Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrInvalidLengthDestinationRule        = fmt.Errorf("proto: negative length found during unmarshaling")
	ErrIntOverflowDestinationRule          = fmt.Errorf("proto: integer overflow")
	ErrUnexpectedEndOfGroupDestinationRule = fmt.Errorf("proto: unexpected end of group")
)
View Source
var (
	DestinationRuleMarshaler   = &github_com_gogo_protobuf_jsonpb.Marshaler{}
	DestinationRuleUnmarshaler = &github_com_gogo_protobuf_jsonpb.Unmarshaler{AllowUnknownFields: true}
)
View Source
var (
	ErrInvalidLengthEnvoyFilter        = fmt.Errorf("proto: negative length found during unmarshaling")
	ErrIntOverflowEnvoyFilter          = fmt.Errorf("proto: integer overflow")
	ErrUnexpectedEndOfGroupEnvoyFilter = fmt.Errorf("proto: unexpected end of group")
)
View Source
var (
	EnvoyFilterMarshaler   = &github_com_gogo_protobuf_jsonpb.Marshaler{}
	EnvoyFilterUnmarshaler = &github_com_gogo_protobuf_jsonpb.Unmarshaler{AllowUnknownFields: true}
)
View Source
var (
	ErrInvalidLengthGateway        = fmt.Errorf("proto: negative length found during unmarshaling")
	ErrIntOverflowGateway          = fmt.Errorf("proto: integer overflow")
	ErrUnexpectedEndOfGroupGateway = fmt.Errorf("proto: unexpected end of group")
)
View Source
var (
	GatewayMarshaler   = &github_com_gogo_protobuf_jsonpb.Marshaler{}
	GatewayUnmarshaler = &github_com_gogo_protobuf_jsonpb.Unmarshaler{AllowUnknownFields: true}
)
View Source
var (
	ErrInvalidLengthServiceEntry        = fmt.Errorf("proto: negative length found during unmarshaling")
	ErrIntOverflowServiceEntry          = fmt.Errorf("proto: integer overflow")
	ErrUnexpectedEndOfGroupServiceEntry = fmt.Errorf("proto: unexpected end of group")
)
View Source
var (
	ServiceEntryMarshaler   = &github_com_gogo_protobuf_jsonpb.Marshaler{}
	ServiceEntryUnmarshaler = &github_com_gogo_protobuf_jsonpb.Unmarshaler{AllowUnknownFields: true}
)
View Source
var (
	ErrInvalidLengthSidecar        = fmt.Errorf("proto: negative length found during unmarshaling")
	ErrIntOverflowSidecar          = fmt.Errorf("proto: integer overflow")
	ErrUnexpectedEndOfGroupSidecar = fmt.Errorf("proto: unexpected end of group")
)
View Source
var (
	SidecarMarshaler   = &github_com_gogo_protobuf_jsonpb.Marshaler{}
	SidecarUnmarshaler = &github_com_gogo_protobuf_jsonpb.Unmarshaler{AllowUnknownFields: true}
)
View Source
var (
	ErrInvalidLengthVirtualService        = fmt.Errorf("proto: negative length found during unmarshaling")
	ErrIntOverflowVirtualService          = fmt.Errorf("proto: integer overflow")
	ErrUnexpectedEndOfGroupVirtualService = fmt.Errorf("proto: unexpected end of group")
)
View Source
var (
	VirtualServiceMarshaler   = &github_com_gogo_protobuf_jsonpb.Marshaler{}
	VirtualServiceUnmarshaler = &github_com_gogo_protobuf_jsonpb.Unmarshaler{AllowUnknownFields: true}
)
View Source
var (
	ErrInvalidLengthWorkloadEntry        = fmt.Errorf("proto: negative length found during unmarshaling")
	ErrIntOverflowWorkloadEntry          = fmt.Errorf("proto: integer overflow")
	ErrUnexpectedEndOfGroupWorkloadEntry = fmt.Errorf("proto: unexpected end of group")
)
View Source
var (
	WorkloadEntryMarshaler   = &github_com_gogo_protobuf_jsonpb.Marshaler{}
	WorkloadEntryUnmarshaler = &github_com_gogo_protobuf_jsonpb.Unmarshaler{AllowUnknownFields: true}
)
View Source
var (
	ErrInvalidLengthWorkloadGroup        = fmt.Errorf("proto: negative length found during unmarshaling")
	ErrIntOverflowWorkloadGroup          = fmt.Errorf("proto: integer overflow")
	ErrUnexpectedEndOfGroupWorkloadGroup = fmt.Errorf("proto: unexpected end of group")
)
View Source
var (
	WorkloadGroupMarshaler   = &github_com_gogo_protobuf_jsonpb.Marshaler{}
	WorkloadGroupUnmarshaler = &github_com_gogo_protobuf_jsonpb.Unmarshaler{AllowUnknownFields: true}
)
View Source
var CaptureMode_name = map[int32]string{
	0: "DEFAULT",
	1: "IPTABLES",
	2: "NONE",
}
View Source
var CaptureMode_value = map[string]int32{
	"DEFAULT":  0,
	"IPTABLES": 1,
	"NONE":     2,
}
View Source
var ClientTLSSettings_TLSmode_name = map[int32]string{
	0: "DISABLE",
	1: "SIMPLE",
	2: "MUTUAL",
	3: "ISTIO_MUTUAL",
}
View Source
var ClientTLSSettings_TLSmode_value = map[string]int32{
	"DISABLE":      0,
	"SIMPLE":       1,
	"MUTUAL":       2,
	"ISTIO_MUTUAL": 3,
}
View Source
var ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy_name = map[int32]string{
	0: "DEFAULT",
	1: "DO_NOT_UPGRADE",
	2: "UPGRADE",
}
View Source
var ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy_value = map[string]int32{
	"DEFAULT":        0,
	"DO_NOT_UPGRADE": 1,
	"UPGRADE":        2,
}
View Source
var EnvoyFilter_ApplyTo_name = map[int32]string{
	0: "INVALID",
	1: "LISTENER",
	2: "FILTER_CHAIN",
	3: "NETWORK_FILTER",
	4: "HTTP_FILTER",
	5: "ROUTE_CONFIGURATION",
	6: "VIRTUAL_HOST",
	7: "HTTP_ROUTE",
	8: "CLUSTER",
	9: "EXTENSION_CONFIG",
}
View Source
var EnvoyFilter_ApplyTo_value = map[string]int32{
	"INVALID":             0,
	"LISTENER":            1,
	"FILTER_CHAIN":        2,
	"NETWORK_FILTER":      3,
	"HTTP_FILTER":         4,
	"ROUTE_CONFIGURATION": 5,
	"VIRTUAL_HOST":        6,
	"HTTP_ROUTE":          7,
	"CLUSTER":             8,
	"EXTENSION_CONFIG":    9,
}
View Source
var EnvoyFilter_PatchContext_name = map[int32]string{
	0: "ANY",
	1: "SIDECAR_INBOUND",
	2: "SIDECAR_OUTBOUND",
	3: "GATEWAY",
}
View Source
var EnvoyFilter_PatchContext_value = map[string]int32{
	"ANY":              0,
	"SIDECAR_INBOUND":  1,
	"SIDECAR_OUTBOUND": 2,
	"GATEWAY":          3,
}
View Source
var EnvoyFilter_Patch_FilterClass_name = map[int32]string{
	0: "UNSPECIFIED",
	1: "AUTHN",
	2: "AUTHZ",
	3: "STATS",
}
View Source
var EnvoyFilter_Patch_FilterClass_value = map[string]int32{
	"UNSPECIFIED": 0,
	"AUTHN":       1,
	"AUTHZ":       2,
	"STATS":       3,
}
View Source
var EnvoyFilter_Patch_Operation_name = map[int32]string{
	0: "INVALID",
	1: "MERGE",
	2: "ADD",
	3: "REMOVE",
	4: "INSERT_BEFORE",
	5: "INSERT_AFTER",
	6: "INSERT_FIRST",
	7: "REPLACE",
}
View Source
var EnvoyFilter_Patch_Operation_value = map[string]int32{
	"INVALID":       0,
	"MERGE":         1,
	"ADD":           2,
	"REMOVE":        3,
	"INSERT_BEFORE": 4,
	"INSERT_AFTER":  5,
	"INSERT_FIRST":  6,
	"REPLACE":       7,
}
View Source
var EnvoyFilter_RouteConfigurationMatch_RouteMatch_Action_name = map[int32]string{
	0: "ANY",
	1: "ROUTE",
	2: "REDIRECT",
	3: "DIRECT_RESPONSE",
}
View Source
var EnvoyFilter_RouteConfigurationMatch_RouteMatch_Action_value = map[string]int32{
	"ANY":             0,
	"ROUTE":           1,
	"REDIRECT":        2,
	"DIRECT_RESPONSE": 3,
}
View Source
var LoadBalancerSettings_SimpleLB_name = map[int32]string{
	0: "ROUND_ROBIN",
	1: "LEAST_CONN",
	2: "RANDOM",
	3: "PASSTHROUGH",
}
View Source
var LoadBalancerSettings_SimpleLB_value = map[string]int32{
	"ROUND_ROBIN": 0,
	"LEAST_CONN":  1,
	"RANDOM":      2,
	"PASSTHROUGH": 3,
}
View Source
var OutboundTrafficPolicy_Mode_name = map[int32]string{
	0: "REGISTRY_ONLY",
	1: "ALLOW_ANY",
}
View Source
var OutboundTrafficPolicy_Mode_value = map[string]int32{
	"REGISTRY_ONLY": 0,
	"ALLOW_ANY":     1,
}
View Source
var ServerTLSSettings_TLSProtocol_name = map[int32]string{
	0: "TLS_AUTO",
	1: "TLSV1_0",
	2: "TLSV1_1",
	3: "TLSV1_2",
	4: "TLSV1_3",
}
View Source
var ServerTLSSettings_TLSProtocol_value = map[string]int32{
	"TLS_AUTO": 0,
	"TLSV1_0":  1,
	"TLSV1_1":  2,
	"TLSV1_2":  3,
	"TLSV1_3":  4,
}
View Source
var ServerTLSSettings_TLSmode_name = map[int32]string{
	0: "PASSTHROUGH",
	1: "SIMPLE",
	2: "MUTUAL",
	3: "AUTO_PASSTHROUGH",
	4: "ISTIO_MUTUAL",
}
View Source
var ServerTLSSettings_TLSmode_value = map[string]int32{
	"PASSTHROUGH":      0,
	"SIMPLE":           1,
	"MUTUAL":           2,
	"AUTO_PASSTHROUGH": 3,
	"ISTIO_MUTUAL":     4,
}
View Source
var ServiceEntry_Location_name = map[int32]string{
	0: "MESH_EXTERNAL",
	1: "MESH_INTERNAL",
}
View Source
var ServiceEntry_Location_value = map[string]int32{
	"MESH_EXTERNAL": 0,
	"MESH_INTERNAL": 1,
}
View Source
var ServiceEntry_Resolution_name = map[int32]string{
	0: "NONE",
	1: "STATIC",
	2: "DNS",
}
View Source
var ServiceEntry_Resolution_value = map[string]int32{
	"NONE":   0,
	"STATIC": 1,
	"DNS":    2,
}

Functions

This section is empty.

Types

type CaptureMode

type CaptureMode int32

    `CaptureMode` describes how traffic to a listener is expected to be captured. Applicable only when the listener is bound to an IP.

    const (
    	// The default capture mode defined by the environment.
    	CaptureMode_DEFAULT CaptureMode = 0
    	// Capture traffic using IPtables redirection.
    	CaptureMode_IPTABLES CaptureMode = 1
    	// No traffic capture. When used in an egress listener, the application is
    	// expected to explicitly communicate with the listener port or Unix
    	// domain socket. When used in an ingress listener, care needs to be taken
    	// to ensure that the listener port is not in use by other processes on
    	// the host.
    	CaptureMode_NONE CaptureMode = 2
    )

    func (CaptureMode) EnumDescriptor

    func (CaptureMode) EnumDescriptor() ([]byte, []int)

    func (CaptureMode) String

    func (x CaptureMode) String() string

    type ClientTLSSettings

    type ClientTLSSettings struct {
    	// Indicates whether connections to this port should be secured
    	// using TLS. The value of this field determines how TLS is enforced.
    	Mode ClientTLSSettings_TLSmode `protobuf:"varint,1,opt,name=mode,proto3,enum=istio.networking.v1alpha3.ClientTLSSettings_TLSmode" json:"mode,omitempty"`
    	// REQUIRED if mode is `MUTUAL`. The path to the file holding the
    	// client-side TLS certificate to use.
    	// Should be empty if mode is `ISTIO_MUTUAL`.
    	ClientCertificate string `protobuf:"bytes,2,opt,name=client_certificate,json=clientCertificate,proto3" json:"client_certificate,omitempty"`
    	// REQUIRED if mode is `MUTUAL`. The path to the file holding the
    	// client's private key.
    	// Should be empty if mode is `ISTIO_MUTUAL`.
    	PrivateKey string `protobuf:"bytes,3,opt,name=private_key,json=privateKey,proto3" json:"private_key,omitempty"`
    	// OPTIONAL: The path to the file containing certificate authority
    	// certificates to use in verifying a presented server certificate. If
    	// omitted, the proxy will not verify the server's certificate.
    	// Should be empty if mode is `ISTIO_MUTUAL`.
    	CaCertificates string `protobuf:"bytes,4,opt,name=ca_certificates,json=caCertificates,proto3" json:"ca_certificates,omitempty"`
    	// The name of the secret that holds the TLS certs for the
    	// client including the CA certificates. Secret must exist in the
    	// same namespace with the proxy using the certificates.
    	// The secret (of type `generic`)should contain the
    	// following keys and values: `key: <privateKey>`,
    	// `cert: <serverCert>`, `cacert: <CACertificate>`.
    	// Secret of type tls for client certificates along with
    	// ca.crt key for CA certificates is also supported.
    	// Only one of client certificates and CA certificate
    	// or credentialName can be specified.
    	//
    	// **NOTE:** This field is currently applicable only at gateways.
    	// Sidecars will continue to use the certificate paths.
    	CredentialName string `protobuf:"bytes,7,opt,name=credential_name,json=credentialName,proto3" json:"credential_name,omitempty"`
    	// A list of alternate names to verify the subject identity in the
    	// certificate. If specified, the proxy will verify that the server
    	// certificate's subject alt name matches one of the specified values.
    	// If specified, this list overrides the value of subject_alt_names
    	// from the ServiceEntry.
    	SubjectAltNames []string `protobuf:"bytes,5,rep,name=subject_alt_names,json=subjectAltNames,proto3" json:"subject_alt_names,omitempty"`
    	// SNI string to present to the server during TLS handshake.
    	Sni                  string   `protobuf:"bytes,6,opt,name=sni,proto3" json:"sni,omitempty"`
    	XXX_NoUnkeyedLiteral struct{} `json:"-"`
    	XXX_unrecognized     []byte   `json:"-"`
    	XXX_sizecache        int32    `json:"-"`
    }

      SSL/TLS related settings for upstream connections. See Envoy's [TLS context](https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/auth/cert.proto.html) for more details. These settings are common to both HTTP and TCP upstreams.

      For example, the following rule configures a client to use mutual TLS for connections to upstream database cluster.

      {{<tabset category-name="example">}} {{<tab name="v1alpha3" category-value="v1alpha3">}} “`yaml apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata:

      name: db-mtls
      

      spec:

      host: mydbserver.prod.svc.cluster.local
      trafficPolicy:
        tls:
          mode: MUTUAL
          clientCertificate: /etc/certs/myclientcert.pem
          privateKey: /etc/certs/client_private_key.pem
          caCertificates: /etc/certs/rootcacerts.pem
      

      “` {{</tab>}}

      {{<tab name="v1beta1" category-value="v1beta1">}} “`yaml apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata:

      name: db-mtls
      

      spec:

      host: mydbserver.prod.svc.cluster.local
      trafficPolicy:
        tls:
          mode: MUTUAL
          clientCertificate: /etc/certs/myclientcert.pem
          privateKey: /etc/certs/client_private_key.pem
          caCertificates: /etc/certs/rootcacerts.pem
      

      “` {{</tab>}} {{</tabset>}}

      The following rule configures a client to use TLS when talking to a foreign service whose domain matches *.foo.com.

      {{<tabset category-name="example">}} {{<tab name="v1alpha3" category-value="v1alpha3">}} “`yaml apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata:

      name: tls-foo
      

      spec:

      host: "*.foo.com"
      trafficPolicy:
        tls:
          mode: SIMPLE
      

      “` {{</tab>}}

      {{<tab name="v1beta1" category-value="v1beta1">}} “`yaml apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata:

      name: tls-foo
      

      spec:

      host: "*.foo.com"
      trafficPolicy:
        tls:
          mode: SIMPLE
      

      “` {{</tab>}} {{</tabset>}}

      The following rule configures a client to use Istio mutual TLS when talking to rating services.

      {{<tabset category-name="example">}} {{<tab name="v1alpha3" category-value="v1alpha3">}} “`yaml apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata:

      name: ratings-istio-mtls
      

      spec:

      host: ratings.prod.svc.cluster.local
      trafficPolicy:
        tls:
          mode: ISTIO_MUTUAL
      

      “` {{</tab>}}

      {{<tab name="v1beta1" category-value="v1beta1">}} “`yaml apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata:

      name: ratings-istio-mtls
      

      spec:

      host: ratings.prod.svc.cluster.local
      trafficPolicy:
        tls:
          mode: ISTIO_MUTUAL
      

      “` {{</tab>}} {{</tabset>}}

      func (*ClientTLSSettings) DeepCopy

      func (in *ClientTLSSettings) DeepCopy() *ClientTLSSettings

        DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientTLSSettings. Required by controller-gen.

        func (*ClientTLSSettings) DeepCopyInterface

        func (in *ClientTLSSettings) DeepCopyInterface() interface{}

          DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ClientTLSSettings. Required by controller-gen.

          func (*ClientTLSSettings) DeepCopyInto

          func (in *ClientTLSSettings) DeepCopyInto(out *ClientTLSSettings)

            DeepCopyInto supports using ClientTLSSettings within kubernetes types, where deepcopy-gen is used.

            func (*ClientTLSSettings) Descriptor

            func (*ClientTLSSettings) Descriptor() ([]byte, []int)

            func (*ClientTLSSettings) GetCaCertificates

            func (m *ClientTLSSettings) GetCaCertificates() string

            func (*ClientTLSSettings) GetClientCertificate

            func (m *ClientTLSSettings) GetClientCertificate() string

            func (*ClientTLSSettings) GetCredentialName

            func (m *