. 4360 format: int32 4361 type: integer 4362 useClientProtocol: 4363 description: If set to true, client protocol will be preserved 4364 while initiating connection to backend. 4365 type: boolean 4366 type: object 4367 tcp: 4368 description: Settings common to both HTTP and TCP upstream 4369 connections. 4370 properties: 4371 connectTimeout: 4372 description: TCP connection timeout. 4373 type: string 4374 idleTimeout: 4375 description: The idle timeout for TCP connections. 4376 type: string 4377 maxConnectionDuration: 4378 description: The maximum duration of a connection. 4379 type: string 4380 maxConnections: 4381 description: Maximum number of HTTP1 /TCP connections 4382 to a destination host. 4383 format: int32 4384 type: integer 4385 tcpKeepalive: 4386 description: If set then set SO_KEEPALIVE on the socket 4387 to enable TCP Keepalives. 4388 properties: 4389 interval: 4390 description: The time duration between keep-alive 4391 probes. 4392 type: string 4393 probes: 4394 description: Maximum number of keepalive probes to 4395 send without response before deciding the connection 4396 is dead. 4397 maximum: 4294967295 4398 minimum: 0 4399 type: integer 4400 time: 4401 description: The time duration a connection needs 4402 to be idle before keep-alive probes start being 4403 sent. 4404 type: string 4405 type: object 4406 type: object 4407 type: object 4408 loadBalancer: 4409 description: Settings controlling the load balancer algorithms. 4410 oneOf: 4411 - not: 4412 anyOf: 4413 - required: 4414 - simple 4415 - required: 4416 - consistentHash 4417 - required: 4418 - simple 4419 - required: 4420 - consistentHash 4421 properties: 4422 consistentHash: 4423 allOf: 4424 - oneOf: 4425 - not: 4426 anyOf: 4427 - required: 4428 - httpHeaderName 4429 - required: 4430 - httpCookie 4431 - required: 4432 - useSourceIp 4433 - required: 4434 - httpQueryParameterName 4435 - required: 4436 - httpHeaderName 4437 - required: 4438 - httpCookie 4439 - required: 4440 - useSourceIp 4441 - required: 4442 - httpQueryParameterName 4443 - oneOf: 4444 - not: 4445 anyOf: 4446 - required: 4447 - ringHash 4448 - required: 4449 - maglev 4450 - required: 4451 - ringHash 4452 - required: 4453 - maglev 4454 properties: 4455 httpCookie: 4456 description: Hash based on HTTP cookie. 4457 properties: 4458 name: 4459 description: Name of the cookie. 4460 type: string 4461 path: 4462 description: Path to set for the cookie. 4463 type: string 4464 ttl: 4465 description: Lifetime of the cookie. 4466 type: string 4467 required: 4468 - name 4469 type: object 4470 httpHeaderName: 4471 description: Hash based on a specific HTTP header. 4472 type: string 4473 httpQueryParameterName: 4474 description: Hash based on a specific HTTP query parameter. 4475 type: string 4476 maglev: 4477 description: The Maglev load balancer implements consistent 4478 hashing to backend hosts. 4479 properties: 4480 tableSize: 4481 description: The table size for Maglev hashing. 4482 minimum: 0 4483 type: integer 4484 type: object 4485 minimumRingSize: 4486 description: Deprecated. 4487 minimum: 0 4488 type: integer 4489 ringHash: 4490 description: The ring/modulo hash load balancer implements 4491 consistent hashing to backend hosts. 4492 properties: 4493 minimumRingSize: 4494 description: The minimum number of virtual nodes to 4495 use for the hash ring. 4496 minimum: 0 4497 type: integer 4498 type: object 4499 useSourceIp: 4500 description: Hash based on the source IP address. 4501 type: boolean 4502 type: object 4503 localityLbSetting: 4504 properties: 4505 distribute: 4506 description: 'Optional: only one of distribute, failover 4507 or failoverPriority can be set.' 4508 items: 4509 properties: 4510 from: 4511 description: Originating locality, '/' separated, 4512 e.g. 4513 type: string 4514 to: 4515 additionalProperties: 4516 maximum: 4294967295 4517 minimum: 0 4518 type: integer 4519 description: Map of upstream localities to traffic 4520 distribution weights. 4521 type: object 4522 type: object 4523 type: array 4524 enabled: 4525 description: enable locality load balancing, this is DestinationRule-level 4526 and will override mesh wide settings in entirety. 4527 nullable: true 4528 type: boolean 4529 failover: 4530 description: 'Optional: only one of distribute, failover 4531 or failoverPriority can be set.' 4532 items: 4533 properties: 4534 from: 4535 description: Originating region. 4536 type: string 4537 to: 4538 description: Destination region the traffic will 4539 fail over to when endpoints in the 'from' region 4540 becomes unhealthy. 4541 type: string 4542 type: object 4543 type: array 4544 failoverPriority: 4545 description: failoverPriority is an ordered list of labels 4546 used to sort endpoints to do priority based load balancing. 4547 items: 4548 type: string 4549 type: array 4550 type: object 4551 simple: 4552 description: |2- 4553 4554 4555 Valid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST 4556 enum: 4557 - UNSPECIFIED 4558 - LEAST_CONN 4559 - RANDOM 4560 - PASSTHROUGH 4561 - ROUND_ROBIN 4562 - LEAST_REQUEST 4563 type: string 4564 warmupDurationSecs: 4565 description: Represents the warmup duration of Service. 4566 type: string 4567 type: object 4568 outlierDetection: 4569 properties: 4570 baseEjectionTime: 4571 description: Minimum ejection duration. 4572 type: string 4573 consecutive5xxErrors: 4574 description: Number of 5xx errors before a host is ejected 4575 from the connection pool. 4576 maximum: 4294967295 4577 minimum: 0 4578 nullable: true 4579 type: integer 4580 consecutiveErrors: 4581 format: int32 4582 type: integer 4583 consecutiveGatewayErrors: 4584 description: Number of gateway errors before a host is ejected 4585 from the connection pool. 4586 maximum: 4294967295 4587 minimum: 0 4588 nullable: true 4589 type: integer 4590 consecutiveLocalOriginFailures: 4591 description: The number of consecutive locally originated 4592 failures before ejection occurs. 4593 maximum: 4294967295 4594 minimum: 0 4595 nullable: true 4596 type: integer 4597 interval: 4598 description: Time interval between ejection sweep analysis. 4599 type: string 4600 maxEjectionPercent: 4601 description: Maximum % of hosts in the load balancing pool 4602 for the upstream service that can be ejected. 4603 format: int32 4604 type: integer 4605 minHealthPercent: 4606 description: Outlier detection will be enabled as long as 4607 the associated load balancing pool has at least min_health_percent 4608 hosts in healthy mode. 4609 format: int32 4610 type: integer 4611 splitExternalLocalOriginErrors: 4612 description: Determines whether to distinguish local origin 4613 failures from external errors. 4614 type: boolean 4615 type: object 4616 portLevelSettings: 4617 description: Traffic policies specific to individual ports. 4618 items: 4619 properties: 4620 connectionPool: 4621 properties: 4622 http: 4623 description: HTTP connection pool settings. 4624 properties: 4625 h2UpgradePolicy: 4626 description: |- 4627 Specify if http1.1 connection should be upgraded to http2 for the associated destination. 4628 4629 Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE 4630 enum: 4631 - DEFAULT 4632 - DO_NOT_UPGRADE 4633 - UPGRADE 4634 type: string 4635 http1MaxPendingRequests: 4636 description: Maximum number of requests that will 4637 be queued while waiting for a ready connection 4638 pool connection. 4639 format: int32 4640 type: integer 4641 http2MaxRequests: 4642 description: Maximum number of active requests to 4643 a destination. 4644 format: int32 4645 type: integer 4646 idleTimeout: 4647 description: The idle timeout for upstream connection 4648 pool connections. 4649 type: string 4650 maxConcurrentStreams: 4651 description: The maximum number of concurrent streams 4652 allowed for a peer on one HTTP/2 connection. 4653 format: int32 4654 type: integer 4655 maxRequestsPerConnection: 4656 description: Maximum number of requests per connection 4657 to a backend. 4658 format: int32 4659 type: integer 4660 maxRetries: 4661 description: Maximum number of retries that can 4662 be outstanding to all hosts in a cluster at a 4663 given time. 4664 format: int32 4665 type: integer 4666 useClientProtocol: 4667 description: If set to true, client protocol will 4668 be preserved while initiating connection to backend. 4669 type: boolean 4670 type: object 4671 tcp: 4672 description: Settings common to both HTTP and TCP upstream 4673 connections. 4674 properties: 4675 connectTimeout: 4676 description: TCP connection timeout. 4677 type: string 4678 idleTimeout: 4679 description: The idle timeout for TCP connections. 4680 type: string 4681 maxConnectionDuration: 4682 description: The maximum duration of a connection. 4683 type: string 4684 maxConnections: 4685 description: Maximum number of HTTP1 /TCP connections 4686 to a destination host. 4687 format: int32 4688 type: integer 4689 tcpKeepalive: 4690 description: If set then set SO_KEEPALIVE on the 4691 socket to enable TCP Keepalives. 4692 properties: 4693 interval: 4694 description: The time duration between keep-alive 4695 probes. 4696 type: string 4697 probes: 4698 description: Maximum number of keepalive probes 4699 to send without response before deciding the 4700 connection is dead. 4701 maximum: 4294967295 4702 minimum: 0 4703 type: integer 4704 time: 4705 description: The time duration a connection 4706 needs to be idle before keep-alive probes 4707 start being sent. 4708 type: string 4709 type: object 4710 type: object 4711 type: object 4712 loadBalancer: 4713 description: Settings controlling the load balancer algorithms. 4714 oneOf: 4715 - not: 4716 anyOf: 4717 - required: 4718 - simple 4719 - required: 4720 - consistentHash 4721 - required: 4722 - simple 4723 - required: 4724 - consistentHash 4725 properties: 4726 consistentHash: 4727 allOf: 4728 - oneOf: 4729 - not: 4730 anyOf: 4731 - required: 4732 - httpHeaderName 4733 - required: 4734 - httpCookie 4735 - required: 4736 - useSourceIp 4737 - required: 4738 - httpQueryParameterName 4739 - required: 4740 - httpHeaderName 4741 - required: 4742 - httpCookie 4743 - required: 4744 - useSourceIp 4745 - required: 4746 - httpQueryParameterName 4747 - oneOf: 4748 - not: 4749 anyOf: 4750 - required: 4751 - ringHash 4752 - required: 4753 - maglev 4754 - required: 4755 - ringHash 4756 - required: 4757 - maglev 4758 properties: 4759 httpCookie: 4760 description: Hash based on HTTP cookie. 4761 properties: 4762 name: 4763 description: Name of the cookie. 4764 type: string 4765 path: 4766 description: Path to set for the cookie. 4767 type: string 4768 ttl: 4769 description: Lifetime of the cookie. 4770 type: string 4771 required: 4772 - name 4773 type: object 4774 httpHeaderName: 4775 description: Hash based on a specific HTTP header. 4776 type: string 4777 httpQueryParameterName: 4778 description: Hash based on a specific HTTP query 4779 parameter. 4780 type: string 4781 maglev: 4782 description: The Maglev load balancer implements 4783 consistent hashing to backend hosts. 4784 properties: 4785 tableSize: 4786 description: The table size for Maglev hashing. 4787 minimum: 0 4788 type: integer 4789 type: object 4790 minimumRingSize: 4791 description: Deprecated. 4792 minimum: 0 4793 type: integer 4794 ringHash: 4795 description: The ring/modulo hash load balancer 4796 implements consistent hashing to backend hosts. 4797 properties: 4798 minimumRingSize: 4799 description: The minimum number of virtual nodes 4800 to use for the hash ring. 4801 minimum: 0 4802 type: integer 4803 type: object 4804 useSourceIp: 4805 description: Hash based on the source IP address. 4806 type: boolean 4807 type: object 4808 localityLbSetting: 4809 properties: 4810 distribute: 4811 description: 'Optional: only one of distribute, 4812 failover or failoverPriority can be set.' 4813 items: 4814 properties: 4815 from: 4816 description: Originating locality, '/' separated, 4817 e.g. 4818 type: string 4819 to: 4820 additionalProperties: 4821 maximum: 4294967295 4822 minimum: 0 4823 type: integer 4824 description: Map of upstream localities to 4825 traffic distribution weights. 4826 type: object 4827 type: object 4828 type: array 4829 enabled: 4830 description: enable locality load balancing, this 4831 is DestinationRule-level and will override mesh 4832 wide settings in entirety. 4833 nullable: true 4834 type: boolean 4835 failover: 4836 description: 'Optional: only one of distribute, 4837 failover or failoverPriority can be set.' 4838 items: 4839 properties: 4840 from: 4841 description: Originating region. 4842 type: string 4843 to: 4844 description: Destination region the traffic 4845 will fail over to when endpoints in the 4846 'from' region becomes unhealthy. 4847 type: string 4848 type: object 4849 type: array 4850 failoverPriority: 4851 description: failoverPriority is an ordered list 4852 of labels used to sort endpoints to do priority 4853 based load balancing. 4854 items: 4855 type: string 4856 type: array 4857 type: object 4858 simple: 4859 description: |2- 4860 4861 4862 Valid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST 4863 enum: 4864 - UNSPECIFIED 4865 - LEAST_CONN 4866 - RANDOM 4867 - PASSTHROUGH 4868 - ROUND_ROBIN 4869 - LEAST_REQUEST 4870 type: string 4871 warmupDurationSecs: 4872 description: Represents the warmup duration of Service. 4873 type: string 4874 type: object 4875 outlierDetection: 4876 properties: 4877 baseEjectionTime: 4878 description: Minimum ejection duration. 4879 type: string 4880 consecutive5xxErrors: 4881 description: Number of 5xx errors before a host is ejected 4882 from the connection pool. 4883 maximum: 4294967295 4884 minimum: 0 4885 nullable: true 4886 type: integer 4887 consecutiveErrors: 4888 format: int32 4889 type: integer 4890 consecutiveGatewayErrors: 4891 description: Number of gateway errors before a host 4892 is ejected from the connection pool. 4893 maximum: 4294967295 4894 minimum: 0 4895 nullable: true 4896 type: integer 4897 consecutiveLocalOriginFailures: 4898 description: The number of consecutive locally originated 4899 failures before ejection occurs. 4900 maximum: 4294967295 4901 minimum: 0 4902 nullable: true 4903 type: integer 4904 interval: 4905 description: Time interval between ejection sweep analysis. 4906 type: string 4907 maxEjectionPercent: 4908 description: Maximum % of hosts in the load balancing 4909 pool for the upstream service that can be ejected. 4910 format: int32 4911 type: integer 4912 minHealthPercent: 4913 description: Outlier detection will be enabled as long 4914 as the associated load balancing pool has at least 4915 min_health_percent hosts in healthy mode. 4916 format: int32 4917 type: integer 4918 splitExternalLocalOriginErrors: 4919 description: Determines whether to distinguish local 4920 origin failures from external errors. 4921 type: boolean 4922 type: object 4923 port: 4924 description: Specifies the number of a port on the destination 4925 service on which this policy is being applied. 4926 properties: 4927 number: 4928 maximum: 4294967295 4929 minimum: 0 4930 type: integer 4931 type: object 4932 tls: 4933 description: TLS related settings for connections to the 4934 upstream service. 4935 properties: 4936 caCertificates: 4937 description: 'OPTIONAL: The path to the file containing 4938 certificate authority certificates to use in verifying 4939 a presented server certificate.' 4940 type: string 4941 caCrl: 4942 description: 'OPTIONAL: The path to the file containing 4943 the certificate revocation list (CRL) to use in verifying 4944 a presented server certificate.' 4945 type: string 4946 clientCertificate: 4947 description: REQUIRED if mode is `MUTUAL`. 4948 type: string 4949 credentialName: 4950 description: The name of the secret that holds the TLS 4951 certs for the client including the CA certificates. 4952 type: string 4953 insecureSkipVerify: 4954 description: '`insecureSkipVerify` specifies whether 4955 the proxy should skip verifying the CA signature and 4956 SAN for the server certificate corresponding to the 4957 host.' 4958 nullable: true 4959 type: boolean 4960 mode: 4961 description: |- 4962 Indicates whether connections to this port should be secured using TLS. 4963 4964 Valid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL 4965 enum: 4966 - DISABLE 4967 - SIMPLE 4968 - MUTUAL 4969 - ISTIO_MUTUAL 4970 type: string 4971 privateKey: 4972 description: REQUIRED if mode is `MUTUAL`. 4973 type: string 4974 sni: 4975 description: SNI string to present to the server during 4976 TLS handshake. 4977 type: string 4978 subjectAltNames: 4979 description: A list of alternate names to verify the 4980 subject identity in the certificate. 4981 items: 4982 type: string 4983 type: array 4984 type: object 4985 type: object 4986 type: array 4987 proxyProtocol: 4988 description: The upstream PROXY protocol settings. 4989 properties: 4990 version: 4991 description: |- 4992 The PROXY protocol version to use. 4993 4994 Valid Options: V1, V2 4995 enum: 4996 - V1 4997 - V2 4998 type: string 4999 type: object 5000 tls: 5001 description: TLS related settings for connections to the upstream 5002 service. 5003 properties: 5004 caCertificates: 5005 description: 'OPTIONAL: The path to the file containing certificate 5006 authority certificates to use in verifying a presented server 5007 certificate.' 5008 type: string 5009 caCrl: 5010 description: 'OPTIONAL: The path to the file containing the 5011 certificate revocation list (CRL) to use in verifying a 5012 presented server certificate.' 5013 type: string 5014 clientCertificate: 5015 description: REQUIRED if mode is `MUTUAL`. 5016 type: string 5017 credentialName: 5018 description: The name of the secret that holds the TLS certs 5019 for the client including the CA certificates. 5020 type: string 5021 insecureSkipVerify: 5022 description: '`insecureSkipVerify` specifies whether the proxy 5023 should skip verifying the CA signature and SAN for the server 5024 certificate corresponding to the host.' 5025 nullable: true 5026 type: boolean 5027 mode: 5028 description: |- 5029 Indicates whether connections to this port should be secured using TLS. 5030 5031 Valid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL 5032 enum: 5033 - DISABLE 5034 - SIMPLE 5035 - MUTUAL 5036 - ISTIO_MUTUAL 5037 type: string 5038 privateKey: 5039 description: REQUIRED if mode is `MUTUAL`. 5040 type: string 5041 sni: 5042 description: SNI string to present to the server during TLS 5043 handshake. 5044 type: string 5045 subjectAltNames: 5046 description: A list of alternate names to verify the subject 5047 identity in the certificate. 5048 items: 5049 type: string 5050 type: array 5051 type: object 5052 tunnel: 5053 description: Configuration of tunneling TCP over other transport 5054 or application layers for the host configured in the DestinationRule. 5055 properties: 5056 protocol: 5057 description: Specifies which protocol to use for tunneling 5058 the downstream connection. 5059 type: string 5060 targetHost: 5061 description: Specifies a host to which the downstream connection 5062 is tunneled. 5063 type: string 5064 targetPort: 5065 description: Specifies a port to which the downstream connection 5066 is tunneled. 5067 maximum: 4294967295 5068 minimum: 0 5069 type: integer 5070 required: 5071 - targetHost 5072 - targetPort 5073 type: object 5074 type: object 5075 workloadSelector: 5076 description: Criteria used to select the specific set of pods/VMs 5077 on which this `DestinationRule` configuration should be applied. 5078 properties: 5079 matchLabels: 5080 additionalProperties: 5081 type: string 5082 description: One or more labels that indicate a specific set of 5083 pods/VMs on which a policy should be applied. 5084 type: object 5085 type: object 5086 required: 5087 - host 5088 type: object 5089 status: 5090 type: object 5091 x-kubernetes-preserve-unknown-fields: true 5092 type: object 5093 served: true 5094 storage: true 5095 subresources: 5096 status: {} 5097 --- 5098 apiVersion: apiextensions.k8s.io/v1 5099 kind: CustomResourceDefinition 5100 metadata: 5101 annotations: 5102 "helm.sh/resource-policy": keep 5103 labels: 5104 app: istio-pilot 5105 chart: istio 5106 heritage: Tiller 5107 release: istio 5108 name: envoyfilters.networking.istio.io 5109 spec: 5110 group: networking.istio.io 5111 names: 5112 categories: 5113 - istio-io 5114 - networking-istio-io 5115 kind: EnvoyFilter 5116 listKind: EnvoyFilterList 5117 plural: envoyfilters 5118 singular: envoyfilter 5119 scope: Namespaced 5120 versions: 5121 - name: v1alpha3 5122 schema: 5123 openAPIV3Schema: 5124 properties: 5125 spec: 5126 description: 'Customizing Envoy configuration generated by Istio. See 5127 more details at: https://istio.io/docs/reference/config/networking/envoy-filter.html' 5128 properties: 5129 configPatches: 5130 description: One or more patches with match conditions. 5131 items: 5132 properties: 5133 applyTo: 5134 description: |- 5135 Specifies where in the Envoy configuration, the patch should be applied. 5136 5137 Valid Options: LISTENER, FILTER_CHAIN, NETWORK_FILTER, HTTP_FILTER, ROUTE_CONFIGURATION, VIRTUAL_HOST, HTTP_ROUTE, CLUSTER, EXTENSION_CONFIG, BOOTSTRAP, LISTENER_FILTER 5138 enum: 5139 - INVALID 5140 - LISTENER 5141 - FILTER_CHAIN 5142 - NETWORK_FILTER 5143 - HTTP_FILTER 5144 - ROUTE_CONFIGURATION 5145 - VIRTUAL_HOST 5146 - HTTP_ROUTE 5147 - CLUSTER 5148 - EXTENSION_CONFIG 5149 - BOOTSTRAP 5150 - LISTENER_FILTER 5151 type: string 5152 match: 5153 description: Match on listener/route configuration/cluster. 5154 oneOf: 5155 - not: 5156 anyOf: 5157 - required: 5158 - listener 5159 - required: 5160 - routeConfiguration 5161 - required: 5162 - cluster 5163 - required: 5164 - listener 5165 - required: 5166 - routeConfiguration 5167 - required: 5168 - cluster 5169 properties: 5170 cluster: 5171 description: Match on envoy cluster attributes. 5172 properties: 5173 name: 5174 description: The exact name of the cluster to match. 5175 type: string 5176 portNumber: 5177 description: The service port for which this cluster 5178 was generated. 5179 maximum: 4294967295 5180 minimum: 0 5181 type: integer 5182 service: 5183 description: The fully qualified service name for this 5184 cluster. 5185 type: string 5186 subset: 5187 description: The subset associated with the service. 5188 type: string 5189 type: object 5190 context: 5191 description: |- 5192 The specific config generation context to match on. 5193 5194 Valid Options: ANY, SIDECAR_INBOUND, SIDECAR_OUTBOUND, GATEWAY 5195 enum: 5196 - ANY 5197 - SIDECAR_INBOUND 5198 - SIDECAR_OUTBOUND 5199 - GATEWAY 5200 type: string 5201 listener: 5202 description: Match on envoy listener attributes. 5203 properties: 5204 filterChain: 5205 description: Match a specific filter chain in a listener. 5206 properties: 5207 applicationProtocols: 5208 description: Applies only to sidecars. 5209 type: string 5210 destinationPort: 5211 description: The destination_port value used by 5212 a filter chain's match condition. 5213 maximum: 4294967295 5214 minimum: 0 5215 type: integer 5216 filter: 5217 description: The name of a specific filter to apply 5218 the patch to. 5219 properties: 5220 name: 5221 description: The filter name to match on. 5222 type: string 5223 subFilter: 5224 description: The next level filter within this 5225 filter to match upon. 5226 properties: 5227 name: 5228 description: The filter name to match on. 5229 type: string 5230 type: object 5231 type: object 5232 name: 5233 description: The name assigned to the filter chain. 5234 type: string 5235 sni: 5236 description: The SNI value used by a filter chain's 5237 match condition. 5238 type: string 5239 transportProtocol: 5240 description: Applies only to `SIDECAR_INBOUND` context. 5241 type: string 5242 type: object 5243 listenerFilter: 5244 description: Match a specific listener filter. 5245 type: string 5246 name: 5247 description: Match a specific listener by its name. 5248 type: string 5249 portName: 5250 type: string 5251 portNumber: 5252 description: The service port/gateway port to which 5253 traffic is being sent/received. 5254 maximum: 4294967295 5255 minimum: 0 5256 type: integer 5257 type: object 5258 proxy: 5259 description: Match on properties associated with a proxy. 5260 properties: 5261 metadata: 5262 additionalProperties: 5263 type: string 5264 description: Match on the node metadata supplied by 5265 a proxy when connecting to Istio Pilot. 5266 type: object 5267 proxyVersion: 5268 description: A regular expression in golang regex format 5269 (RE2) that can be used to select proxies using a specific 5270 version of istio proxy. 5271 type: string 5272 type: object 5273 routeConfiguration: 5274 description: Match on envoy HTTP route configuration attributes. 5275 properties: 5276 gateway: 5277 description: The Istio gateway config's namespace/name 5278 for which this route configuration was generated. 5279 type: string 5280 name: 5281 description: Route configuration name to match on. 5282 type: string 5283 portName: 5284 description: Applicable only for GATEWAY context. 5285 type: string 5286 portNumber: 5287 description: The service port number or gateway server 5288 port number for which this route configuration was 5289 generated. 5290 maximum: 4294967295 5291 minimum: 0 5292 type: integer 5293 vhost: 5294 description: Match a specific virtual host in a route 5295 configuration and apply the patch to the virtual host. 5296 properties: 5297 name: 5298 description: The VirtualHosts objects generated 5299 by Istio are named as host:port, where the host 5300 typically corresponds to the VirtualService's 5301 host field or the hostname of a service in the 5302 registry. 5303 type: string 5304 route: 5305 description: Match a specific route within the virtual 5306 host. 5307 properties: 5308 action: 5309 description: |- 5310 Match a route with specific action type. 5311 5312 Valid Options: ANY, ROUTE, REDIRECT, DIRECT_RESPONSE 5313 enum: 5314 - ANY 5315 - ROUTE 5316 - REDIRECT 5317 - DIRECT_RESPONSE 5318 type: string 5319 name: 5320 description: The Route objects generated by 5321 default are named as default. 5322 type: string 5323 type: object 5324 type: object 5325 type: object 5326 type: object 5327 patch: 5328 description: The patch to apply along with the operation. 5329 properties: 5330 filterClass: 5331 description: |- 5332 Determines the filter insertion order. 5333 5334 Valid Options: AUTHN, AUTHZ, STATS 5335 enum: 5336 - UNSPECIFIED 5337 - AUTHN 5338 - AUTHZ 5339 - STATS 5340 type: string 5341 operation: 5342 description: |- 5343 Determines how the patch should be applied. 5344 5345 Valid Options: MERGE, ADD, REMOVE, INSERT_BEFORE, INSERT_AFTER, INSERT_FIRST, REPLACE 5346 enum: 5347 - INVALID 5348 - MERGE 5349 - ADD 5350 - REMOVE 5351 - INSERT_BEFORE 5352 - INSERT_AFTER 5353 - INSERT_FIRST 5354 - REPLACE 5355 type: string 5356 value: 5357 description: The JSON config of the object being patched. 5358 type: object 5359 x-kubernetes-preserve-unknown-fields: true 5360 type: object 5361 type: object 5362 type: array 5363 priority: 5364 description: Priority defines the order in which patch sets are applied 5365 within a context. 5366 format: int32 5367 type: integer 5368 targetRefs: 5369 description: Optional. 5370 items: 5371 properties: 5372 group: 5373 description: group is the group of the target resource. 5374 type: string 5375 kind: 5376 description: kind is kind of the target resource. 5377 type: string 5378 name: 5379 description: name is the name of the target resource. 5380 type: string 5381 namespace: 5382 description: namespace is the namespace of the referent. 5383 type: string 5384 type: object 5385 type: array 5386 workloadSelector: 5387 description: Criteria used to select the specific set of pods/VMs 5388 on which this patch configuration should be applied. 5389 properties: 5390 labels: 5391 additionalProperties: 5392 type: string 5393 description: One or more labels that indicate a specific set of 5394 pods/VMs on which the configuration should be applied. 5395 type: object 5396 type: object 5397 type: object 5398 status: 5399 type: object 5400 x-kubernetes-preserve-unknown-fields: true 5401 type: object 5402 served: true 5403 storage: true 5404 subresources: 5405 status: {} 5406 --- 5407 apiVersion: apiextensions.k8s.io/v1 5408 kind: CustomResourceDefinition 5409 metadata: 5410 annotations: 5411 "helm.sh/resource-policy": keep 5412 labels: 5413 app: istio-pilot 5414 chart: istio 5415 heritage: Tiller 5416 release: istio 5417 name: gateways.networking.istio.io 5418 spec: 5419 group: networking.istio.io 5420 names: 5421 categories: 5422 - istio-io 5423 - networking-istio-io 5424 kind: Gateway 5425 listKind: GatewayList 5426 plural: gateways 5427 shortNames: 5428 - gw 5429 singular: gateway 5430 scope: Namespaced 5431 versions: 5432 - name: v1 5433 schema: 5434 openAPIV3Schema: 5435 properties: 5436 spec: 5437 description: 'Configuration affecting edge load balancer. See more details 5438 at: https://istio.io/docs/reference/config/networking/gateway.html' 5439 properties: 5440 selector: 5441 additionalProperties: 5442 type: string 5443 description: One or more labels that indicate a specific set of pods/VMs 5444 on which this gateway configuration should be applied. 5445 type: object 5446 servers: 5447 description: A list of server specifications. 5448 items: 5449 properties: 5450 bind: 5451 description: The ip or the Unix domain socket to which the listener 5452 should be bound to. 5453 type: string 5454 defaultEndpoint: 5455 type: string 5456 hosts: 5457 description: One or more hosts exposed by this gateway. 5458 items: 5459 type: string 5460 type: array 5461 name: 5462 description: An optional name of the server, when set must be 5463 unique across all servers. 5464 type: string 5465 port: 5466 description: The Port on which the proxy should listen for incoming 5467 connections. 5468 properties: 5469 name: 5470 description: Label assigned to the port. 5471 type: string 5472 number: 5473 description: A valid non-negative integer port number. 5474 maximum: 4294967295 5475 minimum: 0 5476 type: integer 5477 protocol: 5478 description: The protocol exposed on the port. 5479 type: string 5480 targetPort: 5481 maximum: 4294967295 5482 minimum: 0 5483 type: integer 5484 required: 5485 - number 5486 - protocol 5487 - name 5488 type: object 5489 tls: 5490 description: Set of TLS related options that govern the server's 5491 behavior. 5492 properties: 5493 caCertificates: 5494 description: REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`. 5495 type: string 5496 caCrl: 5497 description: 'OPTIONAL: The path to the file containing 5498 the certificate revocation list (CRL) to use in verifying 5499 a presented client side certificate.' 5500 type: string 5501 cipherSuites: 5502 description: 'Optional: If specified, only support the specified 5503 cipher list.' 5504 items: 5505 type: string 5506 type: array 5507 credentialName: 5508 description: For gateways running on Kubernetes, the name 5509 of the secret that holds the TLS certs including the CA 5510 certificates. 5511 type: string 5512 httpsRedirect: 5513 description: If set to true, the load balancer will send 5514 a 301 redirect for all http connections, asking the clients 5515 to use HTTPS. 5516 type: boolean 5517 maxProtocolVersion: 5518 description: |- 5519 Optional: Maximum TLS protocol version. 5520 5521 Valid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 5522 enum: 5523 - TLS_AUTO 5524 - TLSV1_0 5525 - TLSV1_1 5526 - TLSV1_2 5527 - TLSV1_3 5528 type: string 5529 minProtocolVersion: 5530 description: |- 5531 Optional: Minimum TLS protocol version. 5532 5533 Valid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 5534 enum: 5535 - TLS_AUTO 5536 - TLSV1_0 5537 - TLSV1_1 5538 - TLSV1_2 5539 - TLSV1_3 5540 type: string 5541 mode: 5542 description: |- 5543 Optional: Indicates whether connections to this port should be secured using TLS. 5544 5545 Valid Options: PASSTHROUGH, SIMPLE, MUTUAL, AUTO_PASSTHROUGH, ISTIO_MUTUAL, OPTIONAL_MUTUAL 5546 enum: 5547 - PASSTHROUGH 5548 - SIMPLE 5549 - MUTUAL 5550 - AUTO_PASSTHROUGH 5551 - ISTIO_MUTUAL 5552 - OPTIONAL_MUTUAL 5553 type: string 5554 privateKey: 5555 description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. 5556 type: string 5557 serverCertificate: 5558 description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. 5559 type: string 5560 subjectAltNames: 5561 description: A list of alternate names to verify the subject 5562 identity in the certificate presented by the client. 5563 items: 5564 type: string 5565 type: array 5566 verifyCertificateHash: 5567 description: An optional list of hex-encoded SHA-256 hashes 5568 of the authorized client certificates. 5569 items: 5570 type: string 5571 type: array 5572 verifyCertificateSpki: 5573 description: An optional list of base64-encoded SHA-256 5574 hashes of the SPKIs of authorized client certificates. 5575 items: 5576 type: string 5577 type: array 5578 type: object 5579 required: 5580 - port 5581 - hosts 5582 type: object 5583 type: array 5584 type: object 5585 status: 5586 type: object 5587 x-kubernetes-preserve-unknown-fields: true 5588 type: object 5589 served: true 5590 storage: false 5591 subresources: 5592 status: {} 5593 - name: v1alpha3 5594 schema: 5595 openAPIV3Schema: 5596 properties: 5597 spec: 5598 description: 'Configuration affecting edge load balancer. See more details 5599 at: https://istio.io/docs/reference/config/networking/gateway.html' 5600 properties: 5601 selector: 5602 additionalProperties: 5603 type: string 5604 description: One or more labels that indicate a specific set of pods/VMs 5605 on which this gateway configuration should be applied. 5606 type: object 5607 servers: 5608 description: A list of server specifications. 5609 items: 5610 properties: 5611 bind: 5612 description: The ip or the Unix domain socket to which the listener 5613 should be bound to. 5614 type: string 5615 defaultEndpoint: 5616 type: string 5617 hosts: 5618 description: One or more hosts exposed by this gateway. 5619 items: 5620 type: string 5621 type: array 5622 name: 5623 description: An optional name of the server, when set must be 5624 unique across all servers. 5625 type: string 5626 port: 5627 description: The Port on which the proxy should listen for incoming 5628 connections. 5629 properties: 5630 name: 5631 description: Label assigned to the port. 5632 type: string 5633 number: 5634 description: A valid non-negative integer port number. 5635 maximum: 4294967295 5636 minimum: 0 5637 type: integer 5638 protocol: 5639 description: The protocol exposed on the port. 5640 type: string 5641 targetPort: 5642 maximum: 4294967295 5643 minimum: 0 5644 type: integer 5645 required: 5646 - number 5647 - protocol 5648 - name 5649 type: object 5650 tls: 5651 description: Set of TLS related options that govern the server's 5652 behavior. 5653 properties: 5654 caCertificates: 5655 description: REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`. 5656 type: string 5657 caCrl: 5658 description: 'OPTIONAL: The path to the file containing 5659 the certificate revocation list (CRL) to use in verifying 5660 a presented client side certificate.' 5661 type: string 5662 cipherSuites: 5663 description: 'Optional: If specified, only support the specified 5664 cipher list.' 5665 items: 5666 type: string 5667 type: array 5668 credentialName: 5669 description: For gateways running on Kubernetes, the name 5670 of the secret that holds the TLS certs including the CA 5671 certificates. 5672 type: string 5673 httpsRedirect: 5674 description: If set to true, the load balancer will send 5675 a 301 redirect for all http connections, asking the clients 5676 to use HTTPS. 5677 type: boolean 5678 maxProtocolVersion: 5679 description: |- 5680 Optional: Maximum TLS protocol version. 5681 5682 Valid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 5683 enum: 5684 - TLS_AUTO 5685 - TLSV1_0 5686 - TLSV1_1 5687 - TLSV1_2 5688 - TLSV1_3 5689 type: string 5690 minProtocolVersion: 5691 description: |- 5692 Optional: Minimum TLS protocol version. 5693 5694 Valid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 5695 enum: 5696 - TLS_AUTO 5697 - TLSV1_0 5698 - TLSV1_1 5699 - TLSV1_2 5700 - TLSV1_3 5701 type: string 5702 mode: 5703 description: |- 5704 Optional: Indicates whether connections to this port should be secured using TLS. 5705 5706 Valid Options: PASSTHROUGH, SIMPLE, MUTUAL, AUTO_PASSTHROUGH, ISTIO_MUTUAL, OPTIONAL_MUTUAL 5707 enum: 5708 - PASSTHROUGH 5709 - SIMPLE 5710 - MUTUAL 5711 - AUTO_PASSTHROUGH 5712 - ISTIO_MUTUAL 5713 - OPTIONAL_MUTUAL 5714 type: string 5715 privateKey: 5716 description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. 5717 type: string 5718 serverCertificate: 5719 description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. 5720 type: string 5721 subjectAltNames: 5722 description: A list of alternate names to verify the subject 5723 identity in the certificate presented by the client. 5724 items: 5725 type: string 5726 type: array 5727 verifyCertificateHash: 5728 description: An optional list of hex-encoded SHA-256 hashes 5729 of the authorized client certificates. 5730 items: 5731 type: string 5732 type: array 5733 verifyCertificateSpki: 5734 description: An optional list of base64-encoded SHA-256 5735 hashes of the SPKIs of authorized client certificates. 5736 items: 5737 type: string 5738 type: array 5739 type: object 5740 required: 5741 - port 5742 - hosts 5743 type: object 5744 type: array 5745 type: object 5746 status: 5747 type: object 5748 x-kubernetes-preserve-unknown-fields: true 5749 type: object 5750 served: true 5751 storage: false 5752 subresources: 5753 status: {} 5754 - name: v1beta1 5755 schema: 5756 openAPIV3Schema: 5757 properties: 5758 spec: 5759 description: 'Configuration affecting edge load balancer. See more details 5760 at: https://istio.io/docs/reference/config/networking/gateway.html' 5761 properties: 5762 selector: 5763 additionalProperties: 5764 type: string 5765 description: One or more labels that indicate a specific set of pods/VMs 5766 on which this gateway configuration should be applied. 5767 type: object 5768 servers: 5769 description: A list of server specifications. 5770 items: 5771 properties: 5772 bind: 5773 description: The ip or the Unix domain socket to which the listener 5774 should be bound to. 5775 type: string 5776 defaultEndpoint: 5777 type: string 5778 hosts: 5779 description: One or more hosts exposed by this gateway. 5780 items: 5781 type: string 5782 type: array 5783 name: 5784 description: An optional name of the server, when set must be 5785 unique across all servers. 5786 type: string 5787 port: 5788 description: The Port on which the proxy should listen for incoming 5789 connections. 5790 properties: 5791 name: 5792 description: Label assigned to the port. 5793 type: string 5794 number: 5795 description: A valid non-negative integer port number. 5796 maximum: 4294967295 5797 minimum: 0 5798 type: integer 5799 protocol: 5800 description: The protocol exposed on the port. 5801 type: string 5802 targetPort: 5803 maximum: 4294967295 5804 minimum: 0 5805 type: integer 5806 required: 5807 - number 5808 - protocol 5809 - name 5810 type: object 5811 tls: 5812 description: Set of TLS related options that govern the server's 5813 behavior. 5814 properties: 5815 caCertificates: 5816 description: REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`. 5817 type: string 5818 caCrl: 5819 description: 'OPTIONAL: The path to the file containing 5820 the certificate revocation list (CRL) to use in verifying 5821 a presented client side certificate.' 5822 type: string 5823 cipherSuites: 5824 description: 'Optional: If specified, only support the specified 5825 cipher list.' 5826 items: 5827 type: string 5828 type: array 5829 credentialName: 5830 description: For gateways running on Kubernetes, the name 5831 of the secret that holds the TLS certs including the CA 5832 certificates. 5833 type: string 5834 httpsRedirect: 5835 description: If set to true, the load balancer will send 5836 a 301 redirect for all http connections, asking the clients 5837 to use HTTPS. 5838 type: boolean 5839 maxProtocolVersion: 5840 description: |- 5841 Optional: Maximum TLS protocol version. 5842 5843 Valid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 5844 enum: 5845 - TLS_AUTO 5846 - TLSV1_0 5847 - TLSV1_1 5848 - TLSV1_2 5849 - TLSV1_3 5850 type: string 5851 minProtocolVersion: 5852 description: |- 5853 Optional: Minimum TLS protocol version. 5854 5855 Valid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 5856 enum: 5857 - TLS_AUTO 5858 - TLSV1_0 5859 - TLSV1_1 5860 - TLSV1_2 5861 - TLSV1_3 5862 type: string 5863 mode: 5864 description: |- 5865 Optional: Indicates whether connections to this port should be secured using TLS. 5866 5867 Valid Options: PASSTHROUGH, SIMPLE, MUTUAL, AUTO_PASSTHROUGH, ISTIO_MUTUAL, OPTIONAL_MUTUAL 5868 enum: 5869 - PASSTHROUGH 5870 - SIMPLE 5871 - MUTUAL 5872 - AUTO_PASSTHROUGH 5873 - ISTIO_MUTUAL 5874 - OPTIONAL_MUTUAL 5875 type: string 5876 privateKey: 5877 description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. 5878 type: string 5879 serverCertificate: 5880 description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. 5881 type: string 5882 subjectAltNames: 5883 description: A list of alternate names to verify the subject 5884 identity in the certificate presented by the client. 5885 items: 5886 type: string 5887 type: array 5888 verifyCertificateHash: 5889 description: An optional list of hex-encoded SHA-256 hashes 5890 of the authorized client certificates. 5891 items: 5892 type: string 5893 type: array 5894 verifyCertificateSpki: 5895 description: An optional list of base64-encoded SHA-256 5896 hashes of the SPKIs of authorized client certificates. 5897 items: 5898 type: string 5899 type: array 5900 type: object 5901 required: 5902 - port 5903 - hosts 5904 type: object 5905 type: array 5906 type: object 5907 status: 5908 type: object 5909 x-kubernetes-preserve-unknown-fields: true 5910 type: object 5911 served: true 5912 storage: true 5913 subresources: 5914 status: {} 5915 --- 5916 apiVersion: apiextensions.k8s.io/v1 5917 kind: CustomResourceDefinition 5918 metadata: 5919 annotations: 5920 "helm.sh/resource-policy": keep 5921 labels: 5922 app: istio-pilot 5923 chart: istio 5924 heritage: Tiller 5925 release: istio 5926 name: proxyconfigs.networking.istio.io 5927 spec: 5928 group: networking.istio.io 5929 names: 5930 categories: 5931 - istio-io 5932 - networking-istio-io 5933 kind: ProxyConfig 5934 listKind: ProxyConfigList 5935 plural: proxyconfigs 5936 singular: proxyconfig 5937 scope: Namespaced 5938 versions: 5939 - name: v1beta1 5940 schema: 5941 openAPIV3Schema: 5942 properties: 5943 spec: 5944 description: 'Provides configuration for individual workloads. See more 5945 details at: https://istio.io/docs/reference/config/networking/proxy-config.html' 5946 properties: 5947 concurrency: 5948 description: The number of worker threads to run. 5949 format: int32 5950 nullable: true 5951 type: integer 5952 environmentVariables: 5953 additionalProperties: 5954 type: string 5955 description: Additional environment variables for the proxy. 5956 type: object 5957 image: 5958 description: Specifies the details of the proxy image. 5959 properties: 5960 imageType: 5961 description: The image type of the image. 5962 type: string 5963 type: object 5964 selector: 5965 description: Optional. 5966 properties: 5967 matchLabels: 5968 additionalProperties: 5969 type: string 5970 description: One or more labels that indicate a specific set of 5971 pods/VMs on which a policy should be applied. 5972 type: object 5973 type: object 5974 type: object 5975 status: 5976 type: object 5977 x-kubernetes-preserve-unknown-fields: true 5978 type: object 5979 served: true 5980 storage: true 5981 subresources: 5982 status: {} 5983 --- 5984 apiVersion: apiextensions.k8s.io/v1 5985 kind: CustomResourceDefinition 5986 metadata: 5987 annotations: 5988 "helm.sh/resource-policy": keep 5989 labels: 5990 app: istio-pilot 5991 chart: istio 5992 heritage: Tiller 5993 release: istio 5994 name: serviceentries.networking.istio.io 5995 spec: 5996 group: networking.istio.io 5997 names: 5998 categories: 5999 - istio-io 6000 - networking-istio-io 6001 kind: ServiceEntry 6002 listKind: ServiceEntryList 6003 plural: serviceentries 6004 shortNames: 6005 - se 6006 singular: serviceentry 6007 scope: Namespaced 6008 versions: 6009 - additionalPrinterColumns: 6010 - description: The hosts associated with the ServiceEntry 6011 jsonPath: .spec.hosts 6012 name: Hosts 6013 type: string 6014 - description: Whether the service is external to the mesh or part of the mesh 6015 (MESH_EXTERNAL or MESH_INTERNAL) 6016 jsonPath: .spec.location 6017 name: Location 6018 type: string 6019 - description: Service resolution mode for the hosts (NONE, STATIC, or DNS) 6020 jsonPath: .spec.resolution 6021 name: Resolution 6022 type: string 6023 - description: 'CreationTimestamp is a timestamp representing the server time 6024 when this object was created. It is not guaranteed to be set in happens-before 6025 order across separate operations. Clients may not set this value. It is represented 6026 in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for 6027 lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' 6028 jsonPath: .metadata.creationTimestamp 6029 name: Age 6030 type: date 6031 name: v1 6032 schema: 6033 openAPIV3Schema: 6034 properties: 6035 spec: 6036 description: 'Configuration affecting service registry. See more details 6037 at: https://istio.io/docs/reference/config/networking/service-entry.html' 6038 properties: 6039 addresses: 6040 description: The virtual IP addresses associated with the service. 6041 items: 6042 type: string 6043 type: array 6044 endpoints: 6045 description: One or more endpoints associated with the service. 6046 items: 6047 properties: 6048 address: 6049 description: Address associated with the network endpoint without 6050 the port. 6051 type: string 6052 labels: 6053 additionalProperties: 6054 type: string 6055 description: One or more labels associated with the endpoint. 6056 type: object 6057 locality: 6058 description: The locality associated with the endpoint. 6059 type: string 6060 network: 6061 description: Network enables Istio to group endpoints resident 6062 in the same L3 domain/network. 6063 type: string 6064 ports: 6065 additionalProperties: 6066 maximum: 4294967295 6067 minimum: 0 6068 type: integer 6069 description: Set of ports associated with the endpoint. 6070 type: object 6071 serviceAccount: 6072 description: The service account associated with the workload 6073 if a sidecar is present in the workload. 6074 type: string 6075 weight: 6076 description: The load balancing weight associated with the endpoint. 6077 maximum: 4294967295 6078 minimum: 0 6079 type: integer 6080 type: object 6081 type: array 6082 exportTo: 6083 description: A list of namespaces to which this service is exported. 6084 items: 6085 type: string 6086 type: array 6087 hosts: 6088 description: The hosts associated with the ServiceEntry. 6089 items: 6090 type: string 6091 type: array 6092 location: 6093 description: |- 6094 Specify whether the service should be considered external to the mesh or part of the mesh. 6095 6096 Valid Options: MESH_EXTERNAL, MESH_INTERNAL 6097 enum: 6098 - MESH_EXTERNAL 6099 - MESH_INTERNAL 6100 type: string 6101 ports: 6102 description: The ports associated with the external service. 6103 items: 6104 properties: 6105 name: 6106 description: Label assigned to the port. 6107 type: string 6108 number: 6109 description: A valid non-negative integer port number. 6110 maximum: 4294967295 6111 minimum: 0 6112 type: integer 6113 protocol: 6114 description: The protocol exposed on the port. 6115 type: string 6116 targetPort: 6117 description: The port number on the endpoint where the traffic 6118 will be received. 6119 maximum: 4294967295 6120 minimum: 0 6121 type: integer 6122 required: 6123 - number 6124 - name 6125 type: object 6126 type: array 6127 resolution: 6128 description: |- 6129 Service resolution mode for the hosts. 6130 6131 Valid Options: NONE, STATIC, DNS, DNS_ROUND_ROBIN 6132 enum: 6133 - NONE 6134 - STATIC 6135 - DNS 6136 - DNS_ROUND_ROBIN 6137 type: string 6138 subjectAltNames: 6139 description: If specified, the proxy will verify that the server certificate's 6140 subject alternate name matches one of the specified values. 6141 items: 6142 type: string 6143 type: array 6144 workloadSelector: 6145 description: Applicable only for MESH_INTERNAL services. 6146 properties: 6147 labels: 6148 additionalProperties: 6149 type: string 6150 description: One or more labels that indicate a specific set of 6151 pods/VMs on which the configuration should be applied. 6152 type: object 6153 type: object 6154 required: 6155 - hosts 6156 type: object 6157 status: 6158 type: object 6159 x-kubernetes-preserve-unknown-fields: true 6160 type: object 6161 served: true 6162 storage: false 6163 subresources: 6164 status: {} 6165 - additionalPrinterColumns: 6166 - description: The hosts associated with the ServiceEntry 6167 jsonPath: .spec.hosts 6168 name: Hosts 6169 type: string 6170 - description: Whether the service is external to the mesh or part of the mesh 6171 (MESH_EXTERNAL or MESH_INTERNAL) 6172 jsonPath: .spec.location 6173 name: Location 6174 type: string 6175 - description: Service resolution mode for the hosts (NONE, STATIC, or DNS) 6176 jsonPath: .spec.resolution 6177 name: Resolution 6178 type: string 6179 - description: 'CreationTimestamp is a timestamp representing the server time 6180 when this object was created. It is not guaranteed to be set in happens-before 6181 order across separate operations. Clients may not set this value. It is represented 6182 in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for 6183 lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' 6184 jsonPath: .metadata.creationTimestamp 6185 name: Age 6186 type: date 6187 name: v1alpha3 6188 schema: 6189 openAPIV3Schema: 6190 properties: 6191 spec: 6192 description: 'Configuration affecting service registry. See more details 6193 at: https://istio.io/docs/reference/config/networking/service-entry.html' 6194 properties: 6195 addresses: 6196 description: The virtual IP addresses associated with the service. 6197 items: 6198 type: string 6199 type: array 6200 endpoints: 6201 description: One or more endpoints associated with the service. 6202 items: 6203 properties: 6204 address: 6205 description: Address associated with the network endpoint without 6206 the port. 6207 type: string 6208 labels: 6209 additionalProperties: 6210 type: string 6211 description: One or more labels associated with the endpoint. 6212 type: object 6213 locality: 6214 description: The locality associated with the endpoint. 6215 type: string 6216 network: 6217 description: Network enables Istio to group endpoints resident 6218 in the same L3 domain/network. 6219 type: string 6220 ports: 6221 additionalProperties: 6222 maximum: 4294967295 6223 minimum: 0 6224 type: integer 6225 description: Set of ports associated with the endpoint. 6226 type: object 6227 serviceAccount: 6228 description: The service account associated with the workload 6229 if a sidecar is present in the workload. 6230 type: string 6231 weight: 6232 description: The load balancing weight associated with the endpoint. 6233 maximum: 4294967295 6234 minimum: 0 6235 type: integer 6236 type: object 6237 type: array 6238 exportTo: 6239 description: A list of namespaces to which this service is exported. 6240 items: 6241 type: string 6242 type: array 6243 hosts: 6244 description: The hosts associated with the ServiceEntry. 6245 items: 6246 type: string 6247 type: array 6248 location: 6249 description: |- 6250 Specify whether the service should be considered external to the mesh or part of the mesh. 6251 6252 Valid Options: MESH_EXTERNAL, MESH_INTERNAL 6253 enum: 6254 - MESH_EXTERNAL 6255 - MESH_INTERNAL 6256 type: string 6257 ports: 6258 description: The ports associated with the external service. 6259 items: 6260 properties: 6261 name: 6262 description: Label assigned to the port. 6263 type: string 6264 number: 6265 description: A valid non-negative integer port number. 6266 maximum: 4294967295 6267 minimum: 0 6268 type: integer 6269 protocol: 6270 description: The protocol exposed on the port. 6271 type: string 6272 targetPort: 6273 description: The port number on the endpoint where the traffic 6274 will be received. 6275 maximum: 4294967295 6276 minimum: 0 6277 type: integer 6278 required: 6279 - number 6280 - name 6281 type: object 6282 type: array 6283 resolution: 6284 description: |- 6285 Service resolution mode for the hosts. 6286 6287 Valid Options: NONE, STATIC, DNS, DNS_ROUND_ROBIN 6288 enum: 6289 - NONE 6290 - STATIC 6291 - DNS 6292 - DNS_ROUND_ROBIN 6293 type: string 6294 subjectAltNames: 6295 description: If specified, the proxy will verify that the server certificate's 6296 subject alternate name matches one of the specified values. 6297 items: 6298 type: string 6299 type: array 6300 workloadSelector: 6301 description: Applicable only for MESH_INTERNAL services. 6302 properties: 6303 labels: 6304 additionalProperties: 6305 type: string 6306 description: One or more labels that indicate a specific set of 6307 pods/VMs on which the configuration should be applied. 6308 type: object 6309 type: object 6310 required: 6311 - hosts 6312 type: object 6313 status: 6314 type: object 6315 x-kubernetes-preserve-unknown-fields: true 6316 type: object 6317 served: true 6318 storage: false 6319 subresources: 6320 status: {} 6321 - additionalPrinterColumns: 6322 - description: The hosts associated with the ServiceEntry 6323 jsonPath: .spec.hosts 6324 name: Hosts 6325 type: string 6326 - description: Whether the service is external to the mesh or part of the mesh 6327 (MESH_EXTERNAL or MESH_INTERNAL) 6328 jsonPath: .spec.location 6329 name: Location 6330 type: string 6331 - description: Service resolution mode for the hosts (NONE, STATIC, or DNS) 6332 jsonPath: .spec.resolution 6333 name: Resolution 6334 type: string 6335 - description: 'CreationTimestamp is a timestamp representing the server time 6336 when this object was created. It is not guaranteed to be set in happens-before 6337 order across separate operations. Clients may not set this value. It is represented 6338 in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for 6339 lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' 6340 jsonPath: .metadata.creationTimestamp 6341 name: Age 6342 type: date 6343 name: v1beta1 6344 schema: 6345 openAPIV3Schema: 6346 properties: 6347 spec: 6348 description: 'Configuration affecting service registry. See more details 6349 at: https://istio.io/docs/reference/config/networking/service-entry.html' 6350 properties: 6351 addresses: 6352 description: The virtual IP addresses associated with the service. 6353 items: 6354 type: string 6355 type: array 6356 endpoints: 6357 description: One or more endpoints associated with the service. 6358 items: 6359 properties: 6360 address: 6361 description: Address associated with the network endpoint without 6362 the port. 6363 type: string 6364 labels: 6365 additionalProperties: 6366 type: string 6367 description: One or more labels associated with the endpoint. 6368 type: object 6369 locality: 6370 description: The locality associated with the endpoint. 6371 type: string 6372 network: 6373 description: Network enables Istio to group endpoints resident 6374 in the same L3 domain/network. 6375 type: string 6376 ports: 6377 additionalProperties: 6378 maximum: 4294967295 6379 minimum: 0 6380 type: integer 6381 description: Set of ports associated with the endpoint. 6382 type: object 6383 serviceAccount: 6384 description: The service account associated with the workload 6385 if a sidecar is present in the workload. 6386 type: string 6387 weight: 6388 description: The load balancing weight associated with the endpoint. 6389 maximum: 4294967295 6390 minimum: 0 6391 type: integer 6392 type: object 6393 type: array 6394 exportTo: 6395 description: A list of namespaces to which this service is exported. 6396 items: 6397 type: string 6398 type: array 6399 hosts: 6400 description: The hosts associated with the ServiceEntry. 6401 items: 6402 type: string 6403 type: array 6404 location: 6405 description: |- 6406 Specify whether the service should be considered external to the mesh or part of the mesh. 6407 6408 Valid Options: MESH_EXTERNAL, MESH_INTERNAL 6409 enum: 6410 - MESH_EXTERNAL 6411 - MESH_INTERNAL 6412 type: string 6413 ports: 6414 description: The ports associated with the external service. 6415 items: 6416 properties: 6417 name: 6418 description: Label assigned to the port. 6419 type: string 6420 number: 6421 description: A valid non-negative integer port number. 6422 maximum: 4294967295 6423 minimum: 0 6424 type: integer 6425 protocol: 6426 description: The protocol exposed on the port. 6427 type: string 6428 targetPort: 6429 description: The port number on the endpoint where the traffic 6430 will be received. 6431 maximum: 4294967295 6432 minimum: 0 6433 type: integer 6434 required: 6435 - number 6436 - name 6437 type: object 6438 type: array 6439 resolution: 6440 description: |- 6441 Service resolution mode for the hosts. 6442 6443 Valid Options: NONE, STATIC, DNS, DNS_ROUND_ROBIN 6444 enum: 6445 - NONE 6446 - STATIC 6447 - DNS 6448 - DNS_ROUND_ROBIN 6449 type: string 6450 subjectAltNames: 6451 description: If specified, the proxy will verify that the server certificate's 6452 subject alternate name matches one of the specified values. 6453 items: 6454 type: string 6455 type: array 6456 workloadSelector: 6457 description: Applicable only for MESH_INTERNAL services. 6458 properties: 6459 labels: 6460 additionalProperties: 6461 type: string 6462 description: One or more labels that indicate a specific set of 6463 pods/VMs on which the configuration should be applied. 6464 type: object 6465 type: object 6466 required: 6467 - hosts 6468 type: object 6469 status: 6470 type: object 6471 x-kubernetes-preserve-unknown-fields: true 6472 type: object 6473 served: true 6474 storage: true 6475 subresources: 6476 status: {} 6477 --- 6478 apiVersion: apiextensions.k8s.io/v1 6479 kind: CustomResourceDefinition 6480 metadata: 6481 annotations: 6482 "helm.sh/resource-policy": keep 6483 labels: 6484 app: istio-pilot 6485 chart: istio 6486 heritage: Tiller 6487 release: istio 6488 name: sidecars.networking.istio.io 6489 spec: 6490 group: networking.istio.io 6491 names: 6492 categories: 6493 - istio-io 6494 - networking-istio-io 6495 kind: Sidecar 6496 listKind: SidecarList 6497 plural: sidecars 6498 singular: sidecar 6499 scope: Namespaced 6500 versions: 6501 - name: v1 6502 schema: 6503 openAPIV3Schema: 6504 properties: 6505 spec: 6506 description: 'Configuration affecting network reachability of a sidecar. 6507 See more details at: https://istio.io/docs/reference/config/networking/sidecar.html' 6508 properties: 6509 egress: 6510 description: Egress specifies the configuration of the sidecar for 6511 processing outbound traffic from the attached workload instance 6512 to other services in the mesh. 6513 items: 6514 properties: 6515 bind: 6516 description: The IP(IPv4 or IPv6) or the Unix domain socket 6517 to which the listener should be bound to. 6518 type: string 6519 captureMode: 6520 description: |- 6521 When the bind address is an IP, the captureMode option dictates how traffic to the listener is expected to be captured (or not). 6522 6523 Valid Options: DEFAULT, IPTABLES, NONE 6524 enum: 6525 - DEFAULT 6526 - IPTABLES 6527 - NONE 6528 type: string 6529 hosts: 6530 description: One or more service hosts exposed by the listener 6531 in `namespace/dnsName` format. 6532 items: 6533 type: string 6534 type: array 6535 port: 6536 description: The port associated with the listener. 6537 properties: 6538 name: 6539 description: Label assigned to the port. 6540 type: string 6541 number: 6542 description: A valid non-negative integer port number. 6543 maximum: 4294967295 6544 minimum: 0 6545 type: integer 6546 protocol: 6547 description: The protocol exposed on the port. 6548 type: string 6549 targetPort: 6550 maximum: 4294967295 6551 minimum: 0 6552 type: integer 6553 type: object 6554 required: 6555 - hosts 6556 type: object 6557 type: array 6558 inboundConnectionPool: 6559 description: Settings controlling the volume of connections Envoy 6560 will accept from the network. 6561 properties: 6562 http: 6563 description: HTTP connection pool settings. 6564 properties: 6565 h2UpgradePolicy: 6566 description: |- 6567 Specify if http1.1 connection should be upgraded to http2 for the associated destination. 6568 6569 Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE 6570 enum: 6571 - DEFAULT 6572 - DO_NOT_UPGRADE 6573 - UPGRADE 6574 type: string 6575 http1MaxPendingRequests: 6576 description: Maximum number of requests that will be queued 6577 while waiting for a ready connection pool connection. 6578 format: int32 6579 type: integer 6580 http2MaxRequests: 6581 description: Maximum number of active requests to a destination. 6582 format: int32 6583 type: integer 6584 idleTimeout: 6585 description: The idle timeout for upstream connection pool 6586 connections. 6587 type: string 6588 maxConcurrentStreams: 6589 description: The maximum number of concurrent streams allowed 6590 for a peer on one HTTP/2 connection. 6591 format: int32 6592 type: integer 6593 maxRequestsPerConnection: 6594 description: Maximum number of requests per connection to 6595 a backend. 6596 format: int32 6597 type: integer 6598 maxRetries: 6599 description: Maximum number of retries that can be outstanding 6600 to all hosts in a cluster at a given time. 6601 format: int32 6602 type: integer 6603 useClientProtocol: 6604 description: If set to true, client protocol will be preserved 6605 while initiating connection to backend. 6606 type: boolean 6607 type: object 6608 tcp: 6609 description: Settings common to both HTTP and TCP upstream connections. 6610 properties: 6611 connectTimeout: 6612 description: TCP connection timeout. 6613 type: string 6614 idleTimeout: 6615 description: The idle timeout for TCP connections. 6616 type: string 6617 maxConnectionDuration: 6618 description: The maximum duration of a connection. 6619 type: string 6620 maxConnections: 6621 description: Maximum number of HTTP1 /TCP connections to a 6622 destination host. 6623 format: int32 6624 type: integer 6625 tcpKeepalive: 6626 description: If set then set SO_KEEPALIVE on the socket to 6627 enable TCP Keepalives. 6628 properties: 6629 interval: 6630 description: The time duration between keep-alive probes. 6631 type: string 6632 probes: 6633 description: Maximum number of keepalive probes to send 6634 without response before deciding the connection is dead. 6635 maximum: 4294967295 6636 minimum: 0 6637 type: integer 6638 time: 6639 description: The time duration a connection needs to be 6640 idle before keep-alive probes start being sent. 6641 type: string 6642 type: object 6643 type: object 6644 type: object 6645 ingress: 6646 description: Ingress specifies the configuration of the sidecar for 6647 processing inbound traffic to the attached workload instance. 6648 items: 6649 properties: 6650 bind: 6651 description: The IP(IPv4 or IPv6) to which the listener should 6652 be bound. 6653 type: string 6654 captureMode: 6655 description: |- 6656 The captureMode option dictates how traffic to the listener is expected to be captured (or not). 6657 6658 Valid Options: DEFAULT, IPTABLES, NONE 6659 enum: 6660 - DEFAULT 6661 - IPTABLES 6662 - NONE 6663 type: string 6664 connectionPool: 6665 description: Settings controlling the volume of connections 6666 Envoy will accept from the network. 6667 properties: 6668 http: 6669 description: HTTP connection pool settings. 6670 properties: 6671 h2UpgradePolicy: 6672 description: |- 6673 Specify if http1.1 connection should be upgraded to http2 for the associated destination. 6674 6675 Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE 6676 enum: 6677 - DEFAULT 6678 - DO_NOT_UPGRADE 6679 - UPGRADE 6680 type: string 6681 http1MaxPendingRequests: 6682 description: Maximum number of requests that will be 6683 queued while waiting for a ready connection pool connection. 6684 format: int32 6685 type: integer 6686 http2MaxRequests: 6687 description: Maximum number of active requests to a 6688 destination. 6689 format: int32 6690 type: integer 6691 idleTimeout: 6692 description: The idle timeout for upstream connection 6693 pool connections. 6694 type: string 6695 maxConcurrentStreams: 6696 description: The maximum number of concurrent streams 6697 allowed for a peer on one HTTP/2 connection. 6698 format: int32 6699 type: integer 6700 maxRequestsPerConnection: 6701 description: Maximum number of requests per connection 6702 to a backend. 6703 format: int32 6704 type: integer 6705 maxRetries: 6706 description: Maximum number of retries that can be outstanding 6707 to all hosts in a cluster at a given time. 6708 format: int32 6709 type: integer 6710 useClientProtocol: 6711 description: If set to true, client protocol will be 6712 preserved while initiating connection to backend. 6713 type: boolean 6714 type: object 6715 tcp: 6716 description: Settings common to both HTTP and TCP upstream 6717 connections. 6718 properties: 6719 connectTimeout: 6720 description: TCP connection timeout. 6721 type: string 6722 idleTimeout: 6723 description: The idle timeout for TCP connections. 6724 type: string 6725 maxConnectionDuration: 6726 description: The maximum duration of a connection. 6727 type: string 6728 maxConnections: 6729 description: Maximum number of HTTP1 /TCP connections 6730 to a destination host. 6731 format: int32 6732 type: integer 6733 tcpKeepalive: 6734 description: If set then set SO_KEEPALIVE on the socket 6735 to enable TCP Keepalives. 6736 properties: 6737 interval: 6738 description: The time duration between keep-alive 6739 probes. 6740 type: string 6741 probes: 6742 description: Maximum number of keepalive probes 6743 to send without response before deciding the connection 6744 is dead. 6745 maximum: 4294967295 6746 minimum: 0 6747 type: integer 6748 time: 6749 description: The time duration a connection needs 6750 to be idle before keep-alive probes start being 6751 sent. 6752 type: string 6753 type: object 6754 type: object 6755 type: object 6756 defaultEndpoint: 6757 description: The IP endpoint or Unix domain socket to which 6758 traffic should be forwarded to. 6759 type: string 6760 port: 6761 description: The port associated with the listener. 6762 properties: 6763 name: 6764 description: Label assigned to the port. 6765 type: string 6766 number: 6767 description: A valid non-negative integer port number. 6768 maximum: 4294967295 6769 minimum: 0 6770 type: integer 6771 protocol: 6772 description: The protocol exposed on the port. 6773 type: string 6774 targetPort: 6775 maximum: 4294967295 6776 minimum: 0 6777 type: integer 6778 type: object 6779 tls: 6780 description: Set of TLS related options that will enable TLS 6781 termination on the sidecar for requests originating from outside 6782 the mesh. 6783 properties: 6784 caCertificates: 6785 description: REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`. 6786 type: string 6787 caCrl: 6788 description: 'OPTIONAL: The path to the file containing 6789 the certificate revocation list (CRL) to use in verifying 6790 a presented client side certificate.' 6791 type: string 6792 cipherSuites: 6793 description: 'Optional: If specified, only support the specified 6794 cipher list.' 6795 items: 6796 type: string 6797 type: array 6798 credentialName: 6799 description: For gateways running on Kubernetes, the name 6800 of the secret that holds the TLS certs including the CA 6801 certificates. 6802 type: string 6803 httpsRedirect: 6804 description: If set to true, the load balancer will send 6805 a 301 redirect for all http connections, asking the clients 6806 to use HTTPS. 6807 type: boolean 6808 maxProtocolVersion: 6809 description: |- 6810 Optional: Maximum TLS protocol version. 6811 6812 Valid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 6813 enum: 6814 - TLS_AUTO 6815 - TLSV1_0 6816 - TLSV1_1 6817 - TLSV1_2 6818 - TLSV1_3 6819 type: string 6820 minProtocolVersion: 6821 description: |- 6822 Optional: Minimum TLS protocol version. 6823 6824 Valid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 6825 enum: 6826 - TLS_AUTO 6827 - TLSV1_0 6828 - TLSV1_1 6829 - TLSV1_2 6830 - TLSV1_3 6831 type: string 6832 mode: 6833 description: |- 6834 Optional: Indicates whether connections to this port should be secured using TLS. 6835 6836 Valid Options: PASSTHROUGH, SIMPLE, MUTUAL, AUTO_PASSTHROUGH, ISTIO_MUTUAL, OPTIONAL_MUTUAL 6837 enum: 6838 - PASSTHROUGH 6839 - SIMPLE 6840 - MUTUAL 6841 - AUTO_PASSTHROUGH 6842 - ISTIO_MUTUAL 6843 - OPTIONAL_MUTUAL 6844 type: string 6845 privateKey: 6846 description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. 6847 type: string 6848 serverCertificate: 6849 description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. 6850 type: string 6851 subjectAltNames: 6852 description: A list of alternate names to verify the subject 6853 identity in the certificate presented by the client. 6854 items: 6855 type: string 6856 type: array 6857 verifyCertificateHash: 6858 description: An optional list of hex-encoded SHA-256 hashes 6859 of the authorized client certificates. 6860 items: 6861 type: string 6862 type: array 6863 verifyCertificateSpki: 6864 description: An optional list of base64-encoded SHA-256 6865 hashes of the SPKIs of authorized client certificates. 6866 items: 6867 type: string 6868 type: array 6869 type: object 6870 required: 6871 - port 6872 type: object 6873 type: array 6874 outboundTrafficPolicy: 6875 description: Configuration for the outbound traffic policy. 6876 properties: 6877 egressProxy: 6878 properties: 6879 host: 6880 description: The name of a service from the service registry. 6881 type: string 6882 port: 6883 description: Specifies the port on the host that is being 6884 addressed. 6885 properties: 6886 number: 6887 maximum: 4294967295 6888 minimum: 0 6889 type: integer 6890 type: object 6891 subset: 6892 description: The name of a subset within the service. 6893 type: string 6894 required: 6895 - host 6896 type: object 6897 mode: 6898 description: |2- 6899 6900 6901 Valid Options: REGISTRY_ONLY, ALLOW_ANY 6902 enum: 6903 - REGISTRY_ONLY 6904 - ALLOW_ANY 6905 type: string 6906 type: object 6907 workloadSelector: 6908 description: Criteria used to select the specific set of pods/VMs 6909 on which this `Sidecar` configuration should be applied. 6910 properties: 6911 labels: 6912 additionalProperties: 6913 type: string 6914 description: One or more labels that indicate a specific set of 6915 pods/VMs on which the configuration should be applied. 6916 type: object 6917 type: object 6918 type: object 6919 status: 6920 type: object 6921 x-kubernetes-preserve-unknown-fields: true 6922 type: object 6923 served: true 6924 storage: false 6925 subresources: 6926 status: {} 6927 - name: v1alpha3 6928 schema: 6929 openAPIV3Schema: 6930 properties: 6931 spec: 6932 description: 'Configuration affecting network reachability of a sidecar. 6933 See more details at: https://istio.io/docs/reference/config/networking/sidecar.html' 6934 properties: 6935 egress: 6936 description: Egress specifies the configuration of the sidecar for 6937 processing outbound traffic from the attached workload instance 6938 to other services in the mesh. 6939 items: 6940 properties: 6941 bind: 6942 description: The IP(IPv4 or IPv6) or the Unix domain socket 6943 to which the listener should be bound to. 6944 type: string 6945 captureMode: 6946 description: |- 6947 When the bind address is an IP, the captureMode option dictates how traffic to the listener is expected to be captured (or not). 6948 6949 Valid Options: DEFAULT, IPTABLES, NONE 6950 enum: 6951 - DEFAULT 6952 - IPTABLES 6953 - NONE 6954 type: string 6955 hosts: 6956 description: One or more service hosts exposed by the listener 6957 in `namespace/dnsName` format. 6958 items: 6959 type: string 6960 type: array 6961 port: 6962 description: The port associated with the listener. 6963 properties: 6964 name: 6965 description: Label assigned to the port. 6966 type: string 6967 number: 6968 description: A valid non-negative integer port number. 6969 maximum: 4294967295 6970 minimum: 0 6971 type: integer 6972 protocol: 6973 description: The protocol exposed on the port. 6974 type: string 6975 targetPort: 6976 maximum: 4294967295 6977 minimum: 0 6978 type: integer 6979 type: object 6980 required: 6981 - hosts 6982 type: object 6983 type: array 6984 inboundConnectionPool: 6985 description: Settings controlling the volume of connections Envoy 6986 will accept from the network. 6987 properties: 6988 http: 6989 description: HTTP connection pool settings. 6990 properties: 6991 h2UpgradePolicy: 6992 description: |- 6993 Specify if http1.1 connection should be upgraded to http2 for the associated destination. 6994 6995 Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE 6996 enum: 6997 - DEFAULT 6998 - DO_NOT_UPGRADE 6999 - UPGRADE 7000 type: string 7001 http1MaxPendingRequests: 7002 description: Maximum number of requests that will be queued 7003 while waiting for a ready connection pool connection. 7004 format: int32 7005 type: integer 7006 http2MaxRequests: 7007 description: Maximum number of active requests to a destination. 7008 format: int32 7009 type: integer 7010 idleTimeout: 7011 description: The idle timeout for upstream connection pool 7012 connections. 7013 type: string 7014 maxConcurrentStreams: 7015 description: The maximum number of concurrent streams allowed 7016 for a peer on one HTTP/2 connection. 7017 format: int32 7018 type: integer 7019 maxRequestsPerConnection: 7020 description: Maximum number of requests per connection to 7021 a backend. 7022 format: int32 7023 type: integer 7024 maxRetries: 7025 description: Maximum number of retries that can be outstanding 7026 to all hosts in a cluster at a given time. 7027 format: int32 7028 type: integer 7029 useClientProtocol: 7030 description: If set to true, client protocol will be preserved 7031 while initiating connection to backend. 7032 type: boolean 7033 type: object 7034 tcp: 7035 description: Settings common to both HTTP and TCP upstream connections. 7036 properties: 7037 connectTimeout: 7038 description: TCP connection timeout. 7039 type: string 7040 idleTimeout: 7041 description: The idle timeout for TCP connections. 7042 type: string 7043 maxConnectionDuration: 7044 description: The maximum duration of a connection. 7045 type: string 7046 maxConnections: 7047 description: Maximum number of HTTP1 /TCP connections to a 7048 destination host. 7049 format: int32 7050 type: integer 7051 tcpKeepalive: 7052 description: If set then set SO_KEEPALIVE on the socket to 7053 enable TCP Keepalives. 7054 properties: 7055 interval: 7056 description: The time duration between keep-alive probes. 7057 type: string 7058 probes: 7059 description: Maximum number of keepalive probes to send 7060 without response before deciding the connection is dead. 7061 maximum: 4294967295 7062 minimum: 0 7063 type: integer 7064 time: 7065 description: The time duration a connection needs to be 7066 idle before keep-alive probes start being sent. 7067 type: string 7068 type: object 7069 type: object 7070 type: object 7071 ingress: 7072 description: Ingress specifies the configuration of the sidecar for 7073 processing inbound traffic to the attached workload instance. 7074 items: 7075 properties: 7076 bind: 7077 description: The IP(IPv4 or IPv6) to which the listener should 7078 be bound. 7079 type: string 7080 captureMode: 7081 description: |- 7082 The captureMode option dictates how traffic to the listener is expected to be captured (or not). 7083 7084 Valid Options: DEFAULT, IPTABLES, NONE 7085 enum: 7086 - DEFAULT 7087 - IPTABLES 7088 - NONE 7089 type: string 7090 connectionPool: 7091 description: Settings controlling the volume of connections 7092 Envoy will accept from the network. 7093 properties: 7094 http: 7095 description: HTTP connection pool settings. 7096 properties: 7097 h2UpgradePolicy: 7098 description: |- 7099 Specify if http1.1 connection should be upgraded to http2 for the associated destination. 7100 7101 Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE 7102 enum: 7103 - DEFAULT 7104 - DO_NOT_UPGRADE 7105 - UPGRADE 7106 type: string 7107 http1MaxPendingRequests: 7108 description: Maximum number of requests that will be 7109 queued while waiting for a ready connection pool connection. 7110 format: int32 7111 type: integer 7112 http2MaxRequests: 7113 description: Maximum number of active requests to a 7114 destination. 7115 format: int32 7116 type: integer 7117 idleTimeout: 7118 description: The idle timeout for upstream connection 7119 pool connections. 7120 type: string 7121 maxConcurrentStreams: 7122 description: The maximum number of concurrent streams 7123 allowed for a peer on one HTTP/2 connection. 7124 format: int32 7125 type: integer 7126 maxRequestsPerConnection: 7127 description: Maximum number of requests per connection 7128 to a backend. 7129 format: int32 7130 type: integer 7131 maxRetries: 7132 description: Maximum number of retries that can be outstanding 7133 to all hosts in a cluster at a given time. 7134 format: int32 7135 type: integer 7136 useClientProtocol: 7137 description: If set to true, client protocol will be 7138 preserved while initiating connection to backend. 7139 type: boolean 7140 type: object 7141 tcp: 7142 description: Settings common to both HTTP and TCP upstream 7143 connections. 7144 properties: 7145 connectTimeout: 7146 description: TCP connection timeout. 7147 type: string 7148 idleTimeout: 7149 description: The idle timeout for TCP connections. 7150 type: string 7151 maxConnectionDuration: 7152 description: The maximum duration of a connection. 7153 type: string 7154 maxConnections: 7155 description: Maximum number of HTTP1 /TCP connections 7156 to a destination host. 7157 format: int32 7158 type: integer 7159 tcpKeepalive: 7160 description: If set then set SO_KEEPALIVE on the socket 7161 to enable TCP Keepalives. 7162 properties: 7163 interval: 7164 description: The time duration between keep-alive 7165 probes. 7166 type: string 7167 probes: 7168 description: Maximum number of keepalive probes 7169 to send without response before deciding the connection 7170 is dead. 7171 maximum: 4294967295 7172 minimum: 0 7173 type: integer 7174 time: 7175 description: The time duration a connection needs 7176 to be idle before keep-alive probes start being 7177 sent. 7178 type: string 7179 type: object 7180 type: object 7181 type: object 7182 defaultEndpoint: 7183 description: The IP endpoint or Unix domain socket to which 7184 traffic should be forwarded to. 7185 type: string 7186 port: 7187 description: The port associated with the listener. 7188 properties: 7189 name: 7190 description: Label assigned to the port. 7191 type: string 7192 number: 7193 description: A valid non-negative integer port number. 7194 maximum: 4294967295 7195 minimum: 0 7196 type: integer 7197 protocol: 7198 description: The protocol exposed on the port. 7199 type: string 7200 targetPort: 7201 maximum: 4294967295 7202 minimum: 0 7203 type: integer 7204 type: object 7205 tls: 7206 description: Set of TLS related options that will enable TLS 7207 termination on the sidecar for requests originating from outside 7208 the mesh. 7209 properties: 7210 caCertificates: 7211 description: REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`. 7212 type: string 7213 caCrl: 7214 description: 'OPTIONAL: The path to the file containing 7215 the certificate revocation list (CRL) to use in verifying 7216 a presented client side certificate.' 7217 type: string 7218 cipherSuites: 7219 description: 'Optional: If specified, only support the specified 7220 cipher list.' 7221 items: 7222 type: string 7223 type: array 7224 credentialName: 7225 description: For gateways running on Kubernetes, the name 7226 of the secret that holds the TLS certs including the CA 7227 certificates. 7228 type: string 7229 httpsRedirect: 7230 description: If set to true, the load balancer will send 7231 a 301 redirect for all http connections, asking the clients 7232 to use HTTPS. 7233 type: boolean 7234 maxProtocolVersion: 7235 description: |- 7236 Optional: Maximum TLS protocol version. 7237 7238 Valid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 7239 enum: 7240 - TLS_AUTO 7241 - TLSV1_0 7242 - TLSV1_1 7243 - TLSV1_2 7244 - TLSV1_3 7245 type: string 7246 minProtocolVersion: 7247 description: |- 7248 Optional: Minimum TLS protocol version. 7249 7250 Valid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 7251 enum: 7252 - TLS_AUTO 7253 - TLSV1_0 7254 - TLSV1_1 7255 - TLSV1_2 7256 - TLSV1_3 7257 type: string 7258 mode: 7259 description: |- 7260 Optional: Indicates whether connections to this port should be secured using TLS. 7261 7262 Valid Options: PASSTHROUGH, SIMPLE, MUTUAL, AUTO_PASSTHROUGH, ISTIO_MUTUAL, OPTIONAL_MUTUAL 7263 enum: 7264 - PASSTHROUGH 7265 - SIMPLE 7266 - MUTUAL 7267 - AUTO_PASSTHROUGH 7268 - ISTIO_MUTUAL 7269 - OPTIONAL_MUTUAL 7270 type: string 7271 privateKey: 7272 description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. 7273 type: string 7274 serverCertificate: 7275 description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. 7276 type: string 7277 subjectAltNames: 7278 description: A list of alternate names to verify the subject 7279 identity in the certificate presented by the client. 7280 items: 7281 type: string 7282 type: array 7283 verifyCertificateHash: 7284 description: An optional list of hex-encoded SHA-256 hashes 7285 of the authorized client certificates. 7286 items: 7287 type: string 7288 type: array 7289 verifyCertificateSpki: 7290 description: An optional list of base64-encoded SHA-256 7291 hashes of the SPKIs of authorized client certificates. 7292 items: 7293 type: string 7294 type: array 7295 type: object 7296 required: 7297 - port 7298 type: object 7299 type: array 7300 outboundTrafficPolicy: 7301 description: Configuration for the outbound traffic policy. 7302 properties: 7303 egressProxy: 7304 properties: 7305 host: 7306 description: The name of a service from the service registry. 7307 type: string 7308 port: 7309 description: Specifies the port on the host that is being 7310 addressed. 7311 properties: 7312 number: 7313 maximum: 4294967295 7314 minimum: 0 7315 type: integer 7316 type: object 7317 subset: 7318 description: The name of a subset within the service. 7319 type: string 7320 required: 7321 - host 7322 type: object 7323 mode: 7324 description: |2- 7325 7326 7327 Valid Options: REGISTRY_ONLY, ALLOW_ANY 7328 enum: 7329 - REGISTRY_ONLY 7330 - ALLOW_ANY 7331 type: string 7332 type: object 7333 workloadSelector: 7334 description: Criteria used to select the specific set of pods/VMs 7335 on which this `Sidecar` configuration should be applied. 7336 properties: 7337 labels: 7338 additionalProperties: 7339 type: string 7340 description: One or more labels that indicate a specific set of 7341 pods/VMs on which the configuration should be applied. 7342 type: object 7343 type: object 7344 type: object 7345 status: 7346 type: object 7347 x-kubernetes-preserve-unknown-fields: true 7348 type: object 7349 served: true 7350 storage: false 7351 subresources: 7352 status: {} 7353 - name: v1beta1 7354 schema: 7355 openAPIV3Schema: 7356 properties: 7357 spec: 7358 description: 'Configuration affecting network reachability of a sidecar. 7359 See more details at: https://istio.io/docs/reference/config/networking/sidecar.html' 7360 properties: 7361 egress: 7362 description: Egress specifies the configuration of the sidecar for 7363 processing outbound traffic from the attached workload instance 7364 to other services in the mesh. 7365 items: 7366 properties: 7367 bind: 7368 description: The IP(IPv4 or IPv6) or the Unix domain socket 7369 to which the listener should be bound to. 7370 type: string 7371 captureMode: 7372 description: |- 7373 When the bind address is an IP, the captureMode option dictates how traffic to the listener is expected to be captured (or not). 7374 7375 Valid Options: DEFAULT, IPTABLES, NONE 7376 enum: 7377 - DEFAULT 7378 - IPTABLES 7379 - NONE 7380 type: string 7381 hosts: 7382 description: One or more service hosts exposed by the listener 7383 in `namespace/dnsName` format. 7384 items: 7385 type: string 7386 type: array 7387 port: 7388 description: The port associated with the listener. 7389 properties: 7390 name: 7391 description: Label assigned to the port. 7392 type: string 7393 number: 7394 description: A valid non-negative integer port number. 7395 maximum: 4294967295 7396 minimum: 0 7397 type: integer 7398 protocol: 7399 description: The protocol exposed on the port. 7400 type: string 7401 targetPort: 7402 maximum: 4294967295 7403 minimum: 0 7404 type: integer 7405 type: object 7406 required: 7407 - hosts 7408 type: object 7409 type: array 7410 inboundConnectionPool: 7411 description: Settings controlling the volume of connections Envoy 7412 will accept from the network. 7413 properties: 7414 http: 7415 description: HTTP connection pool settings. 7416 properties: 7417 h2UpgradePolicy: 7418 description: |- 7419 Specify if http1.1 connection should be upgraded to http2 for the associated destination. 7420 7421 Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE 7422 enum: 7423 - DEFAULT 7424 - DO_NOT_UPGRADE 7425 - UPGRADE 7426 type: string 7427 http1MaxPendingRequests: 7428 description: Maximum number of requests that will be queued 7429 while waiting for a ready connection pool connection. 7430 format: int32 7431 type: integer 7432 http2MaxRequests: 7433 description: Maximum number of active requests to a destination. 7434 format: int32 7435 type: integer 7436 idleTimeout: 7437 description: The idle timeout for upstream connection pool 7438 connections. 7439 type: string 7440 maxConcurrentStreams: 7441 description: The maximum number of concurrent streams allowed 7442 for a peer on one HTTP/2 connection. 7443 format: int32 7444 type: integer 7445 maxRequestsPerConnection: 7446 description: Maximum number of requests per connection to 7447 a backend. 7448 format: int32 7449 type: integer 7450 maxRetries: 7451 description: Maximum number of retries that can be outstanding 7452 to all hosts in a cluster at a given time. 7453 format: int32 7454 type: integer 7455 useClientProtocol: 7456 description: If set to true, client protocol will be preserved 7457 while initiating connection to backend. 7458 type: boolean 7459 type: object 7460 tcp: 7461 description: Settings common to both HTTP and TCP upstream connections. 7462 properties: 7463 connectTimeout: 7464 description: TCP connection timeout. 7465 type: string 7466 idleTimeout: 7467 description: The idle timeout for TCP connections. 7468 type: string 7469 maxConnectionDuration: 7470 description: The maximum duration of a connection. 7471 type: string 7472 maxConnections: 7473 description: Maximum number of HTTP1 /TCP connections to a 7474 destination host. 7475 format: int32 7476 type: integer 7477 tcpKeepalive: 7478 description: If set then set SO_KEEPALIVE on the socket to 7479 enable TCP Keepalives. 7480 properties: 7481 interval: 7482 description: The time duration between keep-alive probes. 7483 type: string 7484 probes: 7485 description: Maximum number of keepalive probes to send 7486 without response before deciding the connection is dead. 7487 maximum: 4294967295 7488 minimum: 0 7489 type: integer 7490 time: 7491 description: The time duration a connection needs to be 7492 idle before keep-alive probes start being sent. 7493 type: string 7494 type: object 7495 type: object 7496 type: object 7497 ingress: 7498 description: Ingress specifies the configuration of the sidecar for 7499 processing inbound traffic to the attached workload instance. 7500 items: 7501 properties: 7502 bind: 7503 description: The IP(IPv4 or IPv6) to which the listener should 7504 be bound. 7505 type: string 7506 captureMode: 7507 description: |- 7508 The captureMode option dictates how traffic to the listener is expected to be captured (or not). 7509 7510 Valid Options: DEFAULT, IPTABLES, NONE 7511 enum: 7512 - DEFAULT 7513 - IPTABLES 7514 - NONE 7515 type: string 7516 connectionPool: 7517 description: Settings controlling the volume of connections 7518 Envoy will accept from the network. 7519 properties: 7520 http: 7521 description: HTTP connection pool settings. 7522 properties: 7523 h2UpgradePolicy: 7524 description: |- 7525 Specify if http1.1 connection should be upgraded to http2 for the associated destination. 7526 7527 Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE 7528 enum: 7529 - DEFAULT 7530 - DO_NOT_UPGRADE 7531 - UPGRADE 7532 type: string 7533 http1MaxPendingRequests: 7534 description: Maximum number of requests that will be 7535 queued while waiting for a ready connection pool connection. 7536 format: int32 7537 type: integer 7538 http2MaxRequests: 7539 description: Maximum number of active requests to a 7540 destination. 7541 format: int32 7542 type: integer 7543 idleTimeout: 7544 description: The idle timeout for upstream connection 7545 pool connections. 7546 type: string 7547 maxConcurrentStreams: 7548 description: The maximum number of concurrent streams 7549 allowed for a peer on one HTTP/2 connection. 7550 format: int32 7551 type: integer 7552 maxRequestsPerConnection: 7553 description: Maximum number of requests per connection 7554 to a backend. 7555 format: int32 7556 type: integer 7557 maxRetries: 7558 description: Maximum number of retries that can be outstanding 7559 to all hosts in a cluster at a given time. 7560 format: int32 7561 type: integer 7562 useClientProtocol: 7563 description: If set to true, client protocol will be 7564 preserved while initiating connection to backend. 7565 type: boolean 7566 type: object 7567 tcp: 7568 description: Settings common to both HTTP and TCP upstream 7569 connections. 7570 properties: 7571 connectTimeout: 7572 description: TCP connection timeout. 7573 type: string 7574 idleTimeout: 7575 description: The idle timeout for TCP connections. 7576 type: string 7577 maxConnectionDuration: 7578 description: The maximum duration of a connection. 7579 type: string 7580 maxConnections: 7581 description: Maximum number of HTTP1 /TCP connections 7582 to a destination host. 7583 format: int32 7584 type: integer 7585 tcpKeepalive: 7586 description: If set then set SO_KEEPALIVE on the socket 7587 to enable TCP Keepalives. 7588 properties: 7589 interval: 7590 description: The time duration between keep-alive 7591 probes. 7592 type: string 7593 probes: 7594 description: Maximum number of keepalive probes 7595 to send without response before deciding the connection 7596 is dead. 7597 maximum: 4294967295 7598 minimum: 0 7599 type: integer 7600 time: 7601 description: The time duration a connection needs 7602 to be idle before keep-alive probes start being 7603 sent. 7604 type: string 7605 type: object 7606 type: object 7607 type: object 7608 defaultEndpoint: 7609 description: The IP endpoint or Unix domain socket to which 7610 traffic should be forwarded to. 7611 type: string 7612 port: 7613 description: The port associated with the listener. 7614 properties: 7615 name: 7616 description: Label assigned to the port. 7617 type: string 7618 number: 7619 description: A valid non-negative integer port number. 7620 maximum: 4294967295 7621 minimum: 0 7622 type: integer 7623 protocol: 7624 description: The protocol exposed on the port. 7625 type: string 7626 targetPort: 7627 maximum: 4294967295 7628 minimum: 0 7629 type: integer 7630 type: object 7631 tls: 7632 description: Set of TLS related options that will enable TLS 7633 termination on the sidecar for requests originating from outside 7634 the mesh. 7635 properties: 7636 caCertificates: 7637 description: REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`. 7638 type: string 7639 caCrl: 7640 description: 'OPTIONAL: The path to the file containing 7641 the certificate revocation list (CRL) to use in verifying 7642 a presented client side certificate.' 7643 type: string 7644 cipherSuites: 7645 description: 'Optional: If specified, only support the specified 7646 cipher list.' 7647 items: 7648 type: string 7649 type: array 7650 credentialName: 7651 description: For gateways running on Kubernetes, the name 7652 of the secret that holds the TLS certs including the CA 7653 certificates. 7654 type: string 7655 httpsRedirect: 7656 description: If set to true, the load balancer will send 7657 a 301 redirect for all http connections, asking the clients 7658 to use HTTPS. 7659 type: boolean 7660 maxProtocolVersion: 7661 description: |- 7662 Optional: Maximum TLS protocol version. 7663 7664 Valid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 7665 enum: 7666 - TLS_AUTO 7667 - TLSV1_0 7668 - TLSV1_1 7669 - TLSV1_2 7670 - TLSV1_3 7671 type: string 7672 minProtocolVersion: 7673 description: |- 7674 Optional: Minimum TLS protocol version. 7675 7676 Valid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 7677 enum: 7678 - TLS_AUTO 7679 - TLSV1_0 7680 - TLSV1_1 7681 - TLSV1_2 7682 - TLSV1_3 7683 type: string 7684 mode: 7685 description: |- 7686 Optional: Indicates whether connections to this port should be secured using TLS. 7687 7688 Valid Options: PASSTHROUGH, SIMPLE, MUTUAL, AUTO_PASSTHROUGH, ISTIO_MUTUAL, OPTIONAL_MUTUAL 7689 enum: 7690 - PASSTHROUGH 7691 - SIMPLE 7692 - MUTUAL 7693 - AUTO_PASSTHROUGH 7694 - ISTIO_MUTUAL 7695 - OPTIONAL_MUTUAL 7696 type: string 7697 privateKey: 7698 description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. 7699 type: string 7700 serverCertificate: 7701 description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. 7702 type: string 7703 subjectAltNames: 7704 description: A list of alternate names to verify the subject 7705 identity in the certificate presented by the client. 7706 items: 7707 type: string 7708 type: array 7709 verifyCertificateHash: 7710 description: An optional list of hex-encoded SHA-256 hashes 7711 of the authorized client certificates. 7712 items: 7713 type: string 7714 type: array 7715 verifyCertificateSpki: 7716 description: An optional list of base64-encoded SHA-256 7717 hashes of the SPKIs of authorized client certificates. 7718 items: 7719 type: string 7720 type: array 7721 type: object 7722 required: 7723 - port 7724 type: object 7725 type: array 7726 outboundTrafficPolicy: 7727 description: Configuration for the outbound traffic policy. 7728 properties: 7729 egressProxy: 7730 properties: 7731 host: 7732 description: The name of a service from the service registry. 7733 type: string 7734 port: 7735 description: Specifies the port on the host that is being 7736 addressed. 7737 properties: 7738 number: 7739 maximum: 4294967295 7740 minimum: 0 7741 type: integer 7742 type: object 7743 subset: 7744 description: The name of a subset within the service. 7745 type: string 7746 required: 7747 - host 7748 type: object 7749 mode: 7750 description: |2- 7751 7752 7753 Valid Options: REGISTRY_ONLY, ALLOW_ANY 7754 enum: 7755 - REGISTRY_ONLY 7756 - ALLOW_ANY 7757 type: string 7758 type: object 7759 workloadSelector: 7760 description: Criteria used to select the specific set of pods/VMs 7761 on which this `Sidecar` configuration should be applied. 7762 properties: 7763 labels: 7764 additionalProperties: 7765 type: string 7766 description: One or more labels that indicate a specific set of 7767 pods/VMs on which the configuration should be applied. 7768 type: object 7769 type: object 7770 type: object 7771 status: 7772 type: object 7773 x-kubernetes-preserve-unknown-fields: true 7774 type: object 7775 served: true 7776 storage: true 7777 subresources: 7778 status: {} 7779 --- 7780 apiVersion: apiextensions.k8s.io/v1 7781 kind: CustomResourceDefinition 7782 metadata: 7783 annotations: 7784 "helm.sh/resource-policy": keep 7785 labels: 7786 app: istio-pilot 7787 chart: istio 7788 heritage: Tiller 7789 release: istio 7790 name: virtualservices.networking.istio.io 7791 spec: 7792 group: networking.istio.io 7793 names: 7794 categories: 7795 - istio-io 7796 - networking-istio-io 7797 kind: VirtualService 7798 listKind: VirtualServiceList 7799 plural: virtualservices 7800 shortNames: 7801 - vs 7802 singular: virtualservice 7803 scope: Namespaced 7804 versions: 7805 - additionalPrinterColumns: 7806 - description: The names of gateways and sidecars that should apply these routes 7807 jsonPath: .spec.gateways 7808 name: Gateways 7809 type: string 7810 - description: The destination hosts to which traffic is being sent 7811 jsonPath: .spec.hosts 7812 name: Hosts 7813 type: string 7814 - description: 'CreationTimestamp is a timestamp representing the server time 7815 when this object was created. It is not guaranteed to be set in happens-before 7816 order across separate operations. Clients may not set this value. It is represented 7817 in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for 7818 lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' 7819 jsonPath: .metadata.creationTimestamp 7820 name: Age 7821 type: date 7822 name: v1 7823 schema: 7824 openAPIV3Schema: 7825 properties: 7826 spec: 7827 description: 'Configuration affecting label/content routing, sni routing, 7828 etc. See more details at: https://istio.io/docs/reference/config/networking/virtual-service.html' 7829 properties: 7830 exportTo: 7831 description: A list of namespaces to which this virtual service is 7832 exported. 7833 items: 7834 type: string 7835 type: array 7836 gateways: 7837 description: The names of gateways and sidecars that should apply 7838 these routes. 7839 items: 7840 type: string 7841 type: array 7842 hosts: 7843 description: The destination hosts to which traffic is being sent. 7844 items: 7845 type: string 7846 type: array 7847 http: 7848 description: An ordered list of route rules for HTTP traffic. 7849 items: 7850 properties: 7851 corsPolicy: 7852 description: Cross-Origin Resource Sharing policy (CORS). 7853 properties: 7854 allowCredentials: 7855 description: Indicates whether the caller is allowed to 7856 send the actual request (not the preflight) using credentials. 7857 nullable: true 7858 type: boolean 7859 allowHeaders: 7860 description: List of HTTP headers that can be used when 7861 requesting the resource. 7862 items: 7863 type: string 7864 type: array 7865 allowMethods: 7866 description: List of HTTP methods allowed to access the 7867 resource. 7868 items: 7869 type: string 7870 type: array 7871 allowOrigin: 7872 items: 7873 type: string 7874 type: array 7875 allowOrigins: 7876 description: String patterns that match allowed origins. 7877 items: 7878 oneOf: 7879 - not: 7880 anyOf: 7881 - required: 7882 - exact 7883 - required: 7884 - prefix 7885 - required: 7886 - regex 7887 - required: 7888 - exact 7889 - required: 7890 - prefix 7891 - required: 7892 - regex 7893 properties: 7894 exact: 7895 type: string 7896 prefix: 7897 type: string 7898 regex: 7899 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 7900 type: string 7901 type: object 7902 type: array 7903 exposeHeaders: 7904 description: A list of HTTP headers that the browsers are 7905 allowed to access. 7906 items: 7907 type: string 7908 type: array 7909 maxAge: 7910 description: Specifies how long the results of a preflight 7911 request can be cached. 7912 type: string 7913 unmatchedPreflights: 7914 description: |- 7915 Indicates whether preflight requests not matching the configured allowed origin shouldn't be forwarded to the upstream. 7916 7917 Valid Options: FORWARD, IGNORE 7918 enum: 7919 - UNSPECIFIED 7920 - FORWARD 7921 - IGNORE 7922 type: string 7923 type: object 7924 delegate: 7925 description: Delegate is used to specify the particular VirtualService 7926 which can be used to define delegate HTTPRoute. 7927 properties: 7928 name: 7929 description: Name specifies the name of the delegate VirtualService. 7930 type: string 7931 namespace: 7932 description: Namespace specifies the namespace where the 7933 delegate VirtualService resides. 7934 type: string 7935 type: object 7936 directResponse: 7937 description: A HTTP rule can either return a direct_response, 7938 redirect or forward (default) traffic. 7939 properties: 7940 body: 7941 description: Specifies the content of the response body. 7942 oneOf: 7943 - not: 7944 anyOf: 7945 - required: 7946 - string 7947 - required: 7948 - bytes 7949 - required: 7950 - string 7951 - required: 7952 - bytes 7953 properties: 7954 bytes: 7955 description: response body as base64 encoded bytes. 7956 format: binary 7957 type: string 7958 string: 7959 type: string 7960 type: object 7961 status: 7962 description: Specifies the HTTP response status to be returned. 7963 maximum: 4294967295 7964 minimum: 0 7965 type: integer 7966 required: 7967 - status 7968 type: object 7969 fault: 7970 description: Fault injection policy to apply on HTTP traffic 7971 at the client side. 7972 properties: 7973 abort: 7974 description: Abort Http request attempts and return error 7975 codes back to downstream service, giving the impression 7976 that the upstream service is faulty. 7977 oneOf: 7978 - not: 7979 anyOf: 7980 - required: 7981 - httpStatus 7982 - required: 7983 - grpcStatus 7984 - required: 7985 - http2Error 7986 - required: 7987 - httpStatus 7988 - required: 7989 - grpcStatus 7990 - required: 7991 - http2Error 7992 properties: 7993 grpcStatus: 7994 description: GRPC status code to use to abort the request. 7995 type: string 7996 http2Error: 7997 type: string 7998 httpStatus: 7999 description: HTTP status code to use to abort the Http 8000 request. 8001 format: int32 8002 type: integer 8003 percentage: 8004 description: Percentage of requests to be aborted with 8005 the error code provided. 8006 properties: 8007 value: 8008 format: double 8009 type: number 8010 type: object 8011 type: object 8012 delay: 8013 description: Delay requests before forwarding, emulating 8014 various failures such as network issues, overloaded upstream 8015 service, etc. 8016 oneOf: 8017 - not: 8018 anyOf: 8019 - required: 8020 - fixedDelay 8021 - required: 8022 - exponentialDelay 8023 - required: 8024 - fixedDelay 8025 - required: 8026 - exponentialDelay 8027 properties: 8028 exponentialDelay: 8029 type: string 8030 fixedDelay: 8031 description: Add a fixed delay before forwarding the 8032 request. 8033 type: string 8034 percent: 8035 description: Percentage of requests on which the delay 8036 will be injected (0-100). 8037 format: int32 8038 type: integer 8039 percentage: 8040 description: Percentage of requests on which the delay 8041 will be injected. 8042 properties: 8043 value: 8044 format: double 8045 type: number 8046 type: object 8047 type: object 8048 type: object 8049 headers: 8050 properties: 8051 request: 8052 properties: 8053 add: 8054 additionalProperties: 8055 type: string 8056 type: object 8057 remove: 8058 items: 8059 type: string 8060 type: array 8061 set: 8062 additionalProperties: 8063 type: string 8064 type: object 8065 type: object 8066 response: 8067 properties: 8068 add: 8069 additionalProperties: 8070 type: string 8071 type: object 8072 remove: 8073 items: 8074 type: string 8075 type: array 8076 set: 8077 additionalProperties: 8078 type: string 8079 type: object 8080 type: object 8081 type: object 8082 match: 8083 description: Match conditions to be satisfied for the rule to 8084 be activated. 8085 items: 8086 properties: 8087 authority: 8088 description: 'HTTP Authority values are case-sensitive 8089 and formatted as follows: - `exact: "value"` for exact 8090 string match - `prefix: "value"` for prefix-based match 8091 - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).' 8092 oneOf: 8093 - not: 8094 anyOf: 8095 - required: 8096 - exact 8097 - required: 8098 - prefix 8099 - required: 8100 - regex 8101 - required: 8102 - exact 8103 - required: 8104 - prefix 8105 - required: 8106 - regex 8107 properties: 8108 exact: 8109 type: string 8110 prefix: 8111 type: string 8112 regex: 8113 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 8114 type: string 8115 type: object 8116 gateways: 8117 description: Names of gateways where the rule should be 8118 applied. 8119 items: 8120 type: string 8121 type: array 8122 headers: 8123 additionalProperties: 8124 oneOf: 8125 - not: 8126 anyOf: 8127 - required: 8128 - exact 8129 - required: 8130 - prefix 8131 - required: 8132 - regex 8133 - required: 8134 - exact 8135 - required: 8136 - prefix 8137 - required: 8138 - regex 8139 properties: 8140 exact: 8141 type: string 8142 prefix: 8143 type: string 8144 regex: 8145 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 8146 type: string 8147 type: object 8148 description: The header keys must be lowercase and use 8149 hyphen as the separator, e.g. 8150 type: object 8151 ignoreUriCase: 8152 description: Flag to specify whether the URI matching 8153 should be case-insensitive. 8154 type: boolean 8155 method: 8156 description: 'HTTP Method values are case-sensitive and 8157 formatted as follows: - `exact: "value"` for exact string 8158 match - `prefix: "value"` for prefix-based match - `regex: 8159 "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).' 8160 oneOf: 8161 - not: 8162 anyOf: 8163 - required: 8164 - exact 8165 - required: 8166 - prefix 8167 - required: 8168 - regex 8169 - required: 8170 - exact 8171 - required: 8172 - prefix 8173 - required: 8174 - regex 8175 properties: 8176 exact: 8177 type: string 8178 prefix: 8179 type: string 8180 regex: 8181 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 8182 type: string 8183 type: object 8184 name: 8185 description: The name assigned to a match. 8186 type: string 8187 port: 8188 description: Specifies the ports on the host that is being 8189 addressed. 8190 maximum: 4294967295 8191 minimum: 0 8192 type: integer 8193 queryParams: 8194 additionalProperties: 8195 oneOf: 8196 - not: 8197 anyOf: 8198 - required: 8199 - exact 8200 - required: 8201 - prefix 8202 - required: 8203 - regex 8204 - required: 8205 - exact 8206 - required: 8207 - prefix 8208 - required: 8209 - regex 8210 properties: 8211 exact: 8212 type: string 8213 prefix: 8214 type: string 8215 regex: 8216 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 8217 type: string 8218 type: object 8219 description: Query parameters for matching. 8220 type: object 8221 scheme: 8222 description: 'URI Scheme values are case-sensitive and 8223 formatted as follows: - `exact: "value"` for exact string 8224 match - `prefix: "value"` for prefix-based match - `regex: 8225 "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).' 8226 oneOf: 8227 - not: 8228 anyOf: 8229 - required: 8230 - exact 8231 - required: 8232 - prefix 8233 - required: 8234 - regex 8235 - required: 8236 - exact 8237 - required: 8238 - prefix 8239 - required: 8240 - regex 8241 properties: 8242 exact: 8243 type: string 8244 prefix: 8245 type: string 8246 regex: 8247 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 8248 type: string 8249 type: object 8250 sourceLabels: 8251 additionalProperties: 8252 type: string 8253 description: One or more labels that constrain the applicability 8254 of a rule to source (client) workloads with the given 8255 labels. 8256 type: object 8257 sourceNamespace: 8258 description: Source namespace constraining the applicability 8259 of a rule to workloads in that namespace. 8260 type: string 8261 statPrefix: 8262 description: The human readable prefix to use when emitting 8263 statistics for this route. 8264 type: string 8265 uri: 8266 description: 'URI to match values are case-sensitive and 8267 formatted as follows: - `exact: "value"` for exact string 8268 match - `prefix: "value"` for prefix-based match - `regex: 8269 "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).' 8270 oneOf: 8271 - not: 8272 anyOf: 8273 - required: 8274 - exact 8275 - required: 8276 - prefix 8277 - required: 8278 - regex 8279 - required: 8280 - exact 8281 - required: 8282 - prefix 8283 - required: 8284 - regex 8285 properties: 8286 exact: 8287 type: string 8288 prefix: 8289 type: string 8290 regex: 8291 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 8292 type: string 8293 type: object 8294 withoutHeaders: 8295 additionalProperties: 8296 oneOf: 8297 - not: 8298 anyOf: 8299 - required: 8300 - exact 8301 - required: 8302 - prefix 8303 - required: 8304 - regex 8305 - required: 8306 - exact 8307 - required: 8308 - prefix 8309 - required: 8310 - regex 8311 properties: 8312 exact: 8313 type: string 8314 prefix: 8315 type: string 8316 regex: 8317 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 8318 type: string 8319 type: object 8320 description: withoutHeader has the same syntax with the 8321 header, but has opposite meaning. 8322 type: object 8323 type: object 8324 type: array 8325 mirror: 8326 description: Mirror HTTP traffic to a another destination in 8327 addition to forwarding the requests to the intended destination. 8328 properties: 8329 host: 8330 description: The name of a service from the service registry. 8331 type: string 8332 port: 8333 description: Specifies the port on the host that is being 8334 addressed. 8335 properties: 8336 number: 8337 maximum: 4294967295 8338 minimum: 0 8339 type: integer 8340 type: object 8341 subset: 8342 description: The name of a subset within the service. 8343 type: string 8344 required: 8345 - host 8346 type: object 8347 mirror_percent: 8348 maximum: 4294967295 8349 minimum: 0 8350 nullable: true 8351 type: integer 8352 mirrorPercent: 8353 maximum: 4294967295 8354 minimum: 0 8355 nullable: true 8356 type: integer 8357 mirrorPercentage: 8358 description: Percentage of the traffic to be mirrored by the 8359 `mirror` field. 8360 properties: 8361 value: 8362 format: double 8363 type: number 8364 type: object 8365 mirrors: 8366 description: Specifies the destinations to mirror HTTP traffic 8367 in addition to the original destination. 8368 items: 8369 properties: 8370 destination: 8371 description: Destination specifies the target of the mirror 8372 operation. 8373 properties: 8374 host: 8375 description: The name of a service from the service 8376 registry. 8377 type: string 8378 port: 8379 description: Specifies the port on the host that is 8380 being addressed. 8381 properties: 8382 number: 8383 maximum: 4294967295 8384 minimum: 0 8385 type: integer 8386 type: object 8387 subset: 8388 description: The name of a subset within the service. 8389 type: string 8390 required: 8391 - host 8392 type: object 8393 percentage: 8394 description: Percentage of the traffic to be mirrored 8395 by the `destination` field. 8396 properties: 8397 value: 8398 format: double 8399 type: number 8400 type: object 8401 required: 8402 - destination 8403 type: object 8404 type: array 8405 name: 8406 description: The name assigned to the route for debugging purposes. 8407 type: string 8408 redirect: 8409 description: A HTTP rule can either return a direct_response, 8410 redirect or forward (default) traffic. 8411 oneOf: 8412 - not: 8413 anyOf: 8414 - required: 8415 - port 8416 - required: 8417 - derivePort 8418 - required: 8419 - port 8420 - required: 8421 - derivePort 8422 properties: 8423 authority: 8424 description: On a redirect, overwrite the Authority/Host 8425 portion of the URL with this value. 8426 type: string 8427 derivePort: 8428 description: |- 8429 On a redirect, dynamically set the port: * FROM_PROTOCOL_DEFAULT: automatically set to 80 for HTTP and 443 for HTTPS. 8430 8431 Valid Options: FROM_PROTOCOL_DEFAULT, FROM_REQUEST_PORT 8432 enum: 8433 - FROM_PROTOCOL_DEFAULT 8434 - FROM_REQUEST_PORT 8435 type: string 8436 port: 8437 description: On a redirect, overwrite the port portion of 8438 the URL with this value. 8439 maximum: 4294967295 8440 minimum: 0 8441 type: integer 8442 redirectCode: 8443 description: On a redirect, Specifies the HTTP status code 8444 to use in the redirect response. 8445 maximum: 4294967295 8446 minimum: 0 8447 type: integer 8448 scheme: 8449 description: On a redirect, overwrite the scheme portion 8450 of the URL with this value. 8451 type: string 8452 uri: 8453 description: On a redirect, overwrite the Path portion of 8454 the URL with this value. 8455 type: string 8456 type: object 8457 retries: 8458 description: Retry policy for HTTP requests. 8459 properties: 8460 attempts: 8461 description: Number of retries to be allowed for a given 8462 request. 8463 format: int32 8464 type: integer 8465 perTryTimeout: 8466 description: Timeout per attempt for a given request, including 8467 the initial call and any retries. 8468 type: string 8469 retryOn: 8470 description: Specifies the conditions under which retry 8471 takes place. 8472 type: string 8473 retryRemoteLocalities: 8474 description: Flag to specify whether the retries should 8475 retry to other localities. 8476 nullable: true 8477 type: boolean 8478 type: object 8479 rewrite: 8480 description: Rewrite HTTP URIs and Authority headers. 8481 properties: 8482 authority: 8483 description: rewrite the Authority/Host header with this 8484 value. 8485 type: string 8486 uri: 8487 description: rewrite the path (or the prefix) portion of 8488 the URI with this value. 8489 type: string 8490 uriRegexRewrite: 8491 description: rewrite the path portion of the URI with the 8492 specified regex. 8493 properties: 8494 match: 8495 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 8496 type: string 8497 rewrite: 8498 description: The string that should replace into matching 8499 portions of original URI. 8500 type: string 8501 type: object 8502 type: object 8503 route: 8504 description: A HTTP rule can either return a direct_response, 8505 redirect or forward (default) traffic. 8506 items: 8507 properties: 8508 destination: 8509 description: Destination uniquely identifies the instances 8510 of a service to which the request/connection should 8511 be forwarded to. 8512 properties: 8513 host: 8514 description: The name of a service from the service 8515 registry. 8516 type: string 8517 port: 8518 description: Specifies the port on the host that is 8519 being addressed. 8520 properties: 8521 number: 8522 maximum: 4294967295 8523 minimum: 0 8524 type: integer 8525 type: object 8526 subset: 8527 description: The name of a subset within the service. 8528 type: string 8529 required: 8530 - host 8531 type: object 8532 headers: 8533 properties: 8534 request: 8535 properties: 8536 add: 8537 additionalProperties: 8538 type: string 8539 type: object 8540 remove: 8541 items: 8542 type: string 8543 type: array 8544 set: 8545 additionalProperties: 8546 type: string 8547 type: object 8548 type: object 8549 response: 8550 properties: 8551 add: 8552 additionalProperties: 8553 type: string 8554 type: object 8555 remove: 8556 items: 8557 type: string 8558 type: array 8559 set: 8560 additionalProperties: 8561 type: string 8562 type: object 8563 type: object 8564 type: object 8565 weight: 8566 description: Weight specifies the relative proportion 8567 of traffic to be forwarded to the destination. 8568 format: int32 8569 type: integer 8570 required: 8571 - destination 8572 type: object 8573 type: array 8574 timeout: 8575 description: Timeout for HTTP requests, default is disabled. 8576 type: string 8577 type: object 8578 type: array 8579 tcp: 8580 description: An ordered list of route rules for opaque TCP traffic. 8581 items: 8582 properties: 8583 match: 8584 description: Match conditions to be satisfied for the rule to 8585 be activated. 8586 items: 8587 properties: 8588 destinationSubnets: 8589 description: IPv4 or IPv6 ip addresses of destination 8590 with optional subnet. 8591 items: 8592 type: string 8593 type: array 8594 gateways: 8595 description: Names of gateways where the rule should be 8596 applied. 8597 items: 8598 type: string 8599 type: array 8600 port: 8601 description: Specifies the port on the host that is being 8602 addressed. 8603 maximum: 4294967295 8604 minimum: 0 8605 type: integer 8606 sourceLabels: 8607 additionalProperties: 8608 type: string 8609 description: One or more labels that constrain the applicability 8610 of a rule to workloads with the given labels. 8611 type: object 8612 sourceNamespace: 8613 description: Source namespace constraining the applicability 8614 of a rule to workloads in that namespace. 8615 type: string 8616 sourceSubnet: 8617 type: string 8618 type: object 8619 type: array 8620 route: 8621 description: The destination to which the connection should 8622 be forwarded to. 8623 items: 8624 properties: 8625 destination: 8626 description: Destination uniquely identifies the instances 8627 of a service to which the request/connection should 8628 be forwarded to. 8629 properties: 8630 host: 8631 description: The name of a service from the service 8632 registry. 8633 type: string 8634 port: 8635 description: Specifies the port on the host that is 8636 being addressed. 8637 properties: 8638 number: 8639 maximum: 4294967295 8640 minimum: 0 8641 type: integer 8642 type: object 8643 subset: 8644 description: The name of a subset within the service. 8645 type: string 8646 required: 8647 - host 8648 type: object 8649 weight: 8650 description: Weight specifies the relative proportion 8651 of traffic to be forwarded to the destination. 8652 format: int32 8653 type: integer 8654 required: 8655 - destination 8656 type: object 8657 type: array 8658 type: object 8659 type: array 8660 tls: 8661 description: An ordered list of route rule for non-terminated TLS 8662 & HTTPS traffic. 8663 items: 8664 properties: 8665 match: 8666 description: Match conditions to be satisfied for the rule to 8667 be activated. 8668 items: 8669 properties: 8670 destinationSubnets: 8671 description: IPv4 or IPv6 ip addresses of destination 8672 with optional subnet. 8673 items: 8674 type: string 8675 type: array 8676 gateways: 8677 description: Names of gateways where the rule should be 8678 applied. 8679 items: 8680 type: string 8681 type: array 8682 port: 8683 description: Specifies the port on the host that is being 8684 addressed. 8685 maximum: 4294967295 8686 minimum: 0 8687 type: integer 8688 sniHosts: 8689 description: SNI (server name indicator) to match on. 8690 items: 8691 type: string 8692 type: array 8693 sourceLabels: 8694 additionalProperties: 8695 type: string 8696 description: One or more labels that constrain the applicability 8697 of a rule to workloads with the given labels. 8698 type: object 8699 sourceNamespace: 8700 description: Source namespace constraining the applicability 8701 of a rule to workloads in that namespace. 8702 type: string 8703 required: 8704 - sniHosts 8705 type: object 8706 type: array 8707 route: 8708 description: The destination to which the connection should 8709 be forwarded to. 8710 items: 8711 properties: 8712 destination: 8713 description: Destination uniquely identifies the instances 8714 of a service to which the request/connection should 8715 be forwarded to. 8716 properties: 8717 host: 8718 description: The name of a service from the service 8719 registry. 8720 type: string 8721 port: 8722 description: Specifies the port on the host that is 8723 being addressed. 8724 properties: 8725 number: 8726 maximum: 4294967295 8727 minimum: 0 8728 type: integer 8729 type: object 8730 subset: 8731 description: The name of a subset within the service. 8732 type: string 8733 required: 8734 - host 8735 type: object 8736 weight: 8737 description: Weight specifies the relative proportion 8738 of traffic to be forwarded to the destination. 8739 format: int32 8740 type: integer 8741 required: 8742 - destination 8743 type: object 8744 type: array 8745 required: 8746 - match 8747 type: object 8748 type: array 8749 type: object 8750 status: 8751 type: object 8752 x-kubernetes-preserve-unknown-fields: true 8753 type: object 8754 served: true 8755 storage: false 8756 subresources: 8757 status: {} 8758 - additionalPrinterColumns: 8759 - description: The names of gateways and sidecars that should apply these routes 8760 jsonPath: .spec.gateways 8761 name: Gateways 8762 type: string 8763 - description: The destination hosts to which traffic is being sent 8764 jsonPath: .spec.hosts 8765 name: Hosts 8766 type: string 8767 - description: 'CreationTimestamp is a timestamp representing the server time 8768 when this object was created. It is not guaranteed to be set in happens-before 8769 order across separate operations. Clients may not set this value. It is represented 8770 in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for 8771 lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' 8772 jsonPath: .metadata.creationTimestamp 8773 name: Age 8774 type: date 8775 name: v1alpha3 8776 schema: 8777 openAPIV3Schema: 8778 properties: 8779 spec: 8780 description: 'Configuration affecting label/content routing, sni routing, 8781 etc. See more details at: https://istio.io/docs/reference/config/networking/virtual-service.html' 8782 properties: 8783 exportTo: 8784 description: A list of namespaces to which this virtual service is 8785 exported. 8786 items: 8787 type: string 8788 type: array 8789 gateways: 8790 description: The names of gateways and sidecars that should apply 8791 these routes. 8792 items: 8793 type: string 8794 type: array 8795 hosts: 8796 description: The destination hosts to which traffic is being sent. 8797 items: 8798 type: string 8799 type: array 8800 http: 8801 description: An ordered list of route rules for HTTP traffic. 8802 items: 8803 properties: 8804 corsPolicy: 8805 description: Cross-Origin Resource Sharing policy (CORS). 8806 properties: 8807 allowCredentials: 8808 description: Indicates whether the caller is allowed to 8809 send the actual request (not the preflight) using credentials. 8810 nullable: true 8811 type: boolean 8812 allowHeaders: 8813 description: List of HTTP headers that can be used when 8814 requesting the resource. 8815 items: 8816 type: string 8817 type: array 8818 allowMethods: 8819 description: List of HTTP methods allowed to access the 8820 resource. 8821 items: 8822 type: string 8823 type: array 8824 allowOrigin: 8825 items: 8826 type: string 8827 type: array 8828 allowOrigins: 8829 description: String patterns that match allowed origins. 8830 items: 8831 oneOf: 8832 - not: 8833 anyOf: 8834 - required: 8835 - exact 8836 - required: 8837 - prefix 8838 - required: 8839 - regex 8840 - required: 8841 - exact 8842 - required: 8843 - prefix 8844 - required: 8845 - regex 8846 properties: 8847 exact: 8848 type: string 8849 prefix: 8850 type: string 8851 regex: 8852 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 8853 type: string 8854 type: object 8855 type: array 8856 exposeHeaders: 8857 description: A list of HTTP headers that the browsers are 8858 allowed to access. 8859 items: 8860 type: string 8861 type: array 8862 maxAge: 8863 description: Specifies how long the results of a preflight 8864 request can be cached. 8865 type: string 8866 unmatchedPreflights: 8867 description: |- 8868 Indicates whether preflight requests not matching the configured allowed origin shouldn't be forwarded to the upstream. 8869 8870 Valid Options: FORWARD, IGNORE 8871 enum: 8872 - UNSPECIFIED 8873 - FORWARD 8874 - IGNORE 8875 type: string 8876 type: object 8877 delegate: 8878 description: Delegate is used to specify the particular VirtualService 8879 which can be used to define delegate HTTPRoute. 8880 properties: 8881 name: 8882 description: Name specifies the name of the delegate VirtualService. 8883 type: string 8884 namespace: 8885 description: Namespace specifies the namespace where the 8886 delegate VirtualService resides. 8887 type: string 8888 type: object 8889 directResponse: 8890 description: A HTTP rule can either return a direct_response, 8891 redirect or forward (default) traffic. 8892 properties: 8893 body: 8894 description: Specifies the content of the response body. 8895 oneOf: 8896 - not: 8897 anyOf: 8898 - required: 8899 - string 8900 - required: 8901 - bytes 8902 - required: 8903 - string 8904 - required: 8905 - bytes 8906 properties: 8907 bytes: 8908 description: response body as base64 encoded bytes. 8909 format: binary 8910 type: string 8911 string: 8912 type: string 8913 type: object 8914 status: 8915 description: Specifies the HTTP response status to be returned. 8916 maximum: 4294967295 8917 minimum: 0 8918 type: integer 8919 required: 8920 - status 8921 type: object 8922 fault: 8923 description: Fault injection policy to apply on HTTP traffic 8924 at the client side. 8925 properties: 8926 abort: 8927 description: Abort Http request attempts and return error 8928 codes back to downstream service, giving the impression 8929 that the upstream service is faulty. 8930 oneOf: 8931 - not: 8932 anyOf: 8933 - required: 8934 - httpStatus 8935 - required: 8936 - grpcStatus 8937 - required: 8938 - http2Error 8939 - required: 8940 - httpStatus 8941 - required: 8942 - grpcStatus 8943 - required: 8944 - http2Error 8945 properties: 8946 grpcStatus: 8947 description: GRPC status code to use to abort the request. 8948 type: string 8949 http2Error: 8950 type: string 8951 httpStatus: 8952 description: HTTP status code to use to abort the Http 8953 request. 8954 format: int32 8955 type: integer 8956 percentage: 8957 description: Percentage of requests to be aborted with 8958 the error code provided. 8959 properties: 8960 value: 8961 format: double 8962 type: number 8963 type: object 8964 type: object 8965 delay: 8966 description: Delay requests before forwarding, emulating 8967 various failures such as network issues, overloaded upstream 8968 service, etc. 8969 oneOf: 8970 - not: 8971 anyOf: 8972 - required: 8973 - fixedDelay 8974 - required: 8975 - exponentialDelay 8976 - required: 8977 - fixedDelay 8978 - required: 8979 - exponentialDelay 8980 properties: 8981 exponentialDelay: 8982 type: string 8983 fixedDelay: 8984 description: Add a fixed delay before forwarding the 8985 request. 8986 type: string 8987 percent: 8988 description: Percentage of requests on which the delay 8989 will be injected (0-100). 8990 format: int32 8991 type: integer 8992 percentage: 8993 description: Percentage of requests on which the delay 8994 will be injected. 8995 properties: 8996 value: 8997 format: double 8998 type: number 8999 type: object 9000 type: object 9001 type: object 9002 headers: 9003 properties: 9004 request: 9005 properties: 9006 add: 9007 additionalProperties: 9008 type: string 9009 type: object 9010 remove: 9011 items: 9012 type: string 9013 type: array 9014 set: 9015 additionalProperties: 9016 type: string 9017 type: object 9018 type: object 9019 response: 9020 properties: 9021 add: 9022 additionalProperties: 9023 type: string 9024 type: object 9025 remove: 9026 items: 9027 type: string 9028 type: array 9029 set: 9030 additionalProperties: 9031 type: string 9032 type: object 9033 type: object 9034 type: object 9035 match: 9036 description: Match conditions to be satisfied for the rule to 9037 be activated. 9038 items: 9039 properties: 9040 authority: 9041 description: 'HTTP Authority values are case-sensitive 9042 and formatted as follows: - `exact: "value"` for exact 9043 string match - `prefix: "value"` for prefix-based match 9044 - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).' 9045 oneOf: 9046 - not: 9047 anyOf: 9048 - required: 9049 - exact 9050 - required: 9051 - prefix 9052 - required: 9053 - regex 9054 - required: 9055 - exact 9056 - required: 9057 - prefix 9058 - required: 9059 - regex 9060 properties: 9061 exact: 9062 type: string 9063 prefix: 9064 type: string 9065 regex: 9066 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 9067 type: string 9068 type: object 9069 gateways: 9070 description: Names of gateways where the rule should be 9071 applied. 9072 items: 9073 type: string 9074 type: array 9075 headers: 9076 additionalProperties: 9077 oneOf: 9078 - not: 9079 anyOf: 9080 - required: 9081 - exact 9082 - required: 9083 - prefix 9084 - required: 9085 - regex 9086 - required: 9087 - exact 9088 - required: 9089 - prefix 9090 - required: 9091 - regex 9092 properties: 9093 exact: 9094 type: string 9095 prefix: 9096 type: string 9097 regex: 9098 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 9099 type: string 9100 type: object 9101 description: The header keys must be lowercase and use 9102 hyphen as the separator, e.g. 9103 type: object 9104 ignoreUriCase: 9105 description: Flag to specify whether the URI matching 9106 should be case-insensitive. 9107 type: boolean 9108 method: 9109 description: 'HTTP Method values are case-sensitive and 9110 formatted as follows: - `exact: "value"` for exact string 9111 match - `prefix: "value"` for prefix-based match - `regex: 9112 "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).' 9113 oneOf: 9114 - not: 9115 anyOf: 9116 - required: 9117 - exact 9118 - required: 9119 - prefix 9120 - required: 9121 - regex 9122 - required: 9123 - exact 9124 - required: 9125 - prefix 9126 - required: 9127 - regex 9128 properties: 9129 exact: 9130 type: string 9131 prefix: 9132 type: string 9133 regex: 9134 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 9135 type: string 9136 type: object 9137 name: 9138 description: The name assigned to a match. 9139 type: string 9140 port: 9141 description: Specifies the ports on the host that is being 9142 addressed. 9143 maximum: 4294967295 9144 minimum: 0 9145 type: integer 9146 queryParams: 9147 additionalProperties: 9148 oneOf: 9149 - not: 9150 anyOf: 9151 - required: 9152 - exact 9153 - required: 9154 - prefix 9155 - required: 9156 - regex 9157 - required: 9158 - exact 9159 - required: 9160 - prefix 9161 - required: 9162 - regex 9163 properties: 9164 exact: 9165 type: string 9166 prefix: 9167 type: string 9168 regex: 9169 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 9170 type: string 9171 type: object 9172 description: Query parameters for matching. 9173 type: object 9174 scheme: 9175 description: 'URI Scheme values are case-sensitive and 9176 formatted as follows: - `exact: "value"` for exact string 9177 match - `prefix: "value"` for prefix-based match - `regex: 9178 "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).' 9179 oneOf: 9180 - not: 9181 anyOf: 9182 - required: 9183 - exact 9184 - required: 9185 - prefix 9186 - required: 9187 - regex 9188 - required: 9189 - exact 9190 - required: 9191 - prefix 9192 - required: 9193 - regex 9194 properties: 9195 exact: 9196 type: string 9197 prefix: 9198 type: string 9199 regex: 9200 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 9201 type: string 9202 type: object 9203 sourceLabels: 9204 additionalProperties: 9205 type: string 9206 description: One or more labels that constrain the applicability 9207 of a rule to source (client) workloads with the given 9208 labels. 9209 type: object 9210 sourceNamespace: 9211 description: Source namespace constraining the applicability 9212 of a rule to workloads in that namespace. 9213 type: string 9214 statPrefix: 9215 description: The human readable prefix to use when emitting 9216 statistics for this route. 9217 type: string 9218 uri: 9219 description: 'URI to match values are case-sensitive and 9220 formatted as follows: - `exact: "value"` for exact string 9221 match - `prefix: "value"` for prefix-based match - `regex: 9222 "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).' 9223 oneOf: 9224 - not: 9225 anyOf: 9226 - required: 9227 - exact 9228 - required: 9229 - prefix 9230 - required: 9231 - regex 9232 - required: 9233 - exact 9234 - required: 9235 - prefix 9236 - required: 9237 - regex 9238 properties: 9239 exact: 9240 type: string 9241 prefix: 9242 type: string 9243 regex: 9244 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 9245 type: string 9246 type: object 9247 withoutHeaders: 9248 additionalProperties: 9249 oneOf: 9250 - not: 9251 anyOf: 9252 - required: 9253 - exact 9254 - required: 9255 - prefix 9256 - required: 9257 - regex 9258 - required: 9259 - exact 9260 - required: 9261 - prefix 9262 - required: 9263 - regex 9264 properties: 9265 exact: 9266 type: string 9267 prefix: 9268 type: string 9269 regex: 9270 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 9271 type: string 9272 type: object 9273 description: withoutHeader has the same syntax with the 9274 header, but has opposite meaning. 9275 type: object 9276 type: object 9277 type: array 9278 mirror: 9279 description: Mirror HTTP traffic to a another destination in 9280 addition to forwarding the requests to the intended destination. 9281 properties: 9282 host: 9283 description: The name of a service from the service registry. 9284 type: string 9285 port: 9286 description: Specifies the port on the host that is being 9287 addressed. 9288 properties: 9289 number: 9290 maximum: 4294967295 9291 minimum: 0 9292 type: integer 9293 type: object 9294 subset: 9295 description: The name of a subset within the service. 9296 type: string 9297 required: 9298 - host 9299 type: object 9300 mirror_percent: 9301 maximum: 4294967295 9302 minimum: 0 9303 nullable: true 9304 type: integer 9305 mirrorPercent: 9306 maximum: 4294967295 9307 minimum: 0 9308 nullable: true 9309 type: integer 9310 mirrorPercentage: 9311 description: Percentage of the traffic to be mirrored by the 9312 `mirror` field. 9313 properties: 9314 value: 9315 format: double 9316 type: number 9317 type: object 9318 mirrors: 9319 description: Specifies the destinations to mirror HTTP traffic 9320 in addition to the original destination. 9321 items: 9322 properties: 9323 destination: 9324 description: Destination specifies the target of the mirror 9325 operation. 9326 properties: 9327 host: 9328 description: The name of a service from the service 9329 registry. 9330 type: string 9331 port: 9332 description: Specifies the port on the host that is 9333 being addressed. 9334 properties: 9335 number: 9336 maximum: 4294967295 9337 minimum: 0 9338 type: integer 9339 type: object 9340 subset: 9341 description: The name of a subset within the service. 9342 type: string 9343 required: 9344 - host 9345 type: object 9346 percentage: 9347 description: Percentage of the traffic to be mirrored 9348 by the `destination` field. 9349 properties: 9350 value: 9351 format: double 9352 type: number 9353 type: object 9354 required: 9355 - destination 9356 type: object 9357 type: array 9358 name: 9359 description: The name assigned to the route for debugging purposes. 9360 type: string 9361 redirect: 9362 description: A HTTP rule can either return a direct_response, 9363 redirect or forward (default) traffic. 9364 oneOf: 9365 - not: 9366 anyOf: 9367 - required: 9368 - port 9369 - required: 9370 - derivePort 9371 - required: 9372 - port 9373 - required: 9374 - derivePort 9375 properties: 9376 authority: 9377 description: On a redirect, overwrite the Authority/Host 9378 portion of the URL with this value. 9379 type: string 9380 derivePort: 9381 description: |- 9382 On a redirect, dynamically set the port: * FROM_PROTOCOL_DEFAULT: automatically set to 80 for HTTP and 443 for HTTPS. 9383 9384 Valid Options: FROM_PROTOCOL_DEFAULT, FROM_REQUEST_PORT 9385 enum: 9386 - FROM_PROTOCOL_DEFAULT 9387 - FROM_REQUEST_PORT 9388 type: string 9389 port: 9390 description: On a redirect, overwrite the port portion of 9391 the URL with this value. 9392 maximum: 4294967295 9393 minimum: 0 9394 type: integer 9395 redirectCode: 9396 description: On a redirect, Specifies the HTTP status code 9397 to use in the redirect response. 9398 maximum: 4294967295 9399 minimum: 0 9400 type: integer 9401 scheme: 9402 description: On a redirect, overwrite the scheme portion 9403 of the URL with this value. 9404 type: string 9405 uri: 9406 description: On a redirect, overwrite the Path portion of 9407 the URL with this value. 9408 type: string 9409 type: object 9410 retries: 9411 description: Retry policy for HTTP requests. 9412 properties: 9413 attempts: 9414 description: Number of retries to be allowed for a given 9415 request. 9416 format: int32 9417 type: integer 9418 perTryTimeout: 9419 description: Timeout per attempt for a given request, including 9420 the initial call and any retries. 9421 type: string 9422 retryOn: 9423 description: Specifies the conditions under which retry 9424 takes place. 9425 type: string 9426 retryRemoteLocalities: 9427 description: Flag to specify whether the retries should 9428 retry to other localities. 9429 nullable: true 9430 type: boolean 9431 type: object 9432 rewrite: 9433 description: Rewrite HTTP URIs and Authority headers. 9434 properties: 9435 authority: 9436 description: rewrite the Authority/Host header with this 9437 value. 9438 type: string 9439 uri: 9440 description: rewrite the path (or the prefix) portion of 9441 the URI with this value. 9442 type: string 9443 uriRegexRewrite: 9444 description: rewrite the path portion of the URI with the 9445 specified regex. 9446 properties: 9447 match: 9448 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 9449 type: string 9450 rewrite: 9451 description: The string that should replace into matching 9452 portions of original URI. 9453 type: string 9454 type: object 9455 type: object 9456 route: 9457 description: A HTTP rule can either return a direct_response, 9458 redirect or forward (default) traffic. 9459 items: 9460 properties: 9461 destination: 9462 description: Destination uniquely identifies the instances 9463 of a service to which the request/connection should 9464 be forwarded to. 9465 properties: 9466 host: 9467 description: The name of a service from the service 9468 registry. 9469 type: string 9470 port: 9471 description: Specifies the port on the host that is 9472 being addressed. 9473 properties: 9474 number: 9475 maximum: 4294967295 9476 minimum: 0 9477 type: integer 9478 type: object 9479 subset: 9480 description: The name of a subset within the service. 9481 type: string 9482 required: 9483 - host 9484 type: object 9485 headers: 9486 properties: 9487 request: 9488 properties: 9489 add: 9490 additionalProperties: 9491 type: string 9492 type: object 9493 remove: 9494 items: 9495 type: string 9496 type: array 9497 set: 9498 additionalProperties: 9499 type: string 9500 type: object 9501 type: object 9502 response: 9503 properties: 9504 add: 9505 additionalProperties: 9506 type: string 9507 type: object 9508 remove: 9509 items: 9510 type: string 9511 type: array 9512 set: 9513 additionalProperties: 9514 type: string 9515 type: object 9516 type: object 9517 type: object 9518 weight: 9519 description: Weight specifies the relative proportion 9520 of traffic to be forwarded to the destination. 9521 format: int32 9522 type: integer 9523 required: 9524 - destination 9525 type: object 9526 type: array 9527 timeout: 9528 description: Timeout for HTTP requests, default is disabled. 9529 type: string 9530 type: object 9531 type: array 9532 tcp: 9533 description: An ordered list of route rules for opaque TCP traffic. 9534 items: 9535 properties: 9536 match: 9537 description: Match conditions to be satisfied for the rule to 9538 be activated. 9539 items: 9540 properties: 9541 destinationSubnets: 9542 description: IPv4 or IPv6 ip addresses of destination 9543 with optional subnet. 9544 items: 9545 type: string 9546 type: array 9547 gateways: 9548 description: Names of gateways where the rule should be 9549 applied. 9550 items: 9551 type: string 9552 type: array 9553 port: 9554 description: Specifies the port on the host that is being 9555 addressed. 9556 maximum: 4294967295 9557 minimum: 0 9558 type: integer 9559 sourceLabels: 9560 additionalProperties: 9561 type: string 9562 description: One or more labels that constrain the applicability 9563 of a rule to workloads with the given labels. 9564 type: object 9565 sourceNamespace: 9566 description: Source namespace constraining the applicability 9567 of a rule to workloads in that namespace. 9568 type: string 9569 sourceSubnet: 9570 type: string 9571 type: object 9572 type: array 9573 route: 9574 description: The destination to which the connection should 9575 be forwarded to. 9576 items: 9577 properties: 9578 destination: 9579 description: Destination uniquely identifies the instances 9580 of a service to which the request/connection should 9581 be forwarded to. 9582 properties: 9583 host: 9584 description: The name of a service from the service 9585 registry. 9586 type: string 9587 port: 9588 description: Specifies the port on the host that is 9589 being addressed. 9590 properties: 9591 number: 9592 maximum: 4294967295 9593 minimum: 0 9594 type: integer 9595 type: object 9596 subset: 9597 description: The name of a subset within the service. 9598 type: string 9599 required: 9600 - host 9601 type: object 9602 weight: 9603 description: Weight specifies the relative proportion 9604 of traffic to be forwarded to the destination. 9605 format: int32 9606 type: integer 9607 required: 9608 - destination 9609 type: object 9610 type: array 9611 type: object 9612 type: array 9613 tls: 9614 description: An ordered list of route rule for non-terminated TLS 9615 & HTTPS traffic. 9616 items: 9617 properties: 9618 match: 9619 description: Match conditions to be satisfied for the rule to 9620 be activated. 9621 items: 9622 properties: 9623 destinationSubnets: 9624 description: IPv4 or IPv6 ip addresses of destination 9625 with optional subnet. 9626 items: 9627 type: string 9628 type: array 9629 gateways: 9630 description: Names of gateways where the rule should be 9631 applied. 9632 items: 9633 type: string 9634 type: array 9635 port: 9636 description: Specifies the port on the host that is being 9637 addressed. 9638 maximum: 4294967295 9639 minimum: 0 9640 type: integer 9641 sniHosts: 9642 description: SNI (server name indicator) to match on. 9643 items: 9644 type: string 9645 type: array 9646 sourceLabels: 9647 additionalProperties: 9648 type: string 9649 description: One or more labels that constrain the applicability 9650 of a rule to workloads with the given labels. 9651 type: object 9652 sourceNamespace: 9653 description: Source namespace constraining the applicability 9654 of a rule to workloads in that namespace. 9655 type: string 9656 required: 9657 - sniHosts 9658 type: object 9659 type: array 9660 route: 9661 description: The destination to which the connection should 9662 be forwarded to. 9663 items: 9664 properties: 9665 destination: 9666 description: Destination uniquely identifies the instances 9667 of a service to which the request/connection should 9668 be forwarded to. 9669 properties: 9670 host: 9671 description: The name of a service from the service 9672 registry. 9673 type: string 9674 port: 9675 description: Specifies the port on the host that is 9676 being addressed. 9677 properties: 9678 number: 9679 maximum: 4294967295 9680 minimum: 0 9681 type: integer 9682 type: object 9683 subset: 9684 description: The name of a subset within the service. 9685 type: string 9686 required: 9687 - host 9688 type: object 9689 weight: 9690 description: Weight specifies the relative proportion 9691 of traffic to be forwarded to the destination. 9692 format: int32 9693 type: integer 9694 required: 9695 - destination 9696 type: object 9697 type: array 9698 required: 9699 - match 9700 type: object 9701 type: array 9702 type: object 9703 status: 9704 type: object 9705 x-kubernetes-preserve-unknown-fields: true 9706 type: object 9707 served: true 9708 storage: false 9709 subresources: 9710 status: {} 9711 - additionalPrinterColumns: 9712 - description: The names of gateways and sidecars that should apply these routes 9713 jsonPath: .spec.gateways 9714 name: Gateways 9715 type: string 9716 - description: The destination hosts to which traffic is being sent 9717 jsonPath: .spec.hosts 9718 name: Hosts 9719 type: string 9720 - description: 'CreationTimestamp is a timestamp representing the server time 9721 when this object was created. It is not guaranteed to be set in happens-before 9722 order across separate operations. Clients may not set this value. It is represented 9723 in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for 9724 lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' 9725 jsonPath: .metadata.creationTimestamp 9726 name: Age 9727 type: date 9728 name: v1beta1 9729 schema: 9730 openAPIV3Schema: 9731 properties: 9732 spec: 9733 description: 'Configuration affecting label/content routing, sni routing, 9734 etc. See more details at: https://istio.io/docs/reference/config/networking/virtual-service.html' 9735 properties: 9736 exportTo: 9737 description: A list of namespaces to which this virtual service is 9738 exported. 9739 items: 9740 type: string 9741 type: array 9742 gateways: 9743 description: The names of gateways and sidecars that should apply 9744 these routes. 9745 items: 9746 type: string 9747 type: array 9748 hosts: 9749 description: The destination hosts to which traffic is being sent. 9750 items: 9751 type: string 9752 type: array 9753 http: 9754 description: An ordered list of route rules for HTTP traffic. 9755 items: 9756 properties: 9757 corsPolicy: 9758 description: Cross-Origin Resource Sharing policy (CORS). 9759 properties: 9760 allowCredentials: 9761 description: Indicates whether the caller is allowed to 9762 send the actual request (not the preflight) using credentials. 9763 nullable: true 9764 type: boolean 9765 allowHeaders: 9766 description: List of HTTP headers that can be used when 9767 requesting the resource. 9768 items: 9769 type: string 9770 type: array 9771 allowMethods: 9772 description: List of HTTP methods allowed to access the 9773 resource. 9774 items: 9775 type: string 9776 type: array 9777 allowOrigin: 9778 items: 9779 type: string 9780 type: array 9781 allowOrigins: 9782 description: String patterns that match allowed origins. 9783 items: 9784 oneOf: 9785 - not: 9786 anyOf: 9787 - required: 9788 - exact 9789 - required: 9790 - prefix 9791 - required: 9792 - regex 9793 - required: 9794 - exact 9795 - required: 9796 - prefix 9797 - required: 9798 - regex 9799 properties: 9800 exact: 9801 type: string 9802 prefix: 9803 type: string 9804 regex: 9805 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 9806 type: string 9807 type: object 9808 type: array 9809 exposeHeaders: 9810 description: A list of HTTP headers that the browsers are 9811 allowed to access. 9812 items: 9813 type: string 9814 type: array 9815 maxAge: 9816 description: Specifies how long the results of a preflight 9817 request can be cached. 9818 type: string 9819 unmatchedPreflights: 9820 description: |- 9821 Indicates whether preflight requests not matching the configured allowed origin shouldn't be forwarded to the upstream. 9822 9823 Valid Options: FORWARD, IGNORE 9824 enum: 9825 - UNSPECIFIED 9826 - FORWARD 9827 - IGNORE 9828 type: string 9829 type: object 9830 delegate: 9831 description: Delegate is used to specify the particular VirtualService 9832 which can be used to define delegate HTTPRoute. 9833 properties: 9834 name: 9835 description: Name specifies the name of the delegate VirtualService. 9836 type: string 9837 namespace: 9838 description: Namespace specifies the namespace where the 9839 delegate VirtualService resides. 9840 type: string 9841 type: object 9842 directResponse: 9843 description: A HTTP rule can either return a direct_response, 9844 redirect or forward (default) traffic. 9845 properties: 9846 body: 9847 description: Specifies the content of the response body. 9848 oneOf: 9849 - not: 9850 anyOf: 9851 - required: 9852 - string 9853 - required: 9854 - bytes 9855 - required: 9856 - string 9857 - required: 9858 - bytes 9859 properties: 9860 bytes: 9861 description: response body as base64 encoded bytes. 9862 format: binary 9863 type: string 9864 string: 9865 type: string 9866 type: object 9867 status: 9868 description: Specifies the HTTP response status to be returned. 9869 maximum: 4294967295 9870 minimum: 0 9871 type: integer 9872 required: 9873 - status 9874 type: object 9875 fault: 9876 description: Fault injection policy to apply on HTTP traffic 9877 at the client side. 9878 properties: 9879 abort: 9880 description: Abort Http request attempts and return error 9881 codes back to downstream service, giving the impression 9882 that the upstream service is faulty. 9883 oneOf: 9884 - not: 9885 anyOf: 9886 - required: 9887 - httpStatus 9888 - required: 9889 - grpcStatus 9890 - required: 9891 - http2Error 9892 - required: 9893 - httpStatus 9894 - required: 9895 - grpcStatus 9896 - required: 9897 - http2Error 9898 properties: 9899 grpcStatus: 9900 description: GRPC status code to use to abort the request. 9901 type: string 9902 http2Error: 9903 type: string 9904 httpStatus: 9905 description: HTTP status code to use to abort the Http 9906 request. 9907 format: int32 9908 type: integer 9909 percentage: 9910 description: Percentage of requests to be aborted with 9911 the error code provided. 9912 properties: 9913 value: 9914 format: double 9915 type: number 9916 type: object 9917 type: object 9918 delay: 9919 description: Delay requests before forwarding, emulating 9920 various failures such as network issues, overloaded upstream 9921 service, etc. 9922 oneOf: 9923 - not: 9924 anyOf: 9925 - required: 9926 - fixedDelay 9927 - required: 9928 - exponentialDelay 9929 - required: 9930 - fixedDelay 9931 - required: 9932 - exponentialDelay 9933 properties: 9934 exponentialDelay: 9935 type: string 9936 fixedDelay: 9937 description: Add a fixed delay before forwarding the 9938 request. 9939 type: string 9940 percent: 9941 description: Percentage of requests on which the delay 9942 will be injected (0-100). 9943 format: int32 9944 type: integer 9945 percentage: 9946 description: Percentage of requests on which the delay 9947 will be injected. 9948 properties: 9949 value: 9950 format: double 9951 type: number 9952 type: object 9953 type: object 9954 type: object 9955 headers: 9956 properties: 9957 request: 9958 properties: 9959 add: 9960 additionalProperties: 9961 type: string 9962 type: object 9963 remove: 9964 items: 9965 type: string 9966 type: array 9967 set: 9968 additionalProperties: 9969 type: string 9970 type: object 9971 type: object 9972 response: 9973 properties: 9974 add: 9975 additionalProperties: 9976 type: string 9977 type: object 9978 remove: 9979 items: 9980 type: string 9981 type: array 9982 set: 9983 additionalProperties: 9984 type: string 9985 type: object 9986 type: object 9987 type: object 9988 match: 9989 description: Match conditions to be satisfied for the rule to 9990 be activated. 9991 items: 9992 properties: 9993 authority: 9994 description: 'HTTP Authority values are case-sensitive 9995 and formatted as follows: - `exact: "value"` for exact 9996 string match - `prefix: "value"` for prefix-based match 9997 - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).' 9998 oneOf: 9999 - not: 10000 anyOf: 10001 - required: 10002 - exact 10003 - required: 10004 - prefix 10005 - required: 10006 - regex 10007 - required: 10008 - exact 10009 - required: 10010 - prefix 10011 - required: 10012 - regex 10013 properties: 10014 exact: 10015 type: string 10016 prefix: 10017 type: string 10018 regex: 10019 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 10020 type: string 10021 type: object 10022 gateways: 10023 description: Names of gateways where the rule should be 10024 applied. 10025 items: 10026 type: string 10027 type: array 10028 headers: 10029 additionalProperties: 10030 oneOf: 10031 - not: 10032 anyOf: 10033 - required: 10034 - exact 10035 - required: 10036 - prefix 10037 - required: 10038 - regex 10039 - required: 10040 - exact 10041 - required: 10042 - prefix 10043 - required: 10044 - regex 10045 properties: 10046 exact: 10047 type: string 10048 prefix: 10049 type: string 10050 regex: 10051 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 10052 type: string 10053 type: object 10054 description: The header keys must be lowercase and use 10055 hyphen as the separator, e.g. 10056 type: object 10057 ignoreUriCase: 10058 description: Flag to specify whether the URI matching 10059 should be case-insensitive. 10060 type: boolean 10061 method: 10062 description: 'HTTP Method values are case-sensitive and 10063 formatted as follows: - `exact: "value"` for exact string 10064 match - `prefix: "value"` for prefix-based match - `regex: 10065 "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).' 10066 oneOf: 10067 - not: 10068 anyOf: 10069 - required: 10070 - exact 10071 - required: 10072 - prefix 10073 - required: 10074 - regex 10075 - required: 10076 - exact 10077 - required: 10078 - prefix 10079 - required: 10080 - regex 10081 properties: 10082 exact: 10083 type: string 10084 prefix: 10085 type: string 10086 regex: 10087 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 10088 type: string 10089 type: object 10090 name: 10091 description: The name assigned to a match. 10092 type: string 10093 port: 10094 description: Specifies the ports on the host that is being 10095 addressed. 10096 maximum: 4294967295 10097 minimum: 0 10098 type: integer 10099 queryParams: 10100 additionalProperties: 10101 oneOf: 10102 - not: 10103 anyOf: 10104 - required: 10105 - exact 10106 - required: 10107 - prefix 10108 - required: 10109 - regex 10110 - required: 10111 - exact 10112 - required: 10113 - prefix 10114 - required: 10115 - regex 10116 properties: 10117 exact: 10118 type: string 10119 prefix: 10120 type: string 10121 regex: 10122 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 10123 type: string 10124 type: object 10125 description: Query parameters for matching. 10126 type: object 10127 scheme: 10128 description: 'URI Scheme values are case-sensitive and 10129 formatted as follows: - `exact: "value"` for exact string 10130 match - `prefix: "value"` for prefix-based match - `regex: 10131 "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).' 10132 oneOf: 10133 - not: 10134 anyOf: 10135 - required: 10136 - exact 10137 - required: 10138 - prefix 10139 - required: 10140 - regex 10141 - required: 10142 - exact 10143 - required: 10144 - prefix 10145 - required: 10146 - regex 10147 properties: 10148 exact: 10149 type: string 10150 prefix: 10151 type: string 10152 regex: 10153 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 10154 type: string 10155 type: object 10156 sourceLabels: 10157 additionalProperties: 10158 type: string 10159 description: One or more labels that constrain the applicability 10160 of a rule to source (client) workloads with the given 10161 labels. 10162 type: object 10163 sourceNamespace: 10164 description: Source namespace constraining the applicability 10165 of a rule to workloads in that namespace. 10166 type: string 10167 statPrefix: 10168 description: The human readable prefix to use when emitting 10169 statistics for this route. 10170 type: string 10171 uri: 10172 description: 'URI to match values are case-sensitive and 10173 formatted as follows: - `exact: "value"` for exact string 10174 match - `prefix: "value"` for prefix-based match - `regex: 10175 "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).' 10176 oneOf: 10177 - not: 10178 anyOf: 10179 - required: 10180 - exact 10181 - required: 10182 - prefix 10183 - required: 10184 - regex 10185 - required: 10186 - exact 10187 - required: 10188 - prefix 10189 - required: 10190 - regex 10191 properties: 10192 exact: 10193 type: string 10194 prefix: 10195 type: string 10196 regex: 10197 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 10198 type: string 10199 type: object 10200 withoutHeaders: 10201 additionalProperties: 10202 oneOf: 10203 - not: 10204 anyOf: 10205 - required: 10206 - exact 10207 - required: 10208 - prefix 10209 - required: 10210 - regex 10211 - required: 10212 - exact 10213 - required: 10214 - prefix 10215 - required: 10216 - regex 10217 properties: 10218 exact: 10219 type: string 10220 prefix: 10221 type: string 10222 regex: 10223 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 10224 type: string 10225 type: object 10226 description: withoutHeader has the same syntax with the 10227 header, but has opposite meaning. 10228 type: object 10229 type: object 10230 type: array 10231 mirror: 10232 description: Mirror HTTP traffic to a another destination in 10233 addition to forwarding the requests to the intended destination. 10234 properties: 10235 host: 10236 description: The name of a service from the service registry. 10237 type: string 10238 port: 10239 description: Specifies the port on the host that is being 10240 addressed. 10241 properties: 10242 number: 10243 maximum: 4294967295 10244 minimum: 0 10245 type: integer 10246 type: object 10247 subset: 10248 description: The name of a subset within the service. 10249 type: string 10250 required: 10251 - host 10252 type: object 10253 mirror_percent: 10254 maximum: 4294967295 10255 minimum: 0 10256 nullable: true 10257 type: integer 10258 mirrorPercent: 10259 maximum: 4294967295 10260 minimum: 0 10261 nullable: true 10262 type: integer 10263 mirrorPercentage: 10264 description: Percentage of the traffic to be mirrored by the 10265 `mirror` field. 10266 properties: 10267 value: 10268 format: double 10269 type: number 10270 type: object 10271 mirrors: 10272 description: Specifies the destinations to mirror HTTP traffic 10273 in addition to the original destination. 10274 items: 10275 properties: 10276 destination: 10277 description: Destination specifies the target of the mirror 10278 operation. 10279 properties: 10280 host: 10281 description: The name of a service from the service 10282 registry. 10283 type: string 10284 port: 10285 description: Specifies the port on the host that is 10286 being addressed. 10287 properties: 10288 number: 10289 maximum: 4294967295 10290 minimum: 0 10291 type: integer 10292 type: object 10293 subset: 10294 description: The name of a subset within the service. 10295 type: string 10296 required: 10297 - host 10298 type: object 10299 percentage: 10300 description: Percentage of the traffic to be mirrored 10301 by the `destination` field. 10302 properties: 10303 value: 10304 format: double 10305 type: number 10306 type: object 10307 required: 10308 - destination 10309 type: object 10310 type: array 10311 name: 10312 description: The name assigned to the route for debugging purposes. 10313 type: string 10314 redirect: 10315 description: A HTTP rule can either return a direct_response, 10316 redirect or forward (default) traffic. 10317 oneOf: 10318 - not: 10319 anyOf: 10320 - required: 10321 - port 10322 - required: 10323 - derivePort 10324 - required: 10325 - port 10326 - required: 10327 - derivePort 10328 properties: 10329 authority: 10330 description: On a redirect, overwrite the Authority/Host 10331 portion of the URL with this value. 10332 type: string 10333 derivePort: 10334 description: |- 10335 On a redirect, dynamically set the port: * FROM_PROTOCOL_DEFAULT: automatically set to 80 for HTTP and 443 for HTTPS. 10336 10337 Valid Options: FROM_PROTOCOL_DEFAULT, FROM_REQUEST_PORT 10338 enum: 10339 - FROM_PROTOCOL_DEFAULT 10340 - FROM_REQUEST_PORT 10341 type: string 10342 port: 10343 description: On a redirect, overwrite the port portion of 10344 the URL with this value. 10345 maximum: 4294967295 10346 minimum: 0 10347 type: integer 10348 redirectCode: 10349 description: On a redirect, Specifies the HTTP status code 10350 to use in the redirect response. 10351 maximum: 4294967295 10352 minimum: 0 10353 type: integer 10354 scheme: 10355 description: On a redirect, overwrite the scheme portion 10356 of the URL with this value. 10357 type: string 10358 uri: 10359 description: On a redirect, overwrite the Path portion of 10360 the URL with this value. 10361 type: string 10362 type: object 10363 retries: 10364 description: Retry policy for HTTP requests. 10365 properties: 10366 attempts: 10367 description: Number of retries to be allowed for a given 10368 request. 10369 format: int32 10370 type: integer 10371 perTryTimeout: 10372 description: Timeout per attempt for a given request, including 10373 the initial call and any retries. 10374 type: string 10375 retryOn: 10376 description: Specifies the conditions under which retry 10377 takes place. 10378 type: string 10379 retryRemoteLocalities: 10380 description: Flag to specify whether the retries should 10381 retry to other localities. 10382 nullable: true 10383 type: boolean 10384 type: object 10385 rewrite: 10386 description: Rewrite HTTP URIs and Authority headers. 10387 properties: 10388 authority: 10389 description: rewrite the Authority/Host header with this 10390 value. 10391 type: string 10392 uri: 10393 description: rewrite the path (or the prefix) portion of 10394 the URI with this value. 10395 type: string 10396 uriRegexRewrite: 10397 description: rewrite the path portion of the URI with the 10398 specified regex. 10399 properties: 10400 match: 10401 description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). 10402 type: string 10403 rewrite: 10404 description: The string that should replace into matching 10405 portions of original URI. 10406 type: string 10407 type: object 10408 type: object 10409 route: 10410 description: A HTTP rule can either return a direct_response, 10411 redirect or forward (default) traffic. 10412 items: 10413 properties: 10414 destination: 10415 description: Destination uniquely identifies the instances 10416 of a service to which the request/connection should 10417 be forwarded to. 10418 properties: 10419 host: 10420 description: The name of a service from the service 10421 registry. 10422 type: string 10423 port: 10424 description: Specifies the port on the host that is 10425 being addressed. 10426 properties: 10427 number: 10428 maximum: 4294967295 10429 minimum: 0 10430 type: integer 10431 type: object 10432 subset: 10433 description: The name of a subset within the service. 10434 type: string 10435 required: 10436 - host 10437 type: object 10438 headers: 10439 properties: 10440 request: 10441 properties: 10442 add: 10443 additionalProperties: 10444 type: string 10445 type: object 10446 remove: 10447 items: 10448 type: string 10449 type: array 10450 set: 10451 additionalProperties: 10452 type: string 10453 type: object 10454 type: object 10455 response: 10456 properties: 10457 add: 10458 additionalProperties: 10459 type: string 10460 type: object 10461 remove: 10462 items: 10463 type: string 10464 type: array 10465 set: 10466 additionalProperties: 10467 type: string 10468 type: object 10469 type: object 10470 type: object 10471 weight: 10472 description: Weight specifies the relative proportion 10473 of traffic to be forwarded to the destination. 10474 format: int32 10475 type: integer 10476 required: 10477 - destination 10478 type: object 10479 type: array 10480 timeout: 10481 description: Timeout for HTTP requests, default is disabled. 10482 type: string 10483 type: object 10484 type: array 10485 tcp: 10486 description: An ordered list of route rules for opaque TCP traffic. 10487 items: 10488 properties: 10489 match: 10490 description: Match conditions to be satisfied for the rule to 10491 be activated. 10492 items: 10493 properties: 10494 destinationSubnets: 10495 description: IPv4 or IPv6 ip addresses of destination 10496 with optional subnet. 10497 items: 10498 type: string 10499 type: array 10500 gateways: 10501 description: Names of gateways where the rule should be 10502 applied. 10503 items: 10504 type: string 10505 type: array 10506 port: 10507 description: Specifies the port on the host that is being 10508 addressed. 10509 maximum: 4294967295 10510 minimum: 0 10511 type: integer 10512 sourceLabels: 10513 additionalProperties: 10514 type: string 10515 description: One or more labels that constrain the applicability 10516 of a rule to workloads with the given labels. 10517 type: object 10518 sourceNamespace: 10519 description: Source namespace constraining the applicability 10520 of a rule to workloads in that namespace. 10521 type: string 10522 sourceSubnet: 10523 type: string 10524 type: object 10525 type: array 10526 route: 10527 description: The destination to which the connection should 10528 be forwarded to. 10529 items: 10530 properties: 10531 destination: 10532 description: Destination uniquely identifies the instances 10533 of a service to which the request/connection should 10534 be forwarded to. 10535 properties: 10536 host: 10537 description: The name of a service from the service 10538 registry. 10539 type: string 10540 port: 10541 description: Specifies the port on the host that is 10542 being addressed. 10543 properties: 10544 number: 10545 maximum: 4294967295 10546 minimum: 0 10547 type: integer 10548 type: object 10549 subset: 10550 description: The name of a subset within the service. 10551 type: string 10552 required: 10553 - host 10554 type: object 10555 weight: 10556 description: Weight specifies the relative proportion 10557 of traffic to be forwarded to the destination. 10558 format: int32 10559 type: integer 10560 required: 10561 - destination 10562 type: object 10563 type: array 10564 type: object 10565 type: array 10566 tls: 10567 description: An ordered list of route rule for non-terminated TLS 10568 & HTTPS traffic. 10569 items: 10570 properties: 10571 match: 10572 description: Match conditions to be satisfied for the rule to 10573 be activated. 10574 items: 10575 properties: 10576 destinationSubnets: 10577 description: IPv4 or IPv6 ip addresses of destination 10578 with optional subnet. 10579 items: 10580 type: string 10581 type: array 10582 gateways: 10583 description: Names of gateways where the rule should be 10584 applied. 10585 items: 10586 type: string 10587 type: array 10588 port: 10589 description: Specifies the port on the host that is being 10590 addressed. 10591 maximum: 4294967295 10592 minimum: 0 10593 type: integer 10594 sniHosts: 10595 description: SNI (server name indicator) to match on. 10596 items: 10597 type: string 10598 type: array 10599 sourceLabels: 10600 additionalProperties: 10601 type: string 10602 description: One or more labels that constrain the applicability 10603 of a rule to workloads with the given labels. 10604 type: object 10605 sourceNamespace: 10606 description: Source namespace constraining the applicability 10607 of a rule to workloads in that namespace. 10608 type: string 10609 required: 10610 - sniHosts 10611 type: object 10612 type: array 10613 route: 10614 description: The destination to which the connection should 10615 be forwarded to. 10616 items: 10617 properties: 10618 destination: 10619 description: Destination uniquely identifies the instances 10620 of a service to which the request/connection should 10621 be forwarded to. 10622 properties: 10623 host: 10624 description: The name of a service from the service 10625 registry. 10626 type: string 10627 port: 10628 description: Specifies the port on the host that is 10629 being addressed. 10630 properties: 10631 number: 10632 maximum: 4294967295 10633 minimum: 0 10634 type: integer 10635 type: object 10636 subset: 10637 description: The name of a subset within the service. 10638 type: string 10639 required: 10640 - host 10641 type: object 10642 weight: 10643 description: Weight specifies the relative proportion 10644 of traffic to be forwarded to the destination. 10645 format: int32 10646 type: integer 10647 required: 10648 - destination 10649 type: object 10650 type: array 10651 required: 10652 - match 10653 type: object 10654 type: array 10655 type: object 10656 status: 10657 type: object 10658 x-kubernetes-preserve-unknown-fields: true 10659 type: object 10660 served: true 10661 storage: true 10662 subresources: 10663 status: {} 10664 --- 10665 apiVersion: apiextensions.k8s.io/v1 10666 kind: CustomResourceDefinition 10667 metadata: 10668 annotations: 10669 "helm.sh/resource-policy": keep 10670 labels: 10671 app: istio-pilot 10672 chart: istio 10673 heritage: Tiller 10674 release: istio 10675 name: workloadentries.networking.istio.io 10676 spec: 10677 group: networking.istio.io 10678 names: 10679 categories: 10680 - istio-io 10681 - networking-istio-io 10682 kind: WorkloadEntry 10683 listKind: WorkloadEntryList 10684 plural: workloadentries 10685 shortNames: 10686 - we 10687 singular: workloadentry 10688 scope: Namespaced 10689 versions: 10690 - additionalPrinterColumns: 10691 - description: 'CreationTimestamp is a timestamp representing the server time 10692 when this object was created. It is not guaranteed to be set in happens-before 10693 order across separate operations. Clients may not set this value. It is represented 10694 in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for 10695 lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' 10696 jsonPath: .metadata.creationTimestamp 10697 name: Age 10698 type: date 10699 - description: Address associated with the network endpoint. 10700 jsonPath: .spec.address 10701 name: Address 10702 type: string 10703 name: v1 10704 schema: 10705 openAPIV3Schema: 10706 properties: 10707 spec: 10708 description: 'Configuration affecting VMs onboarded into the mesh. See 10709 more details at: https://istio.io/docs/reference/config/networking/workload-entry.html' 10710 properties: 10711 address: 10712 description: Address associated with the network endpoint without 10713 the port. 10714 type: string 10715 labels: 10716 additionalProperties: 10717 type: string 10718 description: One or more labels associated with the endpoint. 10719 type: object 10720 locality: 10721 description: The locality associated with the endpoint. 10722 type: string 10723 network: 10724 description: Network enables Istio to group endpoints resident in 10725 the same L3 domain/network. 10726 type: string 10727 ports: 10728 additionalProperties: 10729 maximum: 4294967295 10730 minimum: 0 10731 type: integer 10732 description: Set of ports associated with the endpoint. 10733 type: object 10734 serviceAccount: 10735 description: The service account associated with the workload if a 10736 sidecar is present in the workload. 10737 type: string 10738 weight: 10739 description: The load balancing weight associated with the endpoint. 10740 maximum: 4294967295 10741 minimum: 0 10742 type: integer 10743 type: object 10744 status: 10745 type: object 10746 x-kubernetes-preserve-unknown-fields: true 10747 type: object 10748 served: true 10749 storage: false 10750 subresources: 10751 status: {} 10752 - additionalPrinterColumns: 10753 - description: 'CreationTimestamp is a timestamp representing the server time 10754 when this object was created. It is not guaranteed to be set in happens-before 10755 order across separate operations. Clients may not set this value. It is represented 10756 in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for 10757 lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' 10758 jsonPath: .metadata.creationTimestamp 10759 name: Age 10760 type: date 10761 - description: Address associated with the network endpoint. 10762 jsonPath: .spec.address 10763 name: Address 10764 type: string 10765 name: v1alpha3 10766 schema: 10767 openAPIV3Schema: 10768 properties: 10769 spec: 10770 description: 'Configuration affecting VMs onboarded into the mesh. See 10771 more details at: https://istio.io/docs/reference/config/networking/workload-entry.html' 10772 properties: 10773 address: 10774 description: Address associated with the network endpoint without 10775 the port. 10776 type: string 10777 labels: 10778 additionalProperties: 10779 type: string 10780 description: One or more labels associated with the endpoint. 10781 type: object 10782 locality: 10783 description: The locality associated with the endpoint. 10784 type: string 10785 network: 10786 description: Network enables Istio to group endpoints resident in 10787 the same L3 domain/network. 10788 type: string 10789 ports: 10790 additionalProperties: 10791 maximum: 4294967295 10792 minimum: 0 10793 type: integer 10794 description: Set of ports associated with the endpoint. 10795 type: object 10796 serviceAccount: 10797 description: The service account associated with the workload if a 10798 sidecar is present in the workload. 10799 type: string 10800 weight: 10801 description: The load balancing weight associated with the endpoint. 10802 maximum: 4294967295 10803 minimum: 0 10804 type: integer 10805 type: object 10806 status: 10807 type: object 10808 x-kubernetes-preserve-unknown-fields: true 10809 type: object 10810 served: true 10811 storage: false 10812 subresources: 10813 status: {} 10814 - additionalPrinterColumns: 10815 - description: 'CreationTimestamp is a timestamp representing the server time 10816 when this object was created. It is not guaranteed to be set in happens-before 10817 order across separate operations. Clients may not set this value. It is represented 10818 in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for 10819 lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' 10820 jsonPath: .metadata.creationTimestamp 10821 name: Age 10822 type: date 10823 - description: Address associated with the network endpoint. 10824 jsonPath: .spec.address 10825 name: Address 10826 type: string 10827 name: v1beta1 10828 schema: 10829 openAPIV3Schema: 10830 properties: 10831 spec: 10832 description: 'Configuration affecting VMs onboarded into the mesh. See 10833 more details at: https://istio.io/docs/reference/config/networking/workload-entry.html' 10834 properties: 10835 address: 10836 description: Address associated with the network endpoint without 10837 the port. 10838 type: string 10839 labels: 10840 additionalProperties: 10841 type: string 10842 description: One or more labels associated with the endpoint. 10843 type: object 10844 locality: 10845 description: The locality associated with the endpoint. 10846 type: string 10847 network: 10848 description: Network enables Istio to group endpoints resident in 10849 the same L3 domain/network. 10850 type: string 10851 ports: 10852 additionalProperties: 10853 maximum: 4294967295 10854 minimum: 0 10855 type: integer 10856 description: Set of ports associated with the endpoint. 10857 type: object 10858 serviceAccount: 10859 description: The service account associated with the workload if a 10860 sidecar is present in the workload. 10861 type: string 10862 weight: 10863 description: The load balancing weight associated with the endpoint. 10864 maximum: 4294967295 10865 minimum: 0 10866 type: integer 10867 type: object 10868 status: 10869 type: object 10870 x-kubernetes-preserve-unknown-fields: true 10871 type: object 10872 served: true 10873 storage: true 10874 subresources: 10875 status: {} 10876 --- 10877 apiVersion: apiextensions.k8s.io/v1 10878 kind: CustomResourceDefinition 10879 metadata: 10880 labels: 10881 app: istio-pilot 10882 chart: istio 10883 heritage: Tiller 10884 release: istio 10885 name: workloadgroups.networking.istio.io 10886 spec: 10887 group: networking.istio.io 10888 names: 10889 categories: 10890 - istio-io 10891 - networking-istio-io 10892 kind: WorkloadGroup 10893 listKind: WorkloadGroupList 10894 plural: workloadgroups 10895 shortNames: 10896 - wg 10897 singular: workloadgroup 10898 scope: Namespaced 10899 versions: 10900 - additionalPrinterColumns: 10901 - description: 'CreationTimestamp is a timestamp representing the server time 10902 when this object was created. It is not guaranteed to be set in happens-before 10903 order across separate operations. Clients may not set this value. It is represented 10904 in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for 10905 lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' 10906 jsonPath: .metadata.creationTimestamp 10907 name: Age 10908 type: date 10909 name: v1 10910 schema: 10911 openAPIV3Schema: 10912 properties: 10913 spec: 10914 description: 'Describes a collection of workload instances. See more details 10915 at: https://istio.io/docs/reference/config/networking/workload-group.html' 10916 properties: 10917 metadata: 10918 description: Metadata that will be used for all corresponding `WorkloadEntries`. 10919 properties: 10920 annotations: 10921 additionalProperties: 10922 type: string 10923 type: object 10924 labels: 10925 additionalProperties: 10926 type: string 10927 type: object 10928 type: object 10929 probe: 10930 description: '`ReadinessProbe` describes the configuration the user 10931 must provide for healthchecking on their workload.' 10932 oneOf: 10933 - not: 10934 anyOf: 10935 - required: 10936 - httpGet 10937 - required: 10938 - tcpSocket 10939 - required: 10940 - exec 10941 - required: 10942 - httpGet 10943 - required: 10944 - tcpSocket 10945 - required: 10946 - exec 10947 properties: 10948 exec: 10949 description: Health is determined by how the command that is executed 10950 exited. 10951 properties: 10952 command: 10953 description: Command to run. 10954 items: 10955 type: string 10956 type: array 10957 type: object 10958 failureThreshold: 10959 description: Minimum consecutive failures for the probe to be 10960 considered failed after having succeeded. 10961 format: int32 10962 type: integer 10963 httpGet: 10964 description: '`httpGet` is performed to a given endpoint and the 10965 status/able to connect determines health.' 10966 properties: 10967 host: 10968 description: Host name to connect to, defaults to the pod 10969 IP. 10970 type: string 10971 httpHeaders: 10972 description: Headers the proxy will pass on to make the request. 10973 items: 10974 properties: 10975 name: 10976 type: string 10977 value: 10978 type: string 10979 type: object 10980 type: array 10981 path: 10982 description: Path to access on the HTTP server. 10983 type: string 10984 port: 10985 description: Port on which the endpoint lives. 10986 maximum: 4294967295 10987 minimum: 0 10988 type: integer 10989 scheme: 10990 type: string 10991 required: 10992 - port 10993 type: object 10994 initialDelaySeconds: 10995 description: Number of seconds after the container has started 10996 before readiness probes are initiated. 10997 format: int32 10998 type: integer 10999 periodSeconds: 11000 description: How often (in seconds) to perform the probe. 11001 format: int32 11002 type: integer 11003 successThreshold: 11004 description: Minimum consecutive successes for the probe to be 11005 considered successful after having failed. 11006 format: int32 11007 type: integer 11008 tcpSocket: 11009 description: Health is determined by if the proxy is able to connect. 11010 properties: 11011 host: 11012 type: string 11013 port: 11014 maximum: 4294967295 11015 minimum: 0 11016 type: integer 11017 required: 11018 - port 11019 type: object 11020 timeoutSeconds: 11021 description: Number of seconds after which the probe times out. 11022 format: int32 11023 type: integer 11024 type: object 11025 template: 11026 description: Template to be used for the generation of `WorkloadEntry` 11027 resources that belong to this `WorkloadGroup`. 11028 properties: 11029 address: 11030 description: Address associated with the network endpoint without 11031 the port. 11032 type: string 11033 labels: 11034 additionalProperties: 11035 type: string 11036 description: One or more labels associated with the endpoint. 11037 type: object 11038 locality: 11039 description: The locality associated with the endpoint. 11040 type: string 11041 network: 11042 description: Network enables Istio to group endpoints resident 11043 in the same L3 domain/network. 11044 type: string 11045 ports: 11046 additionalProperties: 11047 maximum: 4294967295 11048 minimum: 0 11049 type: integer 11050 description: Set of ports associated with the endpoint. 11051 type: object 11052 serviceAccount: 11053 description: The service account associated with the workload 11054 if a sidecar is present in the workload. 11055 type: string 11056 weight: 11057 description: The load balancing weight associated with the endpoint. 11058 maximum: 4294967295 11059 minimum: 0 11060 type: integer 11061 type: object 11062 required: 11063 - template 11064 type: object 11065 status: 11066 type: object 11067 x-kubernetes-preserve-unknown-fields: true 11068 type: object 11069 served: true 11070 storage: false 11071 subresources: 11072 status: {} 11073 - additionalPrinterColumns: 11074 - description: 'CreationTimestamp is a timestamp representing the server time 11075 when this object was created. It is not guaranteed to be set in happens-before 11076 order across separate operations. Clients may not set this value. It is represented 11077 in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for 11078 lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' 11079 jsonPath: .metadata.creationTimestamp 11080 name: Age 11081 type: date 11082 name: v1alpha3 11083 schema: 11084 openAPIV3Schema: 11085 properties: 11086 spec: 11087 description: 'Describes a collection of workload instances. See more details 11088 at: https://istio.io/docs/reference/config/networking/workload-group.html' 11089 properties: 11090 metadata: 11091 description: Metadata that will be used for all corresponding `WorkloadEntries`. 11092 properties: 11093 annotations: 11094 additionalProperties: 11095 type: string 11096 type: object 11097 labels: 11098 additionalProperties: 11099 type: string 11100 type: object 11101 type: object 11102 probe: 11103 description: '`ReadinessProbe` describes the configuration the user 11104 must provide for healthchecking on their workload.' 11105 oneOf: 11106 - not: 11107 anyOf: 11108 - required: 11109 - httpGet 11110 - required: 11111 - tcpSocket 11112 - required: 11113 - exec 11114 - required: 11115 - httpGet 11116 - required: 11117 - tcpSocket 11118 - required: 11119 - exec 11120 properties: 11121 exec: 11122 description: Health is determined by how the command that is executed 11123 exited. 11124 properties: 11125 command: 11126 description: Command to run. 11127 items: 11128 type: string 11129 type: array 11130 type: object 11131 failureThreshold: 11132 description: Minimum consecutive failures for the probe to be 11133 considered failed after having succeeded. 11134 format: int32 11135 type: integer 11136 httpGet: 11137 description: '`httpGet` is performed to a given endpoint and the 11138 status/able to connect determines health.' 11139 properties: 11140 host: 11141 description: Host name to connect to, defaults to the pod 11142 IP. 11143 type: string 11144 httpHeaders: 11145 description: Headers the proxy will pass on to make the request. 11146 items: 11147 properties: 11148 name: 11149 type: string 11150 value: 11151 type: string 11152 type: object 11153 type: array 11154 path: 11155 description: Path to access on the HTTP server. 11156 type: string 11157 port: 11158 description: Port on which the endpoint lives. 11159 maximum: 4294967295 11160 minimum: 0 11161 type: integer 11162 scheme: 11163 type: string 11164 required: 11165 - port 11166 type: object 11167 initialDelaySeconds: 11168 description: Number of seconds after the container has started 11169 before readiness probes are initiated. 11170 format: int32 11171 type: integer 11172 periodSeconds: 11173 description: How often (in seconds) to perform the probe. 11174 format: int32 11175 type: integer 11176 successThreshold: 11177 description: Minimum consecutive successes for the probe to be 11178 considered successful after having failed. 11179 format: int32 11180 type: integer 11181 tcpSocket: 11182 description: Health is determined by if the proxy is able to connect. 11183 properties: 11184 host: 11185 type: string 11186 port: 11187 maximum: 4294967295 11188 minimum: 0 11189 type: integer 11190 required: 11191 - port 11192 type: object 11193 timeoutSeconds: 11194 description: Number of seconds after which the probe times out. 11195 format: int32 11196 type: integer 11197 type: object 11198 template: 11199 description: Template to be used for the generation of `WorkloadEntry` 11200 resources that belong to this `WorkloadGroup`. 11201 properties: 11202 address: 11203 description: Address associated with the network endpoint without 11204 the port. 11205 type: string 11206 labels: 11207 additionalProperties: 11208 type: string 11209 description: One or more labels associated with the endpoint. 11210 type: object 11211 locality: 11212 description: The locality associated with the endpoint. 11213 type: string 11214 network: 11215 description: Network enables Istio to group endpoints resident 11216 in the same L3 domain/network. 11217 type: string 11218 ports: 11219 additionalProperties: 11220 maximum: 4294967295 11221 minimum: 0 11222 type: integer 11223 description: Set of ports associated with the endpoint. 11224 type: object 11225 serviceAccount: 11226 description: The service account associated with the workload 11227 if a sidecar is present in the workload. 11228 type: string 11229 weight: 11230 description: The load balancing weight associated with the endpoint. 11231 maximum: 4294967295 11232 minimum: 0 11233 type: integer 11234 type: object 11235 required: 11236 - template 11237 type: object 11238 status: 11239 type: object 11240 x-kubernetes-preserve-unknown-fields: true 11241 type: object 11242 served: true 11243 storage: false 11244 subresources: 11245 status: {} 11246 - additionalPrinterColumns: 11247 - description: 'CreationTimestamp is a timestamp representing the server time 11248 when this object was created. It is not guaranteed to be set in happens-before 11249 order across separate operations. Clients may not set this value. It is represented 11250 in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for 11251 lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' 11252 jsonPath: .metadata.creationTimestamp 11253 name: Age 11254 type: date 11255 name: v1beta1 11256 schema: 11257 openAPIV3Schema: 11258 properties: 11259 spec: 11260 description: 'Describes a collection of workload instances. See more details 11261 at: https://istio.io/docs/reference/config/networking/workload-group.html' 11262 properties: 11263 metadata: 11264 description: Metadata that will be used for all corresponding `WorkloadEntries`. 11265 properties: 11266 annotations: 11267 additionalProperties: 11268 type: string 11269 type: object 11270 labels: 11271 additionalProperties: 11272 type: string 11273 type: object 11274 type: object 11275 probe: 11276 description: '`ReadinessProbe` describes the configuration the user 11277 must provide for healthchecking on their workload.' 11278 oneOf: 11279 - not: 11280 anyOf: 11281 - required: 11282 - httpGet 11283 - required: 11284 - tcpSocket 11285 - required: 11286 - exec 11287 - required: 11288 - httpGet 11289 - required: 11290 - tcpSocket 11291 - required: 11292 - exec 11293 properties: 11294 exec: 11295 description: Health is determined by how the command that is executed 11296 exited. 11297 properties: 11298 command: 11299 description: Command to run. 11300 items: 11301 type: string 11302 type: array 11303 type: object 11304 failureThreshold: 11305 description: Minimum consecutive failures for the probe to be 11306 considered failed after having succeeded. 11307 format: int32 11308 type: integer 11309 httpGet: 11310 description: '`httpGet` is performed to a given endpoint and the 11311 status/able to connect determines health.' 11312 properties: 11313 host: 11314 description: Host name to connect to, defaults to the pod 11315 IP. 11316 type: string 11317 httpHeaders: 11318 description: Headers the proxy will pass on to make the request. 11319 items: 11320 properties: 11321 name: 11322 type: string 11323 value: 11324 type: string 11325 type: object 11326 type: array 11327 path: 11328 description: Path to access on the HTTP server. 11329 type: string 11330 port: 11331 description: Port on which the endpoint lives. 11332 maximum: 4294967295 11333 minimum: 0 11334 type: integer 11335 scheme: 11336 type: string 11337 required: 11338 - port 11339 type: object 11340 initialDelaySeconds: 11341 description: Number of seconds after the container has started 11342 before readiness probes are initiated. 11343 format: int32 11344 type: integer 11345 periodSeconds: 11346 description: How often (in seconds) to perform the probe. 11347 format: int32 11348 type: integer 11349 successThreshold: 11350 description: Minimum consecutive successes for the probe to be 11351 considered successful after having failed. 11352 format: int32 11353 type: integer 11354 tcpSocket: 11355 description: Health is determined by if the proxy is able to connect. 11356 properties: 11357 host: 11358 type: string 11359 port: 11360 maximum: 4294967295 11361 minimum: 0 11362 type: integer 11363 required: 11364 - port 11365 type: object 11366 timeoutSeconds: 11367 description: Number of seconds after which the probe times out. 11368 format: int32 11369 type: integer 11370 type: object 11371 template: 11372 description: Template to be used for the generation of `WorkloadEntry` 11373 resources that belong to this `WorkloadGroup`. 11374 properties: 11375 address: 11376 description: Address associated with the network endpoint without 11377 the port. 11378 type: string 11379 labels: 11380 additionalProperties: 11381 type: string 11382 description: One or more labels associated with the endpoint. 11383 type: object 11384 locality: 11385 description: The locality associated with the endpoint. 11386 type: string 11387 network: 11388 description: Network enables Istio to group endpoints resident 11389 in the same L3 domain/network. 11390 type: string 11391 ports: 11392 additionalProperties: 11393 maximum: 4294967295 11394 minimum: 0 11395 type: integer 11396 description: Set of ports associated with the endpoint. 11397 type: object 11398 serviceAccount: 11399 description: The service account associated with the workload 11400 if a sidecar is present in the workload. 11401 type: string 11402 weight: 11403 description: The load balancing weight associated with the endpoint. 11404 maximum: 4294967295 11405 minimum: 0 11406 type: integer 11407 type: object 11408 required: 11409 - template 11410 type: object 11411 status: 11412 type: object 11413 x-kubernetes-preserve-unknown-fields: true 11414 type: object 11415 served: true 11416 storage: true 11417 subresources: 11418 status: {} 11419 --- 11420 apiVersion: apiextensions.k8s.io/v1 11421 kind: CustomResourceDefinition 11422 metadata: 11423 annotations: 11424 "helm.sh/resource-policy": keep 11425 labels: 11426 app: istio-pilot 11427 chart: istio 11428 heritage: Tiller 11429 istio: security 11430 release: istio 11431 name: authorizationpolicies.security.istio.io 11432 spec: 11433 group: security.istio.io 11434 names: 11435 categories: 11436 - istio-io 11437 - security-istio-io 11438 kind: AuthorizationPolicy 11439 listKind: AuthorizationPolicyList 11440 plural: authorizationpolicies 11441 shortNames: 11442 - ap 11443 singular: authorizationpolicy 11444 scope: Namespaced 11445 versions: 11446 - additionalPrinterColumns: 11447 - description: The operation to take. 11448 jsonPath: .spec.action 11449 name: Action 11450 type: string 11451 - description: 'CreationTimestamp is a timestamp representing the server time 11452 when this object was created. It is not guaranteed to be set in happens-before 11453 order across separate operations. Clients may not set this value. It is represented 11454 in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for 11455 lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' 11456 jsonPath: .metadata.creationTimestamp 11457 name: Age 11458 type: date 11459 name: v1 11460 schema: 11461 openAPIV3Schema: 11462 properties: 11463 spec: 11464 description: 'Configuration for access control on workloads. See more 11465 details at: https://istio.io/docs/reference/config/security/authorization-policy.html' 11466 oneOf: 11467 - not: 11468 anyOf: 11469 - required: 11470 - provider 11471 - required: 11472 - provider 11473 properties: 11474 action: 11475 description: |- 11476 Optional. 11477 11478 Valid Options: ALLOW, DENY, AUDIT, CUSTOM 11479 enum: 11480 - ALLOW 11481 - DENY 11482 - AUDIT 11483 - CUSTOM 11484 type: string 11485 provider: 11486 description: Specifies detailed configuration of the CUSTOM action. 11487 properties: 11488 name: 11489 description: Specifies the name of the extension provider. 11490 type: string 11491 type: object 11492 rules: 11493 description: Optional. 11494 items: 11495 properties: 11496 from: 11497 description: Optional. 11498 items: 11499 properties: 11500 source: 11501 description: Source specifies the source of a request. 11502 properties: 11503 ipBlocks: 11504 description: Optional. 11505 items: 11506 type: string 11507 type: array 11508 namespaces: 11509 description: Optional. 11510 items: 11511 type: string 11512 type: array 11513 notIpBlocks: 11514 description: Optional. 11515 items: 11516 type: string 11517 type: array 11518 notNamespaces: 11519 description: Optional. 11520 items: 11521 type: string 11522 type: array 11523 notPrincipals: 11524 description: Optional. 11525 items: 11526 type: string 11527 type: array 11528 notRemoteIpBlocks: 11529 description: Optional. 11530 items: 11531 type: string 11532 type: array 11533 notRequestPrincipals: 11534 description: Optional. 11535 items: 11536 type: string 11537 type: array 11538 principals: 11539 description: Optional. 11540 items: 11541 type: string 11542 type: array 11543 remoteIpBlocks: 11544 description: Optional. 11545 items: 11546 type: string 11547 type: array 11548 requestPrincipals: 11549 description: Optional. 11550 items: 11551 type: string 11552 type: array 11553 type: object 11554 type: object 11555 type: array 11556 to: 11557 description: Optional. 11558 items: 11559 properties: 11560 operation: 11561 description: Operation specifies the operation of a request. 11562 properties: 11563 hosts: 11564 description: Optional. 11565 items: 11566 type: string 11567 type: array 11568 methods: 11569 description: Optional. 11570 items: 11571 type: string 11572 type: array 11573 notHosts: 11574 description: Optional. 11575 items: 11576 type: string 11577 type: array 11578 notMethods: 11579 description: Optional. 11580 items: 11581 type: string 11582 type: array 11583 notPaths: 11584 description: Optional. 11585 items: 11586 type: string 11587 type: array 11588 notPorts: 11589 description: Optional. 11590 items: 11591 type: string 11592 type: array 11593 paths: 11594 description: Optional. 11595 items: 11596 type: string 11597 type: array 11598 ports: 11599 description: Optional. 11600 items: 11601 type: string 11602 type: array 11603 type: object 11604 type: object 11605 type: array 11606 when: 11607 description: Optional. 11608 items: 11609 properties: 11610 key: 11611 description: The name of an Istio attribute. 11612 type: string 11613 notValues: 11614 description: Optional. 11615 items: 11616 type: string 11617 type: array 11618 values: 11619 description: Optional. 11620 items: 11621 type: string 11622 type: array 11623 required: 11624 - key 11625 type: object 11626 type: array 11627 type: object 11628 type: array 11629 selector: 11630 description: Optional. 11631 properties: 11632 matchLabels: 11633 additionalProperties: 11634 type: string 11635 description: One or more labels that indicate a specific set of 11636 pods/VMs on which a policy should be applied. 11637 type: object 11638 type: object 11639 targetRef: 11640 properties: 11641 group: 11642 description: group is the group of the target resource. 11643 type: string 11644 kind: 11645 description: kind is kind of the target resource. 11646 type: string 11647 name: 11648 description: name is the name of the target resource. 11649 type: string 11650 namespace: 11651 description: namespace is the namespace of the referent. 11652 type: string 11653 type: object 11654 targetRefs: 11655 description: Optional. 11656 items: 11657 properties: 11658 group: 11659 description: group is the group of the target resource. 11660 type: string 11661 kind: 11662 description: kind is kind of the target resource. 11663 type: string 11664 name: 11665 description: name is the name of the target resource. 11666 type: string 11667 namespace: 11668 description: namespace is the namespace of the referent. 11669 type: string 11670 type: object 11671 type: array 11672 type: object 11673 status: 11674 type: object 11675 x-kubernetes-preserve-unknown-fields: true 11676 type: object 11677 served: true 11678 storage: false 11679 subresources: 11680 status: {} 11681 - additionalPrinterColumns: 11682 - description: The operation to take. 11683 jsonPath: .spec.action 11684 name: Action 11685 type: string 11686 - description: 'CreationTimestamp is a timestamp representing the server time 11687 when this object was created. It is not guaranteed to be set in happens-before 11688 order across separate operations. Clients may not set this value. It is represented 11689 in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for 11690 lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' 11691 jsonPath: .metadata.creationTimestamp 11692 name: Age 11693 type: date 11694 name: v1beta1 11695 schema: 11696 openAPIV3Schema: 11697 properties: 11698 spec: 11699 description: 'Configuration for access control on workloads. See more 11700 details at: https://istio.io/docs/reference/config/security/authorization-policy.html' 11701 oneOf: 11702 - not: 11703 anyOf: 11704 - required: 11705 - provider 11706 - required: 11707 - provider 11708 properties: 11709 action: 11710 description: |- 11711 Optional. 11712 11713 Valid Options: ALLOW, DENY, AUDIT, CUSTOM 11714 enum: 11715 - ALLOW 11716 - DENY 11717 - AUDIT 11718 - CUSTOM 11719 type: string 11720 provider: 11721 description: Specifies detailed configuration of the CUSTOM action. 11722 properties: 11723 name: 11724 description: Specifies the name of the extension provider. 11725 type: string 11726 type: object 11727 rules: 11728 description: Optional. 11729 items: 11730 properties: 11731 from: 11732 description: Optional. 11733 items: 11734 properties: 11735 source: 11736 description: Source specifies the source of a request. 11737 properties: 11738 ipBlocks: 11739 description: Optional. 11740 items: 11741 type: string 11742 type: array 11743 namespaces: 11744 description: Optional. 11745 items: 11746 type: string 11747 type: array 11748 notIpBlocks: 11749 description: Optional. 11750 items: 11751 type: string 11752 type: array 11753 notNamespaces: 11754 description: Optional. 11755 items: 11756 type: string 11757 type: array 11758 notPrincipals: 11759 description: Optional. 11760 items: 11761 type: string 11762 type: array 11763 notRemoteIpBlocks: 11764 description: Optional. 11765 items: 11766 type: string 11767 type: array 11768 notRequestPrincipals: 11769 description: Optional. 11770 items: 11771 type: string 11772 type: array 11773 principals: 11774 description: Optional. 11775 items: 11776 type: string 11777 type: array 11778 remoteIpBlocks: 11779 description: Optional. 11780 items: 11781 type: string 11782 type: array 11783 requestPrincipals: 11784 description: Optional. 11785 items: 11786 type: string 11787 type: array 11788 type: object 11789 type: object 11790 type: array 11791 to: 11792 description: Optional. 11793 items: 11794 properties: 11795 operation: 11796 description: Operation specifies the operation of a request. 11797 properties: 11798 hosts: 11799 description: Optional. 11800 items: 11801 type: string 11802 type: array 11803 methods: 11804 description: Optional. 11805 items: 11806 type: string 11807 type: array 11808 notHosts: 11809 description: Optional. 11810 items: 11811 type: string 11812 type: array 11813 notMethods: 11814 description: Optional. 11815 items: 11816 type: string 11817 type: array 11818 notPaths: 11819 description: Optional. 11820 items: 11821 type: string 11822 type: array 11823 notPorts: 11824 description: Optional. 11825 items: 11826 type: string 11827 type: array 11828 paths: 11829 description: Optional. 11830 items: 11831 type: string 11832 type: array 11833 ports: 11834 description: Optional. 11835 items: 11836 type: string 11837 type: array 11838 type: object 11839 type: object 11840 type: array 11841 when: 11842 description: Optional. 11843 items: 11844 properties: 11845 key: 11846 description: The name of an Istio attribute. 11847 type: string 11848 notValues: 11849 description: Optional. 11850 items: 11851 type: string 11852 type: array 11853 values: 11854 description: Optional. 11855 items: 11856 type: string 11857 type: array 11858 required: 11859 - key 11860 type: object 11861 type: array 11862 type: object 11863 type: array 11864 selector: 11865 description: Optional. 11866 properties: 11867 matchLabels: 11868 additionalProperties: 11869 type: string 11870 description: One or more labels that indicate a specific set of 11871 pods/VMs on which a policy should be applied. 11872 type: object 11873 type: object 11874 targetRef: 11875 properties: 11876 group: 11877 description: group is the group of the target resource. 11878 type: string 11879 kind: 11880 description: kind is kind of the target resource. 11881 type: string 11882 name: 11883 description: name is the name of the target resource. 11884 type: string 11885 namespace: 11886 description: namespace is the namespace of the referent. 11887 type: string 11888 type: object 11889 targetRefs: 11890 description: Optional. 11891 items: 11892 properties: 11893 group: 11894 description: group is the group of the target resource. 11895 type: string 11896 kind: 11897 description: kind is kind of the target resource. 11898 type: string 11899 name: 11900 description: name is the name of the target resource. 11901 type: string 11902 namespace: 11903 description: namespace is the namespace of the referent. 11904 type: string 11905 type: object 11906 type: array 11907 type: object 11908 status: 11909 type: object 11910 x-kubernetes-preserve-unknown-fields: true 11911 type: object 11912 served: true 11913 storage: true 11914 subresources: 11915 status: {} 11916 --- 11917 apiVersion: apiextensions.k8s.io/v1 11918 kind: CustomResourceDefinition 11919 metadata: 11920 annotations: 11921 "helm.sh/resource-policy": keep 11922 labels: 11923 app: istio-pilot 11924 chart: istio 11925 heritage: Tiller 11926 istio: security 11927 release: istio 11928 name: peerauthentications.security.istio.io 11929 spec: 11930 group: security.istio.io 11931 names: 11932 categories: 11933 - istio-io 11934 - security-istio-io 11935 kind: PeerAuthentication 11936 listKind: PeerAuthenticationList 11937 plural: peerauthentications 11938 shortNames: 11939 - pa 11940 singular: peerauthentication 11941 scope: Namespaced 11942 versions: 11943 - additionalPrinterColumns: 11944 - description: Defines the mTLS mode used for peer authentication. 11945 jsonPath: .spec.mtls.mode 11946 name: Mode 11947 type: string 11948 - description: 'CreationTimestamp is a timestamp representing the server time 11949 when this object was created. It is not guaranteed to be set in happens-before 11950 order across separate operations. Clients may not set this value. It is represented 11951 in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for 11952 lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' 11953 jsonPath: .metadata.creationTimestamp 11954 name: Age 11955 type: date 11956 name: v1 11957 schema: 11958 openAPIV3Schema: 11959 properties: 11960 spec: 11961 description: 'Peer authentication configuration for workloads. See more 11962 details at: https://istio.io/docs/reference/config/security/peer_authentication.html' 11963 properties: 11964 mtls: 11965 description: Mutual TLS settings for workload. 11966 properties: 11967 mode: 11968 description: |- 11969 Defines the mTLS mode used for peer authentication. 11970 11971 Valid Options: DISABLE, PERMISSIVE, STRICT 11972 enum: 11973 - UNSET 11974 - DISABLE 11975 - PERMISSIVE 11976 - STRICT 11977 type: string 11978 type: object 11979 portLevelMtls: 11980 additionalProperties: 11981 properties: 11982 mode: 11983 description: |- 11984 Defines the mTLS mode used for peer authentication. 11985 11986 Valid Options: DISABLE, PERMISSIVE, STRICT 11987 enum: 11988 - UNSET 11989 - DISABLE 11990 - PERMISSIVE 11991 - STRICT 11992 type: string 11993 type: object 11994 description: Port specific mutual TLS settings. 11995 type: object 11996 selector: 11997 description: The selector determines the workloads to apply the PeerAuthentication 11998 on. 11999 properties: 12000 matchLabels: 12001 additionalProperties: 12002 type: string 12003 description: One or more labels that indicate a specific set of 12004 pods/VMs on which a policy should be applied. 12005 type: object 12006 type: object 12007 type: object 12008 status: 12009 type: object 12010 x-kubernetes-preserve-unknown-fields: true 12011 type: object 12012 served: true 12013 storage: false 12014 subresources: 12015 status: {} 12016 - additionalPrinterColumns: 12017 - description: Defines the mTLS mode used for peer authentication. 12018 jsonPath: .spec.mtls.mode 12019 name: Mode 12020 type: string 12021 - description: 'CreationTimestamp is a timestamp representing the server time 12022 when this object was created. It is not guaranteed to be set in happens-before 12023 order across separate operations. Clients may not set this value. It is represented 12024 in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for 12025 lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' 12026 jsonPath: .metadata.creationTimestamp 12027 name: Age 12028 type: date 12029 name: v1beta1 12030 schema: 12031 openAPIV3Schema: 12032 properties: 12033 spec: 12034 description: 'Peer authentication configuration for workloads. See more 12035 details at: https://istio.io/docs/reference/config/security/peer_authentication.html' 12036 properties: 12037 mtls: 12038 description: Mutual TLS settings for workload. 12039 properties: 12040 mode: 12041 description: |- 12042 Defines the mTLS mode used for peer authentication. 12043 12044 Valid Options: DISABLE, PERMISSIVE, STRICT 12045 enum: 12046 - UNSET 12047 - DISABLE 12048 - PERMISSIVE 12049 - STRICT 12050 type: string 12051 type: object 12052 portLevelMtls: 12053 additionalProperties: 12054 properties: 12055 mode: 12056 description: |- 12057 Defines the mTLS mode used for peer authentication. 12058 12059 Valid Options: DISABLE, PERMISSIVE, STRICT 12060 enum: 12061 - UNSET 12062 - DISABLE 12063 - PERMISSIVE 12064 - STRICT 12065 type: string 12066 type: object 12067 description: Port specific mutual TLS settings. 12068 type: object 12069 selector: 12070 description: The selector determines the workloads to apply the PeerAuthentication 12071 on. 12072 properties: 12073 matchLabels: 12074 additionalProperties: 12075 type: string 12076 description: One or more labels that indicate a specific set of 12077 pods/VMs on which a policy should be applied. 12078 type: object 12079 type: object 12080 type: object 12081 status: 12082 type: object 12083 x-kubernetes-preserve-unknown-fields: true 12084 type: object 12085 served: true 12086 storage: true 12087 subresources: 12088 status: {} 12089 --- 12090 apiVersion: apiextensions.k8s.io/v1 12091 kind: CustomResourceDefinition 12092 metadata: 12093 annotations: 12094 "helm.sh/resource-policy": keep 12095 labels: 12096 app: istio-pilot 12097 chart: istio 12098 heritage: Tiller 12099 istio: security 12100 release: istio 12101 name: requestauthentications.security.istio.io 12102 spec: 12103 group: security.istio.io 12104 names: 12105 categories: 12106 - istio-io 12107 - security-istio-io 12108 kind: RequestAuthentication 12109 listKind: RequestAuthenticationList 12110 plural: requestauthentications 12111 shortNames: 12112 - ra 12113 singular: requestauthentication 12114 scope: Namespaced 12115 versions: 12116 - name: v1 12117 schema: 12118 openAPIV3Schema: 12119 properties: 12120 spec: 12121 description: 'Request authentication configuration for workloads. See 12122 more details at: https://istio.io/docs/reference/config/security/request_authentication.html' 12123 properties: 12124 jwtRules: 12125 description: Define the list of JWTs that can be validated at the 12126 selected workloads' proxy. 12127 items: 12128 properties: 12129 audiences: 12130 description: The list of JWT [audiences](https://tools.ietf.org/html/rfc7519#section-4.1.3) 12131 that are allowed to access. 12132 items: 12133 type: string 12134 type: array 12135 forwardOriginalToken: 12136 description: If set to true, the original token will be kept 12137 for the upstream request. 12138 type: boolean 12139 fromCookies: 12140 description: List of cookie names from which JWT is expected. 12141 items: 12142 type: string 12143 type: array 12144 fromHeaders: 12145 description: List of header locations from which JWT is expected. 12146 items: 12147 properties: 12148 name: 12149 description: The HTTP header name. 12150 type: string 12151 prefix: 12152 description: The prefix that should be stripped before 12153 decoding the token. 12154 type: string 12155 required: 12156 - name 12157 type: object 12158 type: array 12159 fromParams: 12160 description: List of query parameters from which JWT is expected. 12161 items: 12162 type: string 12163 type: array 12164 issuer: 12165 description: Identifies the issuer that issued the JWT. 12166 type: string 12167 jwks: 12168 description: JSON Web Key Set of public keys to validate signature 12169 of the JWT. 12170 type: string 12171 jwks_uri: 12172 description: URL of the provider's public key set to validate 12173 signature of the JWT. 12174 type: string 12175 jwksUri: 12176 description: URL of the provider's public key set to validate 12177 signature of the JWT. 12178 type: string 12179 outputClaimToHeaders: 12180 description: This field specifies a list of operations to copy 12181 the claim to HTTP headers on a successfully verified token. 12182 items: 12183 properties: 12184 claim: 12185 description: The name of the claim to be copied from. 12186 type: string 12187 header: 12188 description: The name of the header to be created. 12189 type: string 12190 type: object 12191 type: array 12192 outputPayloadToHeader: 12193 description: This field specifies the header name to output 12194 a successfully verified JWT payload to the backend. 12195 type: string 12196 timeout: 12197 description: The maximum amount of time that the resolver, determined 12198 by the PILOT_JWT_ENABLE_REMOTE_JWKS environment variable, 12199 will spend waiting for the JWKS to be fetched. 12200 type: string 12201 required: 12202 - issuer 12203 type: object 12204 type: array 12205 selector: 12206 description: Optional. 12207 properties: 12208 matchLabels: 12209 additionalProperties: 12210 type: string 12211 description: One or more labels that indicate a specific set of 12212 pods/VMs on which a policy should be applied. 12213 type: object 12214 type: object 12215 targetRef: 12216 properties: 12217 group: 12218 description: group is the group of the target resource. 12219 type: string 12220 kind: 12221 description: kind is kind of the target resource. 12222 type: string 12223 name: 12224 description: name is the name of the target resource. 12225 type: string 12226 namespace: 12227 description: namespace is the namespace of the referent. 12228 type: string 12229 type: object 12230 targetRefs: 12231 description: Optional. 12232 items: 12233 properties: 12234 group: 12235 description: group is the group of the target resource. 12236 type: string 12237 kind: 12238 description: kind is kind of the target resource. 12239 type: string 12240 name: 12241 description: name is the name of the target resource. 12242 type: string 12243 namespace: 12244 description: namespace is the namespace of the referent. 12245 type: string 12246 type: object 12247 type: array 12248 type: object 12249 status: 12250 type: object 12251 x-kubernetes-preserve-unknown-fields: true 12252 type: object 12253 served: true 12254 storage: false 12255 subresources: 12256 status: {} 12257 - name: v1beta1 12258 schema: 12259 openAPIV3Schema: 12260 properties: 12261 spec: 12262 description: 'Request authentication configuration for workloads. See 12263 more details at: https://istio.io/docs/reference/config/security/request_authentication.html' 12264 properties: 12265 jwtRules: 12266 description: Define the list of JWTs that can be validated at the 12267 selected workloads' proxy. 12268 items: 12269 properties: 12270 audiences: 12271 description: The list of JWT [audiences](https://tools.ietf.org/html/rfc7519#section-4.1.3) 12272 that are allowed to access. 12273 items: 12274 type: string 12275 type: array 12276 forwardOriginalToken: 12277 description: If set to true, the original token will be kept 12278 for the upstream request. 12279 type: boolean 12280 fromCookies: 12281 description: List of cookie names from which JWT is expected. 12282 items: 12283 type: string 12284 type: array 12285 fromHeaders: 12286 description: List of header locations from which JWT is expected. 12287 items: 12288 properties: 12289 name: 12290 description: The HTTP header name. 12291 type: string 12292 prefix: 12293 description: The prefix that should be stripped before 12294 decoding the token. 12295 type: string 12296 required: 12297 - name 12298 type: object 12299 type: array 12300 fromParams: 12301 description: List of query parameters from which JWT is expected. 12302 items: 12303 type: string 12304 type: array 12305 issuer: 12306 description: Identifies the issuer that issued the JWT. 12307 type: string 12308 jwks: 12309 description: JSON Web Key Set of public keys to validate signature 12310 of the JWT. 12311 type: string 12312 jwks_uri: 12313 description: URL of the provider's public key set to validate 12314 signature of the JWT. 12315 type: string 12316 jwksUri: 12317 description: URL of the provider's public key set to validate 12318 signature of the JWT. 12319 type: string 12320 outputClaimToHeaders: 12321 description: This field specifies a list of operations to copy 12322 the claim to HTTP headers on a successfully verified token. 12323 items: 12324 properties: 12325 claim: 12326 description: The name of the claim to be copied from. 12327 type: string 12328 header: 12329 description: The name of the header to be created. 12330 type: string 12331 type: object 12332 type: array 12333 outputPayloadToHeader: 12334 description: This field specifies the header name to output 12335 a successfully verified JWT payload to the backend. 12336 type: string 12337 timeout: 12338 description: The maximum amount of time that the resolver, determined 12339 by the PILOT_JWT_ENABLE_REMOTE_JWKS environment variable, 12340 will spend waiting for the JWKS to be fetched. 12341 type: string 12342 required: 12343 - issuer 12344 type: object 12345 type: array 12346 selector: 12347 description: Optional. 12348 properties: 12349 matchLabels: 12350 additionalProperties: 12351 type: string 12352 description: One or more labels that indicate a specific set of 12353 pods/VMs on which a policy should be applied. 12354 type: object 12355 type: object 12356 targetRef: 12357 properties: 12358 group: 12359 description: group is the group of the target resource. 12360 type: string 12361 kind: 12362 description: kind is kind of the target resource. 12363 type: string 12364 name: 12365 description: name is the name of the target resource. 12366 type: string 12367 namespace: 12368 description: namespace is the namespace of the referent. 12369 type: string 12370 type: object 12371 targetRefs: 12372 description: Optional. 12373 items: 12374 properties: 12375 group: 12376 description: group is the group of the target resource. 12377 type: string 12378 kind: 12379 description: kind is kind of the target resource. 12380 type: string 12381 name: 12382 description: name is the name of the target resource. 12383 type: string 12384 namespace: 12385 description: namespace is the namespace of the referent. 12386 type: string 12387 type: object 12388 type: array 12389 type: object 12390 status: 12391 type: object 12392 x-kubernetes-preserve-unknown-fields: true 12393 type: object 12394 served: true 12395 storage: true 12396 subresources: 12397 status: {} 12398 --- 12399 apiVersion: apiextensions.k8s.io/v1 12400 kind: CustomResourceDefinition 12401 metadata: 12402 annotations: 12403 "helm.sh/resource-policy": keep 12404 labels: 12405 app: istio-pilot 12406 chart: istio 12407 heritage: Tiller 12408 istio: telemetry 12409 release: istio 12410 name: telemetries.telemetry.istio.io 12411 spec: 12412 group: telemetry.istio.io 12413 names: 12414 categories: 12415 - istio-io 12416 - telemetry-istio-io 12417 kind: Telemetry 12418 listKind: TelemetryList 12419 plural: telemetries 12420 shortNames: 12421 - telemetry 12422 singular: telemetry 12423 scope: Namespaced 12424 versions: 12425 - additionalPrinterColumns: 12426 - description: 'CreationTimestamp is a timestamp representing the server time 12427 when this object was created. It is not guaranteed to be set in happens-before 12428 order across separate operations. Clients may not set this value. It is represented 12429 in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for 12430 lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' 12431 jsonPath: .metadata.creationTimestamp 12432 name: Age 12433 type: date 12434 name: v1 12435 schema: 12436 openAPIV3Schema: 12437 properties: 12438 spec: 12439 description: 'Telemetry configuration for workloads. See more details 12440 at: https://istio.io/docs/reference/config/telemetry.html' 12441 properties: 12442 accessLogging: 12443 description: Optional. 12444 items: 12445 properties: 12446 disabled: 12447 description: Controls logging. 12448 nullable: true 12449 type: boolean 12450 filter: 12451 description: Optional. 12452 properties: 12453 expression: 12454 description: CEL expression for selecting when requests/connections 12455 should be logged. 12456 type: string 12457 type: object 12458 match: 12459 description: Allows tailoring of logging behavior to specific 12460 conditions. 12461 properties: 12462 mode: 12463 description: |- 12464 This determines whether or not to apply the access logging configuration based on the direction of traffic relative to the proxied workload. 12465 12466 Valid Options: CLIENT_AND_SERVER, CLIENT, SERVER 12467 enum: 12468 - CLIENT_AND_SERVER 12469 - CLIENT 12470 - SERVER 12471 type: string 12472 type: object 12473 providers: 12474 description: Optional. 12475 items: 12476 properties: 12477 name: 12478 description: Required. 12479 minLength: 1 12480 type: string 12481 required: 12482 - name 12483 type: object 12484 type: array 12485 type: object 12486 type: array 12487 metrics: 12488 description: Optional. 12489 items: 12490 properties: 12491 overrides: 12492 description: Optional. 12493 items: 12494 properties: 12495 disabled: 12496 description: Optional. 12497 nullable: true 12498 type: boolean 12499 match: 12500 description: Match allows providing the scope of the override. 12501 oneOf: 12502 - not: 12503 anyOf: 12504 - required: 12505 - metric 12506 - required: 12507 - customMetric 12508 - required: 12509 - metric 12510 - required: 12511 - customMetric 12512 properties: 12513 customMetric: 12514 description: Allows free-form specification of a metric. 12515 minLength: 1 12516 type: string 12517 metric: 12518 description: |- 12519 One of the well-known [Istio Standard Metrics](https://istio.io/latest/docs/reference/config/metrics/). 12520 12521 Valid Options: ALL_METRICS, REQUEST_COUNT, REQUEST_DURATION, REQUEST_SIZE, RESPONSE_SIZE, TCP_OPENED_CONNECTIONS, TCP_CLOSED_CONNECTIONS, TCP_SENT_BYTES, TCP_RECEIVED_BYTES, GRPC_REQUEST_MESSAGES, GRPC_RESPONSE_MESSAGES 12522 enum: 12523 - ALL_METRICS 12524 - REQUEST_COUNT 12525 - REQUEST_DURATION 12526 - REQUEST_SIZE 12527 - RESPONSE_SIZE 12528 - TCP_OPENED_CONNECTIONS 12529 - TCP_CLOSED_CONNECTIONS 12530 - TCP_SENT_BYTES 12531 - TCP_RECEIVED_BYTES 12532 - GRPC_REQUEST_MESSAGES 12533 - GRPC_RESPONSE_MESSAGES 12534 type: string 12535 mode: 12536 description: |- 12537 Controls which mode of metrics generation is selected: `CLIENT`, `SERVER`, or `CLIENT_AND_SERVER`. 12538 12539 Valid Options: CLIENT_AND_SERVER, CLIENT, SERVER 12540 enum: 12541 - CLIENT_AND_SERVER 12542 - CLIENT 12543 - SERVER 12544 type: string 12545 type: object 12546 tagOverrides: 12547 additionalProperties: 12548 properties: 12549 operation: 12550 description: |- 12551 Operation controls whether or not to update/add a tag, or to remove it. 12552 12553 Valid Options: UPSERT, REMOVE 12554 enum: 12555 - UPSERT 12556 - REMOVE 12557 type: string 12558 value: 12559 description: Value is only considered if the operation 12560 is `UPSERT`. 12561 type: string 12562 type: object 12563 x-kubernetes-validations: 12564 - message: value must be set when operation is UPSERT 12565 rule: '((has(self.operation) ? self.operation : '''') 12566 == ''UPSERT'') ? self.value != '''' : true' 12567 - message: value must not be set when operation is REMOVE 12568 rule: '((has(self.operation) ? self.operation : '''') 12569 == ''REMOVE'') ? !has(self.value) : true' 12570 description: Optional. 12571 type: object 12572 type: object 12573 type: array 12574 providers: 12575 description: Optional. 12576 items: 12577 properties: 12578 name: 12579 description: Required. 12580 minLength: 1 12581 type: string 12582 required: 12583 - name 12584 type: object 12585 type: array 12586 reportingInterval: 12587 description: Optional. 12588 type: string 12589 type: object 12590 type: array 12591 selector: 12592 description: Optional. 12593 properties: 12594 matchLabels: 12595 additionalProperties: 12596 type: string 12597 description: One or more labels that indicate a specific set of 12598 pods/VMs on which a policy should be applied. 12599 type: object 12600 type: object 12601 targetRef: 12602 properties: 12603 group: 12604 description: group is the group of the target resource. 12605 type: string 12606 kind: 12607 description: kind is kind of the target resource. 12608 type: string 12609 name: 12610 description: name is the name of the target resource. 12611 type: string 12612 namespace: 12613 description: namespace is the namespace of the referent. 12614 type: string 12615 type: object 12616 targetRefs: 12617 description: Optional. 12618 items: 12619 properties: 12620 group: 12621 description: group is the group of the target resource. 12622 type: string 12623 kind: 12624 description: kind is kind of the target resource. 12625 type: string 12626 name: 12627 description: name is the name of the target resource. 12628 type: string 12629 namespace: 12630 description: namespace is the namespace of the referent. 12631 type: string 12632 type: object 12633 type: array 12634 tracing: 12635 description: Optional. 12636 items: 12637 properties: 12638 customTags: 12639 additionalProperties: 12640 oneOf: 12641 - not: 12642 anyOf: 12643 - required: 12644 - literal 12645 - required: 12646 - environment 12647 - required: 12648 - header 12649 - required: 12650 - literal 12651 - required: 12652 - environment 12653 - required: 12654 - header 12655 properties: 12656 environment: 12657 description: Environment adds the value of an environment 12658 variable to each span. 12659 properties: 12660 defaultValue: 12661 description: Optional. 12662 type: string 12663 name: 12664 description: Name of the environment variable from 12665 which to extract the tag value. 12666 minLength: 1 12667 type: string 12668 required: 12669 - name 12670 type: object 12671 header: 12672 description: RequestHeader adds the value of an header 12673 from the request to each span. 12674 properties: 12675 defaultValue: 12676 description: Optional. 12677 type: string 12678 name: 12679 description: Name of the header from which to extract 12680 the tag value. 12681 minLength: 1 12682 type: string 12683 required: 12684 - name 12685 type: object 12686 literal: 12687 description: Literal adds the same, hard-coded value to 12688 each span. 12689 properties: 12690 value: 12691 description: The tag value to use. 12692 minLength: 1 12693 type: string 12694 required: 12695 - value 12696 type: object 12697 type: object 12698 description: Optional. 12699 type: object 12700 disableSpanReporting: 12701 description: Controls span reporting. 12702 nullable: true 12703 type: boolean 12704 match: 12705 description: Allows tailoring of behavior to specific conditions. 12706 properties: 12707 mode: 12708 description: |- 12709 This determines whether or not to apply the tracing configuration based on the direction of traffic relative to the proxied workload. 12710 12711 Valid Options: CLIENT_AND_SERVER, CLIENT, SERVER 12712 enum: 12713 - CLIENT_AND_SERVER 12714 - CLIENT 12715 - SERVER 12716 type: string 12717 type: object 12718 providers: 12719 description: Optional. 12720 items: 12721 properties: 12722 name: 12723 description: Required. 12724 minLength: 1 12725 type: string 12726 required: 12727 - name 12728 type: object 12729 type: array 12730 randomSamplingPercentage: 12731 description: Controls the rate at which traffic will be selected 12732 for tracing if no prior sampling decision has been made. 12733 format: double 12734 maximum: 100 12735 minimum: 0 12736 nullable: true 12737 type: number 12738 useRequestIdForTraceSampling: 12739 nullable: true 12740 type: boolean 12741 type: object 12742 type: array 12743 type: object 12744 status: 12745 type: object 12746 x-kubernetes-preserve-unknown-fields: true 12747 type: object 12748 served: true 12749 storage: false 12750 subresources: 12751 status: {} 12752 - additionalPrinterColumns: 12753 - description: 'CreationTimestamp is a timestamp representing the server time 12754 when this object was created. It is not guaranteed to be set in happens-before 12755 order across separate operations. Clients may not set this value. It is represented 12756 in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for 12757 lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' 12758 jsonPath: .metadata.creationTimestamp 12759 name: Age 12760 type: date 12761 name: v1alpha1 12762 schema: 12763 openAPIV3Schema: 12764 properties: 12765 spec: 12766 description: 'Telemetry configuration for workloads. See more details 12767 at: https://istio.io/docs/reference/config/telemetry.html' 12768 properties: 12769 accessLogging: 12770 description: Optional. 12771 items: 12772 properties: 12773 disabled: 12774 description: Controls logging. 12775 nullable: true 12776 type: boolean 12777 filter: 12778 description: Optional. 12779 properties: 12780 expression: 12781 description: CEL expression for selecting when requests/connections 12782 should be logged. 12783 type: string 12784 type: object 12785 match: 12786 description: Allows tailoring of logging behavior to specific 12787 conditions. 12788 properties: 12789 mode: 12790 description: |- 12791 This determines whether or not to apply the access logging configuration based on the direction of traffic relative to the proxied workload. 12792 12793 Valid Options: CLIENT_AND_SERVER, CLIENT, SERVER 12794 enum: 12795 - CLIENT_AND_SERVER 12796 - CLIENT 12797 - SERVER 12798 type: string 12799 type: object 12800 providers: 12801 description: Optional. 12802 items: 12803 properties: 12804 name: 12805 description: Required. 12806 minLength: 1 12807 type: string 12808 required: 12809 - name 12810 type: object 12811 type: array 12812 type: object 12813 type: array 12814 metrics: 12815 description: Optional. 12816 items: 12817 properties: 12818 overrides: 12819 description: Optional. 12820 items: 12821 properties: 12822 disabled: 12823 description: Optional. 12824 nullable: true 12825 type: boolean 12826 match: 12827 description: Match allows providing the scope of the override. 12828 oneOf: 12829 - not: 12830 anyOf: 12831 - required: 12832 - metric 12833 - required: 12834 - customMetric 12835 - required: 12836 - metric 12837 - required: 12838 - customMetric 12839 properties: 12840 customMetric: 12841 description: Allows free-form specification of a metric. 12842 minLength: 1 12843 type: string 12844 metric: 12845 description: |- 12846 One of the well-known [Istio Standard Metrics](https://istio.io/latest/docs/reference/config/metrics/). 12847 12848 Valid Options: ALL_METRICS, REQUEST_COUNT, REQUEST_DURATION, REQUEST_SIZE, RESPONSE_SIZE, TCP_OPENED_CONNECTIONS, TCP_CLOSED_CONNECTIONS, TCP_SENT_BYTES, TCP_RECEIVED_BYTES, GRPC_REQUEST_MESSAGES, GRPC_RESPONSE_MESSAGES 12849 enum: 12850 - ALL_METRICS 12851 - REQUEST_COUNT 12852 - REQUEST_DURATION 12853 - REQUEST_SIZE 12854 - RESPONSE_SIZE 12855 - TCP_OPENED_CONNECTIONS 12856 - TCP_CLOSED_CONNECTIONS 12857 - TCP_SENT_BYTES 12858 - TCP_RECEIVED_BYTES 12859 - GRPC_REQUEST_MESSAGES 12860 - GRPC_RESPONSE_MESSAGES 12861 type: string 12862 mode: 12863 description: |- 12864 Controls which mode of metrics generation is selected: `CLIENT`, `SERVER`, or `CLIENT_AND_SERVER`. 12865 12866 Valid Options: CLIENT_AND_SERVER, CLIENT, SERVER 12867 enum: 12868 - CLIENT_AND_SERVER 12869 - CLIENT 12870 - SERVER 12871 type: string 12872 type: object 12873 tagOverrides: 12874 additionalProperties: 12875 properties: 12876 operation: 12877 description: |- 12878 Operation controls whether or not to update/add a tag, or to remove it. 12879 12880 Valid Options: UPSERT, REMOVE 12881 enum: 12882 - UPSERT 12883 - REMOVE 12884 type: string 12885 value: 12886 description: Value is only considered if the operation 12887 is `UPSERT`. 12888 type: string 12889 type: object 12890 x-kubernetes-validations: 12891 - message: value must be set when operation is UPSERT 12892 rule: '((has(self.operation) ? self.operation : '''') 12893 == ''UPSERT'') ? self.value != '''' : true' 12894 - message: value must not be set when operation is REMOVE 12895 rule: '((has(self.operation) ? self.operation : '''') 12896 == ''REMOVE'') ? !has(self.value) : true' 12897 description: Optional. 12898 type: object 12899 type: object 12900 type: array 12901 providers: 12902 description: Optional. 12903 items: 12904 properties: 12905 name: 12906 description: Required. 12907 minLength: 1 12908 type: string 12909 required: 12910 - name 12911 type: object 12912 type: array 12913 reportingInterval: 12914 description: Optional. 12915 type: string 12916 type: object 12917 type: array 12918 selector: 12919 description: Optional. 12920 properties: 12921 matchLabels: 12922 additionalProperties: 12923 type: string 12924 description: One or more labels that indicate a specific set of 12925 pods/VMs on which a policy should be applied. 12926 type: object 12927 type: object 12928 targetRef: 12929 properties: 12930 group: 12931 description: group is the group of the target resource. 12932 type: string 12933 kind: 12934 description: kind is kind of the target resource. 12935 type: string 12936 name: 12937 description: name is the name of the target resource. 12938 type: string 12939 namespace: 12940 description: namespace is the namespace of the referent. 12941 type: string 12942 type: object 12943 targetRefs: 12944 description: Optional. 12945 items: 12946 properties: 12947 group: 12948 description: group is the group of the target resource. 12949 type: string 12950 kind: 12951 description: kind is kind of the target resource. 12952 type: string 12953 name: 12954 description: name is the name of the target resource. 12955 type: string 12956 namespace: 12957 description: namespace is the namespace of the referent. 12958 type: string 12959 type: object 12960 type: array 12961 tracing: 12962 description: Optional. 12963 items: 12964 properties: 12965 customTags: 12966 additionalProperties: 12967 oneOf: 12968 - not: 12969 anyOf: 12970 - required: 12971 - literal 12972 - required: 12973 - environment 12974 - required: 12975 - header 12976 - required: 12977 - literal 12978 - required: 12979 - environment 12980 - required: 12981 - header 12982 properties: 12983 environment: 12984 description: Environment adds the value of an environment 12985 variable to each span. 12986 properties: 12987 defaultValue: 12988 description: Optional. 12989 type: string 12990 name: 12991 description: Name of the environment variable from 12992 which to extract the tag value. 12993 minLength: 1 12994 type: string 12995 required: 12996 - name 12997 type: object 12998 header: 12999 description: RequestHeader adds the value of an header 13000 from the request to each span. 13001 properties: 13002 defaultValue: 13003 description: Optional. 13004 type: string 13005 name: 13006 description: Name of the header from which to extract 13007 the tag value. 13008 minLength: 1 13009 type: string 13010 required: 13011 - name 13012 type: object 13013 literal: 13014 description: Literal adds the same, hard-coded value to 13015 each span. 13016 properties: 13017 value: 13018 description: The tag value to use. 13019 minLength: 1 13020 type: string 13021 required: 13022 - value 13023 type: object 13024 type: object 13025 description: Optional. 13026 type: object 13027 disableSpanReporting: 13028 description: Controls span reporting. 13029 nullable: true 13030 type: boolean 13031 match: 13032 description: Allows tailoring of behavior to specific conditions. 13033 properties: 13034 mode: 13035 description: |- 13036 This determines whether or not to apply the tracing configuration based on the direction of traffic relative to the proxied workload. 13037 13038 Valid Options: CLIENT_AND_SERVER, CLIENT, SERVER 13039 enum: 13040 - CLIENT_AND_SERVER 13041 - CLIENT 13042 - SERVER 13043 type: string 13044 type: object 13045 providers: 13046 description: Optional. 13047 items: 13048 properties: 13049 name: 13050 description: Required. 13051 minLength: 1 13052 type: string 13053 required: 13054 - name 13055 type: object 13056 type: array 13057 randomSamplingPercentage: 13058 description: Controls the rate at which traffic will be selected 13059 for tracing if no prior sampling decision has been made. 13060 format: double 13061 maximum: 100 13062 minimum: 0 13063 nullable: true 13064 type: number 13065 useRequestIdForTraceSampling: 13066 nullable: true 13067 type: boolean 13068 type: object 13069 type: array 13070 type: object 13071 status: 13072 type: object 13073 x-kubernetes-preserve-unknown-fields: true 13074 type: object 13075 served: true 13076 storage: true 13077 subresources: 13078 status: {} 13079 {{- end }}