istio
/
api
mirror of https://github.com/istio/api.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Networking APIs graduation to v1 (#3111) 

* bump networking apis to v1

Signed-off-by: whitneygriffith <whitney.griffith16@gmail.com>

* set storageVersion as v1beta1

Signed-off-by: whitneygriffith <whitney.griffith16@gmail.com>

* Add release notes

Signed-off-by: whitneygriffith <whitney.griffith16@gmail.com>

* Update release notes

Signed-off-by: whitneygriffith <whitney.griffith16@gmail.com>

* make gen

Signed-off-by: whitneygriffith <whitney.griffith16@gmail.com>

* Remove ProxyConfig v1

Signed-off-by: whitneygriffith <whitney.griffith16@gmail.com>

* update release notes

Signed-off-by: whitneygriffith <whitney.griffith16@gmail.com>

* Remove update notes

Signed-off-by: whitneygriffith <whitney.griffith16@gmail.com>

---------

Signed-off-by: whitneygriffith <whitney.griffith16@gmail.com>
This commit is contained in:
Whitney Griffith 2024-03-15 13:52:50 -04:00 committed by GitHub
parent a2735a8e37
commit 2b0bfde445
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
58 changed files with 23090 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3434
kubernetes/customresourcedefinitions.gen.yaml generated
View File

File diff suppressed because it is too large Load Diff

3399
networking/v1/destination_rule.pb.go generated Normal file
View File

File diff suppressed because it is too large Load Diff

1056
networking/v1/destination_rule.proto Normal file
View File

File diff suppressed because it is too large Load Diff

426
networking/v1/destination_rule_deepcopy.gen.go generated Normal file
View File

@ -0,0 +1,426 @@
// Code generated by protoc-gen-deepcopy. DO NOT EDIT.
package v1
import (
proto "google.golang.org/protobuf/proto"
)
// DeepCopyInto supports using DestinationRule within kubernetes types, where deepcopy-gen is used.
func (in *DestinationRule) DeepCopyInto(out *DestinationRule) {
p := proto.Clone(in).(*DestinationRule)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DestinationRule. Required by controller-gen.
func (in *DestinationRule) DeepCopy() *DestinationRule {
if in == nil {
return nil
}
out := new(DestinationRule)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new DestinationRule. Required by controller-gen.
func (in *DestinationRule) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using TrafficPolicy within kubernetes types, where deepcopy-gen is used.
func (in *TrafficPolicy) DeepCopyInto(out *TrafficPolicy) {
p := proto.Clone(in).(*TrafficPolicy)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrafficPolicy. Required by controller-gen.
func (in *TrafficPolicy) DeepCopy() *TrafficPolicy {
if in == nil {
return nil
}
out := new(TrafficPolicy)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new TrafficPolicy. Required by controller-gen.
func (in *TrafficPolicy) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using TrafficPolicy_PortTrafficPolicy within kubernetes types, where deepcopy-gen is used.
func (in *TrafficPolicy_PortTrafficPolicy) DeepCopyInto(out *TrafficPolicy_PortTrafficPolicy) {
p := proto.Clone(in).(*TrafficPolicy_PortTrafficPolicy)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrafficPolicy_PortTrafficPolicy. Required by controller-gen.
func (in *TrafficPolicy_PortTrafficPolicy) DeepCopy() *TrafficPolicy_PortTrafficPolicy {
if in == nil {
return nil
}
out := new(TrafficPolicy_PortTrafficPolicy)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new TrafficPolicy_PortTrafficPolicy. Required by controller-gen.
func (in *TrafficPolicy_PortTrafficPolicy) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using TrafficPolicy_TunnelSettings within kubernetes types, where deepcopy-gen is used.
func (in *TrafficPolicy_TunnelSettings) DeepCopyInto(out *TrafficPolicy_TunnelSettings) {
p := proto.Clone(in).(*TrafficPolicy_TunnelSettings)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrafficPolicy_TunnelSettings. Required by controller-gen.
func (in *TrafficPolicy_TunnelSettings) DeepCopy() *TrafficPolicy_TunnelSettings {
if in == nil {
return nil
}
out := new(TrafficPolicy_TunnelSettings)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new TrafficPolicy_TunnelSettings. Required by controller-gen.
func (in *TrafficPolicy_TunnelSettings) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using TrafficPolicy_ProxyProtocol within kubernetes types, where deepcopy-gen is used.
func (in *TrafficPolicy_ProxyProtocol) DeepCopyInto(out *TrafficPolicy_ProxyProtocol) {
p := proto.Clone(in).(*TrafficPolicy_ProxyProtocol)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrafficPolicy_ProxyProtocol. Required by controller-gen.
func (in *TrafficPolicy_ProxyProtocol) DeepCopy() *TrafficPolicy_ProxyProtocol {
if in == nil {
return nil
}
out := new(TrafficPolicy_ProxyProtocol)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new TrafficPolicy_ProxyProtocol. Required by controller-gen.
func (in *TrafficPolicy_ProxyProtocol) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using Subset within kubernetes types, where deepcopy-gen is used.
func (in *Subset) DeepCopyInto(out *Subset) {
p := proto.Clone(in).(*Subset)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Subset. Required by controller-gen.
func (in *Subset) DeepCopy() *Subset {
if in == nil {
return nil
}
out := new(Subset)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Subset. Required by controller-gen.
func (in *Subset) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using LoadBalancerSettings within kubernetes types, where deepcopy-gen is used.
func (in *LoadBalancerSettings) DeepCopyInto(out *LoadBalancerSettings) {
p := proto.Clone(in).(*LoadBalancerSettings)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerSettings. Required by controller-gen.
func (in *LoadBalancerSettings) DeepCopy() *LoadBalancerSettings {
if in == nil {
return nil
}
out := new(LoadBalancerSettings)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerSettings. Required by controller-gen.
func (in *LoadBalancerSettings) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using LoadBalancerSettings_ConsistentHashLB within kubernetes types, where deepcopy-gen is used.
func (in *LoadBalancerSettings_ConsistentHashLB) DeepCopyInto(out *LoadBalancerSettings_ConsistentHashLB) {
p := proto.Clone(in).(*LoadBalancerSettings_ConsistentHashLB)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerSettings_ConsistentHashLB. Required by controller-gen.
func (in *LoadBalancerSettings_ConsistentHashLB) DeepCopy() *LoadBalancerSettings_ConsistentHashLB {
if in == nil {
return nil
}
out := new(LoadBalancerSettings_ConsistentHashLB)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerSettings_ConsistentHashLB. Required by controller-gen.
func (in *LoadBalancerSettings_ConsistentHashLB) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using LoadBalancerSettings_ConsistentHashLB_RingHash within kubernetes types, where deepcopy-gen is used.
func (in *LoadBalancerSettings_ConsistentHashLB_RingHash) DeepCopyInto(out *LoadBalancerSettings_ConsistentHashLB_RingHash) {
p := proto.Clone(in).(*LoadBalancerSettings_ConsistentHashLB_RingHash)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerSettings_ConsistentHashLB_RingHash. Required by controller-gen.
func (in *LoadBalancerSettings_ConsistentHashLB_RingHash) DeepCopy() *LoadBalancerSettings_ConsistentHashLB_RingHash {
if in == nil {
return nil
}
out := new(LoadBalancerSettings_ConsistentHashLB_RingHash)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerSettings_ConsistentHashLB_RingHash. Required by controller-gen.
func (in *LoadBalancerSettings_ConsistentHashLB_RingHash) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using LoadBalancerSettings_ConsistentHashLB_MagLev within kubernetes types, where deepcopy-gen is used.
func (in *LoadBalancerSettings_ConsistentHashLB_MagLev) DeepCopyInto(out *LoadBalancerSettings_ConsistentHashLB_MagLev) {
p := proto.Clone(in).(*LoadBalancerSettings_ConsistentHashLB_MagLev)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerSettings_ConsistentHashLB_MagLev. Required by controller-gen.
func (in *LoadBalancerSettings_ConsistentHashLB_MagLev) DeepCopy() *LoadBalancerSettings_ConsistentHashLB_MagLev {
if in == nil {
return nil
}
out := new(LoadBalancerSettings_ConsistentHashLB_MagLev)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerSettings_ConsistentHashLB_MagLev. Required by controller-gen.
func (in *LoadBalancerSettings_ConsistentHashLB_MagLev) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using LoadBalancerSettings_ConsistentHashLB_HTTPCookie within kubernetes types, where deepcopy-gen is used.
func (in *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) DeepCopyInto(out *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) {
p := proto.Clone(in).(*LoadBalancerSettings_ConsistentHashLB_HTTPCookie)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerSettings_ConsistentHashLB_HTTPCookie. Required by controller-gen.
func (in *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) DeepCopy() *LoadBalancerSettings_ConsistentHashLB_HTTPCookie {
if in == nil {
return nil
}
out := new(LoadBalancerSettings_ConsistentHashLB_HTTPCookie)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerSettings_ConsistentHashLB_HTTPCookie. Required by controller-gen.
func (in *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using ConnectionPoolSettings within kubernetes types, where deepcopy-gen is used.
func (in *ConnectionPoolSettings) DeepCopyInto(out *ConnectionPoolSettings) {
p := proto.Clone(in).(*ConnectionPoolSettings)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionPoolSettings. Required by controller-gen.
func (in *ConnectionPoolSettings) DeepCopy() *ConnectionPoolSettings {
if in == nil {
return nil
}
out := new(ConnectionPoolSettings)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionPoolSettings. Required by controller-gen.
func (in *ConnectionPoolSettings) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using ConnectionPoolSettings_TCPSettings within kubernetes types, where deepcopy-gen is used.
func (in *ConnectionPoolSettings_TCPSettings) DeepCopyInto(out *ConnectionPoolSettings_TCPSettings) {
p := proto.Clone(in).(*ConnectionPoolSettings_TCPSettings)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionPoolSettings_TCPSettings. Required by controller-gen.
func (in *ConnectionPoolSettings_TCPSettings) DeepCopy() *ConnectionPoolSettings_TCPSettings {
if in == nil {
return nil
}
out := new(ConnectionPoolSettings_TCPSettings)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionPoolSettings_TCPSettings. Required by controller-gen.
func (in *ConnectionPoolSettings_TCPSettings) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using ConnectionPoolSettings_TCPSettings_TcpKeepalive within kubernetes types, where deepcopy-gen is used.
func (in *ConnectionPoolSettings_TCPSettings_TcpKeepalive) DeepCopyInto(out *ConnectionPoolSettings_TCPSettings_TcpKeepalive) {
p := proto.Clone(in).(*ConnectionPoolSettings_TCPSettings_TcpKeepalive)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionPoolSettings_TCPSettings_TcpKeepalive. Required by controller-gen.
func (in *ConnectionPoolSettings_TCPSettings_TcpKeepalive) DeepCopy() *ConnectionPoolSettings_TCPSettings_TcpKeepalive {
if in == nil {
return nil
}
out := new(ConnectionPoolSettings_TCPSettings_TcpKeepalive)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionPoolSettings_TCPSettings_TcpKeepalive. Required by controller-gen.
func (in *ConnectionPoolSettings_TCPSettings_TcpKeepalive) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using ConnectionPoolSettings_HTTPSettings within kubernetes types, where deepcopy-gen is used.
func (in *ConnectionPoolSettings_HTTPSettings) DeepCopyInto(out *ConnectionPoolSettings_HTTPSettings) {
p := proto.Clone(in).(*ConnectionPoolSettings_HTTPSettings)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionPoolSettings_HTTPSettings. Required by controller-gen.
func (in *ConnectionPoolSettings_HTTPSettings) DeepCopy() *ConnectionPoolSettings_HTTPSettings {
if in == nil {
return nil
}
out := new(ConnectionPoolSettings_HTTPSettings)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionPoolSettings_HTTPSettings. Required by controller-gen.
func (in *ConnectionPoolSettings_HTTPSettings) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using OutlierDetection within kubernetes types, where deepcopy-gen is used.
func (in *OutlierDetection) DeepCopyInto(out *OutlierDetection) {
p := proto.Clone(in).(*OutlierDetection)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OutlierDetection. Required by controller-gen.
func (in *OutlierDetection) DeepCopy() *OutlierDetection {
if in == nil {
return nil
}
out := new(OutlierDetection)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new OutlierDetection. Required by controller-gen.
func (in *OutlierDetection) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using ClientTLSSettings within kubernetes types, where deepcopy-gen is used.
func (in *ClientTLSSettings) DeepCopyInto(out *ClientTLSSettings) {
p := proto.Clone(in).(*ClientTLSSettings)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientTLSSettings. Required by controller-gen.
func (in *ClientTLSSettings) DeepCopy() *ClientTLSSettings {
if in == nil {
return nil
}
out := new(ClientTLSSettings)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ClientTLSSettings. Required by controller-gen.
func (in *ClientTLSSettings) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using LocalityLoadBalancerSetting within kubernetes types, where deepcopy-gen is used.
func (in *LocalityLoadBalancerSetting) DeepCopyInto(out *LocalityLoadBalancerSetting) {
p := proto.Clone(in).(*LocalityLoadBalancerSetting)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalityLoadBalancerSetting. Required by controller-gen.
func (in *LocalityLoadBalancerSetting) DeepCopy() *LocalityLoadBalancerSetting {
if in == nil {
return nil
}
out := new(LocalityLoadBalancerSetting)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new LocalityLoadBalancerSetting. Required by controller-gen.
func (in *LocalityLoadBalancerSetting) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using LocalityLoadBalancerSetting_Distribute within kubernetes types, where deepcopy-gen is used.
func (in *LocalityLoadBalancerSetting_Distribute) DeepCopyInto(out *LocalityLoadBalancerSetting_Distribute) {
p := proto.Clone(in).(*LocalityLoadBalancerSetting_Distribute)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalityLoadBalancerSetting_Distribute. Required by controller-gen.
func (in *LocalityLoadBalancerSetting_Distribute) DeepCopy() *LocalityLoadBalancerSetting_Distribute {
if in == nil {
return nil
}
out := new(LocalityLoadBalancerSetting_Distribute)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new LocalityLoadBalancerSetting_Distribute. Required by controller-gen.
func (in *LocalityLoadBalancerSetting_Distribute) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using LocalityLoadBalancerSetting_Failover within kubernetes types, where deepcopy-gen is used.
func (in *LocalityLoadBalancerSetting_Failover) DeepCopyInto(out *LocalityLoadBalancerSetting_Failover) {
p := proto.Clone(in).(*LocalityLoadBalancerSetting_Failover)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalityLoadBalancerSetting_Failover. Required by controller-gen.
func (in *LocalityLoadBalancerSetting_Failover) DeepCopy() *LocalityLoadBalancerSetting_Failover {
if in == nil {
return nil
}
out := new(LocalityLoadBalancerSetting_Failover)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new LocalityLoadBalancerSetting_Failover. Required by controller-gen.
func (in *LocalityLoadBalancerSetting_Failover) DeepCopyInterface() interface{} {
return in.DeepCopy()
}

232
networking/v1/destination_rule_json.gen.go generated Normal file
View File

@ -0,0 +1,232 @@
// Code generated by protoc-gen-jsonshim. DO NOT EDIT.
package v1
import (
bytes "bytes"
jsonpb "github.com/golang/protobuf/jsonpb"
)
// MarshalJSON is a custom marshaler for DestinationRule
func (this *DestinationRule) MarshalJSON() ([]byte, error) {
str, err := DestinationRuleMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for DestinationRule
func (this *DestinationRule) UnmarshalJSON(b []byte) error {
return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for TrafficPolicy
func (this *TrafficPolicy) MarshalJSON() ([]byte, error) {
str, err := DestinationRuleMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for TrafficPolicy
func (this *TrafficPolicy) UnmarshalJSON(b []byte) error {
return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for TrafficPolicy_PortTrafficPolicy
func (this *TrafficPolicy_PortTrafficPolicy) MarshalJSON() ([]byte, error) {
str, err := DestinationRuleMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for TrafficPolicy_PortTrafficPolicy
func (this *TrafficPolicy_PortTrafficPolicy) UnmarshalJSON(b []byte) error {
return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for TrafficPolicy_TunnelSettings
func (this *TrafficPolicy_TunnelSettings) MarshalJSON() ([]byte, error) {
str, err := DestinationRuleMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for TrafficPolicy_TunnelSettings
func (this *TrafficPolicy_TunnelSettings) UnmarshalJSON(b []byte) error {
return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for TrafficPolicy_ProxyProtocol
func (this *TrafficPolicy_ProxyProtocol) MarshalJSON() ([]byte, error) {
str, err := DestinationRuleMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for TrafficPolicy_ProxyProtocol
func (this *TrafficPolicy_ProxyProtocol) UnmarshalJSON(b []byte) error {
return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for Subset
func (this *Subset) MarshalJSON() ([]byte, error) {
str, err := DestinationRuleMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for Subset
func (this *Subset) UnmarshalJSON(b []byte) error {
return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for LoadBalancerSettings
func (this *LoadBalancerSettings) MarshalJSON() ([]byte, error) {
str, err := DestinationRuleMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for LoadBalancerSettings
func (this *LoadBalancerSettings) UnmarshalJSON(b []byte) error {
return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for LoadBalancerSettings_ConsistentHashLB
func (this *LoadBalancerSettings_ConsistentHashLB) MarshalJSON() ([]byte, error) {
str, err := DestinationRuleMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for LoadBalancerSettings_ConsistentHashLB
func (this *LoadBalancerSettings_ConsistentHashLB) UnmarshalJSON(b []byte) error {
return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for LoadBalancerSettings_ConsistentHashLB_RingHash
func (this *LoadBalancerSettings_ConsistentHashLB_RingHash) MarshalJSON() ([]byte, error) {
str, err := DestinationRuleMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for LoadBalancerSettings_ConsistentHashLB_RingHash
func (this *LoadBalancerSettings_ConsistentHashLB_RingHash) UnmarshalJSON(b []byte) error {
return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for LoadBalancerSettings_ConsistentHashLB_MagLev
func (this *LoadBalancerSettings_ConsistentHashLB_MagLev) MarshalJSON() ([]byte, error) {
str, err := DestinationRuleMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for LoadBalancerSettings_ConsistentHashLB_MagLev
func (this *LoadBalancerSettings_ConsistentHashLB_MagLev) UnmarshalJSON(b []byte) error {
return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for LoadBalancerSettings_ConsistentHashLB_HTTPCookie
func (this *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) MarshalJSON() ([]byte, error) {
str, err := DestinationRuleMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for LoadBalancerSettings_ConsistentHashLB_HTTPCookie
func (this *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) UnmarshalJSON(b []byte) error {
return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for ConnectionPoolSettings
func (this *ConnectionPoolSettings) MarshalJSON() ([]byte, error) {
str, err := DestinationRuleMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for ConnectionPoolSettings
func (this *ConnectionPoolSettings) UnmarshalJSON(b []byte) error {
return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for ConnectionPoolSettings_TCPSettings
func (this *ConnectionPoolSettings_TCPSettings) MarshalJSON() ([]byte, error) {
str, err := DestinationRuleMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for ConnectionPoolSettings_TCPSettings
func (this *ConnectionPoolSettings_TCPSettings) UnmarshalJSON(b []byte) error {
return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for ConnectionPoolSettings_TCPSettings_TcpKeepalive
func (this *ConnectionPoolSettings_TCPSettings_TcpKeepalive) MarshalJSON() ([]byte, error) {
str, err := DestinationRuleMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for ConnectionPoolSettings_TCPSettings_TcpKeepalive
func (this *ConnectionPoolSettings_TCPSettings_TcpKeepalive) UnmarshalJSON(b []byte) error {
return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for ConnectionPoolSettings_HTTPSettings
func (this *ConnectionPoolSettings_HTTPSettings) MarshalJSON() ([]byte, error) {
str, err := DestinationRuleMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for ConnectionPoolSettings_HTTPSettings
func (this *ConnectionPoolSettings_HTTPSettings) UnmarshalJSON(b []byte) error {
return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for OutlierDetection
func (this *OutlierDetection) MarshalJSON() ([]byte, error) {
str, err := DestinationRuleMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for OutlierDetection
func (this *OutlierDetection) UnmarshalJSON(b []byte) error {
return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for ClientTLSSettings
func (this *ClientTLSSettings) MarshalJSON() ([]byte, error) {
str, err := DestinationRuleMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for ClientTLSSettings
func (this *ClientTLSSettings) UnmarshalJSON(b []byte) error {
return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for LocalityLoadBalancerSetting
func (this *LocalityLoadBalancerSetting) MarshalJSON() ([]byte, error) {
str, err := DestinationRuleMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for LocalityLoadBalancerSetting
func (this *LocalityLoadBalancerSetting) UnmarshalJSON(b []byte) error {
return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for LocalityLoadBalancerSetting_Distribute
func (this *LocalityLoadBalancerSetting_Distribute) MarshalJSON() ([]byte, error) {
str, err := DestinationRuleMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for LocalityLoadBalancerSetting_Distribute
func (this *LocalityLoadBalancerSetting_Distribute) UnmarshalJSON(b []byte) error {
return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for LocalityLoadBalancerSetting_Failover
func (this *LocalityLoadBalancerSetting_Failover) MarshalJSON() ([]byte, error) {
str, err := DestinationRuleMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for LocalityLoadBalancerSetting_Failover
func (this *LocalityLoadBalancerSetting_Failover) UnmarshalJSON(b []byte) error {
return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
var (
DestinationRuleMarshaler = &jsonpb.Marshaler{}
DestinationRuleUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true}
)

1178
networking/v1/gateway.pb.go generated Normal file
View File

File diff suppressed because it is too large Load Diff

544
networking/v1/gateway.proto Normal file
View File

@ -0,0 +1,544 @@
// Copyright 2020 Istio Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
import "google/api/field_behavior.proto";
// $schema: istio.networking.v1.Gateway
// $title: Gateway
// $description: Configuration affecting edge load balancer.
// $location: https://istio.io/docs/reference/config/networking/gateway.html
// $aliases: [/docs/reference/config/networking/v1/gateway]
// $mode: none
// `Gateway` describes a load balancer operating at the edge of the mesh
// receiving incoming or outgoing HTTP/TCP connections. The specification
// describes a set of ports that should be exposed, the type of protocol to
// use, SNI configuration for the load balancer, etc.
//
// For example, the following Gateway configuration sets up a proxy to act
// as a load balancer exposing port 80 and 9080 (http), 443 (https),
// 9443(https) and port 2379 (TCP) for ingress. The gateway will be
// applied to the proxy running on a pod with labels `app:
// my-gateway-controller`. While Istio will configure the proxy to listen
// on these ports, it is the responsibility of the user to ensure that
// external traffic to these ports are allowed into the mesh.
//
// ```yaml
// apiVersion: networking.istio.io/v1
// kind: Gateway
// metadata:
// name: my-gateway
// namespace: some-config-namespace
// spec:
// selector:
// app: my-gateway-controller
// servers:
// - port:
// number: 80
// name: http
// protocol: HTTP
// hosts:
// - uk.bookinfo.com
// - eu.bookinfo.com
// tls:
// httpsRedirect: true # sends 301 redirect for http requests
// - port:
// number: 443
// name: https-443
// protocol: HTTPS
// hosts:
// - uk.bookinfo.com
// - eu.bookinfo.com
// tls:
// mode: SIMPLE # enables HTTPS on this port
// serverCertificate: /etc/certs/servercert.pem
// privateKey: /etc/certs/privatekey.pem
// - port:
// number: 9443
// name: https-9443
// protocol: HTTPS
// hosts:
// - "bookinfo-namespace/*.bookinfo.com"
// tls:
// mode: SIMPLE # enables HTTPS on this port
// credentialName: bookinfo-secret # fetches certs from Kubernetes secret
// - port:
// number: 9080
// name: http-wildcard
// protocol: HTTP
// hosts:
// - "*"
// - port:
// number: 2379 # to expose internal service via external port 2379
// name: mongo
// protocol: MONGO
// hosts:
// - "*"
// ```
//
// The Gateway specification above describes the L4-L6 properties of a load
// balancer. A `VirtualService` can then be bound to a gateway to control
// the forwarding of traffic arriving at a particular host or gateway port.
//
// For example, the following VirtualService splits traffic for
// `https://uk.bookinfo.com/reviews`, `https://eu.bookinfo.com/reviews`,
// `http://uk.bookinfo.com:9080/reviews`,
// `http://eu.bookinfo.com:9080/reviews` into two versions (prod and qa) of
// an internal reviews service on port 9080. In addition, requests
// containing the cookie "user: dev-123" will be sent to special port 7777
// in the qa version. The same rule is also applicable inside the mesh for
// requests to the "reviews.prod.svc.cluster.local" service. This rule is
// applicable across ports 443, 9080. Note that `http://uk.bookinfo.com`
// gets redirected to `https://uk.bookinfo.com` (i.e. 80 redirects to 443).
//
// ```yaml
// apiVersion: networking.istio.io/v1
// kind: VirtualService
// metadata:
// name: bookinfo-rule
// namespace: bookinfo-namespace
// spec:
// hosts:
// - reviews.prod.svc.cluster.local
// - uk.bookinfo.com
// - eu.bookinfo.com
// gateways:
// - some-config-namespace/my-gateway
// - mesh # applies to all the sidecars in the mesh
// http:
// - match:
// - headers:
// cookie:
// exact: "user=dev-123"
// route:
// - destination:
// port:
// number: 7777
// host: reviews.qa.svc.cluster.local
// - match:
// - uri:
// prefix: /reviews/
// route:
// - destination:
// port:
// number: 9080 # can be omitted if it's the only port for reviews
// host: reviews.prod.svc.cluster.local
// weight: 80
// - destination:
// host: reviews.qa.svc.cluster.local
// weight: 20
// ```
//
// The following VirtualService forwards traffic arriving at (external)
// port 27017 to internal Mongo server on port 5555. This rule is not
// applicable internally in the mesh as the gateway list omits the
// reserved name `mesh`.
//
// ```yaml
// apiVersion: networking.istio.io/v1
// kind: VirtualService
// metadata:
// name: bookinfo-mongo
// namespace: bookinfo-namespace
// spec:
// hosts:
// - mongosvr.prod.svc.cluster.local # name of internal Mongo service
// gateways:
// - some-config-namespace/my-gateway # can omit the namespace if gateway is in same namespace as virtual service.
// tcp:
// - match:
// - port: 27017
// route:
// - destination:
// host: mongo.prod.svc.cluster.local
// port:
// number: 5555
// ```
//
// It is possible to restrict the set of virtual services that can bind to
// a gateway server using the namespace/hostname syntax in the hosts field.
// For example, the following Gateway allows any virtual service in the ns1
// namespace to bind to it, while restricting only the virtual service with
// foo.bar.com host in the ns2 namespace to bind to it.
//
// ```yaml
// apiVersion: networking.istio.io/v1
// kind: Gateway
// metadata:
// name: my-gateway
// namespace: some-config-namespace
// spec:
// selector:
// app: my-gateway-controller
// servers:
// - port:
// number: 80
// name: http
// protocol: HTTP
// hosts:
// - "ns1/*"
// - "ns2/foo.bar.com"
// ```
package istio.networking.v1;
option go_package = "istio.io/api/networking/v1";
// Gateway describes a load balancer operating at the edge of the mesh
// receiving incoming or outgoing HTTP/TCP connections.
//
// <!-- crd generation tags
// +cue-gen:Gateway:groupName:networking.istio.io
// +cue-gen:Gateway:version:v1
// +cue-gen:Gateway:annotations:helm.sh/resource-policy=keep
// +cue-gen:Gateway:labels:app=istio-pilot,chart=istio,heritage=Tiller,release=istio
// +cue-gen:Gateway:subresource:status
// +cue-gen:Gateway:scope:Namespaced
// +cue-gen:Gateway:resource:categories=istio-io,networking-istio-io,shortNames=gw
// +cue-gen:Gateway:preserveUnknownFields:false
// -->
//
// <!-- go code generation tags
// +kubetype-gen
// +kubetype-gen:groupVersion=networking.istio.io/v1
// +genclient
// +k8s:deepcopy-gen=true
// -->
// <!-- istio code generation tags
// +istio.io/sync-from:networking/v1alpha3/gateway.proto
// -->
message Gateway {
// A list of server specifications.
repeated Server servers = 1;
// One or more labels that indicate a specific set of pods/VMs
// on which this gateway configuration should be applied.
// By default workloads are searched across all namespaces based on label selectors.
// This implies that a gateway resource in the namespace "foo" can select pods in
// the namespace "bar" based on labels.
// This behavior can be controlled via the `PILOT_SCOPE_GATEWAY_TO_NAMESPACE`
// environment variable in istiod. If this variable is set
// to true, the scope of label search is restricted to the configuration
// namespace in which the the resource is present. In other words, the Gateway
// resource must reside in the same namespace as the gateway workload
// instance.
// If selector is nil, the Gateway will be applied to all workloads.
map<string, string> selector = 2;
}
// `Server` describes the properties of the proxy on a given load balancer
// port. For example,
//
// ```yaml
// apiVersion: networking.istio.io/v1beta1
// kind: Gateway
// metadata:
// name: my-ingress
// spec:
// selector:
// app: my-ingressgateway
// servers:
// - port:
// number: 80
// name: http2
// protocol: HTTP2
// hosts:
// - "*"
// ```
//
// Another example
//
// ```yaml
// apiVersion: networking.istio.io/v1beta1
// kind: Gateway
// metadata:
// name: my-tcp-ingress
// spec:
// selector:
// app: my-tcp-ingressgateway
// servers:
// - port:
// number: 27018
// name: mongo
// protocol: MONGO
// hosts:
// - "*"
// ```
//
// The following is an example of TLS configuration for port 443
//
// ```yaml
// apiVersion: networking.istio.io/v1beta1
// kind: Gateway
// metadata:
// name: my-tls-ingress
// spec:
// selector:
// app: my-tls-ingressgateway
// servers:
// - port:
// number: 443
// name: https
// protocol: HTTPS
// hosts:
// - "*"
// tls:
// mode: SIMPLE
// credentialName: tls-cert
// ```
//
message Server {
// The Port on which the proxy should listen for incoming
// connections.
Port port = 1 [(google.api.field_behavior) = REQUIRED];
// The ip or the Unix domain socket to which the listener should be bound
// to. Format: `x.x.x.x` or `unix:///path/to/uds` or `unix://@foobar`
// (Linux abstract namespace). When using Unix domain sockets, the port
// number should be 0.
// This can be used to restrict the reachability of this server to be gateway internal only.
// This is typically used when a gateway needs to communicate to another mesh service
// e.g. publishing metrics. In such case, the server created with the
// specified bind will not be available to external gateway clients.
string bind = 4;
// One or more hosts exposed by this gateway.
// While typically applicable to
// HTTP services, it can also be used for TCP services using TLS with SNI.
// A host is specified as a `dnsName` with an optional `namespace/` prefix.
// The `dnsName` should be specified using FQDN format, optionally including
// a wildcard character in the left-most component (e.g., `prod/*.example.com`).
// Set the `dnsName` to `*` to select all `VirtualService` hosts from the
// specified namespace (e.g.,`prod/*`).
//
// The `namespace` can be set to `*` or `.`, representing any or the current
// namespace, respectively. For example, `*/foo.example.com` selects the
// service from any available namespace while `./foo.example.com` only selects
// the service from the namespace of the sidecar. The default, if no `namespace/`
// is specified, is `*/`, that is, select services from any namespace.
// Any associated `DestinationRule` in the selected namespace will also be used.
//
// A `VirtualService` must be bound to the gateway and must have one or
// more hosts that match the hosts specified in a server. The match
// could be an exact match or a suffix match with the server's hosts. For
// example, if the server's hosts specifies `*.example.com`, a
// `VirtualService` with hosts `dev.example.com` or `prod.example.com` will
// match. However, a `VirtualService` with host `example.com` or
// `newexample.com` will not match.
//
// NOTE: Only virtual services exported to the gateway's namespace
// (e.g., `exportTo` value of `*`) can be referenced.
// Private configurations (e.g., `exportTo` set to `.`) will not be
// available. Refer to the `exportTo` setting in `VirtualService`,
// `DestinationRule`, and `ServiceEntry` configurations for details.
repeated string hosts = 2 [(google.api.field_behavior) = REQUIRED];
// Set of TLS related options that govern the server's behavior. Use
// these options to control if all http requests should be redirected to
// https, and the TLS modes to use.
ServerTLSSettings tls = 3;
// The loopback IP endpoint or Unix domain socket to which traffic should
// be forwarded to by default. Format should be `127.0.0.1:PORT` or
// `unix:///path/to/socket` or `unix://@foobar` (Linux abstract namespace).
// NOT IMPLEMENTED.
// $hide_from_docs
string default_endpoint = 5;
// An optional name of the server, when set must be unique across all servers.
// This will be used for variety of purposes like prefixing stats generated with
// this name etc.
string name = 6;
}
// Port describes the properties of a specific port of a service.
message Port {
// A valid non-negative integer port number.
uint32 number = 1 [(google.api.field_behavior) = REQUIRED];
// The protocol exposed on the port.
// MUST BE one of HTTP|HTTPS|GRPC|GRPC-WEB|HTTP2|MONGO|TCP|TLS.
// TLS can be either used to terminate non-HTTP based connections on a specific port
// or to route traffic based on SNI header to the destination without terminating the TLS connection.
string protocol = 2 [(google.api.field_behavior) = REQUIRED];
// Label assigned to the port.
string name = 3 [(google.api.field_behavior) = REQUIRED];
// The port number on the endpoint where the traffic will be
// received. Applicable only when used with ServiceEntries.
// $hide_from_docs
uint32 target_port = 4 [deprecated=true];
}
message ServerTLSSettings {
// If set to true, the load balancer will send a 301 redirect for
// all http connections, asking the clients to use HTTPS.
bool https_redirect = 1;
// TLS modes enforced by the proxy
enum TLSmode {
// The SNI string presented by the client will be used as the
// match criterion in a VirtualService TLS route to determine
// the destination service from the service registry.
PASSTHROUGH = 0;
// Secure connections with standard TLS semantics. In this mode
// client certificate is not requested during handshake.
SIMPLE = 1;
// Secure connections to the downstream using mutual TLS by
// presenting server certificates for authentication.
// A client certificate will also be requested during the handshake and
// at least one valid certificate is required to be sent by the client.
MUTUAL = 2;
// Similar to the passthrough mode, except servers with this TLS
// mode do not require an associated VirtualService to map from
// the SNI value to service in the registry. The destination
// details such as the service/subset/port are encoded in the
// SNI value. The proxy will forward to the upstream (Envoy)
// cluster (a group of endpoints) specified by the SNI
// value. This server is typically used to provide connectivity
// between services in disparate L3 networks that otherwise do
// not have direct connectivity between their respective
// endpoints. Use of this mode assumes that both the source and
// the destination are using Istio mTLS to secure traffic.
AUTO_PASSTHROUGH = 3;
// Secure connections from the downstream using mutual TLS by
// presenting server certificates for authentication. Compared
// to Mutual mode, this mode uses certificates, representing
// gateway workload identity, generated automatically by Istio
// for mTLS authentication. When this mode is used, all other
// fields in `TLSOptions` should be empty.
ISTIO_MUTUAL = 4;
// Similar to MUTUAL mode, except that the client certificate
// is optional. Unlike SIMPLE mode, A client certificate will
// still be explicitly requested during handshake, but the client
// is not required to send a certificate. If a client certificate
// is presented, it will be validated. ca_certificates should
// be specified for validating client certificates.
OPTIONAL_MUTUAL = 5;
};
// Optional: Indicates whether connections to this port should be
// secured using TLS. The value of this field determines how TLS is
// enforced.
TLSmode mode = 2;
// REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file
// holding the server-side TLS certificate to use.
string server_certificate = 3;
// REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file
// holding the server's private key.
string private_key = 4;
// REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`. The path to a file
// containing certificate authority certificates to use in verifying a presented
// client side certificate.
string ca_certificates = 5;
// OPTIONAL: The path to the file containing the certificate revocation list (CRL)
// to use in verifying a presented client side certificate. `CRL` is a list of certificates
// that have been revoked by the CA (Certificate Authority) before their scheduled expiration date.
// If specified, the proxy will verify if the presented certificate is part of the revoked list of certificates.
// If omitted, the proxy will not verify the certificate against the `crl`.
string ca_crl = 13;
// For gateways running on Kubernetes, the name of the secret that
// holds the TLS certs including the CA certificates. Applicable
// only on Kubernetes. An Opaque secret should contain the following
// keys and values: `tls.key: <privateKey>` and `tls.crt: <serverCert>` or
// `key: <privateKey>` and `cert: <serverCert>`.
// For mutual TLS, `cacert: <CACertificate>` and `crl: <CertificateRevocationList>`
// can be provided in the same secret or a separate secret named `<secret>-cacert`.
// A TLS secret for server certificates with an additional `tls.ocsp-staple` key
// for specifying OCSP staple information, `ca.crt` key for CA certificates
// and `ca.crl` for certificate revocation list is also supported.
// Only one of server certificates and CA certificate
// or credentialName can be specified.
string credential_name = 10;
// A list of alternate names to verify the subject identity in the
// certificate presented by the client.
repeated string subject_alt_names = 6;
// An optional list of base64-encoded SHA-256 hashes of the SPKIs of
// authorized client certificates.
// Note: When both verify_certificate_hash and verify_certificate_spki
// are specified, a hash matching either value will result in the
// certificate being accepted.
repeated string verify_certificate_spki = 11;
// An optional list of hex-encoded SHA-256 hashes of the
// authorized client certificates. Both simple and colon separated
// formats are acceptable.
// Note: When both verify_certificate_hash and verify_certificate_spki
// are specified, a hash matching either value will result in the
// certificate being accepted.
repeated string verify_certificate_hash = 12;
// TLS protocol versions.
enum TLSProtocol {
// Automatically choose the optimal TLS version.
TLS_AUTO = 0;
// TLS version 1.0
TLSV1_0 = 1;
// TLS version 1.1
TLSV1_1 = 2;
// TLS version 1.2
TLSV1_2 = 3;
// TLS version 1.3
TLSV1_3 = 4;
}
// Optional: Minimum TLS protocol version. By default, it is `TLSV1_2`.
// TLS protocol versions below TLSV1_2 require setting compatible ciphers with the
// `cipherSuites` setting as they no longer include compatible ciphers.
//
// Note: Using TLS protocol versions below TLSV1_2 has serious security risks.
TLSProtocol min_protocol_version = 7;
// Optional: Maximum TLS protocol version.
TLSProtocol max_protocol_version = 8;
// Optional: If specified, only support the specified cipher list.
// Otherwise default to the default cipher list supported by Envoy
// as specified [here](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto).
// The supported list of ciphers are:
// * `ECDHE-ECDSA-AES128-GCM-SHA256`
// * `ECDHE-RSA-AES128-GCM-SHA256`
// * `ECDHE-ECDSA-AES256-GCM-SHA384`
// * `ECDHE-RSA-AES256-GCM-SHA384`
// * `ECDHE-ECDSA-CHACHA20-POLY1305`
// * `ECDHE-RSA-CHACHA20-POLY1305`
// * `ECDHE-ECDSA-AES128-SHA`
// * `ECDHE-RSA-AES128-SHA`
// * `ECDHE-ECDSA-AES256-SHA`
// * `ECDHE-RSA-AES256-SHA`
// * `AES128-GCM-SHA256`
// * `AES256-GCM-SHA384`
// * `AES128-SHA`
// * `AES256-SHA`
// * `DES-CBC3-SHA`
repeated string cipher_suites = 9;
}

90
networking/v1/gateway_deepcopy.gen.go generated Normal file
View File

@ -0,0 +1,90 @@
// Code generated by protoc-gen-deepcopy. DO NOT EDIT.
package v1
import (
proto "google.golang.org/protobuf/proto"
)
// DeepCopyInto supports using Gateway within kubernetes types, where deepcopy-gen is used.
func (in *Gateway) DeepCopyInto(out *Gateway) {
p := proto.Clone(in).(*Gateway)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Gateway. Required by controller-gen.
func (in *Gateway) DeepCopy() *Gateway {
if in == nil {
return nil
}
out := new(Gateway)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Gateway. Required by controller-gen.
func (in *Gateway) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using Server within kubernetes types, where deepcopy-gen is used.
func (in *Server) DeepCopyInto(out *Server) {
p := proto.Clone(in).(*Server)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Server. Required by controller-gen.
func (in *Server) DeepCopy() *Server {
if in == nil {
return nil
}
out := new(Server)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Server. Required by controller-gen.
func (in *Server) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using Port within kubernetes types, where deepcopy-gen is used.
func (in *Port) DeepCopyInto(out *Port) {
p := proto.Clone(in).(*Port)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Port. Required by controller-gen.
func (in *Port) DeepCopy() *Port {
if in == nil {
return nil
}
out := new(Port)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Port. Required by controller-gen.
func (in *Port) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using ServerTLSSettings within kubernetes types, where deepcopy-gen is used.
func (in *ServerTLSSettings) DeepCopyInto(out *ServerTLSSettings) {
p := proto.Clone(in).(*ServerTLSSettings)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServerTLSSettings. Required by controller-gen.
func (in *ServerTLSSettings) DeepCopy() *ServerTLSSettings {
if in == nil {
return nil
}
out := new(ServerTLSSettings)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ServerTLSSettings. Required by controller-gen.
func (in *ServerTLSSettings) DeepCopyInterface() interface{} {
return in.DeepCopy()
}

56
networking/v1/gateway_json.gen.go generated Normal file
View File

@ -0,0 +1,56 @@
// Code generated by protoc-gen-jsonshim. DO NOT EDIT.
package v1
import (
bytes "bytes"
jsonpb "github.com/golang/protobuf/jsonpb"
)
// MarshalJSON is a custom marshaler for Gateway
func (this *Gateway) MarshalJSON() ([]byte, error) {
str, err := GatewayMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for Gateway
func (this *Gateway) UnmarshalJSON(b []byte) error {
return GatewayUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for Server
func (this *Server) MarshalJSON() ([]byte, error) {
str, err := GatewayMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for Server
func (this *Server) UnmarshalJSON(b []byte) error {
return GatewayUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for Port
func (this *Port) MarshalJSON() ([]byte, error) {
str, err := GatewayMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for Port
func (this *Port) UnmarshalJSON(b []byte) error {
return GatewayUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for ServerTLSSettings
func (this *ServerTLSSettings) MarshalJSON() ([]byte, error) {
str, err := GatewayMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for ServerTLSSettings
func (this *ServerTLSSettings) UnmarshalJSON(b []byte) error {
return GatewayUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
var (
GatewayMarshaler = &jsonpb.Marshaler{}
GatewayUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true}
)

1016
networking/v1/service_entry.pb.go generated Normal file
View File

File diff suppressed because it is too large Load Diff

616
networking/v1/service_entry.proto Normal file
View File

@ -0,0 +1,616 @@
// Copyright 2020 Istio Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
import "google/api/field_behavior.proto";
import "networking/v1/sidecar.proto";
import "networking/v1/workload_entry.proto";
// $schema: istio.networking.v1.ServiceEntry
// $title: Service Entry
// $description: Configuration affecting service registry.
// $location: https://istio.io/docs/reference/config/networking/service-entry.html
// $aliases: [/docs/reference/config/networking/v1/service-entry]
// $mode: none
// `ServiceEntry` enables adding additional entries into Istio's
// internal service registry, so that auto-discovered services in the
// mesh can access/route to these manually specified services. A
// service entry describes the properties of a service (DNS name,
// VIPs, ports, protocols, endpoints). These services could be
// external to the mesh (e.g., web APIs) or mesh-internal services
// that are not part of the platform's service registry (e.g., a set
// of VMs talking to services in Kubernetes). In addition, the
// endpoints of a service entry can also be dynamically selected by
// using the `workloadSelector` field. These endpoints can be VM
// workloads declared using the `WorkloadEntry` object or Kubernetes
// pods. The ability to select both pods and VMs under a single
// service allows for migration of services from VMs to Kubernetes
// without having to change the existing DNS names associated with the
// services.
//
// The following example declares a few external APIs accessed by internal
// applications over HTTPS. The sidecar inspects the SNI value in the
// ClientHello message to route to the appropriate external service.
//
// ```yaml
// apiVersion: networking.istio.io/v1
// kind: ServiceEntry
// metadata:
// name: external-svc-https
// spec:
// hosts:
// - api.dropboxapi.com
// - www.googleapis.com
// - api.facebook.com
// location: MESH_EXTERNAL
// ports:
// - number: 443
// name: https
// protocol: TLS
// resolution: DNS
// ```
//
// The following configuration adds a set of MongoDB instances running on
// unmanaged VMs to Istio's registry, so that these services can be treated
// as any other service in the mesh. The associated DestinationRule is used
// to initiate mTLS connections to the database instances.
//
// ```yaml
// apiVersion: networking.istio.io/v1
// kind: ServiceEntry
// metadata:
// name: external-svc-mongocluster
// spec:
// hosts:
// - mymongodb.somedomain # not used
// addresses:
// - 192.192.192.192/24 # VIPs
// ports:
// - number: 27018
// name: mongodb
// protocol: MONGO
// location: MESH_INTERNAL
// resolution: STATIC
// endpoints:
// - address: 2.2.2.2
// - address: 3.3.3.3
// ```
//
// and the associated DestinationRule
//
// ```yaml
// apiVersion: networking.istio.io/v1
// kind: DestinationRule
// metadata:
// name: mtls-mongocluster
// spec:
// host: mymongodb.somedomain
// trafficPolicy:
// tls:
// mode: MUTUAL
// clientCertificate: /etc/certs/myclientcert.pem
// privateKey: /etc/certs/client_private_key.pem
// caCertificates: /etc/certs/rootcacerts.pem
// ```
//
// The following example uses a combination of service entry and TLS
// routing in a virtual service to steer traffic based on the SNI value to
// an internal egress firewall.
//
// ```yaml
// apiVersion: networking.istio.io/v1
// kind: ServiceEntry
// metadata:
// name: external-svc-redirect
// spec:
// hosts:
// - wikipedia.org
// - "*.wikipedia.org"
// location: MESH_EXTERNAL
// ports:
// - number: 443
// name: https
// protocol: TLS
// resolution: NONE
// ```
//
// And the associated VirtualService to route based on the SNI value.
//
// ```yaml
// apiVersion: networking.istio.io/v1
// kind: VirtualService
// metadata:
// name: tls-routing
// spec:
// hosts:
// - wikipedia.org
// - "*.wikipedia.org"
// tls:
// - match:
// - sniHosts:
// - wikipedia.org
// - "*.wikipedia.org"
// route:
// - destination:
// host: internal-egress-firewall.ns1.svc.cluster.local
// ```
//
// The virtual service with TLS match serves to override the default SNI
// match. In the absence of a virtual service, traffic will be forwarded to
// the wikipedia domains.
//
// The following example demonstrates the use of a dedicated egress gateway
// through which all external service traffic is forwarded.
// The 'exportTo' field allows for control over the visibility of a service
// declaration to other namespaces in the mesh. By default, a service is exported
// to all namespaces. The following example restricts the visibility to the
// current namespace, represented by ".", so that it cannot be used by other
// namespaces.
//
// ```yaml
// apiVersion: networking.istio.io/v1
// kind: ServiceEntry
// metadata:
// name: external-svc-httpbin
// namespace : egress
// spec:
// hosts:
// - example.com
// exportTo:
// - "."
// location: MESH_EXTERNAL
// ports:
// - number: 80
// name: http
// protocol: HTTP
// resolution: DNS
// ```
//
// Define a gateway to handle all egress traffic.
//
// ```yaml
// apiVersion: networking.istio.io/v1
// kind: Gateway
// metadata:
// name: istio-egressgateway
// namespace: istio-system
// spec:
// selector:
// istio: egressgateway
// servers:
// - port:
// number: 80
// name: http
// protocol: HTTP
// hosts:
// - "*"
// ```
//
// And the associated `VirtualService` to route from the sidecar to the
// gateway service (`istio-egressgateway.istio-system.svc.cluster.local`), as
// well as route from the gateway to the external service. Note that the
// virtual service is exported to all namespaces enabling them to route traffic
// through the gateway to the external service. Forcing traffic to go through
// a managed middle proxy like this is a common practice.
//
// ```yaml
// apiVersion: networking.istio.io/v1
// kind: VirtualService
// metadata:
// name: gateway-routing
// namespace: egress
// spec:
// hosts:
// - example.com
// exportTo:
// - "*"
// gateways:
// - mesh
// - istio-egressgateway
// http:
// - match:
// - port: 80
// gateways:
// - mesh
// route:
// - destination:
// host: istio-egressgateway.istio-system.svc.cluster.local
// - match:
// - port: 80
// gateways:
// - istio-egressgateway
// route:
// - destination:
// host: example.com
// ```
//
// The following example demonstrates the use of wildcards in the hosts for
// external services. If the connection has to be routed to the IP address
// requested by the application (i.e. application resolves DNS and attempts
// to connect to a specific IP), the resolution mode must be set to `NONE`.
//
// ```yaml
// apiVersion: networking.istio.io/v1
// kind: ServiceEntry
// metadata:
// name: external-svc-wildcard-example
// spec:
// hosts:
// - "*.bar.com"
// location: MESH_EXTERNAL
// ports:
// - number: 80
// name: http
// protocol: HTTP
// resolution: NONE
// ```
//
// The following example demonstrates a service that is available via a
// Unix Domain Socket on the host of the client. The resolution must be
// set to STATIC to use Unix address endpoints.
//
// ```yaml
// apiVersion: networking.istio.io/v1
// kind: ServiceEntry
// metadata:
// name: unix-domain-socket-example
// spec:
// hosts:
// - "example.unix.local"
// location: MESH_EXTERNAL
// ports:
// - number: 80
// name: http
// protocol: HTTP
// resolution: STATIC
// endpoints:
// - address: unix:///var/run/example/socket
// ```
//
// For HTTP-based services, it is possible to create a `VirtualService`
// backed by multiple DNS addressable endpoints. In such a scenario, the
// application can use the `HTTP_PROXY` environment variable to transparently
// reroute API calls for the `VirtualService` to a chosen backend. For
// example, the following configuration creates a non-existent external
// service called foo.bar.com backed by three domains: us.foo.bar.com:8080,
// uk.foo.bar.com:9080, and in.foo.bar.com:7080
//
// ```yaml
// apiVersion: networking.istio.io/v1
// kind: ServiceEntry
// metadata:
// name: external-svc-dns
// spec:
// hosts:
// - foo.bar.com
// location: MESH_EXTERNAL
// ports:
// - number: 80
// name: http
// protocol: HTTP
// resolution: DNS
// endpoints:
// - address: us.foo.bar.com
// ports:
// http: 8080
// - address: uk.foo.bar.com
// ports:
// http: 9080
// - address: in.foo.bar.com
// ports:
// http: 7080
// ```
//
// With `HTTP_PROXY=http://localhost/`, calls from the application to
// `http://foo.bar.com` will be load balanced across the three domains
// specified above. In other words, a call to `http://foo.bar.com/baz` would
// be translated to `http://uk.foo.bar.com/baz`.
//
// The following example illustrates the usage of a `ServiceEntry`
// containing a subject alternate name
// whose format conforms to the [SPIFFE standard](https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md):
//
// ```yaml
// apiVersion: networking.istio.io/v1
// kind: ServiceEntry
// metadata:
// name: httpbin
// namespace : httpbin-ns
// spec:
// hosts:
// - example.com
// location: MESH_INTERNAL
// ports:
// - number: 80
// name: http
// protocol: HTTP
// resolution: STATIC
// endpoints:
// - address: 2.2.2.2
// - address: 3.3.3.3
// subjectAltNames:
// - "spiffe://cluster.local/ns/httpbin-ns/sa/httpbin-service-account"
// ```
//
// The following example demonstrates the use of `ServiceEntry` with a
// `workloadSelector` to handle the migration of a service
// `details.bookinfo.com` from VMs to Kubernetes. The service has two
// VM-based instances with sidecars as well as a set of Kubernetes
// pods managed by a standard deployment object. Consumers of this
// service in the mesh will be automatically load balanced across the
// VMs and Kubernetes.
//
// ```yaml
// apiVersion: networking.istio.io/v1
// kind: WorkloadEntry
// metadata:
// name: details-vm-1
// spec:
// serviceAccount: details
// address: 2.2.2.2
// labels:
// app: details
// instance-id: vm1
// ---
// apiVersion: networking.istio.io/v1
// kind: WorkloadEntry
// metadata:
// name: details-vm-2
// spec:
// serviceAccount: details
// address: 3.3.3.3
// labels:
// app: details
// instance-id: vm2
// ```
//
// Assuming there is also a Kubernetes deployment with pod labels
// `app: details` using the same service account `details`, the
// following service entry declares a service spanning both VMs and
// Kubernetes:
//
// ```yaml
// apiVersion: networking.istio.io/v1
// kind: ServiceEntry
// metadata:
// name: details-svc
// spec:
// hosts:
// - details.bookinfo.com
// location: MESH_INTERNAL
// ports:
// - number: 80
// name: http
// protocol: HTTP
// resolution: STATIC
// workloadSelector:
// labels:
// app: details
// ```
package istio.networking.v1;
option go_package = "istio.io/api/networking/v1";
// ServiceEntry enables adding additional entries into Istio's internal
// service registry.
//
// <!-- crd generation tags
// +cue-gen:ServiceEntry:groupName:networking.istio.io
// +cue-gen:ServiceEntry:version:v1
// +cue-gen:ServiceEntry:annotations:helm.sh/resource-policy=keep
// +cue-gen:ServiceEntry:labels:app=istio-pilot,chart=istio,heritage=Tiller,release=istio
// +cue-gen:ServiceEntry:subresource:status
// +cue-gen:ServiceEntry:scope:Namespaced
// +cue-gen:ServiceEntry:resource:categories=istio-io,networking-istio-io,shortNames=se,plural=serviceentries
// +cue-gen:ServiceEntry:printerColumn:name=Hosts,type=string,JSONPath=.spec.hosts,description="The hosts associated with the ServiceEntry"
// +cue-gen:ServiceEntry:printerColumn:name=Location,type=string,JSONPath=.spec.location,description="Whether the service is external to the
// mesh or part of the mesh (MESH_EXTERNAL or MESH_INTERNAL)"
// +cue-gen:ServiceEntry:printerColumn:name=Resolution,type=string,JSONPath=.spec.resolution,description="Service resolution mode for the hosts
// (NONE, STATIC, or DNS)"
// +cue-gen:ServiceEntry:printerColumn:name=Age,type=date,JSONPath=.metadata.creationTimestamp,description="CreationTimestamp is a timestamp
// representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations.
// Clients may not set this value. It is represented in RFC3339 form and is in UTC.
// Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata"
// +cue-gen:ServiceEntry:preserveUnknownFields:false
// -->
//
// <!-- go code generation tags
// +kubetype-gen
// +kubetype-gen:groupVersion=networking.istio.io/v1
// +genclient
// +k8s:deepcopy-gen=true
// -->
// <!-- istio code generation tags
// +istio.io/sync-from:networking/v1alpha3/service_entry.proto
// -->
message ServiceEntry {
// The hosts associated with the ServiceEntry. Could be a DNS
// name with wildcard prefix.
//
// 1. The hosts field is used to select matching hosts in VirtualServices and DestinationRules.
// 2. For HTTP traffic the HTTP Host/Authority header will be matched against the hosts field.
// 3. For HTTPs or TLS traffic containing Server Name Indication (SNI), the SNI value
// will be matched against the hosts field.
//
// **NOTE 1:** When resolution is set to type DNS and no endpoints
// are specified, the host field will be used as the DNS name of the
// endpoint to route traffic to.
//
// **NOTE 2:** If the hostname matches with the name of a service
// from another service registry such as Kubernetes that also
// supplies its own set of endpoints, the ServiceEntry will be
// treated as a decorator of the existing Kubernetes
// service. Properties in the service entry will be added to the
// Kubernetes service if applicable. Currently, only the following
// additional properties will be considered by `istiod`:
//
// 1. subjectAltNames: In addition to verifying the SANs of the
// service accounts associated with the pods of the service, the
// SANs specified here will also be verified.
//
repeated string hosts = 1 [(google.api.field_behavior) = REQUIRED];
// The virtual IP addresses associated with the service. Could be CIDR
// prefix. For HTTP traffic, generated route configurations will include http route
// domains for both the `addresses` and `hosts` field values and the destination will
// be identified based on the HTTP Host/Authority header.
// If one or more IP addresses are specified,
// the incoming traffic will be identified as belonging to this service
// if the destination IP matches the IP/CIDRs specified in the addresses
// field. If the Addresses field is empty, traffic will be identified
// solely based on the destination port. In such scenarios, the port on
// which the service is being accessed must not be shared by any other
// service in the mesh. In other words, the sidecar will behave as a
// simple TCP proxy, forwarding incoming traffic on a specified port to
// the specified destination endpoint IP/host. Unix domain socket
// addresses are not supported in this field.
repeated string addresses = 2;
// The ports associated with the external service. If the
// Endpoints are Unix domain socket addresses, there must be exactly one
// port.
repeated ServicePort ports = 3;
// Location specifies whether the service is part of Istio mesh or
// outside the mesh. Location determines the behavior of several
// features, such as service-to-service mTLS authentication, policy
// enforcement, etc. When communicating with services outside the mesh,
// Istio's mTLS authentication is disabled, and policy enforcement is
// performed on the client-side as opposed to server-side.
enum Location {
// Signifies that the service is external to the mesh. Typically used
// to indicate external services consumed through APIs.
MESH_EXTERNAL = 0;
// Signifies that the service is part of the mesh. Typically used to
// indicate services added explicitly as part of expanding the service
// mesh to include unmanaged infrastructure (e.g., VMs added to a
// Kubernetes based service mesh).
MESH_INTERNAL = 1;
};
// Specify whether the service should be considered external to the mesh
// or part of the mesh.
Location location = 4;
// Resolution determines how the proxy will resolve the IP addresses of
// the network endpoints associated with the service, so that it can
// route to one of them. The resolution mode specified here has no impact
// on how the application resolves the IP address associated with the
// service. The application may still have to use DNS to resolve the
// service to an IP so that the outbound traffic can be captured by the
// Proxy. Alternatively, for HTTP services, the application could
// directly communicate with the proxy (e.g., by setting HTTP_PROXY) to
// talk to these services.
enum Resolution {
// Assume that incoming connections have already been resolved (to a
// specific destination IP address). Such connections are typically
// routed via the proxy using mechanisms such as IP table REDIRECT/
// eBPF. After performing any routing related transformations, the
// proxy will forward the connection to the IP address to which the
// connection was bound.
NONE = 0;
// Use the static IP addresses specified in endpoints (see below) as the
// backing instances associated with the service.
STATIC = 1;
// Attempt to resolve the IP address by querying the ambient DNS,
// asynchronously. If no endpoints are specified, the proxy
// will resolve the DNS address specified in the hosts field, if
// wildcards are not used. If endpoints are specified, the DNS
// addresses specified in the endpoints will be resolved to determine
// the destination IP address. DNS resolution cannot be used with Unix
// domain socket endpoints.
DNS = 2;
// Attempt to resolve the IP address by querying the ambient DNS,
// asynchronously. Unlike `DNS`, `DNS_ROUND_ROBIN` only uses the
// first IP address returned when a new connection needs to be initiated
// without relying on complete results of DNS resolution, and connections
// made to hosts will be retained even if DNS records change frequently
// eliminating draining connection pools and connection cycling.
// This is best suited for large web scale services that
// must be accessed via DNS. The proxy will resolve the DNS address
// specified in the hosts field, if wildcards are not used. DNS resolution
// cannot be used with Unix domain socket endpoints.
DNS_ROUND_ROBIN = 3;
};
// Service resolution mode for the hosts. Care must be taken
// when setting the resolution mode to NONE for a TCP port without
// accompanying IP addresses. In such cases, traffic to any IP on
// said port will be allowed (i.e. `0.0.0.0:<port>`).
Resolution resolution = 5;
// One or more endpoints associated with the service. Only one of
// `endpoints` or `workloadSelector` can be specified.
repeated WorkloadEntry endpoints = 6;
// Applicable only for MESH_INTERNAL services. Only one of
// `endpoints` or `workloadSelector` can be specified. Selects one
// or more Kubernetes pods or VM workloads (specified using
// `WorkloadEntry`) based on their labels. The `WorkloadEntry` object
// representing the VMs should be defined in the same namespace as
// the ServiceEntry.
WorkloadSelector workload_selector = 9;
// A list of namespaces to which this service is exported. Exporting a service
// allows it to be used by sidecars, gateways and virtual services defined in
// other namespaces. This feature provides a mechanism for service owners
// and mesh administrators to control the visibility of services across
// namespace boundaries.
//
// If no namespaces are specified then the service is exported to all
// namespaces by default.
//
// The value "." is reserved and defines an export to the same namespace that
// the service is declared in. Similarly the value "*" is reserved and
// defines an export to all namespaces.
//
// For a Kubernetes Service, the equivalent effect can be achieved by setting
// the annotation "networking.istio.io/exportTo" to a comma-separated list
// of namespace names.
repeated string export_to = 7;
// If specified, the proxy will verify that the server certificate's
// subject alternate name matches one of the specified values.
//
// NOTE: When using the workloadEntry with workloadSelectors, the
// service account specified in the workloadEntry will also be used
// to derive the additional subject alternate names that should be
// verified.
repeated string subject_alt_names = 8;
}
// ServicePort describes the properties of a specific port of a service.
message ServicePort {
// A valid non-negative integer port number.
uint32 number = 1 [(google.api.field_behavior) = REQUIRED];
// The protocol exposed on the port.
// MUST BE one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TLS.
// TLS implies the connection will be routed based on the SNI header to
// the destination without terminating the TLS connection.
string protocol = 2;
// Label assigned to the port.
string name = 3 [(google.api.field_behavior) = REQUIRED];
// The port number on the endpoint where the traffic will be
// received. If unset, default to `number`.
uint32 target_port = 4;
}

48
networking/v1/service_entry_deepcopy.gen.go generated Normal file
View File

@ -0,0 +1,48 @@
// Code generated by protoc-gen-deepcopy. DO NOT EDIT.
package v1
import (
proto "google.golang.org/protobuf/proto"
)
// DeepCopyInto supports using ServiceEntry within kubernetes types, where deepcopy-gen is used.
func (in *ServiceEntry) DeepCopyInto(out *ServiceEntry) {
p := proto.Clone(in).(*ServiceEntry)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceEntry. Required by controller-gen.
func (in *ServiceEntry) DeepCopy() *ServiceEntry {
if in == nil {
return nil
}
out := new(ServiceEntry)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ServiceEntry. Required by controller-gen.
func (in *ServiceEntry) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using ServicePort within kubernetes types, where deepcopy-gen is used.
func (in *ServicePort) DeepCopyInto(out *ServicePort) {
p := proto.Clone(in).(*ServicePort)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServicePort. Required by controller-gen.
func (in *ServicePort) DeepCopy() *ServicePort {
if in == nil {
return nil
}
out := new(ServicePort)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ServicePort. Required by controller-gen.
func (in *ServicePort) DeepCopyInterface() interface{} {
return in.DeepCopy()
}

34
networking/v1/service_entry_json.gen.go generated Normal file
View File

@ -0,0 +1,34 @@
// Code generated by protoc-gen-jsonshim. DO NOT EDIT.
package v1
import (
bytes "bytes"
jsonpb "github.com/golang/protobuf/jsonpb"
)
// MarshalJSON is a custom marshaler for ServiceEntry
func (this *ServiceEntry) MarshalJSON() ([]byte, error) {
str, err := ServiceEntryMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for ServiceEntry
func (this *ServiceEntry) UnmarshalJSON(b []byte) error {
return ServiceEntryUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for ServicePort
func (this *ServicePort) MarshalJSON() ([]byte, error) {
str, err := ServiceEntryMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for ServicePort
func (this *ServicePort) UnmarshalJSON(b []byte) error {
return ServiceEntryUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
var (
ServiceEntryMarshaler = &jsonpb.Marshaler{}
ServiceEntryUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true}
)

1283
networking/v1/sidecar.pb.go generated Normal file
View File

File diff suppressed because it is too large Load Diff

572
networking/v1/sidecar.proto Normal file
View File

@ -0,0 +1,572 @@
// Copyright 2020 Istio Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
import "google/api/field_behavior.proto";
import "networking/v1/destination_rule.proto";
import "networking/v1/gateway.proto";
import "networking/v1/virtual_service.proto";
// $schema: istio.networking.v1.Sidecar
// $title: Sidecar
// $description: Configuration affecting network reachability of a sidecar.
// $location: https://istio.io/docs/reference/config/networking/sidecar.html
// $aliases: [/docs/reference/config/networking/v1/sidecar]
// $mode: none
// `Sidecar` describes the configuration of the sidecar proxy that mediates
// inbound and outbound communication to the workload instance it is attached to. By
// default, Istio will program all sidecar proxies in the mesh with the
// necessary configuration required to reach every workload instance in the mesh, as
// well as accept traffic on all the ports associated with the
// workload. The `Sidecar` configuration provides a way to fine tune the set of
// ports, protocols that the proxy will accept when forwarding traffic to
// and from the workload. In addition, it is possible to restrict the set
// of services that the proxy can reach when forwarding outbound traffic
// from workload instances.
//
// Services and configuration in a mesh are organized into one or more
// namespaces (e.g., a Kubernetes namespace or a CF org/space). A `Sidecar`
// configuration in a namespace will apply to one or more workload instances in the same
// namespace, selected using the `workloadSelector` field. In the absence of a
// `workloadSelector`, it will apply to all workload instances in the same
// namespace. When determining the `Sidecar` configuration to be applied to a
// workload instance, preference will be given to the resource with a
// `workloadSelector` that selects this workload instance, over a `Sidecar` configuration
// without any `workloadSelector`.
//
// **NOTE 1**: *_Each namespace can have only one `Sidecar`
// configuration without any `workloadSelector`_ that specifies the
// default for all pods in that namespace*. It is recommended to use
// the name `default` for the namespace-wide sidecar. The behavior of
// the system is undefined if more than one selector-less `Sidecar`
// configurations exist in a given namespace. The behavior of the
// system is undefined if two or more `Sidecar` configurations with a
// `workloadSelector` select the same workload instance.
//
// **NOTE 2**: *_A `Sidecar` configuration in the `MeshConfig`
// [root namespace](https://istio.io/docs/reference/config/istio.mesh.v1alpha1/#MeshConfig)
// will be applied by default to all namespaces without a `Sidecar`
// configuration_*. This global default `Sidecar` configuration should not have
// any `workloadSelector`.
//
// **NOTE 3**: *_A `Sidecar` is not applicable to gateways, even though gateways are istio-proxies_*.
//
// The example below declares a global default `Sidecar` configuration
// in the root namespace called `istio-config`, that configures
// sidecars in all namespaces to allow egress traffic only to other
// workloads in the same namespace as well as to services in the
// `istio-system` namespace.
//
// ```yaml
// apiVersion: networking.istio.io/v1
// kind: Sidecar
// metadata:
// name: default
// namespace: istio-config
// spec:
// egress:
// - hosts:
// - "./*"
// - "istio-system/*"
// ```
//
// The example below declares a `Sidecar` configuration in the
// `prod-us1` namespace that overrides the global default defined
// above, and configures the sidecars in the namespace to allow egress
// traffic to public services in the `prod-us1`, `prod-apis`, and the
// `istio-system` namespaces.
//
// ```yaml
// apiVersion: networking.istio.io/v1
// kind: Sidecar
// metadata:
// name: default
// namespace: prod-us1
// spec:
// egress:
// - hosts:
// - "prod-us1/*"
// - "prod-apis/*"
// - "istio-system/*"
// ```
//
// The following example declares a `Sidecar` configuration in the
// `prod-us1` namespace for all pods with labels `app: ratings`
// belonging to the `ratings.prod-us1` service. The workload accepts
// inbound HTTP traffic on port 9080. The traffic is then forwarded to
// the attached workload instance listening on a Unix domain
// socket. In the egress direction, in addition to the `istio-system`
// namespace, the sidecar proxies only HTTP traffic bound for port
// 9080 for services in the `prod-us1` namespace.
//
// ```yaml
// apiVersion: networking.istio.io/v1
// kind: Sidecar
// metadata:
// name: ratings
// namespace: prod-us1
// spec:
// workloadSelector:
// labels:
// app: ratings
// ingress:
// - port:
// number: 9080
// protocol: HTTP
// name: somename
// defaultEndpoint: unix:///var/run/someuds.sock
// egress:
// - port:
// number: 9080
// protocol: HTTP
// name: egresshttp
// hosts:
// - "prod-us1/*"
// - hosts:
// - "istio-system/*"
// ```
//
// If the workload is deployed without IPTables-based traffic capture,
// the `Sidecar` configuration is the only way to configure the ports
// on the proxy attached to the workload instance. The following
// example declares a `Sidecar` configuration in the `prod-us1`
// namespace for all pods with labels `app: productpage` belonging to
// the `productpage.prod-us1` service. Assuming that these pods are
// deployed without IPtable rules (i.e. the `istio-init` container)
// and the proxy metadata `ISTIO_META_INTERCEPTION_MODE` is set to
// `NONE`, the specification, below, allows such pods to receive HTTP
// traffic on port 9080 (wrapped inside Istio mutual TLS) and forward
// it to the application listening on `127.0.0.1:8080`. It also allows
// the application to communicate with a backing MySQL database on
// `127.0.0.1:3306`, that then gets proxied to the externally hosted
// MySQL service at `mysql.foo.com:3306`.
//
// ```yaml
// apiVersion: networking.istio.io/v1
// kind: Sidecar
// metadata:
// name: no-ip-tables
// namespace: prod-us1
// spec:
// workloadSelector:
// labels:
// app: productpage
// ingress:
// - port:
// number: 9080 # binds to proxy_instance_ip:9080 (0.0.0.0:9080, if no unicast IP is available for the instance)
// protocol: HTTP
// name: somename
// defaultEndpoint: 127.0.0.1:8080
// captureMode: NONE # not needed if metadata is set for entire proxy
// egress:
// - port:
// number: 3306
// protocol: MYSQL
// name: egressmysql
// captureMode: NONE # not needed if metadata is set for entire proxy
// bind: 127.0.0.1
// hosts:
// - "*/mysql.foo.com"
// ```
//
// And the associated service entry for routing to `mysql.foo.com:3306`
//
// ```yaml
// apiVersion: networking.istio.io/v1
// kind: ServiceEntry
// metadata:
// name: external-svc-mysql
// namespace: ns1
// spec:
// hosts:
// - mysql.foo.com
// ports:
// - number: 3306
// name: mysql
// protocol: MYSQL
// location: MESH_EXTERNAL
// resolution: DNS
// ```
//
// It is also possible to mix and match traffic capture modes in a single
// proxy. For example, consider a setup where internal services are on the
// `192.168.0.0/16` subnet. So, IP tables are setup on the VM to capture all
// outbound traffic on `192.168.0.0/16` subnet. Assume that the VM has an
// additional network interface on `172.16.0.0/16` subnet for inbound
// traffic. The following `Sidecar` configuration allows the VM to expose a
// listener on `172.16.1.32:80` (the VM's IP) for traffic arriving from the
// `172.16.0.0/16` subnet.
//
// **NOTE**: The `ISTIO_META_INTERCEPTION_MODE` metadata on the
// proxy in the VM should contain `REDIRECT` or `TPROXY` as its value,
// implying that IP tables based traffic capture is active.
//
// ```yaml
// apiVersion: networking.istio.io/v1
// kind: Sidecar
// metadata:
// name: partial-ip-tables
// namespace: prod-us1
// spec:
// workloadSelector:
// labels:
// app: productpage
// ingress:
// - bind: 172.16.1.32
// port:
// number: 80 # binds to 172.16.1.32:80
// protocol: HTTP
// name: somename
// defaultEndpoint: 127.0.0.1:8080
// captureMode: NONE
// egress:
// # use the system detected defaults
// # sets up configuration to handle outbound traffic to services
// # in 192.168.0.0/16 subnet, based on information provided by the
// # service registry
// - captureMode: IPTABLES
// hosts:
// - "*/*"
// ```
//
// In addition to configuring traffic capture and how traffic is forwarded to the app,
// it's possible to control inbound connection pool settings. By default, Istio pushes
// connection pool settings from `DestinationRules` to both clients (for outbound
// connections to the service) as well as servers (for inbound connections to a service
// instance). Using the `InboundConnectionPool` and per-port `ConnectionPool` settings
// in a `Sidecar` allow you to control those connection pools for the server separately
// from the settings pushed to all clients.
//
// ```yaml
// apiVersion: networking.istio.io/v1
// kind: Sidecar
// metadata:
// name: connection-pool-settings
// namespace: prod-us1
// spec:
// workloadSelector:
// labels:
// app: productpage
// inboundConnectionPool:
// http:
// http1MaxPendingRequests: 1024
// http2MaxRequests: 1024
// maxRequestsPerConnection: 1024
// maxRetries: 100
// ingress:
// - port:
// number: 80
// protocol: HTTP
// name: somename
// connectionPool:
// http:
// http1MaxPendingRequests: 1024
// http2MaxRequests: 1024
// maxRequestsPerConnection: 1024
// maxRetries: 100
// tcp:
// maxConnections: 100
// ```
package istio.networking.v1;
option go_package = "istio.io/api/networking/v1";
// `Sidecar` describes the configuration of the sidecar proxy that mediates
// inbound and outbound communication of the workload instance to which it is
// attached.
//
// <!-- crd generation tags
// +cue-gen:Sidecar:groupName:networking.istio.io
// +cue-gen:Sidecar:version:v1
// +cue-gen:Sidecar:annotations:helm.sh/resource-policy=keep
// +cue-gen:Sidecar:labels:app=istio-pilot,chart=istio,heritage=Tiller,release=istio
// +cue-gen:Sidecar:subresource:status
// +cue-gen:Sidecar:scope:Namespaced
// +cue-gen:Sidecar:resource:categories=istio-io,networking-istio-io
// +cue-gen:Sidecar:preserveUnknownFields:false
// -->
//
// <!-- go code generation tags
// +kubetype-gen
// +kubetype-gen:groupVersion=networking.istio.io/v1
// +genclient
// +k8s:deepcopy-gen=true
// -->
// <!-- istio code generation tags
// +istio.io/sync-from:networking/v1alpha3/sidecar.proto
// -->
message Sidecar {
// Criteria used to select the specific set of pods/VMs on which this
// `Sidecar` configuration should be applied. If omitted, the `Sidecar`
// configuration will be applied to all workload instances in the same namespace.
WorkloadSelector workload_selector = 1;
// Ingress specifies the configuration of the sidecar for processing
// inbound traffic to the attached workload instance. If omitted, Istio will
// automatically configure the sidecar based on the information about the workload
// obtained from the orchestration platform (e.g., exposed ports, services,
// etc.). If specified, inbound ports are configured if and only if the
// workload instance is associated with a service.
repeated IstioIngressListener ingress = 2;
// Egress specifies the configuration of the sidecar for processing
// outbound traffic from the attached workload instance to other
// services in the mesh. If not specified, inherits the system
// detected defaults from the namespace-wide or the global default Sidecar.
repeated IstioEgressListener egress = 3;
// Settings controlling the volume of connections Envoy will accept from the network.
// This default will apply for all inbound listeners and can be overridden per-port
// in the `Ingress` field. This configuration mirrors the `DestinationRule`'s
// [`connectionPool`](https://istio.io/latest/docs/reference/config/networking/destination-rule/#ConnectionPoolSettings) field.
//
// By default, Istio applies a service's `DestinationRule` to client sidecars
// for outbound traffic directed at the service -- the usual case folks think
// of when configuring a `DestinationRule` -- but also to the server's inbound
// sidecar. The `Sidecar`'s connection pool configures the server's inbound
// sidecar directly, so its settings can be different than clients'. This is
// valuable, for example, when you have many clients calling few servers: a
// `DestinationRule` can limit the concurrency of any single client, while
// the `Sidecar` allows you to configure much higher concurrency on the server
// side.
//
// Connection pool settings for a server's inbound sidecar are configured in the
// following precedence, highest to lowest:
// - per-port `ConnectionPool` from the `Sidecar`
// - top level `InboundConnectionPool` from the `Sidecar`
// - per-port `TrafficPolicy.ConnectionPool` from the `DestinationRule`
// - top level `TrafficPolicy.ConnectionPool` from the `DestinationRule`
// - default connection pool settings (essentially unlimited)
//
// In every case, the connection pool settings are overriden, not merged.
ConnectionPoolSettings inbound_connection_pool = 7;
// Configuration for the outbound traffic policy. If your
// application uses one or more external services that are not known
// apriori, setting the policy to `ALLOW_ANY` will cause the
// sidecars to route any unknown traffic originating from the
// application to its requested destination. If not specified,
// inherits the system detected defaults from the namespace-wide or
// the global default Sidecar.
OutboundTrafficPolicy outbound_traffic_policy = 4;
reserved "localhost";
reserved 5, 6;
}
// `IstioIngressListener` specifies the properties of an inbound
// traffic listener on the sidecar proxy attached to a workload instance.
message IstioIngressListener {
// The port associated with the listener.
SidecarPort port = 1 [(google.api.field_behavior) = REQUIRED];
// The IP(IPv4 or IPv6) to which the listener should be bound.
// Unix domain socket addresses are not allowed in
// the bind field for ingress listeners. If omitted, Istio will
// automatically configure the defaults based on imported services
// and the workload instances to which this configuration is applied
// to.
string bind = 2;
// The captureMode option dictates how traffic to the listener is
// expected to be captured (or not).
CaptureMode capture_mode = 3;
// The IP endpoint or Unix domain socket to which
// traffic should be forwarded to. This configuration can be used to
// redirect traffic arriving at the bind `IP:Port` on the sidecar to a `localhost:port`
// or Unix domain socket where the application workload instance is listening for
// connections. Arbitrary IPs are not supported. Format should be one of
// `127.0.0.1:PORT`, `[::1]:PORT` (forward to localhost),
// `0.0.0.0:PORT`, `[::]:PORT` (forward to the instance IP),
// or `unix:///path/to/socket` (forward to Unix domain socket).
string default_endpoint = 4;
reserved "localhost_client_tls";
reserved 5, 6;
// Set of TLS related options that will enable TLS termination on the
// sidecar for requests originating from outside the mesh.
// Currently supports only SIMPLE and MUTUAL TLS modes.
ServerTLSSettings tls = 7;
// Settings controlling the volume of connections Envoy will accept from the network.
// This setting overrides the top-level default `inboundConnectionPool` to configure
// specific settings for this port. This configuration mirrors the `DestinationRule`'s
// [`PortTrafficPolicy.connectionPool`](https://istio.io/latest/docs/reference/config/networking/destination-rule/#TrafficPolicy-PortTrafficPolicy) field.
// This port level connection pool has the highest precedence in configuration,
// overriding both the `Sidecar`'s top level `InboundConnectionPool` as well as any
// connection pooling settings from the `DestinationRule`.
ConnectionPoolSettings connection_pool = 8;
}
// `IstioEgressListener` specifies the properties of an outbound traffic
// listener on the sidecar proxy attached to a workload instance.
message IstioEgressListener {
// The port associated with the listener. If using Unix domain socket,
// use 0 as the port number, with a valid protocol. The port if
// specified, will be used as the default destination port associated
// with the imported hosts. If the port is omitted, Istio will infer the
// listener ports based on the imported hosts. Note that when multiple
// egress listeners are specified, where one or more listeners have
// specific ports while others have no port, the hosts exposed on a
// listener port will be based on the listener with the most specific
// port.
SidecarPort port = 1;
// The IP(IPv4 or IPv6) or the Unix domain socket to which the listener should be bound
// to. Port MUST be specified if bind is not empty. Format: IPv4 or IPv6 address formats or
// `unix:///path/to/uds` or `unix://@foobar` (Linux abstract namespace). If
// omitted, Istio will automatically configure the defaults based on imported
// services, the workload instances to which this configuration is applied to and
// the captureMode. If captureMode is `NONE`, bind will default to
// 127.0.0.1.
string bind = 2;
// When the bind address is an IP, the captureMode option dictates
// how traffic to the listener is expected to be captured (or not).
// captureMode must be DEFAULT or `NONE` for Unix domain socket binds.
CaptureMode capture_mode = 3;
// One or more service hosts exposed by the listener
// in `namespace/dnsName` format. Services in the specified namespace
// matching `dnsName` will be exposed.
// The corresponding service can be a service in the service registry
// (e.g., a Kubernetes or cloud foundry service) or a service specified
// using a `ServiceEntry` or `VirtualService` configuration. Any
// associated `DestinationRule` in the same namespace will also be used.
//
// The `dnsName` should be specified using FQDN format, optionally including
// a wildcard character in the left-most component (e.g., `prod/*.example.com`).
// Set the `dnsName` to `*` to select all services from the specified namespace
// (e.g., `prod/*`).
//
// The `namespace` can be set to `*`, `.`, or `~`, representing any, the current,
// or no namespace, respectively. For example, `*/foo.example.com` selects the
// service from any available namespace while `./foo.example.com` only selects
// the service from the namespace of the sidecar. If a host is set to `*/*`,
// Istio will configure the sidecar to be able to reach every service in the
// mesh that is exported to the sidecar's namespace. The value `~/*` can be used
// to completely trim the configuration for sidecars that simply receive traffic
// and respond, but make no outbound connections of their own.
//
// NOTE: Only services and configuration artifacts exported to the sidecar's
// namespace (e.g., `exportTo` value of `*`) can be referenced.
// Private configurations (e.g., `exportTo` set to `.`) will
// not be available. Refer to the `exportTo` setting in `VirtualService`,
// `DestinationRule`, and `ServiceEntry` configurations for details.
repeated string hosts = 4 [(google.api.field_behavior) = REQUIRED];
reserved "localhost_server_tls";
reserved 5, 6;
}
// `WorkloadSelector` specifies the criteria used to determine if the
// `Gateway`, `Sidecar`, `EnvoyFilter`, `ServiceEntry`, or `DestinationRule`
// configuration can be applied to a proxy. The matching criteria
// includes the metadata associated with a proxy, workload instance
// info such as labels attached to the pod/VM, or any other info that
// the proxy provides to Istio during the initial handshake. If
// multiple conditions are specified, all conditions need to match in
// order for the workload instance to be selected. Currently, only
// label based selection mechanism is supported.
message WorkloadSelector {
// One or more labels that indicate a specific set of pods/VMs
// on which the configuration should be applied. The scope of
// label search is restricted to the configuration namespace in which the
// the resource is present.
map<string, string> labels = 1;
// $hide_from_docs
// other forms of identification supplied by the proxy
// when connecting to Pilot, such as X509 fields, tenant IDs, JWT,
// etc. This has nothing to do with the request level authN etc.
}
// `OutboundTrafficPolicy` sets the default behavior of the sidecar for
// handling outbound traffic from the application.
// If your application uses one or more external
// services that are not known apriori, setting the policy to `ALLOW_ANY`
// will cause the sidecars to route any unknown traffic originating from
// the application to its requested destination. Users are strongly
// encouraged to use `ServiceEntry` configurations to explicitly declare any external
// dependencies, instead of using `ALLOW_ANY`, so that traffic to these
// services can be monitored.
message OutboundTrafficPolicy {
enum Mode {
// Outbound traffic will be restricted to services defined in the
// service registry as well as those defined through `ServiceEntry` configurations.
REGISTRY_ONLY = 0;
// Outbound traffic to unknown destinations will be allowed, in case
// there are no services or `ServiceEntry` configurations for the destination port.
ALLOW_ANY = 1;
}
Mode mode = 1;
// Specifies the details of the egress proxy to which unknown
// traffic should be forwarded to from the sidecar. Valid only if
// the mode is set to ALLOW_ANY. If not specified when the mode is
// ALLOW_ANY, the sidecar will send the unknown traffic directly to
// the IP requested by the application.
//
// ** NOTE 1**: The specified egress host must be imported in the
// egress section for the traffic forwarding to work.
//
// ** NOTE 2**: An Envoy based egress gateway is unlikely to be able
// to handle plain text TCP connections forwarded from the sidecar.
// Envoy's dynamic forward proxy can handle only HTTP and TLS
// connections.
// $hide_from_docs
Destination egress_proxy = 2;
}
// `CaptureMode` describes how traffic to a listener is expected to be
// captured. Applicable only when the listener is bound to an IP.
enum CaptureMode {
// The default capture mode defined by the environment.
DEFAULT = 0;
// Capture traffic using IPtables redirection.
IPTABLES = 1;
// No traffic capture. When used in an egress listener, the application is
// expected to explicitly communicate with the listener port or Unix
// domain socket. When used in an ingress listener, care needs to be taken
// to ensure that the listener port is not in use by other processes on
// the host.
NONE = 2;
}
// Port describes the properties of a specific port of a service.
message SidecarPort {
// A valid non-negative integer port number.
uint32 number = 1;
// The protocol exposed on the port.
// MUST BE one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TLS.
// TLS can be either used to terminate non-HTTP based connections on a specific port
// or to route traffic based on SNI header to the destination without terminating the TLS connection.
string protocol = 2;
// Label assigned to the port.
string name = 3;
// Has no effect, only for backwards compatibility
// received. Applicable only when used with ServiceEntries.
// $hide_from_docs
uint32 target_port = 4 [deprecated=true];
}

132
networking/v1/sidecar_deepcopy.gen.go generated Normal file
View File

@ -0,0 +1,132 @@
// Code generated by protoc-gen-deepcopy. DO NOT EDIT.
package v1
import (
proto "google.golang.org/protobuf/proto"
)
// DeepCopyInto supports using Sidecar within kubernetes types, where deepcopy-gen is used.
func (in *Sidecar) DeepCopyInto(out *Sidecar) {
p := proto.Clone(in).(*Sidecar)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Sidecar. Required by controller-gen.
func (in *Sidecar) DeepCopy() *Sidecar {
if in == nil {
return nil
}
out := new(Sidecar)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Sidecar. Required by controller-gen.
func (in *Sidecar) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using IstioIngressListener within kubernetes types, where deepcopy-gen is used.
func (in *IstioIngressListener) DeepCopyInto(out *IstioIngressListener) {
p := proto.Clone(in).(*IstioIngressListener)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IstioIngressListener. Required by controller-gen.
func (in *IstioIngressListener) DeepCopy() *IstioIngressListener {
if in == nil {
return nil
}
out := new(IstioIngressListener)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new IstioIngressListener. Required by controller-gen.
func (in *IstioIngressListener) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using IstioEgressListener within kubernetes types, where deepcopy-gen is used.
func (in *IstioEgressListener) DeepCopyInto(out *IstioEgressListener) {
p := proto.Clone(in).(*IstioEgressListener)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IstioEgressListener. Required by controller-gen.
func (in *IstioEgressListener) DeepCopy() *IstioEgressListener {
if in == nil {
return nil
}
out := new(IstioEgressListener)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new IstioEgressListener. Required by controller-gen.
func (in *IstioEgressListener) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using WorkloadSelector within kubernetes types, where deepcopy-gen is used.
func (in *WorkloadSelector) DeepCopyInto(out *WorkloadSelector) {
p := proto.Clone(in).(*WorkloadSelector)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadSelector. Required by controller-gen.
func (in *WorkloadSelector) DeepCopy() *WorkloadSelector {
if in == nil {
return nil
}
out := new(WorkloadSelector)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadSelector. Required by controller-gen.
func (in *WorkloadSelector) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using OutboundTrafficPolicy within kubernetes types, where deepcopy-gen is used.
func (in *OutboundTrafficPolicy) DeepCopyInto(out *OutboundTrafficPolicy) {
p := proto.Clone(in).(*OutboundTrafficPolicy)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OutboundTrafficPolicy. Required by controller-gen.
func (in *OutboundTrafficPolicy) DeepCopy() *OutboundTrafficPolicy {
if in == nil {
return nil
}
out := new(OutboundTrafficPolicy)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new OutboundTrafficPolicy. Required by controller-gen.
func (in *OutboundTrafficPolicy) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using SidecarPort within kubernetes types, where deepcopy-gen is used.
func (in *SidecarPort) DeepCopyInto(out *SidecarPort) {
p := proto.Clone(in).(*SidecarPort)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SidecarPort. Required by controller-gen.
func (in *SidecarPort) DeepCopy() *SidecarPort {
if in == nil {
return nil
}
out := new(SidecarPort)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new SidecarPort. Required by controller-gen.
func (in *SidecarPort) DeepCopyInterface() interface{} {
return in.DeepCopy()
}

78
networking/v1/sidecar_json.gen.go generated Normal file
View File

@ -0,0 +1,78 @@
// Code generated by protoc-gen-jsonshim. DO NOT EDIT.
package v1
import (
bytes "bytes"
jsonpb "github.com/golang/protobuf/jsonpb"
)
// MarshalJSON is a custom marshaler for Sidecar
func (this *Sidecar) MarshalJSON() ([]byte, error) {
str, err := SidecarMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for Sidecar
func (this *Sidecar) UnmarshalJSON(b []byte) error {
return SidecarUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for IstioIngressListener
func (this *IstioIngressListener) MarshalJSON() ([]byte, error) {
str, err := SidecarMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for IstioIngressListener
func (this *IstioIngressListener) UnmarshalJSON(b []byte) error {
return SidecarUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for IstioEgressListener
func (this *IstioEgressListener) MarshalJSON() ([]byte, error) {
str, err := SidecarMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for IstioEgressListener
func (this *IstioEgressListener) UnmarshalJSON(b []byte) error {
return SidecarUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for WorkloadSelector
func (this *WorkloadSelector) MarshalJSON() ([]byte, error) {
str, err := SidecarMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for WorkloadSelector
func (this *WorkloadSelector) UnmarshalJSON(b []byte) error {
return SidecarUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for OutboundTrafficPolicy
func (this *OutboundTrafficPolicy) MarshalJSON() ([]byte, error) {
str, err := SidecarMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for OutboundTrafficPolicy
func (this *OutboundTrafficPolicy) UnmarshalJSON(b []byte) error {
return SidecarUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for SidecarPort
func (this *SidecarPort) MarshalJSON() ([]byte, error) {
str, err := SidecarMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for SidecarPort
func (this *SidecarPort) UnmarshalJSON(b []byte) error {
return SidecarUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
var (
SidecarMarshaler = &jsonpb.Marshaler{}
SidecarUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true}
)

4389
networking/v1/virtual_service.pb.go generated Normal file
View File

File diff suppressed because it is too large Load Diff

1520
networking/v1/virtual_service.proto Normal file
View File

File diff suppressed because it is too large Load Diff

573
networking/v1/virtual_service_deepcopy.gen.go generated Normal file
View File

@ -0,0 +1,573 @@
// Code generated by protoc-gen-deepcopy. DO NOT EDIT.
package v1
import (
proto "google.golang.org/protobuf/proto"
)
// DeepCopyInto supports using VirtualService within kubernetes types, where deepcopy-gen is used.
func (in *VirtualService) DeepCopyInto(out *VirtualService) {
p := proto.Clone(in).(*VirtualService)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VirtualService. Required by controller-gen.
func (in *VirtualService) DeepCopy() *VirtualService {
if in == nil {
return nil
}
out := new(VirtualService)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new VirtualService. Required by controller-gen.
func (in *VirtualService) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using Destination within kubernetes types, where deepcopy-gen is used.
func (in *Destination) DeepCopyInto(out *Destination) {
p := proto.Clone(in).(*Destination)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Destination. Required by controller-gen.
func (in *Destination) DeepCopy() *Destination {
if in == nil {
return nil
}
out := new(Destination)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Destination. Required by controller-gen.
func (in *Destination) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using HTTPRoute within kubernetes types, where deepcopy-gen is used.
func (in *HTTPRoute) DeepCopyInto(out *HTTPRoute) {
p := proto.Clone(in).(*HTTPRoute)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRoute. Required by controller-gen.
func (in *HTTPRoute) DeepCopy() *HTTPRoute {
if in == nil {
return nil
}
out := new(HTTPRoute)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRoute. Required by controller-gen.
func (in *HTTPRoute) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using Delegate within kubernetes types, where deepcopy-gen is used.
func (in *Delegate) DeepCopyInto(out *Delegate) {
p := proto.Clone(in).(*Delegate)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Delegate. Required by controller-gen.
func (in *Delegate) DeepCopy() *Delegate {
if in == nil {
return nil
}
out := new(Delegate)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Delegate. Required by controller-gen.
func (in *Delegate) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using Headers within kubernetes types, where deepcopy-gen is used.
func (in *Headers) DeepCopyInto(out *Headers) {
p := proto.Clone(in).(*Headers)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Headers. Required by controller-gen.
func (in *Headers) DeepCopy() *Headers {
if in == nil {
return nil
}
out := new(Headers)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Headers. Required by controller-gen.
func (in *Headers) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using Headers_HeaderOperations within kubernetes types, where deepcopy-gen is used.
func (in *Headers_HeaderOperations) DeepCopyInto(out *Headers_HeaderOperations) {
p := proto.Clone(in).(*Headers_HeaderOperations)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Headers_HeaderOperations. Required by controller-gen.
func (in *Headers_HeaderOperations) DeepCopy() *Headers_HeaderOperations {
if in == nil {
return nil
}
out := new(Headers_HeaderOperations)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Headers_HeaderOperations. Required by controller-gen.
func (in *Headers_HeaderOperations) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using TLSRoute within kubernetes types, where deepcopy-gen is used.
func (in *TLSRoute) DeepCopyInto(out *TLSRoute) {
p := proto.Clone(in).(*TLSRoute)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSRoute. Required by controller-gen.
func (in *TLSRoute) DeepCopy() *TLSRoute {
if in == nil {
return nil
}
out := new(TLSRoute)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new TLSRoute. Required by controller-gen.
func (in *TLSRoute) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using TCPRoute within kubernetes types, where deepcopy-gen is used.
func (in *TCPRoute) DeepCopyInto(out *TCPRoute) {
p := proto.Clone(in).(*TCPRoute)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPRoute. Required by controller-gen.
func (in *TCPRoute) DeepCopy() *TCPRoute {
if in == nil {
return nil
}
out := new(TCPRoute)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new TCPRoute. Required by controller-gen.
func (in *TCPRoute) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using HTTPMatchRequest within kubernetes types, where deepcopy-gen is used.
func (in *HTTPMatchRequest) DeepCopyInto(out *HTTPMatchRequest) {
p := proto.Clone(in).(*HTTPMatchRequest)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPMatchRequest. Required by controller-gen.
func (in *HTTPMatchRequest) DeepCopy() *HTTPMatchRequest {
if in == nil {
return nil
}
out := new(HTTPMatchRequest)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPMatchRequest. Required by controller-gen.
func (in *HTTPMatchRequest) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using HTTPRouteDestination within kubernetes types, where deepcopy-gen is used.
func (in *HTTPRouteDestination) DeepCopyInto(out *HTTPRouteDestination) {
p := proto.Clone(in).(*HTTPRouteDestination)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRouteDestination. Required by controller-gen.
func (in *HTTPRouteDestination) DeepCopy() *HTTPRouteDestination {
if in == nil {
return nil
}
out := new(HTTPRouteDestination)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRouteDestination. Required by controller-gen.
func (in *HTTPRouteDestination) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using RouteDestination within kubernetes types, where deepcopy-gen is used.
func (in *RouteDestination) DeepCopyInto(out *RouteDestination) {
p := proto.Clone(in).(*RouteDestination)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteDestination. Required by controller-gen.
func (in *RouteDestination) DeepCopy() *RouteDestination {
if in == nil {
return nil
}
out := new(RouteDestination)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new RouteDestination. Required by controller-gen.
func (in *RouteDestination) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using L4MatchAttributes within kubernetes types, where deepcopy-gen is used.
func (in *L4MatchAttributes) DeepCopyInto(out *L4MatchAttributes) {
p := proto.Clone(in).(*L4MatchAttributes)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new L4MatchAttributes. Required by controller-gen.
func (in *L4MatchAttributes) DeepCopy() *L4MatchAttributes {
if in == nil {
return nil
}
out := new(L4MatchAttributes)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new L4MatchAttributes. Required by controller-gen.
func (in *L4MatchAttributes) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using TLSMatchAttributes within kubernetes types, where deepcopy-gen is used.
func (in *TLSMatchAttributes) DeepCopyInto(out *TLSMatchAttributes) {
p := proto.Clone(in).(*TLSMatchAttributes)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSMatchAttributes. Required by controller-gen.
func (in *TLSMatchAttributes) DeepCopy() *TLSMatchAttributes {
if in == nil {
return nil
}
out := new(TLSMatchAttributes)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new TLSMatchAttributes. Required by controller-gen.
func (in *TLSMatchAttributes) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using HTTPRedirect within kubernetes types, where deepcopy-gen is used.
func (in *HTTPRedirect) DeepCopyInto(out *HTTPRedirect) {
p := proto.Clone(in).(*HTTPRedirect)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRedirect. Required by controller-gen.
func (in *HTTPRedirect) DeepCopy() *HTTPRedirect {
if in == nil {
return nil
}
out := new(HTTPRedirect)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRedirect. Required by controller-gen.
func (in *HTTPRedirect) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using HTTPDirectResponse within kubernetes types, where deepcopy-gen is used.
func (in *HTTPDirectResponse) DeepCopyInto(out *HTTPDirectResponse) {
p := proto.Clone(in).(*HTTPDirectResponse)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPDirectResponse. Required by controller-gen.
func (in *HTTPDirectResponse) DeepCopy() *HTTPDirectResponse {
if in == nil {
return nil
}
out := new(HTTPDirectResponse)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPDirectResponse. Required by controller-gen.
func (in *HTTPDirectResponse) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using HTTPBody within kubernetes types, where deepcopy-gen is used.
func (in *HTTPBody) DeepCopyInto(out *HTTPBody) {
p := proto.Clone(in).(*HTTPBody)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPBody. Required by controller-gen.
func (in *HTTPBody) DeepCopy() *HTTPBody {
if in == nil {
return nil
}
out := new(HTTPBody)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPBody. Required by controller-gen.
func (in *HTTPBody) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using HTTPRewrite within kubernetes types, where deepcopy-gen is used.
func (in *HTTPRewrite) DeepCopyInto(out *HTTPRewrite) {
p := proto.Clone(in).(*HTTPRewrite)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRewrite. Required by controller-gen.
func (in *HTTPRewrite) DeepCopy() *HTTPRewrite {
if in == nil {
return nil
}
out := new(HTTPRewrite)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRewrite. Required by controller-gen.
func (in *HTTPRewrite) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using RegexRewrite within kubernetes types, where deepcopy-gen is used.
func (in *RegexRewrite) DeepCopyInto(out *RegexRewrite) {
p := proto.Clone(in).(*RegexRewrite)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegexRewrite. Required by controller-gen.
func (in *RegexRewrite) DeepCopy() *RegexRewrite {
if in == nil {
return nil
}
out := new(RegexRewrite)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new RegexRewrite. Required by controller-gen.
func (in *RegexRewrite) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using StringMatch within kubernetes types, where deepcopy-gen is used.
func (in *StringMatch) DeepCopyInto(out *StringMatch) {
p := proto.Clone(in).(*StringMatch)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StringMatch. Required by controller-gen.
func (in *StringMatch) DeepCopy() *StringMatch {
if in == nil {
return nil
}
out := new(StringMatch)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new StringMatch. Required by controller-gen.
func (in *StringMatch) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using HTTPRetry within kubernetes types, where deepcopy-gen is used.
func (in *HTTPRetry) DeepCopyInto(out *HTTPRetry) {
p := proto.Clone(in).(*HTTPRetry)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRetry. Required by controller-gen.
func (in *HTTPRetry) DeepCopy() *HTTPRetry {
if in == nil {
return nil
}
out := new(HTTPRetry)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRetry. Required by controller-gen.
func (in *HTTPRetry) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using CorsPolicy within kubernetes types, where deepcopy-gen is used.
func (in *CorsPolicy) DeepCopyInto(out *CorsPolicy) {
p := proto.Clone(in).(*CorsPolicy)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CorsPolicy. Required by controller-gen.
func (in *CorsPolicy) DeepCopy() *CorsPolicy {
if in == nil {
return nil
}
out := new(CorsPolicy)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new CorsPolicy. Required by controller-gen.
func (in *CorsPolicy) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using HTTPFaultInjection within kubernetes types, where deepcopy-gen is used.
func (in *HTTPFaultInjection) DeepCopyInto(out *HTTPFaultInjection) {
p := proto.Clone(in).(*HTTPFaultInjection)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPFaultInjection. Required by controller-gen.
func (in *HTTPFaultInjection) DeepCopy() *HTTPFaultInjection {
if in == nil {
return nil
}
out := new(HTTPFaultInjection)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPFaultInjection. Required by controller-gen.
func (in *HTTPFaultInjection) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using HTTPFaultInjection_Delay within kubernetes types, where deepcopy-gen is used.
func (in *HTTPFaultInjection_Delay) DeepCopyInto(out *HTTPFaultInjection_Delay) {
p := proto.Clone(in).(*HTTPFaultInjection_Delay)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPFaultInjection_Delay. Required by controller-gen.
func (in *HTTPFaultInjection_Delay) DeepCopy() *HTTPFaultInjection_Delay {
if in == nil {
return nil
}
out := new(HTTPFaultInjection_Delay)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPFaultInjection_Delay. Required by controller-gen.
func (in *HTTPFaultInjection_Delay) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using HTTPFaultInjection_Abort within kubernetes types, where deepcopy-gen is used.
func (in *HTTPFaultInjection_Abort) DeepCopyInto(out *HTTPFaultInjection_Abort) {
p := proto.Clone(in).(*HTTPFaultInjection_Abort)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPFaultInjection_Abort. Required by controller-gen.
func (in *HTTPFaultInjection_Abort) DeepCopy() *HTTPFaultInjection_Abort {
if in == nil {
return nil
}
out := new(HTTPFaultInjection_Abort)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPFaultInjection_Abort. Required by controller-gen.
func (in *HTTPFaultInjection_Abort) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using HTTPMirrorPolicy within kubernetes types, where deepcopy-gen is used.
func (in *HTTPMirrorPolicy) DeepCopyInto(out *HTTPMirrorPolicy) {
p := proto.Clone(in).(*HTTPMirrorPolicy)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPMirrorPolicy. Required by controller-gen.
func (in *HTTPMirrorPolicy) DeepCopy() *HTTPMirrorPolicy {
if in == nil {
return nil
}
out := new(HTTPMirrorPolicy)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPMirrorPolicy. Required by controller-gen.
func (in *HTTPMirrorPolicy) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using PortSelector within kubernetes types, where deepcopy-gen is used.
func (in *PortSelector) DeepCopyInto(out *PortSelector) {
p := proto.Clone(in).(*PortSelector)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PortSelector. Required by controller-gen.
func (in *PortSelector) DeepCopy() *PortSelector {
if in == nil {
return nil
}
out := new(PortSelector)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new PortSelector. Required by controller-gen.
func (in *PortSelector) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using Percent within kubernetes types, where deepcopy-gen is used.
func (in *Percent) DeepCopyInto(out *Percent) {
p := proto.Clone(in).(*Percent)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Percent. Required by controller-gen.
func (in *Percent) DeepCopy() *Percent {
if in == nil {
return nil
}
out := new(Percent)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Percent. Required by controller-gen.
func (in *Percent) DeepCopyInterface() interface{} {
return in.DeepCopy()
}

309
networking/v1/virtual_service_json.gen.go generated Normal file
View File

@ -0,0 +1,309 @@
// Code generated by protoc-gen-jsonshim. DO NOT EDIT.
package v1
import (
bytes "bytes"
jsonpb "github.com/golang/protobuf/jsonpb"
)
// MarshalJSON is a custom marshaler for VirtualService
func (this *VirtualService) MarshalJSON() ([]byte, error) {
str, err := VirtualServiceMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for VirtualService
func (this *VirtualService) UnmarshalJSON(b []byte) error {
return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for Destination
func (this *Destination) MarshalJSON() ([]byte, error) {
str, err := VirtualServiceMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for Destination
func (this *Destination) UnmarshalJSON(b []byte) error {
return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for HTTPRoute
func (this *HTTPRoute) MarshalJSON() ([]byte, error) {
str, err := VirtualServiceMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for HTTPRoute
func (this *HTTPRoute) UnmarshalJSON(b []byte) error {
return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for Delegate
func (this *Delegate) MarshalJSON() ([]byte, error) {
str, err := VirtualServiceMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for Delegate
func (this *Delegate) UnmarshalJSON(b []byte) error {
return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for Headers
func (this *Headers) MarshalJSON() ([]byte, error) {
str, err := VirtualServiceMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for Headers
func (this *Headers) UnmarshalJSON(b []byte) error {
return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for Headers_HeaderOperations
func (this *Headers_HeaderOperations) MarshalJSON() ([]byte, error) {
str, err := VirtualServiceMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for Headers_HeaderOperations
func (this *Headers_HeaderOperations) UnmarshalJSON(b []byte) error {
return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for TLSRoute
func (this *TLSRoute) MarshalJSON() ([]byte, error) {
str, err := VirtualServiceMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for TLSRoute
func (this *TLSRoute) UnmarshalJSON(b []byte) error {
return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for TCPRoute
func (this *TCPRoute) MarshalJSON() ([]byte, error) {
str, err := VirtualServiceMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for TCPRoute
func (this *TCPRoute) UnmarshalJSON(b []byte) error {
return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for HTTPMatchRequest
func (this *HTTPMatchRequest) MarshalJSON() ([]byte, error) {
str, err := VirtualServiceMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for HTTPMatchRequest
func (this *HTTPMatchRequest) UnmarshalJSON(b []byte) error {
return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for HTTPRouteDestination
func (this *HTTPRouteDestination) MarshalJSON() ([]byte, error) {
str, err := VirtualServiceMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for HTTPRouteDestination
func (this *HTTPRouteDestination) UnmarshalJSON(b []byte) error {
return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for RouteDestination
func (this *RouteDestination) MarshalJSON() ([]byte, error) {
str, err := VirtualServiceMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for RouteDestination
func (this *RouteDestination) UnmarshalJSON(b []byte) error {
return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for L4MatchAttributes
func (this *L4MatchAttributes) MarshalJSON() ([]byte, error) {
str, err := VirtualServiceMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for L4MatchAttributes
func (this *L4MatchAttributes) UnmarshalJSON(b []byte) error {
return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for TLSMatchAttributes
func (this *TLSMatchAttributes) MarshalJSON() ([]byte, error) {
str, err := VirtualServiceMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for TLSMatchAttributes
func (this *TLSMatchAttributes) UnmarshalJSON(b []byte) error {
return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for HTTPRedirect
func (this *HTTPRedirect) MarshalJSON() ([]byte, error) {
str, err := VirtualServiceMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for HTTPRedirect
func (this *HTTPRedirect) UnmarshalJSON(b []byte) error {
return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for HTTPDirectResponse
func (this *HTTPDirectResponse) MarshalJSON() ([]byte, error) {
str, err := VirtualServiceMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for HTTPDirectResponse
func (this *HTTPDirectResponse) UnmarshalJSON(b []byte) error {
return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for HTTPBody
func (this *HTTPBody) MarshalJSON() ([]byte, error) {
str, err := VirtualServiceMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for HTTPBody
func (this *HTTPBody) UnmarshalJSON(b []byte) error {
return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for HTTPRewrite
func (this *HTTPRewrite) MarshalJSON() ([]byte, error) {
str, err := VirtualServiceMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for HTTPRewrite
func (this *HTTPRewrite) UnmarshalJSON(b []byte) error {
return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for RegexRewrite
func (this *RegexRewrite) MarshalJSON() ([]byte, error) {
str, err := VirtualServiceMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for RegexRewrite
func (this *RegexRewrite) UnmarshalJSON(b []byte) error {
return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for StringMatch
func (this *StringMatch) MarshalJSON() ([]byte, error) {
str, err := VirtualServiceMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for StringMatch
func (this *StringMatch) UnmarshalJSON(b []byte) error {
return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for HTTPRetry
func (this *HTTPRetry) MarshalJSON() ([]byte, error) {
str, err := VirtualServiceMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for HTTPRetry
func (this *HTTPRetry) UnmarshalJSON(b []byte) error {
return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for CorsPolicy
func (this *CorsPolicy) MarshalJSON() ([]byte, error) {
str, err := VirtualServiceMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for CorsPolicy
func (this *CorsPolicy) UnmarshalJSON(b []byte) error {
return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for HTTPFaultInjection
func (this *HTTPFaultInjection) MarshalJSON() ([]byte, error) {
str, err := VirtualServiceMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for HTTPFaultInjection
func (this *HTTPFaultInjection) UnmarshalJSON(b []byte) error {
return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for HTTPFaultInjection_Delay
func (this *HTTPFaultInjection_Delay) MarshalJSON() ([]byte, error) {
str, err := VirtualServiceMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for HTTPFaultInjection_Delay
func (this *HTTPFaultInjection_Delay) UnmarshalJSON(b []byte) error {
return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for HTTPFaultInjection_Abort
func (this *HTTPFaultInjection_Abort) MarshalJSON() ([]byte, error) {
str, err := VirtualServiceMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for HTTPFaultInjection_Abort
func (this *HTTPFaultInjection_Abort) UnmarshalJSON(b []byte) error {
return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for HTTPMirrorPolicy
func (this *HTTPMirrorPolicy) MarshalJSON() ([]byte, error) {
str, err := VirtualServiceMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for HTTPMirrorPolicy
func (this *HTTPMirrorPolicy) UnmarshalJSON(b []byte) error {
return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for PortSelector
func (this *PortSelector) MarshalJSON() ([]byte, error) {
str, err := VirtualServiceMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for PortSelector
func (this *PortSelector) UnmarshalJSON(b []byte) error {
return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for Percent
func (this *Percent) MarshalJSON() ([]byte, error) {
str, err := VirtualServiceMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for Percent
func (this *Percent) UnmarshalJSON(b []byte) error {
return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
var (
VirtualServiceMarshaler = &jsonpb.Marshaler{}
VirtualServiceUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true}
)

447
networking/v1/workload_entry.pb.go generated Normal file
View File

@ -0,0 +1,447 @@
// Copyright 2020 Istio Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
// protoc-gen-go v1.33.0
// protoc (unknown)
// source: networking/v1/workload_entry.proto
// $schema: istio.networking.v1.WorkloadEntry
// $title: Workload Entry
// $description: Configuration affecting VMs onboarded into the mesh.
// $location: https://istio.io/docs/reference/config/networking/workload-entry.html
// $aliases: [/docs/reference/config/networking/v1/workload-entry]
// $mode: none
// `WorkloadEntry` enables operators to describe the properties of a
// single non-Kubernetes workload such as a VM or a bare metal server
// as it is onboarded into the mesh. A `WorkloadEntry` must be
// accompanied by an Istio `ServiceEntry` that selects the workload
// through the appropriate labels and provides the service definition
// for a `MESH_INTERNAL` service (hostnames, port properties, etc.). A
// `ServiceEntry` object can select multiple workload entries as well
// as Kubernetes pods based on the label selector specified in the
// service entry.
//
// When a workload connects to `istiod`, the status field in the
// custom resource will be updated to indicate the health of the
// workload along with other details, similar to how Kubernetes
// updates the status of a pod.
//
// The following example declares a workload entry representing a VM
// for the `details.bookinfo.com` service. This VM has sidecar
// installed and bootstrapped using the `details-legacy` service
// account. The service is exposed on port 80 to applications in the
// mesh. The HTTP traffic to this service is wrapped in Istio mutual
// TLS and sent to sidecars on VMs on target port 8080, that in turn
// forward it to the application on localhost on the same port.
//
// ```yaml
// apiVersion: networking.istio.io/v1
// kind: WorkloadEntry
// metadata:
// name: details-svc
// spec:
// # use of the service account indicates that the workload has a
// # sidecar proxy bootstrapped with this service account. Pods with
// # sidecars will automatically communicate with the workload using
// # istio mutual TLS.
// serviceAccount: details-legacy
// address: 2.2.2.2
// labels:
// app: details-legacy
// instance-id: vm1
// ```
//
// and the associated service entry
//
// ```yaml
// apiVersion: networking.istio.io/v1
// kind: ServiceEntry
// metadata:
// name: details-svc
// spec:
// hosts:
// - details.bookinfo.com
// location: MESH_INTERNAL
// ports:
// - number: 80
// name: http
// protocol: HTTP
// targetPort: 8080
// resolution: STATIC
// workloadSelector:
// labels:
// app: details-legacy
// ```
//
//
// The following example declares the same VM workload using
// its fully qualified DNS name. The service entry's resolution
// mode should be changed to DNS to indicate that the client-side
// sidecars should dynamically resolve the DNS name at runtime before
// forwarding the request.
//
// ```yaml
// apiVersion: networking.istio.io/v1
// kind: WorkloadEntry
// metadata:
// name: details-svc
// spec:
// # use of the service account indicates that the workload has a
// # sidecar proxy bootstrapped with this service account. Pods with
// # sidecars will automatically communicate with the workload using
// # istio mutual TLS.
// serviceAccount: details-legacy
// address: vm1.vpc01.corp.net
// labels:
// app: details-legacy
// instance-id: vm1
// ```
//
// and the associated service entry
//
// ```yaml
// apiVersion: networking.istio.io/v1
// kind: ServiceEntry
// metadata:
// name: details-svc
// spec:
// hosts:
// - details.bookinfo.com
// location: MESH_INTERNAL
// ports:
// - number: 80
// name: http
// protocol: HTTP
// targetPort: 8080
// resolution: DNS
// workloadSelector:
// labels:
// app: details-legacy
// ```
//
// The following example declares a VM workload without an address.
// An alternative to having istiod read from remote API servers is
// to write a `WorkloadEntry` in the local cluster that represents
// the Workload(s) in the remote network with the given labels. A
// single `WorkloadEntry` with weights represent the aggregate of all
// the actual workloads in a given remote network.
//
// ```yaml
// apiVersion: networking.istio.io/v1
// kind: WorkloadEntry
// metadata:
// name: foo-workloads-cluster-2
// spec:
// serviceAccount: foo
// network: cluster-2-network
// labels:
// app: foo
// ```
package v1
import (
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
reflect "reflect"
sync "sync"
)
const (
// Verify that this generated code is sufficiently up-to-date.
_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
// Verify that runtime/protoimpl is sufficiently up-to-date.
_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
)
// WorkloadEntry enables specifying the properties of a single non-Kubernetes workload such a VM or a bare metal services that can be referred to by service entries.
//
// <!-- crd generation tags
// +cue-gen:WorkloadEntry:groupName:networking.istio.io
// +cue-gen:WorkloadEntry:version:v1
// +cue-gen:WorkloadEntry:annotations:helm.sh/resource-policy=keep
// +cue-gen:WorkloadEntry:labels:app=istio-pilot,chart=istio,heritage=Tiller,release=istio
// +cue-gen:WorkloadEntry:subresource:status
// +cue-gen:WorkloadEntry:scope:Namespaced
// +cue-gen:WorkloadEntry:resource:categories=istio-io,networking-istio-io,shortNames=we,plural=workloadentries
// +cue-gen:WorkloadEntry:printerColumn:name=Age,type=date,JSONPath=.metadata.creationTimestamp,description="CreationTimestamp is a timestamp
// representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations.
// Clients may not set this value. It is represented in RFC3339 form and is in UTC.
// Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata"
// +cue-gen:WorkloadEntry:printerColumn:name=Address,type=string,JSONPath=.spec.address,description="Address associated with the network endpoint."
// +cue-gen:WorkloadEntry:preserveUnknownFields:false
// -->
//
// <!-- go code generation tags
// +kubetype-gen
// +kubetype-gen:groupVersion=networking.istio.io/v1
// +genclient
// +k8s:deepcopy-gen=true
// -->
// <!-- istio code generation tags
// +istio.io/sync-from:networking/v1alpha3/workload_entry.proto
// -->
type WorkloadEntry struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
// Address associated with the network endpoint without the
// port. Domain names can be used if and only if the resolution is set
// to DNS, and must be fully-qualified without wildcards. Use the form
// unix:///absolute/path/to/socket for Unix domain socket endpoints.
// If address is empty, network must be specified.
Address string `protobuf:"bytes,1,opt,name=address,proto3" json:"address,omitempty"`
// Set of ports associated with the endpoint. If the port map is
// specified, it must be a map of servicePortName to this endpoint's
// port, such that traffic to the service port will be forwarded to
// the endpoint port that maps to the service's portName. If
// omitted, and the targetPort is specified as part of the service's
// port specification, traffic to the service port will be forwarded
// to one of the endpoints on the specified `targetPort`. If both
// the targetPort and endpoint's port map are not specified, traffic
// to a service port will be forwarded to one of the endpoints on
// the same port.
//
// **NOTE 1:** Do not use for `unix://` addresses.
//
// **NOTE 2:** endpoint port map takes precedence over targetPort.
Ports map[string]uint32 `protobuf:"bytes,2,rep,name=ports,proto3" json:"ports,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"varint,2,opt,name=value,proto3"`
// One or more labels associated with the endpoint.
Labels map[string]string `protobuf:"bytes,3,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
// Network enables Istio to group endpoints resident in the same L3
// domain/network. All endpoints in the same network are assumed to be
// directly reachable from one another. When endpoints in different
// networks cannot reach each other directly, an Istio Gateway can be
// used to establish connectivity (usually using the
// `AUTO_PASSTHROUGH` mode in a Gateway Server). This is
// an advanced configuration used typically for spanning an Istio mesh
// over multiple clusters. Required if address is not provided.
Network string `protobuf:"bytes,4,opt,name=network,proto3" json:"network,omitempty"`
// The locality associated with the endpoint. A locality corresponds
// to a failure domain (e.g., country/region/zone). Arbitrary failure
// domain hierarchies can be represented by separating each
// encapsulating failure domain by /. For example, the locality of an
// an endpoint in US, in US-East-1 region, within availability zone
// az-1, in data center rack r11 can be represented as
// us/us-east-1/az-1/r11. Istio will configure the sidecar to route to
// endpoints within the same locality as the sidecar. If none of the
// endpoints in the locality are available, endpoints parent locality
// (but within the same network ID) will be chosen. For example, if
// there are two endpoints in same network (networkID "n1"), say e1
// with locality us/us-east-1/az-1/r11 and e2 with locality
// us/us-east-1/az-2/r12, a sidecar from us/us-east-1/az-1/r11 locality
// will prefer e1 from the same locality over e2 from a different
// locality. Endpoint e2 could be the IP associated with a gateway
// (that bridges networks n1 and n2), or the IP associated with a
// standard service endpoint.
Locality string `protobuf:"bytes,5,opt,name=locality,proto3" json:"locality,omitempty"`
// The load balancing weight associated with the endpoint. Endpoints
// with higher weights will receive proportionally higher traffic.
Weight uint32 `protobuf:"varint,6,opt,name=weight,proto3" json:"weight,omitempty"`
// The service account associated with the workload if a sidecar
// is present in the workload. The service account must be present
// in the same namespace as the configuration ( WorkloadEntry or a
// ServiceEntry)
ServiceAccount string `protobuf:"bytes,7,opt,name=service_account,json=serviceAccount,proto3" json:"service_account,omitempty"`
}
func (x *WorkloadEntry) Reset() {
*x = WorkloadEntry{}
if protoimpl.UnsafeEnabled {
mi := &file_networking_v1_workload_entry_proto_msgTypes[0]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
}
func (x *WorkloadEntry) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*WorkloadEntry) ProtoMessage() {}
func (x *WorkloadEntry) ProtoReflect() protoreflect.Message {
mi := &file_networking_v1_workload_entry_proto_msgTypes[0]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use WorkloadEntry.ProtoReflect.Descriptor instead.
func (*WorkloadEntry) Descriptor() ([]byte, []int) {
return file_networking_v1_workload_entry_proto_rawDescGZIP(), []int{0}
}
func (x *WorkloadEntry) GetAddress() string {
if x != nil {
return x.Address
}
return ""
}
func (x *WorkloadEntry) GetPorts() map[string]uint32 {
if x != nil {
return x.Ports
}
return nil
}
func (x *WorkloadEntry) GetLabels() map[string]string {
if x != nil {
return x.Labels
}
return nil
}
func (x *WorkloadEntry) GetNetwork() string {
if x != nil {
return x.Network
}
return ""
}
func (x *WorkloadEntry) GetLocality() string {
if x != nil {
return x.Locality
}
return ""
}
func (x *WorkloadEntry) GetWeight() uint32 {
if x != nil {
return x.Weight
}
return 0
}
func (x *WorkloadEntry) GetServiceAccount() string {
if x != nil {
return x.ServiceAccount
}
return ""
}
var File_networking_v1_workload_entry_proto protoreflect.FileDescriptor
var file_networking_v1_workload_entry_proto_rawDesc = []byte{
0x0a, 0x22, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x2f,
0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x70,
0x72, 0x6f, 0x74, 0x6f, 0x12, 0x13, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77,
0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x22, 0xa2, 0x03, 0x0a, 0x0d, 0x57, 0x6f,
0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x18, 0x0a, 0x07, 0x61,
0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x61, 0x64,
0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x43, 0x0a, 0x05, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, 0x02,
0x20, 0x03, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74,
0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c,
0x6f, 0x61, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x50, 0x6f, 0x72, 0x74, 0x73, 0x45, 0x6e,
0x74, 0x72, 0x79, 0x52, 0x05, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x12, 0x46, 0x0a, 0x06, 0x6c, 0x61,
0x62, 0x65, 0x6c, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x69, 0x73, 0x74,
0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31,
0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4c,
0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x6c, 0x61, 0x62, 0x65,
0x6c, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x18, 0x04, 0x20,
0x01, 0x28, 0x09, 0x52, 0x07, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x12, 0x1a, 0x0a, 0x08,
0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08,
0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x12, 0x16, 0x0a, 0x06, 0x77, 0x65, 0x69, 0x67,
0x68, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74,
0x12, 0x27, 0x0a, 0x0f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x61, 0x63, 0x63, 0x6f,
0x75, 0x6e, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x73, 0x65, 0x72, 0x76, 0x69,
0x63, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x1a, 0x38, 0x0a, 0x0a, 0x50, 0x6f, 0x72,
0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01,
0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c,
0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a,
0x02, 0x38, 0x01, 0x1a, 0x39, 0x0a, 0x0b, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74,
0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20,
0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x42, 0x1c,
0x5a, 0x1a, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6e,
0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72,
0x6f, 0x74, 0x6f, 0x33,
}
var (
file_networking_v1_workload_entry_proto_rawDescOnce sync.Once
file_networking_v1_workload_entry_proto_rawDescData = file_networking_v1_workload_entry_proto_rawDesc
)
func file_networking_v1_workload_entry_proto_rawDescGZIP() []byte {
file_networking_v1_workload_entry_proto_rawDescOnce.Do(func() {
file_networking_v1_workload_entry_proto_rawDescData = protoimpl.X.CompressGZIP(file_networking_v1_workload_entry_proto_rawDescData)
})
return file_networking_v1_workload_entry_proto_rawDescData
}
var file_networking_v1_workload_entry_proto_msgTypes = make([]protoimpl.MessageInfo, 3)
var file_networking_v1_workload_entry_proto_goTypes = []interface{}{
(*WorkloadEntry)(nil), // 0: istio.networking.v1.WorkloadEntry
nil, // 1: istio.networking.v1.WorkloadEntry.PortsEntry
nil, // 2: istio.networking.v1.WorkloadEntry.LabelsEntry
}
var file_networking_v1_workload_entry_proto_depIdxs = []int32{
1, // 0: istio.networking.v1.WorkloadEntry.ports:type_name -> istio.networking.v1.WorkloadEntry.PortsEntry
2, // 1: istio.networking.v1.WorkloadEntry.labels:type_name -> istio.networking.v1.WorkloadEntry.LabelsEntry
2, // [2:2] is the sub-list for method output_type
2, // [2:2] is the sub-list for method input_type
2, // [2:2] is the sub-list for extension type_name
2, // [2:2] is the sub-list for extension extendee
0, // [0:2] is the sub-list for field type_name
}
func init() { file_networking_v1_workload_entry_proto_init() }
func file_networking_v1_workload_entry_proto_init() {
if File_networking_v1_workload_entry_proto != nil {
return
}
if !protoimpl.UnsafeEnabled {
file_networking_v1_workload_entry_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*WorkloadEntry); i {
case 0:
return &v.state
case 1:
return &v.sizeCache
case 2:
return &v.unknownFields
default:
return nil
}
}
}
type x struct{}
out := protoimpl.TypeBuilder{
File: protoimpl.DescBuilder{
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
RawDescriptor: file_networking_v1_workload_entry_proto_rawDesc,
NumEnums: 0,
NumMessages: 3,
NumExtensions: 0,
NumServices: 0,
},
GoTypes: file_networking_v1_workload_entry_proto_goTypes,
DependencyIndexes: file_networking_v1_workload_entry_proto_depIdxs,
MessageInfos: file_networking_v1_workload_entry_proto_msgTypes,
}.Build()
File_networking_v1_workload_entry_proto = out.File
file_networking_v1_workload_entry_proto_rawDesc = nil
file_networking_v1_workload_entry_proto_goTypes = nil
file_networking_v1_workload_entry_proto_depIdxs = nil
}

246
networking/v1/workload_entry.proto Normal file
View File

@ -0,0 +1,246 @@
// Copyright 2020 Istio Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
// $schema: istio.networking.v1.WorkloadEntry
// $title: Workload Entry
// $description: Configuration affecting VMs onboarded into the mesh.
// $location: https://istio.io/docs/reference/config/networking/workload-entry.html
// $aliases: [/docs/reference/config/networking/v1/workload-entry]
// $mode: none
// `WorkloadEntry` enables operators to describe the properties of a
// single non-Kubernetes workload such as a VM or a bare metal server
// as it is onboarded into the mesh. A `WorkloadEntry` must be
// accompanied by an Istio `ServiceEntry` that selects the workload
// through the appropriate labels and provides the service definition
// for a `MESH_INTERNAL` service (hostnames, port properties, etc.). A
// `ServiceEntry` object can select multiple workload entries as well
// as Kubernetes pods based on the label selector specified in the
// service entry.
//
// When a workload connects to `istiod`, the status field in the
// custom resource will be updated to indicate the health of the
// workload along with other details, similar to how Kubernetes
// updates the status of a pod.
//
// The following example declares a workload entry representing a VM
// for the `details.bookinfo.com` service. This VM has sidecar
// installed and bootstrapped using the `details-legacy` service
// account. The service is exposed on port 80 to applications in the
// mesh. The HTTP traffic to this service is wrapped in Istio mutual
// TLS and sent to sidecars on VMs on target port 8080, that in turn
// forward it to the application on localhost on the same port.
//
// ```yaml
// apiVersion: networking.istio.io/v1
// kind: WorkloadEntry
// metadata:
// name: details-svc
// spec:
// # use of the service account indicates that the workload has a
// # sidecar proxy bootstrapped with this service account. Pods with
// # sidecars will automatically communicate with the workload using
// # istio mutual TLS.
// serviceAccount: details-legacy
// address: 2.2.2.2
// labels:
// app: details-legacy
// instance-id: vm1
// ```
//
// and the associated service entry
//
// ```yaml
// apiVersion: networking.istio.io/v1
// kind: ServiceEntry
// metadata:
// name: details-svc
// spec:
// hosts:
// - details.bookinfo.com
// location: MESH_INTERNAL
// ports:
// - number: 80
// name: http
// protocol: HTTP
// targetPort: 8080
// resolution: STATIC
// workloadSelector:
// labels:
// app: details-legacy
// ```
//
//
// The following example declares the same VM workload using
// its fully qualified DNS name. The service entry's resolution
// mode should be changed to DNS to indicate that the client-side
// sidecars should dynamically resolve the DNS name at runtime before
// forwarding the request.
//
// ```yaml
// apiVersion: networking.istio.io/v1
// kind: WorkloadEntry
// metadata:
// name: details-svc
// spec:
// # use of the service account indicates that the workload has a
// # sidecar proxy bootstrapped with this service account. Pods with
// # sidecars will automatically communicate with the workload using
// # istio mutual TLS.
// serviceAccount: details-legacy
// address: vm1.vpc01.corp.net
// labels:
// app: details-legacy
// instance-id: vm1
// ```
//
// and the associated service entry
//
// ```yaml
// apiVersion: networking.istio.io/v1
// kind: ServiceEntry
// metadata:
// name: details-svc
// spec:
// hosts:
// - details.bookinfo.com
// location: MESH_INTERNAL
// ports:
// - number: 80
// name: http
// protocol: HTTP
// targetPort: 8080
// resolution: DNS
// workloadSelector:
// labels:
// app: details-legacy
// ```
//
// The following example declares a VM workload without an address.
// An alternative to having istiod read from remote API servers is
// to write a `WorkloadEntry` in the local cluster that represents
// the Workload(s) in the remote network with the given labels. A
// single `WorkloadEntry` with weights represent the aggregate of all
// the actual workloads in a given remote network.
//
// ```yaml
// apiVersion: networking.istio.io/v1
// kind: WorkloadEntry
// metadata:
// name: foo-workloads-cluster-2
// spec:
// serviceAccount: foo
// network: cluster-2-network
// labels:
// app: foo
// ```
package istio.networking.v1;
option go_package = "istio.io/api/networking/v1";
// WorkloadEntry enables specifying the properties of a single non-Kubernetes workload such a VM or a bare metal services that can be referred to by service entries.
//
// <!-- crd generation tags
// +cue-gen:WorkloadEntry:groupName:networking.istio.io
// +cue-gen:WorkloadEntry:version:v1
// +cue-gen:WorkloadEntry:annotations:helm.sh/resource-policy=keep
// +cue-gen:WorkloadEntry:labels:app=istio-pilot,chart=istio,heritage=Tiller,release=istio
// +cue-gen:WorkloadEntry:subresource:status
// +cue-gen:WorkloadEntry:scope:Namespaced
// +cue-gen:WorkloadEntry:resource:categories=istio-io,networking-istio-io,shortNames=we,plural=workloadentries
// +cue-gen:WorkloadEntry:printerColumn:name=Age,type=date,JSONPath=.metadata.creationTimestamp,description="CreationTimestamp is a timestamp
// representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations.
// Clients may not set this value. It is represented in RFC3339 form and is in UTC.
// Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata"
// +cue-gen:WorkloadEntry:printerColumn:name=Address,type=string,JSONPath=.spec.address,description="Address associated with the network endpoint."
// +cue-gen:WorkloadEntry:preserveUnknownFields:false
// -->
//
// <!-- go code generation tags
// +kubetype-gen
// +kubetype-gen:groupVersion=networking.istio.io/v1
// +genclient
// +k8s:deepcopy-gen=true
// -->
// <!-- istio code generation tags
// +istio.io/sync-from:networking/v1alpha3/workload_entry.proto
// -->
message WorkloadEntry {
// Address associated with the network endpoint without the
// port. Domain names can be used if and only if the resolution is set
// to DNS, and must be fully-qualified without wildcards. Use the form
// unix:///absolute/path/to/socket for Unix domain socket endpoints.
// If address is empty, network must be specified.
string address = 1;
// Set of ports associated with the endpoint. If the port map is
// specified, it must be a map of servicePortName to this endpoint's
// port, such that traffic to the service port will be forwarded to
// the endpoint port that maps to the service's portName. If
// omitted, and the targetPort is specified as part of the service's
// port specification, traffic to the service port will be forwarded
// to one of the endpoints on the specified `targetPort`. If both
// the targetPort and endpoint's port map are not specified, traffic
// to a service port will be forwarded to one of the endpoints on
// the same port.
//
// **NOTE 1:** Do not use for `unix://` addresses.
//
// **NOTE 2:** endpoint port map takes precedence over targetPort.
map<string, uint32> ports = 2;
// One or more labels associated with the endpoint.
map<string, string> labels = 3;
// Network enables Istio to group endpoints resident in the same L3
// domain/network. All endpoints in the same network are assumed to be
// directly reachable from one another. When endpoints in different
// networks cannot reach each other directly, an Istio Gateway can be
// used to establish connectivity (usually using the
// `AUTO_PASSTHROUGH` mode in a Gateway Server). This is
// an advanced configuration used typically for spanning an Istio mesh
// over multiple clusters. Required if address is not provided.
string network = 4;
// The locality associated with the endpoint. A locality corresponds
// to a failure domain (e.g., country/region/zone). Arbitrary failure
// domain hierarchies can be represented by separating each
// encapsulating failure domain by /. For example, the locality of an
// an endpoint in US, in US-East-1 region, within availability zone
// az-1, in data center rack r11 can be represented as
// us/us-east-1/az-1/r11. Istio will configure the sidecar to route to
// endpoints within the same locality as the sidecar. If none of the
// endpoints in the locality are available, endpoints parent locality
// (but within the same network ID) will be chosen. For example, if
// there are two endpoints in same network (networkID "n1"), say e1
// with locality us/us-east-1/az-1/r11 and e2 with locality
// us/us-east-1/az-2/r12, a sidecar from us/us-east-1/az-1/r11 locality
// will prefer e1 from the same locality over e2 from a different
// locality. Endpoint e2 could be the IP associated with a gateway
// (that bridges networks n1 and n2), or the IP associated with a
// standard service endpoint.
string locality = 5;
// The load balancing weight associated with the endpoint. Endpoints
// with higher weights will receive proportionally higher traffic.
uint32 weight = 6;
// The service account associated with the workload if a sidecar
// is present in the workload. The service account must be present
// in the same namespace as the configuration ( WorkloadEntry or a
// ServiceEntry)
string service_account = 7;
};

27
networking/v1/workload_entry_deepcopy.gen.go generated Normal file
View File

@ -0,0 +1,27 @@
// Code generated by protoc-gen-deepcopy. DO NOT EDIT.
package v1
import (
proto "google.golang.org/protobuf/proto"
)
// DeepCopyInto supports using WorkloadEntry within kubernetes types, where deepcopy-gen is used.
func (in *WorkloadEntry) DeepCopyInto(out *WorkloadEntry) {
p := proto.Clone(in).(*WorkloadEntry)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadEntry. Required by controller-gen.
func (in *WorkloadEntry) DeepCopy() *WorkloadEntry {
if in == nil {
return nil
}
out := new(WorkloadEntry)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadEntry. Required by controller-gen.
func (in *WorkloadEntry) DeepCopyInterface() interface{} {
return in.DeepCopy()
}

23
networking/v1/workload_entry_json.gen.go generated Normal file
View File

@ -0,0 +1,23 @@
// Code generated by protoc-gen-jsonshim. DO NOT EDIT.
package v1
import (
bytes "bytes"
jsonpb "github.com/golang/protobuf/jsonpb"
)
// MarshalJSON is a custom marshaler for WorkloadEntry
func (this *WorkloadEntry) MarshalJSON() ([]byte, error) {
str, err := WorkloadEntryMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for WorkloadEntry
func (this *WorkloadEntry) UnmarshalJSON(b []byte) error {
return WorkloadEntryUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
var (
WorkloadEntryMarshaler = &jsonpb.Marshaler{}
WorkloadEntryUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true}
)

910
networking/v1/workload_group.pb.go generated Normal file
View File

@ -0,0 +1,910 @@
// Copyright 2020 Istio Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
// protoc-gen-go v1.33.0
// protoc (unknown)
// source: networking/v1/workload_group.proto
// $schema: istio.networking.v1alpha3.WorkloadGroup
// $title: Workload Group
// $description: Describes a collection of workload instances.
// $location: https://istio.io/docs/reference/config/networking/workload-group.html
// $aliases: [/docs/reference/config/networking/v1alpha3/workload-group]
// $mode: none
// `WorkloadGroup` describes a collection of workload instances.
// It provides a specification that the workload instances can use to bootstrap
// their proxies, including the metadata and identity. It is only intended to
// be used with non-k8s workloads like Virtual Machines, and is meant to mimic
// the existing sidecar injection and deployment specification model used for
// Kubernetes workloads to bootstrap Istio proxies.
//
// The following example declares a workload group representing a collection
// of workloads that will be registered under `reviews` in namespace
// `bookinfo`. The set of labels will be associated with each workload
// instance during the bootstrap process, and the ports 3550 and 8080
// will be associated with the workload group and use service account `default`.
// `app.kubernetes.io/version` is just an arbitrary example of a label.
//
// ```yaml
// apiVersion: networking.istio.io/v1
// kind: WorkloadGroup
// metadata:
// name: reviews
// namespace: bookinfo
// spec:
// metadata:
// labels:
// app.kubernetes.io/name: reviews
// app.kubernetes.io/version: "1.3.4"
// template:
// ports:
// grpc: 3550
// http: 8080
// serviceAccount: default
// probe:
// initialDelaySeconds: 5
// timeoutSeconds: 3
// periodSeconds: 4
// successThreshold: 3
// failureThreshold: 3
// httpGet:
// path: /foo/bar
// host: 127.0.0.1
// port: 3100
// scheme: HTTPS
// httpHeaders:
// - name: Lit-Header
// value: Im-The-Best
// ```
package v1
import (
_ "google.golang.org/genproto/googleapis/api/annotations"
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
reflect "reflect"
sync "sync"
)
const (
// Verify that this generated code is sufficiently up-to-date.
_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
// Verify that runtime/protoimpl is sufficiently up-to-date.
_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
)
// `WorkloadGroup` enables specifying the properties of a single workload for bootstrap and
// provides a template for `WorkloadEntry`, similar to how `Deployment` specifies properties
// of workloads via `Pod` templates. A `WorkloadGroup` can have more than one `WorkloadEntry`.
// `WorkloadGroup` has no relationship to resources which control service registry like `ServiceEntry`
// and as such doesn't configure host name for these workloads.
//
// <!-- crd generation tags
// +cue-gen:WorkloadGroup:groupName:networking.istio.io
// +cue-gen:WorkloadGroup:version:v1
// +cue-gen:WorkloadGroup:labels:app=istio-pilot,chart=istio,heritage=Tiller,release=istio
// +cue-gen:WorkloadGroup:subresource:status
// +cue-gen:WorkloadGroup:scope:Namespaced
// +cue-gen:WorkloadGroup:resource:categories=istio-io,networking-istio-io,shortNames=wg,plural=workloadgroups
// +cue-gen:WorkloadGroup:printerColumn:name=Age,type=date,JSONPath=.metadata.creationTimestamp,description="CreationTimestamp is a timestamp
// representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations.
// Clients may not set this value. It is represented in RFC3339 form and is in UTC.
// Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata"
// +cue-gen:WorkloadGroup:preserveUnknownFields:false
// -->
//
// <!-- go code generation tags
// +kubetype-gen
// +kubetype-gen:groupVersion=networking.istio.io/v1
// +genclient
// +k8s:deepcopy-gen=true
// -->
// <!-- istio code generation tags
// +istio.io/sync-from:networking/v1alpha3/workload_group.proto
// -->
type WorkloadGroup struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
// Metadata that will be used for all corresponding `WorkloadEntries`.
// User labels for a workload group should be set here in `metadata` rather than in `template`.
Metadata *WorkloadGroup_ObjectMeta `protobuf:"bytes,1,opt,name=metadata,proto3" json:"metadata,omitempty"`
// Template to be used for the generation of `WorkloadEntry` resources that belong to this `WorkloadGroup`.
// Please note that `address` and `labels` fields should not be set in the template, and an empty `serviceAccount`
// should default to `default`. The workload identities (mTLS certificates) will be bootstrapped using the
// specified service account's token. Workload entries in this group will be in the same namespace as the
// workload group, and inherit the labels and annotations from the above `metadata` field.
Template *WorkloadEntry `protobuf:"bytes,2,opt,name=template,proto3" json:"template,omitempty"`
// `ReadinessProbe` describes the configuration the user must provide for healthchecking on their workload.
// This configuration mirrors K8S in both syntax and logic for the most part.
Probe *ReadinessProbe `protobuf:"bytes,3,opt,name=probe,proto3" json:"probe,omitempty"`
}
func (x *WorkloadGroup) Reset() {
*x = WorkloadGroup{}
if protoimpl.UnsafeEnabled {
mi := &file_networking_v1_workload_group_proto_msgTypes[0]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
}
func (x *WorkloadGroup) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*WorkloadGroup) ProtoMessage() {}
func (x *WorkloadGroup) ProtoReflect() protoreflect.Message {
mi := &file_networking_v1_workload_group_proto_msgTypes[0]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use WorkloadGroup.ProtoReflect.Descriptor instead.
func (*WorkloadGroup) Descriptor() ([]byte, []int) {
return file_networking_v1_workload_group_proto_rawDescGZIP(), []int{0}
}
func (x *WorkloadGroup) GetMetadata() *WorkloadGroup_ObjectMeta {
if x != nil {
return x.Metadata
}
return nil
}
func (x *WorkloadGroup) GetTemplate() *WorkloadEntry {
if x != nil {
return x.Template
}
return nil
}
func (x *WorkloadGroup) GetProbe() *ReadinessProbe {
if x != nil {
return x.Probe
}
return nil
}
type ReadinessProbe struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
// Number of seconds after the container has started before readiness probes are initiated.
InitialDelaySeconds int32 `protobuf:"varint,2,opt,name=initial_delay_seconds,json=initialDelaySeconds,proto3" json:"initial_delay_seconds,omitempty"`
// Number of seconds after which the probe times out.
// Defaults to 1 second. Minimum value is 1 second.
TimeoutSeconds int32 `protobuf:"varint,3,opt,name=timeout_seconds,json=timeoutSeconds,proto3" json:"timeout_seconds,omitempty"`
// How often (in seconds) to perform the probe.
// Default to 10 seconds. Minimum value is 1 second.
PeriodSeconds int32 `protobuf:"varint,4,opt,name=period_seconds,json=periodSeconds,proto3" json:"period_seconds,omitempty"`
// Minimum consecutive successes for the probe to be considered successful after having failed.
// Defaults to 1 second.
SuccessThreshold int32 `protobuf:"varint,5,opt,name=success_threshold,json=successThreshold,proto3" json:"success_threshold,omitempty"`
// Minimum consecutive failures for the probe to be considered failed after having succeeded.
// Defaults to 3 seconds.
FailureThreshold int32 `protobuf:"varint,6,opt,name=failure_threshold,json=failureThreshold,proto3" json:"failure_threshold,omitempty"`
// Users can only provide one configuration for healthchecks (tcp, http, exec),
// and this is expressed as a oneof. All of the other configuration values
// hold true for any of the healthcheck methods.
//
// Types that are assignable to HealthCheckMethod:
//
// *ReadinessProbe_HttpGet
// *ReadinessProbe_TcpSocket
// *ReadinessProbe_Exec
HealthCheckMethod isReadinessProbe_HealthCheckMethod `protobuf_oneof:"health_check_method"`
}
func (x *ReadinessProbe) Reset() {
*x = ReadinessProbe{}
if protoimpl.UnsafeEnabled {
mi := &file_networking_v1_workload_group_proto_msgTypes[1]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
}
func (x *ReadinessProbe) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*ReadinessProbe) ProtoMessage() {}
func (x *ReadinessProbe) ProtoReflect() protoreflect.Message {
mi := &file_networking_v1_workload_group_proto_msgTypes[1]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use ReadinessProbe.ProtoReflect.Descriptor instead.
func (*ReadinessProbe) Descriptor() ([]byte, []int) {
return file_networking_v1_workload_group_proto_rawDescGZIP(), []int{1}
}
func (x *ReadinessProbe) GetInitialDelaySeconds() int32 {
if x != nil {
return x.InitialDelaySeconds
}
return 0
}
func (x *ReadinessProbe) GetTimeoutSeconds() int32 {
if x != nil {
return x.TimeoutSeconds
}
return 0
}
func (x *ReadinessProbe) GetPeriodSeconds() int32 {
if x != nil {
return x.PeriodSeconds
}
return 0
}
func (x *ReadinessProbe) GetSuccessThreshold() int32 {
if x != nil {
return x.SuccessThreshold
}
return 0
}
func (x *ReadinessProbe) GetFailureThreshold() int32 {
if x != nil {
return x.FailureThreshold
}
return 0
}
func (m *ReadinessProbe) GetHealthCheckMethod() isReadinessProbe_HealthCheckMethod {
if m != nil {
return m.HealthCheckMethod
}
return nil
}
func (x *ReadinessProbe) GetHttpGet() *HTTPHealthCheckConfig {
if x, ok := x.GetHealthCheckMethod().(*ReadinessProbe_HttpGet); ok {
return x.HttpGet
}
return nil
}
func (x *ReadinessProbe) GetTcpSocket() *TCPHealthCheckConfig {
if x, ok := x.GetHealthCheckMethod().(*ReadinessProbe_TcpSocket); ok {
return x.TcpSocket
}
return nil
}
func (x *ReadinessProbe) GetExec() *ExecHealthCheckConfig {
if x, ok := x.GetHealthCheckMethod().(*ReadinessProbe_Exec); ok {
return x.Exec
}
return nil
}
type isReadinessProbe_HealthCheckMethod interface {
isReadinessProbe_HealthCheckMethod()
}
type ReadinessProbe_HttpGet struct {
// `httpGet` is performed to a given endpoint
// and the status/able to connect determines health.
HttpGet *HTTPHealthCheckConfig `protobuf:"bytes,7,opt,name=http_get,json=httpGet,proto3,oneof"`
}
type ReadinessProbe_TcpSocket struct {
// Health is determined by if the proxy is able to connect.
TcpSocket *TCPHealthCheckConfig `protobuf:"bytes,8,opt,name=tcp_socket,json=tcpSocket,proto3,oneof"`
}
type ReadinessProbe_Exec struct {
// Health is determined by how the command that is executed exited.
Exec *ExecHealthCheckConfig `protobuf:"bytes,9,opt,name=exec,proto3,oneof"`
}
func (*ReadinessProbe_HttpGet) isReadinessProbe_HealthCheckMethod() {}
func (*ReadinessProbe_TcpSocket) isReadinessProbe_HealthCheckMethod() {}
func (*ReadinessProbe_Exec) isReadinessProbe_HealthCheckMethod() {}
type HTTPHealthCheckConfig struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
// Path to access on the HTTP server.
Path string `protobuf:"bytes,1,opt,name=path,proto3" json:"path,omitempty"`
// Port on which the endpoint lives.
Port uint32 `protobuf:"varint,2,opt,name=port,proto3" json:"port,omitempty"`
// Host name to connect to, defaults to the pod IP. You probably want to set
// "Host" in httpHeaders instead.
Host string `protobuf:"bytes,3,opt,name=host,proto3" json:"host,omitempty"`
// HTTP or HTTPS, defaults to HTTP
Scheme string `protobuf:"bytes,4,opt,name=scheme,proto3" json:"scheme,omitempty"`
// Headers the proxy will pass on to make the request.
// Allows repeated headers.
HttpHeaders []*HTTPHeader `protobuf:"bytes,5,rep,name=http_headers,json=httpHeaders,proto3" json:"http_headers,omitempty"`
}
func (x *HTTPHealthCheckConfig) Reset() {
*x = HTTPHealthCheckConfig{}
if protoimpl.UnsafeEnabled {
mi := &file_networking_v1_workload_group_proto_msgTypes[2]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
}
func (x *HTTPHealthCheckConfig) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*HTTPHealthCheckConfig) ProtoMessage() {}
func (x *HTTPHealthCheckConfig) ProtoReflect() protoreflect.Message {
mi := &file_networking_v1_workload_group_proto_msgTypes[2]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use HTTPHealthCheckConfig.ProtoReflect.Descriptor instead.
func (*HTTPHealthCheckConfig) Descriptor() ([]byte, []int) {
return file_networking_v1_workload_group_proto_rawDescGZIP(), []int{2}
}
func (x *HTTPHealthCheckConfig) GetPath() string {
if x != nil {
return x.Path
}
return ""
}
func (x *HTTPHealthCheckConfig) GetPort() uint32 {
if x != nil {
return x.Port
}
return 0
}
func (x *HTTPHealthCheckConfig) GetHost() string {
if x != nil {
return x.Host
}
return ""
}
func (x *HTTPHealthCheckConfig) GetScheme() string {
if x != nil {
return x.Scheme
}
return ""
}
func (x *HTTPHealthCheckConfig) GetHttpHeaders() []*HTTPHeader {
if x != nil {
return x.HttpHeaders
}
return nil
}
type HTTPHeader struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
// The header field name
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// The header field value
Value string `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"`
}
func (x *HTTPHeader) Reset() {
*x = HTTPHeader{}
if protoimpl.UnsafeEnabled {
mi := &file_networking_v1_workload_group_proto_msgTypes[3]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
}
func (x *HTTPHeader) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*HTTPHeader) ProtoMessage() {}
func (x *HTTPHeader) ProtoReflect() protoreflect.Message {
mi := &file_networking_v1_workload_group_proto_msgTypes[3]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use HTTPHeader.ProtoReflect.Descriptor instead.
func (*HTTPHeader) Descriptor() ([]byte, []int) {
return file_networking_v1_workload_group_proto_rawDescGZIP(), []int{3}
}
func (x *HTTPHeader) GetName() string {
if x != nil {
return x.Name
}
return ""
}
func (x *HTTPHeader) GetValue() string {
if x != nil {
return x.Value
}
return ""
}
type TCPHealthCheckConfig struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
// Host to connect to, defaults to localhost
Host string `protobuf:"bytes,1,opt,name=host,proto3" json:"host,omitempty"`
// Port of host
Port uint32 `protobuf:"varint,2,opt,name=port,proto3" json:"port,omitempty"`
}
func (x *TCPHealthCheckConfig) Reset() {
*x = TCPHealthCheckConfig{}
if protoimpl.UnsafeEnabled {
mi := &file_networking_v1_workload_group_proto_msgTypes[4]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
}
func (x *TCPHealthCheckConfig) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*TCPHealthCheckConfig) ProtoMessage() {}
func (x *TCPHealthCheckConfig) ProtoReflect() protoreflect.Message {
mi := &file_networking_v1_workload_group_proto_msgTypes[4]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use TCPHealthCheckConfig.ProtoReflect.Descriptor instead.
func (*TCPHealthCheckConfig) Descriptor() ([]byte, []int) {
return file_networking_v1_workload_group_proto_rawDescGZIP(), []int{4}
}
func (x *TCPHealthCheckConfig) GetHost() string {
if x != nil {
return x.Host
}
return ""
}
func (x *TCPHealthCheckConfig) GetPort() uint32 {
if x != nil {
return x.Port
}
return 0
}
type ExecHealthCheckConfig struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
// Command to run. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
Command []string `protobuf:"bytes,1,rep,name=command,proto3" json:"command,omitempty"`
}
func (x *ExecHealthCheckConfig) Reset() {
*x = ExecHealthCheckConfig{}
if protoimpl.UnsafeEnabled {
mi := &file_networking_v1_workload_group_proto_msgTypes[5]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
}
func (x *ExecHealthCheckConfig) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*ExecHealthCheckConfig) ProtoMessage() {}
func (x *ExecHealthCheckConfig) ProtoReflect() protoreflect.Message {
mi := &file_networking_v1_workload_group_proto_msgTypes[5]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use ExecHealthCheckConfig.ProtoReflect.Descriptor instead.
func (*ExecHealthCheckConfig) Descriptor() ([]byte, []int) {
return file_networking_v1_workload_group_proto_rawDescGZIP(), []int{5}
}
func (x *ExecHealthCheckConfig) GetCommand() []string {
if x != nil {
return x.Command
}
return nil
}
// `ObjectMeta` describes metadata that will be attached to a `WorkloadEntry`.
// It is a subset of the supported Kubernetes metadata.
type WorkloadGroup_ObjectMeta struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
// Labels to attach
Labels map[string]string `protobuf:"bytes,1,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
// Annotations to attach
Annotations map[string]string `protobuf:"bytes,2,rep,name=annotations,proto3" json:"annotations,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
}
func (x *WorkloadGroup_ObjectMeta) Reset() {
*x = WorkloadGroup_ObjectMeta{}
if protoimpl.UnsafeEnabled {
mi := &file_networking_v1_workload_group_proto_msgTypes[6]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
}
func (x *WorkloadGroup_ObjectMeta) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*WorkloadGroup_ObjectMeta) ProtoMessage() {}
func (x *WorkloadGroup_ObjectMeta) ProtoReflect() protoreflect.Message {
mi := &file_networking_v1_workload_group_proto_msgTypes[6]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use WorkloadGroup_ObjectMeta.ProtoReflect.Descriptor instead.
func (*WorkloadGroup_ObjectMeta) Descriptor() ([]byte, []int) {
return file_networking_v1_workload_group_proto_rawDescGZIP(), []int{0, 0}
}
func (x *WorkloadGroup_ObjectMeta) GetLabels() map[string]string {
if x != nil {
return x.Labels
}
return nil
}
func (x *WorkloadGroup_ObjectMeta) GetAnnotations() map[string]string {
if x != nil {
return x.Annotations
}
return nil
}
var File_networking_v1_workload_group_proto protoreflect.FileDescriptor
var file_networking_v1_workload_group_proto_rawDesc = []byte{
0x0a, 0x22, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x2f,
0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x2e, 0x70,
0x72, 0x6f, 0x74, 0x6f, 0x12, 0x13, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77,
0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61,
0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x22, 0x6e, 0x65, 0x74, 0x77,
0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x2f, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f,
0x61, 0x64, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x99,
0x04, 0x0a, 0x0d, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x47, 0x72, 0x6f, 0x75, 0x70,
0x12, 0x49, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x01, 0x20, 0x01,
0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f,
0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61,
0x64, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x4d, 0x65, 0x74,
0x61, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x43, 0x0a, 0x08, 0x74,
0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e,
0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67,
0x2e, 0x76, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x45, 0x6e, 0x74, 0x72,
0x79, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x08, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65,
0x12, 0x39, 0x0a, 0x05, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32,
0x23, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69,
0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x61, 0x64, 0x69, 0x6e, 0x65, 0x73, 0x73, 0x50,
0x72, 0x6f, 0x62, 0x65, 0x52, 0x05, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x1a, 0xbc, 0x02, 0x0a, 0x0a,
0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x51, 0x0a, 0x06, 0x6c, 0x61,
0x62, 0x65, 0x6c, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x69, 0x73, 0x74,
0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31,
0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x2e, 0x4f,
0x62, 0x6a, 0x65, 0x63, 0x74, 0x4d, 0x65, 0x74, 0x61, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73,
0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x12, 0x60, 0x0a,
0x0b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x02, 0x20, 0x03,
0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f,
0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61,
0x64, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x4d, 0x65, 0x74,
0x61, 0x2e, 0x41, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x45, 0x6e, 0x74,
0x72, 0x79, 0x52, 0x0b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x1a,
0x39, 0x0a, 0x0b, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10,
0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79,
0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x3e, 0x0a, 0x10, 0x41, 0x6e,
0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10,
0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79,
0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xdc, 0x03, 0x0a, 0x0e, 0x52,
0x65, 0x61, 0x64, 0x69, 0x6e, 0x65, 0x73, 0x73, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x12, 0x32, 0x0a,
0x15, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x5f, 0x73,
0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x13, 0x69, 0x6e,
0x69, 0x74, 0x69, 0x61, 0x6c, 0x44, 0x65, 0x6c, 0x61, 0x79, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64,
0x73, 0x12, 0x27, 0x0a, 0x0f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x5f, 0x73, 0x65, 0x63,
0x6f, 0x6e, 0x64, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0e, 0x74, 0x69, 0x6d, 0x65,
0x6f, 0x75, 0x74, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x70, 0x65,
0x72, 0x69, 0x6f, 0x64, 0x5f, 0x73, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x18, 0x04, 0x20, 0x01,
0x28, 0x05, 0x52, 0x0d, 0x70, 0x65, 0x72, 0x69, 0x6f, 0x64, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64,
0x73, 0x12, 0x2b, 0x0a, 0x11, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x74, 0x68, 0x72,
0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x05, 0x52, 0x10, 0x73, 0x75,
0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x2b,
0x0a, 0x11, 0x66, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x5f, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68,
0x6f, 0x6c, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x05, 0x52, 0x10, 0x66, 0x61, 0x69, 0x6c, 0x75,
0x72, 0x65, 0x54, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x47, 0x0a, 0x08, 0x68,
0x74, 0x74, 0x70, 0x5f, 0x67, 0x65, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e,
0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67,
0x2e, 0x76, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68,
0x65, 0x63, 0x6b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x48, 0x00, 0x52, 0x07, 0x68, 0x74, 0x74,
0x70, 0x47, 0x65, 0x74, 0x12, 0x4a, 0x0a, 0x0a, 0x74, 0x63, 0x70, 0x5f, 0x73, 0x6f, 0x63, 0x6b,
0x65, 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f,
0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x54,
0x43, 0x50, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x43, 0x6f, 0x6e,
0x66, 0x69, 0x67, 0x48, 0x00, 0x52, 0x09, 0x74, 0x63, 0x70, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74,
0x12, 0x40, 0x0a, 0x04, 0x65, 0x78, 0x65, 0x63, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a,
0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e,
0x67, 0x2e, 0x76, 0x31, 0x2e, 0x45, 0x78, 0x65, 0x63, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43,
0x68, 0x65, 0x63, 0x6b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x48, 0x00, 0x52, 0x04, 0x65, 0x78,
0x65, 0x63, 0x42, 0x15, 0x0a, 0x13, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x5f, 0x63, 0x68, 0x65,
0x63, 0x6b, 0x5f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x22, 0xb4, 0x01, 0x0a, 0x15, 0x48, 0x54,
0x54, 0x50, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x43, 0x6f, 0x6e,
0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28,
0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x17, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18,
0x02, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74,
0x12, 0x12, 0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04,
0x68, 0x6f, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x65, 0x18, 0x04,
0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x65, 0x12, 0x42, 0x0a, 0x0c,
0x68, 0x74, 0x74, 0x70, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x05, 0x20, 0x03,
0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f,
0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61,
0x64, 0x65, 0x72, 0x52, 0x0b, 0x68, 0x74, 0x74, 0x70, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73,
0x22, 0x36, 0x0a, 0x0a, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x12,
0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61,
0x6d, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28,
0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x43, 0x0a, 0x14, 0x54, 0x43, 0x50, 0x48,
0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
0x12, 0x12, 0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04,
0x68, 0x6f, 0x73, 0x74, 0x12, 0x17, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01,
0x28, 0x0d, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x22, 0x31, 0x0a,
0x15, 0x45, 0x78, 0x65, 0x63, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b,
0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x18, 0x0a, 0x07, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e,
0x64, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64,
0x42, 0x1c, 0x5a, 0x1a, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69,
0x2f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, 0x06,
0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
}
var (
file_networking_v1_workload_group_proto_rawDescOnce sync.Once
file_networking_v1_workload_group_proto_rawDescData = file_networking_v1_workload_group_proto_rawDesc
)
func file_networking_v1_workload_group_proto_rawDescGZIP() []byte {
file_networking_v1_workload_group_proto_rawDescOnce.Do(func() {
file_networking_v1_workload_group_proto_rawDescData = protoimpl.X.CompressGZIP(file_networking_v1_workload_group_proto_rawDescData)
})
return file_networking_v1_workload_group_proto_rawDescData
}
var file_networking_v1_workload_group_proto_msgTypes = make([]protoimpl.MessageInfo, 9)
var file_networking_v1_workload_group_proto_goTypes = []interface{}{
(*WorkloadGroup)(nil), // 0: istio.networking.v1.WorkloadGroup
(*ReadinessProbe)(nil), // 1: istio.networking.v1.ReadinessProbe
(*HTTPHealthCheckConfig)(nil), // 2: istio.networking.v1.HTTPHealthCheckConfig
(*HTTPHeader)(nil), // 3: istio.networking.v1.HTTPHeader
(*TCPHealthCheckConfig)(nil), // 4: istio.networking.v1.TCPHealthCheckConfig
(*ExecHealthCheckConfig)(nil), // 5: istio.networking.v1.ExecHealthCheckConfig
(*WorkloadGroup_ObjectMeta)(nil), // 6: istio.networking.v1.WorkloadGroup.ObjectMeta
nil, // 7: istio.networking.v1.WorkloadGroup.ObjectMeta.LabelsEntry
nil, // 8: istio.networking.v1.WorkloadGroup.ObjectMeta.AnnotationsEntry
(*WorkloadEntry)(nil), // 9: istio.networking.v1.WorkloadEntry
}
var file_networking_v1_workload_group_proto_depIdxs = []int32{
6, // 0: istio.networking.v1.WorkloadGroup.metadata:type_name -> istio.networking.v1.WorkloadGroup.ObjectMeta
9, // 1: istio.networking.v1.WorkloadGroup.template:type_name -> istio.networking.v1.WorkloadEntry
1, // 2: istio.networking.v1.WorkloadGroup.probe:type_name -> istio.networking.v1.ReadinessProbe
2, // 3: istio.networking.v1.ReadinessProbe.http_get:type_name -> istio.networking.v1.HTTPHealthCheckConfig
4, // 4: istio.networking.v1.ReadinessProbe.tcp_socket:type_name -> istio.networking.v1.TCPHealthCheckConfig
5, // 5: istio.networking.v1.ReadinessProbe.exec:type_name -> istio.networking.v1.ExecHealthCheckConfig
3, // 6: istio.networking.v1.HTTPHealthCheckConfig.http_headers:type_name -> istio.networking.v1.HTTPHeader
7, // 7: istio.networking.v1.WorkloadGroup.ObjectMeta.labels:type_name -> istio.networking.v1.WorkloadGroup.ObjectMeta.LabelsEntry
8, // 8: istio.networking.v1.WorkloadGroup.ObjectMeta.annotations:type_name -> istio.networking.v1.WorkloadGroup.ObjectMeta.AnnotationsEntry
9, // [9:9] is the sub-list for method output_type
9, // [9:9] is the sub-list for method input_type
9, // [9:9] is the sub-list for extension type_name
9, // [9:9] is the sub-list for extension extendee
0, // [0:9] is the sub-list for field type_name
}
func init() { file_networking_v1_workload_group_proto_init() }
func file_networking_v1_workload_group_proto_init() {
if File_networking_v1_workload_group_proto != nil {
return
}
file_networking_v1_workload_entry_proto_init()
if !protoimpl.UnsafeEnabled {
file_networking_v1_workload_group_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*WorkloadGroup); i {
case 0:
return &v.state
case 1:
return &v.sizeCache
case 2:
return &v.unknownFields
default:
return nil
}
}
file_networking_v1_workload_group_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*ReadinessProbe); i {
case 0:
return &v.state
case 1:
return &v.sizeCache
case 2:
return &v.unknownFields
default:
return nil
}
}
file_networking_v1_workload_group_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*HTTPHealthCheckConfig); i {
case 0:
return &v.state
case 1:
return &v.sizeCache
case 2:
return &v.unknownFields
default:
return nil
}
}
file_networking_v1_workload_group_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*HTTPHeader); i {
case 0:
return &v.state
case 1:
return &v.sizeCache
case 2:
return &v.unknownFields
default:
return nil
}
}
file_networking_v1_workload_group_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*TCPHealthCheckConfig); i {
case 0:
return &v.state
case 1:
return &v.sizeCache
case 2:
return &v.unknownFields
default:
return nil
}
}
file_networking_v1_workload_group_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*ExecHealthCheckConfig); i {
case 0:
return &v.state
case 1:
return &v.sizeCache
case 2:
return &v.unknownFields
default:
return nil
}
}
file_networking_v1_workload_group_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*WorkloadGroup_ObjectMeta); i {
case 0:
return &v.state
case 1:
return &v.sizeCache
case 2:
return &v.unknownFields
default:
return nil
}
}
}
file_networking_v1_workload_group_proto_msgTypes[1].OneofWrappers = []interface{}{
(*ReadinessProbe_HttpGet)(nil),
(*ReadinessProbe_TcpSocket)(nil),
(*ReadinessProbe_Exec)(nil),
}
type x struct{}
out := protoimpl.TypeBuilder{
File: protoimpl.DescBuilder{
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
RawDescriptor: file_networking_v1_workload_group_proto_rawDesc,
NumEnums: 0,
NumMessages: 9,
NumExtensions: 0,
NumServices: 0,
},
GoTypes: file_networking_v1_workload_group_proto_goTypes,
DependencyIndexes: file_networking_v1_workload_group_proto_depIdxs,
MessageInfos: file_networking_v1_workload_group_proto_msgTypes,
}.Build()
File_networking_v1_workload_group_proto = out.File
file_networking_v1_workload_group_proto_rawDesc = nil
file_networking_v1_workload_group_proto_goTypes = nil
file_networking_v1_workload_group_proto_depIdxs = nil
}

204
networking/v1/workload_group.proto Normal file
View File

@ -0,0 +1,204 @@
// Copyright 2020 Istio Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
import "google/api/field_behavior.proto";
import "networking/v1/workload_entry.proto";
// $schema: istio.networking.v1alpha3.WorkloadGroup
// $title: Workload Group
// $description: Describes a collection of workload instances.
// $location: https://istio.io/docs/reference/config/networking/workload-group.html
// $aliases: [/docs/reference/config/networking/v1alpha3/workload-group]
// $mode: none
// `WorkloadGroup` describes a collection of workload instances.
// It provides a specification that the workload instances can use to bootstrap
// their proxies, including the metadata and identity. It is only intended to
// be used with non-k8s workloads like Virtual Machines, and is meant to mimic
// the existing sidecar injection and deployment specification model used for
// Kubernetes workloads to bootstrap Istio proxies.
//
// The following example declares a workload group representing a collection
// of workloads that will be registered under `reviews` in namespace
// `bookinfo`. The set of labels will be associated with each workload
// instance during the bootstrap process, and the ports 3550 and 8080
// will be associated with the workload group and use service account `default`.
// `app.kubernetes.io/version` is just an arbitrary example of a label.
//
// ```yaml
// apiVersion: networking.istio.io/v1
// kind: WorkloadGroup
// metadata:
// name: reviews
// namespace: bookinfo
// spec:
// metadata:
// labels:
// app.kubernetes.io/name: reviews
// app.kubernetes.io/version: "1.3.4"
// template:
// ports:
// grpc: 3550
// http: 8080
// serviceAccount: default
// probe:
// initialDelaySeconds: 5
// timeoutSeconds: 3
// periodSeconds: 4
// successThreshold: 3
// failureThreshold: 3
// httpGet:
// path: /foo/bar
// host: 127.0.0.1
// port: 3100
// scheme: HTTPS
// httpHeaders:
// - name: Lit-Header
// value: Im-The-Best
// ```
package istio.networking.v1;
option go_package = "istio.io/api/networking/v1";
// `WorkloadGroup` enables specifying the properties of a single workload for bootstrap and
// provides a template for `WorkloadEntry`, similar to how `Deployment` specifies properties
// of workloads via `Pod` templates. A `WorkloadGroup` can have more than one `WorkloadEntry`.
// `WorkloadGroup` has no relationship to resources which control service registry like `ServiceEntry`
// and as such doesn't configure host name for these workloads.
//
// <!-- crd generation tags
// +cue-gen:WorkloadGroup:groupName:networking.istio.io
// +cue-gen:WorkloadGroup:version:v1
// +cue-gen:WorkloadGroup:labels:app=istio-pilot,chart=istio,heritage=Tiller,release=istio
// +cue-gen:WorkloadGroup:subresource:status
// +cue-gen:WorkloadGroup:scope:Namespaced
// +cue-gen:WorkloadGroup:resource:categories=istio-io,networking-istio-io,shortNames=wg,plural=workloadgroups
// +cue-gen:WorkloadGroup:printerColumn:name=Age,type=date,JSONPath=.metadata.creationTimestamp,description="CreationTimestamp is a timestamp
// representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations.
// Clients may not set this value. It is represented in RFC3339 form and is in UTC.
// Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata"
// +cue-gen:WorkloadGroup:preserveUnknownFields:false
// -->
//
// <!-- go code generation tags
// +kubetype-gen
// +kubetype-gen:groupVersion=networking.istio.io/v1
// +genclient
// +k8s:deepcopy-gen=true
// -->
// <!-- istio code generation tags
// +istio.io/sync-from:networking/v1alpha3/workload_group.proto
// -->
message WorkloadGroup {
// Metadata that will be used for all corresponding `WorkloadEntries`.
// User labels for a workload group should be set here in `metadata` rather than in `template`.
ObjectMeta metadata = 1;
// Template to be used for the generation of `WorkloadEntry` resources that belong to this `WorkloadGroup`.
// Please note that `address` and `labels` fields should not be set in the template, and an empty `serviceAccount`
// should default to `default`. The workload identities (mTLS certificates) will be bootstrapped using the
// specified service account's token. Workload entries in this group will be in the same namespace as the
// workload group, and inherit the labels and annotations from the above `metadata` field.
WorkloadEntry template = 2 [(google.api.field_behavior) = REQUIRED];
// `ObjectMeta` describes metadata that will be attached to a `WorkloadEntry`.
// It is a subset of the supported Kubernetes metadata.
message ObjectMeta {
// Labels to attach
map<string, string> labels = 1;
// Annotations to attach
map<string, string> annotations = 2;
}
// `ReadinessProbe` describes the configuration the user must provide for healthchecking on their workload.
// This configuration mirrors K8S in both syntax and logic for the most part.
ReadinessProbe probe = 3;
}
message ReadinessProbe {
// Number of seconds after the container has started before readiness probes are initiated.
int32 initial_delay_seconds = 2;
// Number of seconds after which the probe times out.
// Defaults to 1 second. Minimum value is 1 second.
int32 timeout_seconds = 3;
// How often (in seconds) to perform the probe.
// Default to 10 seconds. Minimum value is 1 second.
int32 period_seconds = 4;
// Minimum consecutive successes for the probe to be considered successful after having failed.
// Defaults to 1 second.
int32 success_threshold = 5;
// Minimum consecutive failures for the probe to be considered failed after having succeeded.
// Defaults to 3 seconds.
int32 failure_threshold = 6;
// Users can only provide one configuration for healthchecks (tcp, http, exec),
// and this is expressed as a oneof. All of the other configuration values
// hold true for any of the healthcheck methods.
oneof health_check_method {
// `httpGet` is performed to a given endpoint
// and the status/able to connect determines health.
HTTPHealthCheckConfig http_get = 7;
// Health is determined by if the proxy is able to connect.
TCPHealthCheckConfig tcp_socket = 8;
// Health is determined by how the command that is executed exited.
ExecHealthCheckConfig exec = 9;
}
}
message HTTPHealthCheckConfig {
// Path to access on the HTTP server.
string path = 1;
// Port on which the endpoint lives.
uint32 port = 2 [(google.api.field_behavior) = REQUIRED];
// Host name to connect to, defaults to the pod IP. You probably want to set
// "Host" in httpHeaders instead.
string host = 3;
// HTTP or HTTPS, defaults to HTTP
string scheme = 4;
// Headers the proxy will pass on to make the request.
// Allows repeated headers.
repeated HTTPHeader http_headers = 5;
}
message HTTPHeader {
// The header field name
string name = 1;
// The header field value
string value = 2;
}
message TCPHealthCheckConfig {
// Host to connect to, defaults to localhost
string host = 1;
// Port of host
uint32 port = 2 [(google.api.field_behavior) = REQUIRED];
}
message ExecHealthCheckConfig {
// Command to run. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
repeated string command = 1;
}

153
networking/v1/workload_group_deepcopy.gen.go generated Normal file
View File

@ -0,0 +1,153 @@
// Code generated by protoc-gen-deepcopy. DO NOT EDIT.
package v1
import (
proto "google.golang.org/protobuf/proto"
)
// DeepCopyInto supports using WorkloadGroup within kubernetes types, where deepcopy-gen is used.
func (in *WorkloadGroup) DeepCopyInto(out *WorkloadGroup) {
p := proto.Clone(in).(*WorkloadGroup)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadGroup. Required by controller-gen.
func (in *WorkloadGroup) DeepCopy() *WorkloadGroup {
if in == nil {
return nil
}
out := new(WorkloadGroup)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadGroup. Required by controller-gen.
func (in *WorkloadGroup) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using WorkloadGroup_ObjectMeta within kubernetes types, where deepcopy-gen is used.
func (in *WorkloadGroup_ObjectMeta) DeepCopyInto(out *WorkloadGroup_ObjectMeta) {
p := proto.Clone(in).(*WorkloadGroup_ObjectMeta)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadGroup_ObjectMeta. Required by controller-gen.
func (in *WorkloadGroup_ObjectMeta) DeepCopy() *WorkloadGroup_ObjectMeta {
if in == nil {
return nil
}
out := new(WorkloadGroup_ObjectMeta)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadGroup_ObjectMeta. Required by controller-gen.
func (in *WorkloadGroup_ObjectMeta) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using ReadinessProbe within kubernetes types, where deepcopy-gen is used.
func (in *ReadinessProbe) DeepCopyInto(out *ReadinessProbe) {
p := proto.Clone(in).(*ReadinessProbe)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReadinessProbe. Required by controller-gen.
func (in *ReadinessProbe) DeepCopy() *ReadinessProbe {
if in == nil {
return nil
}
out := new(ReadinessProbe)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ReadinessProbe. Required by controller-gen.
func (in *ReadinessProbe) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using HTTPHealthCheckConfig within kubernetes types, where deepcopy-gen is used.
func (in *HTTPHealthCheckConfig) DeepCopyInto(out *HTTPHealthCheckConfig) {
p := proto.Clone(in).(*HTTPHealthCheckConfig)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPHealthCheckConfig. Required by controller-gen.
func (in *HTTPHealthCheckConfig) DeepCopy() *HTTPHealthCheckConfig {
if in == nil {
return nil
}
out := new(HTTPHealthCheckConfig)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPHealthCheckConfig. Required by controller-gen.
func (in *HTTPHealthCheckConfig) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using HTTPHeader within kubernetes types, where deepcopy-gen is used.
func (in *HTTPHeader) DeepCopyInto(out *HTTPHeader) {
p := proto.Clone(in).(*HTTPHeader)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPHeader. Required by controller-gen.
func (in *HTTPHeader) DeepCopy() *HTTPHeader {
if in == nil {
return nil
}
out := new(HTTPHeader)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPHeader. Required by controller-gen.
func (in *HTTPHeader) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using TCPHealthCheckConfig within kubernetes types, where deepcopy-gen is used.
func (in *TCPHealthCheckConfig) DeepCopyInto(out *TCPHealthCheckConfig) {
p := proto.Clone(in).(*TCPHealthCheckConfig)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPHealthCheckConfig. Required by controller-gen.
func (in *TCPHealthCheckConfig) DeepCopy() *TCPHealthCheckConfig {
if in == nil {
return nil
}
out := new(TCPHealthCheckConfig)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new TCPHealthCheckConfig. Required by controller-gen.
func (in *TCPHealthCheckConfig) DeepCopyInterface() interface{} {
return in.DeepCopy()
}
// DeepCopyInto supports using ExecHealthCheckConfig within kubernetes types, where deepcopy-gen is used.
func (in *ExecHealthCheckConfig) DeepCopyInto(out *ExecHealthCheckConfig) {
p := proto.Clone(in).(*ExecHealthCheckConfig)
*out = *p
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecHealthCheckConfig. Required by controller-gen.
func (in *ExecHealthCheckConfig) DeepCopy() *ExecHealthCheckConfig {
if in == nil {
return nil
}
out := new(ExecHealthCheckConfig)
in.DeepCopyInto(out)
return out
}
// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ExecHealthCheckConfig. Required by controller-gen.
func (in *ExecHealthCheckConfig) DeepCopyInterface() interface{} {
return in.DeepCopy()
}

89
networking/v1/workload_group_json.gen.go generated Normal file
View File

@ -0,0 +1,89 @@
// Code generated by protoc-gen-jsonshim. DO NOT EDIT.
package v1
import (
bytes "bytes"
jsonpb "github.com/golang/protobuf/jsonpb"
)
// MarshalJSON is a custom marshaler for WorkloadGroup
func (this *WorkloadGroup) MarshalJSON() ([]byte, error) {
str, err := WorkloadGroupMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for WorkloadGroup
func (this *WorkloadGroup) UnmarshalJSON(b []byte) error {
return WorkloadGroupUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for WorkloadGroup_ObjectMeta
func (this *WorkloadGroup_ObjectMeta) MarshalJSON() ([]byte, error) {
str, err := WorkloadGroupMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for WorkloadGroup_ObjectMeta
func (this *WorkloadGroup_ObjectMeta) UnmarshalJSON(b []byte) error {
return WorkloadGroupUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for ReadinessProbe
func (this *ReadinessProbe) MarshalJSON() ([]byte, error) {
str, err := WorkloadGroupMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for ReadinessProbe
func (this *ReadinessProbe) UnmarshalJSON(b []byte) error {
return WorkloadGroupUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for HTTPHealthCheckConfig
func (this *HTTPHealthCheckConfig) MarshalJSON() ([]byte, error) {
str, err := WorkloadGroupMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for HTTPHealthCheckConfig
func (this *HTTPHealthCheckConfig) UnmarshalJSON(b []byte) error {
return WorkloadGroupUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for HTTPHeader
func (this *HTTPHeader) MarshalJSON() ([]byte, error) {
str, err := WorkloadGroupMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for HTTPHeader
func (this *HTTPHeader) UnmarshalJSON(b []byte) error {
return WorkloadGroupUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for TCPHealthCheckConfig
func (this *TCPHealthCheckConfig) MarshalJSON() ([]byte, error) {
str, err := WorkloadGroupMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for TCPHealthCheckConfig
func (this *TCPHealthCheckConfig) UnmarshalJSON(b []byte) error {
return WorkloadGroupUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for ExecHealthCheckConfig
func (this *ExecHealthCheckConfig) MarshalJSON() ([]byte, error) {
str, err := WorkloadGroupMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for ExecHealthCheckConfig
func (this *ExecHealthCheckConfig) UnmarshalJSON(b []byte) error {
return WorkloadGroupUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
var (
WorkloadGroupMarshaler = &jsonpb.Marshaler{}
WorkloadGroupUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true}
)

1
networking/v1alpha3/destination_rule.pb.go generated
View File

@ -391,7 +391,6 @@ func (ClientTLSSettings_TLSmode) EnumDescriptor() ([]byte, []int) {
// <!-- crd generation tags
// +cue-gen:DestinationRule:groupName:networking.istio.io
// +cue-gen:DestinationRule:version:v1alpha3
// +cue-gen:DestinationRule:storageVersion
// +cue-gen:DestinationRule:annotations:helm.sh/resource-policy=keep
// +cue-gen:DestinationRule:labels:app=istio-pilot,chart=istio,heritage=Tiller,release=istio
// +cue-gen:DestinationRule:subresource:status

1
networking/v1alpha3/destination_rule.proto
View File

@ -130,7 +130,6 @@ option go_package = "istio.io/api/networking/v1alpha3";
// <!-- crd generation tags
// +cue-gen:DestinationRule:groupName:networking.istio.io
// +cue-gen:DestinationRule:version:v1alpha3
// +cue-gen:DestinationRule:storageVersion
// +cue-gen:DestinationRule:annotations:helm.sh/resource-policy=keep
// +cue-gen:DestinationRule:labels:app=istio-pilot,chart=istio,heritage=Tiller,release=istio
// +cue-gen:DestinationRule:subresource:status

1
networking/v1alpha3/gateway.pb.go generated
View File

@ -370,7 +370,6 @@ func (ServerTLSSettings_TLSProtocol) EnumDescriptor() ([]byte, []int) {
// <!-- crd generation tags
// +cue-gen:Gateway:groupName:networking.istio.io
// +cue-gen:Gateway:version:v1alpha3
// +cue-gen:Gateway:storageVersion
// +cue-gen:Gateway:annotations:helm.sh/resource-policy=keep
// +cue-gen:Gateway:labels:app=istio-pilot,chart=istio,heritage=Tiller,release=istio
// +cue-gen:Gateway:subresource:status

1
networking/v1alpha3/gateway.proto
View File

@ -202,7 +202,6 @@ option go_package = "istio.io/api/networking/v1alpha3";
// <!-- crd generation tags
// +cue-gen:Gateway:groupName:networking.istio.io
// +cue-gen:Gateway:version:v1alpha3
// +cue-gen:Gateway:storageVersion
// +cue-gen:Gateway:annotations:helm.sh/resource-policy=keep
// +cue-gen:Gateway:labels:app=istio-pilot,chart=istio,heritage=Tiller,release=istio
// +cue-gen:Gateway:subresource:status

1
networking/v1alpha3/service_entry.pb.go generated
View File

@ -567,7 +567,6 @@ func (ServiceEntry_Resolution) EnumDescriptor() ([]byte, []int) {
// <!-- crd generation tags
// +cue-gen:ServiceEntry:groupName:networking.istio.io
// +cue-gen:ServiceEntry:version:v1alpha3
// +cue-gen:ServiceEntry:storageVersion
// +cue-gen:ServiceEntry:annotations:helm.sh/resource-policy=keep
// +cue-gen:ServiceEntry:labels:app=istio-pilot,chart=istio,heritage=Tiller,release=istio
// +cue-gen:ServiceEntry:subresource:status

1
networking/v1alpha3/service_entry.proto
View File

@ -409,7 +409,6 @@ option go_package = "istio.io/api/networking/v1alpha3";
// <!-- crd generation tags
// +cue-gen:ServiceEntry:groupName:networking.istio.io
// +cue-gen:ServiceEntry:version:v1alpha3
// +cue-gen:ServiceEntry:storageVersion
// +cue-gen:ServiceEntry:annotations:helm.sh/resource-policy=keep
// +cue-gen:ServiceEntry:labels:app=istio-pilot,chart=istio,heritage=Tiller,release=istio
// +cue-gen:ServiceEntry:subresource:status

1
networking/v1alpha3/sidecar.pb.go generated
View File

@ -476,7 +476,6 @@ func (OutboundTrafficPolicy_Mode) EnumDescriptor() ([]byte, []int) {
// <!-- crd generation tags
// +cue-gen:Sidecar:groupName:networking.istio.io
// +cue-gen:Sidecar:version:v1alpha3
// +cue-gen:Sidecar:storageVersion
// +cue-gen:Sidecar:annotations:helm.sh/resource-policy=keep
// +cue-gen:Sidecar:labels:app=istio-pilot,chart=istio,heritage=Tiller,release=istio
// +cue-gen:Sidecar:subresource:status

1
networking/v1alpha3/sidecar.proto
View File

@ -355,7 +355,6 @@ option go_package = "istio.io/api/networking/v1alpha3";
// <!-- crd generation tags
// +cue-gen:Sidecar:groupName:networking.istio.io
// +cue-gen:Sidecar:version:v1alpha3
// +cue-gen:Sidecar:storageVersion
// +cue-gen:Sidecar:annotations:helm.sh/resource-policy=keep
// +cue-gen:Sidecar:labels:app=istio-pilot,chart=istio,heritage=Tiller,release=istio
// +cue-gen:Sidecar:subresource:status

1
networking/v1alpha3/virtual_service.pb.go generated
View File

@ -186,7 +186,6 @@ func (HTTPRedirect_RedirectPortSelection) EnumDescriptor() ([]byte, []int) {
// <!-- crd generation tags
// +cue-gen:VirtualService:groupName:networking.istio.io
// +cue-gen:VirtualService:version:v1alpha3
// +cue-gen:VirtualService:storageVersion
// +cue-gen:VirtualService:annotations:helm.sh/resource-policy=keep
// +cue-gen:VirtualService:labels:app=istio-pilot,chart=istio,heritage=Tiller,release=istio
// +cue-gen:VirtualService:subresource:status

1
networking/v1alpha3/virtual_service.proto
View File

@ -124,7 +124,6 @@ option go_package = "istio.io/api/networking/v1alpha3";
// <!-- crd generation tags
// +cue-gen:VirtualService:groupName:networking.istio.io
// +cue-gen:VirtualService:version:v1alpha3
// +cue-gen:VirtualService:storageVersion
// +cue-gen:VirtualService:annotations:helm.sh/resource-policy=keep
// +cue-gen:VirtualService:labels:app=istio-pilot,chart=istio,heritage=Tiller,release=istio
// +cue-gen:VirtualService:subresource:status

1
networking/v1alpha3/workload_entry.pb.go generated
View File

@ -172,7 +172,6 @@ const (
// <!-- crd generation tags
// +cue-gen:WorkloadEntry:groupName:networking.istio.io
// +cue-gen:WorkloadEntry:version:v1alpha3
// +cue-gen:WorkloadEntry:storageVersion
// +cue-gen:WorkloadEntry:annotations:helm.sh/resource-policy=keep
// +cue-gen:WorkloadEntry:labels:app=istio-pilot,chart=istio,heritage=Tiller,release=istio
// +cue-gen:WorkloadEntry:subresource:status

1
networking/v1alpha3/workload_entry.proto
View File

@ -155,7 +155,6 @@ option go_package = "istio.io/api/networking/v1alpha3";
// <!-- crd generation tags
// +cue-gen:WorkloadEntry:groupName:networking.istio.io
// +cue-gen:WorkloadEntry:version:v1alpha3
// +cue-gen:WorkloadEntry:storageVersion
// +cue-gen:WorkloadEntry:annotations:helm.sh/resource-policy=keep
// +cue-gen:WorkloadEntry:labels:app=istio-pilot,chart=istio,heritage=Tiller,release=istio
// +cue-gen:WorkloadEntry:subresource:status

1
networking/v1alpha3/workload_group.pb.go generated
View File

@ -97,7 +97,6 @@ const (
// <!-- crd generation tags
// +cue-gen:WorkloadGroup:groupName:networking.istio.io
// +cue-gen:WorkloadGroup:version:v1alpha3
// +cue-gen:WorkloadGroup:storageVersion
// +cue-gen:WorkloadGroup:labels:app=istio-pilot,chart=istio,heritage=Tiller,release=istio
// +cue-gen:WorkloadGroup:subresource:status
// +cue-gen:WorkloadGroup:scope:Namespaced

1
networking/v1alpha3/workload_group.proto
View File

@ -82,7 +82,6 @@ option go_package = "istio.io/api/networking/v1alpha3";
// <!-- crd generation tags
// +cue-gen:WorkloadGroup:groupName:networking.istio.io
// +cue-gen:WorkloadGroup:version:v1alpha3
// +cue-gen:WorkloadGroup:storageVersion
// +cue-gen:WorkloadGroup:labels:app=istio-pilot,chart=istio,heritage=Tiller,release=istio
// +cue-gen:WorkloadGroup:subresource:status
// +cue-gen:WorkloadGroup:scope:Namespaced

1
networking/v1beta1/destination_rule.pb.go generated
View File

@ -367,6 +367,7 @@ func (ClientTLSSettings_TLSmode) EnumDescriptor() ([]byte, []int) {
// <!-- crd generation tags
// +cue-gen:DestinationRule:groupName:networking.istio.io
// +cue-gen:DestinationRule:version:v1beta1
// +cue-gen:DestinationRule:storageVersion
// +cue-gen:DestinationRule:annotations:helm.sh/resource-policy=keep
// +cue-gen:DestinationRule:labels:app=istio-pilot,chart=istio,heritage=Tiller,release=istio
// +cue-gen:DestinationRule:subresource:status

1
networking/v1beta1/destination_rule.proto
View File

@ -106,6 +106,7 @@ option go_package = "istio.io/api/networking/v1beta1";
// <!-- crd generation tags
// +cue-gen:DestinationRule:groupName:networking.istio.io
// +cue-gen:DestinationRule:version:v1beta1
// +cue-gen:DestinationRule:storageVersion
// +cue-gen:DestinationRule:annotations:helm.sh/resource-policy=keep
// +cue-gen:DestinationRule:labels:app=istio-pilot,chart=istio,heritage=Tiller,release=istio
// +cue-gen:DestinationRule:subresource:status

1
networking/v1beta1/gateway.pb.go generated
View File

@ -370,6 +370,7 @@ func (ServerTLSSettings_TLSProtocol) EnumDescriptor() ([]byte, []int) {
// <!-- crd generation tags
// +cue-gen:Gateway:groupName:networking.istio.io
// +cue-gen:Gateway:version:v1beta1
// +cue-gen:Gateway:storageVersion
// +cue-gen:Gateway:annotations:helm.sh/resource-policy=keep
// +cue-gen:Gateway:labels:app=istio-pilot,chart=istio,heritage=Tiller,release=istio
// +cue-gen:Gateway:subresource:status

1
networking/v1beta1/gateway.proto
View File

@ -202,6 +202,7 @@ option go_package = "istio.io/api/networking/v1beta1";
// <!-- crd generation tags
// +cue-gen:Gateway:groupName:networking.istio.io
// +cue-gen:Gateway:version:v1beta1
// +cue-gen:Gateway:storageVersion
// +cue-gen:Gateway:annotations:helm.sh/resource-policy=keep
// +cue-gen:Gateway:labels:app=istio-pilot,chart=istio,heritage=Tiller,release=istio
// +cue-gen:Gateway:subresource:status

1
networking/v1beta1/service_entry.pb.go generated
View File

@ -568,6 +568,7 @@ func (ServiceEntry_Resolution) EnumDescriptor() ([]byte, []int) {
// <!-- crd generation tags
// +cue-gen:ServiceEntry:groupName:networking.istio.io
// +cue-gen:ServiceEntry:version:v1beta1
// +cue-gen:ServiceEntry:storageVersion
// +cue-gen:ServiceEntry:annotations:helm.sh/resource-policy=keep
// +cue-gen:ServiceEntry:labels:app=istio-pilot,chart=istio,heritage=Tiller,release=istio
// +cue-gen:ServiceEntry:subresource:status

1
networking/v1beta1/service_entry.proto
View File

@ -410,6 +410,7 @@ option go_package = "istio.io/api/networking/v1beta1";
// <!-- crd generation tags
// +cue-gen:ServiceEntry:groupName:networking.istio.io
// +cue-gen:ServiceEntry:version:v1beta1
// +cue-gen:ServiceEntry:storageVersion
// +cue-gen:ServiceEntry:annotations:helm.sh/resource-policy=keep
// +cue-gen:ServiceEntry:labels:app=istio-pilot,chart=istio,heritage=Tiller,release=istio
// +cue-gen:ServiceEntry:subresource:status

1
networking/v1beta1/sidecar.pb.go generated
View File

@ -412,6 +412,7 @@ func (OutboundTrafficPolicy_Mode) EnumDescriptor() ([]byte, []int) {
// <!-- crd generation tags
// +cue-gen:Sidecar:groupName:networking.istio.io
// +cue-gen:Sidecar:version:v1beta1
// +cue-gen:Sidecar:storageVersion
// +cue-gen:Sidecar:annotations:helm.sh/resource-policy=keep
// +cue-gen:Sidecar:labels:app=istio-pilot,chart=istio,heritage=Tiller,release=istio
// +cue-gen:Sidecar:subresource:status

1
networking/v1beta1/sidecar.proto
View File

@ -291,6 +291,7 @@ option go_package = "istio.io/api/networking/v1beta1";
// <!-- crd generation tags
// +cue-gen:Sidecar:groupName:networking.istio.io
// +cue-gen:Sidecar:version:v1beta1
// +cue-gen:Sidecar:storageVersion
// +cue-gen:Sidecar:annotations:helm.sh/resource-policy=keep
// +cue-gen:Sidecar:labels:app=istio-pilot,chart=istio,heritage=Tiller,release=istio
// +cue-gen:Sidecar:subresource:status

1
networking/v1beta1/virtual_service.pb.go generated
View File

@ -185,6 +185,7 @@ func (HTTPRedirect_RedirectPortSelection) EnumDescriptor() ([]byte, []int) {
// <!-- crd generation tags
// +cue-gen:VirtualService:groupName:networking.istio.io
// +cue-gen:VirtualService:version:v1beta1
// +cue-gen:VirtualService:storageVersion
// +cue-gen:VirtualService:annotations:helm.sh/resource-policy=keep
// +cue-gen:VirtualService:labels:app=istio-pilot,chart=istio,heritage=Tiller,release=istio
// +cue-gen:VirtualService:subresource:status

1
networking/v1beta1/virtual_service.proto
View File

@ -123,6 +123,7 @@ option go_package = "istio.io/api/networking/v1beta1";
// <!-- crd generation tags
// +cue-gen:VirtualService:groupName:networking.istio.io
// +cue-gen:VirtualService:version:v1beta1
// +cue-gen:VirtualService:storageVersion
// +cue-gen:VirtualService:annotations:helm.sh/resource-policy=keep
// +cue-gen:VirtualService:labels:app=istio-pilot,chart=istio,heritage=Tiller,release=istio
// +cue-gen:VirtualService:subresource:status

1
networking/v1beta1/workload_entry.pb.go generated
View File

@ -173,6 +173,7 @@ const (
// <!-- crd generation tags
// +cue-gen:WorkloadEntry:groupName:networking.istio.io
// +cue-gen:WorkloadEntry:version:v1beta1
// +cue-gen:WorkloadEntry:storageVersion
// +cue-gen:WorkloadEntry:annotations:helm.sh/resource-policy=keep
// +cue-gen:WorkloadEntry:labels:app=istio-pilot,chart=istio,heritage=Tiller,release=istio
// +cue-gen:WorkloadEntry:subresource:status

1
networking/v1beta1/workload_entry.proto
View File

@ -156,6 +156,7 @@ option go_package = "istio.io/api/networking/v1beta1";
// <!-- crd generation tags
// +cue-gen:WorkloadEntry:groupName:networking.istio.io
// +cue-gen:WorkloadEntry:version:v1beta1
// +cue-gen:WorkloadEntry:storageVersion
// +cue-gen:WorkloadEntry:annotations:helm.sh/resource-policy=keep
// +cue-gen:WorkloadEntry:labels:app=istio-pilot,chart=istio,heritage=Tiller,release=istio
// +cue-gen:WorkloadEntry:subresource:status

1
networking/v1beta1/workload_group.pb.go generated
View File

@ -97,6 +97,7 @@ const (
// <!-- crd generation tags
// +cue-gen:WorkloadGroup:groupName:networking.istio.io
// +cue-gen:WorkloadGroup:version:v1beta1
// +cue-gen:WorkloadGroup:storageVersion
// +cue-gen:WorkloadGroup:labels:app=istio-pilot,chart=istio,heritage=Tiller,release=istio
// +cue-gen:WorkloadGroup:subresource:status
// +cue-gen:WorkloadGroup:scope:Namespaced

1
networking/v1beta1/workload_group.proto
View File

@ -82,6 +82,7 @@ option go_package = "istio.io/api/networking/v1beta1";
// <!-- crd generation tags
// +cue-gen:WorkloadGroup:groupName:networking.istio.io
// +cue-gen:WorkloadGroup:version:v1beta1
// +cue-gen:WorkloadGroup:storageVersion
// +cue-gen:WorkloadGroup:labels:app=istio-pilot,chart=istio,heritage=Tiller,release=istio
// +cue-gen:WorkloadGroup:subresource:status
// +cue-gen:WorkloadGroup:scope:Namespaced

6
releasenotes/notes/promote-networking-apis-v1.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: release-notes/v2
kind: feature
area: traffic-management
releaseNotes:
- |
**Promoted** Networking APIs (DestinationRule, Gateway, ServiceEntry, Sidecar, VirtualService, WorkloadEntry, WorkloadGroup) to v1.