istio
/
api
mirror of https://github.com/istio/api.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updates to service entries (#646) 

* SE spiffe ID

Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com>

* more updates

Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com>

* nits

Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com>

* combined updates

Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com>

* combined updates

Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com>

* nits

Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com>

* nits

Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com>

* nuke san from dr

Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com>

* auto passthrough

Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com>

* remove san from service entry

Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com>
This commit is contained in:
Shriram Rajagopalan 2018-10-16 16:55:44 -04:00 committed by istio-bot
parent 169a0a35c0
commit 0b70b6093b
9 changed files with 355 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
networking/v1alpha3/destination_rule.pb.go
View File

@ -1136,10 +1136,8 @@ type TLSSettings struct {
// A list of alternate names to verify the subject identity in the
// certificate. If specified, the proxy will verify that the server
// certificate's subject alt name matches one of the specified values.
// Should be empty if mode is `ISTIO_MUTUAL`.
SubjectAltNames []string `protobuf:"bytes,5,rep,name=subject_alt_names,json=subjectAltNames" json:"subject_alt_names,omitempty"`
// SNI string to present to the server during TLS handshake.
// Should be empty if mode is `ISTIO_MUTUAL`.
Sni string `protobuf:"bytes,6,opt,name=sni,proto3" json:"sni,omitempty"`
}

2
networking/v1alpha3/destination_rule.proto
View File

@ -539,10 +539,8 @@ message TLSSettings {
// A list of alternate names to verify the subject identity in the
// certificate. If specified, the proxy will verify that the server
// certificate's subject alt name matches one of the specified values.
// Should be empty if mode is `ISTIO_MUTUAL`.
repeated string subject_alt_names = 5;
// SNI string to present to the server during TLS handshake.
// Should be empty if mode is `ISTIO_MUTUAL`.
string sni = 6;
}

102
networking/v1alpha3/gateway.pb.go
View File

@ -18,25 +18,39 @@ var _ = math.Inf
type Server_TLSOptions_TLSmode int32
const (
// Forward the connection to the upstream server selected based on
// the SNI string presented by the client.
// The SNI string presented by the client will be used as the match
// criterion in a VirtualService TLS route to determine the
// destination service from the service registry.
Server_TLSOptions_PASSTHROUGH Server_TLSOptions_TLSmode = 0
// Secure connections with standard TLS semantics.
Server_TLSOptions_SIMPLE Server_TLSOptions_TLSmode = 1
// Secure connections to the upstream using mutual TLS by presenting
// client certificates for authentication.
Server_TLSOptions_MUTUAL Server_TLSOptions_TLSmode = 2
// Similar to the passthrough mode, except servers with this TLS mode
// do not require an associated VirtualService to map from the SNI
// value to service in the registry. The destination details such as
// the service/subset/port are encoded in the SNI value. The proxy
// will forward to the upstream (Envoy) cluster (a group of
// endpoints) specified by the SNI value. This server is typically
// used to provide connectivity between services in disparate L3
// networks that otherwise do not have direct connectivity between
// their respective endpoints. Use of this mode assumes that both the
// source and the destination are using Istio mTLS to secure traffic.
Server_TLSOptions_AUTO_PASSTHROUGH Server_TLSOptions_TLSmode = 3
)
var Server_TLSOptions_TLSmode_name = map[int32]string{
0: "PASSTHROUGH",
1: "SIMPLE",
2: "MUTUAL",
3: "AUTO_PASSTHROUGH",
}
var Server_TLSOptions_TLSmode_value = map[string]int32{
"PASSTHROUGH": 0,
"SIMPLE": 1,
"MUTUAL": 2,
"PASSTHROUGH": 0,
"SIMPLE": 1,
"MUTUAL": 2,
"AUTO_PASSTHROUGH": 3,
}
func (x Server_TLSOptions_TLSmode) String() string {
@ -1699,44 +1713,44 @@ var (
func init() { proto.RegisterFile("networking/v1alpha3/gateway.proto", fileDescriptorGateway) }
var fileDescriptorGateway = []byte{
// 616 bytes of a gzipped FileDescriptorProto
// 621 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x54, 0xdd, 0x4e, 0xdb, 0x30,
0x14, 0x26, 0x6d, 0xe9, 0xcf, 0x29, 0x85, 0x60, 0xa1, 0x29, 0xe3, 0x82, 0x9f, 0x4e, 0xd3, 0xd0,
0xb4, 0xa5, 0xd0, 0xee, 0x02, 0x0d, 0x69, 0x52, 0x37, 0x21, 0x98, 0x56, 0x68, 0xe5, 0xb4, 0xbb,
0xd8, 0x4d, 0x64, 0x82, 0x47, 0x0d, 0x69, 0x1c, 0xd9, 0x6e, 0xa1, 0xef, 0xb3, 0xa7, 0xd8, 0x13,
0xec, 0x72, 0x7b, 0x83, 0x89, 0x27, 0x99, 0xec, 0xa4, 0x84, 0xfd, 0x31, 0xa1, 0xdd, 0xf9, 0xfb,
0xce, 0xf9, 0xbe, 0xe3, 0x73, 0x7c, 0x12, 0xd8, 0x8c, 0xa8, 0xba, 0xe4, 0xe2, 0x82, 0x45, 0x67,
0x8d, 0xc9, 0x0e, 0x09, 0xe3, 0x21, 0x69, 0x35, 0xce, 0x88, 0xa2, 0x97, 0x64, 0xea, 0xc6, 0x82,
0x2b, 0x8e, 0x1e, 0x32, 0xa9, 0x18, 0x77, 0xb3, 0x44, 0x77, 0x96, 0x58, 0xff, 0x66, 0x41, 0xe9,
0x20, 0x49, 0x46, 0x7b, 0x50, 0x92, 0x54, 0x4c, 0xa8, 0x90, 0x8e, 0xb5, 0x91, 0xdf, 0xaa, 0x36,
0x37, 0xdd, 0xbf, 0x0a, 0x5d, 0xcf, 0x64, 0xe2, 0x99, 0x02, 0x75, 0xa0, 0x2c, 0x69, 0x48, 0x03,
0xc5, 0x85, 0x93, 0x33, 0xea, 0xed, 0x3b, 0xd4, 0x69, 0x49, 0xd7, 0x4b, 0x25, 0xfb, 0x91, 0x12,
0x53, 0x7c, 0xe3, 0xb0, 0xba, 0x07, 0xb5, 0x9f, 0x42, 0xc8, 0x86, 0xfc, 0x05, 0x9d, 0x3a, 0xd6,
0x86, 0xb5, 0x55, 0xc1, 0xfa, 0x88, 0x56, 0x60, 0x7e, 0x42, 0xc2, 0x31, 0x75, 0x72, 0x86, 0x4b,
0xc0, 0xcb, 0xdc, 0xae, 0x55, 0xff, 0x5c, 0x84, 0x62, 0x72, 0x3d, 0xd4, 0x82, 0x42, 0xcc, 0x85,
0x32, 0xba, 0x6a, 0x73, 0xfd, 0x8e, 0x1b, 0xf5, 0xb8, 0x50, 0xd8, 0x24, 0x6b, 0xe7, 0x21, 0x97,
0x4a, 0x9a, 0x3e, 0x2a, 0x38, 0x01, 0xe8, 0x15, 0xe4, 0x55, 0x28, 0x9d, 0xbc, 0x71, 0x7a, 0xf6,
0xcf, 0xc9, 0xb8, 0xfd, 0x8e, 0xd7, 0x8d, 0x15, 0xe3, 0x91, 0xc4, 0x5a, 0xb8, 0xfa, 0x69, 0x1e,
0x20, 0xe3, 0xd0, 0x63, 0x58, 0x1c, 0x2a, 0x15, 0x4b, 0x5f, 0xd0, 0x53, 0x26, 0x68, 0x90, 0xdc,
0xb1, 0x8c, 0x6b, 0x86, 0xc5, 0x29, 0x89, 0x0e, 0xa1, 0x30, 0xe2, 0xa7, 0x49, 0x93, 0x8b, 0xcd,
0x17, 0xf7, 0x29, 0xab, 0x8f, 0x5a, 0x8b, 0x8d, 0x03, 0x7a, 0x0e, 0x28, 0x79, 0x2b, 0x3f, 0xa0,
0x42, 0xb1, 0x8f, 0x2c, 0x20, 0x8a, 0x9a, 0x76, 0x2a, 0x78, 0x39, 0x89, 0xbc, 0xc9, 0x02, 0x68,
0x1d, 0xaa, 0xb1, 0x60, 0x13, 0xa2, 0xa8, 0xaf, 0x07, 0x5f, 0x30, 0x79, 0x90, 0x52, 0xef, 0xe8,
0x14, 0x3d, 0x81, 0xa5, 0x80, 0xdc, 0xf6, 0x92, 0xce, 0xbc, 0x49, 0x5a, 0x0c, 0xc8, 0x2d, 0x23,
0x89, 0x9e, 0xc2, 0xb2, 0x1c, 0x9f, 0x9c, 0xd3, 0x40, 0xf9, 0x24, 0x54, 0x7e, 0x44, 0x46, 0x54,
0x3a, 0x45, 0x33, 0xda, 0xa5, 0x34, 0xd0, 0x0e, 0xd5, 0xb1, 0xa6, 0xd1, 0x39, 0xac, 0x8c, 0x58,
0xe4, 0x9b, 0xb5, 0x0d, 0x78, 0xe8, 0xeb, 0xd5, 0x62, 0x3c, 0x72, 0x4a, 0xa6, 0xfd, 0xdd, 0xfb,
0xb6, 0xdf, 0x4b, 0x7d, 0x30, 0x1a, 0xb1, 0x68, 0x06, 0xde, 0x27, 0x9e, 0xa6, 0x16, 0xb9, 0xfa,
0xbd, 0x56, 0xf9, 0xbf, 0x6b, 0x91, 0xab, 0x5f, 0x6b, 0x3d, 0x82, 0x5a, 0xc0, 0xe2, 0x21, 0x15,
0xbe, 0x1c, 0x33, 0x3d, 0xaa, 0x8a, 0xe9, 0x7f, 0x21, 0x21, 0x3d, 0xc3, 0xd5, 0x9b, 0x50, 0x4a,
0x9f, 0x0c, 0x2d, 0x41, 0xb5, 0xd7, 0xf6, 0xbc, 0xfe, 0x21, 0xee, 0x0e, 0x0e, 0x0e, 0xed, 0x39,
0x04, 0x50, 0xf4, 0xde, 0x1e, 0xf5, 0x3a, 0xfb, 0xb6, 0xa5, 0xcf, 0x47, 0x83, 0xfe, 0xa0, 0xdd,
0xb1, 0x73, 0xf5, 0x2e, 0x54, 0x6f, 0xd5, 0x46, 0x0b, 0x50, 0xee, 0x77, 0x3c, 0xbf, 0x3d, 0xe8,
0x77, 0xed, 0x39, 0x54, 0x35, 0x86, 0x93, 0x1d, 0x7f, 0xdb, 0xb6, 0x32, 0xb0, 0x63, 0xe7, 0x32,
0xd0, 0xb4, 0xf3, 0x19, 0x68, 0xd9, 0x85, 0xfa, 0x31, 0x14, 0xf4, 0xa7, 0x80, 0x1e, 0x40, 0x31,
0x1a, 0x8f, 0x4e, 0xa8, 0x30, 0x7b, 0x59, 0xc3, 0x29, 0x42, 0xab, 0x50, 0x9e, 0x4d, 0x2c, 0xfd,
0xf2, 0x6e, 0x30, 0x42, 0x50, 0xd0, 0xaf, 0x9b, 0x2e, 0x95, 0x39, 0xbf, 0x76, 0xbf, 0x5c, 0xaf,
0x59, 0x5f, 0xaf, 0xd7, 0xac, 0xef, 0xd7, 0x6b, 0xd6, 0x87, 0x8d, 0x64, 0xa8, 0x8c, 0x37, 0x48,
0xcc, 0x1a, 0x7f, 0xf8, 0x73, 0x9d, 0x14, 0x8d, 0x5b, 0xeb, 0x47, 0x00, 0x00, 0x00, 0xff, 0xff,
0xc9, 0x4e, 0x9d, 0xb8, 0xd7, 0x04, 0x00, 0x00,
0x18, 0x25, 0x6d, 0xe9, 0xcf, 0x57, 0x0a, 0xc1, 0x42, 0x53, 0xc6, 0x05, 0x3f, 0x9d, 0xa6, 0xa1,
0x69, 0x4b, 0xa1, 0xdd, 0x05, 0x1a, 0xd2, 0xa4, 0x6e, 0x42, 0x74, 0x5a, 0xa1, 0x95, 0xd3, 0xee,
0x62, 0x37, 0x91, 0x09, 0x1e, 0x35, 0xa4, 0x71, 0x64, 0xbb, 0x85, 0xbe, 0xda, 0x9e, 0x60, 0x97,
0xec, 0x0d, 0x26, 0x9e, 0x64, 0xb2, 0x93, 0xd2, 0xee, 0x8f, 0x09, 0xed, 0xce, 0xe7, 0xf8, 0x9c,
0xf3, 0xf9, 0xfb, 0xec, 0x04, 0xb6, 0x23, 0xaa, 0xae, 0xb8, 0xb8, 0x64, 0xd1, 0x79, 0x6d, 0xbc,
0x47, 0xc2, 0x78, 0x40, 0x1a, 0xb5, 0x73, 0xa2, 0xe8, 0x15, 0x99, 0xb8, 0xb1, 0xe0, 0x8a, 0xa3,
0xc7, 0x4c, 0x2a, 0xc6, 0xdd, 0x99, 0xd0, 0x9d, 0x0a, 0xab, 0xdf, 0x2c, 0x28, 0x1c, 0x25, 0x62,
0x74, 0x00, 0x05, 0x49, 0xc5, 0x98, 0x0a, 0xe9, 0x58, 0x5b, 0xd9, 0x9d, 0x72, 0x7d, 0xdb, 0xfd,
0xab, 0xd1, 0xf5, 0x8c, 0x12, 0x4f, 0x1d, 0xa8, 0x0d, 0x45, 0x49, 0x43, 0x1a, 0x28, 0x2e, 0x9c,
0x8c, 0x71, 0xef, 0xde, 0xe3, 0x4e, 0x4b, 0xba, 0x5e, 0x6a, 0x39, 0x8c, 0x94, 0x98, 0xe0, 0xbb,
0x84, 0xf5, 0x03, 0xa8, 0xfc, 0xb4, 0x85, 0x6c, 0xc8, 0x5e, 0xd2, 0x89, 0x63, 0x6d, 0x59, 0x3b,
0x25, 0xac, 0x97, 0x68, 0x0d, 0x16, 0xc7, 0x24, 0x1c, 0x51, 0x27, 0x63, 0xb8, 0x04, 0xbc, 0xce,
0xec, 0x5b, 0xd5, 0x9b, 0x3c, 0xe4, 0x93, 0xe3, 0xa1, 0x06, 0xe4, 0x62, 0x2e, 0x94, 0xf1, 0x95,
0xeb, 0x9b, 0xf7, 0x9c, 0xa8, 0xcb, 0x85, 0xc2, 0x46, 0xac, 0x93, 0x07, 0x5c, 0x2a, 0x69, 0xfa,
0x28, 0xe1, 0x04, 0xa0, 0x37, 0x90, 0x55, 0xa1, 0x74, 0xb2, 0x26, 0xe9, 0xc5, 0x3f, 0x27, 0xe3,
0xf6, 0xda, 0x5e, 0x27, 0x56, 0x8c, 0x47, 0x12, 0x6b, 0xe3, 0xfa, 0x97, 0x45, 0x80, 0x19, 0x87,
0x9e, 0xc2, 0xf2, 0x40, 0xa9, 0x58, 0xfa, 0x82, 0x9e, 0x31, 0x41, 0x83, 0xe4, 0x8c, 0x45, 0x5c,
0x31, 0x2c, 0x4e, 0x49, 0xd4, 0x82, 0xdc, 0x90, 0x9f, 0x25, 0x4d, 0x2e, 0xd7, 0x5f, 0x3d, 0xa4,
0xac, 0x5e, 0x6a, 0x2f, 0x36, 0x09, 0xe8, 0x25, 0xa0, 0xe4, 0xae, 0xfc, 0x80, 0x0a, 0xc5, 0x3e,
0xb3, 0x80, 0x28, 0x6a, 0xda, 0x29, 0xe1, 0xd5, 0x64, 0xe7, 0xdd, 0x6c, 0x03, 0x6d, 0x42, 0x39,
0x16, 0x6c, 0x4c, 0x14, 0xf5, 0xf5, 0xe0, 0x73, 0x46, 0x07, 0x29, 0xf5, 0x81, 0x4e, 0xd0, 0x33,
0x58, 0x09, 0xc8, 0x7c, 0x96, 0x74, 0x16, 0x8d, 0x68, 0x39, 0x20, 0x73, 0x41, 0x12, 0x3d, 0x87,
0x55, 0x39, 0x3a, 0xbd, 0xa0, 0x81, 0xf2, 0x49, 0xa8, 0xfc, 0x88, 0x0c, 0xa9, 0x74, 0xf2, 0x66,
0xb4, 0x2b, 0xe9, 0x46, 0x33, 0x54, 0x27, 0x9a, 0x46, 0x17, 0xb0, 0x36, 0x64, 0x91, 0x6f, 0x9e,
0x6d, 0xc0, 0x43, 0x5f, 0x3f, 0x2d, 0xc6, 0x23, 0xa7, 0x60, 0xda, 0xdf, 0x7f, 0x68, 0xfb, 0xdd,
0x34, 0x07, 0xa3, 0x21, 0x8b, 0xa6, 0xe0, 0x63, 0x92, 0x69, 0x6a, 0x91, 0xeb, 0xdf, 0x6b, 0x15,
0xff, 0xbb, 0x16, 0xb9, 0xfe, 0xb5, 0xd6, 0x13, 0xa8, 0x04, 0x2c, 0x1e, 0x50, 0xe1, 0xcb, 0x11,
0xd3, 0xa3, 0x2a, 0x99, 0xfe, 0x97, 0x12, 0xd2, 0x33, 0x5c, 0xb5, 0x05, 0x85, 0xf4, 0xca, 0xd0,
0x0a, 0x94, 0xbb, 0x4d, 0xcf, 0xeb, 0xb5, 0x70, 0xa7, 0x7f, 0xd4, 0xb2, 0x17, 0x10, 0x40, 0xde,
0x7b, 0x7f, 0xdc, 0x6d, 0x1f, 0xda, 0x96, 0x5e, 0x1f, 0xf7, 0x7b, 0xfd, 0x66, 0xdb, 0xce, 0xa0,
0x35, 0xb0, 0x9b, 0xfd, 0x5e, 0xc7, 0x9f, 0x57, 0x67, 0xab, 0x1d, 0x28, 0xcf, 0x9d, 0x08, 0x2d,
0x41, 0xb1, 0xd7, 0xf6, 0x7c, 0x2d, 0xb4, 0x17, 0x50, 0xd9, 0x94, 0x19, 0xef, 0xf9, 0xbb, 0xb6,
0x35, 0x03, 0x7b, 0x76, 0x66, 0x06, 0xea, 0x76, 0x76, 0x06, 0x1a, 0x76, 0xae, 0x7a, 0x02, 0x39,
0xfd, 0x81, 0xa0, 0x47, 0x90, 0x8f, 0x46, 0xc3, 0x53, 0x2a, 0xcc, 0x6b, 0xad, 0xe0, 0x14, 0xa1,
0x75, 0x28, 0x4e, 0xe7, 0x98, 0x7e, 0x8f, 0x77, 0x18, 0x21, 0xc8, 0xe9, 0x3b, 0x4f, 0x9f, 0x9a,
0x59, 0xbf, 0x75, 0xbf, 0xde, 0x6e, 0x58, 0x37, 0xb7, 0x1b, 0xd6, 0xf7, 0xdb, 0x0d, 0xeb, 0xd3,
0x56, 0x32, 0x6a, 0xc6, 0x6b, 0x24, 0x66, 0xb5, 0x3f, 0xfc, 0xcf, 0x4e, 0xf3, 0x26, 0xad, 0xf1,
0x23, 0x00, 0x00, 0xff, 0xff, 0xd1, 0xda, 0x86, 0xea, 0xed, 0x04, 0x00, 0x00,
}

17
networking/v1alpha3/gateway.proto
View File

@ -250,8 +250,9 @@ message Server {
// TLS modes enforced by the proxy
enum TLSmode {
// Forward the connection to the upstream server selected based on
// the SNI string presented by the client.
// The SNI string presented by the client will be used as the match
// criterion in a VirtualService TLS route to determine the
// destination service from the service registry.
PASSTHROUGH = 0;
// Secure connections with standard TLS semantics.
@ -260,6 +261,18 @@ message Server {
// Secure connections to the upstream using mutual TLS by presenting
// client certificates for authentication.
MUTUAL = 2;
// Similar to the passthrough mode, except servers with this TLS mode
// do not require an associated VirtualService to map from the SNI
// value to service in the registry. The destination details such as
// the service/subset/port are encoded in the SNI value. The proxy
// will forward to the upstream (Envoy) cluster (a group of
// endpoints) specified by the SNI value. This server is typically
// used to provide connectivity between services in disparate L3
// networks that otherwise do not have direct connectivity between
// their respective endpoints. Use of this mode assumes that both the
// source and the destination are using Istio mTLS to secure traffic.
AUTO_PASSTHROUGH = 3;
};
// Optional: Indicates whether connections to this port should be

70
networking/v1alpha3/istio.networking.v1alpha3.pb.html
View File

@ -2683,8 +2683,9 @@ Otherwise default to the default cipher list supported by Envoy.</p>
<tr id="Server-TLSOptions-TLSmode-PASSTHROUGH">
<td><code>PASSTHROUGH</code></td>
<td>
<p>Forward the connection to the upstream server selected based on
the SNI string presented by the client.</p>
<p>The SNI string presented by the client will be used as the match
criterion in a VirtualService TLS route to determine the
destination service from the service registry.</p>
</td>
</tr>
@ -2701,6 +2702,22 @@ the SNI string presented by the client.</p>
<p>Secure connections to the upstream using mutual TLS by presenting
client certificates for authentication.</p>
</td>
</tr>
<tr id="Server-TLSOptions-TLSmode-AUTO_PASSTHROUGH">
<td><code>AUTO_PASSTHROUGH</code></td>
<td>
<p>Similar to the passthrough mode, except servers with this TLS mode
do not require an associated VirtualService to map from the SNI
value to service in the registry. The destination details such as
the service/subset/port are encoded in the SNI value. The proxy
will forward to the upstream (Envoy) cluster (a group of
endpoints) specified by the SNI value. This server is typically
used to provide connectivity between services in disparate L3
networks that otherwise do not have direct connectivity between
their respective endpoints. Use of this mode assumes that both the
source and the destination are using Istio mTLS to secure traffic.</p>
</td>
</tr>
</tbody>
@ -2776,7 +2793,7 @@ spec:
ports:
- number: 443
name: https
protocol: HTTPS
protocol: TLS
resolution: DNS
</code></pre>
@ -2989,7 +3006,7 @@ to uniquely identify the destination.</p>
<td><code>string[]</code></td>
<td>
<p>The virtual IP addresses associated with the service. Could be CIDR
prefix. For HTTP services, the addresses field will be ignored and
prefix. For HTTP services, the addresses field will be ignored and
the destination will be identified based on the HTTP Host/Authority
header. For non-HTTP protocols such as mongo/opaque TCP/even HTTPS,
the hosts will be ignored. If one or more IP addresses are specified,
@ -3087,6 +3104,45 @@ service. Do not use for unix:// addresses.</p>
<td>
<p>One or more labels associated with the endpoint.</p>
</td>
</tr>
<tr id="ServiceEntry-Endpoint-network">
<td><code>network</code></td>
<td><code>string</code></td>
<td>
<p>Network enables Istio to group endpoints resident in the same L3
domain/network. All endpoints in the same network are assumed to be
directly reachable from one another. When endpoints in different
networks cannot reach each other directly, an Istio Gateway can be
used to establish connectivity (usually using the
AUTO_PASSTHROUGH mode in a Gateway Server). This is
an advanced configuration used typically for spanning an Istio mesh
over multiple clusters.</p>
</td>
</tr>
<tr id="ServiceEntry-Endpoint-locality">
<td><code>locality</code></td>
<td><code>string</code></td>
<td>
<p>The locality associated with the endpoint. A locality corresponds
to a failure domain (e.g., country/region/zone). Arbitrary failure
domain hierarchies can be represented by separating each
encapsulating failure domain by /. For example, the locality of an
an endpoint in US, in US-East-1 region, within availability zone
az-1, in data center rack r11 can be represented as
us/us-east-1/az-1/r11. Istio will configure the sidecar to route to
endpoints within the same locality as the sidecar. If none of the
endpoints in the locality are available, endpoints parent locality
(but within the same network ID) will be chosen. For example, if
there are two endpoints in same network (networkID &ldquo;n1&rdquo;), say e1
with locality us/us-east-1/az-1/r11 and e2 with locality
us/us-east-1/az-2/r12, a sidecar from us/us-east-1/az-1/r11 locality
will prefer e1 from the same locality over e2 from a different
locality. Endpoint e2 could be the IP associated with a gateway
(that bridges networks n1 and n2), or the IP associated with a
standard service endpoint.</p>
</td>
</tr>
</tbody>
@ -3598,8 +3654,7 @@ Should be empty if mode is <code>ISTIO_MUTUAL</code>.</p>
<td>
<p>A list of alternate names to verify the subject identity in the
certificate. If specified, the proxy will verify that the server
certificate&rsquo;s subject alt name matches one of the specified values.
Should be empty if mode is <code>ISTIO_MUTUAL</code>.</p>
certificate&rsquo;s subject alt name matches one of the specified values.</p>
</td>
</tr>
@ -3607,8 +3662,7 @@ Should be empty if mode is <code>ISTIO_MUTUAL</code>.</p>
<td><code>sni</code></td>
<td><code>string</code></td>
<td>
<p>SNI string to present to the server during TLS handshake.
Should be empty if mode is <code>ISTIO_MUTUAL</code>.</p>
<p>SNI string to present to the server during TLS handshake.</p>
</td>
</tr>

183
networking/v1alpha3/service_entry.pb.go
View File

@ -170,7 +170,7 @@ func (ServiceEntry_Resolution) EnumDescriptor() ([]byte, []int) {
// ports:
// - number: 443
// name: https
// protocol: HTTPS
// protocol: TLS
// resolution: DNS
// ```
//
@ -372,7 +372,7 @@ type ServiceEntry struct {
// to uniquely identify the destination.
Hosts []string `protobuf:"bytes,1,rep,name=hosts" json:"hosts,omitempty"`
// The virtual IP addresses associated with the service. Could be CIDR
// prefix. For HTTP services, the addresses field will be ignored and
// prefix. For HTTP services, the addresses field will be ignored and
// the destination will be identified based on the HTTP Host/Authority
// header. For non-HTTP protocols such as mongo/opaque TCP/even HTTPS,
// the hosts will be ignored. If one or more IP addresses are specified,
@ -463,6 +463,33 @@ type ServiceEntry_Endpoint struct {
Ports map[string]uint32 `protobuf:"bytes,2,rep,name=ports" json:"ports,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"varint,2,opt,name=value,proto3"`
// One or more labels associated with the endpoint.
Labels map[string]string `protobuf:"bytes,3,rep,name=labels" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
// Network enables Istio to group endpoints resident in the same L3
// domain/network. All endpoints in the same network are assumed to be
// directly reachable from one another. When endpoints in different
// networks cannot reach each other directly, an Istio Gateway can be
// used to establish connectivity (usually using the
// AUTO_PASSTHROUGH mode in a Gateway Server). This is
// an advanced configuration used typically for spanning an Istio mesh
// over multiple clusters.
Network string `protobuf:"bytes,4,opt,name=network,proto3" json:"network,omitempty"`
// The locality associated with the endpoint. A locality corresponds
// to a failure domain (e.g., country/region/zone). Arbitrary failure
// domain hierarchies can be represented by separating each
// encapsulating failure domain by /. For example, the locality of an
// an endpoint in US, in US-East-1 region, within availability zone
// az-1, in data center rack r11 can be represented as
// us/us-east-1/az-1/r11. Istio will configure the sidecar to route to
// endpoints within the same locality as the sidecar. If none of the
// endpoints in the locality are available, endpoints parent locality
// (but within the same network ID) will be chosen. For example, if
// there are two endpoints in same network (networkID "n1"), say e1
// with locality us/us-east-1/az-1/r11 and e2 with locality
// us/us-east-1/az-2/r12, a sidecar from us/us-east-1/az-1/r11 locality
// will prefer e1 from the same locality over e2 from a different
// locality. Endpoint e2 could be the IP associated with a gateway
// (that bridges networks n1 and n2), or the IP associated with a
// standard service endpoint.
Locality string `protobuf:"bytes,5,opt,name=locality,proto3" json:"locality,omitempty"`
}
func (m *ServiceEntry_Endpoint) Reset() { *m = ServiceEntry_Endpoint{} }
@ -493,6 +520,20 @@ func (m *ServiceEntry_Endpoint) GetLabels() map[string]string {
return nil
}
func (m *ServiceEntry_Endpoint) GetNetwork() string {
if m != nil {
return m.Network
}
return ""
}
func (m *ServiceEntry_Endpoint) GetLocality() string {
if m != nil {
return m.Locality
}
return ""
}
func init() {
proto.RegisterType((*ServiceEntry)(nil), "istio.networking.v1alpha3.ServiceEntry")
proto.RegisterType((*ServiceEntry_Endpoint)(nil), "istio.networking.v1alpha3.ServiceEntry.Endpoint")
@ -635,6 +676,18 @@ func (m *ServiceEntry_Endpoint) MarshalTo(dAtA []byte) (int, error) {
i += copy(dAtA[i:], v)
}
}
if len(m.Network) > 0 {
dAtA[i] = 0x22
i++
i = encodeVarintServiceEntry(dAtA, i, uint64(len(m.Network)))
i += copy(dAtA[i:], m.Network)
}
if len(m.Locality) > 0 {
dAtA[i] = 0x2a
i++
i = encodeVarintServiceEntry(dAtA, i, uint64(len(m.Locality)))
i += copy(dAtA[i:], m.Locality)
}
return i, nil
}
@ -706,6 +759,14 @@ func (m *ServiceEntry_Endpoint) Size() (n int) {
n += mapEntrySize + 1 + sovServiceEntry(uint64(mapEntrySize))
}
}
l = len(m.Network)
if l > 0 {
n += 1 + l + sovServiceEntry(uint64(l))
}
l = len(m.Locality)
if l > 0 {
n += 1 + l + sovServiceEntry(uint64(l))
}
return n
}
@ -1213,6 +1274,64 @@ func (m *ServiceEntry_Endpoint) Unmarshal(dAtA []byte) error {
}
m.Labels[mapkey] = mapvalue
iNdEx = postIndex
case 4:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Network", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowServiceEntry
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthServiceEntry
}
postIndex := iNdEx + intStringLen
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Network = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 5:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Locality", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowServiceEntry
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthServiceEntry
}
postIndex := iNdEx + intStringLen
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Locality = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipServiceEntry(dAtA[iNdEx:])
@ -1342,33 +1461,35 @@ var (
func init() { proto.RegisterFile("networking/v1alpha3/service_entry.proto", fileDescriptorServiceEntry) }
var fileDescriptorServiceEntry = []byte{
// 448 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x93, 0xcf, 0x6e, 0xd4, 0x30,
0x10, 0xc6, 0xeb, 0xa4, 0x9b, 0x6e, 0xa6, 0x14, 0x05, 0x8b, 0x83, 0x59, 0xa1, 0x25, 0xec, 0x85,
0x48, 0x48, 0xd9, 0xb2, 0x15, 0x52, 0xf9, 0x73, 0x29, 0x10, 0x89, 0x4a, 0x4b, 0x00, 0x6f, 0x0e,
0x88, 0x4b, 0xe5, 0x76, 0xad, 0xd6, 0x6a, 0x14, 0x47, 0xb6, 0xbb, 0x55, 0x9f, 0x82, 0x77, 0xe2,
0xc4, 0x91, 0x47, 0x40, 0xfb, 0x24, 0x68, 0x9d, 0x64, 0x93, 0x43, 0xa1, 0xed, 0x2d, 0x33, 0x99,
0xef, 0x37, 0xe3, 0x6f, 0x6c, 0x78, 0x56, 0x70, 0x73, 0x29, 0xd5, 0xb9, 0x28, 0x4e, 0xc7, 0x8b,
0x17, 0x2c, 0x2f, 0xcf, 0xd8, 0xde, 0x58, 0x73, 0xb5, 0x10, 0x27, 0xfc, 0x88, 0x17, 0x46, 0x5d,
0xc5, 0xa5, 0x92, 0x46, 0xe2, 0x47, 0x42, 0x1b, 0x21, 0xe3, 0xb6, 0x3c, 0x6e, 0xca, 0x07, 0x4f,
0xaf, 0x63, 0x9c, 0x32, 0xc3, 0x2f, 0x59, 0xad, 0x1e, 0xfd, 0xf0, 0xe0, 0xde, 0xac, 0xa2, 0x26,
0x2b, 0x28, 0x7e, 0x08, 0xbd, 0x33, 0xa9, 0x8d, 0x26, 0x28, 0x74, 0x23, 0x9f, 0x56, 0x01, 0x7e,
0x0c, 0x3e, 0x9b, 0xcf, 0x15, 0xd7, 0x9a, 0x6b, 0xe2, 0xd8, 0x3f, 0x6d, 0x02, 0xbf, 0x84, 0x5e,
0x29, 0x95, 0xd1, 0xc4, 0x0d, 0xdd, 0x68, 0x7b, 0xf2, 0x24, 0xfe, 0xe7, 0x48, 0xf1, 0x17, 0xa9,
0x0c, 0xad, 0xaa, 0xf1, 0x14, 0xfa, 0xb9, 0x3c, 0x61, 0x46, 0xc8, 0x82, 0x6c, 0x86, 0x28, 0xba,
0x3f, 0xd9, 0xfd, 0x8f, 0xb2, 0x3b, 0x65, 0x3c, 0xad, 0x75, 0x74, 0x4d, 0xc0, 0x14, 0x40, 0x71,
0x2d, 0xf3, 0x0b, 0xcb, 0xeb, 0x59, 0xde, 0xe4, 0xb6, 0x3c, 0xba, 0x56, 0xd2, 0x0e, 0x05, 0xa7,
0xe0, 0xf3, 0x62, 0x5e, 0x4a, 0x51, 0x18, 0x4d, 0x3c, 0x7b, 0xb8, 0x5b, 0x8f, 0x98, 0xd4, 0x42,
0xda, 0x22, 0x06, 0x3f, 0x1d, 0xe8, 0x37, 0x79, 0x4c, 0x60, 0xab, 0xb6, 0x90, 0xa0, 0x10, 0x45,
0x3e, 0x6d, 0x42, 0xfc, 0xb5, 0xf1, 0xd3, 0xb1, 0x2d, 0xdf, 0xdc, 0xb5, 0xa5, 0x75, 0x59, 0xdb,
0x5c, 0xe3, 0x75, 0x06, 0x5e, 0xce, 0x8e, 0x79, 0xde, 0xec, 0xe8, 0xed, 0x9d, 0x99, 0x53, 0x2b,
0xaf, 0xa0, 0x35, 0x6b, 0xb0, 0x0f, 0xd0, 0xb6, 0xc2, 0x01, 0xb8, 0xe7, 0xfc, 0xaa, 0x3e, 0xcc,
0xea, 0x73, 0x75, 0x99, 0x16, 0x2c, 0xbf, 0xe0, 0xc4, 0x09, 0x51, 0xb4, 0x43, 0xab, 0xe0, 0xb5,
0xb3, 0x8f, 0x06, 0xaf, 0x60, 0xbb, 0x03, 0xbc, 0x49, 0xea, 0x77, 0xa4, 0xa3, 0x5d, 0xe8, 0x37,
0xeb, 0xc7, 0x0f, 0x60, 0xe7, 0x53, 0x32, 0xfb, 0x78, 0x94, 0x7c, 0xcb, 0x12, 0x9a, 0x1e, 0x4c,
0x83, 0x8d, 0x75, 0xea, 0x30, 0xad, 0x53, 0x68, 0xf4, 0x1c, 0xa0, 0x5d, 0x30, 0xee, 0xc3, 0x66,
0xfa, 0x39, 0x4d, 0x82, 0x0d, 0x0c, 0xe0, 0xcd, 0xb2, 0x83, 0xec, 0xf0, 0x7d, 0x80, 0xf0, 0x16,
0xb8, 0x1f, 0xd2, 0x59, 0xe0, 0xbc, 0x8b, 0x7f, 0x2d, 0x87, 0xe8, 0xf7, 0x72, 0x88, 0xfe, 0x2c,
0x87, 0xe8, 0x7b, 0x58, 0xd9, 0x24, 0xe4, 0x98, 0x95, 0x62, 0x7c, 0xcd, 0x7b, 0x3a, 0xf6, 0xec,
0x43, 0xda, 0xfb, 0x1b, 0x00, 0x00, 0xff, 0xff, 0x9f, 0xa1, 0x1e, 0x0c, 0xb1, 0x03, 0x00, 0x00,
// 469 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x93, 0xcf, 0x6f, 0xd3, 0x30,
0x14, 0xc7, 0xe7, 0x64, 0xcd, 0x9a, 0x37, 0x86, 0x82, 0xc5, 0x21, 0x44, 0xa8, 0x84, 0x5e, 0x88,
0x84, 0x94, 0x8e, 0x4e, 0x48, 0xe3, 0xc7, 0x65, 0x40, 0x24, 0x26, 0x95, 0x00, 0x6e, 0x0f, 0x88,
0xcb, 0xe4, 0xad, 0xd6, 0x66, 0x2d, 0x8a, 0xa3, 0xd8, 0xeb, 0xd4, 0x3f, 0x10, 0x89, 0x23, 0x7f,
0x02, 0xea, 0x5f, 0xc1, 0x11, 0xd5, 0xb1, 0x9b, 0x1e, 0x06, 0x5b, 0x6f, 0x79, 0x2f, 0xef, 0xfb,
0xf1, 0xf3, 0xf7, 0x3d, 0xc3, 0xb3, 0x92, 0xa9, 0x6b, 0x51, 0x5f, 0xf2, 0xf2, 0x7c, 0x30, 0x7b,
0x41, 0x8b, 0xea, 0x82, 0x1e, 0x0c, 0x24, 0xab, 0x67, 0xfc, 0x8c, 0x9d, 0xb0, 0x52, 0xd5, 0xf3,
0xb4, 0xaa, 0x85, 0x12, 0xf8, 0x11, 0x97, 0x8a, 0x8b, 0xb4, 0x2d, 0x4f, 0x6d, 0x79, 0xf4, 0xf4,
0x26, 0xc6, 0x39, 0x55, 0xec, 0x9a, 0x1a, 0x75, 0xff, 0x87, 0x07, 0xf7, 0xc6, 0x0d, 0x35, 0x5b,
0x42, 0xf1, 0x43, 0xe8, 0x5c, 0x08, 0xa9, 0x64, 0x88, 0x62, 0x37, 0xf1, 0x49, 0x13, 0xe0, 0xc7,
0xe0, 0xd3, 0xe9, 0xb4, 0x66, 0x52, 0x32, 0x19, 0x3a, 0xfa, 0x4f, 0x9b, 0xc0, 0x2f, 0xa1, 0x53,
0x89, 0x5a, 0xc9, 0xd0, 0x8d, 0xdd, 0x64, 0x77, 0xf8, 0x24, 0xfd, 0x67, 0x4b, 0xe9, 0x17, 0x51,
0x2b, 0xd2, 0x54, 0xe3, 0x11, 0x74, 0x0b, 0x71, 0x46, 0x15, 0x17, 0x65, 0xb8, 0x1d, 0xa3, 0xe4,
0xfe, 0x70, 0xff, 0x3f, 0xca, 0xf5, 0x2e, 0xd3, 0x91, 0xd1, 0x91, 0x15, 0x01, 0x13, 0x80, 0x9a,
0x49, 0x51, 0x5c, 0x69, 0x5e, 0x47, 0xf3, 0x86, 0x77, 0xe5, 0x91, 0x95, 0x92, 0xac, 0x51, 0x70,
0x0e, 0x3e, 0x2b, 0xa7, 0x95, 0xe0, 0xa5, 0x92, 0xa1, 0xa7, 0x2f, 0x77, 0xe7, 0x16, 0x33, 0x23,
0x24, 0x2d, 0x22, 0xfa, 0xe3, 0x40, 0xd7, 0xe6, 0x71, 0x08, 0x3b, 0xc6, 0xc2, 0x10, 0xc5, 0x28,
0xf1, 0x89, 0x0d, 0xf1, 0x57, 0xeb, 0xa7, 0xa3, 0x8f, 0x7c, 0xb3, 0xe9, 0x91, 0xda, 0x65, 0xa9,
0x73, 0xd6, 0xeb, 0x09, 0x78, 0x05, 0x3d, 0x65, 0x85, 0x9d, 0xd1, 0xdb, 0x8d, 0x99, 0x23, 0x2d,
0x6f, 0xa0, 0x86, 0xb5, 0xbc, 0x82, 0x01, 0xe8, 0x01, 0xfa, 0xc4, 0x86, 0x38, 0x6a, 0x66, 0x5b,
0x70, 0x35, 0xd7, 0xb3, 0xf0, 0xc9, 0x2a, 0x8e, 0x0e, 0x01, 0xda, 0x06, 0x71, 0x00, 0xee, 0x25,
0x9b, 0x1b, 0x0b, 0x96, 0x9f, 0xcb, 0x15, 0x9c, 0xd1, 0xe2, 0x8a, 0x85, 0x4e, 0x8c, 0x92, 0x3d,
0xd2, 0x04, 0xaf, 0x9d, 0x43, 0x14, 0xbd, 0x82, 0xdd, 0xb5, 0x36, 0x6e, 0x93, 0xfa, 0x6b, 0xd2,
0xfe, 0x3e, 0x74, 0xed, 0xd2, 0xe0, 0x07, 0xb0, 0xf7, 0x29, 0x1b, 0x7f, 0x3c, 0xc9, 0xbe, 0x4d,
0x32, 0x92, 0x1f, 0x8d, 0x82, 0xad, 0x55, 0xea, 0x38, 0x37, 0x29, 0xd4, 0x7f, 0x0e, 0xd0, 0xae,
0x05, 0xee, 0xc2, 0x76, 0xfe, 0x39, 0xcf, 0x82, 0x2d, 0x0c, 0xe0, 0x8d, 0x27, 0x47, 0x93, 0xe3,
0xf7, 0x01, 0xc2, 0x3b, 0xe0, 0x7e, 0xc8, 0xc7, 0x81, 0xf3, 0x2e, 0xfd, 0xb9, 0xe8, 0xa1, 0x5f,
0x8b, 0x1e, 0xfa, 0xbd, 0xe8, 0xa1, 0xef, 0x71, 0x63, 0x2e, 0x17, 0x03, 0x5a, 0xf1, 0xc1, 0x0d,
0xaf, 0xf0, 0xd4, 0xd3, 0xcf, 0xef, 0xe0, 0x6f, 0x00, 0x00, 0x00, 0xff, 0xff, 0x61, 0xa8, 0x99,
0x48, 0xe7, 0x03, 0x00, 0x00,
}

33
networking/v1alpha3/service_entry.proto
View File

@ -91,7 +91,7 @@ option go_package = "istio.io/api/networking/v1alpha3";
// ports:
// - number: 443
// name: https
// protocol: HTTPS
// protocol: TLS
// resolution: DNS
// ```
//
@ -294,7 +294,7 @@ message ServiceEntry {
repeated string hosts = 1;
// The virtual IP addresses associated with the service. Could be CIDR
// prefix. For HTTP services, the addresses field will be ignored and
// prefix. For HTTP services, the addresses field will be ignored and
// the destination will be identified based on the HTTP Host/Authority
// header. For non-HTTP protocols such as mongo/opaque TCP/even HTTPS,
// the hosts will be ignored. If one or more IP addresses are specified,
@ -390,6 +390,35 @@ message ServiceEntry {
// One or more labels associated with the endpoint.
map<string, string> labels = 3;
// Network enables Istio to group endpoints resident in the same L3
// domain/network. All endpoints in the same network are assumed to be
// directly reachable from one another. When endpoints in different
// networks cannot reach each other directly, an Istio Gateway can be
// used to establish connectivity (usually using the
// AUTO_PASSTHROUGH mode in a Gateway Server). This is
// an advanced configuration used typically for spanning an Istio mesh
// over multiple clusters.
string network = 4;
// The locality associated with the endpoint. A locality corresponds
// to a failure domain (e.g., country/region/zone). Arbitrary failure
// domain hierarchies can be represented by separating each
// encapsulating failure domain by /. For example, the locality of an
// an endpoint in US, in US-East-1 region, within availability zone
// az-1, in data center rack r11 can be represented as
// us/us-east-1/az-1/r11. Istio will configure the sidecar to route to
// endpoints within the same locality as the sidecar. If none of the
// endpoints in the locality are available, endpoints parent locality
// (but within the same network ID) will be chosen. For example, if
// there are two endpoints in same network (networkID "n1"), say e1
// with locality us/us-east-1/az-1/r11 and e2 with locality
// us/us-east-1/az-2/r12, a sidecar from us/us-east-1/az-1/r11 locality
// will prefer e1 from the same locality over e2 from a different
// locality. Endpoint e2 could be the IP associated with a gateway
// (that bridges networks n1 and n2), or the IP associated with a
// standard service endpoint.
string locality = 5;
};
// One or more endpoints associated with the service.

20
python/istio_api/networking/v1alpha3/gateway_pb2.py
View File

@ -19,7 +19,7 @@ DESCRIPTOR = _descriptor.FileDescriptor(
name='networking/v1alpha3/gateway.proto',
package='istio.networking.v1alpha3',
syntax='proto3',
serialized_pb=_b('\n!networking/v1alpha3/gateway.proto\x12\x19istio.networking.v1alpha3\"\xb2\x01\n\x07Gateway\x12\x32\n\x07servers\x18\x01 \x03(\x0b\x32!.istio.networking.v1alpha3.Server\x12\x42\n\x08selector\x18\x02 \x03(\x0b\x32\x30.istio.networking.v1alpha3.Gateway.SelectorEntry\x1a/\n\rSelectorEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"\x9d\x05\n\x06Server\x12-\n\x04port\x18\x01 \x01(\x0b\x32\x1f.istio.networking.v1alpha3.Port\x12\r\n\x05hosts\x18\x02 \x03(\t\x12\x39\n\x03tls\x18\x03 \x01(\x0b\x32,.istio.networking.v1alpha3.Server.TLSOptions\x1a\x99\x04\n\nTLSOptions\x12\x16\n\x0ehttps_redirect\x18\x01 \x01(\x08\x12\x42\n\x04mode\x18\x02 \x01(\x0e\x32\x34.istio.networking.v1alpha3.Server.TLSOptions.TLSmode\x12\x1a\n\x12server_certificate\x18\x03 \x01(\t\x12\x13\n\x0bprivate_key\x18\x04 \x01(\t\x12\x17\n\x0f\x63\x61_certificates\x18\x05 \x01(\t\x12\x19\n\x11subject_alt_names\x18\x06 \x03(\t\x12V\n\x14min_protocol_version\x18\x07 \x01(\x0e\x32\x38.istio.networking.v1alpha3.Server.TLSOptions.TLSProtocol\x12V\n\x14max_protocol_version\x18\x08 \x01(\x0e\x32\x38.istio.networking.v1alpha3.Server.TLSOptions.TLSProtocol\x12\x15\n\rcipher_suites\x18\t \x03(\t\"2\n\x07TLSmode\x12\x0f\n\x0bPASSTHROUGH\x10\x00\x12\n\n\x06SIMPLE\x10\x01\x12\n\n\x06MUTUAL\x10\x02\"O\n\x0bTLSProtocol\x12\x0c\n\x08TLS_AUTO\x10\x00\x12\x0b\n\x07TLSv1_0\x10\x01\x12\x0b\n\x07TLSv1_1\x10\x02\x12\x0b\n\x07TLSv1_2\x10\x03\x12\x0b\n\x07TLSv1_3\x10\x04\"6\n\x04Port\x12\x0e\n\x06number\x18\x01 \x01(\r\x12\x10\n\x08protocol\x18\x02 \x01(\t\x12\x0c\n\x04name\x18\x03 \x01(\tB\"Z istio.io/api/networking/v1alpha3b\x06proto3')
serialized_pb=_b('\n!networking/v1alpha3/gateway.proto\x12\x19istio.networking.v1alpha3\"\xb2\x01\n\x07Gateway\x12\x32\n\x07servers\x18\x01 \x03(\x0b\x32!.istio.networking.v1alpha3.Server\x12\x42\n\x08selector\x18\x02 \x03(\x0b\x32\x30.istio.networking.v1alpha3.Gateway.SelectorEntry\x1a/\n\rSelectorEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"\xb3\x05\n\x06Server\x12-\n\x04port\x18\x01 \x01(\x0b\x32\x1f.istio.networking.v1alpha3.Port\x12\r\n\x05hosts\x18\x02 \x03(\t\x12\x39\n\x03tls\x18\x03 \x01(\x0b\x32,.istio.networking.v1alpha3.Server.TLSOptions\x1a\xaf\x04\n\nTLSOptions\x12\x16\n\x0ehttps_redirect\x18\x01 \x01(\x08\x12\x42\n\x04mode\x18\x02 \x01(\x0e\x32\x34.istio.networking.v1alpha3.Server.TLSOptions.TLSmode\x12\x1a\n\x12server_certificate\x18\x03 \x01(\t\x12\x13\n\x0bprivate_key\x18\x04 \x01(\t\x12\x17\n\x0f\x63\x61_certificates\x18\x05 \x01(\t\x12\x19\n\x11subject_alt_names\x18\x06 \x03(\t\x12V\n\x14min_protocol_version\x18\x07 \x01(\x0e\x32\x38.istio.networking.v1alpha3.Server.TLSOptions.TLSProtocol\x12V\n\x14max_protocol_version\x18\x08 \x01(\x0e\x32\x38.istio.networking.v1alpha3.Server.TLSOptions.TLSProtocol\x12\x15\n\rcipher_suites\x18\t \x03(\t\"H\n\x07TLSmode\x12\x0f\n\x0bPASSTHROUGH\x10\x00\x12\n\n\x06SIMPLE\x10\x01\x12\n\n\x06MUTUAL\x10\x02\x12\x14\n\x10\x41UTO_PASSTHROUGH\x10\x03\"O\n\x0bTLSProtocol\x12\x0c\n\x08TLS_AUTO\x10\x00\x12\x0b\n\x07TLSv1_0\x10\x01\x12\x0b\n\x07TLSv1_1\x10\x02\x12\x0b\n\x07TLSv1_2\x10\x03\x12\x0b\n\x07TLSv1_3\x10\x04\"6\n\x04Port\x12\x0e\n\x06number\x18\x01 \x01(\r\x12\x10\n\x08protocol\x18\x02 \x01(\t\x12\x0c\n\x04name\x18\x03 \x01(\tB\"Z istio.io/api/networking/v1alpha3b\x06proto3')
)
@ -42,11 +42,15 @@ _SERVER_TLSOPTIONS_TLSMODE = _descriptor.EnumDescriptor(
name='MUTUAL', index=2, number=2,
options=None,
type=None),
_descriptor.EnumValueDescriptor(
name='AUTO_PASSTHROUGH', index=3, number=3,
options=None,
type=None),
],
containing_type=None,
options=None,
serialized_start=784,
serialized_end=834,
serialized_end=856,
)
_sym_db.RegisterEnumDescriptor(_SERVER_TLSOPTIONS_TLSMODE)
@ -79,8 +83,8 @@ _SERVER_TLSOPTIONS_TLSPROTOCOL = _descriptor.EnumDescriptor(
],
containing_type=None,
options=None,
serialized_start=836,
serialized_end=915,
serialized_start=858,
serialized_end=937,
)
_sym_db.RegisterEnumDescriptor(_SERVER_TLSOPTIONS_TLSPROTOCOL)
@ -245,7 +249,7 @@ _SERVER_TLSOPTIONS = _descriptor.Descriptor(
oneofs=[
],
serialized_start=378,
serialized_end=915,
serialized_end=937,
)
_SERVER = _descriptor.Descriptor(
@ -289,7 +293,7 @@ _SERVER = _descriptor.Descriptor(
oneofs=[
],
serialized_start=246,
serialized_end=915,
serialized_end=937,
)
@ -333,8 +337,8 @@ _PORT = _descriptor.Descriptor(
extension_ranges=[],
oneofs=[
],
serialized_start=917,
serialized_end=971,
serialized_start=939,
serialized_end=993,
)
_GATEWAY_SELECTORENTRY.containing_type = _GATEWAY

36
python/istio_api/networking/v1alpha3/service_entry_pb2.py
View File

@ -20,7 +20,7 @@ DESCRIPTOR = _descriptor.FileDescriptor(
name='networking/v1alpha3/service_entry.proto',
package='istio.networking.v1alpha3',
syntax='proto3',
serialized_pb=_b('\n\'networking/v1alpha3/service_entry.proto\x12\x19istio.networking.v1alpha3\x1a!networking/v1alpha3/gateway.proto\"\xa5\x05\n\x0cServiceEntry\x12\r\n\x05hosts\x18\x01 \x03(\t\x12\x11\n\taddresses\x18\x02 \x03(\t\x12.\n\x05ports\x18\x03 \x03(\x0b\x32\x1f.istio.networking.v1alpha3.Port\x12\x42\n\x08location\x18\x04 \x01(\x0e\x32\x30.istio.networking.v1alpha3.ServiceEntry.Location\x12\x46\n\nresolution\x18\x05 \x01(\x0e\x32\x32.istio.networking.v1alpha3.ServiceEntry.Resolution\x12\x43\n\tendpoints\x18\x06 \x03(\x0b\x32\x30.istio.networking.v1alpha3.ServiceEntry.Endpoint\x1a\x92\x02\n\x08\x45ndpoint\x12\x0f\n\x07\x61\x64\x64ress\x18\x01 \x01(\t\x12J\n\x05ports\x18\x02 \x03(\x0b\x32;.istio.networking.v1alpha3.ServiceEntry.Endpoint.PortsEntry\x12L\n\x06labels\x18\x03 \x03(\x0b\x32<.istio.networking.v1alpha3.ServiceEntry.Endpoint.LabelsEntry\x1a,\n\nPortsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\r:\x02\x38\x01\x1a-\n\x0bLabelsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"0\n\x08Location\x12\x11\n\rMESH_EXTERNAL\x10\x00\x12\x11\n\rMESH_INTERNAL\x10\x01\"+\n\nResolution\x12\x08\n\x04NONE\x10\x00\x12\n\n\x06STATIC\x10\x01\x12\x07\n\x03\x44NS\x10\x02\x42\"Z istio.io/api/networking/v1alpha3b\x06proto3')
serialized_pb=_b('\n\'networking/v1alpha3/service_entry.proto\x12\x19istio.networking.v1alpha3\x1a!networking/v1alpha3/gateway.proto\"\xc8\x05\n\x0cServiceEntry\x12\r\n\x05hosts\x18\x01 \x03(\t\x12\x11\n\taddresses\x18\x02 \x03(\t\x12.\n\x05ports\x18\x03 \x03(\x0b\x32\x1f.istio.networking.v1alpha3.Port\x12\x42\n\x08location\x18\x04 \x01(\x0e\x32\x30.istio.networking.v1alpha3.ServiceEntry.Location\x12\x46\n\nresolution\x18\x05 \x01(\x0e\x32\x32.istio.networking.v1alpha3.ServiceEntry.Resolution\x12\x43\n\tendpoints\x18\x06 \x03(\x0b\x32\x30.istio.networking.v1alpha3.ServiceEntry.Endpoint\x1a\xb5\x02\n\x08\x45ndpoint\x12\x0f\n\x07\x61\x64\x64ress\x18\x01 \x01(\t\x12J\n\x05ports\x18\x02 \x03(\x0b\x32;.istio.networking.v1alpha3.ServiceEntry.Endpoint.PortsEntry\x12L\n\x06labels\x18\x03 \x03(\x0b\x32<.istio.networking.v1alpha3.ServiceEntry.Endpoint.LabelsEntry\x12\x0f\n\x07network\x18\x04 \x01(\t\x12\x10\n\x08locality\x18\x05 \x01(\t\x1a,\n\nPortsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\r:\x02\x38\x01\x1a-\n\x0bLabelsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"0\n\x08Location\x12\x11\n\rMESH_EXTERNAL\x10\x00\x12\x11\n\rMESH_INTERNAL\x10\x01\"+\n\nResolution\x12\x08\n\x04NONE\x10\x00\x12\n\n\x06STATIC\x10\x01\x12\x07\n\x03\x44NS\x10\x02\x42\"Z istio.io/api/networking/v1alpha3b\x06proto3')
,
dependencies=[networking_dot_v1alpha3_dot_gateway__pb2.DESCRIPTOR,])
@ -43,8 +43,8 @@ _SERVICEENTRY_LOCATION = _descriptor.EnumDescriptor(
],
containing_type=None,
options=None,
serialized_start=690,
serialized_end=738,
serialized_start=725,
serialized_end=773,
)
_sym_db.RegisterEnumDescriptor(_SERVICEENTRY_LOCATION)
@ -69,8 +69,8 @@ _SERVICEENTRY_RESOLUTION = _descriptor.EnumDescriptor(
],
containing_type=None,
options=None,
serialized_start=740,
serialized_end=783,
serialized_start=775,
serialized_end=818,
)
_sym_db.RegisterEnumDescriptor(_SERVICEENTRY_RESOLUTION)
@ -108,8 +108,8 @@ _SERVICEENTRY_ENDPOINT_PORTSENTRY = _descriptor.Descriptor(
extension_ranges=[],
oneofs=[
],
serialized_start=597,
serialized_end=641,
serialized_start=632,
serialized_end=676,
)
_SERVICEENTRY_ENDPOINT_LABELSENTRY = _descriptor.Descriptor(
@ -145,8 +145,8 @@ _SERVICEENTRY_ENDPOINT_LABELSENTRY = _descriptor.Descriptor(
extension_ranges=[],
oneofs=[
],
serialized_start=643,
serialized_end=688,
serialized_start=678,
serialized_end=723,
)
_SERVICEENTRY_ENDPOINT = _descriptor.Descriptor(
@ -177,6 +177,20 @@ _SERVICEENTRY_ENDPOINT = _descriptor.Descriptor(
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='network', full_name='istio.networking.v1alpha3.ServiceEntry.Endpoint.network', index=3,
number=4, type=9, cpp_type=9, label=1,
has_default_value=False, default_value=_b("").decode('utf-8'),
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='locality', full_name='istio.networking.v1alpha3.ServiceEntry.Endpoint.locality', index=4,
number=5, type=9, cpp_type=9, label=1,
has_default_value=False, default_value=_b("").decode('utf-8'),
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
options=None, file=DESCRIPTOR),
],
extensions=[
],
@ -190,7 +204,7 @@ _SERVICEENTRY_ENDPOINT = _descriptor.Descriptor(
oneofs=[
],
serialized_start=414,
serialized_end=688,
serialized_end=723,
)
_SERVICEENTRY = _descriptor.Descriptor(
@ -257,7 +271,7 @@ _SERVICEENTRY = _descriptor.Descriptor(
oneofs=[
],
serialized_start=106,
serialized_end=783,
serialized_end=818,
)
_SERVICEENTRY_ENDPOINT_PORTSENTRY.containing_type = _SERVICEENTRY_ENDPOINT