diff --git a/kubernetes/customresourcedefinitions.gen.yaml b/kubernetes/customresourcedefinitions.gen.yaml index 2c37d65f..32f97596 100644 --- a/kubernetes/customresourcedefinitions.gen.yaml +++ b/kubernetes/customresourcedefinitions.gen.yaml @@ -254,6 +254,1553 @@ spec: singular: destinationrule scope: Namespaced versions: + - additionalPrinterColumns: + - description: The name of a service from the service registry + jsonPath: .spec.host + name: Host + type: string + - description: 'CreationTimestamp is a timestamp representing the server time + when this object was created. It is not guaranteed to be set in happens-before + order across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for + lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + properties: + spec: + description: 'Configuration affecting load balancing, outlier detection, + etc. See more details at: https://istio.io/docs/reference/config/networking/destination-rule.html' + properties: + exportTo: + description: A list of namespaces to which this destination rule is + exported. + items: + type: string + type: array + host: + description: The name of a service from the service registry. + type: string + subsets: + description: One or more named sets that represent individual versions + of a service. + items: + properties: + labels: + additionalProperties: + type: string + description: Labels apply a filter over the endpoints of a service + in the service registry. + type: object + name: + description: Name of the subset. + type: string + trafficPolicy: + description: Traffic policies that apply to this subset. + properties: + connectionPool: + properties: + http: + description: HTTP connection pool settings. + properties: + h2UpgradePolicy: + description: |- + Specify if http1.1 connection should be upgraded to http2 for the associated destination. + + Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE + enum: + - DEFAULT + - DO_NOT_UPGRADE + - UPGRADE + type: string + http1MaxPendingRequests: + description: Maximum number of requests that will + be queued while waiting for a ready connection + pool connection. + format: int32 + type: integer + http2MaxRequests: + description: Maximum number of active requests to + a destination. + format: int32 + type: integer + idleTimeout: + description: The idle timeout for upstream connection + pool connections. + type: string + maxConcurrentStreams: + description: The maximum number of concurrent streams + allowed for a peer on one HTTP/2 connection. + format: int32 + type: integer + maxRequestsPerConnection: + description: Maximum number of requests per connection + to a backend. + format: int32 + type: integer + maxRetries: + description: Maximum number of retries that can + be outstanding to all hosts in a cluster at a + given time. + format: int32 + type: integer + useClientProtocol: + description: If set to true, client protocol will + be preserved while initiating connection to backend. + type: boolean + type: object + tcp: + description: Settings common to both HTTP and TCP upstream + connections. + properties: + connectTimeout: + description: TCP connection timeout. + type: string + idleTimeout: + description: The idle timeout for TCP connections. + type: string + maxConnectionDuration: + description: The maximum duration of a connection. + type: string + maxConnections: + description: Maximum number of HTTP1 /TCP connections + to a destination host. + format: int32 + type: integer + tcpKeepalive: + description: If set then set SO_KEEPALIVE on the + socket to enable TCP Keepalives. + properties: + interval: + description: The time duration between keep-alive + probes. + type: string + probes: + description: Maximum number of keepalive probes + to send without response before deciding the + connection is dead. + type: integer + time: + description: The time duration a connection + needs to be idle before keep-alive probes + start being sent. + type: string + type: object + type: object + type: object + loadBalancer: + description: Settings controlling the load balancer algorithms. + oneOf: + - not: + anyOf: + - required: + - simple + - required: + - consistentHash + - required: + - simple + - required: + - consistentHash + properties: + consistentHash: + allOf: + - oneOf: + - not: + anyOf: + - required: + - httpHeaderName + - required: + - httpCookie + - required: + - useSourceIp + - required: + - httpQueryParameterName + - required: + - httpHeaderName + - required: + - httpCookie + - required: + - useSourceIp + - required: + - httpQueryParameterName + - oneOf: + - not: + anyOf: + - required: + - ringHash + - required: + - maglev + - required: + - ringHash + - required: + - maglev + properties: + httpCookie: + description: Hash based on HTTP cookie. + properties: + name: + description: Name of the cookie. + type: string + path: + description: Path to set for the cookie. + type: string + ttl: + description: Lifetime of the cookie. + type: string + required: + - name + type: object + httpHeaderName: + description: Hash based on a specific HTTP header. + type: string + httpQueryParameterName: + description: Hash based on a specific HTTP query + parameter. + type: string + maglev: + description: The Maglev load balancer implements + consistent hashing to backend hosts. + properties: + tableSize: + description: The table size for Maglev hashing. + type: integer + type: object + minimumRingSize: + description: Deprecated. + type: integer + ringHash: + description: The ring/modulo hash load balancer + implements consistent hashing to backend hosts. + properties: + minimumRingSize: + description: The minimum number of virtual nodes + to use for the hash ring. + type: integer + type: object + useSourceIp: + description: Hash based on the source IP address. + type: boolean + type: object + localityLbSetting: + properties: + distribute: + description: 'Optional: only one of distribute, + failover or failoverPriority can be set.' + items: + properties: + from: + description: Originating locality, '/' separated, + e.g. + type: string + to: + additionalProperties: + type: integer + description: Map of upstream localities to + traffic distribution weights. + type: object + type: object + type: array + enabled: + description: enable locality load balancing, this + is DestinationRule-level and will override mesh + wide settings in entirety. + nullable: true + type: boolean + failover: + description: 'Optional: only one of distribute, + failover or failoverPriority can be set.' + items: + properties: + from: + description: Originating region. + type: string + to: + description: Destination region the traffic + will fail over to when endpoints in the + 'from' region becomes unhealthy. + type: string + type: object + type: array + failoverPriority: + description: failoverPriority is an ordered list + of labels used to sort endpoints to do priority + based load balancing. + items: + type: string + type: array + type: object + simple: + description: |2- + + + Valid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST + enum: + - UNSPECIFIED + - LEAST_CONN + - RANDOM + - PASSTHROUGH + - ROUND_ROBIN + - LEAST_REQUEST + type: string + warmupDurationSecs: + description: Represents the warmup duration of Service. + type: string + type: object + outlierDetection: + properties: + baseEjectionTime: + description: Minimum ejection duration. + type: string + consecutive5xxErrors: + description: Number of 5xx errors before a host is ejected + from the connection pool. + nullable: true + type: integer + consecutiveErrors: + format: int32 + type: integer + consecutiveGatewayErrors: + description: Number of gateway errors before a host + is ejected from the connection pool. + nullable: true + type: integer + consecutiveLocalOriginFailures: + description: The number of consecutive locally originated + failures before ejection occurs. + nullable: true + type: integer + interval: + description: Time interval between ejection sweep analysis. + type: string + maxEjectionPercent: + description: Maximum % of hosts in the load balancing + pool for the upstream service that can be ejected. + format: int32 + type: integer + minHealthPercent: + description: Outlier detection will be enabled as long + as the associated load balancing pool has at least + min_health_percent hosts in healthy mode. + format: int32 + type: integer + splitExternalLocalOriginErrors: + description: Determines whether to distinguish local + origin failures from external errors. + type: boolean + type: object + portLevelSettings: + description: Traffic policies specific to individual ports. + items: + properties: + connectionPool: + properties: + http: + description: HTTP connection pool settings. + properties: + h2UpgradePolicy: + description: |- + Specify if http1.1 connection should be upgraded to http2 for the associated destination. + + Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE + enum: + - DEFAULT + - DO_NOT_UPGRADE + - UPGRADE + type: string + http1MaxPendingRequests: + description: Maximum number of requests that + will be queued while waiting for a ready + connection pool connection. + format: int32 + type: integer + http2MaxRequests: + description: Maximum number of active requests + to a destination. + format: int32 + type: integer + idleTimeout: + description: The idle timeout for upstream + connection pool connections. + type: string + maxConcurrentStreams: + description: The maximum number of concurrent + streams allowed for a peer on one HTTP/2 + connection. + format: int32 + type: integer + maxRequestsPerConnection: + description: Maximum number of requests per + connection to a backend. + format: int32 + type: integer + maxRetries: + description: Maximum number of retries that + can be outstanding to all hosts in a cluster + at a given time. + format: int32 + type: integer + useClientProtocol: + description: If set to true, client protocol + will be preserved while initiating connection + to backend. + type: boolean + type: object + tcp: + description: Settings common to both HTTP and + TCP upstream connections. + properties: + connectTimeout: + description: TCP connection timeout. + type: string + idleTimeout: + description: The idle timeout for TCP connections. + type: string + maxConnectionDuration: + description: The maximum duration of a connection. + type: string + maxConnections: + description: Maximum number of HTTP1 /TCP + connections to a destination host. + format: int32 + type: integer + tcpKeepalive: + description: If set then set SO_KEEPALIVE + on the socket to enable TCP Keepalives. + properties: + interval: + description: The time duration between + keep-alive probes. + type: string + probes: + description: Maximum number of keepalive + probes to send without response before + deciding the connection is dead. + type: integer + time: + description: The time duration a connection + needs to be idle before keep-alive probes + start being sent. + type: string + type: object + type: object + type: object + loadBalancer: + description: Settings controlling the load balancer + algorithms. + oneOf: + - not: + anyOf: + - required: + - simple + - required: + - consistentHash + - required: + - simple + - required: + - consistentHash + properties: + consistentHash: + allOf: + - oneOf: + - not: + anyOf: + - required: + - httpHeaderName + - required: + - httpCookie + - required: + - useSourceIp + - required: + - httpQueryParameterName + - required: + - httpHeaderName + - required: + - httpCookie + - required: + - useSourceIp + - required: + - httpQueryParameterName + - oneOf: + - not: + anyOf: + - required: + - ringHash + - required: + - maglev + - required: + - ringHash + - required: + - maglev + properties: + httpCookie: + description: Hash based on HTTP cookie. + properties: + name: + description: Name of the cookie. + type: string + path: + description: Path to set for the cookie. + type: string + ttl: + description: Lifetime of the cookie. + type: string + required: + - name + type: object + httpHeaderName: + description: Hash based on a specific HTTP + header. + type: string + httpQueryParameterName: + description: Hash based on a specific HTTP + query parameter. + type: string + maglev: + description: The Maglev load balancer implements + consistent hashing to backend hosts. + properties: + tableSize: + description: The table size for Maglev + hashing. + type: integer + type: object + minimumRingSize: + description: Deprecated. + type: integer + ringHash: + description: The ring/modulo hash load balancer + implements consistent hashing to backend + hosts. + properties: + minimumRingSize: + description: The minimum number of virtual + nodes to use for the hash ring. + type: integer + type: object + useSourceIp: + description: Hash based on the source IP address. + type: boolean + type: object + localityLbSetting: + properties: + distribute: + description: 'Optional: only one of distribute, + failover or failoverPriority can be set.' + items: + properties: + from: + description: Originating locality, '/' + separated, e.g. + type: string + to: + additionalProperties: + type: integer + description: Map of upstream localities + to traffic distribution weights. + type: object + type: object + type: array + enabled: + description: enable locality load balancing, + this is DestinationRule-level and will override + mesh wide settings in entirety. + nullable: true + type: boolean + failover: + description: 'Optional: only one of distribute, + failover or failoverPriority can be set.' + items: + properties: + from: + description: Originating region. + type: string + to: + description: Destination region the + traffic will fail over to when endpoints + in the 'from' region becomes unhealthy. + type: string + type: object + type: array + failoverPriority: + description: failoverPriority is an ordered + list of labels used to sort endpoints to + do priority based load balancing. + items: + type: string + type: array + type: object + simple: + description: |2- + + + Valid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST + enum: + - UNSPECIFIED + - LEAST_CONN + - RANDOM + - PASSTHROUGH + - ROUND_ROBIN + - LEAST_REQUEST + type: string + warmupDurationSecs: + description: Represents the warmup duration of + Service. + type: string + type: object + outlierDetection: + properties: + baseEjectionTime: + description: Minimum ejection duration. + type: string + consecutive5xxErrors: + description: Number of 5xx errors before a host + is ejected from the connection pool. + nullable: true + type: integer + consecutiveErrors: + format: int32 + type: integer + consecutiveGatewayErrors: + description: Number of gateway errors before a + host is ejected from the connection pool. + nullable: true + type: integer + consecutiveLocalOriginFailures: + description: The number of consecutive locally + originated failures before ejection occurs. + nullable: true + type: integer + interval: + description: Time interval between ejection sweep + analysis. + type: string + maxEjectionPercent: + description: Maximum % of hosts in the load balancing + pool for the upstream service that can be ejected. + format: int32 + type: integer + minHealthPercent: + description: Outlier detection will be enabled + as long as the associated load balancing pool + has at least min_health_percent hosts in healthy + mode. + format: int32 + type: integer + splitExternalLocalOriginErrors: + description: Determines whether to distinguish + local origin failures from external errors. + type: boolean + type: object + port: + description: Specifies the number of a port on the + destination service on which this policy is being + applied. + properties: + number: + type: integer + type: object + tls: + description: TLS related settings for connections + to the upstream service. + properties: + caCertificates: + description: 'OPTIONAL: The path to the file containing + certificate authority certificates to use in + verifying a presented server certificate.' + type: string + caCrl: + description: 'OPTIONAL: The path to the file containing + the certificate revocation list (CRL) to use + in verifying a presented server certificate.' + type: string + clientCertificate: + description: REQUIRED if mode is `MUTUAL`. + type: string + credentialName: + description: The name of the secret that holds + the TLS certs for the client including the CA + certificates. + type: string + insecureSkipVerify: + description: '`insecureSkipVerify` specifies whether + the proxy should skip verifying the CA signature + and SAN for the server certificate corresponding + to the host.' + nullable: true + type: boolean + mode: + description: |- + Indicates whether connections to this port should be secured using TLS. + + Valid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL + enum: + - DISABLE + - SIMPLE + - MUTUAL + - ISTIO_MUTUAL + type: string + privateKey: + description: REQUIRED if mode is `MUTUAL`. + type: string + sni: + description: SNI string to present to the server + during TLS handshake. + type: string + subjectAltNames: + description: A list of alternate names to verify + the subject identity in the certificate. + items: + type: string + type: array + type: object + type: object + type: array + proxyProtocol: + description: The upstream PROXY protocol settings. + properties: + version: + description: |- + The PROXY protocol version to use. + + Valid Options: V1, V2 + enum: + - V1 + - V2 + type: string + type: object + tls: + description: TLS related settings for connections to the + upstream service. + properties: + caCertificates: + description: 'OPTIONAL: The path to the file containing + certificate authority certificates to use in verifying + a presented server certificate.' + type: string + caCrl: + description: 'OPTIONAL: The path to the file containing + the certificate revocation list (CRL) to use in verifying + a presented server certificate.' + type: string + clientCertificate: + description: REQUIRED if mode is `MUTUAL`. + type: string + credentialName: + description: The name of the secret that holds the TLS + certs for the client including the CA certificates. + type: string + insecureSkipVerify: + description: '`insecureSkipVerify` specifies whether + the proxy should skip verifying the CA signature and + SAN for the server certificate corresponding to the + host.' + nullable: true + type: boolean + mode: + description: |- + Indicates whether connections to this port should be secured using TLS. + + Valid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL + enum: + - DISABLE + - SIMPLE + - MUTUAL + - ISTIO_MUTUAL + type: string + privateKey: + description: REQUIRED if mode is `MUTUAL`. + type: string + sni: + description: SNI string to present to the server during + TLS handshake. + type: string + subjectAltNames: + description: A list of alternate names to verify the + subject identity in the certificate. + items: + type: string + type: array + type: object + tunnel: + description: Configuration of tunneling TCP over other transport + or application layers for the host configured in the DestinationRule. + properties: + protocol: + description: Specifies which protocol to use for tunneling + the downstream connection. + type: string + targetHost: + description: Specifies a host to which the downstream + connection is tunneled. + type: string + targetPort: + description: Specifies a port to which the downstream + connection is tunneled. + type: integer + required: + - targetHost + - targetPort + type: object + type: object + required: + - name + type: object + type: array + trafficPolicy: + description: Traffic policies to apply (load balancing policy, connection + pool sizes, outlier detection). + properties: + connectionPool: + properties: + http: + description: HTTP connection pool settings. + properties: + h2UpgradePolicy: + description: |- + Specify if http1.1 connection should be upgraded to http2 for the associated destination. + + Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE + enum: + - DEFAULT + - DO_NOT_UPGRADE + - UPGRADE + type: string + http1MaxPendingRequests: + description: Maximum number of requests that will be queued + while waiting for a ready connection pool connection. + format: int32 + type: integer + http2MaxRequests: + description: Maximum number of active requests to a destination. + format: int32 + type: integer + idleTimeout: + description: The idle timeout for upstream connection + pool connections. + type: string + maxConcurrentStreams: + description: The maximum number of concurrent streams + allowed for a peer on one HTTP/2 connection. + format: int32 + type: integer + maxRequestsPerConnection: + description: Maximum number of requests per connection + to a backend. + format: int32 + type: integer + maxRetries: + description: Maximum number of retries that can be outstanding + to all hosts in a cluster at a given time. + format: int32 + type: integer + useClientProtocol: + description: If set to true, client protocol will be preserved + while initiating connection to backend. + type: boolean + type: object + tcp: + description: Settings common to both HTTP and TCP upstream + connections. + properties: + connectTimeout: + description: TCP connection timeout. + type: string + idleTimeout: + description: The idle timeout for TCP connections. + type: string + maxConnectionDuration: + description: The maximum duration of a connection. + type: string + maxConnections: + description: Maximum number of HTTP1 /TCP connections + to a destination host. + format: int32 + type: integer + tcpKeepalive: + description: If set then set SO_KEEPALIVE on the socket + to enable TCP Keepalives. + properties: + interval: + description: The time duration between keep-alive + probes. + type: string + probes: + description: Maximum number of keepalive probes to + send without response before deciding the connection + is dead. + type: integer + time: + description: The time duration a connection needs + to be idle before keep-alive probes start being + sent. + type: string + type: object + type: object + type: object + loadBalancer: + description: Settings controlling the load balancer algorithms. + oneOf: + - not: + anyOf: + - required: + - simple + - required: + - consistentHash + - required: + - simple + - required: + - consistentHash + properties: + consistentHash: + allOf: + - oneOf: + - not: + anyOf: + - required: + - httpHeaderName + - required: + - httpCookie + - required: + - useSourceIp + - required: + - httpQueryParameterName + - required: + - httpHeaderName + - required: + - httpCookie + - required: + - useSourceIp + - required: + - httpQueryParameterName + - oneOf: + - not: + anyOf: + - required: + - ringHash + - required: + - maglev + - required: + - ringHash + - required: + - maglev + properties: + httpCookie: + description: Hash based on HTTP cookie. + properties: + name: + description: Name of the cookie. + type: string + path: + description: Path to set for the cookie. + type: string + ttl: + description: Lifetime of the cookie. + type: string + required: + - name + type: object + httpHeaderName: + description: Hash based on a specific HTTP header. + type: string + httpQueryParameterName: + description: Hash based on a specific HTTP query parameter. + type: string + maglev: + description: The Maglev load balancer implements consistent + hashing to backend hosts. + properties: + tableSize: + description: The table size for Maglev hashing. + type: integer + type: object + minimumRingSize: + description: Deprecated. + type: integer + ringHash: + description: The ring/modulo hash load balancer implements + consistent hashing to backend hosts. + properties: + minimumRingSize: + description: The minimum number of virtual nodes to + use for the hash ring. + type: integer + type: object + useSourceIp: + description: Hash based on the source IP address. + type: boolean + type: object + localityLbSetting: + properties: + distribute: + description: 'Optional: only one of distribute, failover + or failoverPriority can be set.' + items: + properties: + from: + description: Originating locality, '/' separated, + e.g. + type: string + to: + additionalProperties: + type: integer + description: Map of upstream localities to traffic + distribution weights. + type: object + type: object + type: array + enabled: + description: enable locality load balancing, this is DestinationRule-level + and will override mesh wide settings in entirety. + nullable: true + type: boolean + failover: + description: 'Optional: only one of distribute, failover + or failoverPriority can be set.' + items: + properties: + from: + description: Originating region. + type: string + to: + description: Destination region the traffic will + fail over to when endpoints in the 'from' region + becomes unhealthy. + type: string + type: object + type: array + failoverPriority: + description: failoverPriority is an ordered list of labels + used to sort endpoints to do priority based load balancing. + items: + type: string + type: array + type: object + simple: + description: |2- + + + Valid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST + enum: + - UNSPECIFIED + - LEAST_CONN + - RANDOM + - PASSTHROUGH + - ROUND_ROBIN + - LEAST_REQUEST + type: string + warmupDurationSecs: + description: Represents the warmup duration of Service. + type: string + type: object + outlierDetection: + properties: + baseEjectionTime: + description: Minimum ejection duration. + type: string + consecutive5xxErrors: + description: Number of 5xx errors before a host is ejected + from the connection pool. + nullable: true + type: integer + consecutiveErrors: + format: int32 + type: integer + consecutiveGatewayErrors: + description: Number of gateway errors before a host is ejected + from the connection pool. + nullable: true + type: integer + consecutiveLocalOriginFailures: + description: The number of consecutive locally originated + failures before ejection occurs. + nullable: true + type: integer + interval: + description: Time interval between ejection sweep analysis. + type: string + maxEjectionPercent: + description: Maximum % of hosts in the load balancing pool + for the upstream service that can be ejected. + format: int32 + type: integer + minHealthPercent: + description: Outlier detection will be enabled as long as + the associated load balancing pool has at least min_health_percent + hosts in healthy mode. + format: int32 + type: integer + splitExternalLocalOriginErrors: + description: Determines whether to distinguish local origin + failures from external errors. + type: boolean + type: object + portLevelSettings: + description: Traffic policies specific to individual ports. + items: + properties: + connectionPool: + properties: + http: + description: HTTP connection pool settings. + properties: + h2UpgradePolicy: + description: |- + Specify if http1.1 connection should be upgraded to http2 for the associated destination. + + Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE + enum: + - DEFAULT + - DO_NOT_UPGRADE + - UPGRADE + type: string + http1MaxPendingRequests: + description: Maximum number of requests that will + be queued while waiting for a ready connection + pool connection. + format: int32 + type: integer + http2MaxRequests: + description: Maximum number of active requests to + a destination. + format: int32 + type: integer + idleTimeout: + description: The idle timeout for upstream connection + pool connections. + type: string + maxConcurrentStreams: + description: The maximum number of concurrent streams + allowed for a peer on one HTTP/2 connection. + format: int32 + type: integer + maxRequestsPerConnection: + description: Maximum number of requests per connection + to a backend. + format: int32 + type: integer + maxRetries: + description: Maximum number of retries that can + be outstanding to all hosts in a cluster at a + given time. + format: int32 + type: integer + useClientProtocol: + description: If set to true, client protocol will + be preserved while initiating connection to backend. + type: boolean + type: object + tcp: + description: Settings common to both HTTP and TCP upstream + connections. + properties: + connectTimeout: + description: TCP connection timeout. + type: string + idleTimeout: + description: The idle timeout for TCP connections. + type: string + maxConnectionDuration: + description: The maximum duration of a connection. + type: string + maxConnections: + description: Maximum number of HTTP1 /TCP connections + to a destination host. + format: int32 + type: integer + tcpKeepalive: + description: If set then set SO_KEEPALIVE on the + socket to enable TCP Keepalives. + properties: + interval: + description: The time duration between keep-alive + probes. + type: string + probes: + description: Maximum number of keepalive probes + to send without response before deciding the + connection is dead. + type: integer + time: + description: The time duration a connection + needs to be idle before keep-alive probes + start being sent. + type: string + type: object + type: object + type: object + loadBalancer: + description: Settings controlling the load balancer algorithms. + oneOf: + - not: + anyOf: + - required: + - simple + - required: + - consistentHash + - required: + - simple + - required: + - consistentHash + properties: + consistentHash: + allOf: + - oneOf: + - not: + anyOf: + - required: + - httpHeaderName + - required: + - httpCookie + - required: + - useSourceIp + - required: + - httpQueryParameterName + - required: + - httpHeaderName + - required: + - httpCookie + - required: + - useSourceIp + - required: + - httpQueryParameterName + - oneOf: + - not: + anyOf: + - required: + - ringHash + - required: + - maglev + - required: + - ringHash + - required: + - maglev + properties: + httpCookie: + description: Hash based on HTTP cookie. + properties: + name: + description: Name of the cookie. + type: string + path: + description: Path to set for the cookie. + type: string + ttl: + description: Lifetime of the cookie. + type: string + required: + - name + type: object + httpHeaderName: + description: Hash based on a specific HTTP header. + type: string + httpQueryParameterName: + description: Hash based on a specific HTTP query + parameter. + type: string + maglev: + description: The Maglev load balancer implements + consistent hashing to backend hosts. + properties: + tableSize: + description: The table size for Maglev hashing. + type: integer + type: object + minimumRingSize: + description: Deprecated. + type: integer + ringHash: + description: The ring/modulo hash load balancer + implements consistent hashing to backend hosts. + properties: + minimumRingSize: + description: The minimum number of virtual nodes + to use for the hash ring. + type: integer + type: object + useSourceIp: + description: Hash based on the source IP address. + type: boolean + type: object + localityLbSetting: + properties: + distribute: + description: 'Optional: only one of distribute, + failover or failoverPriority can be set.' + items: + properties: + from: + description: Originating locality, '/' separated, + e.g. + type: string + to: + additionalProperties: + type: integer + description: Map of upstream localities to + traffic distribution weights. + type: object + type: object + type: array + enabled: + description: enable locality load balancing, this + is DestinationRule-level and will override mesh + wide settings in entirety. + nullable: true + type: boolean + failover: + description: 'Optional: only one of distribute, + failover or failoverPriority can be set.' + items: + properties: + from: + description: Originating region. + type: string + to: + description: Destination region the traffic + will fail over to when endpoints in the + 'from' region becomes unhealthy. + type: string + type: object + type: array + failoverPriority: + description: failoverPriority is an ordered list + of labels used to sort endpoints to do priority + based load balancing. + items: + type: string + type: array + type: object + simple: + description: |2- + + + Valid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST + enum: + - UNSPECIFIED + - LEAST_CONN + - RANDOM + - PASSTHROUGH + - ROUND_ROBIN + - LEAST_REQUEST + type: string + warmupDurationSecs: + description: Represents the warmup duration of Service. + type: string + type: object + outlierDetection: + properties: + baseEjectionTime: + description: Minimum ejection duration. + type: string + consecutive5xxErrors: + description: Number of 5xx errors before a host is ejected + from the connection pool. + nullable: true + type: integer + consecutiveErrors: + format: int32 + type: integer + consecutiveGatewayErrors: + description: Number of gateway errors before a host + is ejected from the connection pool. + nullable: true + type: integer + consecutiveLocalOriginFailures: + description: The number of consecutive locally originated + failures before ejection occurs. + nullable: true + type: integer + interval: + description: Time interval between ejection sweep analysis. + type: string + maxEjectionPercent: + description: Maximum % of hosts in the load balancing + pool for the upstream service that can be ejected. + format: int32 + type: integer + minHealthPercent: + description: Outlier detection will be enabled as long + as the associated load balancing pool has at least + min_health_percent hosts in healthy mode. + format: int32 + type: integer + splitExternalLocalOriginErrors: + description: Determines whether to distinguish local + origin failures from external errors. + type: boolean + type: object + port: + description: Specifies the number of a port on the destination + service on which this policy is being applied. + properties: + number: + type: integer + type: object + tls: + description: TLS related settings for connections to the + upstream service. + properties: + caCertificates: + description: 'OPTIONAL: The path to the file containing + certificate authority certificates to use in verifying + a presented server certificate.' + type: string + caCrl: + description: 'OPTIONAL: The path to the file containing + the certificate revocation list (CRL) to use in verifying + a presented server certificate.' + type: string + clientCertificate: + description: REQUIRED if mode is `MUTUAL`. + type: string + credentialName: + description: The name of the secret that holds the TLS + certs for the client including the CA certificates. + type: string + insecureSkipVerify: + description: '`insecureSkipVerify` specifies whether + the proxy should skip verifying the CA signature and + SAN for the server certificate corresponding to the + host.' + nullable: true + type: boolean + mode: + description: |- + Indicates whether connections to this port should be secured using TLS. + + Valid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL + enum: + - DISABLE + - SIMPLE + - MUTUAL + - ISTIO_MUTUAL + type: string + privateKey: + description: REQUIRED if mode is `MUTUAL`. + type: string + sni: + description: SNI string to present to the server during + TLS handshake. + type: string + subjectAltNames: + description: A list of alternate names to verify the + subject identity in the certificate. + items: + type: string + type: array + type: object + type: object + type: array + proxyProtocol: + description: The upstream PROXY protocol settings. + properties: + version: + description: |- + The PROXY protocol version to use. + + Valid Options: V1, V2 + enum: + - V1 + - V2 + type: string + type: object + tls: + description: TLS related settings for connections to the upstream + service. + properties: + caCertificates: + description: 'OPTIONAL: The path to the file containing certificate + authority certificates to use in verifying a presented server + certificate.' + type: string + caCrl: + description: 'OPTIONAL: The path to the file containing the + certificate revocation list (CRL) to use in verifying a + presented server certificate.' + type: string + clientCertificate: + description: REQUIRED if mode is `MUTUAL`. + type: string + credentialName: + description: The name of the secret that holds the TLS certs + for the client including the CA certificates. + type: string + insecureSkipVerify: + description: '`insecureSkipVerify` specifies whether the proxy + should skip verifying the CA signature and SAN for the server + certificate corresponding to the host.' + nullable: true + type: boolean + mode: + description: |- + Indicates whether connections to this port should be secured using TLS. + + Valid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL + enum: + - DISABLE + - SIMPLE + - MUTUAL + - ISTIO_MUTUAL + type: string + privateKey: + description: REQUIRED if mode is `MUTUAL`. + type: string + sni: + description: SNI string to present to the server during TLS + handshake. + type: string + subjectAltNames: + description: A list of alternate names to verify the subject + identity in the certificate. + items: + type: string + type: array + type: object + tunnel: + description: Configuration of tunneling TCP over other transport + or application layers for the host configured in the DestinationRule. + properties: + protocol: + description: Specifies which protocol to use for tunneling + the downstream connection. + type: string + targetHost: + description: Specifies a host to which the downstream connection + is tunneled. + type: string + targetPort: + description: Specifies a port to which the downstream connection + is tunneled. + type: integer + required: + - targetHost + - targetPort + type: object + type: object + workloadSelector: + description: Criteria used to select the specific set of pods/VMs + on which this `DestinationRule` configuration should be applied. + properties: + matchLabels: + additionalProperties: + type: string + description: One or more labels that indicate a specific set of + pods/VMs on which a policy should be applied. + type: object + type: object + required: + - host + type: object + status: + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + subresources: + status: {} - additionalPrinterColumns: - description: The name of a service from the service registry jsonPath: .spec.host @@ -1798,7 +3345,7 @@ spec: x-kubernetes-preserve-unknown-fields: true type: object served: true - storage: true + storage: false subresources: status: {} - additionalPrinterColumns: @@ -3345,7 +4892,7 @@ spec: x-kubernetes-preserve-unknown-fields: true type: object served: true - storage: false + storage: true subresources: status: {} --- @@ -3657,6 +5204,163 @@ spec: singular: gateway scope: Namespaced versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + spec: + description: 'Configuration affecting edge load balancer. See more details + at: https://istio.io/docs/reference/config/networking/gateway.html' + properties: + selector: + additionalProperties: + type: string + description: One or more labels that indicate a specific set of pods/VMs + on which this gateway configuration should be applied. + type: object + servers: + description: A list of server specifications. + items: + properties: + bind: + description: The ip or the Unix domain socket to which the listener + should be bound to. + type: string + defaultEndpoint: + type: string + hosts: + description: One or more hosts exposed by this gateway. + items: + type: string + type: array + name: + description: An optional name of the server, when set must be + unique across all servers. + type: string + port: + description: The Port on which the proxy should listen for incoming + connections. + properties: + name: + description: Label assigned to the port. + type: string + number: + description: A valid non-negative integer port number. + type: integer + protocol: + description: The protocol exposed on the port. + type: string + targetPort: + type: integer + required: + - number + - protocol + - name + type: object + tls: + description: Set of TLS related options that govern the server's + behavior. + properties: + caCertificates: + description: REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`. + type: string + caCrl: + description: 'OPTIONAL: The path to the file containing + the certificate revocation list (CRL) to use in verifying + a presented client side certificate.' + type: string + cipherSuites: + description: 'Optional: If specified, only support the specified + cipher list.' + items: + type: string + type: array + credentialName: + description: For gateways running on Kubernetes, the name + of the secret that holds the TLS certs including the CA + certificates. + type: string + httpsRedirect: + description: If set to true, the load balancer will send + a 301 redirect for all http connections, asking the clients + to use HTTPS. + type: boolean + maxProtocolVersion: + description: |- + Optional: Maximum TLS protocol version. + + Valid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 + enum: + - TLS_AUTO + - TLSV1_0 + - TLSV1_1 + - TLSV1_2 + - TLSV1_3 + type: string + minProtocolVersion: + description: |- + Optional: Minimum TLS protocol version. + + Valid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 + enum: + - TLS_AUTO + - TLSV1_0 + - TLSV1_1 + - TLSV1_2 + - TLSV1_3 + type: string + mode: + description: |- + Optional: Indicates whether connections to this port should be secured using TLS. + + Valid Options: PASSTHROUGH, SIMPLE, MUTUAL, AUTO_PASSTHROUGH, ISTIO_MUTUAL, OPTIONAL_MUTUAL + enum: + - PASSTHROUGH + - SIMPLE + - MUTUAL + - AUTO_PASSTHROUGH + - ISTIO_MUTUAL + - OPTIONAL_MUTUAL + type: string + privateKey: + description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. + type: string + serverCertificate: + description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. + type: string + subjectAltNames: + description: A list of alternate names to verify the subject + identity in the certificate presented by the client. + items: + type: string + type: array + verifyCertificateHash: + description: An optional list of hex-encoded SHA-256 hashes + of the authorized client certificates. + items: + type: string + type: array + verifyCertificateSpki: + description: An optional list of base64-encoded SHA-256 + hashes of the SPKIs of authorized client certificates. + items: + type: string + type: array + type: object + required: + - port + - hosts + type: object + type: array + type: object + status: + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + subresources: + status: {} - name: v1alpha3 schema: openAPIV3Schema: @@ -3811,7 +5515,7 @@ spec: x-kubernetes-preserve-unknown-fields: true type: object served: true - storage: true + storage: false subresources: status: {} - name: v1beta1 @@ -3968,7 +5672,7 @@ spec: x-kubernetes-preserve-unknown-fields: true type: object served: true - storage: false + storage: true subresources: status: {} --- @@ -4064,6 +5768,154 @@ spec: singular: serviceentry scope: Namespaced versions: + - additionalPrinterColumns: + - description: The hosts associated with the ServiceEntry + jsonPath: .spec.hosts + name: Hosts + type: string + - description: Whether the service is external to the mesh or part of the mesh + (MESH_EXTERNAL or MESH_INTERNAL) + jsonPath: .spec.location + name: Location + type: string + - description: Service resolution mode for the hosts (NONE, STATIC, or DNS) + jsonPath: .spec.resolution + name: Resolution + type: string + - description: 'CreationTimestamp is a timestamp representing the server time + when this object was created. It is not guaranteed to be set in happens-before + order across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for + lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + properties: + spec: + description: 'Configuration affecting service registry. See more details + at: https://istio.io/docs/reference/config/networking/service-entry.html' + properties: + addresses: + description: The virtual IP addresses associated with the service. + items: + type: string + type: array + endpoints: + description: One or more endpoints associated with the service. + items: + properties: + address: + description: Address associated with the network endpoint without + the port. + type: string + labels: + additionalProperties: + type: string + description: One or more labels associated with the endpoint. + type: object + locality: + description: The locality associated with the endpoint. + type: string + network: + description: Network enables Istio to group endpoints resident + in the same L3 domain/network. + type: string + ports: + additionalProperties: + type: integer + description: Set of ports associated with the endpoint. + type: object + serviceAccount: + description: The service account associated with the workload + if a sidecar is present in the workload. + type: string + weight: + description: The load balancing weight associated with the endpoint. + type: integer + type: object + type: array + exportTo: + description: A list of namespaces to which this service is exported. + items: + type: string + type: array + hosts: + description: The hosts associated with the ServiceEntry. + items: + type: string + type: array + location: + description: |- + Specify whether the service should be considered external to the mesh or part of the mesh. + + Valid Options: MESH_EXTERNAL, MESH_INTERNAL + enum: + - MESH_EXTERNAL + - MESH_INTERNAL + type: string + ports: + description: The ports associated with the external service. + items: + properties: + name: + description: Label assigned to the port. + type: string + number: + description: A valid non-negative integer port number. + type: integer + protocol: + description: The protocol exposed on the port. + type: string + targetPort: + description: The port number on the endpoint where the traffic + will be received. + type: integer + required: + - number + - name + type: object + type: array + resolution: + description: |- + Service resolution mode for the hosts. + + Valid Options: NONE, STATIC, DNS, DNS_ROUND_ROBIN + enum: + - NONE + - STATIC + - DNS + - DNS_ROUND_ROBIN + type: string + subjectAltNames: + description: If specified, the proxy will verify that the server certificate's + subject alternate name matches one of the specified values. + items: + type: string + type: array + workloadSelector: + description: Applicable only for MESH_INTERNAL services. + properties: + labels: + additionalProperties: + type: string + description: One or more labels that indicate a specific set of + pods/VMs on which the configuration should be applied. + type: object + type: object + required: + - hosts + type: object + status: + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + subresources: + status: {} - additionalPrinterColumns: - description: The hosts associated with the ServiceEntry jsonPath: .spec.hosts @@ -4209,7 +6061,7 @@ spec: x-kubernetes-preserve-unknown-fields: true type: object served: true - storage: true + storage: false subresources: status: {} - additionalPrinterColumns: @@ -4357,7 +6209,7 @@ spec: x-kubernetes-preserve-unknown-fields: true type: object served: true - storage: false + storage: true subresources: status: {} --- @@ -4384,6 +6236,418 @@ spec: singular: sidecar scope: Namespaced versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + spec: + description: 'Configuration affecting network reachability of a sidecar. + See more details at: https://istio.io/docs/reference/config/networking/sidecar.html' + properties: + egress: + description: Egress specifies the configuration of the sidecar for + processing outbound traffic from the attached workload instance + to other services in the mesh. + items: + properties: + bind: + description: The IP(IPv4 or IPv6) or the Unix domain socket + to which the listener should be bound to. + type: string + captureMode: + description: |- + When the bind address is an IP, the captureMode option dictates how traffic to the listener is expected to be captured (or not). + + Valid Options: DEFAULT, IPTABLES, NONE + enum: + - DEFAULT + - IPTABLES + - NONE + type: string + hosts: + description: One or more service hosts exposed by the listener + in `namespace/dnsName` format. + items: + type: string + type: array + port: + description: The port associated with the listener. + properties: + name: + description: Label assigned to the port. + type: string + number: + description: A valid non-negative integer port number. + type: integer + protocol: + description: The protocol exposed on the port. + type: string + targetPort: + type: integer + type: object + required: + - hosts + type: object + type: array + inboundConnectionPool: + description: Settings controlling the volume of connections Envoy + will accept from the network. + properties: + http: + description: HTTP connection pool settings. + properties: + h2UpgradePolicy: + description: |- + Specify if http1.1 connection should be upgraded to http2 for the associated destination. + + Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE + enum: + - DEFAULT + - DO_NOT_UPGRADE + - UPGRADE + type: string + http1MaxPendingRequests: + description: Maximum number of requests that will be queued + while waiting for a ready connection pool connection. + format: int32 + type: integer + http2MaxRequests: + description: Maximum number of active requests to a destination. + format: int32 + type: integer + idleTimeout: + description: The idle timeout for upstream connection pool + connections. + type: string + maxConcurrentStreams: + description: The maximum number of concurrent streams allowed + for a peer on one HTTP/2 connection. + format: int32 + type: integer + maxRequestsPerConnection: + description: Maximum number of requests per connection to + a backend. + format: int32 + type: integer + maxRetries: + description: Maximum number of retries that can be outstanding + to all hosts in a cluster at a given time. + format: int32 + type: integer + useClientProtocol: + description: If set to true, client protocol will be preserved + while initiating connection to backend. + type: boolean + type: object + tcp: + description: Settings common to both HTTP and TCP upstream connections. + properties: + connectTimeout: + description: TCP connection timeout. + type: string + idleTimeout: + description: The idle timeout for TCP connections. + type: string + maxConnectionDuration: + description: The maximum duration of a connection. + type: string + maxConnections: + description: Maximum number of HTTP1 /TCP connections to a + destination host. + format: int32 + type: integer + tcpKeepalive: + description: If set then set SO_KEEPALIVE on the socket to + enable TCP Keepalives. + properties: + interval: + description: The time duration between keep-alive probes. + type: string + probes: + description: Maximum number of keepalive probes to send + without response before deciding the connection is dead. + type: integer + time: + description: The time duration a connection needs to be + idle before keep-alive probes start being sent. + type: string + type: object + type: object + type: object + ingress: + description: Ingress specifies the configuration of the sidecar for + processing inbound traffic to the attached workload instance. + items: + properties: + bind: + description: The IP(IPv4 or IPv6) to which the listener should + be bound. + type: string + captureMode: + description: |- + The captureMode option dictates how traffic to the listener is expected to be captured (or not). + + Valid Options: DEFAULT, IPTABLES, NONE + enum: + - DEFAULT + - IPTABLES + - NONE + type: string + connectionPool: + description: Settings controlling the volume of connections + Envoy will accept from the network. + properties: + http: + description: HTTP connection pool settings. + properties: + h2UpgradePolicy: + description: |- + Specify if http1.1 connection should be upgraded to http2 for the associated destination. + + Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE + enum: + - DEFAULT + - DO_NOT_UPGRADE + - UPGRADE + type: string + http1MaxPendingRequests: + description: Maximum number of requests that will be + queued while waiting for a ready connection pool connection. + format: int32 + type: integer + http2MaxRequests: + description: Maximum number of active requests to a + destination. + format: int32 + type: integer + idleTimeout: + description: The idle timeout for upstream connection + pool connections. + type: string + maxConcurrentStreams: + description: The maximum number of concurrent streams + allowed for a peer on one HTTP/2 connection. + format: int32 + type: integer + maxRequestsPerConnection: + description: Maximum number of requests per connection + to a backend. + format: int32 + type: integer + maxRetries: + description: Maximum number of retries that can be outstanding + to all hosts in a cluster at a given time. + format: int32 + type: integer + useClientProtocol: + description: If set to true, client protocol will be + preserved while initiating connection to backend. + type: boolean + type: object + tcp: + description: Settings common to both HTTP and TCP upstream + connections. + properties: + connectTimeout: + description: TCP connection timeout. + type: string + idleTimeout: + description: The idle timeout for TCP connections. + type: string + maxConnectionDuration: + description: The maximum duration of a connection. + type: string + maxConnections: + description: Maximum number of HTTP1 /TCP connections + to a destination host. + format: int32 + type: integer + tcpKeepalive: + description: If set then set SO_KEEPALIVE on the socket + to enable TCP Keepalives. + properties: + interval: + description: The time duration between keep-alive + probes. + type: string + probes: + description: Maximum number of keepalive probes + to send without response before deciding the connection + is dead. + type: integer + time: + description: The time duration a connection needs + to be idle before keep-alive probes start being + sent. + type: string + type: object + type: object + type: object + defaultEndpoint: + description: The IP endpoint or Unix domain socket to which + traffic should be forwarded to. + type: string + port: + description: The port associated with the listener. + properties: + name: + description: Label assigned to the port. + type: string + number: + description: A valid non-negative integer port number. + type: integer + protocol: + description: The protocol exposed on the port. + type: string + targetPort: + type: integer + type: object + tls: + description: Set of TLS related options that will enable TLS + termination on the sidecar for requests originating from outside + the mesh. + properties: + caCertificates: + description: REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`. + type: string + caCrl: + description: 'OPTIONAL: The path to the file containing + the certificate revocation list (CRL) to use in verifying + a presented client side certificate.' + type: string + cipherSuites: + description: 'Optional: If specified, only support the specified + cipher list.' + items: + type: string + type: array + credentialName: + description: For gateways running on Kubernetes, the name + of the secret that holds the TLS certs including the CA + certificates. + type: string + httpsRedirect: + description: If set to true, the load balancer will send + a 301 redirect for all http connections, asking the clients + to use HTTPS. + type: boolean + maxProtocolVersion: + description: |- + Optional: Maximum TLS protocol version. + + Valid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 + enum: + - TLS_AUTO + - TLSV1_0 + - TLSV1_1 + - TLSV1_2 + - TLSV1_3 + type: string + minProtocolVersion: + description: |- + Optional: Minimum TLS protocol version. + + Valid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3 + enum: + - TLS_AUTO + - TLSV1_0 + - TLSV1_1 + - TLSV1_2 + - TLSV1_3 + type: string + mode: + description: |- + Optional: Indicates whether connections to this port should be secured using TLS. + + Valid Options: PASSTHROUGH, SIMPLE, MUTUAL, AUTO_PASSTHROUGH, ISTIO_MUTUAL, OPTIONAL_MUTUAL + enum: + - PASSTHROUGH + - SIMPLE + - MUTUAL + - AUTO_PASSTHROUGH + - ISTIO_MUTUAL + - OPTIONAL_MUTUAL + type: string + privateKey: + description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. + type: string + serverCertificate: + description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. + type: string + subjectAltNames: + description: A list of alternate names to verify the subject + identity in the certificate presented by the client. + items: + type: string + type: array + verifyCertificateHash: + description: An optional list of hex-encoded SHA-256 hashes + of the authorized client certificates. + items: + type: string + type: array + verifyCertificateSpki: + description: An optional list of base64-encoded SHA-256 + hashes of the SPKIs of authorized client certificates. + items: + type: string + type: array + type: object + required: + - port + type: object + type: array + outboundTrafficPolicy: + description: Configuration for the outbound traffic policy. + properties: + egressProxy: + properties: + host: + description: The name of a service from the service registry. + type: string + port: + description: Specifies the port on the host that is being + addressed. + properties: + number: + type: integer + type: object + subset: + description: The name of a subset within the service. + type: string + required: + - host + type: object + mode: + description: |2- + + + Valid Options: REGISTRY_ONLY, ALLOW_ANY + enum: + - REGISTRY_ONLY + - ALLOW_ANY + type: string + type: object + workloadSelector: + description: Criteria used to select the specific set of pods/VMs + on which this `Sidecar` configuration should be applied. + properties: + labels: + additionalProperties: + type: string + description: One or more labels that indicate a specific set of + pods/VMs on which the configuration should be applied. + type: object + type: object + type: object + status: + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + subresources: + status: {} - name: v1alpha3 schema: openAPIV3Schema: @@ -4793,7 +7057,7 @@ spec: x-kubernetes-preserve-unknown-fields: true type: object served: true - storage: true + storage: false subresources: status: {} - name: v1beta1 @@ -5205,7 +7469,7 @@ spec: x-kubernetes-preserve-unknown-fields: true type: object served: true - storage: false + storage: true subresources: status: {} --- @@ -5234,6 +7498,923 @@ spec: singular: virtualservice scope: Namespaced versions: + - additionalPrinterColumns: + - description: The names of gateways and sidecars that should apply these routes + jsonPath: .spec.gateways + name: Gateways + type: string + - description: The destination hosts to which traffic is being sent + jsonPath: .spec.hosts + name: Hosts + type: string + - description: 'CreationTimestamp is a timestamp representing the server time + when this object was created. It is not guaranteed to be set in happens-before + order across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for + lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + properties: + spec: + description: 'Configuration affecting label/content routing, sni routing, + etc. See more details at: https://istio.io/docs/reference/config/networking/virtual-service.html' + properties: + exportTo: + description: A list of namespaces to which this virtual service is + exported. + items: + type: string + type: array + gateways: + description: The names of gateways and sidecars that should apply + these routes. + items: + type: string + type: array + hosts: + description: The destination hosts to which traffic is being sent. + items: + type: string + type: array + http: + description: An ordered list of route rules for HTTP traffic. + items: + properties: + corsPolicy: + description: Cross-Origin Resource Sharing policy (CORS). + properties: + allowCredentials: + description: Indicates whether the caller is allowed to + send the actual request (not the preflight) using credentials. + nullable: true + type: boolean + allowHeaders: + description: List of HTTP headers that can be used when + requesting the resource. + items: + type: string + type: array + allowMethods: + description: List of HTTP methods allowed to access the + resource. + items: + type: string + type: array + allowOrigin: + items: + type: string + type: array + allowOrigins: + description: String patterns that match allowed origins. + items: + oneOf: + - not: + anyOf: + - required: + - exact + - required: + - prefix + - required: + - regex + - required: + - exact + - required: + - prefix + - required: + - regex + properties: + exact: + type: string + prefix: + type: string + regex: + description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + type: string + type: object + type: array + exposeHeaders: + description: A list of HTTP headers that the browsers are + allowed to access. + items: + type: string + type: array + maxAge: + description: Specifies how long the results of a preflight + request can be cached. + type: string + type: object + delegate: + description: Delegate is used to specify the particular VirtualService + which can be used to define delegate HTTPRoute. + properties: + name: + description: Name specifies the name of the delegate VirtualService. + type: string + namespace: + description: Namespace specifies the namespace where the + delegate VirtualService resides. + type: string + type: object + directResponse: + description: A HTTP rule can either return a direct_response, + redirect or forward (default) traffic. + properties: + body: + description: Specifies the content of the response body. + oneOf: + - not: + anyOf: + - required: + - string + - required: + - bytes + - required: + - string + - required: + - bytes + properties: + bytes: + description: response body as base64 encoded bytes. + format: binary + type: string + string: + type: string + type: object + status: + description: Specifies the HTTP response status to be returned. + type: integer + required: + - status + type: object + fault: + description: Fault injection policy to apply on HTTP traffic + at the client side. + properties: + abort: + description: Abort Http request attempts and return error + codes back to downstream service, giving the impression + that the upstream service is faulty. + oneOf: + - not: + anyOf: + - required: + - httpStatus + - required: + - grpcStatus + - required: + - http2Error + - required: + - httpStatus + - required: + - grpcStatus + - required: + - http2Error + properties: + grpcStatus: + description: GRPC status code to use to abort the request. + type: string + http2Error: + type: string + httpStatus: + description: HTTP status code to use to abort the Http + request. + format: int32 + type: integer + percentage: + description: Percentage of requests to be aborted with + the error code provided. + properties: + value: + format: double + type: number + type: object + type: object + delay: + description: Delay requests before forwarding, emulating + various failures such as network issues, overloaded upstream + service, etc. + oneOf: + - not: + anyOf: + - required: + - fixedDelay + - required: + - exponentialDelay + - required: + - fixedDelay + - required: + - exponentialDelay + properties: + exponentialDelay: + type: string + fixedDelay: + description: Add a fixed delay before forwarding the + request. + type: string + percent: + description: Percentage of requests on which the delay + will be injected (0-100). + format: int32 + type: integer + percentage: + description: Percentage of requests on which the delay + will be injected. + properties: + value: + format: double + type: number + type: object + type: object + type: object + headers: + properties: + request: + properties: + add: + additionalProperties: + type: string + type: object + remove: + items: + type: string + type: array + set: + additionalProperties: + type: string + type: object + type: object + response: + properties: + add: + additionalProperties: + type: string + type: object + remove: + items: + type: string + type: array + set: + additionalProperties: + type: string + type: object + type: object + type: object + match: + description: Match conditions to be satisfied for the rule to + be activated. + items: + properties: + authority: + description: 'HTTP Authority values are case-sensitive + and formatted as follows: - `exact: "value"` for exact + string match - `prefix: "value"` for prefix-based match + - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).' + oneOf: + - not: + anyOf: + - required: + - exact + - required: + - prefix + - required: + - regex + - required: + - exact + - required: + - prefix + - required: + - regex + properties: + exact: + type: string + prefix: + type: string + regex: + description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + type: string + type: object + gateways: + description: Names of gateways where the rule should be + applied. + items: + type: string + type: array + headers: + additionalProperties: + oneOf: + - not: + anyOf: + - required: + - exact + - required: + - prefix + - required: + - regex + - required: + - exact + - required: + - prefix + - required: + - regex + properties: + exact: + type: string + prefix: + type: string + regex: + description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + type: string + type: object + description: The header keys must be lowercase and use + hyphen as the separator, e.g. + type: object + ignoreUriCase: + description: Flag to specify whether the URI matching + should be case-insensitive. + type: boolean + method: + description: 'HTTP Method values are case-sensitive and + formatted as follows: - `exact: "value"` for exact string + match - `prefix: "value"` for prefix-based match - `regex: + "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).' + oneOf: + - not: + anyOf: + - required: + - exact + - required: + - prefix + - required: + - regex + - required: + - exact + - required: + - prefix + - required: + - regex + properties: + exact: + type: string + prefix: + type: string + regex: + description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + type: string + type: object + name: + description: The name assigned to a match. + type: string + port: + description: Specifies the ports on the host that is being + addressed. + type: integer + queryParams: + additionalProperties: + oneOf: + - not: + anyOf: + - required: + - exact + - required: + - prefix + - required: + - regex + - required: + - exact + - required: + - prefix + - required: + - regex + properties: + exact: + type: string + prefix: + type: string + regex: + description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + type: string + type: object + description: Query parameters for matching. + type: object + scheme: + description: 'URI Scheme values are case-sensitive and + formatted as follows: - `exact: "value"` for exact string + match - `prefix: "value"` for prefix-based match - `regex: + "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).' + oneOf: + - not: + anyOf: + - required: + - exact + - required: + - prefix + - required: + - regex + - required: + - exact + - required: + - prefix + - required: + - regex + properties: + exact: + type: string + prefix: + type: string + regex: + description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + type: string + type: object + sourceLabels: + additionalProperties: + type: string + description: One or more labels that constrain the applicability + of a rule to source (client) workloads with the given + labels. + type: object + sourceNamespace: + description: Source namespace constraining the applicability + of a rule to workloads in that namespace. + type: string + statPrefix: + description: The human readable prefix to use when emitting + statistics for this route. + type: string + uri: + description: 'URI to match values are case-sensitive and + formatted as follows: - `exact: "value"` for exact string + match - `prefix: "value"` for prefix-based match - `regex: + "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).' + oneOf: + - not: + anyOf: + - required: + - exact + - required: + - prefix + - required: + - regex + - required: + - exact + - required: + - prefix + - required: + - regex + properties: + exact: + type: string + prefix: + type: string + regex: + description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + type: string + type: object + withoutHeaders: + additionalProperties: + oneOf: + - not: + anyOf: + - required: + - exact + - required: + - prefix + - required: + - regex + - required: + - exact + - required: + - prefix + - required: + - regex + properties: + exact: + type: string + prefix: + type: string + regex: + description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + type: string + type: object + description: withoutHeader has the same syntax with the + header, but has opposite meaning. + type: object + type: object + type: array + mirror: + description: Mirror HTTP traffic to a another destination in + addition to forwarding the requests to the intended destination. + properties: + host: + description: The name of a service from the service registry. + type: string + port: + description: Specifies the port on the host that is being + addressed. + properties: + number: + type: integer + type: object + subset: + description: The name of a subset within the service. + type: string + required: + - host + type: object + mirror_percent: + nullable: true + type: integer + mirrorPercent: + nullable: true + type: integer + mirrorPercentage: + description: Percentage of the traffic to be mirrored by the + `mirror` field. + properties: + value: + format: double + type: number + type: object + mirrors: + description: Specifies the destinations to mirror HTTP traffic + in addition to the original destination. + items: + properties: + destination: + description: Destination specifies the target of the mirror + operation. + properties: + host: + description: The name of a service from the service + registry. + type: string + port: + description: Specifies the port on the host that is + being addressed. + properties: + number: + type: integer + type: object + subset: + description: The name of a subset within the service. + type: string + required: + - host + type: object + percentage: + description: Percentage of the traffic to be mirrored + by the `destination` field. + properties: + value: + format: double + type: number + type: object + required: + - destination + type: object + type: array + name: + description: The name assigned to the route for debugging purposes. + type: string + redirect: + description: A HTTP rule can either return a direct_response, + redirect or forward (default) traffic. + oneOf: + - not: + anyOf: + - required: + - port + - required: + - derivePort + - required: + - port + - required: + - derivePort + properties: + authority: + description: On a redirect, overwrite the Authority/Host + portion of the URL with this value. + type: string + derivePort: + description: |- + On a redirect, dynamically set the port: * FROM_PROTOCOL_DEFAULT: automatically set to 80 for HTTP and 443 for HTTPS. + + Valid Options: FROM_PROTOCOL_DEFAULT, FROM_REQUEST_PORT + enum: + - FROM_PROTOCOL_DEFAULT + - FROM_REQUEST_PORT + type: string + port: + description: On a redirect, overwrite the port portion of + the URL with this value. + type: integer + redirectCode: + description: On a redirect, Specifies the HTTP status code + to use in the redirect response. + type: integer + scheme: + description: On a redirect, overwrite the scheme portion + of the URL with this value. + type: string + uri: + description: On a redirect, overwrite the Path portion of + the URL with this value. + type: string + type: object + retries: + description: Retry policy for HTTP requests. + properties: + attempts: + description: Number of retries to be allowed for a given + request. + format: int32 + type: integer + perTryTimeout: + description: Timeout per attempt for a given request, including + the initial call and any retries. + type: string + retryOn: + description: Specifies the conditions under which retry + takes place. + type: string + retryRemoteLocalities: + description: Flag to specify whether the retries should + retry to other localities. + nullable: true + type: boolean + type: object + rewrite: + description: Rewrite HTTP URIs and Authority headers. + properties: + authority: + description: rewrite the Authority/Host header with this + value. + type: string + uri: + description: rewrite the path (or the prefix) portion of + the URI with this value. + type: string + uriRegexRewrite: + description: rewrite the path portion of the URI with the + specified regex. + properties: + match: + description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + type: string + rewrite: + description: The string that should replace into matching + portions of original URI. + type: string + type: object + type: object + route: + description: A HTTP rule can either return a direct_response, + redirect or forward (default) traffic. + items: + properties: + destination: + description: Destination uniquely identifies the instances + of a service to which the request/connection should + be forwarded to. + properties: + host: + description: The name of a service from the service + registry. + type: string + port: + description: Specifies the port on the host that is + being addressed. + properties: + number: + type: integer + type: object + subset: + description: The name of a subset within the service. + type: string + required: + - host + type: object + headers: + properties: + request: + properties: + add: + additionalProperties: + type: string + type: object + remove: + items: + type: string + type: array + set: + additionalProperties: + type: string + type: object + type: object + response: + properties: + add: + additionalProperties: + type: string + type: object + remove: + items: + type: string + type: array + set: + additionalProperties: + type: string + type: object + type: object + type: object + weight: + description: Weight specifies the relative proportion + of traffic to be forwarded to the destination. + format: int32 + type: integer + required: + - destination + type: object + type: array + timeout: + description: Timeout for HTTP requests, default is disabled. + type: string + type: object + type: array + tcp: + description: An ordered list of route rules for opaque TCP traffic. + items: + properties: + match: + description: Match conditions to be satisfied for the rule to + be activated. + items: + properties: + destinationSubnets: + description: IPv4 or IPv6 ip addresses of destination + with optional subnet. + items: + type: string + type: array + gateways: + description: Names of gateways where the rule should be + applied. + items: + type: string + type: array + port: + description: Specifies the port on the host that is being + addressed. + type: integer + sourceLabels: + additionalProperties: + type: string + description: One or more labels that constrain the applicability + of a rule to workloads with the given labels. + type: object + sourceNamespace: + description: Source namespace constraining the applicability + of a rule to workloads in that namespace. + type: string + sourceSubnet: + type: string + type: object + type: array + route: + description: The destination to which the connection should + be forwarded to. + items: + properties: + destination: + description: Destination uniquely identifies the instances + of a service to which the request/connection should + be forwarded to. + properties: + host: + description: The name of a service from the service + registry. + type: string + port: + description: Specifies the port on the host that is + being addressed. + properties: + number: + type: integer + type: object + subset: + description: The name of a subset within the service. + type: string + required: + - host + type: object + weight: + description: Weight specifies the relative proportion + of traffic to be forwarded to the destination. + format: int32 + type: integer + required: + - destination + type: object + type: array + type: object + type: array + tls: + description: An ordered list of route rule for non-terminated TLS + & HTTPS traffic. + items: + properties: + match: + description: Match conditions to be satisfied for the rule to + be activated. + items: + properties: + destinationSubnets: + description: IPv4 or IPv6 ip addresses of destination + with optional subnet. + items: + type: string + type: array + gateways: + description: Names of gateways where the rule should be + applied. + items: + type: string + type: array + port: + description: Specifies the port on the host that is being + addressed. + type: integer + sniHosts: + description: SNI (server name indicator) to match on. + items: + type: string + type: array + sourceLabels: + additionalProperties: + type: string + description: One or more labels that constrain the applicability + of a rule to workloads with the given labels. + type: object + sourceNamespace: + description: Source namespace constraining the applicability + of a rule to workloads in that namespace. + type: string + required: + - sniHosts + type: object + type: array + route: + description: The destination to which the connection should + be forwarded to. + items: + properties: + destination: + description: Destination uniquely identifies the instances + of a service to which the request/connection should + be forwarded to. + properties: + host: + description: The name of a service from the service + registry. + type: string + port: + description: Specifies the port on the host that is + being addressed. + properties: + number: + type: integer + type: object + subset: + description: The name of a subset within the service. + type: string + required: + - host + type: object + weight: + description: Weight specifies the relative proportion + of traffic to be forwarded to the destination. + format: int32 + type: integer + required: + - destination + type: object + type: array + required: + - match + type: object + type: array + type: object + status: + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + subresources: + status: {} - additionalPrinterColumns: - description: The names of gateways and sidecars that should apply these routes jsonPath: .spec.gateways @@ -6148,7 +9329,7 @@ spec: x-kubernetes-preserve-unknown-fields: true type: object served: true - storage: true + storage: false subresources: status: {} - additionalPrinterColumns: @@ -7065,7 +10246,7 @@ spec: x-kubernetes-preserve-unknown-fields: true type: object served: true - storage: false + storage: true subresources: status: {} --- @@ -7094,6 +10275,64 @@ spec: singular: workloadentry scope: Namespaced versions: + - additionalPrinterColumns: + - description: 'CreationTimestamp is a timestamp representing the server time + when this object was created. It is not guaranteed to be set in happens-before + order across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for + lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Address associated with the network endpoint. + jsonPath: .spec.address + name: Address + type: string + name: v1 + schema: + openAPIV3Schema: + properties: + spec: + description: 'Configuration affecting VMs onboarded into the mesh. See + more details at: https://istio.io/docs/reference/config/networking/workload-entry.html' + properties: + address: + description: Address associated with the network endpoint without + the port. + type: string + labels: + additionalProperties: + type: string + description: One or more labels associated with the endpoint. + type: object + locality: + description: The locality associated with the endpoint. + type: string + network: + description: Network enables Istio to group endpoints resident in + the same L3 domain/network. + type: string + ports: + additionalProperties: + type: integer + description: Set of ports associated with the endpoint. + type: object + serviceAccount: + description: The service account associated with the workload if a + sidecar is present in the workload. + type: string + weight: + description: The load balancing weight associated with the endpoint. + type: integer + type: object + status: + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + subresources: + status: {} - additionalPrinterColumns: - description: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before @@ -7149,7 +10388,7 @@ spec: x-kubernetes-preserve-unknown-fields: true type: object served: true - storage: true + storage: false subresources: status: {} - additionalPrinterColumns: @@ -7207,7 +10446,7 @@ spec: x-kubernetes-preserve-unknown-fields: true type: object served: true - storage: false + storage: true subresources: status: {} --- @@ -7234,6 +10473,173 @@ spec: singular: workloadgroup scope: Namespaced versions: + - additionalPrinterColumns: + - description: 'CreationTimestamp is a timestamp representing the server time + when this object was created. It is not guaranteed to be set in happens-before + order across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for + lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + properties: + spec: + description: '`WorkloadGroup` enables specifying the properties of a single + workload for bootstrap and provides a template for `WorkloadEntry`, + similar to how `Deployment` specifies properties of workloads via `Pod` + templates.' + properties: + metadata: + description: Metadata that will be used for all corresponding `WorkloadEntries`. + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + probe: + description: '`ReadinessProbe` describes the configuration the user + must provide for healthchecking on their workload.' + oneOf: + - not: + anyOf: + - required: + - httpGet + - required: + - tcpSocket + - required: + - exec + - required: + - httpGet + - required: + - tcpSocket + - required: + - exec + properties: + exec: + description: Health is determined by how the command that is executed + exited. + properties: + command: + description: Command to run. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be + considered failed after having succeeded. + format: int32 + type: integer + httpGet: + description: '`httpGet` is performed to a given endpoint and the + status/able to connect determines health.' + properties: + host: + description: Host name to connect to, defaults to the pod + IP. + type: string + httpHeaders: + description: Headers the proxy will pass on to make the request. + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + description: Port on which the endpoint lives. + type: integer + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + description: Number of seconds after the container has started + before readiness probes are initiated. + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be + considered successful after having failed. + format: int32 + type: integer + tcpSocket: + description: Health is determined by if the proxy is able to connect. + properties: + host: + type: string + port: + type: integer + required: + - port + type: object + timeoutSeconds: + description: Number of seconds after which the probe times out. + format: int32 + type: integer + type: object + template: + description: Template to be used for the generation of `WorkloadEntry` + resources that belong to this `WorkloadGroup`. + properties: + address: + description: Address associated with the network endpoint without + the port. + type: string + labels: + additionalProperties: + type: string + description: One or more labels associated with the endpoint. + type: object + locality: + description: The locality associated with the endpoint. + type: string + network: + description: Network enables Istio to group endpoints resident + in the same L3 domain/network. + type: string + ports: + additionalProperties: + type: integer + description: Set of ports associated with the endpoint. + type: object + serviceAccount: + description: The service account associated with the workload + if a sidecar is present in the workload. + type: string + weight: + description: The load balancing weight associated with the endpoint. + type: integer + type: object + required: + - template + type: object + status: + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + subresources: + status: {} - additionalPrinterColumns: - description: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before @@ -7396,7 +10802,7 @@ spec: x-kubernetes-preserve-unknown-fields: true type: object served: true - storage: true + storage: false subresources: status: {} - additionalPrinterColumns: @@ -7563,7 +10969,7 @@ spec: x-kubernetes-preserve-unknown-fields: true type: object served: true - storage: false + storage: true subresources: status: {} --- diff --git a/networking/v1/destination_rule.pb.go b/networking/v1/destination_rule.pb.go new file mode 100644 index 00000000..9ead81a5 --- /dev/null +++ b/networking/v1/destination_rule.pb.go @@ -0,0 +1,3399 @@ +// Copyright 2020 Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.33.0 +// protoc (unknown) +// source: networking/v1/destination_rule.proto + +// $schema: istio.networking.v1.DestinationRule +// $title: Destination Rule +// $description: Configuration affecting load balancing, outlier detection, etc. +// $location: https://istio.io/docs/reference/config/networking/destination-rule.html +// $aliases: [/docs/reference/config/networking/v1/destination-rule] +// $mode: none + +// `DestinationRule` defines policies that apply to traffic intended for a +// service after routing has occurred. These rules specify configuration +// for load balancing, connection pool size from the sidecar, and outlier +// detection settings to detect and evict unhealthy hosts from the load +// balancing pool. For example, a simple load balancing policy for the +// ratings service would look as follows: +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: DestinationRule +// metadata: +// name: bookinfo-ratings +// spec: +// host: ratings.prod.svc.cluster.local +// trafficPolicy: +// loadBalancer: +// simple: LEAST_REQUEST +// ``` +// +// Version specific policies can be specified by defining a named +// `subset` and overriding the settings specified at the service level. The +// following rule uses a round robin load balancing policy for all traffic +// going to a subset named testversion that is composed of endpoints (e.g., +// pods) with labels (version:v3). +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: DestinationRule +// metadata: +// name: bookinfo-ratings +// spec: +// host: ratings.prod.svc.cluster.local +// trafficPolicy: +// loadBalancer: +// simple: LEAST_REQUEST +// subsets: +// - name: testversion +// labels: +// version: v3 +// trafficPolicy: +// loadBalancer: +// simple: ROUND_ROBIN +// ``` +// +// **Note:** Policies specified for subsets will not take effect until +// a route rule explicitly sends traffic to this subset. +// +// Traffic policies can be customized to specific ports as well. The +// following rule uses the least connection load balancing policy for all +// traffic to port 80, while uses a round robin load balancing setting for +// traffic to the port 9080. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: DestinationRule +// metadata: +// name: bookinfo-ratings-port +// spec: +// host: ratings.prod.svc.cluster.local +// trafficPolicy: # Apply to all ports +// portLevelSettings: +// - port: +// number: 80 +// loadBalancer: +// simple: LEAST_REQUEST +// - port: +// number: 9080 +// loadBalancer: +// simple: ROUND_ROBIN +// ``` + +package v1 + +import ( + duration "github.com/golang/protobuf/ptypes/duration" + wrappers "github.com/golang/protobuf/ptypes/wrappers" + _ "google.golang.org/genproto/googleapis/api/annotations" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + v1beta1 "istio.io/api/type/v1beta1" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type TrafficPolicy_ProxyProtocol_VERSION int32 + +const ( + // ⁣PROXY protocol version 1. Human readable format. + TrafficPolicy_ProxyProtocol_V1 TrafficPolicy_ProxyProtocol_VERSION = 0 + // ⁣PROXY protocol version 2. Binary format. + TrafficPolicy_ProxyProtocol_V2 TrafficPolicy_ProxyProtocol_VERSION = 1 +) + +// Enum value maps for TrafficPolicy_ProxyProtocol_VERSION. +var ( + TrafficPolicy_ProxyProtocol_VERSION_name = map[int32]string{ + 0: "V1", + 1: "V2", + } + TrafficPolicy_ProxyProtocol_VERSION_value = map[string]int32{ + "V1": 0, + "V2": 1, + } +) + +func (x TrafficPolicy_ProxyProtocol_VERSION) Enum() *TrafficPolicy_ProxyProtocol_VERSION { + p := new(TrafficPolicy_ProxyProtocol_VERSION) + *p = x + return p +} + +func (x TrafficPolicy_ProxyProtocol_VERSION) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (TrafficPolicy_ProxyProtocol_VERSION) Descriptor() protoreflect.EnumDescriptor { + return file_networking_v1_destination_rule_proto_enumTypes[0].Descriptor() +} + +func (TrafficPolicy_ProxyProtocol_VERSION) Type() protoreflect.EnumType { + return &file_networking_v1_destination_rule_proto_enumTypes[0] +} + +func (x TrafficPolicy_ProxyProtocol_VERSION) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use TrafficPolicy_ProxyProtocol_VERSION.Descriptor instead. +func (TrafficPolicy_ProxyProtocol_VERSION) EnumDescriptor() ([]byte, []int) { + return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{1, 2, 0} +} + +// Standard load balancing algorithms that require no tuning. +type LoadBalancerSettings_SimpleLB int32 + +const ( + // No load balancing algorithm has been specified by the user. Istio + // will select an appropriate default. + LoadBalancerSettings_UNSPECIFIED LoadBalancerSettings_SimpleLB = 0 + // Deprecated. Use LEAST_REQUEST instead. + // + // Deprecated: Marked as deprecated in networking/v1/destination_rule.proto. + LoadBalancerSettings_LEAST_CONN LoadBalancerSettings_SimpleLB = 1 + // The random load balancer selects a random healthy host. The random + // load balancer generally performs better than round robin if no health + // checking policy is configured. + LoadBalancerSettings_RANDOM LoadBalancerSettings_SimpleLB = 2 + // This option will forward the connection to the original IP address + // requested by the caller without doing any form of load + // balancing. This option must be used with care. It is meant for + // advanced use cases. Refer to Original Destination load balancer in + // Envoy for further details. + LoadBalancerSettings_PASSTHROUGH LoadBalancerSettings_SimpleLB = 3 + // A basic round robin load balancing policy. This is generally unsafe + // for many scenarios (e.g. when endpoint weighting is used) as it can + // overburden endpoints. In general, prefer to use LEAST_REQUEST as a + // drop-in replacement for ROUND_ROBIN. + LoadBalancerSettings_ROUND_ROBIN LoadBalancerSettings_SimpleLB = 4 + // The least request load balancer spreads load across endpoints, favoring + // endpoints with the least outstanding requests. This is generally safer + // and outperforms ROUND_ROBIN in nearly all cases. Prefer to use + // LEAST_REQUEST as a drop-in replacement for ROUND_ROBIN. + LoadBalancerSettings_LEAST_REQUEST LoadBalancerSettings_SimpleLB = 5 +) + +// Enum value maps for LoadBalancerSettings_SimpleLB. +var ( + LoadBalancerSettings_SimpleLB_name = map[int32]string{ + 0: "UNSPECIFIED", + 1: "LEAST_CONN", + 2: "RANDOM", + 3: "PASSTHROUGH", + 4: "ROUND_ROBIN", + 5: "LEAST_REQUEST", + } + LoadBalancerSettings_SimpleLB_value = map[string]int32{ + "UNSPECIFIED": 0, + "LEAST_CONN": 1, + "RANDOM": 2, + "PASSTHROUGH": 3, + "ROUND_ROBIN": 4, + "LEAST_REQUEST": 5, + } +) + +func (x LoadBalancerSettings_SimpleLB) Enum() *LoadBalancerSettings_SimpleLB { + p := new(LoadBalancerSettings_SimpleLB) + *p = x + return p +} + +func (x LoadBalancerSettings_SimpleLB) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (LoadBalancerSettings_SimpleLB) Descriptor() protoreflect.EnumDescriptor { + return file_networking_v1_destination_rule_proto_enumTypes[1].Descriptor() +} + +func (LoadBalancerSettings_SimpleLB) Type() protoreflect.EnumType { + return &file_networking_v1_destination_rule_proto_enumTypes[1] +} + +func (x LoadBalancerSettings_SimpleLB) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use LoadBalancerSettings_SimpleLB.Descriptor instead. +func (LoadBalancerSettings_SimpleLB) EnumDescriptor() ([]byte, []int) { + return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{3, 0} +} + +// Policy for upgrading http1.1 connections to http2. +type ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy int32 + +const ( + // Use the global default. + ConnectionPoolSettings_HTTPSettings_DEFAULT ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy = 0 + // Do not upgrade the connection to http2. + // This opt-out option overrides the default. + ConnectionPoolSettings_HTTPSettings_DO_NOT_UPGRADE ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy = 1 + // Upgrade the connection to http2. + // This opt-in option overrides the default. + ConnectionPoolSettings_HTTPSettings_UPGRADE ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy = 2 +) + +// Enum value maps for ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy. +var ( + ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy_name = map[int32]string{ + 0: "DEFAULT", + 1: "DO_NOT_UPGRADE", + 2: "UPGRADE", + } + ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy_value = map[string]int32{ + "DEFAULT": 0, + "DO_NOT_UPGRADE": 1, + "UPGRADE": 2, + } +) + +func (x ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy) Enum() *ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy { + p := new(ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy) + *p = x + return p +} + +func (x ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy) Descriptor() protoreflect.EnumDescriptor { + return file_networking_v1_destination_rule_proto_enumTypes[2].Descriptor() +} + +func (ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy) Type() protoreflect.EnumType { + return &file_networking_v1_destination_rule_proto_enumTypes[2] +} + +func (x ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy.Descriptor instead. +func (ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy) EnumDescriptor() ([]byte, []int) { + return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{4, 1, 0} +} + +// TLS connection mode +type ClientTLSSettings_TLSmode int32 + +const ( + // Do not setup a TLS connection to the upstream endpoint. + ClientTLSSettings_DISABLE ClientTLSSettings_TLSmode = 0 + // Originate a TLS connection to the upstream endpoint. + ClientTLSSettings_SIMPLE ClientTLSSettings_TLSmode = 1 + // Secure connections to the upstream using mutual TLS by presenting + // client certificates for authentication. + ClientTLSSettings_MUTUAL ClientTLSSettings_TLSmode = 2 + // Secure connections to the upstream using mutual TLS by presenting + // client certificates for authentication. + // Compared to Mutual mode, this mode uses certificates generated + // automatically by Istio for mTLS authentication. When this mode is + // used, all other fields in `ClientTLSSettings` should be empty. + ClientTLSSettings_ISTIO_MUTUAL ClientTLSSettings_TLSmode = 3 +) + +// Enum value maps for ClientTLSSettings_TLSmode. +var ( + ClientTLSSettings_TLSmode_name = map[int32]string{ + 0: "DISABLE", + 1: "SIMPLE", + 2: "MUTUAL", + 3: "ISTIO_MUTUAL", + } + ClientTLSSettings_TLSmode_value = map[string]int32{ + "DISABLE": 0, + "SIMPLE": 1, + "MUTUAL": 2, + "ISTIO_MUTUAL": 3, + } +) + +func (x ClientTLSSettings_TLSmode) Enum() *ClientTLSSettings_TLSmode { + p := new(ClientTLSSettings_TLSmode) + *p = x + return p +} + +func (x ClientTLSSettings_TLSmode) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (ClientTLSSettings_TLSmode) Descriptor() protoreflect.EnumDescriptor { + return file_networking_v1_destination_rule_proto_enumTypes[3].Descriptor() +} + +func (ClientTLSSettings_TLSmode) Type() protoreflect.EnumType { + return &file_networking_v1_destination_rule_proto_enumTypes[3] +} + +func (x ClientTLSSettings_TLSmode) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use ClientTLSSettings_TLSmode.Descriptor instead. +func (ClientTLSSettings_TLSmode) EnumDescriptor() ([]byte, []int) { + return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{6, 0} +} + +// DestinationRule defines policies that apply to traffic intended for a service +// after routing has occurred. +// +// +// +// +// +type DestinationRule struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The name of a service from the service registry. Service + // names are looked up from the platform's service registry (e.g., + // Kubernetes services, Consul services, etc.) and from the hosts + // declared by [ServiceEntries](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry). Rules defined for + // services that do not exist in the service registry will be ignored. + // + // *Note for Kubernetes users*: When short names are used (e.g. "reviews" + // instead of "reviews.default.svc.cluster.local"), Istio will interpret + // the short name based on the namespace of the rule, not the service. A + // rule in the "default" namespace containing a host "reviews" will be + // interpreted as "reviews.default.svc.cluster.local", irrespective of + // the actual namespace associated with the reviews service. _To avoid + // potential misconfigurations, it is recommended to always use fully + // qualified domain names over short names._ + // + // Note that the host field applies to both HTTP and TCP services. + Host string `protobuf:"bytes,1,opt,name=host,proto3" json:"host,omitempty"` + // Traffic policies to apply (load balancing policy, connection pool + // sizes, outlier detection). + TrafficPolicy *TrafficPolicy `protobuf:"bytes,2,opt,name=traffic_policy,json=trafficPolicy,proto3" json:"traffic_policy,omitempty"` + // One or more named sets that represent individual versions of a + // service. Traffic policies can be overridden at subset level. + Subsets []*Subset `protobuf:"bytes,3,rep,name=subsets,proto3" json:"subsets,omitempty"` + // A list of namespaces to which this destination rule is exported. + // The resolution of a destination rule to apply to a service occurs in the + // context of a hierarchy of namespaces. Exporting a destination rule allows + // it to be included in the resolution hierarchy for services in + // other namespaces. This feature provides a mechanism for service owners + // and mesh administrators to control the visibility of destination rules + // across namespace boundaries. + // + // If no namespaces are specified then the destination rule is exported to all + // namespaces by default. + // + // The value "." is reserved and defines an export to the same namespace that + // the destination rule is declared in. Similarly, the value "*" is reserved and + // defines an export to all namespaces. + ExportTo []string `protobuf:"bytes,4,rep,name=export_to,json=exportTo,proto3" json:"export_to,omitempty"` + // Criteria used to select the specific set of pods/VMs on which this + // `DestinationRule` configuration should be applied. If specified, the `DestinationRule` + // configuration will be applied only to the workload instances matching the workload selector + // label in the same namespace. Workload selectors do not apply across namespace boundaries. + // If omitted, the `DestinationRule` falls back to its default behavior. + // For example, if specific sidecars need to have egress TLS settings for services outside + // of the mesh, instead of every sidecar in the mesh needing to have the + // configuration (which is the default behaviour), a workload selector can be specified. + WorkloadSelector *v1beta1.WorkloadSelector `protobuf:"bytes,5,opt,name=workload_selector,json=workloadSelector,proto3" json:"workload_selector,omitempty"` +} + +func (x *DestinationRule) Reset() { + *x = DestinationRule{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_destination_rule_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *DestinationRule) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DestinationRule) ProtoMessage() {} + +func (x *DestinationRule) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_destination_rule_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DestinationRule.ProtoReflect.Descriptor instead. +func (*DestinationRule) Descriptor() ([]byte, []int) { + return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{0} +} + +func (x *DestinationRule) GetHost() string { + if x != nil { + return x.Host + } + return "" +} + +func (x *DestinationRule) GetTrafficPolicy() *TrafficPolicy { + if x != nil { + return x.TrafficPolicy + } + return nil +} + +func (x *DestinationRule) GetSubsets() []*Subset { + if x != nil { + return x.Subsets + } + return nil +} + +func (x *DestinationRule) GetExportTo() []string { + if x != nil { + return x.ExportTo + } + return nil +} + +func (x *DestinationRule) GetWorkloadSelector() *v1beta1.WorkloadSelector { + if x != nil { + return x.WorkloadSelector + } + return nil +} + +// Traffic policies to apply for a specific destination, across all +// destination ports. See DestinationRule for examples. +type TrafficPolicy struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Settings controlling the load balancer algorithms. + LoadBalancer *LoadBalancerSettings `protobuf:"bytes,1,opt,name=load_balancer,json=loadBalancer,proto3" json:"load_balancer,omitempty"` + // Settings controlling the volume of connections to an upstream service + ConnectionPool *ConnectionPoolSettings `protobuf:"bytes,2,opt,name=connection_pool,json=connectionPool,proto3" json:"connection_pool,omitempty"` + // Settings controlling eviction of unhealthy hosts from the load balancing pool + OutlierDetection *OutlierDetection `protobuf:"bytes,3,opt,name=outlier_detection,json=outlierDetection,proto3" json:"outlier_detection,omitempty"` + // TLS related settings for connections to the upstream service. + Tls *ClientTLSSettings `protobuf:"bytes,4,opt,name=tls,proto3" json:"tls,omitempty"` + // Traffic policies specific to individual ports. Note that port level + // settings will override the destination-level settings. Traffic + // settings specified at the destination-level will not be inherited when + // overridden by port-level settings, i.e. default values will be applied + // to fields omitted in port-level traffic policies. + PortLevelSettings []*TrafficPolicy_PortTrafficPolicy `protobuf:"bytes,5,rep,name=port_level_settings,json=portLevelSettings,proto3" json:"port_level_settings,omitempty"` + // Configuration of tunneling TCP over other transport or application layers + // for the host configured in the DestinationRule. + // Tunnel settings can be applied to TCP or TLS routes and can't be applied to HTTP routes. + Tunnel *TrafficPolicy_TunnelSettings `protobuf:"bytes,6,opt,name=tunnel,proto3" json:"tunnel,omitempty"` + // The upstream PROXY protocol settings. + ProxyProtocol *TrafficPolicy_ProxyProtocol `protobuf:"bytes,7,opt,name=proxy_protocol,json=proxyProtocol,proto3" json:"proxy_protocol,omitempty"` +} + +func (x *TrafficPolicy) Reset() { + *x = TrafficPolicy{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_destination_rule_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *TrafficPolicy) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*TrafficPolicy) ProtoMessage() {} + +func (x *TrafficPolicy) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_destination_rule_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use TrafficPolicy.ProtoReflect.Descriptor instead. +func (*TrafficPolicy) Descriptor() ([]byte, []int) { + return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{1} +} + +func (x *TrafficPolicy) GetLoadBalancer() *LoadBalancerSettings { + if x != nil { + return x.LoadBalancer + } + return nil +} + +func (x *TrafficPolicy) GetConnectionPool() *ConnectionPoolSettings { + if x != nil { + return x.ConnectionPool + } + return nil +} + +func (x *TrafficPolicy) GetOutlierDetection() *OutlierDetection { + if x != nil { + return x.OutlierDetection + } + return nil +} + +func (x *TrafficPolicy) GetTls() *ClientTLSSettings { + if x != nil { + return x.Tls + } + return nil +} + +func (x *TrafficPolicy) GetPortLevelSettings() []*TrafficPolicy_PortTrafficPolicy { + if x != nil { + return x.PortLevelSettings + } + return nil +} + +func (x *TrafficPolicy) GetTunnel() *TrafficPolicy_TunnelSettings { + if x != nil { + return x.Tunnel + } + return nil +} + +func (x *TrafficPolicy) GetProxyProtocol() *TrafficPolicy_ProxyProtocol { + if x != nil { + return x.ProxyProtocol + } + return nil +} + +// A subset of endpoints of a service. Subsets can be used for scenarios +// like A/B testing, or routing to a specific version of a service. Refer +// to [VirtualService](https://istio.io/docs/reference/config/networking/virtual-service/#VirtualService) documentation for examples of using +// subsets in these scenarios. In addition, traffic policies defined at the +// service-level can be overridden at a subset-level. The following rule +// uses a round robin load balancing policy for all traffic going to a +// subset named testversion that is composed of endpoints (e.g., pods) with +// labels (version:v3). +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: DestinationRule +// metadata: +// +// name: bookinfo-ratings +// +// spec: +// +// host: ratings.prod.svc.cluster.local +// trafficPolicy: +// loadBalancer: +// simple: LEAST_REQUEST +// subsets: +// - name: testversion +// labels: +// version: v3 +// trafficPolicy: +// loadBalancer: +// simple: ROUND_ROBIN +// +// ``` +// +// **Note:** Policies specified for subsets will not take effect until +// a route rule explicitly sends traffic to this subset. +// +// One or more labels are typically required to identify the subset destination, +// however, when the corresponding DestinationRule represents a host that +// supports multiple SNI hosts (e.g., an egress gateway), a subset without labels +// may be meaningful. In this case a traffic policy with [ClientTLSSettings](#ClientTLSSettings) +// can be used to identify a specific SNI host corresponding to the named subset. +type Subset struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Name of the subset. The service name and the subset name can + // be used for traffic splitting in a route rule. + Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` + // Labels apply a filter over the endpoints of a service in the + // service registry. See route rules for examples of usage. + Labels map[string]string `protobuf:"bytes,2,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + // Traffic policies that apply to this subset. Subsets inherit the + // traffic policies specified at the DestinationRule level. Settings + // specified at the subset level will override the corresponding settings + // specified at the DestinationRule level. + TrafficPolicy *TrafficPolicy `protobuf:"bytes,3,opt,name=traffic_policy,json=trafficPolicy,proto3" json:"traffic_policy,omitempty"` +} + +func (x *Subset) Reset() { + *x = Subset{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_destination_rule_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Subset) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Subset) ProtoMessage() {} + +func (x *Subset) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_destination_rule_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Subset.ProtoReflect.Descriptor instead. +func (*Subset) Descriptor() ([]byte, []int) { + return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{2} +} + +func (x *Subset) GetName() string { + if x != nil { + return x.Name + } + return "" +} + +func (x *Subset) GetLabels() map[string]string { + if x != nil { + return x.Labels + } + return nil +} + +func (x *Subset) GetTrafficPolicy() *TrafficPolicy { + if x != nil { + return x.TrafficPolicy + } + return nil +} + +// Load balancing policies to apply for a specific destination. See Envoy's +// load balancing +// [documentation](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancing) +// for more details. +// +// For example, the following rule uses a round robin load balancing policy +// for all traffic going to the ratings service. +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: DestinationRule +// metadata: +// +// name: bookinfo-ratings +// +// spec: +// +// host: ratings.prod.svc.cluster.local +// trafficPolicy: +// loadBalancer: +// simple: ROUND_ROBIN +// +// ``` +// +// The following example sets up sticky sessions for the ratings service +// hashing-based load balancer for the same ratings service using the +// the User cookie as the hash key. +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: DestinationRule +// metadata: +// +// name: bookinfo-ratings +// +// spec: +// +// host: ratings.prod.svc.cluster.local +// trafficPolicy: +// loadBalancer: +// consistentHash: +// httpCookie: +// name: user +// ttl: 0s +// +// ``` +type LoadBalancerSettings struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Upstream load balancing policy. + // + // Types that are assignable to LbPolicy: + // + // *LoadBalancerSettings_Simple + // *LoadBalancerSettings_ConsistentHash + LbPolicy isLoadBalancerSettings_LbPolicy `protobuf_oneof:"lb_policy"` + // Locality load balancer settings, this will override mesh wide settings in entirety, meaning no merging would be performed + // between this object and the object one in MeshConfig + LocalityLbSetting *LocalityLoadBalancerSetting `protobuf:"bytes,3,opt,name=locality_lb_setting,json=localityLbSetting,proto3" json:"locality_lb_setting,omitempty"` + // Represents the warmup duration of Service. If set, the newly created endpoint of service + // remains in warmup mode starting from its creation time for the duration of this window and + // Istio progressively increases amount of traffic for that endpoint instead of sending proportional amount of traffic. + // This should be enabled for services that require warm up time to serve full production load with reasonable latency. + // Please note that this is most effective when few new endpoints come up like scale event in Kubernetes. When all the + // endpoints are relatively new like new deployment, this is not very effective as all endpoints end up getting same + // amount of requests. + // Currently this is only supported for ROUND_ROBIN and LEAST_REQUEST load balancers. + WarmupDurationSecs *duration.Duration `protobuf:"bytes,4,opt,name=warmup_duration_secs,json=warmupDurationSecs,proto3" json:"warmup_duration_secs,omitempty"` +} + +func (x *LoadBalancerSettings) Reset() { + *x = LoadBalancerSettings{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_destination_rule_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *LoadBalancerSettings) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*LoadBalancerSettings) ProtoMessage() {} + +func (x *LoadBalancerSettings) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_destination_rule_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use LoadBalancerSettings.ProtoReflect.Descriptor instead. +func (*LoadBalancerSettings) Descriptor() ([]byte, []int) { + return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{3} +} + +func (m *LoadBalancerSettings) GetLbPolicy() isLoadBalancerSettings_LbPolicy { + if m != nil { + return m.LbPolicy + } + return nil +} + +func (x *LoadBalancerSettings) GetSimple() LoadBalancerSettings_SimpleLB { + if x, ok := x.GetLbPolicy().(*LoadBalancerSettings_Simple); ok { + return x.Simple + } + return LoadBalancerSettings_UNSPECIFIED +} + +func (x *LoadBalancerSettings) GetConsistentHash() *LoadBalancerSettings_ConsistentHashLB { + if x, ok := x.GetLbPolicy().(*LoadBalancerSettings_ConsistentHash); ok { + return x.ConsistentHash + } + return nil +} + +func (x *LoadBalancerSettings) GetLocalityLbSetting() *LocalityLoadBalancerSetting { + if x != nil { + return x.LocalityLbSetting + } + return nil +} + +func (x *LoadBalancerSettings) GetWarmupDurationSecs() *duration.Duration { + if x != nil { + return x.WarmupDurationSecs + } + return nil +} + +type isLoadBalancerSettings_LbPolicy interface { + isLoadBalancerSettings_LbPolicy() +} + +type LoadBalancerSettings_Simple struct { + Simple LoadBalancerSettings_SimpleLB `protobuf:"varint,1,opt,name=simple,proto3,enum=istio.networking.v1.LoadBalancerSettings_SimpleLB,oneof"` +} + +type LoadBalancerSettings_ConsistentHash struct { + ConsistentHash *LoadBalancerSettings_ConsistentHashLB `protobuf:"bytes,2,opt,name=consistent_hash,json=consistentHash,proto3,oneof"` +} + +func (*LoadBalancerSettings_Simple) isLoadBalancerSettings_LbPolicy() {} + +func (*LoadBalancerSettings_ConsistentHash) isLoadBalancerSettings_LbPolicy() {} + +// Connection pool settings for an upstream host. The settings apply to +// each individual host in the upstream service. See Envoy's [circuit +// breaker](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/circuit_breaking) +// for more details. Connection pool settings can be applied at the TCP +// level as well as at HTTP level. +// +// For example, the following rule sets a limit of 100 connections to redis +// service called myredissrv with a connect timeout of 30ms +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: DestinationRule +// metadata: +// +// name: bookinfo-redis +// +// spec: +// +// host: myredissrv.prod.svc.cluster.local +// trafficPolicy: +// connectionPool: +// tcp: +// maxConnections: 100 +// connectTimeout: 30ms +// tcpKeepalive: +// time: 7200s +// interval: 75s +// +// ``` +type ConnectionPoolSettings struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Settings common to both HTTP and TCP upstream connections. + Tcp *ConnectionPoolSettings_TCPSettings `protobuf:"bytes,1,opt,name=tcp,proto3" json:"tcp,omitempty"` + // HTTP connection pool settings. + Http *ConnectionPoolSettings_HTTPSettings `protobuf:"bytes,2,opt,name=http,proto3" json:"http,omitempty"` +} + +func (x *ConnectionPoolSettings) Reset() { + *x = ConnectionPoolSettings{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_destination_rule_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ConnectionPoolSettings) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ConnectionPoolSettings) ProtoMessage() {} + +func (x *ConnectionPoolSettings) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_destination_rule_proto_msgTypes[4] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ConnectionPoolSettings.ProtoReflect.Descriptor instead. +func (*ConnectionPoolSettings) Descriptor() ([]byte, []int) { + return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{4} +} + +func (x *ConnectionPoolSettings) GetTcp() *ConnectionPoolSettings_TCPSettings { + if x != nil { + return x.Tcp + } + return nil +} + +func (x *ConnectionPoolSettings) GetHttp() *ConnectionPoolSettings_HTTPSettings { + if x != nil { + return x.Http + } + return nil +} + +// A Circuit breaker implementation that tracks the status of each +// individual host in the upstream service. Applicable to both HTTP and +// TCP services. For HTTP services, hosts that continually return 5xx +// errors for API calls are ejected from the pool for a pre-defined period +// of time. For TCP services, connection timeouts or connection +// failures to a given host counts as an error when measuring the +// consecutive errors metric. See Envoy's [outlier +// detection](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/outlier) +// for more details. +// +// The following rule sets a connection pool size of 100 HTTP1 connections +// with no more than 10 req/connection to the "reviews" service. In addition, +// it sets a limit of 1000 concurrent HTTP2 requests and configures upstream +// hosts to be scanned every 5 mins so that any host that fails 7 consecutive +// times with a 502, 503, or 504 error code will be ejected for 15 minutes. +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: DestinationRule +// metadata: +// +// name: reviews-cb-policy +// +// spec: +// +// host: reviews.prod.svc.cluster.local +// trafficPolicy: +// connectionPool: +// tcp: +// maxConnections: 100 +// http: +// http2MaxRequests: 1000 +// maxRequestsPerConnection: 10 +// outlierDetection: +// consecutive5xxErrors: 7 +// interval: 5m +// baseEjectionTime: 15m +// +// ``` +type OutlierDetection struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Number of errors before a host is ejected from the connection + // pool. Defaults to 5. When the upstream host is accessed over HTTP, a + // 502, 503, or 504 return code qualifies as an error. When the upstream host + // is accessed over an opaque TCP connection, connect timeouts and + // connection error/failure events qualify as an error. + // $hide_from_docs + // + // Deprecated: Marked as deprecated in networking/v1/destination_rule.proto. + ConsecutiveErrors int32 `protobuf:"varint,1,opt,name=consecutive_errors,json=consecutiveErrors,proto3" json:"consecutive_errors,omitempty"` + // Determines whether to distinguish local origin failures from external errors. If set to true + // consecutive_local_origin_failure is taken into account for outlier detection calculations. + // This should be used when you want to derive the outlier detection status based on the errors + // seen locally such as failure to connect, timeout while connecting etc. rather than the status code + // returned by upstream service. This is especially useful when the upstream service explicitly returns + // a 5xx for some requests and you want to ignore those responses from upstream service while determining + // the outlier detection status of a host. + // Defaults to false. + SplitExternalLocalOriginErrors bool `protobuf:"varint,8,opt,name=split_external_local_origin_errors,json=splitExternalLocalOriginErrors,proto3" json:"split_external_local_origin_errors,omitempty"` + // The number of consecutive locally originated failures before ejection + // occurs. Defaults to 5. Parameter takes effect only when split_external_local_origin_errors + // is set to true. + ConsecutiveLocalOriginFailures *wrappers.UInt32Value `protobuf:"bytes,9,opt,name=consecutive_local_origin_failures,json=consecutiveLocalOriginFailures,proto3" json:"consecutive_local_origin_failures,omitempty"` + // Number of gateway errors before a host is ejected from the connection pool. + // When the upstream host is accessed over HTTP, a 502, 503, or 504 return + // code qualifies as a gateway error. When the upstream host is accessed over + // an opaque TCP connection, connect timeouts and connection error/failure + // events qualify as a gateway error. + // This feature is disabled by default or when set to the value 0. + // + // Note that consecutive_gateway_errors and consecutive_5xx_errors can be + // used separately or together. Because the errors counted by + // consecutive_gateway_errors are also included in consecutive_5xx_errors, + // if the value of consecutive_gateway_errors is greater than or equal to + // the value of consecutive_5xx_errors, consecutive_gateway_errors will have + // no effect. + ConsecutiveGatewayErrors *wrappers.UInt32Value `protobuf:"bytes,6,opt,name=consecutive_gateway_errors,json=consecutiveGatewayErrors,proto3" json:"consecutive_gateway_errors,omitempty"` + // Number of 5xx errors before a host is ejected from the connection pool. + // When the upstream host is accessed over an opaque TCP connection, connect + // timeouts, connection error/failure and request failure events qualify as a + // 5xx error. + // This feature defaults to 5 but can be disabled by setting the value to 0. + // + // Note that consecutive_gateway_errors and consecutive_5xx_errors can be + // used separately or together. Because the errors counted by + // consecutive_gateway_errors are also included in consecutive_5xx_errors, + // if the value of consecutive_gateway_errors is greater than or equal to + // the value of consecutive_5xx_errors, consecutive_gateway_errors will have + // no effect. + Consecutive_5XxErrors *wrappers.UInt32Value `protobuf:"bytes,7,opt,name=consecutive_5xx_errors,json=consecutive5xxErrors,proto3" json:"consecutive_5xx_errors,omitempty"` + // Time interval between ejection sweep analysis. format: + // 1h/1m/1s/1ms. MUST BE >=1ms. Default is 10s. + Interval *duration.Duration `protobuf:"bytes,2,opt,name=interval,proto3" json:"interval,omitempty"` + // Minimum ejection duration. A host will remain ejected for a period + // equal to the product of minimum ejection duration and the number of + // times the host has been ejected. This technique allows the system to + // automatically increase the ejection period for unhealthy upstream + // servers. format: 1h/1m/1s/1ms. MUST BE >=1ms. Default is 30s. + BaseEjectionTime *duration.Duration `protobuf:"bytes,3,opt,name=base_ejection_time,json=baseEjectionTime,proto3" json:"base_ejection_time,omitempty"` + // Maximum % of hosts in the load balancing pool for the upstream + // service that can be ejected. Defaults to 10%. + MaxEjectionPercent int32 `protobuf:"varint,4,opt,name=max_ejection_percent,json=maxEjectionPercent,proto3" json:"max_ejection_percent,omitempty"` + // Outlier detection will be enabled as long as the associated load balancing + // pool has at least min_health_percent hosts in healthy mode. When the + // percentage of healthy hosts in the load balancing pool drops below this + // threshold, outlier detection will be disabled and the proxy will load balance + // across all hosts in the pool (healthy and unhealthy). The threshold can be + // disabled by setting it to 0%. The default is 0% as it's not typically + // applicable in k8s environments with few pods per service. + MinHealthPercent int32 `protobuf:"varint,5,opt,name=min_health_percent,json=minHealthPercent,proto3" json:"min_health_percent,omitempty"` +} + +func (x *OutlierDetection) Reset() { + *x = OutlierDetection{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_destination_rule_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *OutlierDetection) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*OutlierDetection) ProtoMessage() {} + +func (x *OutlierDetection) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_destination_rule_proto_msgTypes[5] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use OutlierDetection.ProtoReflect.Descriptor instead. +func (*OutlierDetection) Descriptor() ([]byte, []int) { + return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{5} +} + +// Deprecated: Marked as deprecated in networking/v1/destination_rule.proto. +func (x *OutlierDetection) GetConsecutiveErrors() int32 { + if x != nil { + return x.ConsecutiveErrors + } + return 0 +} + +func (x *OutlierDetection) GetSplitExternalLocalOriginErrors() bool { + if x != nil { + return x.SplitExternalLocalOriginErrors + } + return false +} + +func (x *OutlierDetection) GetConsecutiveLocalOriginFailures() *wrappers.UInt32Value { + if x != nil { + return x.ConsecutiveLocalOriginFailures + } + return nil +} + +func (x *OutlierDetection) GetConsecutiveGatewayErrors() *wrappers.UInt32Value { + if x != nil { + return x.ConsecutiveGatewayErrors + } + return nil +} + +func (x *OutlierDetection) GetConsecutive_5XxErrors() *wrappers.UInt32Value { + if x != nil { + return x.Consecutive_5XxErrors + } + return nil +} + +func (x *OutlierDetection) GetInterval() *duration.Duration { + if x != nil { + return x.Interval + } + return nil +} + +func (x *OutlierDetection) GetBaseEjectionTime() *duration.Duration { + if x != nil { + return x.BaseEjectionTime + } + return nil +} + +func (x *OutlierDetection) GetMaxEjectionPercent() int32 { + if x != nil { + return x.MaxEjectionPercent + } + return 0 +} + +func (x *OutlierDetection) GetMinHealthPercent() int32 { + if x != nil { + return x.MinHealthPercent + } + return 0 +} + +// SSL/TLS related settings for upstream connections. See Envoy's [TLS +// context](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto.html#common-tls-configuration) +// for more details. These settings are common to both HTTP and TCP upstreams. +// +// For example, the following rule configures a client to use mutual TLS +// for connections to upstream database cluster. +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: DestinationRule +// metadata: +// +// name: db-mtls +// +// spec: +// +// host: mydbserver.prod.svc.cluster.local +// trafficPolicy: +// tls: +// mode: MUTUAL +// clientCertificate: /etc/certs/myclientcert.pem +// privateKey: /etc/certs/client_private_key.pem +// caCertificates: /etc/certs/rootcacerts.pem +// +// ``` +// +// The following rule configures a client to use TLS when talking to a +// foreign service whose domain matches *.foo.com. +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: DestinationRule +// metadata: +// +// name: tls-foo +// +// spec: +// +// host: "*.foo.com" +// trafficPolicy: +// tls: +// mode: SIMPLE +// +// ``` +// +// The following rule configures a client to use Istio mutual TLS when talking +// to rating services. +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: DestinationRule +// metadata: +// +// name: ratings-istio-mtls +// +// spec: +// +// host: ratings.prod.svc.cluster.local +// trafficPolicy: +// tls: +// mode: ISTIO_MUTUAL +// +// ``` +type ClientTLSSettings struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Indicates whether connections to this port should be secured + // using TLS. The value of this field determines how TLS is enforced. + Mode ClientTLSSettings_TLSmode `protobuf:"varint,1,opt,name=mode,proto3,enum=istio.networking.v1.ClientTLSSettings_TLSmode" json:"mode,omitempty"` + // REQUIRED if mode is `MUTUAL`. The path to the file holding the + // client-side TLS certificate to use. + // Should be empty if mode is `ISTIO_MUTUAL`. + ClientCertificate string `protobuf:"bytes,2,opt,name=client_certificate,json=clientCertificate,proto3" json:"client_certificate,omitempty"` + // REQUIRED if mode is `MUTUAL`. The path to the file holding the + // client's private key. + // Should be empty if mode is `ISTIO_MUTUAL`. + PrivateKey string `protobuf:"bytes,3,opt,name=private_key,json=privateKey,proto3" json:"private_key,omitempty"` + // OPTIONAL: The path to the file containing certificate authority + // certificates to use in verifying a presented server certificate. If + // omitted, the proxy will not verify the server's certificate. + // Should be empty if mode is `ISTIO_MUTUAL`. + CaCertificates string `protobuf:"bytes,4,opt,name=ca_certificates,json=caCertificates,proto3" json:"ca_certificates,omitempty"` + // The name of the secret that holds the TLS certs for the + // client including the CA certificates. This secret must exist in + // the namespace of the proxy using the certificates. + // An Opaque secret should contain the following keys and values: + // `key: `, `cert: `, `cacert: `, + // `crl: ` + // Here CACertificate is used to verify the server certificate. + // For mutual TLS, `cacert: ` can be provided in the + // same secret or a separate secret named `-cacert`. + // A TLS secret for client certificates with an additional + // `ca.crt` key for CA certificates and `ca.crl` key for + // certificate revocation list(CRL) is also supported. + // Only one of client certificates and CA certificate + // or credentialName can be specified. + // + // **NOTE:** This field is applicable at sidecars only if + // `DestinationRule` has a `workloadSelector` specified. + // Otherwise the field will be applicable only at gateways, and + // sidecars will continue to use the certificate paths. + CredentialName string `protobuf:"bytes,7,opt,name=credential_name,json=credentialName,proto3" json:"credential_name,omitempty"` + // A list of alternate names to verify the subject identity in the + // certificate. If specified, the proxy will verify that the server + // certificate's subject alt name matches one of the specified values. + // If specified, this list overrides the value of subject_alt_names + // from the ServiceEntry. If unspecified, automatic validation of upstream + // presented certificate for new upstream connections will be done based on the + // downstream HTTP host/authority header, provided `VERIFY_CERTIFICATE_AT_CLIENT` + // and `ENABLE_AUTO_SNI` environmental variables are set to `true`. + SubjectAltNames []string `protobuf:"bytes,5,rep,name=subject_alt_names,json=subjectAltNames,proto3" json:"subject_alt_names,omitempty"` + // SNI string to present to the server during TLS handshake. + // If unspecified, SNI will be automatically set based on downstream HTTP + // host/authority header for SIMPLE and MUTUAL TLS modes, provided `ENABLE_AUTO_SNI` + // environmental variable is set to `true`. + Sni string `protobuf:"bytes,6,opt,name=sni,proto3" json:"sni,omitempty"` + // `insecureSkipVerify` specifies whether the proxy should skip verifying the + // CA signature and SAN for the server certificate corresponding to the host. + // This flag should only be set if global CA signature verification is + // enabled, `VERIFY_CERTIFICATE_AT_CLIENT` environmental variable is set to `true`, + // but no verification is desired for a specific host. If enabled with or + // without `VERIFY_CERTIFICATE_AT_CLIENT` enabled, verification of the CA signature and + // SAN will be skipped. + // + // `insecureSkipVerify` is `false` by default. + // `VERIFY_CERTIFICATE_AT_CLIENT` is `false` by default in Istio version 1.9 but will + // be `true` by default in a later version where, going forward, it will be + // enabled by default. + InsecureSkipVerify *wrappers.BoolValue `protobuf:"bytes,8,opt,name=insecure_skip_verify,json=insecureSkipVerify,proto3" json:"insecure_skip_verify,omitempty"` + // OPTIONAL: The path to the file containing the certificate revocation list (CRL) + // to use in verifying a presented server certificate. `CRL` is a list of certificates + // that have been revoked by the CA (Certificate Authority) before their scheduled expiration date. + // If specified, the proxy will verify if the presented certificate is part of the revoked list of certificates. + // If omitted, the proxy will not verify the certificate against the `crl`. + CaCrl string `protobuf:"bytes,9,opt,name=ca_crl,json=caCrl,proto3" json:"ca_crl,omitempty"` +} + +func (x *ClientTLSSettings) Reset() { + *x = ClientTLSSettings{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_destination_rule_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ClientTLSSettings) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ClientTLSSettings) ProtoMessage() {} + +func (x *ClientTLSSettings) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_destination_rule_proto_msgTypes[6] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ClientTLSSettings.ProtoReflect.Descriptor instead. +func (*ClientTLSSettings) Descriptor() ([]byte, []int) { + return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{6} +} + +func (x *ClientTLSSettings) GetMode() ClientTLSSettings_TLSmode { + if x != nil { + return x.Mode + } + return ClientTLSSettings_DISABLE +} + +func (x *ClientTLSSettings) GetClientCertificate() string { + if x != nil { + return x.ClientCertificate + } + return "" +} + +func (x *ClientTLSSettings) GetPrivateKey() string { + if x != nil { + return x.PrivateKey + } + return "" +} + +func (x *ClientTLSSettings) GetCaCertificates() string { + if x != nil { + return x.CaCertificates + } + return "" +} + +func (x *ClientTLSSettings) GetCredentialName() string { + if x != nil { + return x.CredentialName + } + return "" +} + +func (x *ClientTLSSettings) GetSubjectAltNames() []string { + if x != nil { + return x.SubjectAltNames + } + return nil +} + +func (x *ClientTLSSettings) GetSni() string { + if x != nil { + return x.Sni + } + return "" +} + +func (x *ClientTLSSettings) GetInsecureSkipVerify() *wrappers.BoolValue { + if x != nil { + return x.InsecureSkipVerify + } + return nil +} + +func (x *ClientTLSSettings) GetCaCrl() string { + if x != nil { + return x.CaCrl + } + return "" +} + +// Locality-weighted load balancing allows administrators to control the +// distribution of traffic to endpoints based on the localities of where the +// traffic originates and where it will terminate. These localities are +// specified using arbitrary labels that designate a hierarchy of localities in +// {region}/{zone}/{sub-zone} form. For additional detail refer to +// [Locality Weight](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/locality_weight) +// The following example shows how to setup locality weights mesh-wide. +// +// Given a mesh with workloads and their service deployed to "us-west/zone1/*" +// and "us-west/zone2/*". This example specifies that when traffic accessing a +// service originates from workloads in "us-west/zone1/*", 80% of the traffic +// will be sent to endpoints in "us-west/zone1/*", i.e the same zone, and the +// remaining 20% will go to endpoints in "us-west/zone2/*". This setup is +// intended to favor routing traffic to endpoints in the same locality. +// A similar setting is specified for traffic originating in "us-west/zone2/*". +// +// ```yaml +// +// distribute: +// - from: us-west/zone1/* +// to: +// "us-west/zone1/*": 80 +// "us-west/zone2/*": 20 +// - from: us-west/zone2/* +// to: +// "us-west/zone1/*": 20 +// "us-west/zone2/*": 80 +// +// ``` +// +// If the goal of the operator is not to distribute load across zones and +// regions but rather to restrict the regionality of failover to meet other +// operational requirements an operator can set a 'failover' policy instead of +// a 'distribute' policy. +// +// The following example sets up a locality failover policy for regions. +// Assume a service resides in zones within us-east, us-west & eu-west +// this example specifies that when endpoints within us-east become unhealthy +// traffic should failover to endpoints in any zone or sub-zone within eu-west +// and similarly us-west should failover to us-east. +// +// ```yaml +// +// failover: +// - from: us-east +// to: eu-west +// - from: us-west +// to: us-east +// +// ``` +// Locality load balancing settings. +type LocalityLoadBalancerSetting struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Optional: only one of distribute, failover or failoverPriority can be set. + // Explicitly specify loadbalancing weight across different zones and geographical locations. + // Refer to [Locality weighted load balancing](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/locality_weight) + // If empty, the locality weight is set according to the endpoints number within it. + Distribute []*LocalityLoadBalancerSetting_Distribute `protobuf:"bytes,1,rep,name=distribute,proto3" json:"distribute,omitempty"` + // Optional: only one of distribute, failover or failoverPriority can be set. + // Explicitly specify the region traffic will land on when endpoints in local region becomes unhealthy. + // Should be used together with OutlierDetection to detect unhealthy endpoints. + // Note: if no OutlierDetection specified, this will not take effect. + Failover []*LocalityLoadBalancerSetting_Failover `protobuf:"bytes,2,rep,name=failover,proto3" json:"failover,omitempty"` + // failoverPriority is an ordered list of labels used to sort endpoints to do priority based load balancing. + // This is to support traffic failover across different groups of endpoints. + // Two kinds of labels can be specified: + // + // - Specify only label keys `[key1, key2, key3]`, istio would compare the label values of client with endpoints. + // Suppose there are total N label keys `[key1, key2, key3, ...keyN]` specified: + // + // 1. Endpoints matching all N labels with the client proxy have priority P(0) i.e. the highest priority. + // 2. Endpoints matching the first N-1 labels with the client proxy have priority P(1) i.e. second highest priority. + // 3. By extension of this logic, endpoints matching only the first label with the client proxy has priority P(N-1) i.e. second lowest priority. + // 4. All the other endpoints have priority P(N) i.e. lowest priority. + // + // - Specify labels with key and value `[key1=value1, key2=value2, key3=value3]`, istio would compare the labels with endpoints. + // Suppose there are total N labels `[key1=value1, key2=value2, key3=value3, ...keyN=valueN]` specified: + // + // 1. Endpoints matching all N labels have priority P(0) i.e. the highest priority. + // 2. Endpoints matching the first N-1 labels have priority P(1) i.e. second highest priority. + // 3. By extension of this logic, endpoints matching only the first label has priority P(N-1) i.e. second lowest priority. + // 4. All the other endpoints have priority P(N) i.e. lowest priority. + // + // Note: For a label to be considered for match, the previous labels must match, i.e. nth label would be considered matched only if first n-1 labels match. + // + // It can be any label specified on both client and server workloads. + // The following labels which have special semantic meaning are also supported: + // + // - `topology.istio.io/network` is used to match the network metadata of an endpoint, which can be specified by pod/namespace label `topology.istio.io/network`, sidecar env `ISTIO_META_NETWORK` or MeshNetworks. + // - `topology.istio.io/cluster` is used to match the clusterID of an endpoint, which can be specified by pod label `topology.istio.io/cluster` or pod env `ISTIO_META_CLUSTER_ID`. + // - `topology.kubernetes.io/region` is used to match the region metadata of an endpoint, which maps to Kubernetes node label `topology.kubernetes.io/region` or the deprecated label `failure-domain.beta.kubernetes.io/region`. + // - `topology.kubernetes.io/zone` is used to match the zone metadata of an endpoint, which maps to Kubernetes node label `topology.kubernetes.io/zone` or the deprecated label `failure-domain.beta.kubernetes.io/zone`. + // - `topology.istio.io/subzone` is used to match the subzone metadata of an endpoint, which maps to Istio node label `topology.istio.io/subzone`. + // - `kubernetes.io/hostname` is used to match the current node of an endpoint, which maps to Kubernetes node label `kubernetes.io/hostname`. + // + // The below topology config indicates the following priority levels: + // + // ```yaml + // failoverPriority: + // - "topology.istio.io/network" + // - "topology.kubernetes.io/region" + // - "topology.kubernetes.io/zone" + // - "topology.istio.io/subzone" + // ``` + // + // 1. endpoints match same [network, region, zone, subzone] label with the client proxy have the highest priority. + // 2. endpoints have same [network, region, zone] label but different [subzone] label with the client proxy have the second highest priority. + // 3. endpoints have same [network, region] label but different [zone] label with the client proxy have the third highest priority. + // 4. endpoints have same [network] but different [region] labels with the client proxy have the fourth highest priority. + // 5. all the other endpoints have the same lowest priority. + // + // Suppose a service associated endpoints reside in multi clusters, the below example represents: + // 1. endpoints in `clusterA` and has `version=v1` label have P(0) priority. + // 2. endpoints not in `clusterA` but has `version=v1` label have P(1) priority. + // 2. all the other endpoints have P(2) priority. + // + // ```yaml + // failoverPriority: + // - "version=v1" + // - "topology.istio.io/cluster=clusterA" + // ``` + // + // Optional: only one of distribute, failover or failoverPriority can be set. + // And it should be used together with `OutlierDetection` to detect unhealthy endpoints, otherwise has no effect. + FailoverPriority []string `protobuf:"bytes,4,rep,name=failover_priority,json=failoverPriority,proto3" json:"failover_priority,omitempty"` + // enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety. + // e.g. true means that turn on locality load balancing for this DestinationRule no matter what mesh wide settings is. + Enabled *wrappers.BoolValue `protobuf:"bytes,3,opt,name=enabled,proto3" json:"enabled,omitempty"` +} + +func (x *LocalityLoadBalancerSetting) Reset() { + *x = LocalityLoadBalancerSetting{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_destination_rule_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *LocalityLoadBalancerSetting) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*LocalityLoadBalancerSetting) ProtoMessage() {} + +func (x *LocalityLoadBalancerSetting) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_destination_rule_proto_msgTypes[7] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use LocalityLoadBalancerSetting.ProtoReflect.Descriptor instead. +func (*LocalityLoadBalancerSetting) Descriptor() ([]byte, []int) { + return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{7} +} + +func (x *LocalityLoadBalancerSetting) GetDistribute() []*LocalityLoadBalancerSetting_Distribute { + if x != nil { + return x.Distribute + } + return nil +} + +func (x *LocalityLoadBalancerSetting) GetFailover() []*LocalityLoadBalancerSetting_Failover { + if x != nil { + return x.Failover + } + return nil +} + +func (x *LocalityLoadBalancerSetting) GetFailoverPriority() []string { + if x != nil { + return x.FailoverPriority + } + return nil +} + +func (x *LocalityLoadBalancerSetting) GetEnabled() *wrappers.BoolValue { + if x != nil { + return x.Enabled + } + return nil +} + +// Traffic policies that apply to specific ports of the service +type TrafficPolicy_PortTrafficPolicy struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Specifies the number of a port on the destination service + // on which this policy is being applied. + Port *PortSelector `protobuf:"bytes,1,opt,name=port,proto3" json:"port,omitempty"` + // Settings controlling the load balancer algorithms. + LoadBalancer *LoadBalancerSettings `protobuf:"bytes,2,opt,name=load_balancer,json=loadBalancer,proto3" json:"load_balancer,omitempty"` + // Settings controlling the volume of connections to an upstream service + ConnectionPool *ConnectionPoolSettings `protobuf:"bytes,3,opt,name=connection_pool,json=connectionPool,proto3" json:"connection_pool,omitempty"` + // Settings controlling eviction of unhealthy hosts from the load balancing pool + OutlierDetection *OutlierDetection `protobuf:"bytes,4,opt,name=outlier_detection,json=outlierDetection,proto3" json:"outlier_detection,omitempty"` + // TLS related settings for connections to the upstream service. + Tls *ClientTLSSettings `protobuf:"bytes,5,opt,name=tls,proto3" json:"tls,omitempty"` +} + +func (x *TrafficPolicy_PortTrafficPolicy) Reset() { + *x = TrafficPolicy_PortTrafficPolicy{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_destination_rule_proto_msgTypes[8] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *TrafficPolicy_PortTrafficPolicy) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*TrafficPolicy_PortTrafficPolicy) ProtoMessage() {} + +func (x *TrafficPolicy_PortTrafficPolicy) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_destination_rule_proto_msgTypes[8] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use TrafficPolicy_PortTrafficPolicy.ProtoReflect.Descriptor instead. +func (*TrafficPolicy_PortTrafficPolicy) Descriptor() ([]byte, []int) { + return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{1, 0} +} + +func (x *TrafficPolicy_PortTrafficPolicy) GetPort() *PortSelector { + if x != nil { + return x.Port + } + return nil +} + +func (x *TrafficPolicy_PortTrafficPolicy) GetLoadBalancer() *LoadBalancerSettings { + if x != nil { + return x.LoadBalancer + } + return nil +} + +func (x *TrafficPolicy_PortTrafficPolicy) GetConnectionPool() *ConnectionPoolSettings { + if x != nil { + return x.ConnectionPool + } + return nil +} + +func (x *TrafficPolicy_PortTrafficPolicy) GetOutlierDetection() *OutlierDetection { + if x != nil { + return x.OutlierDetection + } + return nil +} + +func (x *TrafficPolicy_PortTrafficPolicy) GetTls() *ClientTLSSettings { + if x != nil { + return x.Tls + } + return nil +} + +type TrafficPolicy_TunnelSettings struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Specifies which protocol to use for tunneling the downstream connection. + // Supported protocols are: + // + // CONNECT - uses HTTP CONNECT; + // POST - uses HTTP POST. + // + // CONNECT is used by default if not specified. + // HTTP version for upstream requests is determined by the service protocol defined for the proxy. + Protocol string `protobuf:"bytes,1,opt,name=protocol,proto3" json:"protocol,omitempty"` + // Specifies a host to which the downstream connection is tunneled. + // Target host must be an FQDN or IP address. + TargetHost string `protobuf:"bytes,2,opt,name=target_host,json=targetHost,proto3" json:"target_host,omitempty"` + // Specifies a port to which the downstream connection is tunneled. + TargetPort uint32 `protobuf:"varint,3,opt,name=target_port,json=targetPort,proto3" json:"target_port,omitempty"` +} + +func (x *TrafficPolicy_TunnelSettings) Reset() { + *x = TrafficPolicy_TunnelSettings{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_destination_rule_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *TrafficPolicy_TunnelSettings) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*TrafficPolicy_TunnelSettings) ProtoMessage() {} + +func (x *TrafficPolicy_TunnelSettings) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_destination_rule_proto_msgTypes[9] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use TrafficPolicy_TunnelSettings.ProtoReflect.Descriptor instead. +func (*TrafficPolicy_TunnelSettings) Descriptor() ([]byte, []int) { + return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{1, 1} +} + +func (x *TrafficPolicy_TunnelSettings) GetProtocol() string { + if x != nil { + return x.Protocol + } + return "" +} + +func (x *TrafficPolicy_TunnelSettings) GetTargetHost() string { + if x != nil { + return x.TargetHost + } + return "" +} + +func (x *TrafficPolicy_TunnelSettings) GetTargetPort() uint32 { + if x != nil { + return x.TargetPort + } + return 0 +} + +type TrafficPolicy_ProxyProtocol struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The PROXY protocol version to use. See https://www.haproxy.org/download/2.1/doc/proxy-protocol.txt for details. + // By default it is `V1`. + Version TrafficPolicy_ProxyProtocol_VERSION `protobuf:"varint,1,opt,name=version,proto3,enum=istio.networking.v1.TrafficPolicy_ProxyProtocol_VERSION" json:"version,omitempty"` +} + +func (x *TrafficPolicy_ProxyProtocol) Reset() { + *x = TrafficPolicy_ProxyProtocol{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_destination_rule_proto_msgTypes[10] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *TrafficPolicy_ProxyProtocol) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*TrafficPolicy_ProxyProtocol) ProtoMessage() {} + +func (x *TrafficPolicy_ProxyProtocol) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_destination_rule_proto_msgTypes[10] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use TrafficPolicy_ProxyProtocol.ProtoReflect.Descriptor instead. +func (*TrafficPolicy_ProxyProtocol) Descriptor() ([]byte, []int) { + return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{1, 2} +} + +func (x *TrafficPolicy_ProxyProtocol) GetVersion() TrafficPolicy_ProxyProtocol_VERSION { + if x != nil { + return x.Version + } + return TrafficPolicy_ProxyProtocol_V1 +} + +// Consistent Hash-based load balancing can be used to provide soft +// session affinity based on HTTP headers, cookies or other +// properties. The affinity to a particular destination host may be +// lost when one or more hosts are added/removed from the destination +// service. +// +// Note: consistent hashing is less reliable at maintaining affinity than common +// "sticky sessions" implementations, which often encode a specific destination in +// a cookie, ensuring affinity is maintained as long as the backend remains. +// With consistent hash, the guarantees are weaker; any host addition or removal can +// break affinity for `1/backends` requests. +// +// Warning: consistent hashing depends on each proxy having a consistent view of endpoints. +// This is not the case when locality load balancing is enabled. Locality load balancing +// and consistent hash will only work together when all proxies are in the same locality, +// or a high level load balancer handles locality affinity. +type LoadBalancerSettings_ConsistentHashLB struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The hash key to use. + // + // Types that are assignable to HashKey: + // + // *LoadBalancerSettings_ConsistentHashLB_HttpHeaderName + // *LoadBalancerSettings_ConsistentHashLB_HttpCookie + // *LoadBalancerSettings_ConsistentHashLB_UseSourceIp + // *LoadBalancerSettings_ConsistentHashLB_HttpQueryParameterName + HashKey isLoadBalancerSettings_ConsistentHashLB_HashKey `protobuf_oneof:"hash_key"` + // The hash algorithm to use. + // Please refer to https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#ring-hash + // and https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#maglev for + // considerations on choosing an algorithm. + // Defaults to RingHash if not specified. + // + // Types that are assignable to HashAlgorithm: + // + // *LoadBalancerSettings_ConsistentHashLB_RingHash_ + // *LoadBalancerSettings_ConsistentHashLB_Maglev + HashAlgorithm isLoadBalancerSettings_ConsistentHashLB_HashAlgorithm `protobuf_oneof:"hash_algorithm"` + // Deprecated. Use RingHash instead. + // + // Deprecated: Marked as deprecated in networking/v1/destination_rule.proto. + MinimumRingSize uint64 `protobuf:"varint,4,opt,name=minimum_ring_size,json=minimumRingSize,proto3" json:"minimum_ring_size,omitempty"` +} + +func (x *LoadBalancerSettings_ConsistentHashLB) Reset() { + *x = LoadBalancerSettings_ConsistentHashLB{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_destination_rule_proto_msgTypes[12] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *LoadBalancerSettings_ConsistentHashLB) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*LoadBalancerSettings_ConsistentHashLB) ProtoMessage() {} + +func (x *LoadBalancerSettings_ConsistentHashLB) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_destination_rule_proto_msgTypes[12] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use LoadBalancerSettings_ConsistentHashLB.ProtoReflect.Descriptor instead. +func (*LoadBalancerSettings_ConsistentHashLB) Descriptor() ([]byte, []int) { + return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{3, 0} +} + +func (m *LoadBalancerSettings_ConsistentHashLB) GetHashKey() isLoadBalancerSettings_ConsistentHashLB_HashKey { + if m != nil { + return m.HashKey + } + return nil +} + +func (x *LoadBalancerSettings_ConsistentHashLB) GetHttpHeaderName() string { + if x, ok := x.GetHashKey().(*LoadBalancerSettings_ConsistentHashLB_HttpHeaderName); ok { + return x.HttpHeaderName + } + return "" +} + +func (x *LoadBalancerSettings_ConsistentHashLB) GetHttpCookie() *LoadBalancerSettings_ConsistentHashLB_HTTPCookie { + if x, ok := x.GetHashKey().(*LoadBalancerSettings_ConsistentHashLB_HttpCookie); ok { + return x.HttpCookie + } + return nil +} + +func (x *LoadBalancerSettings_ConsistentHashLB) GetUseSourceIp() bool { + if x, ok := x.GetHashKey().(*LoadBalancerSettings_ConsistentHashLB_UseSourceIp); ok { + return x.UseSourceIp + } + return false +} + +func (x *LoadBalancerSettings_ConsistentHashLB) GetHttpQueryParameterName() string { + if x, ok := x.GetHashKey().(*LoadBalancerSettings_ConsistentHashLB_HttpQueryParameterName); ok { + return x.HttpQueryParameterName + } + return "" +} + +func (m *LoadBalancerSettings_ConsistentHashLB) GetHashAlgorithm() isLoadBalancerSettings_ConsistentHashLB_HashAlgorithm { + if m != nil { + return m.HashAlgorithm + } + return nil +} + +func (x *LoadBalancerSettings_ConsistentHashLB) GetRingHash() *LoadBalancerSettings_ConsistentHashLB_RingHash { + if x, ok := x.GetHashAlgorithm().(*LoadBalancerSettings_ConsistentHashLB_RingHash_); ok { + return x.RingHash + } + return nil +} + +func (x *LoadBalancerSettings_ConsistentHashLB) GetMaglev() *LoadBalancerSettings_ConsistentHashLB_MagLev { + if x, ok := x.GetHashAlgorithm().(*LoadBalancerSettings_ConsistentHashLB_Maglev); ok { + return x.Maglev + } + return nil +} + +// Deprecated: Marked as deprecated in networking/v1/destination_rule.proto. +func (x *LoadBalancerSettings_ConsistentHashLB) GetMinimumRingSize() uint64 { + if x != nil { + return x.MinimumRingSize + } + return 0 +} + +type isLoadBalancerSettings_ConsistentHashLB_HashKey interface { + isLoadBalancerSettings_ConsistentHashLB_HashKey() +} + +type LoadBalancerSettings_ConsistentHashLB_HttpHeaderName struct { + // Hash based on a specific HTTP header. + HttpHeaderName string `protobuf:"bytes,1,opt,name=http_header_name,json=httpHeaderName,proto3,oneof"` +} + +type LoadBalancerSettings_ConsistentHashLB_HttpCookie struct { + // Hash based on HTTP cookie. + HttpCookie *LoadBalancerSettings_ConsistentHashLB_HTTPCookie `protobuf:"bytes,2,opt,name=http_cookie,json=httpCookie,proto3,oneof"` +} + +type LoadBalancerSettings_ConsistentHashLB_UseSourceIp struct { + // Hash based on the source IP address. + // This is applicable for both TCP and HTTP connections. + UseSourceIp bool `protobuf:"varint,3,opt,name=use_source_ip,json=useSourceIp,proto3,oneof"` +} + +type LoadBalancerSettings_ConsistentHashLB_HttpQueryParameterName struct { + // Hash based on a specific HTTP query parameter. + HttpQueryParameterName string `protobuf:"bytes,5,opt,name=http_query_parameter_name,json=httpQueryParameterName,proto3,oneof"` +} + +func (*LoadBalancerSettings_ConsistentHashLB_HttpHeaderName) isLoadBalancerSettings_ConsistentHashLB_HashKey() { +} + +func (*LoadBalancerSettings_ConsistentHashLB_HttpCookie) isLoadBalancerSettings_ConsistentHashLB_HashKey() { +} + +func (*LoadBalancerSettings_ConsistentHashLB_UseSourceIp) isLoadBalancerSettings_ConsistentHashLB_HashKey() { +} + +func (*LoadBalancerSettings_ConsistentHashLB_HttpQueryParameterName) isLoadBalancerSettings_ConsistentHashLB_HashKey() { +} + +type isLoadBalancerSettings_ConsistentHashLB_HashAlgorithm interface { + isLoadBalancerSettings_ConsistentHashLB_HashAlgorithm() +} + +type LoadBalancerSettings_ConsistentHashLB_RingHash_ struct { + // The ring/modulo hash load balancer implements consistent hashing to backend hosts. + RingHash *LoadBalancerSettings_ConsistentHashLB_RingHash `protobuf:"bytes,6,opt,name=ring_hash,json=ringHash,proto3,oneof"` +} + +type LoadBalancerSettings_ConsistentHashLB_Maglev struct { + // The Maglev load balancer implements consistent hashing to backend hosts. + Maglev *LoadBalancerSettings_ConsistentHashLB_MagLev `protobuf:"bytes,7,opt,name=maglev,proto3,oneof"` +} + +func (*LoadBalancerSettings_ConsistentHashLB_RingHash_) isLoadBalancerSettings_ConsistentHashLB_HashAlgorithm() { +} + +func (*LoadBalancerSettings_ConsistentHashLB_Maglev) isLoadBalancerSettings_ConsistentHashLB_HashAlgorithm() { +} + +type LoadBalancerSettings_ConsistentHashLB_RingHash struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The minimum number of virtual nodes to use for the hash + // ring. Defaults to 1024. Larger ring sizes result in more granular + // load distributions. If the number of hosts in the load balancing + // pool is larger than the ring size, each host will be assigned a + // single virtual node. + MinimumRingSize uint64 `protobuf:"varint,1,opt,name=minimum_ring_size,json=minimumRingSize,proto3" json:"minimum_ring_size,omitempty"` +} + +func (x *LoadBalancerSettings_ConsistentHashLB_RingHash) Reset() { + *x = LoadBalancerSettings_ConsistentHashLB_RingHash{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_destination_rule_proto_msgTypes[13] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *LoadBalancerSettings_ConsistentHashLB_RingHash) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*LoadBalancerSettings_ConsistentHashLB_RingHash) ProtoMessage() {} + +func (x *LoadBalancerSettings_ConsistentHashLB_RingHash) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_destination_rule_proto_msgTypes[13] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use LoadBalancerSettings_ConsistentHashLB_RingHash.ProtoReflect.Descriptor instead. +func (*LoadBalancerSettings_ConsistentHashLB_RingHash) Descriptor() ([]byte, []int) { + return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{3, 0, 0} +} + +func (x *LoadBalancerSettings_ConsistentHashLB_RingHash) GetMinimumRingSize() uint64 { + if x != nil { + return x.MinimumRingSize + } + return 0 +} + +type LoadBalancerSettings_ConsistentHashLB_MagLev struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The table size for Maglev hashing. This helps in controlling the + // disruption when the backend hosts change. + // Increasing the table size reduces the amount of disruption. + TableSize uint64 `protobuf:"varint,1,opt,name=table_size,json=tableSize,proto3" json:"table_size,omitempty"` +} + +func (x *LoadBalancerSettings_ConsistentHashLB_MagLev) Reset() { + *x = LoadBalancerSettings_ConsistentHashLB_MagLev{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_destination_rule_proto_msgTypes[14] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *LoadBalancerSettings_ConsistentHashLB_MagLev) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*LoadBalancerSettings_ConsistentHashLB_MagLev) ProtoMessage() {} + +func (x *LoadBalancerSettings_ConsistentHashLB_MagLev) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_destination_rule_proto_msgTypes[14] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use LoadBalancerSettings_ConsistentHashLB_MagLev.ProtoReflect.Descriptor instead. +func (*LoadBalancerSettings_ConsistentHashLB_MagLev) Descriptor() ([]byte, []int) { + return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{3, 0, 1} +} + +func (x *LoadBalancerSettings_ConsistentHashLB_MagLev) GetTableSize() uint64 { + if x != nil { + return x.TableSize + } + return 0 +} + +// Describes a HTTP cookie that will be used as the hash key for the +// Consistent Hash load balancer. +type LoadBalancerSettings_ConsistentHashLB_HTTPCookie struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Name of the cookie. + Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` + // Path to set for the cookie. + Path string `protobuf:"bytes,2,opt,name=path,proto3" json:"path,omitempty"` + // Lifetime of the cookie. If specified, a cookie with the TTL will be + // generated if the cookie is not present. If the TTL is present and zero, + // the generated cookie will be a session cookie. + Ttl *duration.Duration `protobuf:"bytes,3,opt,name=ttl,proto3" json:"ttl,omitempty"` +} + +func (x *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) Reset() { + *x = LoadBalancerSettings_ConsistentHashLB_HTTPCookie{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_destination_rule_proto_msgTypes[15] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*LoadBalancerSettings_ConsistentHashLB_HTTPCookie) ProtoMessage() {} + +func (x *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_destination_rule_proto_msgTypes[15] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use LoadBalancerSettings_ConsistentHashLB_HTTPCookie.ProtoReflect.Descriptor instead. +func (*LoadBalancerSettings_ConsistentHashLB_HTTPCookie) Descriptor() ([]byte, []int) { + return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{3, 0, 2} +} + +func (x *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) GetName() string { + if x != nil { + return x.Name + } + return "" +} + +func (x *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) GetPath() string { + if x != nil { + return x.Path + } + return "" +} + +func (x *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) GetTtl() *duration.Duration { + if x != nil { + return x.Ttl + } + return nil +} + +// Settings common to both HTTP and TCP upstream connections. +type ConnectionPoolSettings_TCPSettings struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Maximum number of HTTP1 /TCP connections to a destination host. Default 2^32-1. + MaxConnections int32 `protobuf:"varint,1,opt,name=max_connections,json=maxConnections,proto3" json:"max_connections,omitempty"` + // TCP connection timeout. format: + // 1h/1m/1s/1ms. MUST BE >=1ms. Default is 10s. + ConnectTimeout *duration.Duration `protobuf:"bytes,2,opt,name=connect_timeout,json=connectTimeout,proto3" json:"connect_timeout,omitempty"` + // If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. + TcpKeepalive *ConnectionPoolSettings_TCPSettings_TcpKeepalive `protobuf:"bytes,3,opt,name=tcp_keepalive,json=tcpKeepalive,proto3" json:"tcp_keepalive,omitempty"` + // The maximum duration of a connection. The duration is defined as the period since a connection + // was established. If not set, there is no max duration. When max_connection_duration + // is reached the connection will be closed. Duration must be at least 1ms. + MaxConnectionDuration *duration.Duration `protobuf:"bytes,4,opt,name=max_connection_duration,json=maxConnectionDuration,proto3" json:"max_connection_duration,omitempty"` + // The idle timeout for TCP connections. + // The idle timeout is defined as the period in which there are no bytes sent or received on either + // the upstream or downstream connection. + // If not set, the default idle timeout is 1 hour. If set to 0s, the timeout will be disabled. + // Idle timeout is not configured per each cluster individually when weighted destinations are used, + // because idleTimeout is a property of a listener, not a cluster. In that case, idleTimeout + // specified in a destination rule for the first weighted route is configured in the listener, + // which means also for all weighted routes. + IdleTimeout *duration.Duration `protobuf:"bytes,5,opt,name=idle_timeout,json=idleTimeout,proto3" json:"idle_timeout,omitempty"` +} + +func (x *ConnectionPoolSettings_TCPSettings) Reset() { + *x = ConnectionPoolSettings_TCPSettings{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_destination_rule_proto_msgTypes[16] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ConnectionPoolSettings_TCPSettings) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ConnectionPoolSettings_TCPSettings) ProtoMessage() {} + +func (x *ConnectionPoolSettings_TCPSettings) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_destination_rule_proto_msgTypes[16] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ConnectionPoolSettings_TCPSettings.ProtoReflect.Descriptor instead. +func (*ConnectionPoolSettings_TCPSettings) Descriptor() ([]byte, []int) { + return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{4, 0} +} + +func (x *ConnectionPoolSettings_TCPSettings) GetMaxConnections() int32 { + if x != nil { + return x.MaxConnections + } + return 0 +} + +func (x *ConnectionPoolSettings_TCPSettings) GetConnectTimeout() *duration.Duration { + if x != nil { + return x.ConnectTimeout + } + return nil +} + +func (x *ConnectionPoolSettings_TCPSettings) GetTcpKeepalive() *ConnectionPoolSettings_TCPSettings_TcpKeepalive { + if x != nil { + return x.TcpKeepalive + } + return nil +} + +func (x *ConnectionPoolSettings_TCPSettings) GetMaxConnectionDuration() *duration.Duration { + if x != nil { + return x.MaxConnectionDuration + } + return nil +} + +func (x *ConnectionPoolSettings_TCPSettings) GetIdleTimeout() *duration.Duration { + if x != nil { + return x.IdleTimeout + } + return nil +} + +// Settings applicable to HTTP1.1/HTTP2/GRPC connections. +type ConnectionPoolSettings_HTTPSettings struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Maximum number of requests that will be queued while waiting for + // a ready connection pool connection. Default 2^32-1. + // Refer to https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/circuit_breaking + // under which conditions a new connection is created for HTTP2. + // Please note that this is applicable to both HTTP/1.1 and HTTP2. + Http1MaxPendingRequests int32 `protobuf:"varint,1,opt,name=http1_max_pending_requests,json=http1MaxPendingRequests,proto3" json:"http1_max_pending_requests,omitempty"` + // Maximum number of active requests to a destination. Default 2^32-1. + // Please note that this is applicable to both HTTP/1.1 and HTTP2. + Http2MaxRequests int32 `protobuf:"varint,2,opt,name=http2_max_requests,json=http2MaxRequests,proto3" json:"http2_max_requests,omitempty"` + // Maximum number of requests per connection to a backend. Setting this + // parameter to 1 disables keep alive. Default 0, meaning "unlimited", + // up to 2^29. + MaxRequestsPerConnection int32 `protobuf:"varint,3,opt,name=max_requests_per_connection,json=maxRequestsPerConnection,proto3" json:"max_requests_per_connection,omitempty"` + // Maximum number of retries that can be outstanding to all hosts in a + // cluster at a given time. Defaults to 2^32-1. + MaxRetries int32 `protobuf:"varint,4,opt,name=max_retries,json=maxRetries,proto3" json:"max_retries,omitempty"` + // The idle timeout for upstream connection pool connections. The idle timeout + // is defined as the period in which there are no active requests. + // If not set, the default is 1 hour. When the idle timeout is reached, + // the connection will be closed. If the connection is an HTTP/2 + // connection a drain sequence will occur prior to closing the connection. + // Note that request based timeouts mean that HTTP/2 PINGs will not + // keep the connection alive. Applies to both HTTP1.1 and HTTP2 connections. + IdleTimeout *duration.Duration `protobuf:"bytes,5,opt,name=idle_timeout,json=idleTimeout,proto3" json:"idle_timeout,omitempty"` + // Specify if http1.1 connection should be upgraded to http2 for the associated destination. + H2UpgradePolicy ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy `protobuf:"varint,6,opt,name=h2_upgrade_policy,json=h2UpgradePolicy,proto3,enum=istio.networking.v1.ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy" json:"h2_upgrade_policy,omitempty"` + // If set to true, client protocol will be preserved while initiating connection to backend. + // Note that when this is set to true, h2_upgrade_policy will be ineffective i.e. the client + // connections will not be upgraded to http2. + UseClientProtocol bool `protobuf:"varint,7,opt,name=use_client_protocol,json=useClientProtocol,proto3" json:"use_client_protocol,omitempty"` + // The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection. + // Defaults to 2^31-1. + MaxConcurrentStreams int32 `protobuf:"varint,8,opt,name=max_concurrent_streams,json=maxConcurrentStreams,proto3" json:"max_concurrent_streams,omitempty"` +} + +func (x *ConnectionPoolSettings_HTTPSettings) Reset() { + *x = ConnectionPoolSettings_HTTPSettings{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_destination_rule_proto_msgTypes[17] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ConnectionPoolSettings_HTTPSettings) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ConnectionPoolSettings_HTTPSettings) ProtoMessage() {} + +func (x *ConnectionPoolSettings_HTTPSettings) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_destination_rule_proto_msgTypes[17] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ConnectionPoolSettings_HTTPSettings.ProtoReflect.Descriptor instead. +func (*ConnectionPoolSettings_HTTPSettings) Descriptor() ([]byte, []int) { + return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{4, 1} +} + +func (x *ConnectionPoolSettings_HTTPSettings) GetHttp1MaxPendingRequests() int32 { + if x != nil { + return x.Http1MaxPendingRequests + } + return 0 +} + +func (x *ConnectionPoolSettings_HTTPSettings) GetHttp2MaxRequests() int32 { + if x != nil { + return x.Http2MaxRequests + } + return 0 +} + +func (x *ConnectionPoolSettings_HTTPSettings) GetMaxRequestsPerConnection() int32 { + if x != nil { + return x.MaxRequestsPerConnection + } + return 0 +} + +func (x *ConnectionPoolSettings_HTTPSettings) GetMaxRetries() int32 { + if x != nil { + return x.MaxRetries + } + return 0 +} + +func (x *ConnectionPoolSettings_HTTPSettings) GetIdleTimeout() *duration.Duration { + if x != nil { + return x.IdleTimeout + } + return nil +} + +func (x *ConnectionPoolSettings_HTTPSettings) GetH2UpgradePolicy() ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy { + if x != nil { + return x.H2UpgradePolicy + } + return ConnectionPoolSettings_HTTPSettings_DEFAULT +} + +func (x *ConnectionPoolSettings_HTTPSettings) GetUseClientProtocol() bool { + if x != nil { + return x.UseClientProtocol + } + return false +} + +func (x *ConnectionPoolSettings_HTTPSettings) GetMaxConcurrentStreams() int32 { + if x != nil { + return x.MaxConcurrentStreams + } + return 0 +} + +// TCP keepalive. +type ConnectionPoolSettings_TCPSettings_TcpKeepalive struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Maximum number of keepalive probes to send without response before + // deciding the connection is dead. Default is to use the OS level configuration + // (unless overridden, Linux defaults to 9.) + Probes uint32 `protobuf:"varint,1,opt,name=probes,proto3" json:"probes,omitempty"` + // The time duration a connection needs to be idle before keep-alive + // probes start being sent. Default is to use the OS level configuration + // (unless overridden, Linux defaults to 7200s (ie 2 hours.) + Time *duration.Duration `protobuf:"bytes,2,opt,name=time,proto3" json:"time,omitempty"` + // The time duration between keep-alive probes. + // Default is to use the OS level configuration + // (unless overridden, Linux defaults to 75s.) + Interval *duration.Duration `protobuf:"bytes,3,opt,name=interval,proto3" json:"interval,omitempty"` +} + +func (x *ConnectionPoolSettings_TCPSettings_TcpKeepalive) Reset() { + *x = ConnectionPoolSettings_TCPSettings_TcpKeepalive{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_destination_rule_proto_msgTypes[18] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ConnectionPoolSettings_TCPSettings_TcpKeepalive) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ConnectionPoolSettings_TCPSettings_TcpKeepalive) ProtoMessage() {} + +func (x *ConnectionPoolSettings_TCPSettings_TcpKeepalive) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_destination_rule_proto_msgTypes[18] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ConnectionPoolSettings_TCPSettings_TcpKeepalive.ProtoReflect.Descriptor instead. +func (*ConnectionPoolSettings_TCPSettings_TcpKeepalive) Descriptor() ([]byte, []int) { + return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{4, 0, 0} +} + +func (x *ConnectionPoolSettings_TCPSettings_TcpKeepalive) GetProbes() uint32 { + if x != nil { + return x.Probes + } + return 0 +} + +func (x *ConnectionPoolSettings_TCPSettings_TcpKeepalive) GetTime() *duration.Duration { + if x != nil { + return x.Time + } + return nil +} + +func (x *ConnectionPoolSettings_TCPSettings_TcpKeepalive) GetInterval() *duration.Duration { + if x != nil { + return x.Interval + } + return nil +} + +// Describes how traffic originating in the 'from' zone or sub-zone is +// distributed over a set of 'to' zones. Syntax for specifying a zone is +// {region}/{zone}/{sub-zone} and terminal wildcards are allowed on any +// segment of the specification. Examples: +// +// `*` - matches all localities +// +// `us-west/*` - all zones and sub-zones within the us-west region +// +// `us-west/zone-1/*` - all sub-zones within us-west/zone-1 +type LocalityLoadBalancerSetting_Distribute struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Originating locality, '/' separated, e.g. 'region/zone/sub_zone'. + From string `protobuf:"bytes,1,opt,name=from,proto3" json:"from,omitempty"` + // Map of upstream localities to traffic distribution weights. The sum of + // all weights should be 100. Any locality not present will + // receive no traffic. + To map[string]uint32 `protobuf:"bytes,2,rep,name=to,proto3" json:"to,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"varint,2,opt,name=value,proto3"` +} + +func (x *LocalityLoadBalancerSetting_Distribute) Reset() { + *x = LocalityLoadBalancerSetting_Distribute{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_destination_rule_proto_msgTypes[19] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *LocalityLoadBalancerSetting_Distribute) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*LocalityLoadBalancerSetting_Distribute) ProtoMessage() {} + +func (x *LocalityLoadBalancerSetting_Distribute) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_destination_rule_proto_msgTypes[19] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use LocalityLoadBalancerSetting_Distribute.ProtoReflect.Descriptor instead. +func (*LocalityLoadBalancerSetting_Distribute) Descriptor() ([]byte, []int) { + return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{7, 0} +} + +func (x *LocalityLoadBalancerSetting_Distribute) GetFrom() string { + if x != nil { + return x.From + } + return "" +} + +func (x *LocalityLoadBalancerSetting_Distribute) GetTo() map[string]uint32 { + if x != nil { + return x.To + } + return nil +} + +// Specify the traffic failover policy across regions. Since zone and sub-zone +// failover is supported by default this only needs to be specified for +// regions when the operator needs to constrain traffic failover so that +// the default behavior of failing over to any endpoint globally does not +// apply. This is useful when failing over traffic across regions would not +// improve service health or may need to be restricted for other reasons +// like regulatory controls. +type LocalityLoadBalancerSetting_Failover struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Originating region. + From string `protobuf:"bytes,1,opt,name=from,proto3" json:"from,omitempty"` + // Destination region the traffic will fail over to when endpoints in + // the 'from' region becomes unhealthy. + To string `protobuf:"bytes,2,opt,name=to,proto3" json:"to,omitempty"` +} + +func (x *LocalityLoadBalancerSetting_Failover) Reset() { + *x = LocalityLoadBalancerSetting_Failover{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_destination_rule_proto_msgTypes[20] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *LocalityLoadBalancerSetting_Failover) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*LocalityLoadBalancerSetting_Failover) ProtoMessage() {} + +func (x *LocalityLoadBalancerSetting_Failover) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_destination_rule_proto_msgTypes[20] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use LocalityLoadBalancerSetting_Failover.ProtoReflect.Descriptor instead. +func (*LocalityLoadBalancerSetting_Failover) Descriptor() ([]byte, []int) { + return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{7, 1} +} + +func (x *LocalityLoadBalancerSetting_Failover) GetFrom() string { + if x != nil { + return x.From + } + return "" +} + +func (x *LocalityLoadBalancerSetting_Failover) GetTo() string { + if x != nil { + return x.To + } + return "" +} + +var File_networking_v1_destination_rule_proto protoreflect.FileDescriptor + +var file_networking_v1_destination_rule_proto_rawDesc = []byte{ + 0x0a, 0x24, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x2f, + 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x75, 0x6c, 0x65, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x13, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, + 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, + 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, + 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x67, 0x6f, + 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x75, + 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x67, 0x6f, + 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x77, 0x72, + 0x61, 0x70, 0x70, 0x65, 0x72, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x23, 0x6e, 0x65, + 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x2f, 0x76, 0x69, 0x72, 0x74, + 0x75, 0x61, 0x6c, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x1a, 0x1b, 0x74, 0x79, 0x70, 0x65, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, + 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x9c, + 0x02, 0x0a, 0x0f, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x75, + 0x6c, 0x65, 0x12, 0x17, 0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x12, 0x49, 0x0a, 0x0e, 0x74, + 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, + 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, + 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x0d, 0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, + 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x35, 0x0a, 0x07, 0x73, 0x75, 0x62, 0x73, 0x65, 0x74, + 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, + 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x75, + 0x62, 0x73, 0x65, 0x74, 0x52, 0x07, 0x73, 0x75, 0x62, 0x73, 0x65, 0x74, 0x73, 0x12, 0x1b, 0x0a, + 0x09, 0x65, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x74, 0x6f, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, + 0x52, 0x08, 0x65, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x54, 0x6f, 0x12, 0x51, 0x0a, 0x11, 0x77, 0x6f, + 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, + 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x74, 0x79, + 0x70, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, + 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x52, 0x10, 0x77, 0x6f, 0x72, + 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x22, 0xc8, 0x09, + 0x0a, 0x0d, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, + 0x4e, 0x0a, 0x0d, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x62, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, + 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x6f, 0x61, + 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, + 0x73, 0x52, 0x0c, 0x6c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x12, + 0x54, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x6f, + 0x6f, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, + 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x43, + 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x53, 0x65, 0x74, + 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, + 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x12, 0x52, 0x0a, 0x11, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, + 0x5f, 0x64, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x25, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, + 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x4f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x44, 0x65, + 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, + 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x38, 0x0a, 0x03, 0x74, 0x6c, 0x73, + 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, + 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x6c, 0x69, + 0x65, 0x6e, 0x74, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x03, + 0x74, 0x6c, 0x73, 0x12, 0x64, 0x0a, 0x13, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x6c, 0x65, 0x76, 0x65, + 0x6c, 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, + 0x32, 0x34, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, + 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, + 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x50, 0x6f, 0x72, 0x74, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, + 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x11, 0x70, 0x6f, 0x72, 0x74, 0x4c, 0x65, 0x76, 0x65, + 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x49, 0x0a, 0x06, 0x74, 0x75, 0x6e, + 0x6e, 0x65, 0x6c, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x69, 0x73, 0x74, 0x69, + 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, + 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x54, 0x75, + 0x6e, 0x6e, 0x65, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x74, 0x75, + 0x6e, 0x6e, 0x65, 0x6c, 0x12, 0x57, 0x0a, 0x0e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x5f, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x69, + 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, + 0x76, 0x31, 0x2e, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, + 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x52, 0x0d, + 0x70, 0x72, 0x6f, 0x78, 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x1a, 0xfe, 0x02, + 0x0a, 0x11, 0x50, 0x6f, 0x72, 0x74, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, + 0x69, 0x63, 0x79, 0x12, 0x35, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x21, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, + 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x6f, 0x72, 0x74, 0x53, 0x65, 0x6c, 0x65, + 0x63, 0x74, 0x6f, 0x72, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x4e, 0x0a, 0x0d, 0x6c, 0x6f, + 0x61, 0x64, 0x5f, 0x62, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x29, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, + 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, + 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0c, 0x6c, 0x6f, + 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x12, 0x54, 0x0a, 0x0f, 0x63, 0x6f, + 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x6f, 0x6f, 0x6c, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, + 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, + 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, + 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, + 0x12, 0x52, 0x0a, 0x11, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x5f, 0x64, 0x65, 0x74, 0x65, + 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x73, + 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, + 0x31, 0x2e, 0x4f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, + 0x6f, 0x6e, 0x52, 0x10, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x44, 0x65, 0x74, 0x65, 0x63, + 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x38, 0x0a, 0x03, 0x74, 0x6c, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, + 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x54, 0x4c, + 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x03, 0x74, 0x6c, 0x73, 0x1a, 0x78, + 0x0a, 0x0e, 0x54, 0x75, 0x6e, 0x6e, 0x65, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, + 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x24, 0x0a, 0x0b, + 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0a, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x48, 0x6f, + 0x73, 0x74, 0x12, 0x24, 0x0a, 0x0b, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x70, 0x6f, 0x72, + 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0a, 0x74, 0x61, + 0x72, 0x67, 0x65, 0x74, 0x50, 0x6f, 0x72, 0x74, 0x1a, 0x7e, 0x0a, 0x0d, 0x50, 0x72, 0x6f, 0x78, + 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x52, 0x0a, 0x07, 0x76, 0x65, 0x72, + 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x38, 0x2e, 0x69, 0x73, 0x74, + 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, + 0x2e, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x50, + 0x72, 0x6f, 0x78, 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2e, 0x56, 0x45, 0x52, + 0x53, 0x49, 0x4f, 0x4e, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x19, 0x0a, + 0x07, 0x56, 0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x12, 0x06, 0x0a, 0x02, 0x56, 0x31, 0x10, 0x00, + 0x12, 0x06, 0x0a, 0x02, 0x56, 0x32, 0x10, 0x01, 0x22, 0xe8, 0x01, 0x0a, 0x06, 0x53, 0x75, 0x62, + 0x73, 0x65, 0x74, 0x12, 0x17, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x3f, 0x0a, 0x06, + 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x69, + 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, + 0x76, 0x31, 0x2e, 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, + 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x12, 0x49, 0x0a, + 0x0e, 0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, + 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, + 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x72, 0x61, 0x66, + 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x0d, 0x74, 0x72, 0x61, 0x66, 0x66, + 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x1a, 0x39, 0x0a, 0x0b, 0x4c, 0x61, 0x62, 0x65, + 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, + 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, + 0x02, 0x38, 0x01, 0x22, 0xdf, 0x09, 0x0a, 0x14, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, + 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x4c, 0x0a, 0x06, + 0x73, 0x69, 0x6d, 0x70, 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x32, 0x2e, 0x69, + 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, + 0x76, 0x31, 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, + 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x53, 0x69, 0x6d, 0x70, 0x6c, 0x65, 0x4c, 0x42, + 0x48, 0x00, 0x52, 0x06, 0x73, 0x69, 0x6d, 0x70, 0x6c, 0x65, 0x12, 0x65, 0x0a, 0x0f, 0x63, 0x6f, + 0x6e, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x74, 0x5f, 0x68, 0x61, 0x73, 0x68, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, + 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, + 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x43, + 0x6f, 0x6e, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x74, 0x48, 0x61, 0x73, 0x68, 0x4c, 0x42, 0x48, + 0x00, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x74, 0x48, 0x61, 0x73, + 0x68, 0x12, 0x60, 0x0a, 0x13, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x5f, 0x6c, 0x62, + 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, + 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, + 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x4c, 0x6f, 0x61, + 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, + 0x52, 0x11, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x4c, 0x62, 0x53, 0x65, 0x74, 0x74, + 0x69, 0x6e, 0x67, 0x12, 0x4b, 0x0a, 0x14, 0x77, 0x61, 0x72, 0x6d, 0x75, 0x70, 0x5f, 0x64, 0x75, + 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x65, 0x63, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x12, 0x77, 0x61, + 0x72, 0x6d, 0x75, 0x70, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x63, 0x73, + 0x1a, 0xe3, 0x05, 0x0a, 0x10, 0x43, 0x6f, 0x6e, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x74, 0x48, + 0x61, 0x73, 0x68, 0x4c, 0x42, 0x12, 0x2a, 0x0a, 0x10, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x68, 0x65, + 0x61, 0x64, 0x65, 0x72, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x48, + 0x00, 0x52, 0x0e, 0x68, 0x74, 0x74, 0x70, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4e, 0x61, 0x6d, + 0x65, 0x12, 0x68, 0x0a, 0x0b, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x63, 0x6f, 0x6f, 0x6b, 0x69, 0x65, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x45, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, + 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x6f, 0x61, + 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, + 0x73, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x74, 0x48, 0x61, 0x73, 0x68, + 0x4c, 0x42, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x48, 0x00, 0x52, + 0x0a, 0x68, 0x74, 0x74, 0x70, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x75, + 0x73, 0x65, 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x70, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x08, 0x48, 0x00, 0x52, 0x0b, 0x75, 0x73, 0x65, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, + 0x70, 0x12, 0x3b, 0x0a, 0x19, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x71, 0x75, 0x65, 0x72, 0x79, 0x5f, + 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x05, + 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x16, 0x68, 0x74, 0x74, 0x70, 0x51, 0x75, 0x65, 0x72, + 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x62, + 0x0a, 0x09, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x68, 0x61, 0x73, 0x68, 0x18, 0x06, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x43, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, + 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, + 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x43, 0x6f, 0x6e, + 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x74, 0x48, 0x61, 0x73, 0x68, 0x4c, 0x42, 0x2e, 0x52, 0x69, + 0x6e, 0x67, 0x48, 0x61, 0x73, 0x68, 0x48, 0x01, 0x52, 0x08, 0x72, 0x69, 0x6e, 0x67, 0x48, 0x61, + 0x73, 0x68, 0x12, 0x5b, 0x0a, 0x06, 0x6d, 0x61, 0x67, 0x6c, 0x65, 0x76, 0x18, 0x07, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x41, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, + 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, + 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x43, 0x6f, + 0x6e, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x74, 0x48, 0x61, 0x73, 0x68, 0x4c, 0x42, 0x2e, 0x4d, + 0x61, 0x67, 0x4c, 0x65, 0x76, 0x48, 0x01, 0x52, 0x06, 0x6d, 0x61, 0x67, 0x6c, 0x65, 0x76, 0x12, + 0x2e, 0x0a, 0x11, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x5f, + 0x73, 0x69, 0x7a, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, 0x42, 0x02, 0x18, 0x01, 0x52, 0x0f, + 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x52, 0x69, 0x6e, 0x67, 0x53, 0x69, 0x7a, 0x65, 0x1a, + 0x36, 0x0a, 0x08, 0x52, 0x69, 0x6e, 0x67, 0x48, 0x61, 0x73, 0x68, 0x12, 0x2a, 0x0a, 0x11, 0x6d, + 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x73, 0x69, 0x7a, 0x65, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0f, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x52, + 0x69, 0x6e, 0x67, 0x53, 0x69, 0x7a, 0x65, 0x1a, 0x27, 0x0a, 0x06, 0x4d, 0x61, 0x67, 0x4c, 0x65, + 0x76, 0x12, 0x1d, 0x0a, 0x0a, 0x74, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x09, 0x74, 0x61, 0x62, 0x6c, 0x65, 0x53, 0x69, 0x7a, 0x65, + 0x1a, 0x66, 0x0a, 0x0a, 0x48, 0x54, 0x54, 0x50, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x12, 0x17, + 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, + 0x02, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x2b, 0x0a, 0x03, 0x74, + 0x74, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x52, 0x03, 0x74, 0x74, 0x6c, 0x42, 0x0a, 0x0a, 0x08, 0x68, 0x61, 0x73, 0x68, + 0x5f, 0x6b, 0x65, 0x79, 0x42, 0x10, 0x0a, 0x0e, 0x68, 0x61, 0x73, 0x68, 0x5f, 0x61, 0x6c, 0x67, + 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x22, 0x70, 0x0a, 0x08, 0x53, 0x69, 0x6d, 0x70, 0x6c, 0x65, + 0x4c, 0x42, 0x12, 0x0f, 0x0a, 0x0b, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, + 0x44, 0x10, 0x00, 0x12, 0x12, 0x0a, 0x0a, 0x4c, 0x45, 0x41, 0x53, 0x54, 0x5f, 0x43, 0x4f, 0x4e, + 0x4e, 0x10, 0x01, 0x1a, 0x02, 0x08, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x52, 0x41, 0x4e, 0x44, 0x4f, + 0x4d, 0x10, 0x02, 0x12, 0x0f, 0x0a, 0x0b, 0x50, 0x41, 0x53, 0x53, 0x54, 0x48, 0x52, 0x4f, 0x55, + 0x47, 0x48, 0x10, 0x03, 0x12, 0x0f, 0x0a, 0x0b, 0x52, 0x4f, 0x55, 0x4e, 0x44, 0x5f, 0x52, 0x4f, + 0x42, 0x49, 0x4e, 0x10, 0x04, 0x12, 0x11, 0x0a, 0x0d, 0x4c, 0x45, 0x41, 0x53, 0x54, 0x5f, 0x52, + 0x45, 0x51, 0x55, 0x45, 0x53, 0x54, 0x10, 0x05, 0x42, 0x0b, 0x0a, 0x09, 0x6c, 0x62, 0x5f, 0x70, + 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x22, 0xf0, 0x09, 0x0a, 0x16, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, + 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, + 0x12, 0x49, 0x0a, 0x03, 0x74, 0x63, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x37, 0x2e, + 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, + 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, + 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x54, 0x43, 0x50, 0x53, 0x65, + 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x03, 0x74, 0x63, 0x70, 0x12, 0x4c, 0x0a, 0x04, 0x68, + 0x74, 0x74, 0x70, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x69, 0x73, 0x74, 0x69, + 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, + 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x53, 0x65, + 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x53, 0x65, 0x74, 0x74, 0x69, + 0x6e, 0x67, 0x73, 0x52, 0x04, 0x68, 0x74, 0x74, 0x70, 0x1a, 0x85, 0x04, 0x0a, 0x0b, 0x54, 0x43, + 0x50, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x6d, 0x61, 0x78, + 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x05, 0x52, 0x0e, 0x6d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, + 0x6e, 0x73, 0x12, 0x42, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x5f, 0x74, 0x69, + 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, + 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, + 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, + 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x69, 0x0a, 0x0d, 0x74, 0x63, 0x70, 0x5f, 0x6b, 0x65, + 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x44, 0x2e, + 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, + 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, + 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x54, 0x43, 0x50, 0x53, 0x65, + 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x54, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x61, 0x6c, + 0x69, 0x76, 0x65, 0x52, 0x0c, 0x74, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, + 0x65, 0x12, 0x51, 0x0a, 0x17, 0x6d, 0x61, 0x78, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, + 0x69, 0x6f, 0x6e, 0x5f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x15, 0x6d, + 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x75, 0x72, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x3c, 0x0a, 0x0c, 0x69, 0x64, 0x6c, 0x65, 0x5f, 0x74, 0x69, 0x6d, + 0x65, 0x6f, 0x75, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, + 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0b, 0x69, 0x64, 0x6c, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x6f, + 0x75, 0x74, 0x1a, 0x8c, 0x01, 0x0a, 0x0c, 0x54, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x61, 0x6c, + 0x69, 0x76, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x73, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x0d, 0x52, 0x06, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x73, 0x12, 0x2d, 0x0a, 0x04, 0x74, + 0x69, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x04, 0x74, 0x69, 0x6d, 0x65, 0x12, 0x35, 0x0a, 0x08, 0x69, 0x6e, + 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, + 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, + 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, + 0x6c, 0x1a, 0xb4, 0x04, 0x0a, 0x0c, 0x48, 0x54, 0x54, 0x50, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, + 0x67, 0x73, 0x12, 0x3b, 0x0a, 0x1a, 0x68, 0x74, 0x74, 0x70, 0x31, 0x5f, 0x6d, 0x61, 0x78, 0x5f, + 0x70, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x17, 0x68, 0x74, 0x74, 0x70, 0x31, 0x4d, 0x61, 0x78, + 0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x12, + 0x2c, 0x0a, 0x12, 0x68, 0x74, 0x74, 0x70, 0x32, 0x5f, 0x6d, 0x61, 0x78, 0x5f, 0x72, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x10, 0x68, 0x74, 0x74, + 0x70, 0x32, 0x4d, 0x61, 0x78, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x12, 0x3d, 0x0a, + 0x1b, 0x6d, 0x61, 0x78, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x5f, 0x70, 0x65, + 0x72, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x05, 0x52, 0x18, 0x6d, 0x61, 0x78, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x50, + 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1f, 0x0a, 0x0b, + 0x6d, 0x61, 0x78, 0x5f, 0x72, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, + 0x05, 0x52, 0x0a, 0x6d, 0x61, 0x78, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x12, 0x3c, 0x0a, + 0x0c, 0x69, 0x64, 0x6c, 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x05, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0b, + 0x69, 0x64, 0x6c, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x74, 0x0a, 0x11, 0x68, + 0x32, 0x5f, 0x75, 0x70, 0x67, 0x72, 0x61, 0x64, 0x65, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, + 0x18, 0x06, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x48, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, + 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x6f, 0x6e, + 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, + 0x6e, 0x67, 0x73, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, + 0x2e, 0x48, 0x32, 0x55, 0x70, 0x67, 0x72, 0x61, 0x64, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, + 0x52, 0x0f, 0x68, 0x32, 0x55, 0x70, 0x67, 0x72, 0x61, 0x64, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, + 0x79, 0x12, 0x2e, 0x0a, 0x13, 0x75, 0x73, 0x65, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x11, + 0x75, 0x73, 0x65, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, + 0x6c, 0x12, 0x34, 0x0a, 0x16, 0x6d, 0x61, 0x78, 0x5f, 0x63, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, + 0x65, 0x6e, 0x74, 0x5f, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, + 0x05, 0x52, 0x14, 0x6d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, + 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x22, 0x3f, 0x0a, 0x0f, 0x48, 0x32, 0x55, 0x70, 0x67, + 0x72, 0x61, 0x64, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x0b, 0x0a, 0x07, 0x44, 0x45, + 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x00, 0x12, 0x12, 0x0a, 0x0e, 0x44, 0x4f, 0x5f, 0x4e, 0x4f, + 0x54, 0x5f, 0x55, 0x50, 0x47, 0x52, 0x41, 0x44, 0x45, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x55, + 0x50, 0x47, 0x52, 0x41, 0x44, 0x45, 0x10, 0x02, 0x22, 0x8a, 0x05, 0x0a, 0x10, 0x4f, 0x75, 0x74, + 0x6c, 0x69, 0x65, 0x72, 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x31, 0x0a, + 0x12, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x65, 0x72, 0x72, + 0x6f, 0x72, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x42, 0x02, 0x18, 0x01, 0x52, 0x11, 0x63, + 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x73, + 0x12, 0x4a, 0x0a, 0x22, 0x73, 0x70, 0x6c, 0x69, 0x74, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, + 0x61, 0x6c, 0x5f, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x5f, + 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x08, 0x52, 0x1e, 0x73, 0x70, + 0x6c, 0x69, 0x74, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x4c, 0x6f, 0x63, 0x61, 0x6c, + 0x4f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x12, 0x67, 0x0a, 0x21, + 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x6c, 0x6f, 0x63, 0x61, + 0x6c, 0x5f, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x5f, 0x66, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, + 0x73, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, + 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x1e, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, + 0x76, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x4f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x46, 0x61, 0x69, + 0x6c, 0x75, 0x72, 0x65, 0x73, 0x12, 0x5a, 0x0a, 0x1a, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, + 0x74, 0x69, 0x76, 0x65, 0x5f, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x5f, 0x65, 0x72, 0x72, + 0x6f, 0x72, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, + 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x18, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, + 0x74, 0x69, 0x76, 0x65, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x45, 0x72, 0x72, 0x6f, 0x72, + 0x73, 0x12, 0x52, 0x0a, 0x16, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, + 0x5f, 0x35, 0x78, 0x78, 0x5f, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, + 0x14, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x35, 0x78, 0x78, 0x45, + 0x72, 0x72, 0x6f, 0x72, 0x73, 0x12, 0x35, 0x0a, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, + 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x52, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x47, 0x0a, 0x12, + 0x62, 0x61, 0x73, 0x65, 0x5f, 0x65, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x69, + 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x62, 0x61, 0x73, 0x65, 0x45, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, + 0x6e, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x30, 0x0a, 0x14, 0x6d, 0x61, 0x78, 0x5f, 0x65, 0x6a, 0x65, + 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x18, 0x04, 0x20, + 0x01, 0x28, 0x05, 0x52, 0x12, 0x6d, 0x61, 0x78, 0x45, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, + 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x12, 0x2c, 0x0a, 0x12, 0x6d, 0x69, 0x6e, 0x5f, 0x68, + 0x65, 0x61, 0x6c, 0x74, 0x68, 0x5f, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x18, 0x05, 0x20, + 0x01, 0x28, 0x05, 0x52, 0x10, 0x6d, 0x69, 0x6e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x50, 0x65, + 0x72, 0x63, 0x65, 0x6e, 0x74, 0x22, 0xde, 0x03, 0x0a, 0x11, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, + 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x42, 0x0a, 0x04, 0x6d, + 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2e, 0x2e, 0x69, 0x73, 0x74, 0x69, + 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, + 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, + 0x73, 0x2e, 0x54, 0x4c, 0x53, 0x6d, 0x6f, 0x64, 0x65, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, + 0x2d, 0x0a, 0x12, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, + 0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x63, 0x6c, 0x69, + 0x65, 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x1f, + 0x0a, 0x0b, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x0a, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x12, + 0x27, 0x0a, 0x0f, 0x63, 0x61, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, + 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x63, 0x61, 0x43, 0x65, 0x72, 0x74, + 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x63, 0x72, 0x65, 0x64, + 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x0e, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x4e, 0x61, 0x6d, + 0x65, 0x12, 0x2a, 0x0a, 0x11, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x61, 0x6c, 0x74, + 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0f, 0x73, 0x75, + 0x62, 0x6a, 0x65, 0x63, 0x74, 0x41, 0x6c, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x10, 0x0a, + 0x03, 0x73, 0x6e, 0x69, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x73, 0x6e, 0x69, 0x12, + 0x4c, 0x0a, 0x14, 0x69, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x5f, 0x73, 0x6b, 0x69, 0x70, + 0x5f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, + 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x12, 0x69, 0x6e, 0x73, 0x65, 0x63, + 0x75, 0x72, 0x65, 0x53, 0x6b, 0x69, 0x70, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x12, 0x15, 0x0a, + 0x06, 0x63, 0x61, 0x5f, 0x63, 0x72, 0x6c, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x63, + 0x61, 0x43, 0x72, 0x6c, 0x22, 0x40, 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x6d, 0x6f, 0x64, 0x65, 0x12, + 0x0b, 0x0a, 0x07, 0x44, 0x49, 0x53, 0x41, 0x42, 0x4c, 0x45, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, + 0x53, 0x49, 0x4d, 0x50, 0x4c, 0x45, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x4d, 0x55, 0x54, 0x55, + 0x41, 0x4c, 0x10, 0x02, 0x12, 0x10, 0x0a, 0x0c, 0x49, 0x53, 0x54, 0x49, 0x4f, 0x5f, 0x4d, 0x55, + 0x54, 0x55, 0x41, 0x4c, 0x10, 0x03, 0x22, 0x93, 0x04, 0x0a, 0x1b, 0x4c, 0x6f, 0x63, 0x61, 0x6c, + 0x69, 0x74, 0x79, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, + 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x12, 0x5b, 0x0a, 0x0a, 0x64, 0x69, 0x73, 0x74, 0x72, 0x69, + 0x62, 0x75, 0x74, 0x65, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x69, 0x73, 0x74, + 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, + 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, + 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x2e, 0x44, 0x69, 0x73, + 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x52, 0x0a, 0x64, 0x69, 0x73, 0x74, 0x72, 0x69, 0x62, + 0x75, 0x74, 0x65, 0x12, 0x55, 0x0a, 0x08, 0x66, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x18, + 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, + 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x6f, 0x63, 0x61, + 0x6c, 0x69, 0x74, 0x79, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, + 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x2e, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, + 0x52, 0x08, 0x66, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x12, 0x2b, 0x0a, 0x11, 0x66, 0x61, + 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x5f, 0x70, 0x72, 0x69, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, + 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x10, 0x66, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x50, + 0x72, 0x69, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x34, 0x0a, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, + 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, + 0x61, 0x6c, 0x75, 0x65, 0x52, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x1a, 0xac, 0x01, + 0x0a, 0x0a, 0x44, 0x69, 0x73, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x12, 0x12, 0x0a, 0x04, + 0x66, 0x72, 0x6f, 0x6d, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66, 0x72, 0x6f, 0x6d, + 0x12, 0x53, 0x0a, 0x02, 0x74, 0x6f, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x43, 0x2e, 0x69, + 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, + 0x76, 0x31, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x4c, 0x6f, 0x61, 0x64, 0x42, + 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x2e, 0x44, + 0x69, 0x73, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x2e, 0x54, 0x6f, 0x45, 0x6e, 0x74, 0x72, + 0x79, 0x52, 0x02, 0x74, 0x6f, 0x1a, 0x35, 0x0a, 0x07, 0x54, 0x6f, 0x45, 0x6e, 0x74, 0x72, 0x79, + 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, + 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x0d, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x2e, 0x0a, 0x08, + 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x72, 0x6f, 0x6d, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66, 0x72, 0x6f, 0x6d, 0x12, 0x0e, 0x0a, 0x02, + 0x74, 0x6f, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x74, 0x6f, 0x42, 0x1c, 0x5a, 0x1a, + 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6e, 0x65, 0x74, + 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x33, +} + +var ( + file_networking_v1_destination_rule_proto_rawDescOnce sync.Once + file_networking_v1_destination_rule_proto_rawDescData = file_networking_v1_destination_rule_proto_rawDesc +) + +func file_networking_v1_destination_rule_proto_rawDescGZIP() []byte { + file_networking_v1_destination_rule_proto_rawDescOnce.Do(func() { + file_networking_v1_destination_rule_proto_rawDescData = protoimpl.X.CompressGZIP(file_networking_v1_destination_rule_proto_rawDescData) + }) + return file_networking_v1_destination_rule_proto_rawDescData +} + +var file_networking_v1_destination_rule_proto_enumTypes = make([]protoimpl.EnumInfo, 4) +var file_networking_v1_destination_rule_proto_msgTypes = make([]protoimpl.MessageInfo, 22) +var file_networking_v1_destination_rule_proto_goTypes = []interface{}{ + (TrafficPolicy_ProxyProtocol_VERSION)(0), // 0: istio.networking.v1.TrafficPolicy.ProxyProtocol.VERSION + (LoadBalancerSettings_SimpleLB)(0), // 1: istio.networking.v1.LoadBalancerSettings.SimpleLB + (ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy)(0), // 2: istio.networking.v1.ConnectionPoolSettings.HTTPSettings.H2UpgradePolicy + (ClientTLSSettings_TLSmode)(0), // 3: istio.networking.v1.ClientTLSSettings.TLSmode + (*DestinationRule)(nil), // 4: istio.networking.v1.DestinationRule + (*TrafficPolicy)(nil), // 5: istio.networking.v1.TrafficPolicy + (*Subset)(nil), // 6: istio.networking.v1.Subset + (*LoadBalancerSettings)(nil), // 7: istio.networking.v1.LoadBalancerSettings + (*ConnectionPoolSettings)(nil), // 8: istio.networking.v1.ConnectionPoolSettings + (*OutlierDetection)(nil), // 9: istio.networking.v1.OutlierDetection + (*ClientTLSSettings)(nil), // 10: istio.networking.v1.ClientTLSSettings + (*LocalityLoadBalancerSetting)(nil), // 11: istio.networking.v1.LocalityLoadBalancerSetting + (*TrafficPolicy_PortTrafficPolicy)(nil), // 12: istio.networking.v1.TrafficPolicy.PortTrafficPolicy + (*TrafficPolicy_TunnelSettings)(nil), // 13: istio.networking.v1.TrafficPolicy.TunnelSettings + (*TrafficPolicy_ProxyProtocol)(nil), // 14: istio.networking.v1.TrafficPolicy.ProxyProtocol + nil, // 15: istio.networking.v1.Subset.LabelsEntry + (*LoadBalancerSettings_ConsistentHashLB)(nil), // 16: istio.networking.v1.LoadBalancerSettings.ConsistentHashLB + (*LoadBalancerSettings_ConsistentHashLB_RingHash)(nil), // 17: istio.networking.v1.LoadBalancerSettings.ConsistentHashLB.RingHash + (*LoadBalancerSettings_ConsistentHashLB_MagLev)(nil), // 18: istio.networking.v1.LoadBalancerSettings.ConsistentHashLB.MagLev + (*LoadBalancerSettings_ConsistentHashLB_HTTPCookie)(nil), // 19: istio.networking.v1.LoadBalancerSettings.ConsistentHashLB.HTTPCookie + (*ConnectionPoolSettings_TCPSettings)(nil), // 20: istio.networking.v1.ConnectionPoolSettings.TCPSettings + (*ConnectionPoolSettings_HTTPSettings)(nil), // 21: istio.networking.v1.ConnectionPoolSettings.HTTPSettings + (*ConnectionPoolSettings_TCPSettings_TcpKeepalive)(nil), // 22: istio.networking.v1.ConnectionPoolSettings.TCPSettings.TcpKeepalive + (*LocalityLoadBalancerSetting_Distribute)(nil), // 23: istio.networking.v1.LocalityLoadBalancerSetting.Distribute + (*LocalityLoadBalancerSetting_Failover)(nil), // 24: istio.networking.v1.LocalityLoadBalancerSetting.Failover + nil, // 25: istio.networking.v1.LocalityLoadBalancerSetting.Distribute.ToEntry + (*v1beta1.WorkloadSelector)(nil), // 26: istio.type.v1beta1.WorkloadSelector + (*duration.Duration)(nil), // 27: google.protobuf.Duration + (*wrappers.UInt32Value)(nil), // 28: google.protobuf.UInt32Value + (*wrappers.BoolValue)(nil), // 29: google.protobuf.BoolValue + (*PortSelector)(nil), // 30: istio.networking.v1.PortSelector +} +var file_networking_v1_destination_rule_proto_depIdxs = []int32{ + 5, // 0: istio.networking.v1.DestinationRule.traffic_policy:type_name -> istio.networking.v1.TrafficPolicy + 6, // 1: istio.networking.v1.DestinationRule.subsets:type_name -> istio.networking.v1.Subset + 26, // 2: istio.networking.v1.DestinationRule.workload_selector:type_name -> istio.type.v1beta1.WorkloadSelector + 7, // 3: istio.networking.v1.TrafficPolicy.load_balancer:type_name -> istio.networking.v1.LoadBalancerSettings + 8, // 4: istio.networking.v1.TrafficPolicy.connection_pool:type_name -> istio.networking.v1.ConnectionPoolSettings + 9, // 5: istio.networking.v1.TrafficPolicy.outlier_detection:type_name -> istio.networking.v1.OutlierDetection + 10, // 6: istio.networking.v1.TrafficPolicy.tls:type_name -> istio.networking.v1.ClientTLSSettings + 12, // 7: istio.networking.v1.TrafficPolicy.port_level_settings:type_name -> istio.networking.v1.TrafficPolicy.PortTrafficPolicy + 13, // 8: istio.networking.v1.TrafficPolicy.tunnel:type_name -> istio.networking.v1.TrafficPolicy.TunnelSettings + 14, // 9: istio.networking.v1.TrafficPolicy.proxy_protocol:type_name -> istio.networking.v1.TrafficPolicy.ProxyProtocol + 15, // 10: istio.networking.v1.Subset.labels:type_name -> istio.networking.v1.Subset.LabelsEntry + 5, // 11: istio.networking.v1.Subset.traffic_policy:type_name -> istio.networking.v1.TrafficPolicy + 1, // 12: istio.networking.v1.LoadBalancerSettings.simple:type_name -> istio.networking.v1.LoadBalancerSettings.SimpleLB + 16, // 13: istio.networking.v1.LoadBalancerSettings.consistent_hash:type_name -> istio.networking.v1.LoadBalancerSettings.ConsistentHashLB + 11, // 14: istio.networking.v1.LoadBalancerSettings.locality_lb_setting:type_name -> istio.networking.v1.LocalityLoadBalancerSetting + 27, // 15: istio.networking.v1.LoadBalancerSettings.warmup_duration_secs:type_name -> google.protobuf.Duration + 20, // 16: istio.networking.v1.ConnectionPoolSettings.tcp:type_name -> istio.networking.v1.ConnectionPoolSettings.TCPSettings + 21, // 17: istio.networking.v1.ConnectionPoolSettings.http:type_name -> istio.networking.v1.ConnectionPoolSettings.HTTPSettings + 28, // 18: istio.networking.v1.OutlierDetection.consecutive_local_origin_failures:type_name -> google.protobuf.UInt32Value + 28, // 19: istio.networking.v1.OutlierDetection.consecutive_gateway_errors:type_name -> google.protobuf.UInt32Value + 28, // 20: istio.networking.v1.OutlierDetection.consecutive_5xx_errors:type_name -> google.protobuf.UInt32Value + 27, // 21: istio.networking.v1.OutlierDetection.interval:type_name -> google.protobuf.Duration + 27, // 22: istio.networking.v1.OutlierDetection.base_ejection_time:type_name -> google.protobuf.Duration + 3, // 23: istio.networking.v1.ClientTLSSettings.mode:type_name -> istio.networking.v1.ClientTLSSettings.TLSmode + 29, // 24: istio.networking.v1.ClientTLSSettings.insecure_skip_verify:type_name -> google.protobuf.BoolValue + 23, // 25: istio.networking.v1.LocalityLoadBalancerSetting.distribute:type_name -> istio.networking.v1.LocalityLoadBalancerSetting.Distribute + 24, // 26: istio.networking.v1.LocalityLoadBalancerSetting.failover:type_name -> istio.networking.v1.LocalityLoadBalancerSetting.Failover + 29, // 27: istio.networking.v1.LocalityLoadBalancerSetting.enabled:type_name -> google.protobuf.BoolValue + 30, // 28: istio.networking.v1.TrafficPolicy.PortTrafficPolicy.port:type_name -> istio.networking.v1.PortSelector + 7, // 29: istio.networking.v1.TrafficPolicy.PortTrafficPolicy.load_balancer:type_name -> istio.networking.v1.LoadBalancerSettings + 8, // 30: istio.networking.v1.TrafficPolicy.PortTrafficPolicy.connection_pool:type_name -> istio.networking.v1.ConnectionPoolSettings + 9, // 31: istio.networking.v1.TrafficPolicy.PortTrafficPolicy.outlier_detection:type_name -> istio.networking.v1.OutlierDetection + 10, // 32: istio.networking.v1.TrafficPolicy.PortTrafficPolicy.tls:type_name -> istio.networking.v1.ClientTLSSettings + 0, // 33: istio.networking.v1.TrafficPolicy.ProxyProtocol.version:type_name -> istio.networking.v1.TrafficPolicy.ProxyProtocol.VERSION + 19, // 34: istio.networking.v1.LoadBalancerSettings.ConsistentHashLB.http_cookie:type_name -> istio.networking.v1.LoadBalancerSettings.ConsistentHashLB.HTTPCookie + 17, // 35: istio.networking.v1.LoadBalancerSettings.ConsistentHashLB.ring_hash:type_name -> istio.networking.v1.LoadBalancerSettings.ConsistentHashLB.RingHash + 18, // 36: istio.networking.v1.LoadBalancerSettings.ConsistentHashLB.maglev:type_name -> istio.networking.v1.LoadBalancerSettings.ConsistentHashLB.MagLev + 27, // 37: istio.networking.v1.LoadBalancerSettings.ConsistentHashLB.HTTPCookie.ttl:type_name -> google.protobuf.Duration + 27, // 38: istio.networking.v1.ConnectionPoolSettings.TCPSettings.connect_timeout:type_name -> google.protobuf.Duration + 22, // 39: istio.networking.v1.ConnectionPoolSettings.TCPSettings.tcp_keepalive:type_name -> istio.networking.v1.ConnectionPoolSettings.TCPSettings.TcpKeepalive + 27, // 40: istio.networking.v1.ConnectionPoolSettings.TCPSettings.max_connection_duration:type_name -> google.protobuf.Duration + 27, // 41: istio.networking.v1.ConnectionPoolSettings.TCPSettings.idle_timeout:type_name -> google.protobuf.Duration + 27, // 42: istio.networking.v1.ConnectionPoolSettings.HTTPSettings.idle_timeout:type_name -> google.protobuf.Duration + 2, // 43: istio.networking.v1.ConnectionPoolSettings.HTTPSettings.h2_upgrade_policy:type_name -> istio.networking.v1.ConnectionPoolSettings.HTTPSettings.H2UpgradePolicy + 27, // 44: istio.networking.v1.ConnectionPoolSettings.TCPSettings.TcpKeepalive.time:type_name -> google.protobuf.Duration + 27, // 45: istio.networking.v1.ConnectionPoolSettings.TCPSettings.TcpKeepalive.interval:type_name -> google.protobuf.Duration + 25, // 46: istio.networking.v1.LocalityLoadBalancerSetting.Distribute.to:type_name -> istio.networking.v1.LocalityLoadBalancerSetting.Distribute.ToEntry + 47, // [47:47] is the sub-list for method output_type + 47, // [47:47] is the sub-list for method input_type + 47, // [47:47] is the sub-list for extension type_name + 47, // [47:47] is the sub-list for extension extendee + 0, // [0:47] is the sub-list for field type_name +} + +func init() { file_networking_v1_destination_rule_proto_init() } +func file_networking_v1_destination_rule_proto_init() { + if File_networking_v1_destination_rule_proto != nil { + return + } + file_networking_v1_virtual_service_proto_init() + if !protoimpl.UnsafeEnabled { + file_networking_v1_destination_rule_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DestinationRule); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_destination_rule_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*TrafficPolicy); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_destination_rule_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Subset); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_destination_rule_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*LoadBalancerSettings); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_destination_rule_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ConnectionPoolSettings); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_destination_rule_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*OutlierDetection); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_destination_rule_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ClientTLSSettings); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_destination_rule_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*LocalityLoadBalancerSetting); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_destination_rule_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*TrafficPolicy_PortTrafficPolicy); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_destination_rule_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*TrafficPolicy_TunnelSettings); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_destination_rule_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*TrafficPolicy_ProxyProtocol); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_destination_rule_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*LoadBalancerSettings_ConsistentHashLB); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_destination_rule_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*LoadBalancerSettings_ConsistentHashLB_RingHash); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_destination_rule_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*LoadBalancerSettings_ConsistentHashLB_MagLev); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_destination_rule_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*LoadBalancerSettings_ConsistentHashLB_HTTPCookie); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_destination_rule_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ConnectionPoolSettings_TCPSettings); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_destination_rule_proto_msgTypes[17].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ConnectionPoolSettings_HTTPSettings); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_destination_rule_proto_msgTypes[18].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ConnectionPoolSettings_TCPSettings_TcpKeepalive); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_destination_rule_proto_msgTypes[19].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*LocalityLoadBalancerSetting_Distribute); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_destination_rule_proto_msgTypes[20].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*LocalityLoadBalancerSetting_Failover); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + file_networking_v1_destination_rule_proto_msgTypes[3].OneofWrappers = []interface{}{ + (*LoadBalancerSettings_Simple)(nil), + (*LoadBalancerSettings_ConsistentHash)(nil), + } + file_networking_v1_destination_rule_proto_msgTypes[12].OneofWrappers = []interface{}{ + (*LoadBalancerSettings_ConsistentHashLB_HttpHeaderName)(nil), + (*LoadBalancerSettings_ConsistentHashLB_HttpCookie)(nil), + (*LoadBalancerSettings_ConsistentHashLB_UseSourceIp)(nil), + (*LoadBalancerSettings_ConsistentHashLB_HttpQueryParameterName)(nil), + (*LoadBalancerSettings_ConsistentHashLB_RingHash_)(nil), + (*LoadBalancerSettings_ConsistentHashLB_Maglev)(nil), + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_networking_v1_destination_rule_proto_rawDesc, + NumEnums: 4, + NumMessages: 22, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_networking_v1_destination_rule_proto_goTypes, + DependencyIndexes: file_networking_v1_destination_rule_proto_depIdxs, + EnumInfos: file_networking_v1_destination_rule_proto_enumTypes, + MessageInfos: file_networking_v1_destination_rule_proto_msgTypes, + }.Build() + File_networking_v1_destination_rule_proto = out.File + file_networking_v1_destination_rule_proto_rawDesc = nil + file_networking_v1_destination_rule_proto_goTypes = nil + file_networking_v1_destination_rule_proto_depIdxs = nil +} diff --git a/networking/v1/destination_rule.proto b/networking/v1/destination_rule.proto new file mode 100644 index 00000000..ad346907 --- /dev/null +++ b/networking/v1/destination_rule.proto @@ -0,0 +1,1056 @@ +// Copyright 2020 Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +syntax = "proto3"; + +import "google/api/field_behavior.proto"; +import "google/protobuf/duration.proto"; +import "google/protobuf/wrappers.proto"; +import "networking/v1/virtual_service.proto"; +import "type/v1beta1/selector.proto"; + +// $schema: istio.networking.v1.DestinationRule +// $title: Destination Rule +// $description: Configuration affecting load balancing, outlier detection, etc. +// $location: https://istio.io/docs/reference/config/networking/destination-rule.html +// $aliases: [/docs/reference/config/networking/v1/destination-rule] +// $mode: none + +// `DestinationRule` defines policies that apply to traffic intended for a +// service after routing has occurred. These rules specify configuration +// for load balancing, connection pool size from the sidecar, and outlier +// detection settings to detect and evict unhealthy hosts from the load +// balancing pool. For example, a simple load balancing policy for the +// ratings service would look as follows: +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: DestinationRule +// metadata: +// name: bookinfo-ratings +// spec: +// host: ratings.prod.svc.cluster.local +// trafficPolicy: +// loadBalancer: +// simple: LEAST_REQUEST +// ``` +// +// Version specific policies can be specified by defining a named +// `subset` and overriding the settings specified at the service level. The +// following rule uses a round robin load balancing policy for all traffic +// going to a subset named testversion that is composed of endpoints (e.g., +// pods) with labels (version:v3). +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: DestinationRule +// metadata: +// name: bookinfo-ratings +// spec: +// host: ratings.prod.svc.cluster.local +// trafficPolicy: +// loadBalancer: +// simple: LEAST_REQUEST +// subsets: +// - name: testversion +// labels: +// version: v3 +// trafficPolicy: +// loadBalancer: +// simple: ROUND_ROBIN +// ``` +// +// **Note:** Policies specified for subsets will not take effect until +// a route rule explicitly sends traffic to this subset. +// +// Traffic policies can be customized to specific ports as well. The +// following rule uses the least connection load balancing policy for all +// traffic to port 80, while uses a round robin load balancing setting for +// traffic to the port 9080. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: DestinationRule +// metadata: +// name: bookinfo-ratings-port +// spec: +// host: ratings.prod.svc.cluster.local +// trafficPolicy: # Apply to all ports +// portLevelSettings: +// - port: +// number: 80 +// loadBalancer: +// simple: LEAST_REQUEST +// - port: +// number: 9080 +// loadBalancer: +// simple: ROUND_ROBIN +// ``` +package istio.networking.v1; + +option go_package = "istio.io/api/networking/v1"; + +// DestinationRule defines policies that apply to traffic intended for a service +// after routing has occurred. +// +// +// +// +// +message DestinationRule { + // The name of a service from the service registry. Service + // names are looked up from the platform's service registry (e.g., + // Kubernetes services, Consul services, etc.) and from the hosts + // declared by [ServiceEntries](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry). Rules defined for + // services that do not exist in the service registry will be ignored. + // + // *Note for Kubernetes users*: When short names are used (e.g. "reviews" + // instead of "reviews.default.svc.cluster.local"), Istio will interpret + // the short name based on the namespace of the rule, not the service. A + // rule in the "default" namespace containing a host "reviews" will be + // interpreted as "reviews.default.svc.cluster.local", irrespective of + // the actual namespace associated with the reviews service. _To avoid + // potential misconfigurations, it is recommended to always use fully + // qualified domain names over short names._ + // + // Note that the host field applies to both HTTP and TCP services. + string host = 1 [(google.api.field_behavior) = REQUIRED]; + + // Traffic policies to apply (load balancing policy, connection pool + // sizes, outlier detection). + TrafficPolicy traffic_policy = 2; + + // One or more named sets that represent individual versions of a + // service. Traffic policies can be overridden at subset level. + repeated Subset subsets = 3; + + // A list of namespaces to which this destination rule is exported. + // The resolution of a destination rule to apply to a service occurs in the + // context of a hierarchy of namespaces. Exporting a destination rule allows + // it to be included in the resolution hierarchy for services in + // other namespaces. This feature provides a mechanism for service owners + // and mesh administrators to control the visibility of destination rules + // across namespace boundaries. + // + // If no namespaces are specified then the destination rule is exported to all + // namespaces by default. + // + // The value "." is reserved and defines an export to the same namespace that + // the destination rule is declared in. Similarly, the value "*" is reserved and + // defines an export to all namespaces. + repeated string export_to = 4; + // + // Criteria used to select the specific set of pods/VMs on which this + // `DestinationRule` configuration should be applied. If specified, the `DestinationRule` + // configuration will be applied only to the workload instances matching the workload selector + // label in the same namespace. Workload selectors do not apply across namespace boundaries. + // If omitted, the `DestinationRule` falls back to its default behavior. + // For example, if specific sidecars need to have egress TLS settings for services outside + // of the mesh, instead of every sidecar in the mesh needing to have the + // configuration (which is the default behaviour), a workload selector can be specified. + istio.type.v1beta1.WorkloadSelector workload_selector = 5; +} + +// Traffic policies to apply for a specific destination, across all +// destination ports. See DestinationRule for examples. +message TrafficPolicy { + // Settings controlling the load balancer algorithms. + LoadBalancerSettings load_balancer = 1; + + // Settings controlling the volume of connections to an upstream service + ConnectionPoolSettings connection_pool = 2; + + // Settings controlling eviction of unhealthy hosts from the load balancing pool + OutlierDetection outlier_detection = 3; + + // TLS related settings for connections to the upstream service. + ClientTLSSettings tls = 4; + + // Traffic policies that apply to specific ports of the service + message PortTrafficPolicy { + // Specifies the number of a port on the destination service + // on which this policy is being applied. + // + PortSelector port = 1; + + // Settings controlling the load balancer algorithms. + LoadBalancerSettings load_balancer = 2; + + // Settings controlling the volume of connections to an upstream service + ConnectionPoolSettings connection_pool = 3; + + // Settings controlling eviction of unhealthy hosts from the load balancing pool + OutlierDetection outlier_detection = 4; + + // TLS related settings for connections to the upstream service. + ClientTLSSettings tls = 5; + } + + // Traffic policies specific to individual ports. Note that port level + // settings will override the destination-level settings. Traffic + // settings specified at the destination-level will not be inherited when + // overridden by port-level settings, i.e. default values will be applied + // to fields omitted in port-level traffic policies. + repeated PortTrafficPolicy port_level_settings = 5; + + message TunnelSettings { + // Specifies which protocol to use for tunneling the downstream connection. + // Supported protocols are: + // CONNECT - uses HTTP CONNECT; + // POST - uses HTTP POST. + // CONNECT is used by default if not specified. + // HTTP version for upstream requests is determined by the service protocol defined for the proxy. + string protocol = 1; + + // Specifies a host to which the downstream connection is tunneled. + // Target host must be an FQDN or IP address. + string target_host = 2 [(google.api.field_behavior) = REQUIRED]; + + // Specifies a port to which the downstream connection is tunneled. + uint32 target_port = 3 [(google.api.field_behavior) = REQUIRED]; + } + + // Configuration of tunneling TCP over other transport or application layers + // for the host configured in the DestinationRule. + // Tunnel settings can be applied to TCP or TLS routes and can't be applied to HTTP routes. + TunnelSettings tunnel = 6; + + message ProxyProtocol { + enum VERSION { + // ⁣PROXY protocol version 1. Human readable format. + V1 = 0; + + // ⁣PROXY protocol version 2. Binary format. + V2 = 1; + }; + // The PROXY protocol version to use. See https://www.haproxy.org/download/2.1/doc/proxy-protocol.txt for details. + // By default it is `V1`. + VERSION version = 1; + } + + // The upstream PROXY protocol settings. + ProxyProtocol proxy_protocol = 7; +} + +// A subset of endpoints of a service. Subsets can be used for scenarios +// like A/B testing, or routing to a specific version of a service. Refer +// to [VirtualService](https://istio.io/docs/reference/config/networking/virtual-service/#VirtualService) documentation for examples of using +// subsets in these scenarios. In addition, traffic policies defined at the +// service-level can be overridden at a subset-level. The following rule +// uses a round robin load balancing policy for all traffic going to a +// subset named testversion that is composed of endpoints (e.g., pods) with +// labels (version:v3). +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: DestinationRule +// metadata: +// name: bookinfo-ratings +// spec: +// host: ratings.prod.svc.cluster.local +// trafficPolicy: +// loadBalancer: +// simple: LEAST_REQUEST +// subsets: +// - name: testversion +// labels: +// version: v3 +// trafficPolicy: +// loadBalancer: +// simple: ROUND_ROBIN +// ``` +// +// **Note:** Policies specified for subsets will not take effect until +// a route rule explicitly sends traffic to this subset. +// +// One or more labels are typically required to identify the subset destination, +// however, when the corresponding DestinationRule represents a host that +// supports multiple SNI hosts (e.g., an egress gateway), a subset without labels +// may be meaningful. In this case a traffic policy with [ClientTLSSettings](#ClientTLSSettings) +// can be used to identify a specific SNI host corresponding to the named subset. +message Subset { + // Name of the subset. The service name and the subset name can + // be used for traffic splitting in a route rule. + string name = 1 [(google.api.field_behavior) = REQUIRED]; + + // Labels apply a filter over the endpoints of a service in the + // service registry. See route rules for examples of usage. + map labels = 2; + + // Traffic policies that apply to this subset. Subsets inherit the + // traffic policies specified at the DestinationRule level. Settings + // specified at the subset level will override the corresponding settings + // specified at the DestinationRule level. + TrafficPolicy traffic_policy = 3; +} + +// Load balancing policies to apply for a specific destination. See Envoy's +// load balancing +// [documentation](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancing) +// for more details. +// +// For example, the following rule uses a round robin load balancing policy +// for all traffic going to the ratings service. +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: DestinationRule +// metadata: +// name: bookinfo-ratings +// spec: +// host: ratings.prod.svc.cluster.local +// trafficPolicy: +// loadBalancer: +// simple: ROUND_ROBIN +// ``` +// +// The following example sets up sticky sessions for the ratings service +// hashing-based load balancer for the same ratings service using the +// the User cookie as the hash key. +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: DestinationRule +// metadata: +// name: bookinfo-ratings +// spec: +// host: ratings.prod.svc.cluster.local +// trafficPolicy: +// loadBalancer: +// consistentHash: +// httpCookie: +// name: user +// ttl: 0s +// ``` +// +message LoadBalancerSettings { + // Standard load balancing algorithms that require no tuning. + enum SimpleLB { + // No load balancing algorithm has been specified by the user. Istio + // will select an appropriate default. + UNSPECIFIED = 0; + + // Deprecated. Use LEAST_REQUEST instead. + LEAST_CONN = 1 [deprecated=true]; + + // The random load balancer selects a random healthy host. The random + // load balancer generally performs better than round robin if no health + // checking policy is configured. + RANDOM = 2; + + // This option will forward the connection to the original IP address + // requested by the caller without doing any form of load + // balancing. This option must be used with care. It is meant for + // advanced use cases. Refer to Original Destination load balancer in + // Envoy for further details. + PASSTHROUGH = 3; + + // A basic round robin load balancing policy. This is generally unsafe + // for many scenarios (e.g. when endpoint weighting is used) as it can + // overburden endpoints. In general, prefer to use LEAST_REQUEST as a + // drop-in replacement for ROUND_ROBIN. + ROUND_ROBIN = 4; + + // The least request load balancer spreads load across endpoints, favoring + // endpoints with the least outstanding requests. This is generally safer + // and outperforms ROUND_ROBIN in nearly all cases. Prefer to use + // LEAST_REQUEST as a drop-in replacement for ROUND_ROBIN. + LEAST_REQUEST = 5; + }; + + // Consistent Hash-based load balancing can be used to provide soft + // session affinity based on HTTP headers, cookies or other + // properties. The affinity to a particular destination host may be + // lost when one or more hosts are added/removed from the destination + // service. + // + // Note: consistent hashing is less reliable at maintaining affinity than common + // "sticky sessions" implementations, which often encode a specific destination in + // a cookie, ensuring affinity is maintained as long as the backend remains. + // With consistent hash, the guarantees are weaker; any host addition or removal can + // break affinity for `1/backends` requests. + // + // Warning: consistent hashing depends on each proxy having a consistent view of endpoints. + // This is not the case when locality load balancing is enabled. Locality load balancing + // and consistent hash will only work together when all proxies are in the same locality, + // or a high level load balancer handles locality affinity. + message ConsistentHashLB { + + message RingHash { + // The minimum number of virtual nodes to use for the hash + // ring. Defaults to 1024. Larger ring sizes result in more granular + // load distributions. If the number of hosts in the load balancing + // pool is larger than the ring size, each host will be assigned a + // single virtual node. + uint64 minimum_ring_size = 1; + }; + + message MagLev { + // The table size for Maglev hashing. This helps in controlling the + // disruption when the backend hosts change. + // Increasing the table size reduces the amount of disruption. + uint64 table_size = 1; + }; + // Describes a HTTP cookie that will be used as the hash key for the + // Consistent Hash load balancer. + message HTTPCookie { + // Name of the cookie. + string name = 1 [(google.api.field_behavior) = REQUIRED]; + // Path to set for the cookie. + string path = 2; + // Lifetime of the cookie. If specified, a cookie with the TTL will be + // generated if the cookie is not present. If the TTL is present and zero, + // the generated cookie will be a session cookie. + google.protobuf.Duration ttl = 3; + }; + + // The hash key to use. + oneof hash_key { + // Hash based on a specific HTTP header. + string http_header_name = 1; + + // Hash based on HTTP cookie. + HTTPCookie http_cookie = 2; + + // Hash based on the source IP address. + // This is applicable for both TCP and HTTP connections. + bool use_source_ip = 3; + + // Hash based on a specific HTTP query parameter. + string http_query_parameter_name = 5; + }; + + // The hash algorithm to use. + // Please refer to https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#ring-hash + // and https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#maglev for + // considerations on choosing an algorithm. + // Defaults to RingHash if not specified. + oneof hash_algorithm { + // The ring/modulo hash load balancer implements consistent hashing to backend hosts. + RingHash ring_hash = 6; + // The Maglev load balancer implements consistent hashing to backend hosts. + MagLev maglev = 7; + }; + + // Deprecated. Use RingHash instead. + uint64 minimum_ring_size = 4 [deprecated=true]; + }; + + // (-- TODO: Enable Subset load balancing after moving to v2 API Also + // look into enabling Priotity based load balancing for spilling over + // from one priority pool to another. --) + + // Upstream load balancing policy. + oneof lb_policy { + SimpleLB simple = 1; + ConsistentHashLB consistent_hash = 2; + } + + // Locality load balancer settings, this will override mesh wide settings in entirety, meaning no merging would be performed + // between this object and the object one in MeshConfig + LocalityLoadBalancerSetting locality_lb_setting = 3; + + // Represents the warmup duration of Service. If set, the newly created endpoint of service + // remains in warmup mode starting from its creation time for the duration of this window and + // Istio progressively increases amount of traffic for that endpoint instead of sending proportional amount of traffic. + // This should be enabled for services that require warm up time to serve full production load with reasonable latency. + // Please note that this is most effective when few new endpoints come up like scale event in Kubernetes. When all the + // endpoints are relatively new like new deployment, this is not very effective as all endpoints end up getting same + // amount of requests. + // Currently this is only supported for ROUND_ROBIN and LEAST_REQUEST load balancers. + google.protobuf.Duration warmup_duration_secs = 4; +} + +// Connection pool settings for an upstream host. The settings apply to +// each individual host in the upstream service. See Envoy's [circuit +// breaker](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/circuit_breaking) +// for more details. Connection pool settings can be applied at the TCP +// level as well as at HTTP level. +// +// For example, the following rule sets a limit of 100 connections to redis +// service called myredissrv with a connect timeout of 30ms +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: DestinationRule +// metadata: +// name: bookinfo-redis +// spec: +// host: myredissrv.prod.svc.cluster.local +// trafficPolicy: +// connectionPool: +// tcp: +// maxConnections: 100 +// connectTimeout: 30ms +// tcpKeepalive: +// time: 7200s +// interval: 75s +// ``` +// +message ConnectionPoolSettings { + // Settings common to both HTTP and TCP upstream connections. + message TCPSettings { + // TCP keepalive. + message TcpKeepalive { + // Maximum number of keepalive probes to send without response before + // deciding the connection is dead. Default is to use the OS level configuration + // (unless overridden, Linux defaults to 9.) + uint32 probes = 1; + + // The time duration a connection needs to be idle before keep-alive + // probes start being sent. Default is to use the OS level configuration + // (unless overridden, Linux defaults to 7200s (ie 2 hours.) + google.protobuf.Duration time = 2; + + // The time duration between keep-alive probes. + // Default is to use the OS level configuration + // (unless overridden, Linux defaults to 75s.) + google.protobuf.Duration interval = 3; + }; + + // Maximum number of HTTP1 /TCP connections to a destination host. Default 2^32-1. + int32 max_connections = 1; + + // TCP connection timeout. format: + // 1h/1m/1s/1ms. MUST BE >=1ms. Default is 10s. + google.protobuf.Duration connect_timeout = 2; + + // If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. + TcpKeepalive tcp_keepalive = 3; + + // The maximum duration of a connection. The duration is defined as the period since a connection + // was established. If not set, there is no max duration. When max_connection_duration + // is reached the connection will be closed. Duration must be at least 1ms. + google.protobuf.Duration max_connection_duration = 4; + + // The idle timeout for TCP connections. + // The idle timeout is defined as the period in which there are no bytes sent or received on either + // the upstream or downstream connection. + // If not set, the default idle timeout is 1 hour. If set to 0s, the timeout will be disabled. + // Idle timeout is not configured per each cluster individually when weighted destinations are used, + // because idleTimeout is a property of a listener, not a cluster. In that case, idleTimeout + // specified in a destination rule for the first weighted route is configured in the listener, + // which means also for all weighted routes. + google.protobuf.Duration idle_timeout = 5; + }; + + // Settings applicable to HTTP1.1/HTTP2/GRPC connections. + message HTTPSettings { + // Maximum number of requests that will be queued while waiting for + // a ready connection pool connection. Default 2^32-1. + // Refer to https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/circuit_breaking + // under which conditions a new connection is created for HTTP2. + // Please note that this is applicable to both HTTP/1.1 and HTTP2. + int32 http1_max_pending_requests = 1; + + // Maximum number of active requests to a destination. Default 2^32-1. + // Please note that this is applicable to both HTTP/1.1 and HTTP2. + int32 http2_max_requests = 2; + + // Maximum number of requests per connection to a backend. Setting this + // parameter to 1 disables keep alive. Default 0, meaning "unlimited", + // up to 2^29. + int32 max_requests_per_connection = 3; + + // Maximum number of retries that can be outstanding to all hosts in a + // cluster at a given time. Defaults to 2^32-1. + int32 max_retries = 4; + + // The idle timeout for upstream connection pool connections. The idle timeout + // is defined as the period in which there are no active requests. + // If not set, the default is 1 hour. When the idle timeout is reached, + // the connection will be closed. If the connection is an HTTP/2 + // connection a drain sequence will occur prior to closing the connection. + // Note that request based timeouts mean that HTTP/2 PINGs will not + // keep the connection alive. Applies to both HTTP1.1 and HTTP2 connections. + google.protobuf.Duration idle_timeout = 5; + + // Policy for upgrading http1.1 connections to http2. + enum H2UpgradePolicy { + // Use the global default. + DEFAULT = 0; + // Do not upgrade the connection to http2. + // This opt-out option overrides the default. + DO_NOT_UPGRADE = 1; + // Upgrade the connection to http2. + // This opt-in option overrides the default. + UPGRADE = 2; + }; + // Specify if http1.1 connection should be upgraded to http2 for the associated destination. + H2UpgradePolicy h2_upgrade_policy = 6; + + // If set to true, client protocol will be preserved while initiating connection to backend. + // Note that when this is set to true, h2_upgrade_policy will be ineffective i.e. the client + // connections will not be upgraded to http2. + bool use_client_protocol = 7; + + // The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection. + // Defaults to 2^31-1. + int32 max_concurrent_streams = 8; + }; + + // Settings common to both HTTP and TCP upstream connections. + TCPSettings tcp = 1; + // HTTP connection pool settings. + HTTPSettings http = 2; +} + +// A Circuit breaker implementation that tracks the status of each +// individual host in the upstream service. Applicable to both HTTP and +// TCP services. For HTTP services, hosts that continually return 5xx +// errors for API calls are ejected from the pool for a pre-defined period +// of time. For TCP services, connection timeouts or connection +// failures to a given host counts as an error when measuring the +// consecutive errors metric. See Envoy's [outlier +// detection](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/outlier) +// for more details. +// +// The following rule sets a connection pool size of 100 HTTP1 connections +// with no more than 10 req/connection to the "reviews" service. In addition, +// it sets a limit of 1000 concurrent HTTP2 requests and configures upstream +// hosts to be scanned every 5 mins so that any host that fails 7 consecutive +// times with a 502, 503, or 504 error code will be ejected for 15 minutes. +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: DestinationRule +// metadata: +// name: reviews-cb-policy +// spec: +// host: reviews.prod.svc.cluster.local +// trafficPolicy: +// connectionPool: +// tcp: +// maxConnections: 100 +// http: +// http2MaxRequests: 1000 +// maxRequestsPerConnection: 10 +// outlierDetection: +// consecutive5xxErrors: 7 +// interval: 5m +// baseEjectionTime: 15m +// ``` +// +message OutlierDetection { + // Number of errors before a host is ejected from the connection + // pool. Defaults to 5. When the upstream host is accessed over HTTP, a + // 502, 503, or 504 return code qualifies as an error. When the upstream host + // is accessed over an opaque TCP connection, connect timeouts and + // connection error/failure events qualify as an error. + // $hide_from_docs + int32 consecutive_errors = 1 [deprecated=true]; + + // Determines whether to distinguish local origin failures from external errors. If set to true + // consecutive_local_origin_failure is taken into account for outlier detection calculations. + // This should be used when you want to derive the outlier detection status based on the errors + // seen locally such as failure to connect, timeout while connecting etc. rather than the status code + // returned by upstream service. This is especially useful when the upstream service explicitly returns + // a 5xx for some requests and you want to ignore those responses from upstream service while determining + // the outlier detection status of a host. + // Defaults to false. + bool split_external_local_origin_errors = 8; + + // The number of consecutive locally originated failures before ejection + // occurs. Defaults to 5. Parameter takes effect only when split_external_local_origin_errors + // is set to true. + google.protobuf.UInt32Value consecutive_local_origin_failures = 9; + + // Number of gateway errors before a host is ejected from the connection pool. + // When the upstream host is accessed over HTTP, a 502, 503, or 504 return + // code qualifies as a gateway error. When the upstream host is accessed over + // an opaque TCP connection, connect timeouts and connection error/failure + // events qualify as a gateway error. + // This feature is disabled by default or when set to the value 0. + // + // Note that consecutive_gateway_errors and consecutive_5xx_errors can be + // used separately or together. Because the errors counted by + // consecutive_gateway_errors are also included in consecutive_5xx_errors, + // if the value of consecutive_gateway_errors is greater than or equal to + // the value of consecutive_5xx_errors, consecutive_gateway_errors will have + // no effect. + google.protobuf.UInt32Value consecutive_gateway_errors = 6; + + // Number of 5xx errors before a host is ejected from the connection pool. + // When the upstream host is accessed over an opaque TCP connection, connect + // timeouts, connection error/failure and request failure events qualify as a + // 5xx error. + // This feature defaults to 5 but can be disabled by setting the value to 0. + // + // Note that consecutive_gateway_errors and consecutive_5xx_errors can be + // used separately or together. Because the errors counted by + // consecutive_gateway_errors are also included in consecutive_5xx_errors, + // if the value of consecutive_gateway_errors is greater than or equal to + // the value of consecutive_5xx_errors, consecutive_gateway_errors will have + // no effect. + google.protobuf.UInt32Value consecutive_5xx_errors = 7; + + // Time interval between ejection sweep analysis. format: + // 1h/1m/1s/1ms. MUST BE >=1ms. Default is 10s. + google.protobuf.Duration interval = 2; + + // Minimum ejection duration. A host will remain ejected for a period + // equal to the product of minimum ejection duration and the number of + // times the host has been ejected. This technique allows the system to + // automatically increase the ejection period for unhealthy upstream + // servers. format: 1h/1m/1s/1ms. MUST BE >=1ms. Default is 30s. + google.protobuf.Duration base_ejection_time = 3; + + // Maximum % of hosts in the load balancing pool for the upstream + // service that can be ejected. Defaults to 10%. + int32 max_ejection_percent = 4; + + // Outlier detection will be enabled as long as the associated load balancing + // pool has at least min_health_percent hosts in healthy mode. When the + // percentage of healthy hosts in the load balancing pool drops below this + // threshold, outlier detection will be disabled and the proxy will load balance + // across all hosts in the pool (healthy and unhealthy). The threshold can be + // disabled by setting it to 0%. The default is 0% as it's not typically + // applicable in k8s environments with few pods per service. + int32 min_health_percent = 5; +} + +// SSL/TLS related settings for upstream connections. See Envoy's [TLS +// context](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto.html#common-tls-configuration) +// for more details. These settings are common to both HTTP and TCP upstreams. +// +// For example, the following rule configures a client to use mutual TLS +// for connections to upstream database cluster. +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: DestinationRule +// metadata: +// name: db-mtls +// spec: +// host: mydbserver.prod.svc.cluster.local +// trafficPolicy: +// tls: +// mode: MUTUAL +// clientCertificate: /etc/certs/myclientcert.pem +// privateKey: /etc/certs/client_private_key.pem +// caCertificates: /etc/certs/rootcacerts.pem +// ``` +// +// The following rule configures a client to use TLS when talking to a +// foreign service whose domain matches *.foo.com. +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: DestinationRule +// metadata: +// name: tls-foo +// spec: +// host: "*.foo.com" +// trafficPolicy: +// tls: +// mode: SIMPLE +// ``` +// +// The following rule configures a client to use Istio mutual TLS when talking +// to rating services. +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: DestinationRule +// metadata: +// name: ratings-istio-mtls +// spec: +// host: ratings.prod.svc.cluster.local +// trafficPolicy: +// tls: +// mode: ISTIO_MUTUAL +// ``` +// +message ClientTLSSettings { + // TLS connection mode + enum TLSmode { + // Do not setup a TLS connection to the upstream endpoint. + DISABLE = 0; + + // Originate a TLS connection to the upstream endpoint. + SIMPLE = 1; + + // Secure connections to the upstream using mutual TLS by presenting + // client certificates for authentication. + MUTUAL = 2; + + // Secure connections to the upstream using mutual TLS by presenting + // client certificates for authentication. + // Compared to Mutual mode, this mode uses certificates generated + // automatically by Istio for mTLS authentication. When this mode is + // used, all other fields in `ClientTLSSettings` should be empty. + ISTIO_MUTUAL = 3; + }; + + // Indicates whether connections to this port should be secured + // using TLS. The value of this field determines how TLS is enforced. + TLSmode mode = 1; + + // REQUIRED if mode is `MUTUAL`. The path to the file holding the + // client-side TLS certificate to use. + // Should be empty if mode is `ISTIO_MUTUAL`. + string client_certificate = 2; + + // REQUIRED if mode is `MUTUAL`. The path to the file holding the + // client's private key. + // Should be empty if mode is `ISTIO_MUTUAL`. + string private_key = 3; + + // OPTIONAL: The path to the file containing certificate authority + // certificates to use in verifying a presented server certificate. If + // omitted, the proxy will not verify the server's certificate. + // Should be empty if mode is `ISTIO_MUTUAL`. + string ca_certificates = 4; + + // The name of the secret that holds the TLS certs for the + // client including the CA certificates. This secret must exist in + // the namespace of the proxy using the certificates. + // An Opaque secret should contain the following keys and values: + // `key: `, `cert: `, `cacert: `, + // `crl: ` + // Here CACertificate is used to verify the server certificate. + // For mutual TLS, `cacert: ` can be provided in the + // same secret or a separate secret named `-cacert`. + // A TLS secret for client certificates with an additional + // `ca.crt` key for CA certificates and `ca.crl` key for + // certificate revocation list(CRL) is also supported. + // Only one of client certificates and CA certificate + // or credentialName can be specified. + // + // **NOTE:** This field is applicable at sidecars only if + // `DestinationRule` has a `workloadSelector` specified. + // Otherwise the field will be applicable only at gateways, and + // sidecars will continue to use the certificate paths. + string credential_name = 7; + + // A list of alternate names to verify the subject identity in the + // certificate. If specified, the proxy will verify that the server + // certificate's subject alt name matches one of the specified values. + // If specified, this list overrides the value of subject_alt_names + // from the ServiceEntry. If unspecified, automatic validation of upstream + // presented certificate for new upstream connections will be done based on the + // downstream HTTP host/authority header, provided `VERIFY_CERTIFICATE_AT_CLIENT` + // and `ENABLE_AUTO_SNI` environmental variables are set to `true`. + repeated string subject_alt_names = 5; + + // SNI string to present to the server during TLS handshake. + // If unspecified, SNI will be automatically set based on downstream HTTP + // host/authority header for SIMPLE and MUTUAL TLS modes, provided `ENABLE_AUTO_SNI` + // environmental variable is set to `true`. + string sni = 6; + + // `insecureSkipVerify` specifies whether the proxy should skip verifying the + // CA signature and SAN for the server certificate corresponding to the host. + // This flag should only be set if global CA signature verification is + // enabled, `VERIFY_CERTIFICATE_AT_CLIENT` environmental variable is set to `true`, + // but no verification is desired for a specific host. If enabled with or + // without `VERIFY_CERTIFICATE_AT_CLIENT` enabled, verification of the CA signature and + // SAN will be skipped. + // + // `insecureSkipVerify` is `false` by default. + // `VERIFY_CERTIFICATE_AT_CLIENT` is `false` by default in Istio version 1.9 but will + // be `true` by default in a later version where, going forward, it will be + // enabled by default. + google.protobuf.BoolValue insecure_skip_verify = 8; + + // OPTIONAL: The path to the file containing the certificate revocation list (CRL) + // to use in verifying a presented server certificate. `CRL` is a list of certificates + // that have been revoked by the CA (Certificate Authority) before their scheduled expiration date. + // If specified, the proxy will verify if the presented certificate is part of the revoked list of certificates. + // If omitted, the proxy will not verify the certificate against the `crl`. + string ca_crl = 9; +} + +// Locality-weighted load balancing allows administrators to control the +// distribution of traffic to endpoints based on the localities of where the +// traffic originates and where it will terminate. These localities are +// specified using arbitrary labels that designate a hierarchy of localities in +// {region}/{zone}/{sub-zone} form. For additional detail refer to +// [Locality Weight](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/locality_weight) +// The following example shows how to setup locality weights mesh-wide. +// +// Given a mesh with workloads and their service deployed to "us-west/zone1/*" +// and "us-west/zone2/*". This example specifies that when traffic accessing a +// service originates from workloads in "us-west/zone1/*", 80% of the traffic +// will be sent to endpoints in "us-west/zone1/*", i.e the same zone, and the +// remaining 20% will go to endpoints in "us-west/zone2/*". This setup is +// intended to favor routing traffic to endpoints in the same locality. +// A similar setting is specified for traffic originating in "us-west/zone2/*". +// +// ```yaml +// distribute: +// - from: us-west/zone1/* +// to: +// "us-west/zone1/*": 80 +// "us-west/zone2/*": 20 +// - from: us-west/zone2/* +// to: +// "us-west/zone1/*": 20 +// "us-west/zone2/*": 80 +// ``` +// +// If the goal of the operator is not to distribute load across zones and +// regions but rather to restrict the regionality of failover to meet other +// operational requirements an operator can set a 'failover' policy instead of +// a 'distribute' policy. +// +// The following example sets up a locality failover policy for regions. +// Assume a service resides in zones within us-east, us-west & eu-west +// this example specifies that when endpoints within us-east become unhealthy +// traffic should failover to endpoints in any zone or sub-zone within eu-west +// and similarly us-west should failover to us-east. +// +// ```yaml +// failover: +// - from: us-east +// to: eu-west +// - from: us-west +// to: us-east +// ``` +// Locality load balancing settings. +message LocalityLoadBalancerSetting{ + // Describes how traffic originating in the 'from' zone or sub-zone is + // distributed over a set of 'to' zones. Syntax for specifying a zone is + // {region}/{zone}/{sub-zone} and terminal wildcards are allowed on any + // segment of the specification. Examples: + // + // `*` - matches all localities + // + // `us-west/*` - all zones and sub-zones within the us-west region + // + // `us-west/zone-1/*` - all sub-zones within us-west/zone-1 + message Distribute{ + // Originating locality, '/' separated, e.g. 'region/zone/sub_zone'. + string from = 1; + + // Map of upstream localities to traffic distribution weights. The sum of + // all weights should be 100. Any locality not present will + // receive no traffic. + map to = 2; + }; + + // Specify the traffic failover policy across regions. Since zone and sub-zone + // failover is supported by default this only needs to be specified for + // regions when the operator needs to constrain traffic failover so that + // the default behavior of failing over to any endpoint globally does not + // apply. This is useful when failing over traffic across regions would not + // improve service health or may need to be restricted for other reasons + // like regulatory controls. + message Failover{ + // Originating region. + string from = 1; + + // Destination region the traffic will fail over to when endpoints in + // the 'from' region becomes unhealthy. + string to = 2; + }; + + // Optional: only one of distribute, failover or failoverPriority can be set. + // Explicitly specify loadbalancing weight across different zones and geographical locations. + // Refer to [Locality weighted load balancing](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/locality_weight) + // If empty, the locality weight is set according to the endpoints number within it. + repeated Distribute distribute = 1; + + // Optional: only one of distribute, failover or failoverPriority can be set. + // Explicitly specify the region traffic will land on when endpoints in local region becomes unhealthy. + // Should be used together with OutlierDetection to detect unhealthy endpoints. + // Note: if no OutlierDetection specified, this will not take effect. + repeated Failover failover = 2; + + // failoverPriority is an ordered list of labels used to sort endpoints to do priority based load balancing. + // This is to support traffic failover across different groups of endpoints. + // Two kinds of labels can be specified: + // - Specify only label keys `[key1, key2, key3]`, istio would compare the label values of client with endpoints. + // Suppose there are total N label keys `[key1, key2, key3, ...keyN]` specified: + // + // 1. Endpoints matching all N labels with the client proxy have priority P(0) i.e. the highest priority. + // 2. Endpoints matching the first N-1 labels with the client proxy have priority P(1) i.e. second highest priority. + // 3. By extension of this logic, endpoints matching only the first label with the client proxy has priority P(N-1) i.e. second lowest priority. + // 4. All the other endpoints have priority P(N) i.e. lowest priority. + // + // - Specify labels with key and value `[key1=value1, key2=value2, key3=value3]`, istio would compare the labels with endpoints. + // Suppose there are total N labels `[key1=value1, key2=value2, key3=value3, ...keyN=valueN]` specified: + // + // 1. Endpoints matching all N labels have priority P(0) i.e. the highest priority. + // 2. Endpoints matching the first N-1 labels have priority P(1) i.e. second highest priority. + // 3. By extension of this logic, endpoints matching only the first label has priority P(N-1) i.e. second lowest priority. + // 4. All the other endpoints have priority P(N) i.e. lowest priority. + // + // Note: For a label to be considered for match, the previous labels must match, i.e. nth label would be considered matched only if first n-1 labels match. + // + // It can be any label specified on both client and server workloads. + // The following labels which have special semantic meaning are also supported: + // + // - `topology.istio.io/network` is used to match the network metadata of an endpoint, which can be specified by pod/namespace label `topology.istio.io/network`, sidecar env `ISTIO_META_NETWORK` or MeshNetworks. + // - `topology.istio.io/cluster` is used to match the clusterID of an endpoint, which can be specified by pod label `topology.istio.io/cluster` or pod env `ISTIO_META_CLUSTER_ID`. + // - `topology.kubernetes.io/region` is used to match the region metadata of an endpoint, which maps to Kubernetes node label `topology.kubernetes.io/region` or the deprecated label `failure-domain.beta.kubernetes.io/region`. + // - `topology.kubernetes.io/zone` is used to match the zone metadata of an endpoint, which maps to Kubernetes node label `topology.kubernetes.io/zone` or the deprecated label `failure-domain.beta.kubernetes.io/zone`. + // - `topology.istio.io/subzone` is used to match the subzone metadata of an endpoint, which maps to Istio node label `topology.istio.io/subzone`. + // - `kubernetes.io/hostname` is used to match the current node of an endpoint, which maps to Kubernetes node label `kubernetes.io/hostname`. + // + // The below topology config indicates the following priority levels: + // + // ```yaml + // failoverPriority: + // - "topology.istio.io/network" + // - "topology.kubernetes.io/region" + // - "topology.kubernetes.io/zone" + // - "topology.istio.io/subzone" + // ``` + // + // 1. endpoints match same [network, region, zone, subzone] label with the client proxy have the highest priority. + // 2. endpoints have same [network, region, zone] label but different [subzone] label with the client proxy have the second highest priority. + // 3. endpoints have same [network, region] label but different [zone] label with the client proxy have the third highest priority. + // 4. endpoints have same [network] but different [region] labels with the client proxy have the fourth highest priority. + // 5. all the other endpoints have the same lowest priority. + // + // Suppose a service associated endpoints reside in multi clusters, the below example represents: + // 1. endpoints in `clusterA` and has `version=v1` label have P(0) priority. + // 2. endpoints not in `clusterA` but has `version=v1` label have P(1) priority. + // 2. all the other endpoints have P(2) priority. + // + // ```yaml + // failoverPriority: + // - "version=v1" + // - "topology.istio.io/cluster=clusterA" + // ``` + // + // Optional: only one of distribute, failover or failoverPriority can be set. + // And it should be used together with `OutlierDetection` to detect unhealthy endpoints, otherwise has no effect. + repeated string failover_priority = 4; + + // enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety. + // e.g. true means that turn on locality load balancing for this DestinationRule no matter what mesh wide settings is. + google.protobuf.BoolValue enabled = 3; +} diff --git a/networking/v1/destination_rule_deepcopy.gen.go b/networking/v1/destination_rule_deepcopy.gen.go new file mode 100644 index 00000000..766aa014 --- /dev/null +++ b/networking/v1/destination_rule_deepcopy.gen.go @@ -0,0 +1,426 @@ +// Code generated by protoc-gen-deepcopy. DO NOT EDIT. +package v1 + +import ( + proto "google.golang.org/protobuf/proto" +) + +// DeepCopyInto supports using DestinationRule within kubernetes types, where deepcopy-gen is used. +func (in *DestinationRule) DeepCopyInto(out *DestinationRule) { + p := proto.Clone(in).(*DestinationRule) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DestinationRule. Required by controller-gen. +func (in *DestinationRule) DeepCopy() *DestinationRule { + if in == nil { + return nil + } + out := new(DestinationRule) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new DestinationRule. Required by controller-gen. +func (in *DestinationRule) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using TrafficPolicy within kubernetes types, where deepcopy-gen is used. +func (in *TrafficPolicy) DeepCopyInto(out *TrafficPolicy) { + p := proto.Clone(in).(*TrafficPolicy) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrafficPolicy. Required by controller-gen. +func (in *TrafficPolicy) DeepCopy() *TrafficPolicy { + if in == nil { + return nil + } + out := new(TrafficPolicy) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new TrafficPolicy. Required by controller-gen. +func (in *TrafficPolicy) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using TrafficPolicy_PortTrafficPolicy within kubernetes types, where deepcopy-gen is used. +func (in *TrafficPolicy_PortTrafficPolicy) DeepCopyInto(out *TrafficPolicy_PortTrafficPolicy) { + p := proto.Clone(in).(*TrafficPolicy_PortTrafficPolicy) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrafficPolicy_PortTrafficPolicy. Required by controller-gen. +func (in *TrafficPolicy_PortTrafficPolicy) DeepCopy() *TrafficPolicy_PortTrafficPolicy { + if in == nil { + return nil + } + out := new(TrafficPolicy_PortTrafficPolicy) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new TrafficPolicy_PortTrafficPolicy. Required by controller-gen. +func (in *TrafficPolicy_PortTrafficPolicy) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using TrafficPolicy_TunnelSettings within kubernetes types, where deepcopy-gen is used. +func (in *TrafficPolicy_TunnelSettings) DeepCopyInto(out *TrafficPolicy_TunnelSettings) { + p := proto.Clone(in).(*TrafficPolicy_TunnelSettings) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrafficPolicy_TunnelSettings. Required by controller-gen. +func (in *TrafficPolicy_TunnelSettings) DeepCopy() *TrafficPolicy_TunnelSettings { + if in == nil { + return nil + } + out := new(TrafficPolicy_TunnelSettings) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new TrafficPolicy_TunnelSettings. Required by controller-gen. +func (in *TrafficPolicy_TunnelSettings) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using TrafficPolicy_ProxyProtocol within kubernetes types, where deepcopy-gen is used. +func (in *TrafficPolicy_ProxyProtocol) DeepCopyInto(out *TrafficPolicy_ProxyProtocol) { + p := proto.Clone(in).(*TrafficPolicy_ProxyProtocol) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrafficPolicy_ProxyProtocol. Required by controller-gen. +func (in *TrafficPolicy_ProxyProtocol) DeepCopy() *TrafficPolicy_ProxyProtocol { + if in == nil { + return nil + } + out := new(TrafficPolicy_ProxyProtocol) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new TrafficPolicy_ProxyProtocol. Required by controller-gen. +func (in *TrafficPolicy_ProxyProtocol) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using Subset within kubernetes types, where deepcopy-gen is used. +func (in *Subset) DeepCopyInto(out *Subset) { + p := proto.Clone(in).(*Subset) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Subset. Required by controller-gen. +func (in *Subset) DeepCopy() *Subset { + if in == nil { + return nil + } + out := new(Subset) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Subset. Required by controller-gen. +func (in *Subset) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using LoadBalancerSettings within kubernetes types, where deepcopy-gen is used. +func (in *LoadBalancerSettings) DeepCopyInto(out *LoadBalancerSettings) { + p := proto.Clone(in).(*LoadBalancerSettings) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerSettings. Required by controller-gen. +func (in *LoadBalancerSettings) DeepCopy() *LoadBalancerSettings { + if in == nil { + return nil + } + out := new(LoadBalancerSettings) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerSettings. Required by controller-gen. +func (in *LoadBalancerSettings) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using LoadBalancerSettings_ConsistentHashLB within kubernetes types, where deepcopy-gen is used. +func (in *LoadBalancerSettings_ConsistentHashLB) DeepCopyInto(out *LoadBalancerSettings_ConsistentHashLB) { + p := proto.Clone(in).(*LoadBalancerSettings_ConsistentHashLB) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerSettings_ConsistentHashLB. Required by controller-gen. +func (in *LoadBalancerSettings_ConsistentHashLB) DeepCopy() *LoadBalancerSettings_ConsistentHashLB { + if in == nil { + return nil + } + out := new(LoadBalancerSettings_ConsistentHashLB) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerSettings_ConsistentHashLB. Required by controller-gen. +func (in *LoadBalancerSettings_ConsistentHashLB) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using LoadBalancerSettings_ConsistentHashLB_RingHash within kubernetes types, where deepcopy-gen is used. +func (in *LoadBalancerSettings_ConsistentHashLB_RingHash) DeepCopyInto(out *LoadBalancerSettings_ConsistentHashLB_RingHash) { + p := proto.Clone(in).(*LoadBalancerSettings_ConsistentHashLB_RingHash) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerSettings_ConsistentHashLB_RingHash. Required by controller-gen. +func (in *LoadBalancerSettings_ConsistentHashLB_RingHash) DeepCopy() *LoadBalancerSettings_ConsistentHashLB_RingHash { + if in == nil { + return nil + } + out := new(LoadBalancerSettings_ConsistentHashLB_RingHash) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerSettings_ConsistentHashLB_RingHash. Required by controller-gen. +func (in *LoadBalancerSettings_ConsistentHashLB_RingHash) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using LoadBalancerSettings_ConsistentHashLB_MagLev within kubernetes types, where deepcopy-gen is used. +func (in *LoadBalancerSettings_ConsistentHashLB_MagLev) DeepCopyInto(out *LoadBalancerSettings_ConsistentHashLB_MagLev) { + p := proto.Clone(in).(*LoadBalancerSettings_ConsistentHashLB_MagLev) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerSettings_ConsistentHashLB_MagLev. Required by controller-gen. +func (in *LoadBalancerSettings_ConsistentHashLB_MagLev) DeepCopy() *LoadBalancerSettings_ConsistentHashLB_MagLev { + if in == nil { + return nil + } + out := new(LoadBalancerSettings_ConsistentHashLB_MagLev) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerSettings_ConsistentHashLB_MagLev. Required by controller-gen. +func (in *LoadBalancerSettings_ConsistentHashLB_MagLev) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using LoadBalancerSettings_ConsistentHashLB_HTTPCookie within kubernetes types, where deepcopy-gen is used. +func (in *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) DeepCopyInto(out *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) { + p := proto.Clone(in).(*LoadBalancerSettings_ConsistentHashLB_HTTPCookie) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerSettings_ConsistentHashLB_HTTPCookie. Required by controller-gen. +func (in *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) DeepCopy() *LoadBalancerSettings_ConsistentHashLB_HTTPCookie { + if in == nil { + return nil + } + out := new(LoadBalancerSettings_ConsistentHashLB_HTTPCookie) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerSettings_ConsistentHashLB_HTTPCookie. Required by controller-gen. +func (in *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using ConnectionPoolSettings within kubernetes types, where deepcopy-gen is used. +func (in *ConnectionPoolSettings) DeepCopyInto(out *ConnectionPoolSettings) { + p := proto.Clone(in).(*ConnectionPoolSettings) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionPoolSettings. Required by controller-gen. +func (in *ConnectionPoolSettings) DeepCopy() *ConnectionPoolSettings { + if in == nil { + return nil + } + out := new(ConnectionPoolSettings) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionPoolSettings. Required by controller-gen. +func (in *ConnectionPoolSettings) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using ConnectionPoolSettings_TCPSettings within kubernetes types, where deepcopy-gen is used. +func (in *ConnectionPoolSettings_TCPSettings) DeepCopyInto(out *ConnectionPoolSettings_TCPSettings) { + p := proto.Clone(in).(*ConnectionPoolSettings_TCPSettings) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionPoolSettings_TCPSettings. Required by controller-gen. +func (in *ConnectionPoolSettings_TCPSettings) DeepCopy() *ConnectionPoolSettings_TCPSettings { + if in == nil { + return nil + } + out := new(ConnectionPoolSettings_TCPSettings) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionPoolSettings_TCPSettings. Required by controller-gen. +func (in *ConnectionPoolSettings_TCPSettings) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using ConnectionPoolSettings_TCPSettings_TcpKeepalive within kubernetes types, where deepcopy-gen is used. +func (in *ConnectionPoolSettings_TCPSettings_TcpKeepalive) DeepCopyInto(out *ConnectionPoolSettings_TCPSettings_TcpKeepalive) { + p := proto.Clone(in).(*ConnectionPoolSettings_TCPSettings_TcpKeepalive) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionPoolSettings_TCPSettings_TcpKeepalive. Required by controller-gen. +func (in *ConnectionPoolSettings_TCPSettings_TcpKeepalive) DeepCopy() *ConnectionPoolSettings_TCPSettings_TcpKeepalive { + if in == nil { + return nil + } + out := new(ConnectionPoolSettings_TCPSettings_TcpKeepalive) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionPoolSettings_TCPSettings_TcpKeepalive. Required by controller-gen. +func (in *ConnectionPoolSettings_TCPSettings_TcpKeepalive) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using ConnectionPoolSettings_HTTPSettings within kubernetes types, where deepcopy-gen is used. +func (in *ConnectionPoolSettings_HTTPSettings) DeepCopyInto(out *ConnectionPoolSettings_HTTPSettings) { + p := proto.Clone(in).(*ConnectionPoolSettings_HTTPSettings) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionPoolSettings_HTTPSettings. Required by controller-gen. +func (in *ConnectionPoolSettings_HTTPSettings) DeepCopy() *ConnectionPoolSettings_HTTPSettings { + if in == nil { + return nil + } + out := new(ConnectionPoolSettings_HTTPSettings) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionPoolSettings_HTTPSettings. Required by controller-gen. +func (in *ConnectionPoolSettings_HTTPSettings) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using OutlierDetection within kubernetes types, where deepcopy-gen is used. +func (in *OutlierDetection) DeepCopyInto(out *OutlierDetection) { + p := proto.Clone(in).(*OutlierDetection) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OutlierDetection. Required by controller-gen. +func (in *OutlierDetection) DeepCopy() *OutlierDetection { + if in == nil { + return nil + } + out := new(OutlierDetection) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new OutlierDetection. Required by controller-gen. +func (in *OutlierDetection) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using ClientTLSSettings within kubernetes types, where deepcopy-gen is used. +func (in *ClientTLSSettings) DeepCopyInto(out *ClientTLSSettings) { + p := proto.Clone(in).(*ClientTLSSettings) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientTLSSettings. Required by controller-gen. +func (in *ClientTLSSettings) DeepCopy() *ClientTLSSettings { + if in == nil { + return nil + } + out := new(ClientTLSSettings) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ClientTLSSettings. Required by controller-gen. +func (in *ClientTLSSettings) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using LocalityLoadBalancerSetting within kubernetes types, where deepcopy-gen is used. +func (in *LocalityLoadBalancerSetting) DeepCopyInto(out *LocalityLoadBalancerSetting) { + p := proto.Clone(in).(*LocalityLoadBalancerSetting) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalityLoadBalancerSetting. Required by controller-gen. +func (in *LocalityLoadBalancerSetting) DeepCopy() *LocalityLoadBalancerSetting { + if in == nil { + return nil + } + out := new(LocalityLoadBalancerSetting) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new LocalityLoadBalancerSetting. Required by controller-gen. +func (in *LocalityLoadBalancerSetting) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using LocalityLoadBalancerSetting_Distribute within kubernetes types, where deepcopy-gen is used. +func (in *LocalityLoadBalancerSetting_Distribute) DeepCopyInto(out *LocalityLoadBalancerSetting_Distribute) { + p := proto.Clone(in).(*LocalityLoadBalancerSetting_Distribute) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalityLoadBalancerSetting_Distribute. Required by controller-gen. +func (in *LocalityLoadBalancerSetting_Distribute) DeepCopy() *LocalityLoadBalancerSetting_Distribute { + if in == nil { + return nil + } + out := new(LocalityLoadBalancerSetting_Distribute) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new LocalityLoadBalancerSetting_Distribute. Required by controller-gen. +func (in *LocalityLoadBalancerSetting_Distribute) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using LocalityLoadBalancerSetting_Failover within kubernetes types, where deepcopy-gen is used. +func (in *LocalityLoadBalancerSetting_Failover) DeepCopyInto(out *LocalityLoadBalancerSetting_Failover) { + p := proto.Clone(in).(*LocalityLoadBalancerSetting_Failover) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalityLoadBalancerSetting_Failover. Required by controller-gen. +func (in *LocalityLoadBalancerSetting_Failover) DeepCopy() *LocalityLoadBalancerSetting_Failover { + if in == nil { + return nil + } + out := new(LocalityLoadBalancerSetting_Failover) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new LocalityLoadBalancerSetting_Failover. Required by controller-gen. +func (in *LocalityLoadBalancerSetting_Failover) DeepCopyInterface() interface{} { + return in.DeepCopy() +} diff --git a/networking/v1/destination_rule_json.gen.go b/networking/v1/destination_rule_json.gen.go new file mode 100644 index 00000000..1938d7e4 --- /dev/null +++ b/networking/v1/destination_rule_json.gen.go @@ -0,0 +1,232 @@ +// Code generated by protoc-gen-jsonshim. DO NOT EDIT. +package v1 + +import ( + bytes "bytes" + jsonpb "github.com/golang/protobuf/jsonpb" +) + +// MarshalJSON is a custom marshaler for DestinationRule +func (this *DestinationRule) MarshalJSON() ([]byte, error) { + str, err := DestinationRuleMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for DestinationRule +func (this *DestinationRule) UnmarshalJSON(b []byte) error { + return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for TrafficPolicy +func (this *TrafficPolicy) MarshalJSON() ([]byte, error) { + str, err := DestinationRuleMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for TrafficPolicy +func (this *TrafficPolicy) UnmarshalJSON(b []byte) error { + return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for TrafficPolicy_PortTrafficPolicy +func (this *TrafficPolicy_PortTrafficPolicy) MarshalJSON() ([]byte, error) { + str, err := DestinationRuleMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for TrafficPolicy_PortTrafficPolicy +func (this *TrafficPolicy_PortTrafficPolicy) UnmarshalJSON(b []byte) error { + return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for TrafficPolicy_TunnelSettings +func (this *TrafficPolicy_TunnelSettings) MarshalJSON() ([]byte, error) { + str, err := DestinationRuleMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for TrafficPolicy_TunnelSettings +func (this *TrafficPolicy_TunnelSettings) UnmarshalJSON(b []byte) error { + return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for TrafficPolicy_ProxyProtocol +func (this *TrafficPolicy_ProxyProtocol) MarshalJSON() ([]byte, error) { + str, err := DestinationRuleMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for TrafficPolicy_ProxyProtocol +func (this *TrafficPolicy_ProxyProtocol) UnmarshalJSON(b []byte) error { + return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for Subset +func (this *Subset) MarshalJSON() ([]byte, error) { + str, err := DestinationRuleMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for Subset +func (this *Subset) UnmarshalJSON(b []byte) error { + return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for LoadBalancerSettings +func (this *LoadBalancerSettings) MarshalJSON() ([]byte, error) { + str, err := DestinationRuleMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for LoadBalancerSettings +func (this *LoadBalancerSettings) UnmarshalJSON(b []byte) error { + return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for LoadBalancerSettings_ConsistentHashLB +func (this *LoadBalancerSettings_ConsistentHashLB) MarshalJSON() ([]byte, error) { + str, err := DestinationRuleMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for LoadBalancerSettings_ConsistentHashLB +func (this *LoadBalancerSettings_ConsistentHashLB) UnmarshalJSON(b []byte) error { + return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for LoadBalancerSettings_ConsistentHashLB_RingHash +func (this *LoadBalancerSettings_ConsistentHashLB_RingHash) MarshalJSON() ([]byte, error) { + str, err := DestinationRuleMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for LoadBalancerSettings_ConsistentHashLB_RingHash +func (this *LoadBalancerSettings_ConsistentHashLB_RingHash) UnmarshalJSON(b []byte) error { + return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for LoadBalancerSettings_ConsistentHashLB_MagLev +func (this *LoadBalancerSettings_ConsistentHashLB_MagLev) MarshalJSON() ([]byte, error) { + str, err := DestinationRuleMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for LoadBalancerSettings_ConsistentHashLB_MagLev +func (this *LoadBalancerSettings_ConsistentHashLB_MagLev) UnmarshalJSON(b []byte) error { + return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for LoadBalancerSettings_ConsistentHashLB_HTTPCookie +func (this *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) MarshalJSON() ([]byte, error) { + str, err := DestinationRuleMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for LoadBalancerSettings_ConsistentHashLB_HTTPCookie +func (this *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) UnmarshalJSON(b []byte) error { + return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for ConnectionPoolSettings +func (this *ConnectionPoolSettings) MarshalJSON() ([]byte, error) { + str, err := DestinationRuleMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for ConnectionPoolSettings +func (this *ConnectionPoolSettings) UnmarshalJSON(b []byte) error { + return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for ConnectionPoolSettings_TCPSettings +func (this *ConnectionPoolSettings_TCPSettings) MarshalJSON() ([]byte, error) { + str, err := DestinationRuleMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for ConnectionPoolSettings_TCPSettings +func (this *ConnectionPoolSettings_TCPSettings) UnmarshalJSON(b []byte) error { + return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for ConnectionPoolSettings_TCPSettings_TcpKeepalive +func (this *ConnectionPoolSettings_TCPSettings_TcpKeepalive) MarshalJSON() ([]byte, error) { + str, err := DestinationRuleMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for ConnectionPoolSettings_TCPSettings_TcpKeepalive +func (this *ConnectionPoolSettings_TCPSettings_TcpKeepalive) UnmarshalJSON(b []byte) error { + return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for ConnectionPoolSettings_HTTPSettings +func (this *ConnectionPoolSettings_HTTPSettings) MarshalJSON() ([]byte, error) { + str, err := DestinationRuleMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for ConnectionPoolSettings_HTTPSettings +func (this *ConnectionPoolSettings_HTTPSettings) UnmarshalJSON(b []byte) error { + return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for OutlierDetection +func (this *OutlierDetection) MarshalJSON() ([]byte, error) { + str, err := DestinationRuleMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for OutlierDetection +func (this *OutlierDetection) UnmarshalJSON(b []byte) error { + return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for ClientTLSSettings +func (this *ClientTLSSettings) MarshalJSON() ([]byte, error) { + str, err := DestinationRuleMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for ClientTLSSettings +func (this *ClientTLSSettings) UnmarshalJSON(b []byte) error { + return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for LocalityLoadBalancerSetting +func (this *LocalityLoadBalancerSetting) MarshalJSON() ([]byte, error) { + str, err := DestinationRuleMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for LocalityLoadBalancerSetting +func (this *LocalityLoadBalancerSetting) UnmarshalJSON(b []byte) error { + return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for LocalityLoadBalancerSetting_Distribute +func (this *LocalityLoadBalancerSetting_Distribute) MarshalJSON() ([]byte, error) { + str, err := DestinationRuleMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for LocalityLoadBalancerSetting_Distribute +func (this *LocalityLoadBalancerSetting_Distribute) UnmarshalJSON(b []byte) error { + return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for LocalityLoadBalancerSetting_Failover +func (this *LocalityLoadBalancerSetting_Failover) MarshalJSON() ([]byte, error) { + str, err := DestinationRuleMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for LocalityLoadBalancerSetting_Failover +func (this *LocalityLoadBalancerSetting_Failover) UnmarshalJSON(b []byte) error { + return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +var ( + DestinationRuleMarshaler = &jsonpb.Marshaler{} + DestinationRuleUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} +) diff --git a/networking/v1/gateway.pb.go b/networking/v1/gateway.pb.go new file mode 100644 index 00000000..8882dbc3 --- /dev/null +++ b/networking/v1/gateway.pb.go @@ -0,0 +1,1178 @@ +// Copyright 2020 Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.33.0 +// protoc (unknown) +// source: networking/v1/gateway.proto + +// $schema: istio.networking.v1.Gateway +// $title: Gateway +// $description: Configuration affecting edge load balancer. +// $location: https://istio.io/docs/reference/config/networking/gateway.html +// $aliases: [/docs/reference/config/networking/v1/gateway] +// $mode: none + +// `Gateway` describes a load balancer operating at the edge of the mesh +// receiving incoming or outgoing HTTP/TCP connections. The specification +// describes a set of ports that should be exposed, the type of protocol to +// use, SNI configuration for the load balancer, etc. +// +// For example, the following Gateway configuration sets up a proxy to act +// as a load balancer exposing port 80 and 9080 (http), 443 (https), +// 9443(https) and port 2379 (TCP) for ingress. The gateway will be +// applied to the proxy running on a pod with labels `app: +// my-gateway-controller`. While Istio will configure the proxy to listen +// on these ports, it is the responsibility of the user to ensure that +// external traffic to these ports are allowed into the mesh. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: Gateway +// metadata: +// name: my-gateway +// namespace: some-config-namespace +// spec: +// selector: +// app: my-gateway-controller +// servers: +// - port: +// number: 80 +// name: http +// protocol: HTTP +// hosts: +// - uk.bookinfo.com +// - eu.bookinfo.com +// tls: +// httpsRedirect: true # sends 301 redirect for http requests +// - port: +// number: 443 +// name: https-443 +// protocol: HTTPS +// hosts: +// - uk.bookinfo.com +// - eu.bookinfo.com +// tls: +// mode: SIMPLE # enables HTTPS on this port +// serverCertificate: /etc/certs/servercert.pem +// privateKey: /etc/certs/privatekey.pem +// - port: +// number: 9443 +// name: https-9443 +// protocol: HTTPS +// hosts: +// - "bookinfo-namespace/*.bookinfo.com" +// tls: +// mode: SIMPLE # enables HTTPS on this port +// credentialName: bookinfo-secret # fetches certs from Kubernetes secret +// - port: +// number: 9080 +// name: http-wildcard +// protocol: HTTP +// hosts: +// - "*" +// - port: +// number: 2379 # to expose internal service via external port 2379 +// name: mongo +// protocol: MONGO +// hosts: +// - "*" +// ``` +// +// The Gateway specification above describes the L4-L6 properties of a load +// balancer. A `VirtualService` can then be bound to a gateway to control +// the forwarding of traffic arriving at a particular host or gateway port. +// +// For example, the following VirtualService splits traffic for +// `https://uk.bookinfo.com/reviews`, `https://eu.bookinfo.com/reviews`, +// `http://uk.bookinfo.com:9080/reviews`, +// `http://eu.bookinfo.com:9080/reviews` into two versions (prod and qa) of +// an internal reviews service on port 9080. In addition, requests +// containing the cookie "user: dev-123" will be sent to special port 7777 +// in the qa version. The same rule is also applicable inside the mesh for +// requests to the "reviews.prod.svc.cluster.local" service. This rule is +// applicable across ports 443, 9080. Note that `http://uk.bookinfo.com` +// gets redirected to `https://uk.bookinfo.com` (i.e. 80 redirects to 443). +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: VirtualService +// metadata: +// name: bookinfo-rule +// namespace: bookinfo-namespace +// spec: +// hosts: +// - reviews.prod.svc.cluster.local +// - uk.bookinfo.com +// - eu.bookinfo.com +// gateways: +// - some-config-namespace/my-gateway +// - mesh # applies to all the sidecars in the mesh +// http: +// - match: +// - headers: +// cookie: +// exact: "user=dev-123" +// route: +// - destination: +// port: +// number: 7777 +// host: reviews.qa.svc.cluster.local +// - match: +// - uri: +// prefix: /reviews/ +// route: +// - destination: +// port: +// number: 9080 # can be omitted if it's the only port for reviews +// host: reviews.prod.svc.cluster.local +// weight: 80 +// - destination: +// host: reviews.qa.svc.cluster.local +// weight: 20 +// ``` +// +// The following VirtualService forwards traffic arriving at (external) +// port 27017 to internal Mongo server on port 5555. This rule is not +// applicable internally in the mesh as the gateway list omits the +// reserved name `mesh`. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: VirtualService +// metadata: +// name: bookinfo-mongo +// namespace: bookinfo-namespace +// spec: +// hosts: +// - mongosvr.prod.svc.cluster.local # name of internal Mongo service +// gateways: +// - some-config-namespace/my-gateway # can omit the namespace if gateway is in same namespace as virtual service. +// tcp: +// - match: +// - port: 27017 +// route: +// - destination: +// host: mongo.prod.svc.cluster.local +// port: +// number: 5555 +// ``` +// +// It is possible to restrict the set of virtual services that can bind to +// a gateway server using the namespace/hostname syntax in the hosts field. +// For example, the following Gateway allows any virtual service in the ns1 +// namespace to bind to it, while restricting only the virtual service with +// foo.bar.com host in the ns2 namespace to bind to it. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: Gateway +// metadata: +// name: my-gateway +// namespace: some-config-namespace +// spec: +// selector: +// app: my-gateway-controller +// servers: +// - port: +// number: 80 +// name: http +// protocol: HTTP +// hosts: +// - "ns1/*" +// - "ns2/foo.bar.com" +// ``` + +package v1 + +import ( + _ "google.golang.org/genproto/googleapis/api/annotations" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// TLS modes enforced by the proxy +type ServerTLSSettings_TLSmode int32 + +const ( + // The SNI string presented by the client will be used as the + // match criterion in a VirtualService TLS route to determine + // the destination service from the service registry. + ServerTLSSettings_PASSTHROUGH ServerTLSSettings_TLSmode = 0 + // Secure connections with standard TLS semantics. In this mode + // client certificate is not requested during handshake. + ServerTLSSettings_SIMPLE ServerTLSSettings_TLSmode = 1 + // Secure connections to the downstream using mutual TLS by + // presenting server certificates for authentication. + // A client certificate will also be requested during the handshake and + // at least one valid certificate is required to be sent by the client. + ServerTLSSettings_MUTUAL ServerTLSSettings_TLSmode = 2 + // Similar to the passthrough mode, except servers with this TLS + // mode do not require an associated VirtualService to map from + // the SNI value to service in the registry. The destination + // details such as the service/subset/port are encoded in the + // SNI value. The proxy will forward to the upstream (Envoy) + // cluster (a group of endpoints) specified by the SNI + // value. This server is typically used to provide connectivity + // between services in disparate L3 networks that otherwise do + // not have direct connectivity between their respective + // endpoints. Use of this mode assumes that both the source and + // the destination are using Istio mTLS to secure traffic. + ServerTLSSettings_AUTO_PASSTHROUGH ServerTLSSettings_TLSmode = 3 + // Secure connections from the downstream using mutual TLS by + // presenting server certificates for authentication. Compared + // to Mutual mode, this mode uses certificates, representing + // gateway workload identity, generated automatically by Istio + // for mTLS authentication. When this mode is used, all other + // fields in `TLSOptions` should be empty. + ServerTLSSettings_ISTIO_MUTUAL ServerTLSSettings_TLSmode = 4 + // Similar to MUTUAL mode, except that the client certificate + // is optional. Unlike SIMPLE mode, A client certificate will + // still be explicitly requested during handshake, but the client + // is not required to send a certificate. If a client certificate + // is presented, it will be validated. ca_certificates should + // be specified for validating client certificates. + ServerTLSSettings_OPTIONAL_MUTUAL ServerTLSSettings_TLSmode = 5 +) + +// Enum value maps for ServerTLSSettings_TLSmode. +var ( + ServerTLSSettings_TLSmode_name = map[int32]string{ + 0: "PASSTHROUGH", + 1: "SIMPLE", + 2: "MUTUAL", + 3: "AUTO_PASSTHROUGH", + 4: "ISTIO_MUTUAL", + 5: "OPTIONAL_MUTUAL", + } + ServerTLSSettings_TLSmode_value = map[string]int32{ + "PASSTHROUGH": 0, + "SIMPLE": 1, + "MUTUAL": 2, + "AUTO_PASSTHROUGH": 3, + "ISTIO_MUTUAL": 4, + "OPTIONAL_MUTUAL": 5, + } +) + +func (x ServerTLSSettings_TLSmode) Enum() *ServerTLSSettings_TLSmode { + p := new(ServerTLSSettings_TLSmode) + *p = x + return p +} + +func (x ServerTLSSettings_TLSmode) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (ServerTLSSettings_TLSmode) Descriptor() protoreflect.EnumDescriptor { + return file_networking_v1_gateway_proto_enumTypes[0].Descriptor() +} + +func (ServerTLSSettings_TLSmode) Type() protoreflect.EnumType { + return &file_networking_v1_gateway_proto_enumTypes[0] +} + +func (x ServerTLSSettings_TLSmode) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use ServerTLSSettings_TLSmode.Descriptor instead. +func (ServerTLSSettings_TLSmode) EnumDescriptor() ([]byte, []int) { + return file_networking_v1_gateway_proto_rawDescGZIP(), []int{3, 0} +} + +// TLS protocol versions. +type ServerTLSSettings_TLSProtocol int32 + +const ( + // Automatically choose the optimal TLS version. + ServerTLSSettings_TLS_AUTO ServerTLSSettings_TLSProtocol = 0 + // TLS version 1.0 + ServerTLSSettings_TLSV1_0 ServerTLSSettings_TLSProtocol = 1 + // TLS version 1.1 + ServerTLSSettings_TLSV1_1 ServerTLSSettings_TLSProtocol = 2 + // TLS version 1.2 + ServerTLSSettings_TLSV1_2 ServerTLSSettings_TLSProtocol = 3 + // TLS version 1.3 + ServerTLSSettings_TLSV1_3 ServerTLSSettings_TLSProtocol = 4 +) + +// Enum value maps for ServerTLSSettings_TLSProtocol. +var ( + ServerTLSSettings_TLSProtocol_name = map[int32]string{ + 0: "TLS_AUTO", + 1: "TLSV1_0", + 2: "TLSV1_1", + 3: "TLSV1_2", + 4: "TLSV1_3", + } + ServerTLSSettings_TLSProtocol_value = map[string]int32{ + "TLS_AUTO": 0, + "TLSV1_0": 1, + "TLSV1_1": 2, + "TLSV1_2": 3, + "TLSV1_3": 4, + } +) + +func (x ServerTLSSettings_TLSProtocol) Enum() *ServerTLSSettings_TLSProtocol { + p := new(ServerTLSSettings_TLSProtocol) + *p = x + return p +} + +func (x ServerTLSSettings_TLSProtocol) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (ServerTLSSettings_TLSProtocol) Descriptor() protoreflect.EnumDescriptor { + return file_networking_v1_gateway_proto_enumTypes[1].Descriptor() +} + +func (ServerTLSSettings_TLSProtocol) Type() protoreflect.EnumType { + return &file_networking_v1_gateway_proto_enumTypes[1] +} + +func (x ServerTLSSettings_TLSProtocol) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use ServerTLSSettings_TLSProtocol.Descriptor instead. +func (ServerTLSSettings_TLSProtocol) EnumDescriptor() ([]byte, []int) { + return file_networking_v1_gateway_proto_rawDescGZIP(), []int{3, 1} +} + +// Gateway describes a load balancer operating at the edge of the mesh +// receiving incoming or outgoing HTTP/TCP connections. +// +// +// +// +// +type Gateway struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // A list of server specifications. + Servers []*Server `protobuf:"bytes,1,rep,name=servers,proto3" json:"servers,omitempty"` + // One or more labels that indicate a specific set of pods/VMs + // on which this gateway configuration should be applied. + // By default workloads are searched across all namespaces based on label selectors. + // This implies that a gateway resource in the namespace "foo" can select pods in + // the namespace "bar" based on labels. + // This behavior can be controlled via the `PILOT_SCOPE_GATEWAY_TO_NAMESPACE` + // environment variable in istiod. If this variable is set + // to true, the scope of label search is restricted to the configuration + // namespace in which the the resource is present. In other words, the Gateway + // resource must reside in the same namespace as the gateway workload + // instance. + // If selector is nil, the Gateway will be applied to all workloads. + Selector map[string]string `protobuf:"bytes,2,rep,name=selector,proto3" json:"selector,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` +} + +func (x *Gateway) Reset() { + *x = Gateway{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_gateway_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Gateway) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Gateway) ProtoMessage() {} + +func (x *Gateway) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_gateway_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Gateway.ProtoReflect.Descriptor instead. +func (*Gateway) Descriptor() ([]byte, []int) { + return file_networking_v1_gateway_proto_rawDescGZIP(), []int{0} +} + +func (x *Gateway) GetServers() []*Server { + if x != nil { + return x.Servers + } + return nil +} + +func (x *Gateway) GetSelector() map[string]string { + if x != nil { + return x.Selector + } + return nil +} + +// `Server` describes the properties of the proxy on a given load balancer +// port. For example, +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: Gateway +// metadata: +// +// name: my-ingress +// +// spec: +// +// selector: +// app: my-ingressgateway +// servers: +// - port: +// number: 80 +// name: http2 +// protocol: HTTP2 +// hosts: +// - "*" +// +// ``` +// +// # Another example +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: Gateway +// metadata: +// +// name: my-tcp-ingress +// +// spec: +// +// selector: +// app: my-tcp-ingressgateway +// servers: +// - port: +// number: 27018 +// name: mongo +// protocol: MONGO +// hosts: +// - "*" +// +// ``` +// +// # The following is an example of TLS configuration for port 443 +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: Gateway +// metadata: +// +// name: my-tls-ingress +// +// spec: +// +// selector: +// app: my-tls-ingressgateway +// servers: +// - port: +// number: 443 +// name: https +// protocol: HTTPS +// hosts: +// - "*" +// tls: +// mode: SIMPLE +// credentialName: tls-cert +// +// ``` +type Server struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The Port on which the proxy should listen for incoming + // connections. + Port *Port `protobuf:"bytes,1,opt,name=port,proto3" json:"port,omitempty"` + // The ip or the Unix domain socket to which the listener should be bound + // to. Format: `x.x.x.x` or `unix:///path/to/uds` or `unix://@foobar` + // (Linux abstract namespace). When using Unix domain sockets, the port + // number should be 0. + // This can be used to restrict the reachability of this server to be gateway internal only. + // This is typically used when a gateway needs to communicate to another mesh service + // e.g. publishing metrics. In such case, the server created with the + // specified bind will not be available to external gateway clients. + Bind string `protobuf:"bytes,4,opt,name=bind,proto3" json:"bind,omitempty"` + // One or more hosts exposed by this gateway. + // While typically applicable to + // HTTP services, it can also be used for TCP services using TLS with SNI. + // A host is specified as a `dnsName` with an optional `namespace/` prefix. + // The `dnsName` should be specified using FQDN format, optionally including + // a wildcard character in the left-most component (e.g., `prod/*.example.com`). + // Set the `dnsName` to `*` to select all `VirtualService` hosts from the + // specified namespace (e.g.,`prod/*`). + // + // The `namespace` can be set to `*` or `.`, representing any or the current + // namespace, respectively. For example, `*/foo.example.com` selects the + // service from any available namespace while `./foo.example.com` only selects + // the service from the namespace of the sidecar. The default, if no `namespace/` + // is specified, is `*/`, that is, select services from any namespace. + // Any associated `DestinationRule` in the selected namespace will also be used. + // + // A `VirtualService` must be bound to the gateway and must have one or + // more hosts that match the hosts specified in a server. The match + // could be an exact match or a suffix match with the server's hosts. For + // example, if the server's hosts specifies `*.example.com`, a + // `VirtualService` with hosts `dev.example.com` or `prod.example.com` will + // match. However, a `VirtualService` with host `example.com` or + // `newexample.com` will not match. + // + // NOTE: Only virtual services exported to the gateway's namespace + // (e.g., `exportTo` value of `*`) can be referenced. + // Private configurations (e.g., `exportTo` set to `.`) will not be + // available. Refer to the `exportTo` setting in `VirtualService`, + // `DestinationRule`, and `ServiceEntry` configurations for details. + Hosts []string `protobuf:"bytes,2,rep,name=hosts,proto3" json:"hosts,omitempty"` + // Set of TLS related options that govern the server's behavior. Use + // these options to control if all http requests should be redirected to + // https, and the TLS modes to use. + Tls *ServerTLSSettings `protobuf:"bytes,3,opt,name=tls,proto3" json:"tls,omitempty"` + // The loopback IP endpoint or Unix domain socket to which traffic should + // be forwarded to by default. Format should be `127.0.0.1:PORT` or + // `unix:///path/to/socket` or `unix://@foobar` (Linux abstract namespace). + // NOT IMPLEMENTED. + // $hide_from_docs + DefaultEndpoint string `protobuf:"bytes,5,opt,name=default_endpoint,json=defaultEndpoint,proto3" json:"default_endpoint,omitempty"` + // An optional name of the server, when set must be unique across all servers. + // This will be used for variety of purposes like prefixing stats generated with + // this name etc. + Name string `protobuf:"bytes,6,opt,name=name,proto3" json:"name,omitempty"` +} + +func (x *Server) Reset() { + *x = Server{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_gateway_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Server) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Server) ProtoMessage() {} + +func (x *Server) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_gateway_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Server.ProtoReflect.Descriptor instead. +func (*Server) Descriptor() ([]byte, []int) { + return file_networking_v1_gateway_proto_rawDescGZIP(), []int{1} +} + +func (x *Server) GetPort() *Port { + if x != nil { + return x.Port + } + return nil +} + +func (x *Server) GetBind() string { + if x != nil { + return x.Bind + } + return "" +} + +func (x *Server) GetHosts() []string { + if x != nil { + return x.Hosts + } + return nil +} + +func (x *Server) GetTls() *ServerTLSSettings { + if x != nil { + return x.Tls + } + return nil +} + +func (x *Server) GetDefaultEndpoint() string { + if x != nil { + return x.DefaultEndpoint + } + return "" +} + +func (x *Server) GetName() string { + if x != nil { + return x.Name + } + return "" +} + +// Port describes the properties of a specific port of a service. +type Port struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // A valid non-negative integer port number. + Number uint32 `protobuf:"varint,1,opt,name=number,proto3" json:"number,omitempty"` + // The protocol exposed on the port. + // MUST BE one of HTTP|HTTPS|GRPC|GRPC-WEB|HTTP2|MONGO|TCP|TLS. + // TLS can be either used to terminate non-HTTP based connections on a specific port + // or to route traffic based on SNI header to the destination without terminating the TLS connection. + Protocol string `protobuf:"bytes,2,opt,name=protocol,proto3" json:"protocol,omitempty"` + // Label assigned to the port. + Name string `protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"` + // The port number on the endpoint where the traffic will be + // received. Applicable only when used with ServiceEntries. + // $hide_from_docs + // + // Deprecated: Marked as deprecated in networking/v1/gateway.proto. + TargetPort uint32 `protobuf:"varint,4,opt,name=target_port,json=targetPort,proto3" json:"target_port,omitempty"` +} + +func (x *Port) Reset() { + *x = Port{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_gateway_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Port) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Port) ProtoMessage() {} + +func (x *Port) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_gateway_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Port.ProtoReflect.Descriptor instead. +func (*Port) Descriptor() ([]byte, []int) { + return file_networking_v1_gateway_proto_rawDescGZIP(), []int{2} +} + +func (x *Port) GetNumber() uint32 { + if x != nil { + return x.Number + } + return 0 +} + +func (x *Port) GetProtocol() string { + if x != nil { + return x.Protocol + } + return "" +} + +func (x *Port) GetName() string { + if x != nil { + return x.Name + } + return "" +} + +// Deprecated: Marked as deprecated in networking/v1/gateway.proto. +func (x *Port) GetTargetPort() uint32 { + if x != nil { + return x.TargetPort + } + return 0 +} + +type ServerTLSSettings struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // If set to true, the load balancer will send a 301 redirect for + // all http connections, asking the clients to use HTTPS. + HttpsRedirect bool `protobuf:"varint,1,opt,name=https_redirect,json=httpsRedirect,proto3" json:"https_redirect,omitempty"` + // Optional: Indicates whether connections to this port should be + // secured using TLS. The value of this field determines how TLS is + // enforced. + Mode ServerTLSSettings_TLSmode `protobuf:"varint,2,opt,name=mode,proto3,enum=istio.networking.v1.ServerTLSSettings_TLSmode" json:"mode,omitempty"` + // REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file + // holding the server-side TLS certificate to use. + ServerCertificate string `protobuf:"bytes,3,opt,name=server_certificate,json=serverCertificate,proto3" json:"server_certificate,omitempty"` + // REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file + // holding the server's private key. + PrivateKey string `protobuf:"bytes,4,opt,name=private_key,json=privateKey,proto3" json:"private_key,omitempty"` + // REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`. The path to a file + // containing certificate authority certificates to use in verifying a presented + // client side certificate. + CaCertificates string `protobuf:"bytes,5,opt,name=ca_certificates,json=caCertificates,proto3" json:"ca_certificates,omitempty"` + // OPTIONAL: The path to the file containing the certificate revocation list (CRL) + // to use in verifying a presented client side certificate. `CRL` is a list of certificates + // that have been revoked by the CA (Certificate Authority) before their scheduled expiration date. + // If specified, the proxy will verify if the presented certificate is part of the revoked list of certificates. + // If omitted, the proxy will not verify the certificate against the `crl`. + CaCrl string `protobuf:"bytes,13,opt,name=ca_crl,json=caCrl,proto3" json:"ca_crl,omitempty"` + // For gateways running on Kubernetes, the name of the secret that + // holds the TLS certs including the CA certificates. Applicable + // only on Kubernetes. An Opaque secret should contain the following + // keys and values: `tls.key: ` and `tls.crt: ` or + // `key: ` and `cert: `. + // For mutual TLS, `cacert: ` and `crl: ` + // can be provided in the same secret or a separate secret named `-cacert`. + // A TLS secret for server certificates with an additional `tls.ocsp-staple` key + // for specifying OCSP staple information, `ca.crt` key for CA certificates + // and `ca.crl` for certificate revocation list is also supported. + // Only one of server certificates and CA certificate + // or credentialName can be specified. + CredentialName string `protobuf:"bytes,10,opt,name=credential_name,json=credentialName,proto3" json:"credential_name,omitempty"` + // A list of alternate names to verify the subject identity in the + // certificate presented by the client. + SubjectAltNames []string `protobuf:"bytes,6,rep,name=subject_alt_names,json=subjectAltNames,proto3" json:"subject_alt_names,omitempty"` + // An optional list of base64-encoded SHA-256 hashes of the SPKIs of + // authorized client certificates. + // Note: When both verify_certificate_hash and verify_certificate_spki + // are specified, a hash matching either value will result in the + // certificate being accepted. + VerifyCertificateSpki []string `protobuf:"bytes,11,rep,name=verify_certificate_spki,json=verifyCertificateSpki,proto3" json:"verify_certificate_spki,omitempty"` + // An optional list of hex-encoded SHA-256 hashes of the + // authorized client certificates. Both simple and colon separated + // formats are acceptable. + // Note: When both verify_certificate_hash and verify_certificate_spki + // are specified, a hash matching either value will result in the + // certificate being accepted. + VerifyCertificateHash []string `protobuf:"bytes,12,rep,name=verify_certificate_hash,json=verifyCertificateHash,proto3" json:"verify_certificate_hash,omitempty"` + // Optional: Minimum TLS protocol version. By default, it is `TLSV1_2`. + // TLS protocol versions below TLSV1_2 require setting compatible ciphers with the + // `cipherSuites` setting as they no longer include compatible ciphers. + // + // Note: Using TLS protocol versions below TLSV1_2 has serious security risks. + MinProtocolVersion ServerTLSSettings_TLSProtocol `protobuf:"varint,7,opt,name=min_protocol_version,json=minProtocolVersion,proto3,enum=istio.networking.v1.ServerTLSSettings_TLSProtocol" json:"min_protocol_version,omitempty"` + // Optional: Maximum TLS protocol version. + MaxProtocolVersion ServerTLSSettings_TLSProtocol `protobuf:"varint,8,opt,name=max_protocol_version,json=maxProtocolVersion,proto3,enum=istio.networking.v1.ServerTLSSettings_TLSProtocol" json:"max_protocol_version,omitempty"` + // Optional: If specified, only support the specified cipher list. + // Otherwise default to the default cipher list supported by Envoy + // as specified [here](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto). + // The supported list of ciphers are: + // * `ECDHE-ECDSA-AES128-GCM-SHA256` + // * `ECDHE-RSA-AES128-GCM-SHA256` + // * `ECDHE-ECDSA-AES256-GCM-SHA384` + // * `ECDHE-RSA-AES256-GCM-SHA384` + // * `ECDHE-ECDSA-CHACHA20-POLY1305` + // * `ECDHE-RSA-CHACHA20-POLY1305` + // * `ECDHE-ECDSA-AES128-SHA` + // * `ECDHE-RSA-AES128-SHA` + // * `ECDHE-ECDSA-AES256-SHA` + // * `ECDHE-RSA-AES256-SHA` + // * `AES128-GCM-SHA256` + // * `AES256-GCM-SHA384` + // * `AES128-SHA` + // * `AES256-SHA` + // * `DES-CBC3-SHA` + CipherSuites []string `protobuf:"bytes,9,rep,name=cipher_suites,json=cipherSuites,proto3" json:"cipher_suites,omitempty"` +} + +func (x *ServerTLSSettings) Reset() { + *x = ServerTLSSettings{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_gateway_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ServerTLSSettings) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ServerTLSSettings) ProtoMessage() {} + +func (x *ServerTLSSettings) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_gateway_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ServerTLSSettings.ProtoReflect.Descriptor instead. +func (*ServerTLSSettings) Descriptor() ([]byte, []int) { + return file_networking_v1_gateway_proto_rawDescGZIP(), []int{3} +} + +func (x *ServerTLSSettings) GetHttpsRedirect() bool { + if x != nil { + return x.HttpsRedirect + } + return false +} + +func (x *ServerTLSSettings) GetMode() ServerTLSSettings_TLSmode { + if x != nil { + return x.Mode + } + return ServerTLSSettings_PASSTHROUGH +} + +func (x *ServerTLSSettings) GetServerCertificate() string { + if x != nil { + return x.ServerCertificate + } + return "" +} + +func (x *ServerTLSSettings) GetPrivateKey() string { + if x != nil { + return x.PrivateKey + } + return "" +} + +func (x *ServerTLSSettings) GetCaCertificates() string { + if x != nil { + return x.CaCertificates + } + return "" +} + +func (x *ServerTLSSettings) GetCaCrl() string { + if x != nil { + return x.CaCrl + } + return "" +} + +func (x *ServerTLSSettings) GetCredentialName() string { + if x != nil { + return x.CredentialName + } + return "" +} + +func (x *ServerTLSSettings) GetSubjectAltNames() []string { + if x != nil { + return x.SubjectAltNames + } + return nil +} + +func (x *ServerTLSSettings) GetVerifyCertificateSpki() []string { + if x != nil { + return x.VerifyCertificateSpki + } + return nil +} + +func (x *ServerTLSSettings) GetVerifyCertificateHash() []string { + if x != nil { + return x.VerifyCertificateHash + } + return nil +} + +func (x *ServerTLSSettings) GetMinProtocolVersion() ServerTLSSettings_TLSProtocol { + if x != nil { + return x.MinProtocolVersion + } + return ServerTLSSettings_TLS_AUTO +} + +func (x *ServerTLSSettings) GetMaxProtocolVersion() ServerTLSSettings_TLSProtocol { + if x != nil { + return x.MaxProtocolVersion + } + return ServerTLSSettings_TLS_AUTO +} + +func (x *ServerTLSSettings) GetCipherSuites() []string { + if x != nil { + return x.CipherSuites + } + return nil +} + +var File_networking_v1_gateway_proto protoreflect.FileDescriptor + +var file_networking_v1_gateway_proto_rawDesc = []byte{ + 0x0a, 0x1b, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x2f, + 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x13, 0x69, + 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, + 0x76, 0x31, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, + 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x22, 0xc5, 0x01, 0x0a, 0x07, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x12, + 0x35, 0x0a, 0x07, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, + 0x32, 0x1b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, + 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x07, 0x73, + 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x12, 0x46, 0x0a, 0x08, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, + 0x6f, 0x72, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, + 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x47, + 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x2e, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x45, + 0x6e, 0x74, 0x72, 0x79, 0x52, 0x08, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x1a, 0x3b, + 0x0a, 0x0d, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, + 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, + 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xe4, 0x01, 0x0a, 0x06, + 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x32, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, + 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x6f, 0x72, 0x74, 0x42, + 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x62, 0x69, + 0x6e, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x62, 0x69, 0x6e, 0x64, 0x12, 0x19, + 0x0a, 0x05, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x42, 0x03, 0xe0, + 0x41, 0x02, 0x52, 0x05, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x12, 0x38, 0x0a, 0x03, 0x74, 0x6c, 0x73, + 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, + 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x72, + 0x76, 0x65, 0x72, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x03, + 0x74, 0x6c, 0x73, 0x12, 0x29, 0x0a, 0x10, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x65, + 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x64, + 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x12, + 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, + 0x6d, 0x65, 0x22, 0x82, 0x01, 0x0a, 0x04, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x1b, 0x0a, 0x06, 0x6e, + 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x03, 0xe0, 0x41, 0x02, + 0x52, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x1f, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, + 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x17, 0x0a, 0x04, 0x6e, 0x61, 0x6d, + 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x6e, 0x61, + 0x6d, 0x65, 0x12, 0x23, 0x0a, 0x0b, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x70, 0x6f, 0x72, + 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x02, 0x18, 0x01, 0x52, 0x0a, 0x74, 0x61, 0x72, + 0x67, 0x65, 0x74, 0x50, 0x6f, 0x72, 0x74, 0x22, 0x86, 0x07, 0x0a, 0x11, 0x53, 0x65, 0x72, 0x76, + 0x65, 0x72, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x25, 0x0a, + 0x0e, 0x68, 0x74, 0x74, 0x70, 0x73, 0x5f, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x68, 0x74, 0x74, 0x70, 0x73, 0x52, 0x65, 0x64, 0x69, + 0x72, 0x65, 0x63, 0x74, 0x12, 0x42, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x0e, 0x32, 0x2e, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, + 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, + 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x54, 0x4c, 0x53, 0x6d, 0x6f, + 0x64, 0x65, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x2d, 0x0a, 0x12, 0x73, 0x65, 0x72, 0x76, + 0x65, 0x72, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x03, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, + 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x72, 0x69, 0x76, 0x61, + 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x70, 0x72, + 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x12, 0x27, 0x0a, 0x0f, 0x63, 0x61, 0x5f, 0x63, + 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x0e, 0x63, 0x61, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, + 0x73, 0x12, 0x15, 0x0a, 0x06, 0x63, 0x61, 0x5f, 0x63, 0x72, 0x6c, 0x18, 0x0d, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x05, 0x63, 0x61, 0x43, 0x72, 0x6c, 0x12, 0x27, 0x0a, 0x0f, 0x63, 0x72, 0x65, 0x64, + 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x0e, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x4e, 0x61, 0x6d, + 0x65, 0x12, 0x2a, 0x0a, 0x11, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x61, 0x6c, 0x74, + 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0f, 0x73, 0x75, + 0x62, 0x6a, 0x65, 0x63, 0x74, 0x41, 0x6c, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x36, 0x0a, + 0x17, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, + 0x61, 0x74, 0x65, 0x5f, 0x73, 0x70, 0x6b, 0x69, 0x18, 0x0b, 0x20, 0x03, 0x28, 0x09, 0x52, 0x15, + 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, + 0x65, 0x53, 0x70, 0x6b, 0x69, 0x12, 0x36, 0x0a, 0x17, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x5f, + 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x68, 0x61, 0x73, 0x68, + 0x18, 0x0c, 0x20, 0x03, 0x28, 0x09, 0x52, 0x15, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x43, 0x65, + 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x48, 0x61, 0x73, 0x68, 0x12, 0x64, 0x0a, + 0x14, 0x6d, 0x69, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x5f, 0x76, 0x65, + 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x32, 0x2e, 0x69, 0x73, + 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, + 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, + 0x6e, 0x67, 0x73, 0x2e, 0x54, 0x4c, 0x53, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x52, + 0x12, 0x6d, 0x69, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x56, 0x65, 0x72, 0x73, + 0x69, 0x6f, 0x6e, 0x12, 0x64, 0x0a, 0x14, 0x6d, 0x61, 0x78, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x63, 0x6f, 0x6c, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x08, 0x20, 0x01, 0x28, + 0x0e, 0x32, 0x32, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, + 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x4c, + 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x54, 0x4c, 0x53, 0x50, 0x72, 0x6f, + 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x52, 0x12, 0x6d, 0x61, 0x78, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, + 0x6f, 0x6c, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x23, 0x0a, 0x0d, 0x63, 0x69, 0x70, + 0x68, 0x65, 0x72, 0x5f, 0x73, 0x75, 0x69, 0x74, 0x65, 0x73, 0x18, 0x09, 0x20, 0x03, 0x28, 0x09, + 0x52, 0x0c, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, 0x73, 0x22, 0x6f, + 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x0f, 0x0a, 0x0b, 0x50, 0x41, 0x53, + 0x53, 0x54, 0x48, 0x52, 0x4f, 0x55, 0x47, 0x48, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x49, + 0x4d, 0x50, 0x4c, 0x45, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x4d, 0x55, 0x54, 0x55, 0x41, 0x4c, + 0x10, 0x02, 0x12, 0x14, 0x0a, 0x10, 0x41, 0x55, 0x54, 0x4f, 0x5f, 0x50, 0x41, 0x53, 0x53, 0x54, + 0x48, 0x52, 0x4f, 0x55, 0x47, 0x48, 0x10, 0x03, 0x12, 0x10, 0x0a, 0x0c, 0x49, 0x53, 0x54, 0x49, + 0x4f, 0x5f, 0x4d, 0x55, 0x54, 0x55, 0x41, 0x4c, 0x10, 0x04, 0x12, 0x13, 0x0a, 0x0f, 0x4f, 0x50, + 0x54, 0x49, 0x4f, 0x4e, 0x41, 0x4c, 0x5f, 0x4d, 0x55, 0x54, 0x55, 0x41, 0x4c, 0x10, 0x05, 0x22, + 0x4f, 0x0a, 0x0b, 0x54, 0x4c, 0x53, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x0c, + 0x0a, 0x08, 0x54, 0x4c, 0x53, 0x5f, 0x41, 0x55, 0x54, 0x4f, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, + 0x54, 0x4c, 0x53, 0x56, 0x31, 0x5f, 0x30, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x54, 0x4c, 0x53, + 0x56, 0x31, 0x5f, 0x31, 0x10, 0x02, 0x12, 0x0b, 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x56, 0x31, 0x5f, + 0x32, 0x10, 0x03, 0x12, 0x0b, 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x56, 0x31, 0x5f, 0x33, 0x10, 0x04, + 0x42, 0x1c, 0x5a, 0x1a, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, + 0x2f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, 0x06, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_networking_v1_gateway_proto_rawDescOnce sync.Once + file_networking_v1_gateway_proto_rawDescData = file_networking_v1_gateway_proto_rawDesc +) + +func file_networking_v1_gateway_proto_rawDescGZIP() []byte { + file_networking_v1_gateway_proto_rawDescOnce.Do(func() { + file_networking_v1_gateway_proto_rawDescData = protoimpl.X.CompressGZIP(file_networking_v1_gateway_proto_rawDescData) + }) + return file_networking_v1_gateway_proto_rawDescData +} + +var file_networking_v1_gateway_proto_enumTypes = make([]protoimpl.EnumInfo, 2) +var file_networking_v1_gateway_proto_msgTypes = make([]protoimpl.MessageInfo, 5) +var file_networking_v1_gateway_proto_goTypes = []interface{}{ + (ServerTLSSettings_TLSmode)(0), // 0: istio.networking.v1.ServerTLSSettings.TLSmode + (ServerTLSSettings_TLSProtocol)(0), // 1: istio.networking.v1.ServerTLSSettings.TLSProtocol + (*Gateway)(nil), // 2: istio.networking.v1.Gateway + (*Server)(nil), // 3: istio.networking.v1.Server + (*Port)(nil), // 4: istio.networking.v1.Port + (*ServerTLSSettings)(nil), // 5: istio.networking.v1.ServerTLSSettings + nil, // 6: istio.networking.v1.Gateway.SelectorEntry +} +var file_networking_v1_gateway_proto_depIdxs = []int32{ + 3, // 0: istio.networking.v1.Gateway.servers:type_name -> istio.networking.v1.Server + 6, // 1: istio.networking.v1.Gateway.selector:type_name -> istio.networking.v1.Gateway.SelectorEntry + 4, // 2: istio.networking.v1.Server.port:type_name -> istio.networking.v1.Port + 5, // 3: istio.networking.v1.Server.tls:type_name -> istio.networking.v1.ServerTLSSettings + 0, // 4: istio.networking.v1.ServerTLSSettings.mode:type_name -> istio.networking.v1.ServerTLSSettings.TLSmode + 1, // 5: istio.networking.v1.ServerTLSSettings.min_protocol_version:type_name -> istio.networking.v1.ServerTLSSettings.TLSProtocol + 1, // 6: istio.networking.v1.ServerTLSSettings.max_protocol_version:type_name -> istio.networking.v1.ServerTLSSettings.TLSProtocol + 7, // [7:7] is the sub-list for method output_type + 7, // [7:7] is the sub-list for method input_type + 7, // [7:7] is the sub-list for extension type_name + 7, // [7:7] is the sub-list for extension extendee + 0, // [0:7] is the sub-list for field type_name +} + +func init() { file_networking_v1_gateway_proto_init() } +func file_networking_v1_gateway_proto_init() { + if File_networking_v1_gateway_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_networking_v1_gateway_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Gateway); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_gateway_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Server); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_gateway_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Port); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_gateway_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ServerTLSSettings); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_networking_v1_gateway_proto_rawDesc, + NumEnums: 2, + NumMessages: 5, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_networking_v1_gateway_proto_goTypes, + DependencyIndexes: file_networking_v1_gateway_proto_depIdxs, + EnumInfos: file_networking_v1_gateway_proto_enumTypes, + MessageInfos: file_networking_v1_gateway_proto_msgTypes, + }.Build() + File_networking_v1_gateway_proto = out.File + file_networking_v1_gateway_proto_rawDesc = nil + file_networking_v1_gateway_proto_goTypes = nil + file_networking_v1_gateway_proto_depIdxs = nil +} diff --git a/networking/v1/gateway.proto b/networking/v1/gateway.proto new file mode 100644 index 00000000..89ed5122 --- /dev/null +++ b/networking/v1/gateway.proto @@ -0,0 +1,544 @@ +// Copyright 2020 Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +import "google/api/field_behavior.proto"; + +// $schema: istio.networking.v1.Gateway +// $title: Gateway +// $description: Configuration affecting edge load balancer. +// $location: https://istio.io/docs/reference/config/networking/gateway.html +// $aliases: [/docs/reference/config/networking/v1/gateway] +// $mode: none + +// `Gateway` describes a load balancer operating at the edge of the mesh +// receiving incoming or outgoing HTTP/TCP connections. The specification +// describes a set of ports that should be exposed, the type of protocol to +// use, SNI configuration for the load balancer, etc. +// +// For example, the following Gateway configuration sets up a proxy to act +// as a load balancer exposing port 80 and 9080 (http), 443 (https), +// 9443(https) and port 2379 (TCP) for ingress. The gateway will be +// applied to the proxy running on a pod with labels `app: +// my-gateway-controller`. While Istio will configure the proxy to listen +// on these ports, it is the responsibility of the user to ensure that +// external traffic to these ports are allowed into the mesh. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: Gateway +// metadata: +// name: my-gateway +// namespace: some-config-namespace +// spec: +// selector: +// app: my-gateway-controller +// servers: +// - port: +// number: 80 +// name: http +// protocol: HTTP +// hosts: +// - uk.bookinfo.com +// - eu.bookinfo.com +// tls: +// httpsRedirect: true # sends 301 redirect for http requests +// - port: +// number: 443 +// name: https-443 +// protocol: HTTPS +// hosts: +// - uk.bookinfo.com +// - eu.bookinfo.com +// tls: +// mode: SIMPLE # enables HTTPS on this port +// serverCertificate: /etc/certs/servercert.pem +// privateKey: /etc/certs/privatekey.pem +// - port: +// number: 9443 +// name: https-9443 +// protocol: HTTPS +// hosts: +// - "bookinfo-namespace/*.bookinfo.com" +// tls: +// mode: SIMPLE # enables HTTPS on this port +// credentialName: bookinfo-secret # fetches certs from Kubernetes secret +// - port: +// number: 9080 +// name: http-wildcard +// protocol: HTTP +// hosts: +// - "*" +// - port: +// number: 2379 # to expose internal service via external port 2379 +// name: mongo +// protocol: MONGO +// hosts: +// - "*" +// ``` +// +// The Gateway specification above describes the L4-L6 properties of a load +// balancer. A `VirtualService` can then be bound to a gateway to control +// the forwarding of traffic arriving at a particular host or gateway port. +// +// For example, the following VirtualService splits traffic for +// `https://uk.bookinfo.com/reviews`, `https://eu.bookinfo.com/reviews`, +// `http://uk.bookinfo.com:9080/reviews`, +// `http://eu.bookinfo.com:9080/reviews` into two versions (prod and qa) of +// an internal reviews service on port 9080. In addition, requests +// containing the cookie "user: dev-123" will be sent to special port 7777 +// in the qa version. The same rule is also applicable inside the mesh for +// requests to the "reviews.prod.svc.cluster.local" service. This rule is +// applicable across ports 443, 9080. Note that `http://uk.bookinfo.com` +// gets redirected to `https://uk.bookinfo.com` (i.e. 80 redirects to 443). +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: VirtualService +// metadata: +// name: bookinfo-rule +// namespace: bookinfo-namespace +// spec: +// hosts: +// - reviews.prod.svc.cluster.local +// - uk.bookinfo.com +// - eu.bookinfo.com +// gateways: +// - some-config-namespace/my-gateway +// - mesh # applies to all the sidecars in the mesh +// http: +// - match: +// - headers: +// cookie: +// exact: "user=dev-123" +// route: +// - destination: +// port: +// number: 7777 +// host: reviews.qa.svc.cluster.local +// - match: +// - uri: +// prefix: /reviews/ +// route: +// - destination: +// port: +// number: 9080 # can be omitted if it's the only port for reviews +// host: reviews.prod.svc.cluster.local +// weight: 80 +// - destination: +// host: reviews.qa.svc.cluster.local +// weight: 20 +// ``` +// +// The following VirtualService forwards traffic arriving at (external) +// port 27017 to internal Mongo server on port 5555. This rule is not +// applicable internally in the mesh as the gateway list omits the +// reserved name `mesh`. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: VirtualService +// metadata: +// name: bookinfo-mongo +// namespace: bookinfo-namespace +// spec: +// hosts: +// - mongosvr.prod.svc.cluster.local # name of internal Mongo service +// gateways: +// - some-config-namespace/my-gateway # can omit the namespace if gateway is in same namespace as virtual service. +// tcp: +// - match: +// - port: 27017 +// route: +// - destination: +// host: mongo.prod.svc.cluster.local +// port: +// number: 5555 +// ``` +// +// It is possible to restrict the set of virtual services that can bind to +// a gateway server using the namespace/hostname syntax in the hosts field. +// For example, the following Gateway allows any virtual service in the ns1 +// namespace to bind to it, while restricting only the virtual service with +// foo.bar.com host in the ns2 namespace to bind to it. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: Gateway +// metadata: +// name: my-gateway +// namespace: some-config-namespace +// spec: +// selector: +// app: my-gateway-controller +// servers: +// - port: +// number: 80 +// name: http +// protocol: HTTP +// hosts: +// - "ns1/*" +// - "ns2/foo.bar.com" +// ``` +package istio.networking.v1; + +option go_package = "istio.io/api/networking/v1"; + +// Gateway describes a load balancer operating at the edge of the mesh +// receiving incoming or outgoing HTTP/TCP connections. +// +// +// +// +// +message Gateway { + // A list of server specifications. + repeated Server servers = 1; + + // One or more labels that indicate a specific set of pods/VMs + // on which this gateway configuration should be applied. + // By default workloads are searched across all namespaces based on label selectors. + // This implies that a gateway resource in the namespace "foo" can select pods in + // the namespace "bar" based on labels. + // This behavior can be controlled via the `PILOT_SCOPE_GATEWAY_TO_NAMESPACE` + // environment variable in istiod. If this variable is set + // to true, the scope of label search is restricted to the configuration + // namespace in which the the resource is present. In other words, the Gateway + // resource must reside in the same namespace as the gateway workload + // instance. + // If selector is nil, the Gateway will be applied to all workloads. + map selector = 2; +} + +// `Server` describes the properties of the proxy on a given load balancer +// port. For example, +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: Gateway +// metadata: +// name: my-ingress +// spec: +// selector: +// app: my-ingressgateway +// servers: +// - port: +// number: 80 +// name: http2 +// protocol: HTTP2 +// hosts: +// - "*" +// ``` +// +// Another example +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: Gateway +// metadata: +// name: my-tcp-ingress +// spec: +// selector: +// app: my-tcp-ingressgateway +// servers: +// - port: +// number: 27018 +// name: mongo +// protocol: MONGO +// hosts: +// - "*" +// ``` +// +// The following is an example of TLS configuration for port 443 +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: Gateway +// metadata: +// name: my-tls-ingress +// spec: +// selector: +// app: my-tls-ingressgateway +// servers: +// - port: +// number: 443 +// name: https +// protocol: HTTPS +// hosts: +// - "*" +// tls: +// mode: SIMPLE +// credentialName: tls-cert +// ``` +// +message Server { + // The Port on which the proxy should listen for incoming + // connections. + Port port = 1 [(google.api.field_behavior) = REQUIRED]; + + // The ip or the Unix domain socket to which the listener should be bound + // to. Format: `x.x.x.x` or `unix:///path/to/uds` or `unix://@foobar` + // (Linux abstract namespace). When using Unix domain sockets, the port + // number should be 0. + // This can be used to restrict the reachability of this server to be gateway internal only. + // This is typically used when a gateway needs to communicate to another mesh service + // e.g. publishing metrics. In such case, the server created with the + // specified bind will not be available to external gateway clients. + string bind = 4; + + // One or more hosts exposed by this gateway. + // While typically applicable to + // HTTP services, it can also be used for TCP services using TLS with SNI. + // A host is specified as a `dnsName` with an optional `namespace/` prefix. + // The `dnsName` should be specified using FQDN format, optionally including + // a wildcard character in the left-most component (e.g., `prod/*.example.com`). + // Set the `dnsName` to `*` to select all `VirtualService` hosts from the + // specified namespace (e.g.,`prod/*`). + // + // The `namespace` can be set to `*` or `.`, representing any or the current + // namespace, respectively. For example, `*/foo.example.com` selects the + // service from any available namespace while `./foo.example.com` only selects + // the service from the namespace of the sidecar. The default, if no `namespace/` + // is specified, is `*/`, that is, select services from any namespace. + // Any associated `DestinationRule` in the selected namespace will also be used. + // + // A `VirtualService` must be bound to the gateway and must have one or + // more hosts that match the hosts specified in a server. The match + // could be an exact match or a suffix match with the server's hosts. For + // example, if the server's hosts specifies `*.example.com`, a + // `VirtualService` with hosts `dev.example.com` or `prod.example.com` will + // match. However, a `VirtualService` with host `example.com` or + // `newexample.com` will not match. + // + // NOTE: Only virtual services exported to the gateway's namespace + // (e.g., `exportTo` value of `*`) can be referenced. + // Private configurations (e.g., `exportTo` set to `.`) will not be + // available. Refer to the `exportTo` setting in `VirtualService`, + // `DestinationRule`, and `ServiceEntry` configurations for details. + repeated string hosts = 2 [(google.api.field_behavior) = REQUIRED]; + + // Set of TLS related options that govern the server's behavior. Use + // these options to control if all http requests should be redirected to + // https, and the TLS modes to use. + ServerTLSSettings tls = 3; + + // The loopback IP endpoint or Unix domain socket to which traffic should + // be forwarded to by default. Format should be `127.0.0.1:PORT` or + // `unix:///path/to/socket` or `unix://@foobar` (Linux abstract namespace). + // NOT IMPLEMENTED. + // $hide_from_docs + string default_endpoint = 5; + + // An optional name of the server, when set must be unique across all servers. + // This will be used for variety of purposes like prefixing stats generated with + // this name etc. + string name = 6; +} + +// Port describes the properties of a specific port of a service. +message Port { + // A valid non-negative integer port number. + uint32 number = 1 [(google.api.field_behavior) = REQUIRED]; + + // The protocol exposed on the port. + // MUST BE one of HTTP|HTTPS|GRPC|GRPC-WEB|HTTP2|MONGO|TCP|TLS. + // TLS can be either used to terminate non-HTTP based connections on a specific port + // or to route traffic based on SNI header to the destination without terminating the TLS connection. + string protocol = 2 [(google.api.field_behavior) = REQUIRED]; + + // Label assigned to the port. + string name = 3 [(google.api.field_behavior) = REQUIRED]; + + // The port number on the endpoint where the traffic will be + // received. Applicable only when used with ServiceEntries. + // $hide_from_docs + uint32 target_port = 4 [deprecated=true]; +} + +message ServerTLSSettings { + // If set to true, the load balancer will send a 301 redirect for + // all http connections, asking the clients to use HTTPS. + bool https_redirect = 1; + + // TLS modes enforced by the proxy + enum TLSmode { + // The SNI string presented by the client will be used as the + // match criterion in a VirtualService TLS route to determine + // the destination service from the service registry. + PASSTHROUGH = 0; + + // Secure connections with standard TLS semantics. In this mode + // client certificate is not requested during handshake. + SIMPLE = 1; + + // Secure connections to the downstream using mutual TLS by + // presenting server certificates for authentication. + // A client certificate will also be requested during the handshake and + // at least one valid certificate is required to be sent by the client. + MUTUAL = 2; + + // Similar to the passthrough mode, except servers with this TLS + // mode do not require an associated VirtualService to map from + // the SNI value to service in the registry. The destination + // details such as the service/subset/port are encoded in the + // SNI value. The proxy will forward to the upstream (Envoy) + // cluster (a group of endpoints) specified by the SNI + // value. This server is typically used to provide connectivity + // between services in disparate L3 networks that otherwise do + // not have direct connectivity between their respective + // endpoints. Use of this mode assumes that both the source and + // the destination are using Istio mTLS to secure traffic. + AUTO_PASSTHROUGH = 3; + + // Secure connections from the downstream using mutual TLS by + // presenting server certificates for authentication. Compared + // to Mutual mode, this mode uses certificates, representing + // gateway workload identity, generated automatically by Istio + // for mTLS authentication. When this mode is used, all other + // fields in `TLSOptions` should be empty. + ISTIO_MUTUAL = 4; + + // Similar to MUTUAL mode, except that the client certificate + // is optional. Unlike SIMPLE mode, A client certificate will + // still be explicitly requested during handshake, but the client + // is not required to send a certificate. If a client certificate + // is presented, it will be validated. ca_certificates should + // be specified for validating client certificates. + OPTIONAL_MUTUAL = 5; + }; + + // Optional: Indicates whether connections to this port should be + // secured using TLS. The value of this field determines how TLS is + // enforced. + TLSmode mode = 2; + + // REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file + // holding the server-side TLS certificate to use. + string server_certificate = 3; + + // REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file + // holding the server's private key. + string private_key = 4; + + // REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`. The path to a file + // containing certificate authority certificates to use in verifying a presented + // client side certificate. + string ca_certificates = 5; + + // OPTIONAL: The path to the file containing the certificate revocation list (CRL) + // to use in verifying a presented client side certificate. `CRL` is a list of certificates + // that have been revoked by the CA (Certificate Authority) before their scheduled expiration date. + // If specified, the proxy will verify if the presented certificate is part of the revoked list of certificates. + // If omitted, the proxy will not verify the certificate against the `crl`. + string ca_crl = 13; + + // For gateways running on Kubernetes, the name of the secret that + // holds the TLS certs including the CA certificates. Applicable + // only on Kubernetes. An Opaque secret should contain the following + // keys and values: `tls.key: ` and `tls.crt: ` or + // `key: ` and `cert: `. + // For mutual TLS, `cacert: ` and `crl: ` + // can be provided in the same secret or a separate secret named `-cacert`. + // A TLS secret for server certificates with an additional `tls.ocsp-staple` key + // for specifying OCSP staple information, `ca.crt` key for CA certificates + // and `ca.crl` for certificate revocation list is also supported. + // Only one of server certificates and CA certificate + // or credentialName can be specified. + string credential_name = 10; + + // A list of alternate names to verify the subject identity in the + // certificate presented by the client. + repeated string subject_alt_names = 6; + + // An optional list of base64-encoded SHA-256 hashes of the SPKIs of + // authorized client certificates. + // Note: When both verify_certificate_hash and verify_certificate_spki + // are specified, a hash matching either value will result in the + // certificate being accepted. + repeated string verify_certificate_spki = 11; + + // An optional list of hex-encoded SHA-256 hashes of the + // authorized client certificates. Both simple and colon separated + // formats are acceptable. + // Note: When both verify_certificate_hash and verify_certificate_spki + // are specified, a hash matching either value will result in the + // certificate being accepted. + repeated string verify_certificate_hash = 12; + + // TLS protocol versions. + enum TLSProtocol { + // Automatically choose the optimal TLS version. + TLS_AUTO = 0; + + // TLS version 1.0 + TLSV1_0 = 1; + + // TLS version 1.1 + TLSV1_1 = 2; + + // TLS version 1.2 + TLSV1_2 = 3; + + // TLS version 1.3 + TLSV1_3 = 4; + } + + // Optional: Minimum TLS protocol version. By default, it is `TLSV1_2`. + // TLS protocol versions below TLSV1_2 require setting compatible ciphers with the + // `cipherSuites` setting as they no longer include compatible ciphers. + // + // Note: Using TLS protocol versions below TLSV1_2 has serious security risks. + TLSProtocol min_protocol_version = 7; + + // Optional: Maximum TLS protocol version. + TLSProtocol max_protocol_version = 8; + + // Optional: If specified, only support the specified cipher list. + // Otherwise default to the default cipher list supported by Envoy + // as specified [here](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto). + // The supported list of ciphers are: + // * `ECDHE-ECDSA-AES128-GCM-SHA256` + // * `ECDHE-RSA-AES128-GCM-SHA256` + // * `ECDHE-ECDSA-AES256-GCM-SHA384` + // * `ECDHE-RSA-AES256-GCM-SHA384` + // * `ECDHE-ECDSA-CHACHA20-POLY1305` + // * `ECDHE-RSA-CHACHA20-POLY1305` + // * `ECDHE-ECDSA-AES128-SHA` + // * `ECDHE-RSA-AES128-SHA` + // * `ECDHE-ECDSA-AES256-SHA` + // * `ECDHE-RSA-AES256-SHA` + // * `AES128-GCM-SHA256` + // * `AES256-GCM-SHA384` + // * `AES128-SHA` + // * `AES256-SHA` + // * `DES-CBC3-SHA` + repeated string cipher_suites = 9; +} diff --git a/networking/v1/gateway_deepcopy.gen.go b/networking/v1/gateway_deepcopy.gen.go new file mode 100644 index 00000000..2df35052 --- /dev/null +++ b/networking/v1/gateway_deepcopy.gen.go @@ -0,0 +1,90 @@ +// Code generated by protoc-gen-deepcopy. DO NOT EDIT. +package v1 + +import ( + proto "google.golang.org/protobuf/proto" +) + +// DeepCopyInto supports using Gateway within kubernetes types, where deepcopy-gen is used. +func (in *Gateway) DeepCopyInto(out *Gateway) { + p := proto.Clone(in).(*Gateway) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Gateway. Required by controller-gen. +func (in *Gateway) DeepCopy() *Gateway { + if in == nil { + return nil + } + out := new(Gateway) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Gateway. Required by controller-gen. +func (in *Gateway) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using Server within kubernetes types, where deepcopy-gen is used. +func (in *Server) DeepCopyInto(out *Server) { + p := proto.Clone(in).(*Server) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Server. Required by controller-gen. +func (in *Server) DeepCopy() *Server { + if in == nil { + return nil + } + out := new(Server) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Server. Required by controller-gen. +func (in *Server) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using Port within kubernetes types, where deepcopy-gen is used. +func (in *Port) DeepCopyInto(out *Port) { + p := proto.Clone(in).(*Port) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Port. Required by controller-gen. +func (in *Port) DeepCopy() *Port { + if in == nil { + return nil + } + out := new(Port) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Port. Required by controller-gen. +func (in *Port) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using ServerTLSSettings within kubernetes types, where deepcopy-gen is used. +func (in *ServerTLSSettings) DeepCopyInto(out *ServerTLSSettings) { + p := proto.Clone(in).(*ServerTLSSettings) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServerTLSSettings. Required by controller-gen. +func (in *ServerTLSSettings) DeepCopy() *ServerTLSSettings { + if in == nil { + return nil + } + out := new(ServerTLSSettings) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ServerTLSSettings. Required by controller-gen. +func (in *ServerTLSSettings) DeepCopyInterface() interface{} { + return in.DeepCopy() +} diff --git a/networking/v1/gateway_json.gen.go b/networking/v1/gateway_json.gen.go new file mode 100644 index 00000000..1df6ea05 --- /dev/null +++ b/networking/v1/gateway_json.gen.go @@ -0,0 +1,56 @@ +// Code generated by protoc-gen-jsonshim. DO NOT EDIT. +package v1 + +import ( + bytes "bytes" + jsonpb "github.com/golang/protobuf/jsonpb" +) + +// MarshalJSON is a custom marshaler for Gateway +func (this *Gateway) MarshalJSON() ([]byte, error) { + str, err := GatewayMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for Gateway +func (this *Gateway) UnmarshalJSON(b []byte) error { + return GatewayUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for Server +func (this *Server) MarshalJSON() ([]byte, error) { + str, err := GatewayMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for Server +func (this *Server) UnmarshalJSON(b []byte) error { + return GatewayUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for Port +func (this *Port) MarshalJSON() ([]byte, error) { + str, err := GatewayMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for Port +func (this *Port) UnmarshalJSON(b []byte) error { + return GatewayUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for ServerTLSSettings +func (this *ServerTLSSettings) MarshalJSON() ([]byte, error) { + str, err := GatewayMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for ServerTLSSettings +func (this *ServerTLSSettings) UnmarshalJSON(b []byte) error { + return GatewayUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +var ( + GatewayMarshaler = &jsonpb.Marshaler{} + GatewayUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} +) diff --git a/networking/v1/service_entry.pb.go b/networking/v1/service_entry.pb.go new file mode 100644 index 00000000..7ccf967c --- /dev/null +++ b/networking/v1/service_entry.pb.go @@ -0,0 +1,1016 @@ +// Copyright 2020 Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.33.0 +// protoc (unknown) +// source: networking/v1/service_entry.proto + +// $schema: istio.networking.v1.ServiceEntry +// $title: Service Entry +// $description: Configuration affecting service registry. +// $location: https://istio.io/docs/reference/config/networking/service-entry.html +// $aliases: [/docs/reference/config/networking/v1/service-entry] +// $mode: none + +// `ServiceEntry` enables adding additional entries into Istio's +// internal service registry, so that auto-discovered services in the +// mesh can access/route to these manually specified services. A +// service entry describes the properties of a service (DNS name, +// VIPs, ports, protocols, endpoints). These services could be +// external to the mesh (e.g., web APIs) or mesh-internal services +// that are not part of the platform's service registry (e.g., a set +// of VMs talking to services in Kubernetes). In addition, the +// endpoints of a service entry can also be dynamically selected by +// using the `workloadSelector` field. These endpoints can be VM +// workloads declared using the `WorkloadEntry` object or Kubernetes +// pods. The ability to select both pods and VMs under a single +// service allows for migration of services from VMs to Kubernetes +// without having to change the existing DNS names associated with the +// services. +// +// The following example declares a few external APIs accessed by internal +// applications over HTTPS. The sidecar inspects the SNI value in the +// ClientHello message to route to the appropriate external service. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: ServiceEntry +// metadata: +// name: external-svc-https +// spec: +// hosts: +// - api.dropboxapi.com +// - www.googleapis.com +// - api.facebook.com +// location: MESH_EXTERNAL +// ports: +// - number: 443 +// name: https +// protocol: TLS +// resolution: DNS +// ``` +// +// The following configuration adds a set of MongoDB instances running on +// unmanaged VMs to Istio's registry, so that these services can be treated +// as any other service in the mesh. The associated DestinationRule is used +// to initiate mTLS connections to the database instances. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: ServiceEntry +// metadata: +// name: external-svc-mongocluster +// spec: +// hosts: +// - mymongodb.somedomain # not used +// addresses: +// - 192.192.192.192/24 # VIPs +// ports: +// - number: 27018 +// name: mongodb +// protocol: MONGO +// location: MESH_INTERNAL +// resolution: STATIC +// endpoints: +// - address: 2.2.2.2 +// - address: 3.3.3.3 +// ``` +// +// and the associated DestinationRule +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: DestinationRule +// metadata: +// name: mtls-mongocluster +// spec: +// host: mymongodb.somedomain +// trafficPolicy: +// tls: +// mode: MUTUAL +// clientCertificate: /etc/certs/myclientcert.pem +// privateKey: /etc/certs/client_private_key.pem +// caCertificates: /etc/certs/rootcacerts.pem +// ``` +// +// The following example uses a combination of service entry and TLS +// routing in a virtual service to steer traffic based on the SNI value to +// an internal egress firewall. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: ServiceEntry +// metadata: +// name: external-svc-redirect +// spec: +// hosts: +// - wikipedia.org +// - "*.wikipedia.org" +// location: MESH_EXTERNAL +// ports: +// - number: 443 +// name: https +// protocol: TLS +// resolution: NONE +// ``` +// +// And the associated VirtualService to route based on the SNI value. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: VirtualService +// metadata: +// name: tls-routing +// spec: +// hosts: +// - wikipedia.org +// - "*.wikipedia.org" +// tls: +// - match: +// - sniHosts: +// - wikipedia.org +// - "*.wikipedia.org" +// route: +// - destination: +// host: internal-egress-firewall.ns1.svc.cluster.local +// ``` +// +// The virtual service with TLS match serves to override the default SNI +// match. In the absence of a virtual service, traffic will be forwarded to +// the wikipedia domains. +// +// The following example demonstrates the use of a dedicated egress gateway +// through which all external service traffic is forwarded. +// The 'exportTo' field allows for control over the visibility of a service +// declaration to other namespaces in the mesh. By default, a service is exported +// to all namespaces. The following example restricts the visibility to the +// current namespace, represented by ".", so that it cannot be used by other +// namespaces. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: ServiceEntry +// metadata: +// name: external-svc-httpbin +// namespace : egress +// spec: +// hosts: +// - example.com +// exportTo: +// - "." +// location: MESH_EXTERNAL +// ports: +// - number: 80 +// name: http +// protocol: HTTP +// resolution: DNS +// ``` +// +// Define a gateway to handle all egress traffic. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: Gateway +// metadata: +// name: istio-egressgateway +// namespace: istio-system +// spec: +// selector: +// istio: egressgateway +// servers: +// - port: +// number: 80 +// name: http +// protocol: HTTP +// hosts: +// - "*" +// ``` +// +// And the associated `VirtualService` to route from the sidecar to the +// gateway service (`istio-egressgateway.istio-system.svc.cluster.local`), as +// well as route from the gateway to the external service. Note that the +// virtual service is exported to all namespaces enabling them to route traffic +// through the gateway to the external service. Forcing traffic to go through +// a managed middle proxy like this is a common practice. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: VirtualService +// metadata: +// name: gateway-routing +// namespace: egress +// spec: +// hosts: +// - example.com +// exportTo: +// - "*" +// gateways: +// - mesh +// - istio-egressgateway +// http: +// - match: +// - port: 80 +// gateways: +// - mesh +// route: +// - destination: +// host: istio-egressgateway.istio-system.svc.cluster.local +// - match: +// - port: 80 +// gateways: +// - istio-egressgateway +// route: +// - destination: +// host: example.com +// ``` +// +// The following example demonstrates the use of wildcards in the hosts for +// external services. If the connection has to be routed to the IP address +// requested by the application (i.e. application resolves DNS and attempts +// to connect to a specific IP), the resolution mode must be set to `NONE`. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: ServiceEntry +// metadata: +// name: external-svc-wildcard-example +// spec: +// hosts: +// - "*.bar.com" +// location: MESH_EXTERNAL +// ports: +// - number: 80 +// name: http +// protocol: HTTP +// resolution: NONE +// ``` +// +// The following example demonstrates a service that is available via a +// Unix Domain Socket on the host of the client. The resolution must be +// set to STATIC to use Unix address endpoints. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: ServiceEntry +// metadata: +// name: unix-domain-socket-example +// spec: +// hosts: +// - "example.unix.local" +// location: MESH_EXTERNAL +// ports: +// - number: 80 +// name: http +// protocol: HTTP +// resolution: STATIC +// endpoints: +// - address: unix:///var/run/example/socket +// ``` +// +// For HTTP-based services, it is possible to create a `VirtualService` +// backed by multiple DNS addressable endpoints. In such a scenario, the +// application can use the `HTTP_PROXY` environment variable to transparently +// reroute API calls for the `VirtualService` to a chosen backend. For +// example, the following configuration creates a non-existent external +// service called foo.bar.com backed by three domains: us.foo.bar.com:8080, +// uk.foo.bar.com:9080, and in.foo.bar.com:7080 +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: ServiceEntry +// metadata: +// name: external-svc-dns +// spec: +// hosts: +// - foo.bar.com +// location: MESH_EXTERNAL +// ports: +// - number: 80 +// name: http +// protocol: HTTP +// resolution: DNS +// endpoints: +// - address: us.foo.bar.com +// ports: +// http: 8080 +// - address: uk.foo.bar.com +// ports: +// http: 9080 +// - address: in.foo.bar.com +// ports: +// http: 7080 +// ``` +// +// With `HTTP_PROXY=http://localhost/`, calls from the application to +// `http://foo.bar.com` will be load balanced across the three domains +// specified above. In other words, a call to `http://foo.bar.com/baz` would +// be translated to `http://uk.foo.bar.com/baz`. +// +// The following example illustrates the usage of a `ServiceEntry` +// containing a subject alternate name +// whose format conforms to the [SPIFFE standard](https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md): +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: ServiceEntry +// metadata: +// name: httpbin +// namespace : httpbin-ns +// spec: +// hosts: +// - example.com +// location: MESH_INTERNAL +// ports: +// - number: 80 +// name: http +// protocol: HTTP +// resolution: STATIC +// endpoints: +// - address: 2.2.2.2 +// - address: 3.3.3.3 +// subjectAltNames: +// - "spiffe://cluster.local/ns/httpbin-ns/sa/httpbin-service-account" +// ``` +// +// The following example demonstrates the use of `ServiceEntry` with a +// `workloadSelector` to handle the migration of a service +// `details.bookinfo.com` from VMs to Kubernetes. The service has two +// VM-based instances with sidecars as well as a set of Kubernetes +// pods managed by a standard deployment object. Consumers of this +// service in the mesh will be automatically load balanced across the +// VMs and Kubernetes. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: WorkloadEntry +// metadata: +// name: details-vm-1 +// spec: +// serviceAccount: details +// address: 2.2.2.2 +// labels: +// app: details +// instance-id: vm1 +// --- +// apiVersion: networking.istio.io/v1 +// kind: WorkloadEntry +// metadata: +// name: details-vm-2 +// spec: +// serviceAccount: details +// address: 3.3.3.3 +// labels: +// app: details +// instance-id: vm2 +// ``` +// +// Assuming there is also a Kubernetes deployment with pod labels +// `app: details` using the same service account `details`, the +// following service entry declares a service spanning both VMs and +// Kubernetes: +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: ServiceEntry +// metadata: +// name: details-svc +// spec: +// hosts: +// - details.bookinfo.com +// location: MESH_INTERNAL +// ports: +// - number: 80 +// name: http +// protocol: HTTP +// resolution: STATIC +// workloadSelector: +// labels: +// app: details +// ``` + +package v1 + +import ( + _ "google.golang.org/genproto/googleapis/api/annotations" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// Location specifies whether the service is part of Istio mesh or +// outside the mesh. Location determines the behavior of several +// features, such as service-to-service mTLS authentication, policy +// enforcement, etc. When communicating with services outside the mesh, +// Istio's mTLS authentication is disabled, and policy enforcement is +// performed on the client-side as opposed to server-side. +type ServiceEntry_Location int32 + +const ( + // Signifies that the service is external to the mesh. Typically used + // to indicate external services consumed through APIs. + ServiceEntry_MESH_EXTERNAL ServiceEntry_Location = 0 + // Signifies that the service is part of the mesh. Typically used to + // indicate services added explicitly as part of expanding the service + // mesh to include unmanaged infrastructure (e.g., VMs added to a + // Kubernetes based service mesh). + ServiceEntry_MESH_INTERNAL ServiceEntry_Location = 1 +) + +// Enum value maps for ServiceEntry_Location. +var ( + ServiceEntry_Location_name = map[int32]string{ + 0: "MESH_EXTERNAL", + 1: "MESH_INTERNAL", + } + ServiceEntry_Location_value = map[string]int32{ + "MESH_EXTERNAL": 0, + "MESH_INTERNAL": 1, + } +) + +func (x ServiceEntry_Location) Enum() *ServiceEntry_Location { + p := new(ServiceEntry_Location) + *p = x + return p +} + +func (x ServiceEntry_Location) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (ServiceEntry_Location) Descriptor() protoreflect.EnumDescriptor { + return file_networking_v1_service_entry_proto_enumTypes[0].Descriptor() +} + +func (ServiceEntry_Location) Type() protoreflect.EnumType { + return &file_networking_v1_service_entry_proto_enumTypes[0] +} + +func (x ServiceEntry_Location) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use ServiceEntry_Location.Descriptor instead. +func (ServiceEntry_Location) EnumDescriptor() ([]byte, []int) { + return file_networking_v1_service_entry_proto_rawDescGZIP(), []int{0, 0} +} + +// Resolution determines how the proxy will resolve the IP addresses of +// the network endpoints associated with the service, so that it can +// route to one of them. The resolution mode specified here has no impact +// on how the application resolves the IP address associated with the +// service. The application may still have to use DNS to resolve the +// service to an IP so that the outbound traffic can be captured by the +// Proxy. Alternatively, for HTTP services, the application could +// directly communicate with the proxy (e.g., by setting HTTP_PROXY) to +// talk to these services. +type ServiceEntry_Resolution int32 + +const ( + // Assume that incoming connections have already been resolved (to a + // specific destination IP address). Such connections are typically + // routed via the proxy using mechanisms such as IP table REDIRECT/ + // eBPF. After performing any routing related transformations, the + // proxy will forward the connection to the IP address to which the + // connection was bound. + ServiceEntry_NONE ServiceEntry_Resolution = 0 + // Use the static IP addresses specified in endpoints (see below) as the + // backing instances associated with the service. + ServiceEntry_STATIC ServiceEntry_Resolution = 1 + // Attempt to resolve the IP address by querying the ambient DNS, + // asynchronously. If no endpoints are specified, the proxy + // will resolve the DNS address specified in the hosts field, if + // wildcards are not used. If endpoints are specified, the DNS + // addresses specified in the endpoints will be resolved to determine + // the destination IP address. DNS resolution cannot be used with Unix + // domain socket endpoints. + ServiceEntry_DNS ServiceEntry_Resolution = 2 + // Attempt to resolve the IP address by querying the ambient DNS, + // asynchronously. Unlike `DNS`, `DNS_ROUND_ROBIN` only uses the + // first IP address returned when a new connection needs to be initiated + // without relying on complete results of DNS resolution, and connections + // made to hosts will be retained even if DNS records change frequently + // eliminating draining connection pools and connection cycling. + // This is best suited for large web scale services that + // must be accessed via DNS. The proxy will resolve the DNS address + // specified in the hosts field, if wildcards are not used. DNS resolution + // cannot be used with Unix domain socket endpoints. + ServiceEntry_DNS_ROUND_ROBIN ServiceEntry_Resolution = 3 +) + +// Enum value maps for ServiceEntry_Resolution. +var ( + ServiceEntry_Resolution_name = map[int32]string{ + 0: "NONE", + 1: "STATIC", + 2: "DNS", + 3: "DNS_ROUND_ROBIN", + } + ServiceEntry_Resolution_value = map[string]int32{ + "NONE": 0, + "STATIC": 1, + "DNS": 2, + "DNS_ROUND_ROBIN": 3, + } +) + +func (x ServiceEntry_Resolution) Enum() *ServiceEntry_Resolution { + p := new(ServiceEntry_Resolution) + *p = x + return p +} + +func (x ServiceEntry_Resolution) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (ServiceEntry_Resolution) Descriptor() protoreflect.EnumDescriptor { + return file_networking_v1_service_entry_proto_enumTypes[1].Descriptor() +} + +func (ServiceEntry_Resolution) Type() protoreflect.EnumType { + return &file_networking_v1_service_entry_proto_enumTypes[1] +} + +func (x ServiceEntry_Resolution) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use ServiceEntry_Resolution.Descriptor instead. +func (ServiceEntry_Resolution) EnumDescriptor() ([]byte, []int) { + return file_networking_v1_service_entry_proto_rawDescGZIP(), []int{0, 1} +} + +// ServiceEntry enables adding additional entries into Istio's internal +// service registry. +// +// +// +// +// +type ServiceEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The hosts associated with the ServiceEntry. Could be a DNS + // name with wildcard prefix. + // + // 1. The hosts field is used to select matching hosts in VirtualServices and DestinationRules. + // 2. For HTTP traffic the HTTP Host/Authority header will be matched against the hosts field. + // 3. For HTTPs or TLS traffic containing Server Name Indication (SNI), the SNI value + // will be matched against the hosts field. + // + // **NOTE 1:** When resolution is set to type DNS and no endpoints + // are specified, the host field will be used as the DNS name of the + // endpoint to route traffic to. + // + // **NOTE 2:** If the hostname matches with the name of a service + // from another service registry such as Kubernetes that also + // supplies its own set of endpoints, the ServiceEntry will be + // treated as a decorator of the existing Kubernetes + // service. Properties in the service entry will be added to the + // Kubernetes service if applicable. Currently, only the following + // additional properties will be considered by `istiod`: + // + // 1. subjectAltNames: In addition to verifying the SANs of the + // service accounts associated with the pods of the service, the + // SANs specified here will also be verified. + Hosts []string `protobuf:"bytes,1,rep,name=hosts,proto3" json:"hosts,omitempty"` + // The virtual IP addresses associated with the service. Could be CIDR + // prefix. For HTTP traffic, generated route configurations will include http route + // domains for both the `addresses` and `hosts` field values and the destination will + // be identified based on the HTTP Host/Authority header. + // If one or more IP addresses are specified, + // the incoming traffic will be identified as belonging to this service + // if the destination IP matches the IP/CIDRs specified in the addresses + // field. If the Addresses field is empty, traffic will be identified + // solely based on the destination port. In such scenarios, the port on + // which the service is being accessed must not be shared by any other + // service in the mesh. In other words, the sidecar will behave as a + // simple TCP proxy, forwarding incoming traffic on a specified port to + // the specified destination endpoint IP/host. Unix domain socket + // addresses are not supported in this field. + Addresses []string `protobuf:"bytes,2,rep,name=addresses,proto3" json:"addresses,omitempty"` + // The ports associated with the external service. If the + // Endpoints are Unix domain socket addresses, there must be exactly one + // port. + Ports []*ServicePort `protobuf:"bytes,3,rep,name=ports,proto3" json:"ports,omitempty"` + // Specify whether the service should be considered external to the mesh + // or part of the mesh. + Location ServiceEntry_Location `protobuf:"varint,4,opt,name=location,proto3,enum=istio.networking.v1.ServiceEntry_Location" json:"location,omitempty"` + // Service resolution mode for the hosts. Care must be taken + // when setting the resolution mode to NONE for a TCP port without + // accompanying IP addresses. In such cases, traffic to any IP on + // said port will be allowed (i.e. `0.0.0.0:`). + Resolution ServiceEntry_Resolution `protobuf:"varint,5,opt,name=resolution,proto3,enum=istio.networking.v1.ServiceEntry_Resolution" json:"resolution,omitempty"` + // One or more endpoints associated with the service. Only one of + // `endpoints` or `workloadSelector` can be specified. + Endpoints []*WorkloadEntry `protobuf:"bytes,6,rep,name=endpoints,proto3" json:"endpoints,omitempty"` + // Applicable only for MESH_INTERNAL services. Only one of + // `endpoints` or `workloadSelector` can be specified. Selects one + // or more Kubernetes pods or VM workloads (specified using + // `WorkloadEntry`) based on their labels. The `WorkloadEntry` object + // representing the VMs should be defined in the same namespace as + // the ServiceEntry. + WorkloadSelector *WorkloadSelector `protobuf:"bytes,9,opt,name=workload_selector,json=workloadSelector,proto3" json:"workload_selector,omitempty"` + // A list of namespaces to which this service is exported. Exporting a service + // allows it to be used by sidecars, gateways and virtual services defined in + // other namespaces. This feature provides a mechanism for service owners + // and mesh administrators to control the visibility of services across + // namespace boundaries. + // + // If no namespaces are specified then the service is exported to all + // namespaces by default. + // + // The value "." is reserved and defines an export to the same namespace that + // the service is declared in. Similarly the value "*" is reserved and + // defines an export to all namespaces. + // + // For a Kubernetes Service, the equivalent effect can be achieved by setting + // the annotation "networking.istio.io/exportTo" to a comma-separated list + // of namespace names. + ExportTo []string `protobuf:"bytes,7,rep,name=export_to,json=exportTo,proto3" json:"export_to,omitempty"` + // If specified, the proxy will verify that the server certificate's + // subject alternate name matches one of the specified values. + // + // NOTE: When using the workloadEntry with workloadSelectors, the + // service account specified in the workloadEntry will also be used + // to derive the additional subject alternate names that should be + // verified. + SubjectAltNames []string `protobuf:"bytes,8,rep,name=subject_alt_names,json=subjectAltNames,proto3" json:"subject_alt_names,omitempty"` +} + +func (x *ServiceEntry) Reset() { + *x = ServiceEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_service_entry_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ServiceEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ServiceEntry) ProtoMessage() {} + +func (x *ServiceEntry) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_service_entry_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ServiceEntry.ProtoReflect.Descriptor instead. +func (*ServiceEntry) Descriptor() ([]byte, []int) { + return file_networking_v1_service_entry_proto_rawDescGZIP(), []int{0} +} + +func (x *ServiceEntry) GetHosts() []string { + if x != nil { + return x.Hosts + } + return nil +} + +func (x *ServiceEntry) GetAddresses() []string { + if x != nil { + return x.Addresses + } + return nil +} + +func (x *ServiceEntry) GetPorts() []*ServicePort { + if x != nil { + return x.Ports + } + return nil +} + +func (x *ServiceEntry) GetLocation() ServiceEntry_Location { + if x != nil { + return x.Location + } + return ServiceEntry_MESH_EXTERNAL +} + +func (x *ServiceEntry) GetResolution() ServiceEntry_Resolution { + if x != nil { + return x.Resolution + } + return ServiceEntry_NONE +} + +func (x *ServiceEntry) GetEndpoints() []*WorkloadEntry { + if x != nil { + return x.Endpoints + } + return nil +} + +func (x *ServiceEntry) GetWorkloadSelector() *WorkloadSelector { + if x != nil { + return x.WorkloadSelector + } + return nil +} + +func (x *ServiceEntry) GetExportTo() []string { + if x != nil { + return x.ExportTo + } + return nil +} + +func (x *ServiceEntry) GetSubjectAltNames() []string { + if x != nil { + return x.SubjectAltNames + } + return nil +} + +// ServicePort describes the properties of a specific port of a service. +type ServicePort struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // A valid non-negative integer port number. + Number uint32 `protobuf:"varint,1,opt,name=number,proto3" json:"number,omitempty"` + // The protocol exposed on the port. + // MUST BE one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TLS. + // TLS implies the connection will be routed based on the SNI header to + // the destination without terminating the TLS connection. + Protocol string `protobuf:"bytes,2,opt,name=protocol,proto3" json:"protocol,omitempty"` + // Label assigned to the port. + Name string `protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"` + // The port number on the endpoint where the traffic will be + // received. If unset, default to `number`. + TargetPort uint32 `protobuf:"varint,4,opt,name=target_port,json=targetPort,proto3" json:"target_port,omitempty"` +} + +func (x *ServicePort) Reset() { + *x = ServicePort{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_service_entry_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ServicePort) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ServicePort) ProtoMessage() {} + +func (x *ServicePort) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_service_entry_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ServicePort.ProtoReflect.Descriptor instead. +func (*ServicePort) Descriptor() ([]byte, []int) { + return file_networking_v1_service_entry_proto_rawDescGZIP(), []int{1} +} + +func (x *ServicePort) GetNumber() uint32 { + if x != nil { + return x.Number + } + return 0 +} + +func (x *ServicePort) GetProtocol() string { + if x != nil { + return x.Protocol + } + return "" +} + +func (x *ServicePort) GetName() string { + if x != nil { + return x.Name + } + return "" +} + +func (x *ServicePort) GetTargetPort() uint32 { + if x != nil { + return x.TargetPort + } + return 0 +} + +var File_networking_v1_service_entry_proto protoreflect.FileDescriptor + +var file_networking_v1_service_entry_proto_rawDesc = []byte{ + 0x0a, 0x21, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x2f, + 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x12, 0x13, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, + 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, + 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x6e, 0x65, 0x74, 0x77, 0x6f, + 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x2f, 0x73, 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x22, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, + 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x2f, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x65, + 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xe8, 0x04, 0x0a, 0x0c, 0x53, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x19, 0x0a, 0x05, 0x68, + 0x6f, 0x73, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, + 0x05, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, + 0x73, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x09, 0x61, 0x64, 0x64, 0x72, 0x65, + 0x73, 0x73, 0x65, 0x73, 0x12, 0x36, 0x0a, 0x05, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, 0x03, 0x20, + 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, + 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x50, 0x6f, 0x72, 0x74, 0x52, 0x05, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x12, 0x46, 0x0a, 0x08, + 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2a, + 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, + 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x45, 0x6e, 0x74, 0x72, + 0x79, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x6c, 0x6f, 0x63, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x4c, 0x0a, 0x0a, 0x72, 0x65, 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x69, + 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, + 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x53, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x73, 0x6f, + 0x6c, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x72, 0x65, 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x69, + 0x6f, 0x6e, 0x12, 0x40, 0x0a, 0x09, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x18, + 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, + 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, + 0x6c, 0x6f, 0x61, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x09, 0x65, 0x6e, 0x64, 0x70, 0x6f, + 0x69, 0x6e, 0x74, 0x73, 0x12, 0x52, 0x0a, 0x11, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, + 0x5f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x25, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, + 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, + 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x52, 0x10, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, + 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x1b, 0x0a, 0x09, 0x65, 0x78, 0x70, 0x6f, + 0x72, 0x74, 0x5f, 0x74, 0x6f, 0x18, 0x07, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x65, 0x78, 0x70, + 0x6f, 0x72, 0x74, 0x54, 0x6f, 0x12, 0x2a, 0x0a, 0x11, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, + 0x5f, 0x61, 0x6c, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x09, + 0x52, 0x0f, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x41, 0x6c, 0x74, 0x4e, 0x61, 0x6d, 0x65, + 0x73, 0x22, 0x30, 0x0a, 0x08, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x11, 0x0a, + 0x0d, 0x4d, 0x45, 0x53, 0x48, 0x5f, 0x45, 0x58, 0x54, 0x45, 0x52, 0x4e, 0x41, 0x4c, 0x10, 0x00, + 0x12, 0x11, 0x0a, 0x0d, 0x4d, 0x45, 0x53, 0x48, 0x5f, 0x49, 0x4e, 0x54, 0x45, 0x52, 0x4e, 0x41, + 0x4c, 0x10, 0x01, 0x22, 0x40, 0x0a, 0x0a, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x69, 0x6f, + 0x6e, 0x12, 0x08, 0x0a, 0x04, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x53, + 0x54, 0x41, 0x54, 0x49, 0x43, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x44, 0x4e, 0x53, 0x10, 0x02, + 0x12, 0x13, 0x0a, 0x0f, 0x44, 0x4e, 0x53, 0x5f, 0x52, 0x4f, 0x55, 0x4e, 0x44, 0x5f, 0x52, 0x4f, + 0x42, 0x49, 0x4e, 0x10, 0x03, 0x22, 0x80, 0x01, 0x0a, 0x0b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x1b, 0x0a, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x06, 0x6e, 0x75, 0x6d, 0x62, + 0x65, 0x72, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x17, + 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, + 0x02, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x74, 0x61, 0x72, 0x67, 0x65, + 0x74, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x74, 0x61, + 0x72, 0x67, 0x65, 0x74, 0x50, 0x6f, 0x72, 0x74, 0x42, 0x1c, 0x5a, 0x1a, 0x69, 0x73, 0x74, 0x69, + 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, + 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_networking_v1_service_entry_proto_rawDescOnce sync.Once + file_networking_v1_service_entry_proto_rawDescData = file_networking_v1_service_entry_proto_rawDesc +) + +func file_networking_v1_service_entry_proto_rawDescGZIP() []byte { + file_networking_v1_service_entry_proto_rawDescOnce.Do(func() { + file_networking_v1_service_entry_proto_rawDescData = protoimpl.X.CompressGZIP(file_networking_v1_service_entry_proto_rawDescData) + }) + return file_networking_v1_service_entry_proto_rawDescData +} + +var file_networking_v1_service_entry_proto_enumTypes = make([]protoimpl.EnumInfo, 2) +var file_networking_v1_service_entry_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_networking_v1_service_entry_proto_goTypes = []interface{}{ + (ServiceEntry_Location)(0), // 0: istio.networking.v1.ServiceEntry.Location + (ServiceEntry_Resolution)(0), // 1: istio.networking.v1.ServiceEntry.Resolution + (*ServiceEntry)(nil), // 2: istio.networking.v1.ServiceEntry + (*ServicePort)(nil), // 3: istio.networking.v1.ServicePort + (*WorkloadEntry)(nil), // 4: istio.networking.v1.WorkloadEntry + (*WorkloadSelector)(nil), // 5: istio.networking.v1.WorkloadSelector +} +var file_networking_v1_service_entry_proto_depIdxs = []int32{ + 3, // 0: istio.networking.v1.ServiceEntry.ports:type_name -> istio.networking.v1.ServicePort + 0, // 1: istio.networking.v1.ServiceEntry.location:type_name -> istio.networking.v1.ServiceEntry.Location + 1, // 2: istio.networking.v1.ServiceEntry.resolution:type_name -> istio.networking.v1.ServiceEntry.Resolution + 4, // 3: istio.networking.v1.ServiceEntry.endpoints:type_name -> istio.networking.v1.WorkloadEntry + 5, // 4: istio.networking.v1.ServiceEntry.workload_selector:type_name -> istio.networking.v1.WorkloadSelector + 5, // [5:5] is the sub-list for method output_type + 5, // [5:5] is the sub-list for method input_type + 5, // [5:5] is the sub-list for extension type_name + 5, // [5:5] is the sub-list for extension extendee + 0, // [0:5] is the sub-list for field type_name +} + +func init() { file_networking_v1_service_entry_proto_init() } +func file_networking_v1_service_entry_proto_init() { + if File_networking_v1_service_entry_proto != nil { + return + } + file_networking_v1_sidecar_proto_init() + file_networking_v1_workload_entry_proto_init() + if !protoimpl.UnsafeEnabled { + file_networking_v1_service_entry_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ServiceEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_service_entry_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ServicePort); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_networking_v1_service_entry_proto_rawDesc, + NumEnums: 2, + NumMessages: 2, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_networking_v1_service_entry_proto_goTypes, + DependencyIndexes: file_networking_v1_service_entry_proto_depIdxs, + EnumInfos: file_networking_v1_service_entry_proto_enumTypes, + MessageInfos: file_networking_v1_service_entry_proto_msgTypes, + }.Build() + File_networking_v1_service_entry_proto = out.File + file_networking_v1_service_entry_proto_rawDesc = nil + file_networking_v1_service_entry_proto_goTypes = nil + file_networking_v1_service_entry_proto_depIdxs = nil +} diff --git a/networking/v1/service_entry.proto b/networking/v1/service_entry.proto new file mode 100644 index 00000000..34e2944a --- /dev/null +++ b/networking/v1/service_entry.proto @@ -0,0 +1,616 @@ +// Copyright 2020 Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +import "google/api/field_behavior.proto"; +import "networking/v1/sidecar.proto"; +import "networking/v1/workload_entry.proto"; + +// $schema: istio.networking.v1.ServiceEntry +// $title: Service Entry +// $description: Configuration affecting service registry. +// $location: https://istio.io/docs/reference/config/networking/service-entry.html +// $aliases: [/docs/reference/config/networking/v1/service-entry] +// $mode: none + +// `ServiceEntry` enables adding additional entries into Istio's +// internal service registry, so that auto-discovered services in the +// mesh can access/route to these manually specified services. A +// service entry describes the properties of a service (DNS name, +// VIPs, ports, protocols, endpoints). These services could be +// external to the mesh (e.g., web APIs) or mesh-internal services +// that are not part of the platform's service registry (e.g., a set +// of VMs talking to services in Kubernetes). In addition, the +// endpoints of a service entry can also be dynamically selected by +// using the `workloadSelector` field. These endpoints can be VM +// workloads declared using the `WorkloadEntry` object or Kubernetes +// pods. The ability to select both pods and VMs under a single +// service allows for migration of services from VMs to Kubernetes +// without having to change the existing DNS names associated with the +// services. +// +// The following example declares a few external APIs accessed by internal +// applications over HTTPS. The sidecar inspects the SNI value in the +// ClientHello message to route to the appropriate external service. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: ServiceEntry +// metadata: +// name: external-svc-https +// spec: +// hosts: +// - api.dropboxapi.com +// - www.googleapis.com +// - api.facebook.com +// location: MESH_EXTERNAL +// ports: +// - number: 443 +// name: https +// protocol: TLS +// resolution: DNS +// ``` +// +// The following configuration adds a set of MongoDB instances running on +// unmanaged VMs to Istio's registry, so that these services can be treated +// as any other service in the mesh. The associated DestinationRule is used +// to initiate mTLS connections to the database instances. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: ServiceEntry +// metadata: +// name: external-svc-mongocluster +// spec: +// hosts: +// - mymongodb.somedomain # not used +// addresses: +// - 192.192.192.192/24 # VIPs +// ports: +// - number: 27018 +// name: mongodb +// protocol: MONGO +// location: MESH_INTERNAL +// resolution: STATIC +// endpoints: +// - address: 2.2.2.2 +// - address: 3.3.3.3 +// ``` +// +// and the associated DestinationRule +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: DestinationRule +// metadata: +// name: mtls-mongocluster +// spec: +// host: mymongodb.somedomain +// trafficPolicy: +// tls: +// mode: MUTUAL +// clientCertificate: /etc/certs/myclientcert.pem +// privateKey: /etc/certs/client_private_key.pem +// caCertificates: /etc/certs/rootcacerts.pem +// ``` +// +// The following example uses a combination of service entry and TLS +// routing in a virtual service to steer traffic based on the SNI value to +// an internal egress firewall. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: ServiceEntry +// metadata: +// name: external-svc-redirect +// spec: +// hosts: +// - wikipedia.org +// - "*.wikipedia.org" +// location: MESH_EXTERNAL +// ports: +// - number: 443 +// name: https +// protocol: TLS +// resolution: NONE +// ``` +// +// And the associated VirtualService to route based on the SNI value. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: VirtualService +// metadata: +// name: tls-routing +// spec: +// hosts: +// - wikipedia.org +// - "*.wikipedia.org" +// tls: +// - match: +// - sniHosts: +// - wikipedia.org +// - "*.wikipedia.org" +// route: +// - destination: +// host: internal-egress-firewall.ns1.svc.cluster.local +// ``` +// +// The virtual service with TLS match serves to override the default SNI +// match. In the absence of a virtual service, traffic will be forwarded to +// the wikipedia domains. +// +// The following example demonstrates the use of a dedicated egress gateway +// through which all external service traffic is forwarded. +// The 'exportTo' field allows for control over the visibility of a service +// declaration to other namespaces in the mesh. By default, a service is exported +// to all namespaces. The following example restricts the visibility to the +// current namespace, represented by ".", so that it cannot be used by other +// namespaces. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: ServiceEntry +// metadata: +// name: external-svc-httpbin +// namespace : egress +// spec: +// hosts: +// - example.com +// exportTo: +// - "." +// location: MESH_EXTERNAL +// ports: +// - number: 80 +// name: http +// protocol: HTTP +// resolution: DNS +// ``` +// +// Define a gateway to handle all egress traffic. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: Gateway +// metadata: +// name: istio-egressgateway +// namespace: istio-system +// spec: +// selector: +// istio: egressgateway +// servers: +// - port: +// number: 80 +// name: http +// protocol: HTTP +// hosts: +// - "*" +// ``` +// +// And the associated `VirtualService` to route from the sidecar to the +// gateway service (`istio-egressgateway.istio-system.svc.cluster.local`), as +// well as route from the gateway to the external service. Note that the +// virtual service is exported to all namespaces enabling them to route traffic +// through the gateway to the external service. Forcing traffic to go through +// a managed middle proxy like this is a common practice. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: VirtualService +// metadata: +// name: gateway-routing +// namespace: egress +// spec: +// hosts: +// - example.com +// exportTo: +// - "*" +// gateways: +// - mesh +// - istio-egressgateway +// http: +// - match: +// - port: 80 +// gateways: +// - mesh +// route: +// - destination: +// host: istio-egressgateway.istio-system.svc.cluster.local +// - match: +// - port: 80 +// gateways: +// - istio-egressgateway +// route: +// - destination: +// host: example.com +// ``` +// +// The following example demonstrates the use of wildcards in the hosts for +// external services. If the connection has to be routed to the IP address +// requested by the application (i.e. application resolves DNS and attempts +// to connect to a specific IP), the resolution mode must be set to `NONE`. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: ServiceEntry +// metadata: +// name: external-svc-wildcard-example +// spec: +// hosts: +// - "*.bar.com" +// location: MESH_EXTERNAL +// ports: +// - number: 80 +// name: http +// protocol: HTTP +// resolution: NONE +// ``` +// +// The following example demonstrates a service that is available via a +// Unix Domain Socket on the host of the client. The resolution must be +// set to STATIC to use Unix address endpoints. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: ServiceEntry +// metadata: +// name: unix-domain-socket-example +// spec: +// hosts: +// - "example.unix.local" +// location: MESH_EXTERNAL +// ports: +// - number: 80 +// name: http +// protocol: HTTP +// resolution: STATIC +// endpoints: +// - address: unix:///var/run/example/socket +// ``` +// +// For HTTP-based services, it is possible to create a `VirtualService` +// backed by multiple DNS addressable endpoints. In such a scenario, the +// application can use the `HTTP_PROXY` environment variable to transparently +// reroute API calls for the `VirtualService` to a chosen backend. For +// example, the following configuration creates a non-existent external +// service called foo.bar.com backed by three domains: us.foo.bar.com:8080, +// uk.foo.bar.com:9080, and in.foo.bar.com:7080 +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: ServiceEntry +// metadata: +// name: external-svc-dns +// spec: +// hosts: +// - foo.bar.com +// location: MESH_EXTERNAL +// ports: +// - number: 80 +// name: http +// protocol: HTTP +// resolution: DNS +// endpoints: +// - address: us.foo.bar.com +// ports: +// http: 8080 +// - address: uk.foo.bar.com +// ports: +// http: 9080 +// - address: in.foo.bar.com +// ports: +// http: 7080 +// ``` +// +// With `HTTP_PROXY=http://localhost/`, calls from the application to +// `http://foo.bar.com` will be load balanced across the three domains +// specified above. In other words, a call to `http://foo.bar.com/baz` would +// be translated to `http://uk.foo.bar.com/baz`. +// +// The following example illustrates the usage of a `ServiceEntry` +// containing a subject alternate name +// whose format conforms to the [SPIFFE standard](https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md): +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: ServiceEntry +// metadata: +// name: httpbin +// namespace : httpbin-ns +// spec: +// hosts: +// - example.com +// location: MESH_INTERNAL +// ports: +// - number: 80 +// name: http +// protocol: HTTP +// resolution: STATIC +// endpoints: +// - address: 2.2.2.2 +// - address: 3.3.3.3 +// subjectAltNames: +// - "spiffe://cluster.local/ns/httpbin-ns/sa/httpbin-service-account" +// ``` +// +// The following example demonstrates the use of `ServiceEntry` with a +// `workloadSelector` to handle the migration of a service +// `details.bookinfo.com` from VMs to Kubernetes. The service has two +// VM-based instances with sidecars as well as a set of Kubernetes +// pods managed by a standard deployment object. Consumers of this +// service in the mesh will be automatically load balanced across the +// VMs and Kubernetes. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: WorkloadEntry +// metadata: +// name: details-vm-1 +// spec: +// serviceAccount: details +// address: 2.2.2.2 +// labels: +// app: details +// instance-id: vm1 +// --- +// apiVersion: networking.istio.io/v1 +// kind: WorkloadEntry +// metadata: +// name: details-vm-2 +// spec: +// serviceAccount: details +// address: 3.3.3.3 +// labels: +// app: details +// instance-id: vm2 +// ``` +// +// Assuming there is also a Kubernetes deployment with pod labels +// `app: details` using the same service account `details`, the +// following service entry declares a service spanning both VMs and +// Kubernetes: +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: ServiceEntry +// metadata: +// name: details-svc +// spec: +// hosts: +// - details.bookinfo.com +// location: MESH_INTERNAL +// ports: +// - number: 80 +// name: http +// protocol: HTTP +// resolution: STATIC +// workloadSelector: +// labels: +// app: details +// ``` +package istio.networking.v1; + +option go_package = "istio.io/api/networking/v1"; + +// ServiceEntry enables adding additional entries into Istio's internal +// service registry. +// +// +// +// +// +message ServiceEntry { + // The hosts associated with the ServiceEntry. Could be a DNS + // name with wildcard prefix. + // + // 1. The hosts field is used to select matching hosts in VirtualServices and DestinationRules. + // 2. For HTTP traffic the HTTP Host/Authority header will be matched against the hosts field. + // 3. For HTTPs or TLS traffic containing Server Name Indication (SNI), the SNI value + // will be matched against the hosts field. + // + // **NOTE 1:** When resolution is set to type DNS and no endpoints + // are specified, the host field will be used as the DNS name of the + // endpoint to route traffic to. + // + // **NOTE 2:** If the hostname matches with the name of a service + // from another service registry such as Kubernetes that also + // supplies its own set of endpoints, the ServiceEntry will be + // treated as a decorator of the existing Kubernetes + // service. Properties in the service entry will be added to the + // Kubernetes service if applicable. Currently, only the following + // additional properties will be considered by `istiod`: + // + // 1. subjectAltNames: In addition to verifying the SANs of the + // service accounts associated with the pods of the service, the + // SANs specified here will also be verified. + // + repeated string hosts = 1 [(google.api.field_behavior) = REQUIRED]; + + // The virtual IP addresses associated with the service. Could be CIDR + // prefix. For HTTP traffic, generated route configurations will include http route + // domains for both the `addresses` and `hosts` field values and the destination will + // be identified based on the HTTP Host/Authority header. + // If one or more IP addresses are specified, + // the incoming traffic will be identified as belonging to this service + // if the destination IP matches the IP/CIDRs specified in the addresses + // field. If the Addresses field is empty, traffic will be identified + // solely based on the destination port. In such scenarios, the port on + // which the service is being accessed must not be shared by any other + // service in the mesh. In other words, the sidecar will behave as a + // simple TCP proxy, forwarding incoming traffic on a specified port to + // the specified destination endpoint IP/host. Unix domain socket + // addresses are not supported in this field. + repeated string addresses = 2; + + // The ports associated with the external service. If the + // Endpoints are Unix domain socket addresses, there must be exactly one + // port. + repeated ServicePort ports = 3; + + // Location specifies whether the service is part of Istio mesh or + // outside the mesh. Location determines the behavior of several + // features, such as service-to-service mTLS authentication, policy + // enforcement, etc. When communicating with services outside the mesh, + // Istio's mTLS authentication is disabled, and policy enforcement is + // performed on the client-side as opposed to server-side. + enum Location { + // Signifies that the service is external to the mesh. Typically used + // to indicate external services consumed through APIs. + MESH_EXTERNAL = 0; + + // Signifies that the service is part of the mesh. Typically used to + // indicate services added explicitly as part of expanding the service + // mesh to include unmanaged infrastructure (e.g., VMs added to a + // Kubernetes based service mesh). + MESH_INTERNAL = 1; + }; + + // Specify whether the service should be considered external to the mesh + // or part of the mesh. + Location location = 4; + + // Resolution determines how the proxy will resolve the IP addresses of + // the network endpoints associated with the service, so that it can + // route to one of them. The resolution mode specified here has no impact + // on how the application resolves the IP address associated with the + // service. The application may still have to use DNS to resolve the + // service to an IP so that the outbound traffic can be captured by the + // Proxy. Alternatively, for HTTP services, the application could + // directly communicate with the proxy (e.g., by setting HTTP_PROXY) to + // talk to these services. + enum Resolution { + // Assume that incoming connections have already been resolved (to a + // specific destination IP address). Such connections are typically + // routed via the proxy using mechanisms such as IP table REDIRECT/ + // eBPF. After performing any routing related transformations, the + // proxy will forward the connection to the IP address to which the + // connection was bound. + NONE = 0; + + // Use the static IP addresses specified in endpoints (see below) as the + // backing instances associated with the service. + STATIC = 1; + + // Attempt to resolve the IP address by querying the ambient DNS, + // asynchronously. If no endpoints are specified, the proxy + // will resolve the DNS address specified in the hosts field, if + // wildcards are not used. If endpoints are specified, the DNS + // addresses specified in the endpoints will be resolved to determine + // the destination IP address. DNS resolution cannot be used with Unix + // domain socket endpoints. + DNS = 2; + + // Attempt to resolve the IP address by querying the ambient DNS, + // asynchronously. Unlike `DNS`, `DNS_ROUND_ROBIN` only uses the + // first IP address returned when a new connection needs to be initiated + // without relying on complete results of DNS resolution, and connections + // made to hosts will be retained even if DNS records change frequently + // eliminating draining connection pools and connection cycling. + // This is best suited for large web scale services that + // must be accessed via DNS. The proxy will resolve the DNS address + // specified in the hosts field, if wildcards are not used. DNS resolution + // cannot be used with Unix domain socket endpoints. + DNS_ROUND_ROBIN = 3; + }; + + // Service resolution mode for the hosts. Care must be taken + // when setting the resolution mode to NONE for a TCP port without + // accompanying IP addresses. In such cases, traffic to any IP on + // said port will be allowed (i.e. `0.0.0.0:`). + Resolution resolution = 5; + + // One or more endpoints associated with the service. Only one of + // `endpoints` or `workloadSelector` can be specified. + repeated WorkloadEntry endpoints = 6; + + // Applicable only for MESH_INTERNAL services. Only one of + // `endpoints` or `workloadSelector` can be specified. Selects one + // or more Kubernetes pods or VM workloads (specified using + // `WorkloadEntry`) based on their labels. The `WorkloadEntry` object + // representing the VMs should be defined in the same namespace as + // the ServiceEntry. + WorkloadSelector workload_selector = 9; + + // A list of namespaces to which this service is exported. Exporting a service + // allows it to be used by sidecars, gateways and virtual services defined in + // other namespaces. This feature provides a mechanism for service owners + // and mesh administrators to control the visibility of services across + // namespace boundaries. + // + // If no namespaces are specified then the service is exported to all + // namespaces by default. + // + // The value "." is reserved and defines an export to the same namespace that + // the service is declared in. Similarly the value "*" is reserved and + // defines an export to all namespaces. + // + // For a Kubernetes Service, the equivalent effect can be achieved by setting + // the annotation "networking.istio.io/exportTo" to a comma-separated list + // of namespace names. + repeated string export_to = 7; + + // If specified, the proxy will verify that the server certificate's + // subject alternate name matches one of the specified values. + // + // NOTE: When using the workloadEntry with workloadSelectors, the + // service account specified in the workloadEntry will also be used + // to derive the additional subject alternate names that should be + // verified. + repeated string subject_alt_names = 8; +} + +// ServicePort describes the properties of a specific port of a service. +message ServicePort { + // A valid non-negative integer port number. + uint32 number = 1 [(google.api.field_behavior) = REQUIRED]; + + // The protocol exposed on the port. + // MUST BE one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TLS. + // TLS implies the connection will be routed based on the SNI header to + // the destination without terminating the TLS connection. + string protocol = 2; + + // Label assigned to the port. + string name = 3 [(google.api.field_behavior) = REQUIRED]; + + // The port number on the endpoint where the traffic will be + // received. If unset, default to `number`. + uint32 target_port = 4; +} diff --git a/networking/v1/service_entry_deepcopy.gen.go b/networking/v1/service_entry_deepcopy.gen.go new file mode 100644 index 00000000..a0819057 --- /dev/null +++ b/networking/v1/service_entry_deepcopy.gen.go @@ -0,0 +1,48 @@ +// Code generated by protoc-gen-deepcopy. DO NOT EDIT. +package v1 + +import ( + proto "google.golang.org/protobuf/proto" +) + +// DeepCopyInto supports using ServiceEntry within kubernetes types, where deepcopy-gen is used. +func (in *ServiceEntry) DeepCopyInto(out *ServiceEntry) { + p := proto.Clone(in).(*ServiceEntry) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceEntry. Required by controller-gen. +func (in *ServiceEntry) DeepCopy() *ServiceEntry { + if in == nil { + return nil + } + out := new(ServiceEntry) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ServiceEntry. Required by controller-gen. +func (in *ServiceEntry) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using ServicePort within kubernetes types, where deepcopy-gen is used. +func (in *ServicePort) DeepCopyInto(out *ServicePort) { + p := proto.Clone(in).(*ServicePort) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServicePort. Required by controller-gen. +func (in *ServicePort) DeepCopy() *ServicePort { + if in == nil { + return nil + } + out := new(ServicePort) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ServicePort. Required by controller-gen. +func (in *ServicePort) DeepCopyInterface() interface{} { + return in.DeepCopy() +} diff --git a/networking/v1/service_entry_json.gen.go b/networking/v1/service_entry_json.gen.go new file mode 100644 index 00000000..08f52c5b --- /dev/null +++ b/networking/v1/service_entry_json.gen.go @@ -0,0 +1,34 @@ +// Code generated by protoc-gen-jsonshim. DO NOT EDIT. +package v1 + +import ( + bytes "bytes" + jsonpb "github.com/golang/protobuf/jsonpb" +) + +// MarshalJSON is a custom marshaler for ServiceEntry +func (this *ServiceEntry) MarshalJSON() ([]byte, error) { + str, err := ServiceEntryMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for ServiceEntry +func (this *ServiceEntry) UnmarshalJSON(b []byte) error { + return ServiceEntryUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for ServicePort +func (this *ServicePort) MarshalJSON() ([]byte, error) { + str, err := ServiceEntryMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for ServicePort +func (this *ServicePort) UnmarshalJSON(b []byte) error { + return ServiceEntryUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +var ( + ServiceEntryMarshaler = &jsonpb.Marshaler{} + ServiceEntryUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} +) diff --git a/networking/v1/sidecar.pb.go b/networking/v1/sidecar.pb.go new file mode 100644 index 00000000..e7d34079 --- /dev/null +++ b/networking/v1/sidecar.pb.go @@ -0,0 +1,1283 @@ +// Copyright 2020 Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.33.0 +// protoc (unknown) +// source: networking/v1/sidecar.proto + +// $schema: istio.networking.v1.Sidecar +// $title: Sidecar +// $description: Configuration affecting network reachability of a sidecar. +// $location: https://istio.io/docs/reference/config/networking/sidecar.html +// $aliases: [/docs/reference/config/networking/v1/sidecar] +// $mode: none + +// `Sidecar` describes the configuration of the sidecar proxy that mediates +// inbound and outbound communication to the workload instance it is attached to. By +// default, Istio will program all sidecar proxies in the mesh with the +// necessary configuration required to reach every workload instance in the mesh, as +// well as accept traffic on all the ports associated with the +// workload. The `Sidecar` configuration provides a way to fine tune the set of +// ports, protocols that the proxy will accept when forwarding traffic to +// and from the workload. In addition, it is possible to restrict the set +// of services that the proxy can reach when forwarding outbound traffic +// from workload instances. +// +// Services and configuration in a mesh are organized into one or more +// namespaces (e.g., a Kubernetes namespace or a CF org/space). A `Sidecar` +// configuration in a namespace will apply to one or more workload instances in the same +// namespace, selected using the `workloadSelector` field. In the absence of a +// `workloadSelector`, it will apply to all workload instances in the same +// namespace. When determining the `Sidecar` configuration to be applied to a +// workload instance, preference will be given to the resource with a +// `workloadSelector` that selects this workload instance, over a `Sidecar` configuration +// without any `workloadSelector`. +// +// **NOTE 1**: *_Each namespace can have only one `Sidecar` +// configuration without any `workloadSelector`_ that specifies the +// default for all pods in that namespace*. It is recommended to use +// the name `default` for the namespace-wide sidecar. The behavior of +// the system is undefined if more than one selector-less `Sidecar` +// configurations exist in a given namespace. The behavior of the +// system is undefined if two or more `Sidecar` configurations with a +// `workloadSelector` select the same workload instance. +// +// **NOTE 2**: *_A `Sidecar` configuration in the `MeshConfig` +// [root namespace](https://istio.io/docs/reference/config/istio.mesh.v1alpha1/#MeshConfig) +// will be applied by default to all namespaces without a `Sidecar` +// configuration_*. This global default `Sidecar` configuration should not have +// any `workloadSelector`. +// +// **NOTE 3**: *_A `Sidecar` is not applicable to gateways, even though gateways are istio-proxies_*. +// +// The example below declares a global default `Sidecar` configuration +// in the root namespace called `istio-config`, that configures +// sidecars in all namespaces to allow egress traffic only to other +// workloads in the same namespace as well as to services in the +// `istio-system` namespace. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: Sidecar +// metadata: +// name: default +// namespace: istio-config +// spec: +// egress: +// - hosts: +// - "./*" +// - "istio-system/*" +// ``` +// +// The example below declares a `Sidecar` configuration in the +// `prod-us1` namespace that overrides the global default defined +// above, and configures the sidecars in the namespace to allow egress +// traffic to public services in the `prod-us1`, `prod-apis`, and the +// `istio-system` namespaces. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: Sidecar +// metadata: +// name: default +// namespace: prod-us1 +// spec: +// egress: +// - hosts: +// - "prod-us1/*" +// - "prod-apis/*" +// - "istio-system/*" +// ``` +// +// The following example declares a `Sidecar` configuration in the +// `prod-us1` namespace for all pods with labels `app: ratings` +// belonging to the `ratings.prod-us1` service. The workload accepts +// inbound HTTP traffic on port 9080. The traffic is then forwarded to +// the attached workload instance listening on a Unix domain +// socket. In the egress direction, in addition to the `istio-system` +// namespace, the sidecar proxies only HTTP traffic bound for port +// 9080 for services in the `prod-us1` namespace. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: Sidecar +// metadata: +// name: ratings +// namespace: prod-us1 +// spec: +// workloadSelector: +// labels: +// app: ratings +// ingress: +// - port: +// number: 9080 +// protocol: HTTP +// name: somename +// defaultEndpoint: unix:///var/run/someuds.sock +// egress: +// - port: +// number: 9080 +// protocol: HTTP +// name: egresshttp +// hosts: +// - "prod-us1/*" +// - hosts: +// - "istio-system/*" +// ``` +// +// If the workload is deployed without IPTables-based traffic capture, +// the `Sidecar` configuration is the only way to configure the ports +// on the proxy attached to the workload instance. The following +// example declares a `Sidecar` configuration in the `prod-us1` +// namespace for all pods with labels `app: productpage` belonging to +// the `productpage.prod-us1` service. Assuming that these pods are +// deployed without IPtable rules (i.e. the `istio-init` container) +// and the proxy metadata `ISTIO_META_INTERCEPTION_MODE` is set to +// `NONE`, the specification, below, allows such pods to receive HTTP +// traffic on port 9080 (wrapped inside Istio mutual TLS) and forward +// it to the application listening on `127.0.0.1:8080`. It also allows +// the application to communicate with a backing MySQL database on +// `127.0.0.1:3306`, that then gets proxied to the externally hosted +// MySQL service at `mysql.foo.com:3306`. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: Sidecar +// metadata: +// name: no-ip-tables +// namespace: prod-us1 +// spec: +// workloadSelector: +// labels: +// app: productpage +// ingress: +// - port: +// number: 9080 # binds to proxy_instance_ip:9080 (0.0.0.0:9080, if no unicast IP is available for the instance) +// protocol: HTTP +// name: somename +// defaultEndpoint: 127.0.0.1:8080 +// captureMode: NONE # not needed if metadata is set for entire proxy +// egress: +// - port: +// number: 3306 +// protocol: MYSQL +// name: egressmysql +// captureMode: NONE # not needed if metadata is set for entire proxy +// bind: 127.0.0.1 +// hosts: +// - "*/mysql.foo.com" +// ``` +// +// And the associated service entry for routing to `mysql.foo.com:3306` +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: ServiceEntry +// metadata: +// name: external-svc-mysql +// namespace: ns1 +// spec: +// hosts: +// - mysql.foo.com +// ports: +// - number: 3306 +// name: mysql +// protocol: MYSQL +// location: MESH_EXTERNAL +// resolution: DNS +// ``` +// +// It is also possible to mix and match traffic capture modes in a single +// proxy. For example, consider a setup where internal services are on the +// `192.168.0.0/16` subnet. So, IP tables are setup on the VM to capture all +// outbound traffic on `192.168.0.0/16` subnet. Assume that the VM has an +// additional network interface on `172.16.0.0/16` subnet for inbound +// traffic. The following `Sidecar` configuration allows the VM to expose a +// listener on `172.16.1.32:80` (the VM's IP) for traffic arriving from the +// `172.16.0.0/16` subnet. +// +// **NOTE**: The `ISTIO_META_INTERCEPTION_MODE` metadata on the +// proxy in the VM should contain `REDIRECT` or `TPROXY` as its value, +// implying that IP tables based traffic capture is active. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: Sidecar +// metadata: +// name: partial-ip-tables +// namespace: prod-us1 +// spec: +// workloadSelector: +// labels: +// app: productpage +// ingress: +// - bind: 172.16.1.32 +// port: +// number: 80 # binds to 172.16.1.32:80 +// protocol: HTTP +// name: somename +// defaultEndpoint: 127.0.0.1:8080 +// captureMode: NONE +// egress: +// # use the system detected defaults +// # sets up configuration to handle outbound traffic to services +// # in 192.168.0.0/16 subnet, based on information provided by the +// # service registry +// - captureMode: IPTABLES +// hosts: +// - "*/*" +// ``` +// +// In addition to configuring traffic capture and how traffic is forwarded to the app, +// it's possible to control inbound connection pool settings. By default, Istio pushes +// connection pool settings from `DestinationRules` to both clients (for outbound +// connections to the service) as well as servers (for inbound connections to a service +// instance). Using the `InboundConnectionPool` and per-port `ConnectionPool` settings +// in a `Sidecar` allow you to control those connection pools for the server separately +// from the settings pushed to all clients. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: Sidecar +// metadata: +// name: connection-pool-settings +// namespace: prod-us1 +// spec: +// workloadSelector: +// labels: +// app: productpage +// inboundConnectionPool: +// http: +// http1MaxPendingRequests: 1024 +// http2MaxRequests: 1024 +// maxRequestsPerConnection: 1024 +// maxRetries: 100 +// ingress: +// - port: +// number: 80 +// protocol: HTTP +// name: somename +// connectionPool: +// http: +// http1MaxPendingRequests: 1024 +// http2MaxRequests: 1024 +// maxRequestsPerConnection: 1024 +// maxRetries: 100 +// tcp: +// maxConnections: 100 +// ``` + +package v1 + +import ( + _ "google.golang.org/genproto/googleapis/api/annotations" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// `CaptureMode` describes how traffic to a listener is expected to be +// captured. Applicable only when the listener is bound to an IP. +type CaptureMode int32 + +const ( + // The default capture mode defined by the environment. + CaptureMode_DEFAULT CaptureMode = 0 + // Capture traffic using IPtables redirection. + CaptureMode_IPTABLES CaptureMode = 1 + // No traffic capture. When used in an egress listener, the application is + // expected to explicitly communicate with the listener port or Unix + // domain socket. When used in an ingress listener, care needs to be taken + // to ensure that the listener port is not in use by other processes on + // the host. + CaptureMode_NONE CaptureMode = 2 +) + +// Enum value maps for CaptureMode. +var ( + CaptureMode_name = map[int32]string{ + 0: "DEFAULT", + 1: "IPTABLES", + 2: "NONE", + } + CaptureMode_value = map[string]int32{ + "DEFAULT": 0, + "IPTABLES": 1, + "NONE": 2, + } +) + +func (x CaptureMode) Enum() *CaptureMode { + p := new(CaptureMode) + *p = x + return p +} + +func (x CaptureMode) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (CaptureMode) Descriptor() protoreflect.EnumDescriptor { + return file_networking_v1_sidecar_proto_enumTypes[0].Descriptor() +} + +func (CaptureMode) Type() protoreflect.EnumType { + return &file_networking_v1_sidecar_proto_enumTypes[0] +} + +func (x CaptureMode) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use CaptureMode.Descriptor instead. +func (CaptureMode) EnumDescriptor() ([]byte, []int) { + return file_networking_v1_sidecar_proto_rawDescGZIP(), []int{0} +} + +type OutboundTrafficPolicy_Mode int32 + +const ( + // Outbound traffic will be restricted to services defined in the + // service registry as well as those defined through `ServiceEntry` configurations. + OutboundTrafficPolicy_REGISTRY_ONLY OutboundTrafficPolicy_Mode = 0 + // Outbound traffic to unknown destinations will be allowed, in case + // there are no services or `ServiceEntry` configurations for the destination port. + OutboundTrafficPolicy_ALLOW_ANY OutboundTrafficPolicy_Mode = 1 +) + +// Enum value maps for OutboundTrafficPolicy_Mode. +var ( + OutboundTrafficPolicy_Mode_name = map[int32]string{ + 0: "REGISTRY_ONLY", + 1: "ALLOW_ANY", + } + OutboundTrafficPolicy_Mode_value = map[string]int32{ + "REGISTRY_ONLY": 0, + "ALLOW_ANY": 1, + } +) + +func (x OutboundTrafficPolicy_Mode) Enum() *OutboundTrafficPolicy_Mode { + p := new(OutboundTrafficPolicy_Mode) + *p = x + return p +} + +func (x OutboundTrafficPolicy_Mode) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (OutboundTrafficPolicy_Mode) Descriptor() protoreflect.EnumDescriptor { + return file_networking_v1_sidecar_proto_enumTypes[1].Descriptor() +} + +func (OutboundTrafficPolicy_Mode) Type() protoreflect.EnumType { + return &file_networking_v1_sidecar_proto_enumTypes[1] +} + +func (x OutboundTrafficPolicy_Mode) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use OutboundTrafficPolicy_Mode.Descriptor instead. +func (OutboundTrafficPolicy_Mode) EnumDescriptor() ([]byte, []int) { + return file_networking_v1_sidecar_proto_rawDescGZIP(), []int{4, 0} +} + +// `Sidecar` describes the configuration of the sidecar proxy that mediates +// inbound and outbound communication of the workload instance to which it is +// attached. +// +// +// +// +// +type Sidecar struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Criteria used to select the specific set of pods/VMs on which this + // `Sidecar` configuration should be applied. If omitted, the `Sidecar` + // configuration will be applied to all workload instances in the same namespace. + WorkloadSelector *WorkloadSelector `protobuf:"bytes,1,opt,name=workload_selector,json=workloadSelector,proto3" json:"workload_selector,omitempty"` + // Ingress specifies the configuration of the sidecar for processing + // inbound traffic to the attached workload instance. If omitted, Istio will + // automatically configure the sidecar based on the information about the workload + // obtained from the orchestration platform (e.g., exposed ports, services, + // etc.). If specified, inbound ports are configured if and only if the + // workload instance is associated with a service. + Ingress []*IstioIngressListener `protobuf:"bytes,2,rep,name=ingress,proto3" json:"ingress,omitempty"` + // Egress specifies the configuration of the sidecar for processing + // outbound traffic from the attached workload instance to other + // services in the mesh. If not specified, inherits the system + // detected defaults from the namespace-wide or the global default Sidecar. + Egress []*IstioEgressListener `protobuf:"bytes,3,rep,name=egress,proto3" json:"egress,omitempty"` + // Settings controlling the volume of connections Envoy will accept from the network. + // This default will apply for all inbound listeners and can be overridden per-port + // in the `Ingress` field. This configuration mirrors the `DestinationRule`'s + // [`connectionPool`](https://istio.io/latest/docs/reference/config/networking/destination-rule/#ConnectionPoolSettings) field. + // + // By default, Istio applies a service's `DestinationRule` to client sidecars + // for outbound traffic directed at the service -- the usual case folks think + // of when configuring a `DestinationRule` -- but also to the server's inbound + // sidecar. The `Sidecar`'s connection pool configures the server's inbound + // sidecar directly, so its settings can be different than clients'. This is + // valuable, for example, when you have many clients calling few servers: a + // `DestinationRule` can limit the concurrency of any single client, while + // the `Sidecar` allows you to configure much higher concurrency on the server + // side. + // + // Connection pool settings for a server's inbound sidecar are configured in the + // following precedence, highest to lowest: + // - per-port `ConnectionPool` from the `Sidecar` + // - top level `InboundConnectionPool` from the `Sidecar` + // - per-port `TrafficPolicy.ConnectionPool` from the `DestinationRule` + // - top level `TrafficPolicy.ConnectionPool` from the `DestinationRule` + // - default connection pool settings (essentially unlimited) + // + // In every case, the connection pool settings are overriden, not merged. + InboundConnectionPool *ConnectionPoolSettings `protobuf:"bytes,7,opt,name=inbound_connection_pool,json=inboundConnectionPool,proto3" json:"inbound_connection_pool,omitempty"` + // Configuration for the outbound traffic policy. If your + // application uses one or more external services that are not known + // apriori, setting the policy to `ALLOW_ANY` will cause the + // sidecars to route any unknown traffic originating from the + // application to its requested destination. If not specified, + // inherits the system detected defaults from the namespace-wide or + // the global default Sidecar. + OutboundTrafficPolicy *OutboundTrafficPolicy `protobuf:"bytes,4,opt,name=outbound_traffic_policy,json=outboundTrafficPolicy,proto3" json:"outbound_traffic_policy,omitempty"` +} + +func (x *Sidecar) Reset() { + *x = Sidecar{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_sidecar_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Sidecar) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Sidecar) ProtoMessage() {} + +func (x *Sidecar) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_sidecar_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Sidecar.ProtoReflect.Descriptor instead. +func (*Sidecar) Descriptor() ([]byte, []int) { + return file_networking_v1_sidecar_proto_rawDescGZIP(), []int{0} +} + +func (x *Sidecar) GetWorkloadSelector() *WorkloadSelector { + if x != nil { + return x.WorkloadSelector + } + return nil +} + +func (x *Sidecar) GetIngress() []*IstioIngressListener { + if x != nil { + return x.Ingress + } + return nil +} + +func (x *Sidecar) GetEgress() []*IstioEgressListener { + if x != nil { + return x.Egress + } + return nil +} + +func (x *Sidecar) GetInboundConnectionPool() *ConnectionPoolSettings { + if x != nil { + return x.InboundConnectionPool + } + return nil +} + +func (x *Sidecar) GetOutboundTrafficPolicy() *OutboundTrafficPolicy { + if x != nil { + return x.OutboundTrafficPolicy + } + return nil +} + +// `IstioIngressListener` specifies the properties of an inbound +// traffic listener on the sidecar proxy attached to a workload instance. +type IstioIngressListener struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The port associated with the listener. + Port *SidecarPort `protobuf:"bytes,1,opt,name=port,proto3" json:"port,omitempty"` + // The IP(IPv4 or IPv6) to which the listener should be bound. + // Unix domain socket addresses are not allowed in + // the bind field for ingress listeners. If omitted, Istio will + // automatically configure the defaults based on imported services + // and the workload instances to which this configuration is applied + // to. + Bind string `protobuf:"bytes,2,opt,name=bind,proto3" json:"bind,omitempty"` + // The captureMode option dictates how traffic to the listener is + // expected to be captured (or not). + CaptureMode CaptureMode `protobuf:"varint,3,opt,name=capture_mode,json=captureMode,proto3,enum=istio.networking.v1.CaptureMode" json:"capture_mode,omitempty"` + // The IP endpoint or Unix domain socket to which + // traffic should be forwarded to. This configuration can be used to + // redirect traffic arriving at the bind `IP:Port` on the sidecar to a `localhost:port` + // or Unix domain socket where the application workload instance is listening for + // connections. Arbitrary IPs are not supported. Format should be one of + // `127.0.0.1:PORT`, `[::1]:PORT` (forward to localhost), + // `0.0.0.0:PORT`, `[::]:PORT` (forward to the instance IP), + // or `unix:///path/to/socket` (forward to Unix domain socket). + DefaultEndpoint string `protobuf:"bytes,4,opt,name=default_endpoint,json=defaultEndpoint,proto3" json:"default_endpoint,omitempty"` + // Set of TLS related options that will enable TLS termination on the + // sidecar for requests originating from outside the mesh. + // Currently supports only SIMPLE and MUTUAL TLS modes. + Tls *ServerTLSSettings `protobuf:"bytes,7,opt,name=tls,proto3" json:"tls,omitempty"` + // Settings controlling the volume of connections Envoy will accept from the network. + // This setting overrides the top-level default `inboundConnectionPool` to configure + // specific settings for this port. This configuration mirrors the `DestinationRule`'s + // [`PortTrafficPolicy.connectionPool`](https://istio.io/latest/docs/reference/config/networking/destination-rule/#TrafficPolicy-PortTrafficPolicy) field. + // This port level connection pool has the highest precedence in configuration, + // overriding both the `Sidecar`'s top level `InboundConnectionPool` as well as any + // connection pooling settings from the `DestinationRule`. + ConnectionPool *ConnectionPoolSettings `protobuf:"bytes,8,opt,name=connection_pool,json=connectionPool,proto3" json:"connection_pool,omitempty"` +} + +func (x *IstioIngressListener) Reset() { + *x = IstioIngressListener{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_sidecar_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *IstioIngressListener) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*IstioIngressListener) ProtoMessage() {} + +func (x *IstioIngressListener) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_sidecar_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use IstioIngressListener.ProtoReflect.Descriptor instead. +func (*IstioIngressListener) Descriptor() ([]byte, []int) { + return file_networking_v1_sidecar_proto_rawDescGZIP(), []int{1} +} + +func (x *IstioIngressListener) GetPort() *SidecarPort { + if x != nil { + return x.Port + } + return nil +} + +func (x *IstioIngressListener) GetBind() string { + if x != nil { + return x.Bind + } + return "" +} + +func (x *IstioIngressListener) GetCaptureMode() CaptureMode { + if x != nil { + return x.CaptureMode + } + return CaptureMode_DEFAULT +} + +func (x *IstioIngressListener) GetDefaultEndpoint() string { + if x != nil { + return x.DefaultEndpoint + } + return "" +} + +func (x *IstioIngressListener) GetTls() *ServerTLSSettings { + if x != nil { + return x.Tls + } + return nil +} + +func (x *IstioIngressListener) GetConnectionPool() *ConnectionPoolSettings { + if x != nil { + return x.ConnectionPool + } + return nil +} + +// `IstioEgressListener` specifies the properties of an outbound traffic +// listener on the sidecar proxy attached to a workload instance. +type IstioEgressListener struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The port associated with the listener. If using Unix domain socket, + // use 0 as the port number, with a valid protocol. The port if + // specified, will be used as the default destination port associated + // with the imported hosts. If the port is omitted, Istio will infer the + // listener ports based on the imported hosts. Note that when multiple + // egress listeners are specified, where one or more listeners have + // specific ports while others have no port, the hosts exposed on a + // listener port will be based on the listener with the most specific + // port. + Port *SidecarPort `protobuf:"bytes,1,opt,name=port,proto3" json:"port,omitempty"` + // The IP(IPv4 or IPv6) or the Unix domain socket to which the listener should be bound + // to. Port MUST be specified if bind is not empty. Format: IPv4 or IPv6 address formats or + // `unix:///path/to/uds` or `unix://@foobar` (Linux abstract namespace). If + // omitted, Istio will automatically configure the defaults based on imported + // services, the workload instances to which this configuration is applied to and + // the captureMode. If captureMode is `NONE`, bind will default to + // 127.0.0.1. + Bind string `protobuf:"bytes,2,opt,name=bind,proto3" json:"bind,omitempty"` + // When the bind address is an IP, the captureMode option dictates + // how traffic to the listener is expected to be captured (or not). + // captureMode must be DEFAULT or `NONE` for Unix domain socket binds. + CaptureMode CaptureMode `protobuf:"varint,3,opt,name=capture_mode,json=captureMode,proto3,enum=istio.networking.v1.CaptureMode" json:"capture_mode,omitempty"` + // One or more service hosts exposed by the listener + // in `namespace/dnsName` format. Services in the specified namespace + // matching `dnsName` will be exposed. + // The corresponding service can be a service in the service registry + // (e.g., a Kubernetes or cloud foundry service) or a service specified + // using a `ServiceEntry` or `VirtualService` configuration. Any + // associated `DestinationRule` in the same namespace will also be used. + // + // The `dnsName` should be specified using FQDN format, optionally including + // a wildcard character in the left-most component (e.g., `prod/*.example.com`). + // Set the `dnsName` to `*` to select all services from the specified namespace + // (e.g., `prod/*`). + // + // The `namespace` can be set to `*`, `.`, or `~`, representing any, the current, + // or no namespace, respectively. For example, `*/foo.example.com` selects the + // service from any available namespace while `./foo.example.com` only selects + // the service from the namespace of the sidecar. If a host is set to `*/*`, + // Istio will configure the sidecar to be able to reach every service in the + // mesh that is exported to the sidecar's namespace. The value `~/*` can be used + // to completely trim the configuration for sidecars that simply receive traffic + // and respond, but make no outbound connections of their own. + // + // NOTE: Only services and configuration artifacts exported to the sidecar's + // namespace (e.g., `exportTo` value of `*`) can be referenced. + // Private configurations (e.g., `exportTo` set to `.`) will + // not be available. Refer to the `exportTo` setting in `VirtualService`, + // `DestinationRule`, and `ServiceEntry` configurations for details. + Hosts []string `protobuf:"bytes,4,rep,name=hosts,proto3" json:"hosts,omitempty"` +} + +func (x *IstioEgressListener) Reset() { + *x = IstioEgressListener{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_sidecar_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *IstioEgressListener) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*IstioEgressListener) ProtoMessage() {} + +func (x *IstioEgressListener) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_sidecar_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use IstioEgressListener.ProtoReflect.Descriptor instead. +func (*IstioEgressListener) Descriptor() ([]byte, []int) { + return file_networking_v1_sidecar_proto_rawDescGZIP(), []int{2} +} + +func (x *IstioEgressListener) GetPort() *SidecarPort { + if x != nil { + return x.Port + } + return nil +} + +func (x *IstioEgressListener) GetBind() string { + if x != nil { + return x.Bind + } + return "" +} + +func (x *IstioEgressListener) GetCaptureMode() CaptureMode { + if x != nil { + return x.CaptureMode + } + return CaptureMode_DEFAULT +} + +func (x *IstioEgressListener) GetHosts() []string { + if x != nil { + return x.Hosts + } + return nil +} + +// `WorkloadSelector` specifies the criteria used to determine if the +// `Gateway`, `Sidecar`, `EnvoyFilter`, `ServiceEntry`, or `DestinationRule` +// configuration can be applied to a proxy. The matching criteria +// includes the metadata associated with a proxy, workload instance +// info such as labels attached to the pod/VM, or any other info that +// the proxy provides to Istio during the initial handshake. If +// multiple conditions are specified, all conditions need to match in +// order for the workload instance to be selected. Currently, only +// label based selection mechanism is supported. +type WorkloadSelector struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // One or more labels that indicate a specific set of pods/VMs + // on which the configuration should be applied. The scope of + // label search is restricted to the configuration namespace in which the + // the resource is present. + Labels map[string]string `protobuf:"bytes,1,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` +} + +func (x *WorkloadSelector) Reset() { + *x = WorkloadSelector{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_sidecar_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *WorkloadSelector) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*WorkloadSelector) ProtoMessage() {} + +func (x *WorkloadSelector) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_sidecar_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use WorkloadSelector.ProtoReflect.Descriptor instead. +func (*WorkloadSelector) Descriptor() ([]byte, []int) { + return file_networking_v1_sidecar_proto_rawDescGZIP(), []int{3} +} + +func (x *WorkloadSelector) GetLabels() map[string]string { + if x != nil { + return x.Labels + } + return nil +} + +// `OutboundTrafficPolicy` sets the default behavior of the sidecar for +// handling outbound traffic from the application. +// If your application uses one or more external +// services that are not known apriori, setting the policy to `ALLOW_ANY` +// will cause the sidecars to route any unknown traffic originating from +// the application to its requested destination. Users are strongly +// encouraged to use `ServiceEntry` configurations to explicitly declare any external +// dependencies, instead of using `ALLOW_ANY`, so that traffic to these +// services can be monitored. +type OutboundTrafficPolicy struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Mode OutboundTrafficPolicy_Mode `protobuf:"varint,1,opt,name=mode,proto3,enum=istio.networking.v1.OutboundTrafficPolicy_Mode" json:"mode,omitempty"` + // Specifies the details of the egress proxy to which unknown + // traffic should be forwarded to from the sidecar. Valid only if + // the mode is set to ALLOW_ANY. If not specified when the mode is + // ALLOW_ANY, the sidecar will send the unknown traffic directly to + // the IP requested by the application. + // + // ** NOTE 1**: The specified egress host must be imported in the + // egress section for the traffic forwarding to work. + // + // ** NOTE 2**: An Envoy based egress gateway is unlikely to be able + // to handle plain text TCP connections forwarded from the sidecar. + // Envoy's dynamic forward proxy can handle only HTTP and TLS + // connections. + // $hide_from_docs + EgressProxy *Destination `protobuf:"bytes,2,opt,name=egress_proxy,json=egressProxy,proto3" json:"egress_proxy,omitempty"` +} + +func (x *OutboundTrafficPolicy) Reset() { + *x = OutboundTrafficPolicy{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_sidecar_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *OutboundTrafficPolicy) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*OutboundTrafficPolicy) ProtoMessage() {} + +func (x *OutboundTrafficPolicy) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_sidecar_proto_msgTypes[4] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use OutboundTrafficPolicy.ProtoReflect.Descriptor instead. +func (*OutboundTrafficPolicy) Descriptor() ([]byte, []int) { + return file_networking_v1_sidecar_proto_rawDescGZIP(), []int{4} +} + +func (x *OutboundTrafficPolicy) GetMode() OutboundTrafficPolicy_Mode { + if x != nil { + return x.Mode + } + return OutboundTrafficPolicy_REGISTRY_ONLY +} + +func (x *OutboundTrafficPolicy) GetEgressProxy() *Destination { + if x != nil { + return x.EgressProxy + } + return nil +} + +// Port describes the properties of a specific port of a service. +type SidecarPort struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // A valid non-negative integer port number. + Number uint32 `protobuf:"varint,1,opt,name=number,proto3" json:"number,omitempty"` + // The protocol exposed on the port. + // MUST BE one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TLS. + // TLS can be either used to terminate non-HTTP based connections on a specific port + // or to route traffic based on SNI header to the destination without terminating the TLS connection. + Protocol string `protobuf:"bytes,2,opt,name=protocol,proto3" json:"protocol,omitempty"` + // Label assigned to the port. + Name string `protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"` + // Has no effect, only for backwards compatibility + // received. Applicable only when used with ServiceEntries. + // $hide_from_docs + // + // Deprecated: Marked as deprecated in networking/v1/sidecar.proto. + TargetPort uint32 `protobuf:"varint,4,opt,name=target_port,json=targetPort,proto3" json:"target_port,omitempty"` +} + +func (x *SidecarPort) Reset() { + *x = SidecarPort{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_sidecar_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *SidecarPort) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SidecarPort) ProtoMessage() {} + +func (x *SidecarPort) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_sidecar_proto_msgTypes[5] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SidecarPort.ProtoReflect.Descriptor instead. +func (*SidecarPort) Descriptor() ([]byte, []int) { + return file_networking_v1_sidecar_proto_rawDescGZIP(), []int{5} +} + +func (x *SidecarPort) GetNumber() uint32 { + if x != nil { + return x.Number + } + return 0 +} + +func (x *SidecarPort) GetProtocol() string { + if x != nil { + return x.Protocol + } + return "" +} + +func (x *SidecarPort) GetName() string { + if x != nil { + return x.Name + } + return "" +} + +// Deprecated: Marked as deprecated in networking/v1/sidecar.proto. +func (x *SidecarPort) GetTargetPort() uint32 { + if x != nil { + return x.TargetPort + } + return 0 +} + +var File_networking_v1_sidecar_proto protoreflect.FileDescriptor + +var file_networking_v1_sidecar_proto_rawDesc = []byte{ + 0x0a, 0x1b, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x2f, + 0x73, 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x13, 0x69, + 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, + 0x76, 0x31, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, + 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x1a, 0x24, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, + 0x76, 0x31, 0x2f, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, + 0x75, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x6e, 0x65, 0x74, 0x77, 0x6f, + 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x2f, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x23, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, + 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x2f, 0x76, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x5f, 0x73, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xc4, 0x03, 0x0a, 0x07, + 0x53, 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, 0x12, 0x52, 0x0a, 0x11, 0x77, 0x6f, 0x72, 0x6b, 0x6c, + 0x6f, 0x61, 0x64, 0x5f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, + 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, + 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x52, 0x10, 0x77, 0x6f, 0x72, 0x6b, 0x6c, + 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x43, 0x0a, 0x07, 0x69, + 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x69, + 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, + 0x76, 0x31, 0x2e, 0x49, 0x73, 0x74, 0x69, 0x6f, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x4c, + 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x07, 0x69, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, + 0x12, 0x40, 0x0a, 0x06, 0x65, 0x67, 0x72, 0x65, 0x73, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, + 0x32, 0x28, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, + 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x49, 0x73, 0x74, 0x69, 0x6f, 0x45, 0x67, 0x72, 0x65, + 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x06, 0x65, 0x67, 0x72, 0x65, + 0x73, 0x73, 0x12, 0x63, 0x0a, 0x17, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x63, 0x6f, + 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x6f, 0x6f, 0x6c, 0x18, 0x07, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, + 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, + 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, + 0x52, 0x15, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, + 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x12, 0x62, 0x0a, 0x17, 0x6f, 0x75, 0x74, 0x62, 0x6f, + 0x75, 0x6e, 0x64, 0x5f, 0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x5f, 0x70, 0x6f, 0x6c, 0x69, + 0x63, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, + 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x4f, + 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, + 0x6c, 0x69, 0x63, 0x79, 0x52, 0x15, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54, 0x72, + 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4a, 0x04, 0x08, 0x05, 0x10, + 0x06, 0x4a, 0x04, 0x08, 0x06, 0x10, 0x07, 0x52, 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, + 0x73, 0x74, 0x22, 0x87, 0x03, 0x0a, 0x14, 0x49, 0x73, 0x74, 0x69, 0x6f, 0x49, 0x6e, 0x67, 0x72, + 0x65, 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x12, 0x39, 0x0a, 0x04, 0x70, + 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, 0x73, 0x74, 0x69, + 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, + 0x53, 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x42, 0x03, 0xe0, 0x41, 0x02, + 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x62, 0x69, 0x6e, 0x64, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x62, 0x69, 0x6e, 0x64, 0x12, 0x43, 0x0a, 0x0c, 0x63, 0x61, + 0x70, 0x74, 0x75, 0x72, 0x65, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, + 0x32, 0x20, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, + 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x61, 0x70, 0x74, 0x75, 0x72, 0x65, 0x4d, 0x6f, + 0x64, 0x65, 0x52, 0x0b, 0x63, 0x61, 0x70, 0x74, 0x75, 0x72, 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x12, + 0x29, 0x0a, 0x10, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x65, 0x6e, 0x64, 0x70, 0x6f, + 0x69, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x64, 0x65, 0x66, 0x61, 0x75, + 0x6c, 0x74, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x38, 0x0a, 0x03, 0x74, 0x6c, + 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, + 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, + 0x72, 0x76, 0x65, 0x72, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, + 0x03, 0x74, 0x6c, 0x73, 0x12, 0x54, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, + 0x6f, 0x6e, 0x5f, 0x70, 0x6f, 0x6f, 0x6c, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, + 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, + 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, + 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, + 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x4a, 0x04, 0x08, 0x05, 0x10, 0x06, + 0x4a, 0x04, 0x08, 0x06, 0x10, 0x07, 0x52, 0x14, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, + 0x74, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x74, 0x6c, 0x73, 0x22, 0xe1, 0x01, 0x0a, + 0x13, 0x49, 0x73, 0x74, 0x69, 0x6f, 0x45, 0x67, 0x72, 0x65, 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, + 0x65, 0x6e, 0x65, 0x72, 0x12, 0x34, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, + 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, + 0x50, 0x6f, 0x72, 0x74, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x62, 0x69, + 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x62, 0x69, 0x6e, 0x64, 0x12, 0x43, + 0x0a, 0x0c, 0x63, 0x61, 0x70, 0x74, 0x75, 0x72, 0x65, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x03, + 0x20, 0x01, 0x28, 0x0e, 0x32, 0x20, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, + 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x61, 0x70, 0x74, 0x75, + 0x72, 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x0b, 0x63, 0x61, 0x70, 0x74, 0x75, 0x72, 0x65, 0x4d, + 0x6f, 0x64, 0x65, 0x12, 0x19, 0x0a, 0x05, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x18, 0x04, 0x20, 0x03, + 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x05, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x4a, 0x04, + 0x08, 0x05, 0x10, 0x06, 0x4a, 0x04, 0x08, 0x06, 0x10, 0x07, 0x52, 0x14, 0x6c, 0x6f, 0x63, 0x61, + 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x74, 0x6c, 0x73, + 0x22, 0x98, 0x01, 0x0a, 0x10, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, + 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x49, 0x0a, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, + 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, + 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, + 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x2e, 0x4c, 0x61, 0x62, + 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, + 0x1a, 0x39, 0x0a, 0x0b, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, + 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, + 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xcb, 0x01, 0x0a, 0x15, + 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, + 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x43, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x0e, 0x32, 0x2f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, + 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, + 0x6e, 0x64, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, + 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x43, 0x0a, 0x0c, 0x65, 0x67, + 0x72, 0x65, 0x73, 0x73, 0x5f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x20, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, + 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x52, 0x0b, 0x65, 0x67, 0x72, 0x65, 0x73, 0x73, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x22, + 0x28, 0x0a, 0x04, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x11, 0x0a, 0x0d, 0x52, 0x45, 0x47, 0x49, 0x53, + 0x54, 0x52, 0x59, 0x5f, 0x4f, 0x4e, 0x4c, 0x59, 0x10, 0x00, 0x12, 0x0d, 0x0a, 0x09, 0x41, 0x4c, + 0x4c, 0x4f, 0x57, 0x5f, 0x41, 0x4e, 0x59, 0x10, 0x01, 0x22, 0x7a, 0x0a, 0x0b, 0x53, 0x69, 0x64, + 0x65, 0x63, 0x61, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x6e, 0x75, 0x6d, 0x62, + 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, + 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x12, 0x0a, 0x04, + 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, + 0x12, 0x23, 0x0a, 0x0b, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, + 0x04, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x02, 0x18, 0x01, 0x52, 0x0a, 0x74, 0x61, 0x72, 0x67, 0x65, + 0x74, 0x50, 0x6f, 0x72, 0x74, 0x2a, 0x32, 0x0a, 0x0b, 0x43, 0x61, 0x70, 0x74, 0x75, 0x72, 0x65, + 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, + 0x00, 0x12, 0x0c, 0x0a, 0x08, 0x49, 0x50, 0x54, 0x41, 0x42, 0x4c, 0x45, 0x53, 0x10, 0x01, 0x12, + 0x08, 0x0a, 0x04, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x02, 0x42, 0x1c, 0x5a, 0x1a, 0x69, 0x73, 0x74, + 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, + 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_networking_v1_sidecar_proto_rawDescOnce sync.Once + file_networking_v1_sidecar_proto_rawDescData = file_networking_v1_sidecar_proto_rawDesc +) + +func file_networking_v1_sidecar_proto_rawDescGZIP() []byte { + file_networking_v1_sidecar_proto_rawDescOnce.Do(func() { + file_networking_v1_sidecar_proto_rawDescData = protoimpl.X.CompressGZIP(file_networking_v1_sidecar_proto_rawDescData) + }) + return file_networking_v1_sidecar_proto_rawDescData +} + +var file_networking_v1_sidecar_proto_enumTypes = make([]protoimpl.EnumInfo, 2) +var file_networking_v1_sidecar_proto_msgTypes = make([]protoimpl.MessageInfo, 7) +var file_networking_v1_sidecar_proto_goTypes = []interface{}{ + (CaptureMode)(0), // 0: istio.networking.v1.CaptureMode + (OutboundTrafficPolicy_Mode)(0), // 1: istio.networking.v1.OutboundTrafficPolicy.Mode + (*Sidecar)(nil), // 2: istio.networking.v1.Sidecar + (*IstioIngressListener)(nil), // 3: istio.networking.v1.IstioIngressListener + (*IstioEgressListener)(nil), // 4: istio.networking.v1.IstioEgressListener + (*WorkloadSelector)(nil), // 5: istio.networking.v1.WorkloadSelector + (*OutboundTrafficPolicy)(nil), // 6: istio.networking.v1.OutboundTrafficPolicy + (*SidecarPort)(nil), // 7: istio.networking.v1.SidecarPort + nil, // 8: istio.networking.v1.WorkloadSelector.LabelsEntry + (*ConnectionPoolSettings)(nil), // 9: istio.networking.v1.ConnectionPoolSettings + (*ServerTLSSettings)(nil), // 10: istio.networking.v1.ServerTLSSettings + (*Destination)(nil), // 11: istio.networking.v1.Destination +} +var file_networking_v1_sidecar_proto_depIdxs = []int32{ + 5, // 0: istio.networking.v1.Sidecar.workload_selector:type_name -> istio.networking.v1.WorkloadSelector + 3, // 1: istio.networking.v1.Sidecar.ingress:type_name -> istio.networking.v1.IstioIngressListener + 4, // 2: istio.networking.v1.Sidecar.egress:type_name -> istio.networking.v1.IstioEgressListener + 9, // 3: istio.networking.v1.Sidecar.inbound_connection_pool:type_name -> istio.networking.v1.ConnectionPoolSettings + 6, // 4: istio.networking.v1.Sidecar.outbound_traffic_policy:type_name -> istio.networking.v1.OutboundTrafficPolicy + 7, // 5: istio.networking.v1.IstioIngressListener.port:type_name -> istio.networking.v1.SidecarPort + 0, // 6: istio.networking.v1.IstioIngressListener.capture_mode:type_name -> istio.networking.v1.CaptureMode + 10, // 7: istio.networking.v1.IstioIngressListener.tls:type_name -> istio.networking.v1.ServerTLSSettings + 9, // 8: istio.networking.v1.IstioIngressListener.connection_pool:type_name -> istio.networking.v1.ConnectionPoolSettings + 7, // 9: istio.networking.v1.IstioEgressListener.port:type_name -> istio.networking.v1.SidecarPort + 0, // 10: istio.networking.v1.IstioEgressListener.capture_mode:type_name -> istio.networking.v1.CaptureMode + 8, // 11: istio.networking.v1.WorkloadSelector.labels:type_name -> istio.networking.v1.WorkloadSelector.LabelsEntry + 1, // 12: istio.networking.v1.OutboundTrafficPolicy.mode:type_name -> istio.networking.v1.OutboundTrafficPolicy.Mode + 11, // 13: istio.networking.v1.OutboundTrafficPolicy.egress_proxy:type_name -> istio.networking.v1.Destination + 14, // [14:14] is the sub-list for method output_type + 14, // [14:14] is the sub-list for method input_type + 14, // [14:14] is the sub-list for extension type_name + 14, // [14:14] is the sub-list for extension extendee + 0, // [0:14] is the sub-list for field type_name +} + +func init() { file_networking_v1_sidecar_proto_init() } +func file_networking_v1_sidecar_proto_init() { + if File_networking_v1_sidecar_proto != nil { + return + } + file_networking_v1_destination_rule_proto_init() + file_networking_v1_gateway_proto_init() + file_networking_v1_virtual_service_proto_init() + if !protoimpl.UnsafeEnabled { + file_networking_v1_sidecar_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Sidecar); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_sidecar_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*IstioIngressListener); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_sidecar_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*IstioEgressListener); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_sidecar_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*WorkloadSelector); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_sidecar_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*OutboundTrafficPolicy); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_sidecar_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*SidecarPort); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_networking_v1_sidecar_proto_rawDesc, + NumEnums: 2, + NumMessages: 7, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_networking_v1_sidecar_proto_goTypes, + DependencyIndexes: file_networking_v1_sidecar_proto_depIdxs, + EnumInfos: file_networking_v1_sidecar_proto_enumTypes, + MessageInfos: file_networking_v1_sidecar_proto_msgTypes, + }.Build() + File_networking_v1_sidecar_proto = out.File + file_networking_v1_sidecar_proto_rawDesc = nil + file_networking_v1_sidecar_proto_goTypes = nil + file_networking_v1_sidecar_proto_depIdxs = nil +} diff --git a/networking/v1/sidecar.proto b/networking/v1/sidecar.proto new file mode 100644 index 00000000..65ba3eb1 --- /dev/null +++ b/networking/v1/sidecar.proto @@ -0,0 +1,572 @@ +// Copyright 2020 Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +import "google/api/field_behavior.proto"; +import "networking/v1/destination_rule.proto"; +import "networking/v1/gateway.proto"; +import "networking/v1/virtual_service.proto"; + +// $schema: istio.networking.v1.Sidecar +// $title: Sidecar +// $description: Configuration affecting network reachability of a sidecar. +// $location: https://istio.io/docs/reference/config/networking/sidecar.html +// $aliases: [/docs/reference/config/networking/v1/sidecar] +// $mode: none + +// `Sidecar` describes the configuration of the sidecar proxy that mediates +// inbound and outbound communication to the workload instance it is attached to. By +// default, Istio will program all sidecar proxies in the mesh with the +// necessary configuration required to reach every workload instance in the mesh, as +// well as accept traffic on all the ports associated with the +// workload. The `Sidecar` configuration provides a way to fine tune the set of +// ports, protocols that the proxy will accept when forwarding traffic to +// and from the workload. In addition, it is possible to restrict the set +// of services that the proxy can reach when forwarding outbound traffic +// from workload instances. +// +// Services and configuration in a mesh are organized into one or more +// namespaces (e.g., a Kubernetes namespace or a CF org/space). A `Sidecar` +// configuration in a namespace will apply to one or more workload instances in the same +// namespace, selected using the `workloadSelector` field. In the absence of a +// `workloadSelector`, it will apply to all workload instances in the same +// namespace. When determining the `Sidecar` configuration to be applied to a +// workload instance, preference will be given to the resource with a +// `workloadSelector` that selects this workload instance, over a `Sidecar` configuration +// without any `workloadSelector`. +// +// **NOTE 1**: *_Each namespace can have only one `Sidecar` +// configuration without any `workloadSelector`_ that specifies the +// default for all pods in that namespace*. It is recommended to use +// the name `default` for the namespace-wide sidecar. The behavior of +// the system is undefined if more than one selector-less `Sidecar` +// configurations exist in a given namespace. The behavior of the +// system is undefined if two or more `Sidecar` configurations with a +// `workloadSelector` select the same workload instance. +// +// **NOTE 2**: *_A `Sidecar` configuration in the `MeshConfig` +// [root namespace](https://istio.io/docs/reference/config/istio.mesh.v1alpha1/#MeshConfig) +// will be applied by default to all namespaces without a `Sidecar` +// configuration_*. This global default `Sidecar` configuration should not have +// any `workloadSelector`. +// +// **NOTE 3**: *_A `Sidecar` is not applicable to gateways, even though gateways are istio-proxies_*. +// +// The example below declares a global default `Sidecar` configuration +// in the root namespace called `istio-config`, that configures +// sidecars in all namespaces to allow egress traffic only to other +// workloads in the same namespace as well as to services in the +// `istio-system` namespace. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: Sidecar +// metadata: +// name: default +// namespace: istio-config +// spec: +// egress: +// - hosts: +// - "./*" +// - "istio-system/*" +// ``` +// +// The example below declares a `Sidecar` configuration in the +// `prod-us1` namespace that overrides the global default defined +// above, and configures the sidecars in the namespace to allow egress +// traffic to public services in the `prod-us1`, `prod-apis`, and the +// `istio-system` namespaces. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: Sidecar +// metadata: +// name: default +// namespace: prod-us1 +// spec: +// egress: +// - hosts: +// - "prod-us1/*" +// - "prod-apis/*" +// - "istio-system/*" +// ``` +// +// The following example declares a `Sidecar` configuration in the +// `prod-us1` namespace for all pods with labels `app: ratings` +// belonging to the `ratings.prod-us1` service. The workload accepts +// inbound HTTP traffic on port 9080. The traffic is then forwarded to +// the attached workload instance listening on a Unix domain +// socket. In the egress direction, in addition to the `istio-system` +// namespace, the sidecar proxies only HTTP traffic bound for port +// 9080 for services in the `prod-us1` namespace. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: Sidecar +// metadata: +// name: ratings +// namespace: prod-us1 +// spec: +// workloadSelector: +// labels: +// app: ratings +// ingress: +// - port: +// number: 9080 +// protocol: HTTP +// name: somename +// defaultEndpoint: unix:///var/run/someuds.sock +// egress: +// - port: +// number: 9080 +// protocol: HTTP +// name: egresshttp +// hosts: +// - "prod-us1/*" +// - hosts: +// - "istio-system/*" +// ``` +// +// If the workload is deployed without IPTables-based traffic capture, +// the `Sidecar` configuration is the only way to configure the ports +// on the proxy attached to the workload instance. The following +// example declares a `Sidecar` configuration in the `prod-us1` +// namespace for all pods with labels `app: productpage` belonging to +// the `productpage.prod-us1` service. Assuming that these pods are +// deployed without IPtable rules (i.e. the `istio-init` container) +// and the proxy metadata `ISTIO_META_INTERCEPTION_MODE` is set to +// `NONE`, the specification, below, allows such pods to receive HTTP +// traffic on port 9080 (wrapped inside Istio mutual TLS) and forward +// it to the application listening on `127.0.0.1:8080`. It also allows +// the application to communicate with a backing MySQL database on +// `127.0.0.1:3306`, that then gets proxied to the externally hosted +// MySQL service at `mysql.foo.com:3306`. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: Sidecar +// metadata: +// name: no-ip-tables +// namespace: prod-us1 +// spec: +// workloadSelector: +// labels: +// app: productpage +// ingress: +// - port: +// number: 9080 # binds to proxy_instance_ip:9080 (0.0.0.0:9080, if no unicast IP is available for the instance) +// protocol: HTTP +// name: somename +// defaultEndpoint: 127.0.0.1:8080 +// captureMode: NONE # not needed if metadata is set for entire proxy +// egress: +// - port: +// number: 3306 +// protocol: MYSQL +// name: egressmysql +// captureMode: NONE # not needed if metadata is set for entire proxy +// bind: 127.0.0.1 +// hosts: +// - "*/mysql.foo.com" +// ``` +// +// And the associated service entry for routing to `mysql.foo.com:3306` +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: ServiceEntry +// metadata: +// name: external-svc-mysql +// namespace: ns1 +// spec: +// hosts: +// - mysql.foo.com +// ports: +// - number: 3306 +// name: mysql +// protocol: MYSQL +// location: MESH_EXTERNAL +// resolution: DNS +// ``` +// +// It is also possible to mix and match traffic capture modes in a single +// proxy. For example, consider a setup where internal services are on the +// `192.168.0.0/16` subnet. So, IP tables are setup on the VM to capture all +// outbound traffic on `192.168.0.0/16` subnet. Assume that the VM has an +// additional network interface on `172.16.0.0/16` subnet for inbound +// traffic. The following `Sidecar` configuration allows the VM to expose a +// listener on `172.16.1.32:80` (the VM's IP) for traffic arriving from the +// `172.16.0.0/16` subnet. +// +// **NOTE**: The `ISTIO_META_INTERCEPTION_MODE` metadata on the +// proxy in the VM should contain `REDIRECT` or `TPROXY` as its value, +// implying that IP tables based traffic capture is active. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: Sidecar +// metadata: +// name: partial-ip-tables +// namespace: prod-us1 +// spec: +// workloadSelector: +// labels: +// app: productpage +// ingress: +// - bind: 172.16.1.32 +// port: +// number: 80 # binds to 172.16.1.32:80 +// protocol: HTTP +// name: somename +// defaultEndpoint: 127.0.0.1:8080 +// captureMode: NONE +// egress: +// # use the system detected defaults +// # sets up configuration to handle outbound traffic to services +// # in 192.168.0.0/16 subnet, based on information provided by the +// # service registry +// - captureMode: IPTABLES +// hosts: +// - "*/*" +// ``` +// +// In addition to configuring traffic capture and how traffic is forwarded to the app, +// it's possible to control inbound connection pool settings. By default, Istio pushes +// connection pool settings from `DestinationRules` to both clients (for outbound +// connections to the service) as well as servers (for inbound connections to a service +// instance). Using the `InboundConnectionPool` and per-port `ConnectionPool` settings +// in a `Sidecar` allow you to control those connection pools for the server separately +// from the settings pushed to all clients. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: Sidecar +// metadata: +// name: connection-pool-settings +// namespace: prod-us1 +// spec: +// workloadSelector: +// labels: +// app: productpage +// inboundConnectionPool: +// http: +// http1MaxPendingRequests: 1024 +// http2MaxRequests: 1024 +// maxRequestsPerConnection: 1024 +// maxRetries: 100 +// ingress: +// - port: +// number: 80 +// protocol: HTTP +// name: somename +// connectionPool: +// http: +// http1MaxPendingRequests: 1024 +// http2MaxRequests: 1024 +// maxRequestsPerConnection: 1024 +// maxRetries: 100 +// tcp: +// maxConnections: 100 +// ``` +package istio.networking.v1; + +option go_package = "istio.io/api/networking/v1"; + +// `Sidecar` describes the configuration of the sidecar proxy that mediates +// inbound and outbound communication of the workload instance to which it is +// attached. +// +// +// +// +// +message Sidecar { + // Criteria used to select the specific set of pods/VMs on which this + // `Sidecar` configuration should be applied. If omitted, the `Sidecar` + // configuration will be applied to all workload instances in the same namespace. + WorkloadSelector workload_selector = 1; + + // Ingress specifies the configuration of the sidecar for processing + // inbound traffic to the attached workload instance. If omitted, Istio will + // automatically configure the sidecar based on the information about the workload + // obtained from the orchestration platform (e.g., exposed ports, services, + // etc.). If specified, inbound ports are configured if and only if the + // workload instance is associated with a service. + repeated IstioIngressListener ingress = 2; + + // Egress specifies the configuration of the sidecar for processing + // outbound traffic from the attached workload instance to other + // services in the mesh. If not specified, inherits the system + // detected defaults from the namespace-wide or the global default Sidecar. + repeated IstioEgressListener egress = 3; + + // Settings controlling the volume of connections Envoy will accept from the network. + // This default will apply for all inbound listeners and can be overridden per-port + // in the `Ingress` field. This configuration mirrors the `DestinationRule`'s + // [`connectionPool`](https://istio.io/latest/docs/reference/config/networking/destination-rule/#ConnectionPoolSettings) field. + // + // By default, Istio applies a service's `DestinationRule` to client sidecars + // for outbound traffic directed at the service -- the usual case folks think + // of when configuring a `DestinationRule` -- but also to the server's inbound + // sidecar. The `Sidecar`'s connection pool configures the server's inbound + // sidecar directly, so its settings can be different than clients'. This is + // valuable, for example, when you have many clients calling few servers: a + // `DestinationRule` can limit the concurrency of any single client, while + // the `Sidecar` allows you to configure much higher concurrency on the server + // side. + // + // Connection pool settings for a server's inbound sidecar are configured in the + // following precedence, highest to lowest: + // - per-port `ConnectionPool` from the `Sidecar` + // - top level `InboundConnectionPool` from the `Sidecar` + // - per-port `TrafficPolicy.ConnectionPool` from the `DestinationRule` + // - top level `TrafficPolicy.ConnectionPool` from the `DestinationRule` + // - default connection pool settings (essentially unlimited) + // + // In every case, the connection pool settings are overriden, not merged. + ConnectionPoolSettings inbound_connection_pool = 7; + + // Configuration for the outbound traffic policy. If your + // application uses one or more external services that are not known + // apriori, setting the policy to `ALLOW_ANY` will cause the + // sidecars to route any unknown traffic originating from the + // application to its requested destination. If not specified, + // inherits the system detected defaults from the namespace-wide or + // the global default Sidecar. + OutboundTrafficPolicy outbound_traffic_policy = 4; + + reserved "localhost"; + reserved 5, 6; +} + +// `IstioIngressListener` specifies the properties of an inbound +// traffic listener on the sidecar proxy attached to a workload instance. +message IstioIngressListener { + // The port associated with the listener. + SidecarPort port = 1 [(google.api.field_behavior) = REQUIRED]; + + // The IP(IPv4 or IPv6) to which the listener should be bound. + // Unix domain socket addresses are not allowed in + // the bind field for ingress listeners. If omitted, Istio will + // automatically configure the defaults based on imported services + // and the workload instances to which this configuration is applied + // to. + string bind = 2; + + // The captureMode option dictates how traffic to the listener is + // expected to be captured (or not). + CaptureMode capture_mode = 3; + + // The IP endpoint or Unix domain socket to which + // traffic should be forwarded to. This configuration can be used to + // redirect traffic arriving at the bind `IP:Port` on the sidecar to a `localhost:port` + // or Unix domain socket where the application workload instance is listening for + // connections. Arbitrary IPs are not supported. Format should be one of + // `127.0.0.1:PORT`, `[::1]:PORT` (forward to localhost), + // `0.0.0.0:PORT`, `[::]:PORT` (forward to the instance IP), + // or `unix:///path/to/socket` (forward to Unix domain socket). + string default_endpoint = 4; + + reserved "localhost_client_tls"; + reserved 5, 6; + + // Set of TLS related options that will enable TLS termination on the + // sidecar for requests originating from outside the mesh. + // Currently supports only SIMPLE and MUTUAL TLS modes. + ServerTLSSettings tls = 7; + + // Settings controlling the volume of connections Envoy will accept from the network. + // This setting overrides the top-level default `inboundConnectionPool` to configure + // specific settings for this port. This configuration mirrors the `DestinationRule`'s + // [`PortTrafficPolicy.connectionPool`](https://istio.io/latest/docs/reference/config/networking/destination-rule/#TrafficPolicy-PortTrafficPolicy) field. + // This port level connection pool has the highest precedence in configuration, + // overriding both the `Sidecar`'s top level `InboundConnectionPool` as well as any + // connection pooling settings from the `DestinationRule`. + ConnectionPoolSettings connection_pool = 8; +} + +// `IstioEgressListener` specifies the properties of an outbound traffic +// listener on the sidecar proxy attached to a workload instance. +message IstioEgressListener { + // The port associated with the listener. If using Unix domain socket, + // use 0 as the port number, with a valid protocol. The port if + // specified, will be used as the default destination port associated + // with the imported hosts. If the port is omitted, Istio will infer the + // listener ports based on the imported hosts. Note that when multiple + // egress listeners are specified, where one or more listeners have + // specific ports while others have no port, the hosts exposed on a + // listener port will be based on the listener with the most specific + // port. + SidecarPort port = 1; + + // The IP(IPv4 or IPv6) or the Unix domain socket to which the listener should be bound + // to. Port MUST be specified if bind is not empty. Format: IPv4 or IPv6 address formats or + // `unix:///path/to/uds` or `unix://@foobar` (Linux abstract namespace). If + // omitted, Istio will automatically configure the defaults based on imported + // services, the workload instances to which this configuration is applied to and + // the captureMode. If captureMode is `NONE`, bind will default to + // 127.0.0.1. + string bind = 2; + + // When the bind address is an IP, the captureMode option dictates + // how traffic to the listener is expected to be captured (or not). + // captureMode must be DEFAULT or `NONE` for Unix domain socket binds. + CaptureMode capture_mode = 3; + + // One or more service hosts exposed by the listener + // in `namespace/dnsName` format. Services in the specified namespace + // matching `dnsName` will be exposed. + // The corresponding service can be a service in the service registry + // (e.g., a Kubernetes or cloud foundry service) or a service specified + // using a `ServiceEntry` or `VirtualService` configuration. Any + // associated `DestinationRule` in the same namespace will also be used. + // + // The `dnsName` should be specified using FQDN format, optionally including + // a wildcard character in the left-most component (e.g., `prod/*.example.com`). + // Set the `dnsName` to `*` to select all services from the specified namespace + // (e.g., `prod/*`). + // + // The `namespace` can be set to `*`, `.`, or `~`, representing any, the current, + // or no namespace, respectively. For example, `*/foo.example.com` selects the + // service from any available namespace while `./foo.example.com` only selects + // the service from the namespace of the sidecar. If a host is set to `*/*`, + // Istio will configure the sidecar to be able to reach every service in the + // mesh that is exported to the sidecar's namespace. The value `~/*` can be used + // to completely trim the configuration for sidecars that simply receive traffic + // and respond, but make no outbound connections of their own. + // + // NOTE: Only services and configuration artifacts exported to the sidecar's + // namespace (e.g., `exportTo` value of `*`) can be referenced. + // Private configurations (e.g., `exportTo` set to `.`) will + // not be available. Refer to the `exportTo` setting in `VirtualService`, + // `DestinationRule`, and `ServiceEntry` configurations for details. + repeated string hosts = 4 [(google.api.field_behavior) = REQUIRED]; + + reserved "localhost_server_tls"; + reserved 5, 6; +} + +// `WorkloadSelector` specifies the criteria used to determine if the +// `Gateway`, `Sidecar`, `EnvoyFilter`, `ServiceEntry`, or `DestinationRule` +// configuration can be applied to a proxy. The matching criteria +// includes the metadata associated with a proxy, workload instance +// info such as labels attached to the pod/VM, or any other info that +// the proxy provides to Istio during the initial handshake. If +// multiple conditions are specified, all conditions need to match in +// order for the workload instance to be selected. Currently, only +// label based selection mechanism is supported. +message WorkloadSelector { + // One or more labels that indicate a specific set of pods/VMs + // on which the configuration should be applied. The scope of + // label search is restricted to the configuration namespace in which the + // the resource is present. + map labels = 1; + + // $hide_from_docs + // other forms of identification supplied by the proxy + // when connecting to Pilot, such as X509 fields, tenant IDs, JWT, + // etc. This has nothing to do with the request level authN etc. +} + +// `OutboundTrafficPolicy` sets the default behavior of the sidecar for +// handling outbound traffic from the application. +// If your application uses one or more external +// services that are not known apriori, setting the policy to `ALLOW_ANY` +// will cause the sidecars to route any unknown traffic originating from +// the application to its requested destination. Users are strongly +// encouraged to use `ServiceEntry` configurations to explicitly declare any external +// dependencies, instead of using `ALLOW_ANY`, so that traffic to these +// services can be monitored. +message OutboundTrafficPolicy { + enum Mode { + // Outbound traffic will be restricted to services defined in the + // service registry as well as those defined through `ServiceEntry` configurations. + REGISTRY_ONLY = 0; + // Outbound traffic to unknown destinations will be allowed, in case + // there are no services or `ServiceEntry` configurations for the destination port. + ALLOW_ANY = 1; + } + Mode mode = 1; + + // Specifies the details of the egress proxy to which unknown + // traffic should be forwarded to from the sidecar. Valid only if + // the mode is set to ALLOW_ANY. If not specified when the mode is + // ALLOW_ANY, the sidecar will send the unknown traffic directly to + // the IP requested by the application. + // + // ** NOTE 1**: The specified egress host must be imported in the + // egress section for the traffic forwarding to work. + // + // ** NOTE 2**: An Envoy based egress gateway is unlikely to be able + // to handle plain text TCP connections forwarded from the sidecar. + // Envoy's dynamic forward proxy can handle only HTTP and TLS + // connections. + // $hide_from_docs + Destination egress_proxy = 2; +} + + +// `CaptureMode` describes how traffic to a listener is expected to be +// captured. Applicable only when the listener is bound to an IP. +enum CaptureMode { + // The default capture mode defined by the environment. + DEFAULT = 0; + + // Capture traffic using IPtables redirection. + IPTABLES = 1; + + // No traffic capture. When used in an egress listener, the application is + // expected to explicitly communicate with the listener port or Unix + // domain socket. When used in an ingress listener, care needs to be taken + // to ensure that the listener port is not in use by other processes on + // the host. + NONE = 2; +} + +// Port describes the properties of a specific port of a service. +message SidecarPort { + // A valid non-negative integer port number. + uint32 number = 1; + + // The protocol exposed on the port. + // MUST BE one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TLS. + // TLS can be either used to terminate non-HTTP based connections on a specific port + // or to route traffic based on SNI header to the destination without terminating the TLS connection. + string protocol = 2; + + // Label assigned to the port. + string name = 3; + + // Has no effect, only for backwards compatibility + // received. Applicable only when used with ServiceEntries. + // $hide_from_docs + uint32 target_port = 4 [deprecated=true]; +} diff --git a/networking/v1/sidecar_deepcopy.gen.go b/networking/v1/sidecar_deepcopy.gen.go new file mode 100644 index 00000000..be9368ec --- /dev/null +++ b/networking/v1/sidecar_deepcopy.gen.go @@ -0,0 +1,132 @@ +// Code generated by protoc-gen-deepcopy. DO NOT EDIT. +package v1 + +import ( + proto "google.golang.org/protobuf/proto" +) + +// DeepCopyInto supports using Sidecar within kubernetes types, where deepcopy-gen is used. +func (in *Sidecar) DeepCopyInto(out *Sidecar) { + p := proto.Clone(in).(*Sidecar) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Sidecar. Required by controller-gen. +func (in *Sidecar) DeepCopy() *Sidecar { + if in == nil { + return nil + } + out := new(Sidecar) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Sidecar. Required by controller-gen. +func (in *Sidecar) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using IstioIngressListener within kubernetes types, where deepcopy-gen is used. +func (in *IstioIngressListener) DeepCopyInto(out *IstioIngressListener) { + p := proto.Clone(in).(*IstioIngressListener) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IstioIngressListener. Required by controller-gen. +func (in *IstioIngressListener) DeepCopy() *IstioIngressListener { + if in == nil { + return nil + } + out := new(IstioIngressListener) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new IstioIngressListener. Required by controller-gen. +func (in *IstioIngressListener) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using IstioEgressListener within kubernetes types, where deepcopy-gen is used. +func (in *IstioEgressListener) DeepCopyInto(out *IstioEgressListener) { + p := proto.Clone(in).(*IstioEgressListener) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IstioEgressListener. Required by controller-gen. +func (in *IstioEgressListener) DeepCopy() *IstioEgressListener { + if in == nil { + return nil + } + out := new(IstioEgressListener) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new IstioEgressListener. Required by controller-gen. +func (in *IstioEgressListener) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using WorkloadSelector within kubernetes types, where deepcopy-gen is used. +func (in *WorkloadSelector) DeepCopyInto(out *WorkloadSelector) { + p := proto.Clone(in).(*WorkloadSelector) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadSelector. Required by controller-gen. +func (in *WorkloadSelector) DeepCopy() *WorkloadSelector { + if in == nil { + return nil + } + out := new(WorkloadSelector) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadSelector. Required by controller-gen. +func (in *WorkloadSelector) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using OutboundTrafficPolicy within kubernetes types, where deepcopy-gen is used. +func (in *OutboundTrafficPolicy) DeepCopyInto(out *OutboundTrafficPolicy) { + p := proto.Clone(in).(*OutboundTrafficPolicy) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OutboundTrafficPolicy. Required by controller-gen. +func (in *OutboundTrafficPolicy) DeepCopy() *OutboundTrafficPolicy { + if in == nil { + return nil + } + out := new(OutboundTrafficPolicy) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new OutboundTrafficPolicy. Required by controller-gen. +func (in *OutboundTrafficPolicy) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using SidecarPort within kubernetes types, where deepcopy-gen is used. +func (in *SidecarPort) DeepCopyInto(out *SidecarPort) { + p := proto.Clone(in).(*SidecarPort) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SidecarPort. Required by controller-gen. +func (in *SidecarPort) DeepCopy() *SidecarPort { + if in == nil { + return nil + } + out := new(SidecarPort) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new SidecarPort. Required by controller-gen. +func (in *SidecarPort) DeepCopyInterface() interface{} { + return in.DeepCopy() +} diff --git a/networking/v1/sidecar_json.gen.go b/networking/v1/sidecar_json.gen.go new file mode 100644 index 00000000..adc91304 --- /dev/null +++ b/networking/v1/sidecar_json.gen.go @@ -0,0 +1,78 @@ +// Code generated by protoc-gen-jsonshim. DO NOT EDIT. +package v1 + +import ( + bytes "bytes" + jsonpb "github.com/golang/protobuf/jsonpb" +) + +// MarshalJSON is a custom marshaler for Sidecar +func (this *Sidecar) MarshalJSON() ([]byte, error) { + str, err := SidecarMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for Sidecar +func (this *Sidecar) UnmarshalJSON(b []byte) error { + return SidecarUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for IstioIngressListener +func (this *IstioIngressListener) MarshalJSON() ([]byte, error) { + str, err := SidecarMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for IstioIngressListener +func (this *IstioIngressListener) UnmarshalJSON(b []byte) error { + return SidecarUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for IstioEgressListener +func (this *IstioEgressListener) MarshalJSON() ([]byte, error) { + str, err := SidecarMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for IstioEgressListener +func (this *IstioEgressListener) UnmarshalJSON(b []byte) error { + return SidecarUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for WorkloadSelector +func (this *WorkloadSelector) MarshalJSON() ([]byte, error) { + str, err := SidecarMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for WorkloadSelector +func (this *WorkloadSelector) UnmarshalJSON(b []byte) error { + return SidecarUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for OutboundTrafficPolicy +func (this *OutboundTrafficPolicy) MarshalJSON() ([]byte, error) { + str, err := SidecarMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for OutboundTrafficPolicy +func (this *OutboundTrafficPolicy) UnmarshalJSON(b []byte) error { + return SidecarUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for SidecarPort +func (this *SidecarPort) MarshalJSON() ([]byte, error) { + str, err := SidecarMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for SidecarPort +func (this *SidecarPort) UnmarshalJSON(b []byte) error { + return SidecarUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +var ( + SidecarMarshaler = &jsonpb.Marshaler{} + SidecarUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} +) diff --git a/networking/v1/virtual_service.pb.go b/networking/v1/virtual_service.pb.go new file mode 100644 index 00000000..ebff83fe --- /dev/null +++ b/networking/v1/virtual_service.pb.go @@ -0,0 +1,4389 @@ +// Copyright 2020 Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.33.0 +// protoc (unknown) +// source: networking/v1/virtual_service.proto + +// $schema: istio.networking.v1.VirtualService +// $title: Virtual Service +// $description: Configuration affecting label/content routing, sni routing, etc. +// $location: https://istio.io/docs/reference/config/networking/virtual-service.html +// $aliases: [/docs/reference/config/networking/v1/virtual-service] +// $mode: none + +// Configuration affecting traffic routing. Here are a few terms useful to define +// in the context of traffic routing. +// +// `Service` a unit of application behavior bound to a unique name in a +// service registry. Services consist of multiple network *endpoints* +// implemented by workload instances running on pods, containers, VMs etc. +// +// `Service versions (a.k.a. subsets)` - In a continuous deployment +// scenario, for a given service, there can be distinct subsets of +// instances running different variants of the application binary. These +// variants are not necessarily different API versions. They could be +// iterative changes to the same service, deployed in different +// environments (prod, staging, dev, etc.). Common scenarios where this +// occurs include A/B testing, canary rollouts, etc. The choice of a +// particular version can be decided based on various criterion (headers, +// url, etc.) and/or by weights assigned to each version. Each service has +// a default version consisting of all its instances. +// +// `Source` - A downstream client calling a service. +// +// `Host` - The address used by a client when attempting to connect to a +// service. +// +// `Access model` - Applications address only the destination service +// (Host) without knowledge of individual service versions (subsets). The +// actual choice of the version is determined by the proxy/sidecar, enabling the +// application code to decouple itself from the evolution of dependent +// services. +// +// A `VirtualService` defines a set of traffic routing rules to apply when a host is +// addressed. Each routing rule defines matching criteria for traffic of a specific +// protocol. If the traffic is matched, then it is sent to a named destination service +// (or subset/version of it) defined in the registry. +// +// The source of traffic can also be matched in a routing rule. This allows routing +// to be customized for specific client contexts. +// +// The following example on Kubernetes, routes all HTTP traffic by default to +// pods of the reviews service with label "version: v1". In addition, +// HTTP requests with path starting with /wpcatalog/ or /consumercatalog/ will +// be rewritten to /newcatalog and sent to pods with label "version: v2". +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: VirtualService +// metadata: +// name: reviews-route +// spec: +// hosts: +// - reviews.prod.svc.cluster.local +// http: +// - name: "reviews-v2-routes" +// match: +// - uri: +// prefix: "/wpcatalog" +// - uri: +// prefix: "/consumercatalog" +// rewrite: +// uri: "/newcatalog" +// route: +// - destination: +// host: reviews.prod.svc.cluster.local +// subset: v2 +// - name: "reviews-v1-route" +// route: +// - destination: +// host: reviews.prod.svc.cluster.local +// subset: v1 +// ``` +// +// A subset/version of a route destination is identified with a reference +// to a named service subset which must be declared in a corresponding +// `DestinationRule`. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: DestinationRule +// metadata: +// name: reviews-destination +// spec: +// host: reviews.prod.svc.cluster.local +// subsets: +// - name: v1 +// labels: +// version: v1 +// - name: v2 +// labels: +// version: v2 +// ``` + +package v1 + +import ( + duration "github.com/golang/protobuf/ptypes/duration" + wrappers "github.com/golang/protobuf/ptypes/wrappers" + _ "google.golang.org/genproto/googleapis/api/annotations" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type HTTPRedirect_RedirectPortSelection int32 + +const ( + HTTPRedirect_FROM_PROTOCOL_DEFAULT HTTPRedirect_RedirectPortSelection = 0 + HTTPRedirect_FROM_REQUEST_PORT HTTPRedirect_RedirectPortSelection = 1 +) + +// Enum value maps for HTTPRedirect_RedirectPortSelection. +var ( + HTTPRedirect_RedirectPortSelection_name = map[int32]string{ + 0: "FROM_PROTOCOL_DEFAULT", + 1: "FROM_REQUEST_PORT", + } + HTTPRedirect_RedirectPortSelection_value = map[string]int32{ + "FROM_PROTOCOL_DEFAULT": 0, + "FROM_REQUEST_PORT": 1, + } +) + +func (x HTTPRedirect_RedirectPortSelection) Enum() *HTTPRedirect_RedirectPortSelection { + p := new(HTTPRedirect_RedirectPortSelection) + *p = x + return p +} + +func (x HTTPRedirect_RedirectPortSelection) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (HTTPRedirect_RedirectPortSelection) Descriptor() protoreflect.EnumDescriptor { + return file_networking_v1_virtual_service_proto_enumTypes[0].Descriptor() +} + +func (HTTPRedirect_RedirectPortSelection) Type() protoreflect.EnumType { + return &file_networking_v1_virtual_service_proto_enumTypes[0] +} + +func (x HTTPRedirect_RedirectPortSelection) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use HTTPRedirect_RedirectPortSelection.Descriptor instead. +func (HTTPRedirect_RedirectPortSelection) EnumDescriptor() ([]byte, []int) { + return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{12, 0} +} + +// Configuration affecting traffic routing. +// +// +// +// +// +type VirtualService struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The destination hosts to which traffic is being sent. Could + // be a DNS name with wildcard prefix or an IP address. Depending on the + // platform, short-names can also be used instead of a FQDN (i.e. has no + // dots in the name). In such a scenario, the FQDN of the host would be + // derived based on the underlying platform. + // + // A single VirtualService can be used to describe all the traffic + // properties of the corresponding hosts, including those for multiple + // HTTP and TCP ports. Alternatively, the traffic properties of a host + // can be defined using more than one VirtualService, with certain + // caveats. Refer to the + // [Operations Guide](https://istio.io/docs/ops/best-practices/traffic-management/#split-virtual-services) + // for details. + // + // *Note for Kubernetes users*: When short names are used (e.g. "reviews" + // instead of "reviews.default.svc.cluster.local"), Istio will interpret + // the short name based on the namespace of the rule, not the service. A + // rule in the "default" namespace containing a host "reviews" will be + // interpreted as "reviews.default.svc.cluster.local", irrespective of + // the actual namespace associated with the reviews service. _To avoid + // potential misconfigurations, it is recommended to always use fully + // qualified domain names over short names._ + // + // The hosts field applies to both HTTP and TCP services. Service inside + // the mesh, i.e., those found in the service registry, must always be + // referred to using their alphanumeric names. IP addresses are allowed + // only for services defined via the Gateway. + // + // *Note*: It must be empty for a delegate VirtualService. + Hosts []string `protobuf:"bytes,1,rep,name=hosts,proto3" json:"hosts,omitempty"` + // The names of gateways and sidecars that should apply these routes. + // Gateways in other namespaces may be referred to by + // `/`; specifying a gateway with no + // namespace qualifier is the same as specifying the VirtualService's + // namespace. A single VirtualService is used for sidecars inside the mesh as + // well as for one or more gateways. The selection condition imposed by this + // field can be overridden using the source field in the match conditions + // of protocol-specific routes. The reserved word `mesh` is used to imply + // all the sidecars in the mesh. When this field is omitted, the default + // gateway (`mesh`) will be used, which would apply the rule to all + // sidecars in the mesh. If a list of gateway names is provided, the + // rules will apply only to the gateways. To apply the rules to both + // gateways and sidecars, specify `mesh` as one of the gateway names. + Gateways []string `protobuf:"bytes,2,rep,name=gateways,proto3" json:"gateways,omitempty"` + // An ordered list of route rules for HTTP traffic. HTTP routes will be + // applied to platform service ports using HTTP/HTTP2/GRPC protocols, gateway + // ports with protocol HTTP/HTTP2/GRPC/TLS-terminated-HTTPS and service + // entry ports using HTTP/HTTP2/GRPC protocols. The first rule matching + // an incoming request is used. + Http []*HTTPRoute `protobuf:"bytes,3,rep,name=http,proto3" json:"http,omitempty"` + // An ordered list of route rule for non-terminated TLS & HTTPS + // traffic. Routing is typically performed using the SNI value presented + // by the ClientHello message. TLS routes will be applied to platform + // service ports named 'https-*', 'tls-*', unterminated gateway ports using + // HTTPS/TLS protocols (i.e. with "passthrough" TLS mode) and service + // entry ports using HTTPS/TLS protocols. The first rule matching an + // incoming request is used. NOTE: Traffic 'https-*' or 'tls-*' ports + // without associated virtual service will be treated as opaque TCP + // traffic. + Tls []*TLSRoute `protobuf:"bytes,5,rep,name=tls,proto3" json:"tls,omitempty"` + // An ordered list of route rules for opaque TCP traffic. TCP routes will + // be applied to any port that is not a HTTP or TLS port. The first rule + // matching an incoming request is used. + Tcp []*TCPRoute `protobuf:"bytes,4,rep,name=tcp,proto3" json:"tcp,omitempty"` + // A list of namespaces to which this virtual service is exported. Exporting a + // virtual service allows it to be used by sidecars and gateways defined in + // other namespaces. This feature provides a mechanism for service owners + // and mesh administrators to control the visibility of virtual services + // across namespace boundaries. + // + // If no namespaces are specified then the virtual service is exported to all + // namespaces by default. + // + // The value "." is reserved and defines an export to the same namespace that + // the virtual service is declared in. Similarly the value "*" is reserved and + // defines an export to all namespaces. + ExportTo []string `protobuf:"bytes,6,rep,name=export_to,json=exportTo,proto3" json:"export_to,omitempty"` +} + +func (x *VirtualService) Reset() { + *x = VirtualService{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_virtual_service_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *VirtualService) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*VirtualService) ProtoMessage() {} + +func (x *VirtualService) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_virtual_service_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use VirtualService.ProtoReflect.Descriptor instead. +func (*VirtualService) Descriptor() ([]byte, []int) { + return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{0} +} + +func (x *VirtualService) GetHosts() []string { + if x != nil { + return x.Hosts + } + return nil +} + +func (x *VirtualService) GetGateways() []string { + if x != nil { + return x.Gateways + } + return nil +} + +func (x *VirtualService) GetHttp() []*HTTPRoute { + if x != nil { + return x.Http + } + return nil +} + +func (x *VirtualService) GetTls() []*TLSRoute { + if x != nil { + return x.Tls + } + return nil +} + +func (x *VirtualService) GetTcp() []*TCPRoute { + if x != nil { + return x.Tcp + } + return nil +} + +func (x *VirtualService) GetExportTo() []string { + if x != nil { + return x.ExportTo + } + return nil +} + +// Destination indicates the network addressable service to which the +// request/connection will be sent after processing a routing rule. The +// destination.host should unambiguously refer to a service in the service +// registry. Istio's service registry is composed of all the services found +// in the platform's service registry (e.g., Kubernetes services, Consul +// services), as well as services declared through the +// [ServiceEntry](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry) resource. +// +// *Note for Kubernetes users*: When short names are used (e.g. "reviews" +// instead of "reviews.default.svc.cluster.local"), Istio will interpret +// the short name based on the namespace of the rule, not the service. A +// rule in the "default" namespace containing a host "reviews will be +// interpreted as "reviews.default.svc.cluster.local", irrespective of the +// actual namespace associated with the reviews service. _To avoid potential +// misconfigurations, it is recommended to always use fully qualified +// domain names over short names._ +// +// The following Kubernetes example routes all traffic by default to pods +// of the reviews service with label "version: v1" (i.e., subset v1), and +// some to subset v2, in a Kubernetes environment. +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: VirtualService +// metadata: +// +// name: reviews-route +// namespace: foo +// +// spec: +// +// hosts: +// - reviews # interpreted as reviews.foo.svc.cluster.local +// http: +// - match: +// - uri: +// prefix: "/wpcatalog" +// - uri: +// prefix: "/consumercatalog" +// rewrite: +// uri: "/newcatalog" +// route: +// - destination: +// host: reviews # interpreted as reviews.foo.svc.cluster.local +// subset: v2 +// - route: +// - destination: +// host: reviews # interpreted as reviews.foo.svc.cluster.local +// subset: v1 +// +// ``` +// +// # And the associated DestinationRule +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: DestinationRule +// metadata: +// +// name: reviews-destination +// namespace: foo +// +// spec: +// +// host: reviews # interpreted as reviews.foo.svc.cluster.local +// subsets: +// - name: v1 +// labels: +// version: v1 +// - name: v2 +// labels: +// version: v2 +// +// ``` +// +// The following VirtualService sets a timeout of 5s for all calls to +// productpage.prod.svc.cluster.local service in Kubernetes. Notice that +// there are no subsets defined in this rule. Istio will fetch all +// instances of productpage.prod.svc.cluster.local service from the service +// registry and populate the sidecar's load balancing pool. Also, notice +// that this rule is set in the istio-system namespace but uses the fully +// qualified domain name of the productpage service, +// productpage.prod.svc.cluster.local. Therefore the rule's namespace does +// not have an impact in resolving the name of the productpage service. +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: VirtualService +// metadata: +// +// name: my-productpage-rule +// namespace: istio-system +// +// spec: +// +// hosts: +// - productpage.prod.svc.cluster.local # ignores rule namespace +// http: +// - timeout: 5s +// route: +// - destination: +// host: productpage.prod.svc.cluster.local +// +// ``` +// +// To control routing for traffic bound to services outside the mesh, external +// services must first be added to Istio's internal service registry using the +// ServiceEntry resource. VirtualServices can then be defined to control traffic +// bound to these external services. For example, the following rules define a +// Service for wikipedia.org and set a timeout of 5s for HTTP requests. +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: ServiceEntry +// metadata: +// +// name: external-svc-wikipedia +// +// spec: +// +// hosts: +// - wikipedia.org +// location: MESH_EXTERNAL +// ports: +// - number: 80 +// name: example-http +// protocol: HTTP +// resolution: DNS +// +// --- +// apiVersion: networking.istio.io/v1beta1 +// kind: VirtualService +// metadata: +// +// name: my-wiki-rule +// +// spec: +// +// hosts: +// - wikipedia.org +// http: +// - timeout: 5s +// route: +// - destination: +// host: wikipedia.org +// +// ``` +type Destination struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The name of a service from the service registry. Service + // names are looked up from the platform's service registry (e.g., + // Kubernetes services, Consul services, etc.) and from the hosts + // declared by [ServiceEntry](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry). Traffic forwarded to + // destinations that are not found in either of the two, will be dropped. + // + // *Note for Kubernetes users*: When short names are used (e.g. "reviews" + // instead of "reviews.default.svc.cluster.local"), Istio will interpret + // the short name based on the namespace of the rule, not the service. A + // rule in the "default" namespace containing a host "reviews will be + // interpreted as "reviews.default.svc.cluster.local", irrespective of + // the actual namespace associated with the reviews service. To avoid + // potential misconfiguration, it is recommended to always use fully + // qualified domain names over short names. + Host string `protobuf:"bytes,1,opt,name=host,proto3" json:"host,omitempty"` + // The name of a subset within the service. Applicable only to services + // within the mesh. The subset must be defined in a corresponding + // DestinationRule. + Subset string `protobuf:"bytes,2,opt,name=subset,proto3" json:"subset,omitempty"` + // Specifies the port on the host that is being addressed. If a service + // exposes only a single port it is not required to explicitly select the + // port. + Port *PortSelector `protobuf:"bytes,3,opt,name=port,proto3" json:"port,omitempty"` +} + +func (x *Destination) Reset() { + *x = Destination{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_virtual_service_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Destination) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Destination) ProtoMessage() {} + +func (x *Destination) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_virtual_service_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Destination.ProtoReflect.Descriptor instead. +func (*Destination) Descriptor() ([]byte, []int) { + return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{1} +} + +func (x *Destination) GetHost() string { + if x != nil { + return x.Host + } + return "" +} + +func (x *Destination) GetSubset() string { + if x != nil { + return x.Subset + } + return "" +} + +func (x *Destination) GetPort() *PortSelector { + if x != nil { + return x.Port + } + return nil +} + +// Describes match conditions and actions for routing HTTP/1.1, HTTP2, and +// gRPC traffic. See VirtualService for usage examples. +type HTTPRoute struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The name assigned to the route for debugging purposes. The + // route's name will be concatenated with the match's name and will + // be logged in the access logs for requests matching this + // route/match. + Name string `protobuf:"bytes,17,opt,name=name,proto3" json:"name,omitempty"` + // Match conditions to be satisfied for the rule to be + // activated. All conditions inside a single match block have AND + // semantics, while the list of match blocks have OR semantics. The rule + // is matched if any one of the match blocks succeed. + Match []*HTTPMatchRequest `protobuf:"bytes,1,rep,name=match,proto3" json:"match,omitempty"` + // A HTTP rule can either return a direct_response, redirect or forward (default) traffic. + // The forwarding target can be one of several versions of a service (see + // glossary in beginning of document). Weights associated with the + // service version determine the proportion of traffic it receives. + Route []*HTTPRouteDestination `protobuf:"bytes,2,rep,name=route,proto3" json:"route,omitempty"` + // A HTTP rule can either return a direct_response, redirect or forward (default) traffic. + // If traffic passthrough option is specified in the rule, + // route/redirect will be ignored. The redirect primitive can be used to + // send a HTTP 301 redirect to a different URI or Authority. + Redirect *HTTPRedirect `protobuf:"bytes,3,opt,name=redirect,proto3" json:"redirect,omitempty"` + // A HTTP rule can either return a direct_response, redirect or forward (default) traffic. + // Direct Response is used to specify a fixed response that should + // be sent to clients. + // + // It can be set only when `Route` and `Redirect` are empty. + DirectResponse *HTTPDirectResponse `protobuf:"bytes,21,opt,name=direct_response,json=directResponse,proto3" json:"direct_response,omitempty"` + // Delegate is used to specify the particular VirtualService which + // can be used to define delegate HTTPRoute. + // + // It can be set only when `Route` and `Redirect` are empty, and the route + // rules of the delegate VirtualService will be merged with that in the + // current one. + // + // **NOTE**: + // + // 1. Only one level delegation is supported. + // 2. The delegate's HTTPMatchRequest must be a strict subset of the root's, + // otherwise there is a conflict and the HTTPRoute will not take effect. + Delegate *Delegate `protobuf:"bytes,20,opt,name=delegate,proto3" json:"delegate,omitempty"` + // Rewrite HTTP URIs and Authority headers. Rewrite cannot be used with + // Redirect primitive. Rewrite will be performed before forwarding. + Rewrite *HTTPRewrite `protobuf:"bytes,4,opt,name=rewrite,proto3" json:"rewrite,omitempty"` + // Timeout for HTTP requests, default is disabled. + Timeout *duration.Duration `protobuf:"bytes,6,opt,name=timeout,proto3" json:"timeout,omitempty"` + // Retry policy for HTTP requests. + Retries *HTTPRetry `protobuf:"bytes,7,opt,name=retries,proto3" json:"retries,omitempty"` + // Fault injection policy to apply on HTTP traffic at the client side. + // Note that timeouts or retries will not be enabled when faults are + // enabled on the client side. + Fault *HTTPFaultInjection `protobuf:"bytes,8,opt,name=fault,proto3" json:"fault,omitempty"` + // Mirror HTTP traffic to a another destination in addition to forwarding + // the requests to the intended destination. Mirrored traffic is on a + // best effort basis where the sidecar/gateway will not wait for the + // mirrored cluster to respond before returning the response from the + // original destination. Statistics will be generated for the mirrored + // destination. + Mirror *Destination `protobuf:"bytes,9,opt,name=mirror,proto3" json:"mirror,omitempty"` + // Specifies the destinations to mirror HTTP traffic in addition + // to the original destination. Mirrored traffic is on a + // best effort basis where the sidecar/gateway will not wait for the + // mirrored destinations to respond before returning the response from the + // original destination. Statistics will be generated for the mirrored + // destination. + Mirrors []*HTTPMirrorPolicy `protobuf:"bytes,22,rep,name=mirrors,proto3" json:"mirrors,omitempty"` + // Percentage of the traffic to be mirrored by the `mirror` field. + // Use of integer `mirror_percent` value is deprecated. Use the + // double `mirror_percentage` field instead + // $hide_from_docs + // +kubebuilder:altName=mirror_percent + // + // Deprecated: Marked as deprecated in networking/v1/virtual_service.proto. + MirrorPercent *wrappers.UInt32Value `protobuf:"bytes,18,opt,name=mirror_percent,json=mirrorPercent,proto3" json:"mirror_percent,omitempty"` + // Percentage of the traffic to be mirrored by the `mirror` field. + // If this field is absent, all the traffic (100%) will be mirrored. + // Max value is 100. + MirrorPercentage *Percent `protobuf:"bytes,19,opt,name=mirror_percentage,json=mirrorPercentage,proto3" json:"mirror_percentage,omitempty"` + // Cross-Origin Resource Sharing policy (CORS). Refer to + // [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) + // for further details about cross origin resource sharing. + CorsPolicy *CorsPolicy `protobuf:"bytes,10,opt,name=cors_policy,json=corsPolicy,proto3" json:"cors_policy,omitempty"` + // Header manipulation rules + Headers *Headers `protobuf:"bytes,16,opt,name=headers,proto3" json:"headers,omitempty"` +} + +func (x *HTTPRoute) Reset() { + *x = HTTPRoute{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_virtual_service_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *HTTPRoute) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*HTTPRoute) ProtoMessage() {} + +func (x *HTTPRoute) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_virtual_service_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use HTTPRoute.ProtoReflect.Descriptor instead. +func (*HTTPRoute) Descriptor() ([]byte, []int) { + return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{2} +} + +func (x *HTTPRoute) GetName() string { + if x != nil { + return x.Name + } + return "" +} + +func (x *HTTPRoute) GetMatch() []*HTTPMatchRequest { + if x != nil { + return x.Match + } + return nil +} + +func (x *HTTPRoute) GetRoute() []*HTTPRouteDestination { + if x != nil { + return x.Route + } + return nil +} + +func (x *HTTPRoute) GetRedirect() *HTTPRedirect { + if x != nil { + return x.Redirect + } + return nil +} + +func (x *HTTPRoute) GetDirectResponse() *HTTPDirectResponse { + if x != nil { + return x.DirectResponse + } + return nil +} + +func (x *HTTPRoute) GetDelegate() *Delegate { + if x != nil { + return x.Delegate + } + return nil +} + +func (x *HTTPRoute) GetRewrite() *HTTPRewrite { + if x != nil { + return x.Rewrite + } + return nil +} + +func (x *HTTPRoute) GetTimeout() *duration.Duration { + if x != nil { + return x.Timeout + } + return nil +} + +func (x *HTTPRoute) GetRetries() *HTTPRetry { + if x != nil { + return x.Retries + } + return nil +} + +func (x *HTTPRoute) GetFault() *HTTPFaultInjection { + if x != nil { + return x.Fault + } + return nil +} + +func (x *HTTPRoute) GetMirror() *Destination { + if x != nil { + return x.Mirror + } + return nil +} + +func (x *HTTPRoute) GetMirrors() []*HTTPMirrorPolicy { + if x != nil { + return x.Mirrors + } + return nil +} + +// Deprecated: Marked as deprecated in networking/v1/virtual_service.proto. +func (x *HTTPRoute) GetMirrorPercent() *wrappers.UInt32Value { + if x != nil { + return x.MirrorPercent + } + return nil +} + +func (x *HTTPRoute) GetMirrorPercentage() *Percent { + if x != nil { + return x.MirrorPercentage + } + return nil +} + +func (x *HTTPRoute) GetCorsPolicy() *CorsPolicy { + if x != nil { + return x.CorsPolicy + } + return nil +} + +func (x *HTTPRoute) GetHeaders() *Headers { + if x != nil { + return x.Headers + } + return nil +} + +// Describes the delegate VirtualService. +// The following routing rules forward the traffic to `/productpage` by a delegate VirtualService named `productpage`, +// forward the traffic to `/reviews` by a delegate VirtualService named `reviews`. +// +// ```yaml +// apiVersion: networking.istio.io/v1alpha3 +// kind: VirtualService +// metadata: +// +// name: bookinfo +// +// spec: +// +// hosts: +// - "bookinfo.com" +// gateways: +// - mygateway +// http: +// - match: +// - uri: +// prefix: "/productpage" +// delegate: +// name: productpage +// namespace: nsA +// - match: +// - uri: +// prefix: "/reviews" +// delegate: +// name: reviews +// namespace: nsB +// +// ``` +// +// ```yaml +// apiVersion: networking.istio.io/v1alpha3 +// kind: VirtualService +// metadata: +// +// name: productpage +// namespace: nsA +// +// spec: +// +// http: +// - match: +// - uri: +// prefix: "/productpage/v1/" +// route: +// - destination: +// host: productpage-v1.nsA.svc.cluster.local +// - route: +// - destination: +// host: productpage.nsA.svc.cluster.local +// +// ``` +// +// ```yaml +// apiVersion: networking.istio.io/v1alpha3 +// kind: VirtualService +// metadata: +// +// name: reviews +// namespace: nsB +// +// spec: +// +// http: +// - route: +// - destination: +// host: reviews.nsB.svc.cluster.local +// +// ``` +type Delegate struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Name specifies the name of the delegate VirtualService. + Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` + // Namespace specifies the namespace where the delegate VirtualService resides. + // By default, it is same to the root's. + Namespace string `protobuf:"bytes,2,opt,name=namespace,proto3" json:"namespace,omitempty"` +} + +func (x *Delegate) Reset() { + *x = Delegate{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_virtual_service_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Delegate) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Delegate) ProtoMessage() {} + +func (x *Delegate) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_virtual_service_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Delegate.ProtoReflect.Descriptor instead. +func (*Delegate) Descriptor() ([]byte, []int) { + return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{3} +} + +func (x *Delegate) GetName() string { + if x != nil { + return x.Name + } + return "" +} + +func (x *Delegate) GetNamespace() string { + if x != nil { + return x.Namespace + } + return "" +} + +// Message headers can be manipulated when Envoy forwards requests to, +// or responses from, a destination service. Header manipulation rules can +// be specified for a specific route destination or for all destinations. +// The following VirtualService adds a `test` header with the value `true` +// to requests that are routed to any `reviews` service destination. +// It also removes the `foo` response header, but only from responses +// coming from the `v1` subset (version) of the `reviews` service. +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: VirtualService +// metadata: +// +// name: reviews-route +// +// spec: +// +// hosts: +// - reviews.prod.svc.cluster.local +// http: +// - headers: +// request: +// set: +// test: "true" +// route: +// - destination: +// host: reviews.prod.svc.cluster.local +// subset: v2 +// weight: 25 +// - destination: +// host: reviews.prod.svc.cluster.local +// subset: v1 +// headers: +// response: +// remove: +// - foo +// weight: 75 +// +// ``` +type Headers struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Header manipulation rules to apply before forwarding a request + // to the destination service + Request *Headers_HeaderOperations `protobuf:"bytes,1,opt,name=request,proto3" json:"request,omitempty"` + // Header manipulation rules to apply before returning a response + // to the caller + Response *Headers_HeaderOperations `protobuf:"bytes,2,opt,name=response,proto3" json:"response,omitempty"` +} + +func (x *Headers) Reset() { + *x = Headers{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_virtual_service_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Headers) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Headers) ProtoMessage() {} + +func (x *Headers) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_virtual_service_proto_msgTypes[4] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Headers.ProtoReflect.Descriptor instead. +func (*Headers) Descriptor() ([]byte, []int) { + return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{4} +} + +func (x *Headers) GetRequest() *Headers_HeaderOperations { + if x != nil { + return x.Request + } + return nil +} + +func (x *Headers) GetResponse() *Headers_HeaderOperations { + if x != nil { + return x.Response + } + return nil +} + +// Describes match conditions and actions for routing unterminated TLS +// traffic (TLS/HTTPS) The following routing rule forwards unterminated TLS +// traffic arriving at port 443 of gateway called "mygateway" to internal +// services in the mesh based on the SNI value. +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: VirtualService +// metadata: +// +// name: bookinfo-sni +// +// spec: +// +// hosts: +// - "*.bookinfo.com" +// gateways: +// - mygateway +// tls: +// - match: +// - port: 443 +// sniHosts: +// - login.bookinfo.com +// route: +// - destination: +// host: login.prod.svc.cluster.local +// - match: +// - port: 443 +// sniHosts: +// - reviews.bookinfo.com +// route: +// - destination: +// host: reviews.prod.svc.cluster.local +// +// ``` +type TLSRoute struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Match conditions to be satisfied for the rule to be + // activated. All conditions inside a single match block have AND + // semantics, while the list of match blocks have OR semantics. The rule + // is matched if any one of the match blocks succeed. + Match []*TLSMatchAttributes `protobuf:"bytes,1,rep,name=match,proto3" json:"match,omitempty"` + // The destination to which the connection should be forwarded to. + Route []*RouteDestination `protobuf:"bytes,2,rep,name=route,proto3" json:"route,omitempty"` +} + +func (x *TLSRoute) Reset() { + *x = TLSRoute{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_virtual_service_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *TLSRoute) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*TLSRoute) ProtoMessage() {} + +func (x *TLSRoute) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_virtual_service_proto_msgTypes[5] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use TLSRoute.ProtoReflect.Descriptor instead. +func (*TLSRoute) Descriptor() ([]byte, []int) { + return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{5} +} + +func (x *TLSRoute) GetMatch() []*TLSMatchAttributes { + if x != nil { + return x.Match + } + return nil +} + +func (x *TLSRoute) GetRoute() []*RouteDestination { + if x != nil { + return x.Route + } + return nil +} + +// Describes match conditions and actions for routing TCP traffic. The +// following routing rule forwards traffic arriving at port 27017 for +// mongo.prod.svc.cluster.local to another Mongo server on port 5555. +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: VirtualService +// metadata: +// +// name: bookinfo-mongo +// +// spec: +// +// hosts: +// - mongo.prod.svc.cluster.local +// tcp: +// - match: +// - port: 27017 +// route: +// - destination: +// host: mongo.backup.svc.cluster.local +// port: +// number: 5555 +// +// ``` +type TCPRoute struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Match conditions to be satisfied for the rule to be + // activated. All conditions inside a single match block have AND + // semantics, while the list of match blocks have OR semantics. The rule + // is matched if any one of the match blocks succeed. + Match []*L4MatchAttributes `protobuf:"bytes,1,rep,name=match,proto3" json:"match,omitempty"` + // The destination to which the connection should be forwarded to. + Route []*RouteDestination `protobuf:"bytes,2,rep,name=route,proto3" json:"route,omitempty"` +} + +func (x *TCPRoute) Reset() { + *x = TCPRoute{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_virtual_service_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *TCPRoute) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*TCPRoute) ProtoMessage() {} + +func (x *TCPRoute) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_virtual_service_proto_msgTypes[6] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use TCPRoute.ProtoReflect.Descriptor instead. +func (*TCPRoute) Descriptor() ([]byte, []int) { + return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{6} +} + +func (x *TCPRoute) GetMatch() []*L4MatchAttributes { + if x != nil { + return x.Match + } + return nil +} + +func (x *TCPRoute) GetRoute() []*RouteDestination { + if x != nil { + return x.Route + } + return nil +} + +// HttpMatchRequest specifies a set of criterion to be met in order for the +// rule to be applied to the HTTP request. For example, the following +// restricts the rule to match only requests where the URL path +// starts with /ratings/v2/ and the request contains a custom `end-user` header +// with value `jason`. +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: VirtualService +// metadata: +// +// name: ratings-route +// +// spec: +// +// hosts: +// - ratings.prod.svc.cluster.local +// http: +// - match: +// - headers: +// end-user: +// exact: jason +// uri: +// prefix: "/ratings/v2/" +// ignoreUriCase: true +// route: +// - destination: +// host: ratings.prod.svc.cluster.local +// +// ``` +// +// HTTPMatchRequest CANNOT be empty. +// **Note:** +// 1. If a root VirtualService have matched any property (path, header etc.) by regex, delegate VirtualServices should not have any other matches on the same property. +// 2. If a delegate VirtualService have matched any property (path, header etc.) by regex, root VirtualServices should not have any other matches on the same property. +type HTTPMatchRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The name assigned to a match. The match's name will be + // concatenated with the parent route's name and will be logged in + // the access logs for requests matching this route. + Name string `protobuf:"bytes,11,opt,name=name,proto3" json:"name,omitempty"` + // URI to match + // values are case-sensitive and formatted as follows: + // + // - `exact: "value"` for exact string match + // + // - `prefix: "value"` for prefix-based match + // + // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + // + // **Note:** Case-insensitive matching could be enabled via the + // `ignoreUriCase` flag. + Uri *StringMatch `protobuf:"bytes,1,opt,name=uri,proto3" json:"uri,omitempty"` + // URI Scheme + // values are case-sensitive and formatted as follows: + // + // - `exact: "value"` for exact string match + // + // - `prefix: "value"` for prefix-based match + // + // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + Scheme *StringMatch `protobuf:"bytes,2,opt,name=scheme,proto3" json:"scheme,omitempty"` + // HTTP Method + // values are case-sensitive and formatted as follows: + // + // - `exact: "value"` for exact string match + // + // - `prefix: "value"` for prefix-based match + // + // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + Method *StringMatch `protobuf:"bytes,3,opt,name=method,proto3" json:"method,omitempty"` + // HTTP Authority + // values are case-sensitive and formatted as follows: + // + // - `exact: "value"` for exact string match + // + // - `prefix: "value"` for prefix-based match + // + // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + Authority *StringMatch `protobuf:"bytes,4,opt,name=authority,proto3" json:"authority,omitempty"` + // The header keys must be lowercase and use hyphen as the separator, + // e.g. _x-request-id_. + // + // Header values are case-sensitive and formatted as follows: + // + // - `exact: "value"` for exact string match + // + // - `prefix: "value"` for prefix-based match + // + // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + // + // If the value is empty and only the name of header is specified, presence of the header is checked. + // To provide an empty value, use `{}`, for example: + // + // ``` + // - match: + // - headers: + // myheader: {} + // + // ``` + // **Note:** The keys `uri`, `scheme`, `method`, and `authority` will be ignored. + Headers map[string]*StringMatch `protobuf:"bytes,5,rep,name=headers,proto3" json:"headers,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + // Specifies the ports on the host that is being addressed. Many services + // only expose a single port or label ports with the protocols they support, + // in these cases it is not required to explicitly select the port. + Port uint32 `protobuf:"varint,6,opt,name=port,proto3" json:"port,omitempty"` + // One or more labels that constrain the applicability of a rule to source (client) workloads + // with the given labels. If the VirtualService has a list of gateways specified + // in the top-level `gateways` field, it must include the reserved gateway + // `mesh` for this field to be applicable. + SourceLabels map[string]string `protobuf:"bytes,7,rep,name=source_labels,json=sourceLabels,proto3" json:"source_labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + // Names of gateways where the rule should be applied. Gateway names + // in the top-level `gateways` field of the VirtualService (if any) are overridden. The gateway + // match is independent of sourceLabels. + Gateways []string `protobuf:"bytes,8,rep,name=gateways,proto3" json:"gateways,omitempty"` + // Query parameters for matching. + // + // Ex: + // + // - For a query parameter like "?key=true", the map key would be "key" and + // the string match could be defined as `exact: "true"`. + // + // - For a query parameter like "?key", the map key would be "key" and the + // string match could be defined as `exact: ""`. + // + // - For a query parameter like "?key=abc" or "?key=abx", the map key would be "key" and the + // string match could be defined as `prefix: "ab"`. + // + // - For a query parameter like "?key=123", the map key would be "key" and the + // string match could be defined as `regex: "\d+$"`. Note that this + // configuration will only match values like "123" but not "a123" or "123a". + QueryParams map[string]*StringMatch `protobuf:"bytes,9,rep,name=query_params,json=queryParams,proto3" json:"query_params,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + // Flag to specify whether the URI matching should be case-insensitive. + // + // **Note:** The case will be ignored only in the case of `exact` and `prefix` + // URI matches. + IgnoreUriCase bool `protobuf:"varint,10,opt,name=ignore_uri_case,json=ignoreUriCase,proto3" json:"ignore_uri_case,omitempty"` + // withoutHeader has the same syntax with the header, but has opposite meaning. + // If a header is matched with a matching rule among withoutHeader, the traffic becomes not matched one. + WithoutHeaders map[string]*StringMatch `protobuf:"bytes,12,rep,name=without_headers,json=withoutHeaders,proto3" json:"without_headers,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + // Source namespace constraining the applicability of a rule to workloads in that namespace. + // If the VirtualService has a list of gateways specified in the top-level `gateways` field, + // it must include the reserved gateway `mesh` for this field to be applicable. + SourceNamespace string `protobuf:"bytes,13,opt,name=source_namespace,json=sourceNamespace,proto3" json:"source_namespace,omitempty"` + // The human readable prefix to use when emitting statistics for this route. + // The statistics are generated with prefix route.. + // This should be set for highly critical routes that one wishes to get "per-route" statistics on. + // This prefix is only for proxy-level statistics (envoy_*) and not service-level (istio_*) statistics. + // Refer to https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-route-stat-prefix + // for statistics that are generated when this is configured. + StatPrefix string `protobuf:"bytes,14,opt,name=stat_prefix,json=statPrefix,proto3" json:"stat_prefix,omitempty"` +} + +func (x *HTTPMatchRequest) Reset() { + *x = HTTPMatchRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_virtual_service_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *HTTPMatchRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*HTTPMatchRequest) ProtoMessage() {} + +func (x *HTTPMatchRequest) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_virtual_service_proto_msgTypes[7] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use HTTPMatchRequest.ProtoReflect.Descriptor instead. +func (*HTTPMatchRequest) Descriptor() ([]byte, []int) { + return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{7} +} + +func (x *HTTPMatchRequest) GetName() string { + if x != nil { + return x.Name + } + return "" +} + +func (x *HTTPMatchRequest) GetUri() *StringMatch { + if x != nil { + return x.Uri + } + return nil +} + +func (x *HTTPMatchRequest) GetScheme() *StringMatch { + if x != nil { + return x.Scheme + } + return nil +} + +func (x *HTTPMatchRequest) GetMethod() *StringMatch { + if x != nil { + return x.Method + } + return nil +} + +func (x *HTTPMatchRequest) GetAuthority() *StringMatch { + if x != nil { + return x.Authority + } + return nil +} + +func (x *HTTPMatchRequest) GetHeaders() map[string]*StringMatch { + if x != nil { + return x.Headers + } + return nil +} + +func (x *HTTPMatchRequest) GetPort() uint32 { + if x != nil { + return x.Port + } + return 0 +} + +func (x *HTTPMatchRequest) GetSourceLabels() map[string]string { + if x != nil { + return x.SourceLabels + } + return nil +} + +func (x *HTTPMatchRequest) GetGateways() []string { + if x != nil { + return x.Gateways + } + return nil +} + +func (x *HTTPMatchRequest) GetQueryParams() map[string]*StringMatch { + if x != nil { + return x.QueryParams + } + return nil +} + +func (x *HTTPMatchRequest) GetIgnoreUriCase() bool { + if x != nil { + return x.IgnoreUriCase + } + return false +} + +func (x *HTTPMatchRequest) GetWithoutHeaders() map[string]*StringMatch { + if x != nil { + return x.WithoutHeaders + } + return nil +} + +func (x *HTTPMatchRequest) GetSourceNamespace() string { + if x != nil { + return x.SourceNamespace + } + return "" +} + +func (x *HTTPMatchRequest) GetStatPrefix() string { + if x != nil { + return x.StatPrefix + } + return "" +} + +// Each routing rule is associated with one or more service versions (see +// glossary in beginning of document). Weights associated with the version +// determine the proportion of traffic it receives. For example, the +// following rule will route 25% of traffic for the "reviews" service to +// instances with the "v2" tag and the remaining traffic (i.e., 75%) to +// "v1". +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: VirtualService +// metadata: +// +// name: reviews-route +// +// spec: +// +// hosts: +// - reviews.prod.svc.cluster.local +// http: +// - route: +// - destination: +// host: reviews.prod.svc.cluster.local +// subset: v2 +// weight: 25 +// - destination: +// host: reviews.prod.svc.cluster.local +// subset: v1 +// weight: 75 +// +// ``` +// +// # And the associated DestinationRule +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: DestinationRule +// metadata: +// +// name: reviews-destination +// +// spec: +// +// host: reviews.prod.svc.cluster.local +// subsets: +// - name: v1 +// labels: +// version: v1 +// - name: v2 +// labels: +// version: v2 +// +// ``` +// +// Traffic can also be split across two entirely different services without +// having to define new subsets. For example, the following rule forwards 25% of +// traffic to reviews.com to dev.reviews.com +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: VirtualService +// metadata: +// +// name: reviews-route-two-domains +// +// spec: +// +// hosts: +// - reviews.com +// http: +// - route: +// - destination: +// host: dev.reviews.com +// weight: 25 +// - destination: +// host: reviews.com +// weight: 75 +// +// ``` +type HTTPRouteDestination struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Destination uniquely identifies the instances of a service + // to which the request/connection should be forwarded to. + Destination *Destination `protobuf:"bytes,1,opt,name=destination,proto3" json:"destination,omitempty"` + // Weight specifies the relative proportion of traffic to be forwarded to the destination. A destination will receive `weight/(sum of all weights)` requests. + // If there is only one destination in a rule, it will receive all traffic. + // Otherwise, if weight is `0`, the destination will not receive any traffic. + Weight int32 `protobuf:"varint,2,opt,name=weight,proto3" json:"weight,omitempty"` + // Header manipulation rules + Headers *Headers `protobuf:"bytes,7,opt,name=headers,proto3" json:"headers,omitempty"` +} + +func (x *HTTPRouteDestination) Reset() { + *x = HTTPRouteDestination{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_virtual_service_proto_msgTypes[8] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *HTTPRouteDestination) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*HTTPRouteDestination) ProtoMessage() {} + +func (x *HTTPRouteDestination) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_virtual_service_proto_msgTypes[8] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use HTTPRouteDestination.ProtoReflect.Descriptor instead. +func (*HTTPRouteDestination) Descriptor() ([]byte, []int) { + return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{8} +} + +func (x *HTTPRouteDestination) GetDestination() *Destination { + if x != nil { + return x.Destination + } + return nil +} + +func (x *HTTPRouteDestination) GetWeight() int32 { + if x != nil { + return x.Weight + } + return 0 +} + +func (x *HTTPRouteDestination) GetHeaders() *Headers { + if x != nil { + return x.Headers + } + return nil +} + +// L4 routing rule weighted destination. +type RouteDestination struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Destination uniquely identifies the instances of a service + // to which the request/connection should be forwarded to. + Destination *Destination `protobuf:"bytes,1,opt,name=destination,proto3" json:"destination,omitempty"` + // Weight specifies the relative proportion of traffic to be forwarded to the destination. A destination will receive `weight/(sum of all weights)` requests. + // If there is only one destination in a rule, it will receive all traffic. + // Otherwise, if weight is `0`, the destination will not receive any traffic. + Weight int32 `protobuf:"varint,2,opt,name=weight,proto3" json:"weight,omitempty"` +} + +func (x *RouteDestination) Reset() { + *x = RouteDestination{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_virtual_service_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *RouteDestination) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*RouteDestination) ProtoMessage() {} + +func (x *RouteDestination) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_virtual_service_proto_msgTypes[9] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use RouteDestination.ProtoReflect.Descriptor instead. +func (*RouteDestination) Descriptor() ([]byte, []int) { + return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{9} +} + +func (x *RouteDestination) GetDestination() *Destination { + if x != nil { + return x.Destination + } + return nil +} + +func (x *RouteDestination) GetWeight() int32 { + if x != nil { + return x.Weight + } + return 0 +} + +// L4 connection match attributes. Note that L4 connection matching support +// is incomplete. +type L4MatchAttributes struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // IPv4 or IPv6 ip addresses of destination with optional subnet. E.g., + // a.b.c.d/xx form or just a.b.c.d. + DestinationSubnets []string `protobuf:"bytes,1,rep,name=destination_subnets,json=destinationSubnets,proto3" json:"destination_subnets,omitempty"` + // Specifies the port on the host that is being addressed. Many services + // only expose a single port or label ports with the protocols they support, + // in these cases it is not required to explicitly select the port. + Port uint32 `protobuf:"varint,2,opt,name=port,proto3" json:"port,omitempty"` + // IPv4 or IPv6 ip address of source with optional subnet. E.g., a.b.c.d/xx + // form or just a.b.c.d + // $hide_from_docs + SourceSubnet string `protobuf:"bytes,3,opt,name=source_subnet,json=sourceSubnet,proto3" json:"source_subnet,omitempty"` + // One or more labels that constrain the applicability of a rule to + // workloads with the given labels. If the VirtualService has a list of + // gateways specified in the top-level `gateways` field, it should include the reserved gateway + // `mesh` in order for this field to be applicable. + SourceLabels map[string]string `protobuf:"bytes,4,rep,name=source_labels,json=sourceLabels,proto3" json:"source_labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + // Names of gateways where the rule should be applied. Gateway names + // in the top-level `gateways` field of the VirtualService (if any) are overridden. The gateway + // match is independent of sourceLabels. + Gateways []string `protobuf:"bytes,5,rep,name=gateways,proto3" json:"gateways,omitempty"` + // Source namespace constraining the applicability of a rule to workloads in that namespace. + // If the VirtualService has a list of gateways specified in the top-level `gateways` field, + // it must include the reserved gateway `mesh` for this field to be applicable. + SourceNamespace string `protobuf:"bytes,6,opt,name=source_namespace,json=sourceNamespace,proto3" json:"source_namespace,omitempty"` +} + +func (x *L4MatchAttributes) Reset() { + *x = L4MatchAttributes{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_virtual_service_proto_msgTypes[10] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *L4MatchAttributes) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*L4MatchAttributes) ProtoMessage() {} + +func (x *L4MatchAttributes) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_virtual_service_proto_msgTypes[10] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use L4MatchAttributes.ProtoReflect.Descriptor instead. +func (*L4MatchAttributes) Descriptor() ([]byte, []int) { + return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{10} +} + +func (x *L4MatchAttributes) GetDestinationSubnets() []string { + if x != nil { + return x.DestinationSubnets + } + return nil +} + +func (x *L4MatchAttributes) GetPort() uint32 { + if x != nil { + return x.Port + } + return 0 +} + +func (x *L4MatchAttributes) GetSourceSubnet() string { + if x != nil { + return x.SourceSubnet + } + return "" +} + +func (x *L4MatchAttributes) GetSourceLabels() map[string]string { + if x != nil { + return x.SourceLabels + } + return nil +} + +func (x *L4MatchAttributes) GetGateways() []string { + if x != nil { + return x.Gateways + } + return nil +} + +func (x *L4MatchAttributes) GetSourceNamespace() string { + if x != nil { + return x.SourceNamespace + } + return "" +} + +// TLS connection match attributes. +type TLSMatchAttributes struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // SNI (server name indicator) to match on. Wildcard prefixes + // can be used in the SNI value, e.g., *.com will match foo.example.com + // as well as example.com. An SNI value must be a subset (i.e., fall + // within the domain) of the corresponding virtual service's hosts. + SniHosts []string `protobuf:"bytes,1,rep,name=sni_hosts,json=sniHosts,proto3" json:"sni_hosts,omitempty"` + // IPv4 or IPv6 ip addresses of destination with optional subnet. E.g., + // a.b.c.d/xx form or just a.b.c.d. + DestinationSubnets []string `protobuf:"bytes,2,rep,name=destination_subnets,json=destinationSubnets,proto3" json:"destination_subnets,omitempty"` + // Specifies the port on the host that is being addressed. Many services + // only expose a single port or label ports with the protocols they + // support, in these cases it is not required to explicitly select the + // port. + Port uint32 `protobuf:"varint,3,opt,name=port,proto3" json:"port,omitempty"` + // One or more labels that constrain the applicability of a rule to + // workloads with the given labels. If the VirtualService has a list of + // gateways specified in the top-level `gateways` field, it should include the reserved gateway + // `mesh` in order for this field to be applicable. + SourceLabels map[string]string `protobuf:"bytes,5,rep,name=source_labels,json=sourceLabels,proto3" json:"source_labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + // Names of gateways where the rule should be applied. Gateway names + // in the top-level `gateways` field of the VirtualService (if any) are overridden. The gateway + // match is independent of sourceLabels. + Gateways []string `protobuf:"bytes,6,rep,name=gateways,proto3" json:"gateways,omitempty"` + // Source namespace constraining the applicability of a rule to workloads in that namespace. + // If the VirtualService has a list of gateways specified in the top-level `gateways` field, + // it must include the reserved gateway `mesh` for this field to be applicable. + SourceNamespace string `protobuf:"bytes,7,opt,name=source_namespace,json=sourceNamespace,proto3" json:"source_namespace,omitempty"` +} + +func (x *TLSMatchAttributes) Reset() { + *x = TLSMatchAttributes{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_virtual_service_proto_msgTypes[11] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *TLSMatchAttributes) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*TLSMatchAttributes) ProtoMessage() {} + +func (x *TLSMatchAttributes) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_virtual_service_proto_msgTypes[11] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use TLSMatchAttributes.ProtoReflect.Descriptor instead. +func (*TLSMatchAttributes) Descriptor() ([]byte, []int) { + return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{11} +} + +func (x *TLSMatchAttributes) GetSniHosts() []string { + if x != nil { + return x.SniHosts + } + return nil +} + +func (x *TLSMatchAttributes) GetDestinationSubnets() []string { + if x != nil { + return x.DestinationSubnets + } + return nil +} + +func (x *TLSMatchAttributes) GetPort() uint32 { + if x != nil { + return x.Port + } + return 0 +} + +func (x *TLSMatchAttributes) GetSourceLabels() map[string]string { + if x != nil { + return x.SourceLabels + } + return nil +} + +func (x *TLSMatchAttributes) GetGateways() []string { + if x != nil { + return x.Gateways + } + return nil +} + +func (x *TLSMatchAttributes) GetSourceNamespace() string { + if x != nil { + return x.SourceNamespace + } + return "" +} + +// HTTPRedirect can be used to send a 301 redirect response to the caller, +// where the Authority/Host and the URI in the response can be swapped with +// the specified values. For example, the following rule redirects +// requests for /v1/getProductRatings API on the ratings service to +// /v1/bookRatings provided by the bookratings service. +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: VirtualService +// metadata: +// +// name: ratings-route +// +// spec: +// +// hosts: +// - ratings.prod.svc.cluster.local +// http: +// - match: +// - uri: +// exact: /v1/getProductRatings +// redirect: +// uri: /v1/bookRatings +// authority: newratings.default.svc.cluster.local +// ... +// +// ``` +type HTTPRedirect struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // On a redirect, overwrite the Path portion of the URL with this + // value. Note that the entire path will be replaced, irrespective of the + // request URI being matched as an exact path or prefix. + Uri string `protobuf:"bytes,1,opt,name=uri,proto3" json:"uri,omitempty"` + // On a redirect, overwrite the Authority/Host portion of the URL with + // this value. + Authority string `protobuf:"bytes,2,opt,name=authority,proto3" json:"authority,omitempty"` + // Types that are assignable to RedirectPort: + // + // *HTTPRedirect_Port + // *HTTPRedirect_DerivePort + RedirectPort isHTTPRedirect_RedirectPort `protobuf_oneof:"redirect_port"` + // On a redirect, overwrite the scheme portion of the URL with this value. + // For example, `http` or `https`. + // If unset, the original scheme will be used. + // If `derivePort` is set to `FROM_PROTOCOL_DEFAULT`, this will impact the port used as well + Scheme string `protobuf:"bytes,6,opt,name=scheme,proto3" json:"scheme,omitempty"` + // On a redirect, Specifies the HTTP status code to use in the redirect + // response. The default response code is MOVED_PERMANENTLY (301). + RedirectCode uint32 `protobuf:"varint,3,opt,name=redirect_code,json=redirectCode,proto3" json:"redirect_code,omitempty"` +} + +func (x *HTTPRedirect) Reset() { + *x = HTTPRedirect{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_virtual_service_proto_msgTypes[12] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *HTTPRedirect) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*HTTPRedirect) ProtoMessage() {} + +func (x *HTTPRedirect) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_virtual_service_proto_msgTypes[12] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use HTTPRedirect.ProtoReflect.Descriptor instead. +func (*HTTPRedirect) Descriptor() ([]byte, []int) { + return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{12} +} + +func (x *HTTPRedirect) GetUri() string { + if x != nil { + return x.Uri + } + return "" +} + +func (x *HTTPRedirect) GetAuthority() string { + if x != nil { + return x.Authority + } + return "" +} + +func (m *HTTPRedirect) GetRedirectPort() isHTTPRedirect_RedirectPort { + if m != nil { + return m.RedirectPort + } + return nil +} + +func (x *HTTPRedirect) GetPort() uint32 { + if x, ok := x.GetRedirectPort().(*HTTPRedirect_Port); ok { + return x.Port + } + return 0 +} + +func (x *HTTPRedirect) GetDerivePort() HTTPRedirect_RedirectPortSelection { + if x, ok := x.GetRedirectPort().(*HTTPRedirect_DerivePort); ok { + return x.DerivePort + } + return HTTPRedirect_FROM_PROTOCOL_DEFAULT +} + +func (x *HTTPRedirect) GetScheme() string { + if x != nil { + return x.Scheme + } + return "" +} + +func (x *HTTPRedirect) GetRedirectCode() uint32 { + if x != nil { + return x.RedirectCode + } + return 0 +} + +type isHTTPRedirect_RedirectPort interface { + isHTTPRedirect_RedirectPort() +} + +type HTTPRedirect_Port struct { + // On a redirect, overwrite the port portion of the URL with this value. + Port uint32 `protobuf:"varint,4,opt,name=port,proto3,oneof"` +} + +type HTTPRedirect_DerivePort struct { + // On a redirect, dynamically set the port: + // * FROM_PROTOCOL_DEFAULT: automatically set to 80 for HTTP and 443 for HTTPS. + // * FROM_REQUEST_PORT: automatically use the port of the request. + DerivePort HTTPRedirect_RedirectPortSelection `protobuf:"varint,5,opt,name=derive_port,json=derivePort,proto3,enum=istio.networking.v1.HTTPRedirect_RedirectPortSelection,oneof"` +} + +func (*HTTPRedirect_Port) isHTTPRedirect_RedirectPort() {} + +func (*HTTPRedirect_DerivePort) isHTTPRedirect_RedirectPort() {} + +// HTTPDirectResponse can be used to send a fixed response to clients. +// For example, the following rule returns a fixed 503 status with a body +// to requests for /v1/getProductRatings API. +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: VirtualService +// metadata: +// +// name: ratings-route +// +// spec: +// +// hosts: +// - ratings.prod.svc.cluster.local +// http: +// - match: +// - uri: +// exact: /v1/getProductRatings +// directResponse: +// status: 503 +// body: +// string: "unknown error" +// ... +// +// ``` +// +// It is also possible to specify a binary response body. +// This is mostly useful for non text-based protocols such as gRPC. +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: VirtualService +// metadata: +// +// name: ratings-route +// +// spec: +// +// hosts: +// - ratings.prod.svc.cluster.local +// http: +// - match: +// - uri: +// exact: /v1/getProductRatings +// directResponse: +// status: 503 +// body: +// bytes: "dW5rbm93biBlcnJvcg==" # "unknown error" in base64 +// ... +// +// ``` +// +// It is good practice to add headers in the HTTPRoute +// as well as the direct_response, for example to specify +// the returned Content-Type. +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: VirtualService +// metadata: +// +// name: ratings-route +// +// spec: +// +// hosts: +// - ratings.prod.svc.cluster.local +// http: +// - match: +// - uri: +// exact: /v1/getProductRatings +// directResponse: +// status: 503 +// body: +// string: "{\"error\": \"unknown error\"}" +// headers: +// response: +// set: +// content-type: "text/plain" +// ... +// +// ``` +type HTTPDirectResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Specifies the HTTP response status to be returned. + Status uint32 `protobuf:"varint,1,opt,name=status,proto3" json:"status,omitempty"` + // Specifies the content of the response body. If this setting is omitted, + // no body is included in the generated response. + Body *HTTPBody `protobuf:"bytes,2,opt,name=body,proto3" json:"body,omitempty"` +} + +func (x *HTTPDirectResponse) Reset() { + *x = HTTPDirectResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_virtual_service_proto_msgTypes[13] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *HTTPDirectResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*HTTPDirectResponse) ProtoMessage() {} + +func (x *HTTPDirectResponse) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_virtual_service_proto_msgTypes[13] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use HTTPDirectResponse.ProtoReflect.Descriptor instead. +func (*HTTPDirectResponse) Descriptor() ([]byte, []int) { + return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{13} +} + +func (x *HTTPDirectResponse) GetStatus() uint32 { + if x != nil { + return x.Status + } + return 0 +} + +func (x *HTTPDirectResponse) GetBody() *HTTPBody { + if x != nil { + return x.Body + } + return nil +} + +type HTTPBody struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Types that are assignable to Specifier: + // + // *HTTPBody_String_ + // *HTTPBody_Bytes + Specifier isHTTPBody_Specifier `protobuf_oneof:"specifier"` +} + +func (x *HTTPBody) Reset() { + *x = HTTPBody{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_virtual_service_proto_msgTypes[14] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *HTTPBody) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*HTTPBody) ProtoMessage() {} + +func (x *HTTPBody) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_virtual_service_proto_msgTypes[14] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use HTTPBody.ProtoReflect.Descriptor instead. +func (*HTTPBody) Descriptor() ([]byte, []int) { + return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{14} +} + +func (m *HTTPBody) GetSpecifier() isHTTPBody_Specifier { + if m != nil { + return m.Specifier + } + return nil +} + +func (x *HTTPBody) GetString_() string { + if x, ok := x.GetSpecifier().(*HTTPBody_String_); ok { + return x.String_ + } + return "" +} + +func (x *HTTPBody) GetBytes() []byte { + if x, ok := x.GetSpecifier().(*HTTPBody_Bytes); ok { + return x.Bytes + } + return nil +} + +type isHTTPBody_Specifier interface { + isHTTPBody_Specifier() +} + +type HTTPBody_String_ struct { + // response body as a string + String_ string `protobuf:"bytes,1,opt,name=string,proto3,oneof"` +} + +type HTTPBody_Bytes struct { + // response body as base64 encoded bytes. + Bytes []byte `protobuf:"bytes,2,opt,name=bytes,proto3,oneof"` +} + +func (*HTTPBody_String_) isHTTPBody_Specifier() {} + +func (*HTTPBody_Bytes) isHTTPBody_Specifier() {} + +// HTTPRewrite can be used to rewrite specific parts of a HTTP request +// before forwarding the request to the destination. Rewrite primitive can +// be used only with HTTPRouteDestination. The following example +// demonstrates how to rewrite the URL prefix for api call (/ratings) to +// ratings service before making the actual API call. +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: VirtualService +// metadata: +// +// name: ratings-route +// +// spec: +// +// hosts: +// - ratings.prod.svc.cluster.local +// http: +// - match: +// - uri: +// prefix: /ratings +// rewrite: +// uri: /v1/bookRatings +// route: +// - destination: +// host: ratings.prod.svc.cluster.local +// subset: v1 +// +// ``` +type HTTPRewrite struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // rewrite the path (or the prefix) portion of the URI with this + // value. If the original URI was matched based on prefix, the value + // provided in this field will replace the corresponding matched prefix. + Uri string `protobuf:"bytes,1,opt,name=uri,proto3" json:"uri,omitempty"` + // rewrite the Authority/Host header with this value. + Authority string `protobuf:"bytes,2,opt,name=authority,proto3" json:"authority,omitempty"` + // rewrite the path portion of the URI with the specified regex. + UriRegexRewrite *RegexRewrite `protobuf:"bytes,3,opt,name=uri_regex_rewrite,json=uriRegexRewrite,proto3" json:"uri_regex_rewrite,omitempty"` +} + +func (x *HTTPRewrite) Reset() { + *x = HTTPRewrite{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_virtual_service_proto_msgTypes[15] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *HTTPRewrite) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*HTTPRewrite) ProtoMessage() {} + +func (x *HTTPRewrite) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_virtual_service_proto_msgTypes[15] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use HTTPRewrite.ProtoReflect.Descriptor instead. +func (*HTTPRewrite) Descriptor() ([]byte, []int) { + return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{15} +} + +func (x *HTTPRewrite) GetUri() string { + if x != nil { + return x.Uri + } + return "" +} + +func (x *HTTPRewrite) GetAuthority() string { + if x != nil { + return x.Authority + } + return "" +} + +func (x *HTTPRewrite) GetUriRegexRewrite() *RegexRewrite { + if x != nil { + return x.UriRegexRewrite + } + return nil +} + +type RegexRewrite struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + Match string `protobuf:"bytes,1,opt,name=match,proto3" json:"match,omitempty"` + // The string that should replace into matching portions of original URI. + // Capture groups in the pattern can be referenced in the new URI. + // Examples: + // + // Example 1: rewrite with capture groups + // Path pattern "/service/update/v1/api" with match "^/service/([^/]+)(/.*)$" and + // rewrite string of "/customprefix/\2/\1" would transform into "/customprefix/v1/api/update". + // + // Example 2: case insensitive rewrite + // Path pattern "/aaa/XxX/bbb" with match "(?i)/xxx/" and a rewrite string of /yyy/ would do a + // case-insensitive match and transform the path to "/aaa/yyy/bbb". + Rewrite string `protobuf:"bytes,2,opt,name=rewrite,proto3" json:"rewrite,omitempty"` +} + +func (x *RegexRewrite) Reset() { + *x = RegexRewrite{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_virtual_service_proto_msgTypes[16] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *RegexRewrite) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*RegexRewrite) ProtoMessage() {} + +func (x *RegexRewrite) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_virtual_service_proto_msgTypes[16] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use RegexRewrite.ProtoReflect.Descriptor instead. +func (*RegexRewrite) Descriptor() ([]byte, []int) { + return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{16} +} + +func (x *RegexRewrite) GetMatch() string { + if x != nil { + return x.Match + } + return "" +} + +func (x *RegexRewrite) GetRewrite() string { + if x != nil { + return x.Rewrite + } + return "" +} + +// Describes how to match a given string in HTTP headers. Match is +// case-sensitive. +type StringMatch struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Types that are assignable to MatchType: + // + // *StringMatch_Exact + // *StringMatch_Prefix + // *StringMatch_Regex + MatchType isStringMatch_MatchType `protobuf_oneof:"match_type"` +} + +func (x *StringMatch) Reset() { + *x = StringMatch{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_virtual_service_proto_msgTypes[17] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *StringMatch) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*StringMatch) ProtoMessage() {} + +func (x *StringMatch) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_virtual_service_proto_msgTypes[17] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use StringMatch.ProtoReflect.Descriptor instead. +func (*StringMatch) Descriptor() ([]byte, []int) { + return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{17} +} + +func (m *StringMatch) GetMatchType() isStringMatch_MatchType { + if m != nil { + return m.MatchType + } + return nil +} + +func (x *StringMatch) GetExact() string { + if x, ok := x.GetMatchType().(*StringMatch_Exact); ok { + return x.Exact + } + return "" +} + +func (x *StringMatch) GetPrefix() string { + if x, ok := x.GetMatchType().(*StringMatch_Prefix); ok { + return x.Prefix + } + return "" +} + +func (x *StringMatch) GetRegex() string { + if x, ok := x.GetMatchType().(*StringMatch_Regex); ok { + return x.Regex + } + return "" +} + +type isStringMatch_MatchType interface { + isStringMatch_MatchType() +} + +type StringMatch_Exact struct { + // exact string match + Exact string `protobuf:"bytes,1,opt,name=exact,proto3,oneof"` +} + +type StringMatch_Prefix struct { + // prefix-based match + Prefix string `protobuf:"bytes,2,opt,name=prefix,proto3,oneof"` +} + +type StringMatch_Regex struct { + // RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + Regex string `protobuf:"bytes,3,opt,name=regex,proto3,oneof"` +} + +func (*StringMatch_Exact) isStringMatch_MatchType() {} + +func (*StringMatch_Prefix) isStringMatch_MatchType() {} + +func (*StringMatch_Regex) isStringMatch_MatchType() {} + +// Describes the retry policy to use when a HTTP request fails. For +// example, the following rule sets the maximum number of retries to 3 when +// calling ratings:v1 service, with a 2s timeout per retry attempt. +// A retry will be attempted if there is a connect-failure, refused_stream +// or when the upstream server responds with Service Unavailable(503). +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: VirtualService +// metadata: +// +// name: ratings-route +// +// spec: +// +// hosts: +// - ratings.prod.svc.cluster.local +// http: +// - route: +// - destination: +// host: ratings.prod.svc.cluster.local +// subset: v1 +// retries: +// attempts: 3 +// perTryTimeout: 2s +// retryOn: gateway-error,connect-failure,refused-stream +// +// ``` +type HTTPRetry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Number of retries to be allowed for a given request. The interval + // between retries will be determined automatically (25ms+). When request + // `timeout` of the [HTTP route](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPRoute) + // or `per_try_timeout` is configured, the actual number of retries attempted also depends on + // the specified request `timeout` and `per_try_timeout` values. MUST BE >= 0. If `0`, retries will be disabled. + // The maximum possible number of requests made will be 1 + `attempts`. + Attempts int32 `protobuf:"varint,1,opt,name=attempts,proto3" json:"attempts,omitempty"` + // Timeout per attempt for a given request, including the initial call and any retries. Format: 1h/1m/1s/1ms. MUST BE >=1ms. + // Default is same value as request + // `timeout` of the [HTTP route](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPRoute), + // which means no timeout. + PerTryTimeout *duration.Duration `protobuf:"bytes,2,opt,name=per_try_timeout,json=perTryTimeout,proto3" json:"per_try_timeout,omitempty"` + // Specifies the conditions under which retry takes place. + // One or more policies can be specified using a ‘,’ delimited list. + // If `retry_on` specifies a valid HTTP status, it will be added to retriable_status_codes retry policy. + // See the [retry policies](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-on) + // and [gRPC retry policies](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-grpc-on) for more details. + RetryOn string `protobuf:"bytes,3,opt,name=retry_on,json=retryOn,proto3" json:"retry_on,omitempty"` + // Flag to specify whether the retries should retry to other localities. + // See the [retry plugin configuration](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/http/http_connection_management#retry-plugin-configuration) for more details. + RetryRemoteLocalities *wrappers.BoolValue `protobuf:"bytes,4,opt,name=retry_remote_localities,json=retryRemoteLocalities,proto3" json:"retry_remote_localities,omitempty"` +} + +func (x *HTTPRetry) Reset() { + *x = HTTPRetry{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_virtual_service_proto_msgTypes[18] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *HTTPRetry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*HTTPRetry) ProtoMessage() {} + +func (x *HTTPRetry) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_virtual_service_proto_msgTypes[18] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use HTTPRetry.ProtoReflect.Descriptor instead. +func (*HTTPRetry) Descriptor() ([]byte, []int) { + return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{18} +} + +func (x *HTTPRetry) GetAttempts() int32 { + if x != nil { + return x.Attempts + } + return 0 +} + +func (x *HTTPRetry) GetPerTryTimeout() *duration.Duration { + if x != nil { + return x.PerTryTimeout + } + return nil +} + +func (x *HTTPRetry) GetRetryOn() string { + if x != nil { + return x.RetryOn + } + return "" +} + +func (x *HTTPRetry) GetRetryRemoteLocalities() *wrappers.BoolValue { + if x != nil { + return x.RetryRemoteLocalities + } + return nil +} + +// Describes the Cross-Origin Resource Sharing (CORS) policy, for a given +// service. Refer to [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS) +// for further details about cross origin resource sharing. For example, +// the following rule restricts cross origin requests to those originating +// from example.com domain using HTTP POST/GET, and sets the +// `Access-Control-Allow-Credentials` header to false. In addition, it only +// exposes `X-Foo-bar` header and sets an expiry period of 1 day. +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: VirtualService +// metadata: +// +// name: ratings-route +// +// spec: +// +// hosts: +// - ratings.prod.svc.cluster.local +// http: +// - route: +// - destination: +// host: ratings.prod.svc.cluster.local +// subset: v1 +// corsPolicy: +// allowOrigins: +// - exact: https://example.com +// allowMethods: +// - POST +// - GET +// allowCredentials: false +// allowHeaders: +// - X-Foo-Bar +// maxAge: "24h" +// +// ``` +type CorsPolicy struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The list of origins that are allowed to perform CORS requests. The + // content will be serialized into the Access-Control-Allow-Origin + // header. Wildcard * will allow all origins. + // $hide_from_docs + // + // Deprecated: Marked as deprecated in networking/v1/virtual_service.proto. + AllowOrigin []string `protobuf:"bytes,1,rep,name=allow_origin,json=allowOrigin,proto3" json:"allow_origin,omitempty"` + // String patterns that match allowed origins. + // An origin is allowed if any of the string matchers match. + // If a match is found, then the outgoing Access-Control-Allow-Origin would be set to the origin as provided by the client. + AllowOrigins []*StringMatch `protobuf:"bytes,7,rep,name=allow_origins,json=allowOrigins,proto3" json:"allow_origins,omitempty"` + // List of HTTP methods allowed to access the resource. The content will + // be serialized into the Access-Control-Allow-Methods header. + AllowMethods []string `protobuf:"bytes,2,rep,name=allow_methods,json=allowMethods,proto3" json:"allow_methods,omitempty"` + // List of HTTP headers that can be used when requesting the + // resource. Serialized to Access-Control-Allow-Headers header. + AllowHeaders []string `protobuf:"bytes,3,rep,name=allow_headers,json=allowHeaders,proto3" json:"allow_headers,omitempty"` + // A list of HTTP headers that the browsers are allowed to + // access. Serialized into Access-Control-Expose-Headers header. + ExposeHeaders []string `protobuf:"bytes,4,rep,name=expose_headers,json=exposeHeaders,proto3" json:"expose_headers,omitempty"` + // Specifies how long the results of a preflight request can be + // cached. Translates to the `Access-Control-Max-Age` header. + MaxAge *duration.Duration `protobuf:"bytes,5,opt,name=max_age,json=maxAge,proto3" json:"max_age,omitempty"` + // Indicates whether the caller is allowed to send the actual request + // (not the preflight) using credentials. Translates to + // `Access-Control-Allow-Credentials` header. + AllowCredentials *wrappers.BoolValue `protobuf:"bytes,6,opt,name=allow_credentials,json=allowCredentials,proto3" json:"allow_credentials,omitempty"` +} + +func (x *CorsPolicy) Reset() { + *x = CorsPolicy{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_virtual_service_proto_msgTypes[19] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CorsPolicy) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CorsPolicy) ProtoMessage() {} + +func (x *CorsPolicy) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_virtual_service_proto_msgTypes[19] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CorsPolicy.ProtoReflect.Descriptor instead. +func (*CorsPolicy) Descriptor() ([]byte, []int) { + return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{19} +} + +// Deprecated: Marked as deprecated in networking/v1/virtual_service.proto. +func (x *CorsPolicy) GetAllowOrigin() []string { + if x != nil { + return x.AllowOrigin + } + return nil +} + +func (x *CorsPolicy) GetAllowOrigins() []*StringMatch { + if x != nil { + return x.AllowOrigins + } + return nil +} + +func (x *CorsPolicy) GetAllowMethods() []string { + if x != nil { + return x.AllowMethods + } + return nil +} + +func (x *CorsPolicy) GetAllowHeaders() []string { + if x != nil { + return x.AllowHeaders + } + return nil +} + +func (x *CorsPolicy) GetExposeHeaders() []string { + if x != nil { + return x.ExposeHeaders + } + return nil +} + +func (x *CorsPolicy) GetMaxAge() *duration.Duration { + if x != nil { + return x.MaxAge + } + return nil +} + +func (x *CorsPolicy) GetAllowCredentials() *wrappers.BoolValue { + if x != nil { + return x.AllowCredentials + } + return nil +} + +// HTTPFaultInjection can be used to specify one or more faults to inject +// while forwarding HTTP requests to the destination specified in a route. +// Fault specification is part of a VirtualService rule. Faults include +// aborting the Http request from downstream service, and/or delaying +// proxying of requests. A fault rule MUST HAVE delay or abort or both. +// +// *Note:* Delay and abort faults are independent of one another, even if +// both are specified simultaneously. +type HTTPFaultInjection struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Delay requests before forwarding, emulating various failures such as + // network issues, overloaded upstream service, etc. + Delay *HTTPFaultInjection_Delay `protobuf:"bytes,1,opt,name=delay,proto3" json:"delay,omitempty"` + // Abort Http request attempts and return error codes back to downstream + // service, giving the impression that the upstream service is faulty. + Abort *HTTPFaultInjection_Abort `protobuf:"bytes,2,opt,name=abort,proto3" json:"abort,omitempty"` +} + +func (x *HTTPFaultInjection) Reset() { + *x = HTTPFaultInjection{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_virtual_service_proto_msgTypes[20] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *HTTPFaultInjection) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*HTTPFaultInjection) ProtoMessage() {} + +func (x *HTTPFaultInjection) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_virtual_service_proto_msgTypes[20] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use HTTPFaultInjection.ProtoReflect.Descriptor instead. +func (*HTTPFaultInjection) Descriptor() ([]byte, []int) { + return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{20} +} + +func (x *HTTPFaultInjection) GetDelay() *HTTPFaultInjection_Delay { + if x != nil { + return x.Delay + } + return nil +} + +func (x *HTTPFaultInjection) GetAbort() *HTTPFaultInjection_Abort { + if x != nil { + return x.Abort + } + return nil +} + +// HTTPMirrorPolicy can be used to specify the destinations to mirror HTTP traffic in addition +// to the original destination. Mirrored traffic is on a +// best effort basis where the sidecar/gateway will not wait for the +// mirrored destinations to respond before returning the response from the +// original destination. Statistics will be generated for the mirrored +// destination. +type HTTPMirrorPolicy struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Destination specifies the target of the mirror operation. + Destination *Destination `protobuf:"bytes,1,opt,name=destination,proto3" json:"destination,omitempty"` + // Percentage of the traffic to be mirrored by the `destination` field. + // If this field is absent, all the traffic (100%) will be mirrored. + // Max value is 100. + Percentage *Percent `protobuf:"bytes,2,opt,name=percentage,proto3" json:"percentage,omitempty"` +} + +func (x *HTTPMirrorPolicy) Reset() { + *x = HTTPMirrorPolicy{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_virtual_service_proto_msgTypes[21] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *HTTPMirrorPolicy) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*HTTPMirrorPolicy) ProtoMessage() {} + +func (x *HTTPMirrorPolicy) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_virtual_service_proto_msgTypes[21] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use HTTPMirrorPolicy.ProtoReflect.Descriptor instead. +func (*HTTPMirrorPolicy) Descriptor() ([]byte, []int) { + return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{21} +} + +func (x *HTTPMirrorPolicy) GetDestination() *Destination { + if x != nil { + return x.Destination + } + return nil +} + +func (x *HTTPMirrorPolicy) GetPercentage() *Percent { + if x != nil { + return x.Percentage + } + return nil +} + +// PortSelector specifies the number of a port to be used for +// matching or selection for final routing. +type PortSelector struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Valid port number + Number uint32 `protobuf:"varint,1,opt,name=number,proto3" json:"number,omitempty"` +} + +func (x *PortSelector) Reset() { + *x = PortSelector{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_virtual_service_proto_msgTypes[22] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *PortSelector) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*PortSelector) ProtoMessage() {} + +func (x *PortSelector) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_virtual_service_proto_msgTypes[22] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use PortSelector.ProtoReflect.Descriptor instead. +func (*PortSelector) Descriptor() ([]byte, []int) { + return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{22} +} + +func (x *PortSelector) GetNumber() uint32 { + if x != nil { + return x.Number + } + return 0 +} + +// Percent specifies a percentage in the range of [0.0, 100.0]. +type Percent struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Value float64 `protobuf:"fixed64,1,opt,name=value,proto3" json:"value,omitempty"` +} + +func (x *Percent) Reset() { + *x = Percent{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_virtual_service_proto_msgTypes[23] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Percent) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Percent) ProtoMessage() {} + +func (x *Percent) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_virtual_service_proto_msgTypes[23] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Percent.ProtoReflect.Descriptor instead. +func (*Percent) Descriptor() ([]byte, []int) { + return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{23} +} + +func (x *Percent) GetValue() float64 { + if x != nil { + return x.Value + } + return 0 +} + +// HeaderOperations Describes the header manipulations to apply +type Headers_HeaderOperations struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Overwrite the headers specified by key with the given values + Set map[string]string `protobuf:"bytes,1,rep,name=set,proto3" json:"set,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + // Append the given values to the headers specified by keys + // (will create a comma-separated list of values) + Add map[string]string `protobuf:"bytes,2,rep,name=add,proto3" json:"add,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + // Remove the specified headers + Remove []string `protobuf:"bytes,3,rep,name=remove,proto3" json:"remove,omitempty"` +} + +func (x *Headers_HeaderOperations) Reset() { + *x = Headers_HeaderOperations{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_virtual_service_proto_msgTypes[24] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Headers_HeaderOperations) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Headers_HeaderOperations) ProtoMessage() {} + +func (x *Headers_HeaderOperations) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_virtual_service_proto_msgTypes[24] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Headers_HeaderOperations.ProtoReflect.Descriptor instead. +func (*Headers_HeaderOperations) Descriptor() ([]byte, []int) { + return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{4, 0} +} + +func (x *Headers_HeaderOperations) GetSet() map[string]string { + if x != nil { + return x.Set + } + return nil +} + +func (x *Headers_HeaderOperations) GetAdd() map[string]string { + if x != nil { + return x.Add + } + return nil +} + +func (x *Headers_HeaderOperations) GetRemove() []string { + if x != nil { + return x.Remove + } + return nil +} + +// Delay specification is used to inject latency into the request +// forwarding path. The following example will introduce a 5 second delay +// in 1 out of every 1000 requests to the "v1" version of the "reviews" +// service from all pods with label env: prod +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: VirtualService +// metadata: +// +// name: reviews-route +// +// spec: +// +// hosts: +// - reviews.prod.svc.cluster.local +// http: +// - match: +// - sourceLabels: +// env: prod +// route: +// - destination: +// host: reviews.prod.svc.cluster.local +// subset: v1 +// fault: +// delay: +// percentage: +// value: 0.1 +// fixedDelay: 5s +// +// ``` +// +// The _fixedDelay_ field is used to indicate the amount of delay in seconds. +// The optional _percentage_ field can be used to only delay a certain +// percentage of requests. If left unspecified, no request will be delayed. +type HTTPFaultInjection_Delay struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Percentage of requests on which the delay will be injected (0-100). + // Use of integer `percent` value is deprecated. Use the double `percentage` + // field instead. + // + // Deprecated: Marked as deprecated in networking/v1/virtual_service.proto. + Percent int32 `protobuf:"varint,1,opt,name=percent,proto3" json:"percent,omitempty"` + // Types that are assignable to HttpDelayType: + // + // *HTTPFaultInjection_Delay_FixedDelay + // *HTTPFaultInjection_Delay_ExponentialDelay + HttpDelayType isHTTPFaultInjection_Delay_HttpDelayType `protobuf_oneof:"http_delay_type"` + // Percentage of requests on which the delay will be injected. + // If left unspecified, no request will be delayed. + Percentage *Percent `protobuf:"bytes,5,opt,name=percentage,proto3" json:"percentage,omitempty"` +} + +func (x *HTTPFaultInjection_Delay) Reset() { + *x = HTTPFaultInjection_Delay{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_virtual_service_proto_msgTypes[33] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *HTTPFaultInjection_Delay) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*HTTPFaultInjection_Delay) ProtoMessage() {} + +func (x *HTTPFaultInjection_Delay) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_virtual_service_proto_msgTypes[33] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use HTTPFaultInjection_Delay.ProtoReflect.Descriptor instead. +func (*HTTPFaultInjection_Delay) Descriptor() ([]byte, []int) { + return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{20, 0} +} + +// Deprecated: Marked as deprecated in networking/v1/virtual_service.proto. +func (x *HTTPFaultInjection_Delay) GetPercent() int32 { + if x != nil { + return x.Percent + } + return 0 +} + +func (m *HTTPFaultInjection_Delay) GetHttpDelayType() isHTTPFaultInjection_Delay_HttpDelayType { + if m != nil { + return m.HttpDelayType + } + return nil +} + +func (x *HTTPFaultInjection_Delay) GetFixedDelay() *duration.Duration { + if x, ok := x.GetHttpDelayType().(*HTTPFaultInjection_Delay_FixedDelay); ok { + return x.FixedDelay + } + return nil +} + +func (x *HTTPFaultInjection_Delay) GetExponentialDelay() *duration.Duration { + if x, ok := x.GetHttpDelayType().(*HTTPFaultInjection_Delay_ExponentialDelay); ok { + return x.ExponentialDelay + } + return nil +} + +func (x *HTTPFaultInjection_Delay) GetPercentage() *Percent { + if x != nil { + return x.Percentage + } + return nil +} + +type isHTTPFaultInjection_Delay_HttpDelayType interface { + isHTTPFaultInjection_Delay_HttpDelayType() +} + +type HTTPFaultInjection_Delay_FixedDelay struct { + // Add a fixed delay before forwarding the request. Format: + // 1h/1m/1s/1ms. MUST be >=1ms. + FixedDelay *duration.Duration `protobuf:"bytes,2,opt,name=fixed_delay,json=fixedDelay,proto3,oneof"` +} + +type HTTPFaultInjection_Delay_ExponentialDelay struct { + // $hide_from_docs + ExponentialDelay *duration.Duration `protobuf:"bytes,3,opt,name=exponential_delay,json=exponentialDelay,proto3,oneof"` +} + +func (*HTTPFaultInjection_Delay_FixedDelay) isHTTPFaultInjection_Delay_HttpDelayType() {} + +func (*HTTPFaultInjection_Delay_ExponentialDelay) isHTTPFaultInjection_Delay_HttpDelayType() {} + +// Abort specification is used to prematurely abort a request with a +// pre-specified error code. The following example will return an HTTP 400 +// error code for 1 out of every 1000 requests to the "ratings" service "v1". +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: VirtualService +// metadata: +// +// name: ratings-route +// +// spec: +// +// hosts: +// - ratings.prod.svc.cluster.local +// http: +// - route: +// - destination: +// host: ratings.prod.svc.cluster.local +// subset: v1 +// fault: +// abort: +// percentage: +// value: 0.1 +// httpStatus: 400 +// +// ``` +// +// The _httpStatus_ field is used to indicate the HTTP status code to +// return to the caller. The optional _percentage_ field can be used to only +// abort a certain percentage of requests. If not specified, no request will be +// aborted. +type HTTPFaultInjection_Abort struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Types that are assignable to ErrorType: + // + // *HTTPFaultInjection_Abort_HttpStatus + // *HTTPFaultInjection_Abort_GrpcStatus + // *HTTPFaultInjection_Abort_Http2Error + ErrorType isHTTPFaultInjection_Abort_ErrorType `protobuf_oneof:"error_type"` + // Percentage of requests to be aborted with the error code provided. + // If not specified, no request will be aborted. + Percentage *Percent `protobuf:"bytes,5,opt,name=percentage,proto3" json:"percentage,omitempty"` +} + +func (x *HTTPFaultInjection_Abort) Reset() { + *x = HTTPFaultInjection_Abort{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_virtual_service_proto_msgTypes[34] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *HTTPFaultInjection_Abort) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*HTTPFaultInjection_Abort) ProtoMessage() {} + +func (x *HTTPFaultInjection_Abort) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_virtual_service_proto_msgTypes[34] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use HTTPFaultInjection_Abort.ProtoReflect.Descriptor instead. +func (*HTTPFaultInjection_Abort) Descriptor() ([]byte, []int) { + return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{20, 1} +} + +func (m *HTTPFaultInjection_Abort) GetErrorType() isHTTPFaultInjection_Abort_ErrorType { + if m != nil { + return m.ErrorType + } + return nil +} + +func (x *HTTPFaultInjection_Abort) GetHttpStatus() int32 { + if x, ok := x.GetErrorType().(*HTTPFaultInjection_Abort_HttpStatus); ok { + return x.HttpStatus + } + return 0 +} + +func (x *HTTPFaultInjection_Abort) GetGrpcStatus() string { + if x, ok := x.GetErrorType().(*HTTPFaultInjection_Abort_GrpcStatus); ok { + return x.GrpcStatus + } + return "" +} + +func (x *HTTPFaultInjection_Abort) GetHttp2Error() string { + if x, ok := x.GetErrorType().(*HTTPFaultInjection_Abort_Http2Error); ok { + return x.Http2Error + } + return "" +} + +func (x *HTTPFaultInjection_Abort) GetPercentage() *Percent { + if x != nil { + return x.Percentage + } + return nil +} + +type isHTTPFaultInjection_Abort_ErrorType interface { + isHTTPFaultInjection_Abort_ErrorType() +} + +type HTTPFaultInjection_Abort_HttpStatus struct { + // HTTP status code to use to abort the Http request. + HttpStatus int32 `protobuf:"varint,2,opt,name=http_status,json=httpStatus,proto3,oneof"` +} + +type HTTPFaultInjection_Abort_GrpcStatus struct { + // GRPC status code to use to abort the request. The supported + // codes are documented in https://github.com/grpc/grpc/blob/master/doc/statuscodes.md + // Note: If you want to return the status "Unavailable", then you should + // specify the code as `UNAVAILABLE`(all caps), but not `14`. + GrpcStatus string `protobuf:"bytes,3,opt,name=grpc_status,json=grpcStatus,proto3,oneof"` +} + +type HTTPFaultInjection_Abort_Http2Error struct { + // $hide_from_docs + Http2Error string `protobuf:"bytes,4,opt,name=http2_error,json=http2Error,proto3,oneof"` +} + +func (*HTTPFaultInjection_Abort_HttpStatus) isHTTPFaultInjection_Abort_ErrorType() {} + +func (*HTTPFaultInjection_Abort_GrpcStatus) isHTTPFaultInjection_Abort_ErrorType() {} + +func (*HTTPFaultInjection_Abort_Http2Error) isHTTPFaultInjection_Abort_ErrorType() {} + +var File_networking_v1_virtual_service_proto protoreflect.FileDescriptor + +var file_networking_v1_virtual_service_proto_rawDesc = []byte{ + 0x0a, 0x23, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x2f, + 0x76, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x13, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, + 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, + 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, + 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x75, 0x72, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, + 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x77, 0x72, 0x61, + 0x70, 0x70, 0x65, 0x72, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xf5, 0x01, 0x0a, 0x0e, + 0x56, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x14, + 0x0a, 0x05, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x68, + 0x6f, 0x73, 0x74, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x73, + 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x73, + 0x12, 0x32, 0x0a, 0x04, 0x68, 0x74, 0x74, 0x70, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1e, + 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, + 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x04, + 0x68, 0x74, 0x74, 0x70, 0x12, 0x2f, 0x0a, 0x03, 0x74, 0x6c, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x1d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, + 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x4c, 0x53, 0x52, 0x6f, 0x75, 0x74, 0x65, + 0x52, 0x03, 0x74, 0x6c, 0x73, 0x12, 0x2f, 0x0a, 0x03, 0x74, 0x63, 0x70, 0x18, 0x04, 0x20, 0x03, + 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, + 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x43, 0x50, 0x52, 0x6f, 0x75, 0x74, + 0x65, 0x52, 0x03, 0x74, 0x63, 0x70, 0x12, 0x1b, 0x0a, 0x09, 0x65, 0x78, 0x70, 0x6f, 0x72, 0x74, + 0x5f, 0x74, 0x6f, 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x65, 0x78, 0x70, 0x6f, 0x72, + 0x74, 0x54, 0x6f, 0x22, 0x75, 0x0a, 0x0b, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x12, 0x17, 0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, + 0x75, 0x62, 0x73, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x75, 0x62, + 0x73, 0x65, 0x74, 0x12, 0x35, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x21, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, + 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x6f, 0x72, 0x74, 0x53, 0x65, 0x6c, 0x65, + 0x63, 0x74, 0x6f, 0x72, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x22, 0xed, 0x08, 0x0a, 0x09, 0x48, + 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, + 0x18, 0x11, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x3b, 0x0a, 0x05, + 0x6d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x73, + 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, + 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x52, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x3f, 0x0a, 0x05, 0x72, 0x6f, 0x75, + 0x74, 0x65, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, + 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x48, + 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x52, 0x05, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x3d, 0x0a, 0x08, 0x72, 0x65, + 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x69, + 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, + 0x76, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x52, + 0x08, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x12, 0x50, 0x0a, 0x0f, 0x64, 0x69, 0x72, + 0x65, 0x63, 0x74, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x18, 0x15, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, + 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x44, 0x69, 0x72, + 0x65, 0x63, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x52, 0x0e, 0x64, 0x69, 0x72, + 0x65, 0x63, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x39, 0x0a, 0x08, 0x64, + 0x65, 0x6c, 0x65, 0x67, 0x61, 0x74, 0x65, 0x18, 0x14, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, + 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, + 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x67, 0x61, 0x74, 0x65, 0x52, 0x08, 0x64, 0x65, + 0x6c, 0x65, 0x67, 0x61, 0x74, 0x65, 0x12, 0x3a, 0x0a, 0x07, 0x72, 0x65, 0x77, 0x72, 0x69, 0x74, + 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, + 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x54, + 0x54, 0x50, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x52, 0x07, 0x72, 0x65, 0x77, 0x72, 0x69, + 0x74, 0x65, 0x12, 0x33, 0x0a, 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x06, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07, + 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x38, 0x0a, 0x07, 0x72, 0x65, 0x74, 0x72, 0x69, + 0x65, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, + 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x48, + 0x54, 0x54, 0x50, 0x52, 0x65, 0x74, 0x72, 0x79, 0x52, 0x07, 0x72, 0x65, 0x74, 0x72, 0x69, 0x65, + 0x73, 0x12, 0x3d, 0x0a, 0x05, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x27, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, + 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x46, 0x61, 0x75, 0x6c, 0x74, + 0x49, 0x6e, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x05, 0x66, 0x61, 0x75, 0x6c, 0x74, + 0x12, 0x38, 0x0a, 0x06, 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x20, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, + 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x52, 0x06, 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x3f, 0x0a, 0x07, 0x6d, 0x69, + 0x72, 0x72, 0x6f, 0x72, 0x73, 0x18, 0x16, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x73, + 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, + 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x50, 0x6f, 0x6c, 0x69, + 0x63, 0x79, 0x52, 0x07, 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x12, 0x47, 0x0a, 0x0e, 0x6d, + 0x69, 0x72, 0x72, 0x6f, 0x72, 0x5f, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x18, 0x12, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, + 0x65, 0x42, 0x02, 0x18, 0x01, 0x52, 0x0d, 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x50, 0x65, 0x72, + 0x63, 0x65, 0x6e, 0x74, 0x12, 0x49, 0x0a, 0x11, 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x5f, 0x70, + 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x61, 0x67, 0x65, 0x18, 0x13, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x1c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, + 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x52, 0x10, 0x6d, + 0x69, 0x72, 0x72, 0x6f, 0x72, 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x61, 0x67, 0x65, 0x12, + 0x40, 0x0a, 0x0b, 0x63, 0x6f, 0x72, 0x73, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x0a, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, + 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x6f, 0x72, 0x73, 0x50, + 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x0a, 0x63, 0x6f, 0x72, 0x73, 0x50, 0x6f, 0x6c, 0x69, 0x63, + 0x79, 0x12, 0x36, 0x0a, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x10, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, + 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, + 0x52, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x4a, 0x04, 0x08, 0x05, 0x10, 0x06, 0x4a, + 0x04, 0x08, 0x0b, 0x10, 0x10, 0x52, 0x11, 0x77, 0x65, 0x62, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, + 0x5f, 0x75, 0x70, 0x67, 0x72, 0x61, 0x64, 0x65, 0x52, 0x0e, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, + 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x52, 0x17, 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, + 0x5f, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, + 0x73, 0x52, 0x17, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x73, 0x65, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x52, 0x16, 0x72, 0x65, 0x6d, 0x6f, + 0x76, 0x65, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, + 0x72, 0x73, 0x52, 0x16, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x22, 0x3c, 0x0a, 0x08, 0x44, 0x65, + 0x6c, 0x65, 0x67, 0x61, 0x74, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x61, + 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, + 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x22, 0xce, 0x03, 0x0a, 0x07, 0x48, 0x65, 0x61, + 0x64, 0x65, 0x72, 0x73, 0x12, 0x47, 0x0a, 0x07, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, + 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x64, + 0x65, 0x72, 0x73, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x49, 0x0a, + 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x2d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, + 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x2e, 0x48, 0x65, + 0x61, 0x64, 0x65, 0x72, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x08, + 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x1a, 0xae, 0x02, 0x0a, 0x10, 0x48, 0x65, 0x61, + 0x64, 0x65, 0x72, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x48, 0x0a, + 0x03, 0x73, 0x65, 0x74, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x69, 0x73, 0x74, + 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, + 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4f, + 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x53, 0x65, 0x74, 0x45, 0x6e, 0x74, + 0x72, 0x79, 0x52, 0x03, 0x73, 0x65, 0x74, 0x12, 0x48, 0x0a, 0x03, 0x61, 0x64, 0x64, 0x18, 0x02, + 0x20, 0x03, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, + 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, + 0x72, 0x73, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x73, 0x2e, 0x41, 0x64, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x61, 0x64, + 0x64, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x18, 0x03, 0x20, 0x03, 0x28, + 0x09, 0x52, 0x06, 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x1a, 0x36, 0x0a, 0x08, 0x53, 0x65, 0x74, + 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, + 0x01, 0x1a, 0x36, 0x0a, 0x08, 0x41, 0x64, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, + 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, + 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, + 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x8b, 0x01, 0x0a, 0x08, 0x54, 0x4c, + 0x53, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x42, 0x0a, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x18, + 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, + 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x4c, 0x53, 0x4d, + 0x61, 0x74, 0x63, 0x68, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x42, 0x03, + 0xe0, 0x41, 0x02, 0x52, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x3b, 0x0a, 0x05, 0x72, 0x6f, + 0x75, 0x74, 0x65, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x73, 0x74, 0x69, + 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, + 0x52, 0x6f, 0x75, 0x74, 0x65, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x52, 0x05, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x22, 0x85, 0x01, 0x0a, 0x08, 0x54, 0x43, 0x50, 0x52, + 0x6f, 0x75, 0x74, 0x65, 0x12, 0x3c, 0x0a, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x01, 0x20, + 0x03, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, + 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x34, 0x4d, 0x61, 0x74, 0x63, + 0x68, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x52, 0x05, 0x6d, 0x61, 0x74, + 0x63, 0x68, 0x12, 0x3b, 0x0a, 0x05, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x18, 0x02, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, + 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x44, 0x65, 0x73, + 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x05, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x22, + 0x83, 0x09, 0x0a, 0x10, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0b, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x32, 0x0a, 0x03, 0x75, 0x72, 0x69, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, + 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x74, 0x72, 0x69, + 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x03, 0x75, 0x72, 0x69, 0x12, 0x38, 0x0a, 0x06, + 0x73, 0x63, 0x68, 0x65, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, + 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, + 0x76, 0x31, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x06, + 0x73, 0x63, 0x68, 0x65, 0x6d, 0x65, 0x12, 0x38, 0x0a, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, + 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, + 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x74, 0x72, + 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, + 0x12, 0x3e, 0x0a, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, 0x04, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, + 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, + 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, + 0x12, 0x4c, 0x0a, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x32, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, + 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, + 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, + 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x12, + 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x70, 0x6f, + 0x72, 0x74, 0x12, 0x5c, 0x0a, 0x0d, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x6c, 0x61, 0x62, + 0x65, 0x6c, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x37, 0x2e, 0x69, 0x73, 0x74, 0x69, + 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, + 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, + 0x2e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, + 0x72, 0x79, 0x52, 0x0c, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, + 0x12, 0x1a, 0x0a, 0x08, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x73, 0x18, 0x08, 0x20, 0x03, + 0x28, 0x09, 0x52, 0x08, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x73, 0x12, 0x59, 0x0a, 0x0c, + 0x71, 0x75, 0x65, 0x72, 0x79, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x18, 0x09, 0x20, 0x03, + 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, + 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, + 0x63, 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, + 0x61, 0x72, 0x61, 0x6d, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0b, 0x71, 0x75, 0x65, 0x72, + 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x12, 0x26, 0x0a, 0x0f, 0x69, 0x67, 0x6e, 0x6f, 0x72, + 0x65, 0x5f, 0x75, 0x72, 0x69, 0x5f, 0x63, 0x61, 0x73, 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08, + 0x52, 0x0d, 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65, 0x55, 0x72, 0x69, 0x43, 0x61, 0x73, 0x65, 0x12, + 0x62, 0x0a, 0x0f, 0x77, 0x69, 0x74, 0x68, 0x6f, 0x75, 0x74, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, + 0x72, 0x73, 0x18, 0x0c, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, + 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x48, + 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, + 0x57, 0x69, 0x74, 0x68, 0x6f, 0x75, 0x74, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x45, 0x6e, + 0x74, 0x72, 0x79, 0x52, 0x0e, 0x77, 0x69, 0x74, 0x68, 0x6f, 0x75, 0x74, 0x48, 0x65, 0x61, 0x64, + 0x65, 0x72, 0x73, 0x12, 0x29, 0x0a, 0x10, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x6e, 0x61, + 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x73, + 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x1f, + 0x0a, 0x0b, 0x73, 0x74, 0x61, 0x74, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x0e, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x0a, 0x73, 0x74, 0x61, 0x74, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x1a, + 0x5c, 0x0a, 0x0c, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, + 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, + 0x79, 0x12, 0x36, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x20, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, + 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, + 0x63, 0x68, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x3f, 0x0a, + 0x11, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, + 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x60, + 0x0a, 0x10, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x45, 0x6e, 0x74, + 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x03, 0x6b, 0x65, 0x79, 0x12, 0x36, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, + 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, + 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, + 0x1a, 0x63, 0x0a, 0x13, 0x57, 0x69, 0x74, 0x68, 0x6f, 0x75, 0x74, 0x48, 0x65, 0x61, 0x64, 0x65, + 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x36, 0x0a, 0x05, 0x76, 0x61, 0x6c, + 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, + 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x53, + 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, + 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x97, 0x02, 0x0a, 0x14, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, + 0x75, 0x74, 0x65, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x47, + 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, + 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x74, + 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, + 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x12, + 0x36, 0x0a, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x1c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, + 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x52, 0x07, + 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x4a, 0x04, 0x08, 0x03, 0x10, 0x07, 0x52, 0x17, 0x72, + 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x5f, 0x68, + 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x52, 0x17, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x5f, 0x72, + 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x52, + 0x16, 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, + 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x52, 0x16, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x5f, + 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x22, + 0x73, 0x0a, 0x10, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x12, 0x47, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, + 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x44, + 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, + 0x0b, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x06, + 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x77, 0x65, + 0x69, 0x67, 0x68, 0x74, 0x22, 0xe4, 0x02, 0x0a, 0x11, 0x4c, 0x34, 0x4d, 0x61, 0x74, 0x63, 0x68, + 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x12, 0x2f, 0x0a, 0x13, 0x64, 0x65, + 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x75, 0x62, 0x6e, 0x65, 0x74, + 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x12, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x75, 0x62, 0x6e, 0x65, 0x74, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x70, + 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, + 0x23, 0x0a, 0x0d, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x73, 0x75, 0x62, 0x6e, 0x65, 0x74, + 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x53, 0x75, + 0x62, 0x6e, 0x65, 0x74, 0x12, 0x5d, 0x0a, 0x0d, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x6c, + 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x69, 0x73, + 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, + 0x31, 0x2e, 0x4c, 0x34, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, + 0x74, 0x65, 0x73, 0x2e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, + 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0c, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4c, 0x61, 0x62, + 0x65, 0x6c, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x73, 0x18, + 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x73, 0x12, + 0x29, 0x0a, 0x10, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, + 0x61, 0x63, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x73, 0x6f, 0x75, 0x72, 0x63, + 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x1a, 0x3f, 0x0a, 0x11, 0x53, 0x6f, + 0x75, 0x72, 0x63, 0x65, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, + 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, + 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xf8, 0x02, 0x0a, 0x12, + 0x54, 0x4c, 0x53, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, + 0x65, 0x73, 0x12, 0x20, 0x0a, 0x09, 0x73, 0x6e, 0x69, 0x5f, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x18, + 0x01, 0x20, 0x03, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x08, 0x73, 0x6e, 0x69, 0x48, + 0x6f, 0x73, 0x74, 0x73, 0x12, 0x2f, 0x0a, 0x13, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x75, 0x62, 0x6e, 0x65, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, + 0x09, 0x52, 0x12, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x75, + 0x62, 0x6e, 0x65, 0x74, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x0d, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x5e, 0x0a, 0x0d, 0x73, 0x6f, 0x75, + 0x72, 0x63, 0x65, 0x5f, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, + 0x32, 0x39, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, + 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x4c, 0x53, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x41, + 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, + 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0c, 0x73, 0x6f, 0x75, + 0x72, 0x63, 0x65, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x67, 0x61, 0x74, + 0x65, 0x77, 0x61, 0x79, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x67, 0x61, 0x74, + 0x65, 0x77, 0x61, 0x79, 0x73, 0x12, 0x29, 0x0a, 0x10, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, + 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, + 0x1a, 0x3f, 0x0a, 0x11, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, + 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, + 0x01, 0x4a, 0x04, 0x08, 0x04, 0x10, 0x05, 0x52, 0x0d, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, + 0x73, 0x75, 0x62, 0x6e, 0x65, 0x74, 0x22, 0xc9, 0x02, 0x0a, 0x0c, 0x48, 0x54, 0x54, 0x50, 0x52, + 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x69, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x69, 0x12, 0x1c, 0x0a, 0x09, 0x61, 0x75, 0x74, + 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x61, 0x75, + 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x14, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, + 0x04, 0x20, 0x01, 0x28, 0x0d, 0x48, 0x00, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x5a, 0x0a, + 0x0b, 0x64, 0x65, 0x72, 0x69, 0x76, 0x65, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x05, 0x20, 0x01, + 0x28, 0x0e, 0x32, 0x37, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, + 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x65, 0x64, + 0x69, 0x72, 0x65, 0x63, 0x74, 0x2e, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x50, 0x6f, + 0x72, 0x74, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x00, 0x52, 0x0a, 0x64, + 0x65, 0x72, 0x69, 0x76, 0x65, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x63, 0x68, + 0x65, 0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, + 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x5f, 0x63, 0x6f, + 0x64, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0c, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, + 0x63, 0x74, 0x43, 0x6f, 0x64, 0x65, 0x22, 0x49, 0x0a, 0x15, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, + 0x63, 0x74, 0x50, 0x6f, 0x72, 0x74, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, + 0x19, 0x0a, 0x15, 0x46, 0x52, 0x4f, 0x4d, 0x5f, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c, + 0x5f, 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x00, 0x12, 0x15, 0x0a, 0x11, 0x46, 0x52, + 0x4f, 0x4d, 0x5f, 0x52, 0x45, 0x51, 0x55, 0x45, 0x53, 0x54, 0x5f, 0x50, 0x4f, 0x52, 0x54, 0x10, + 0x01, 0x42, 0x0f, 0x0a, 0x0d, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x5f, 0x70, 0x6f, + 0x72, 0x74, 0x22, 0x64, 0x0a, 0x12, 0x48, 0x54, 0x54, 0x50, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, + 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1b, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, + 0x75, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x06, 0x73, + 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x31, 0x0a, 0x04, 0x62, 0x6f, 0x64, 0x79, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, + 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x42, 0x6f, + 0x64, 0x79, 0x52, 0x04, 0x62, 0x6f, 0x64, 0x79, 0x22, 0x49, 0x0a, 0x08, 0x48, 0x54, 0x54, 0x50, + 0x42, 0x6f, 0x64, 0x79, 0x12, 0x18, 0x0a, 0x06, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x06, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x12, 0x16, + 0x0a, 0x05, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x48, 0x00, 0x52, + 0x05, 0x62, 0x79, 0x74, 0x65, 0x73, 0x42, 0x0b, 0x0a, 0x09, 0x73, 0x70, 0x65, 0x63, 0x69, 0x66, + 0x69, 0x65, 0x72, 0x22, 0x8c, 0x01, 0x0a, 0x0b, 0x48, 0x54, 0x54, 0x50, 0x52, 0x65, 0x77, 0x72, + 0x69, 0x74, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x69, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x03, 0x75, 0x72, 0x69, 0x12, 0x1c, 0x0a, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, + 0x74, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, + 0x69, 0x74, 0x79, 0x12, 0x4d, 0x0a, 0x11, 0x75, 0x72, 0x69, 0x5f, 0x72, 0x65, 0x67, 0x65, 0x78, + 0x5f, 0x72, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, + 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, + 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x67, 0x65, 0x78, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, + 0x65, 0x52, 0x0f, 0x75, 0x72, 0x69, 0x52, 0x65, 0x67, 0x65, 0x78, 0x52, 0x65, 0x77, 0x72, 0x69, + 0x74, 0x65, 0x22, 0x3e, 0x0a, 0x0c, 0x52, 0x65, 0x67, 0x65, 0x78, 0x52, 0x65, 0x77, 0x72, 0x69, + 0x74, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x18, 0x0a, 0x07, 0x72, 0x65, 0x77, 0x72, + 0x69, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x72, 0x65, 0x77, 0x72, 0x69, + 0x74, 0x65, 0x22, 0x65, 0x0a, 0x0b, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, + 0x68, 0x12, 0x16, 0x0a, 0x05, 0x65, 0x78, 0x61, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x48, 0x00, 0x52, 0x05, 0x65, 0x78, 0x61, 0x63, 0x74, 0x12, 0x18, 0x0a, 0x06, 0x70, 0x72, 0x65, + 0x66, 0x69, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x06, 0x70, 0x72, 0x65, + 0x66, 0x69, 0x78, 0x12, 0x16, 0x0a, 0x05, 0x72, 0x65, 0x67, 0x65, 0x78, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x09, 0x48, 0x00, 0x52, 0x05, 0x72, 0x65, 0x67, 0x65, 0x78, 0x42, 0x0c, 0x0a, 0x0a, 0x6d, + 0x61, 0x74, 0x63, 0x68, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x22, 0xd9, 0x01, 0x0a, 0x09, 0x48, 0x54, + 0x54, 0x50, 0x52, 0x65, 0x74, 0x72, 0x79, 0x12, 0x1a, 0x0a, 0x08, 0x61, 0x74, 0x74, 0x65, 0x6d, + 0x70, 0x74, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x08, 0x61, 0x74, 0x74, 0x65, 0x6d, + 0x70, 0x74, 0x73, 0x12, 0x41, 0x0a, 0x0f, 0x70, 0x65, 0x72, 0x5f, 0x74, 0x72, 0x79, 0x5f, 0x74, + 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, + 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, + 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0d, 0x70, 0x65, 0x72, 0x54, 0x72, 0x79, 0x54, + 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x19, 0x0a, 0x08, 0x72, 0x65, 0x74, 0x72, 0x79, 0x5f, + 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x72, 0x65, 0x74, 0x72, 0x79, 0x4f, + 0x6e, 0x12, 0x52, 0x0a, 0x17, 0x72, 0x65, 0x74, 0x72, 0x79, 0x5f, 0x72, 0x65, 0x6d, 0x6f, 0x74, + 0x65, 0x5f, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x69, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x15, + 0x72, 0x65, 0x74, 0x72, 0x79, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, + 0x69, 0x74, 0x69, 0x65, 0x73, 0x22, 0xe8, 0x02, 0x0a, 0x0a, 0x43, 0x6f, 0x72, 0x73, 0x50, 0x6f, + 0x6c, 0x69, 0x63, 0x79, 0x12, 0x25, 0x0a, 0x0c, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x6f, 0x72, + 0x69, 0x67, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x42, 0x02, 0x18, 0x01, 0x52, 0x0b, + 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x4f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x12, 0x45, 0x0a, 0x0d, 0x61, + 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x73, 0x18, 0x07, 0x20, 0x03, + 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, + 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, + 0x61, 0x74, 0x63, 0x68, 0x52, 0x0c, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x4f, 0x72, 0x69, 0x67, 0x69, + 0x6e, 0x73, 0x12, 0x23, 0x0a, 0x0d, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x6d, 0x65, 0x74, 0x68, + 0x6f, 0x64, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x61, 0x6c, 0x6c, 0x6f, 0x77, + 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x73, 0x12, 0x23, 0x0a, 0x0d, 0x61, 0x6c, 0x6c, 0x6f, 0x77, + 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, + 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x25, 0x0a, 0x0e, + 0x65, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x04, + 0x20, 0x03, 0x28, 0x09, 0x52, 0x0d, 0x65, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x48, 0x65, 0x61, 0x64, + 0x65, 0x72, 0x73, 0x12, 0x32, 0x0a, 0x07, 0x6d, 0x61, 0x78, 0x5f, 0x61, 0x67, 0x65, 0x18, 0x05, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, + 0x06, 0x6d, 0x61, 0x78, 0x41, 0x67, 0x65, 0x12, 0x47, 0x0a, 0x11, 0x61, 0x6c, 0x6c, 0x6f, 0x77, + 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x18, 0x06, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x10, + 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, + 0x22, 0xed, 0x04, 0x0a, 0x12, 0x48, 0x54, 0x54, 0x50, 0x46, 0x61, 0x75, 0x6c, 0x74, 0x49, 0x6e, + 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x43, 0x0a, 0x05, 0x64, 0x65, 0x6c, 0x61, 0x79, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, + 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x54, 0x54, + 0x50, 0x46, 0x61, 0x75, 0x6c, 0x74, 0x49, 0x6e, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x2e, + 0x44, 0x65, 0x6c, 0x61, 0x79, 0x52, 0x05, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x12, 0x43, 0x0a, 0x05, + 0x61, 0x62, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x69, 0x73, + 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, + 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x46, 0x61, 0x75, 0x6c, 0x74, 0x49, 0x6e, 0x6a, 0x65, 0x63, + 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x41, 0x62, 0x6f, 0x72, 0x74, 0x52, 0x05, 0x61, 0x62, 0x6f, 0x72, + 0x74, 0x1a, 0xfe, 0x01, 0x0a, 0x05, 0x44, 0x65, 0x6c, 0x61, 0x79, 0x12, 0x1c, 0x0a, 0x07, 0x70, + 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x42, 0x02, 0x18, 0x01, + 0x52, 0x07, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x12, 0x3c, 0x0a, 0x0b, 0x66, 0x69, 0x78, + 0x65, 0x64, 0x5f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, + 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, + 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x00, 0x52, 0x0a, 0x66, 0x69, 0x78, + 0x65, 0x64, 0x44, 0x65, 0x6c, 0x61, 0x79, 0x12, 0x48, 0x0a, 0x11, 0x65, 0x78, 0x70, 0x6f, 0x6e, + 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x00, 0x52, + 0x10, 0x65, 0x78, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x44, 0x65, 0x6c, 0x61, + 0x79, 0x12, 0x3c, 0x0a, 0x0a, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x61, 0x67, 0x65, 0x18, + 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, + 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x65, 0x72, 0x63, + 0x65, 0x6e, 0x74, 0x52, 0x0a, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x61, 0x67, 0x65, 0x42, + 0x11, 0x0a, 0x0f, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x5f, 0x74, 0x79, + 0x70, 0x65, 0x1a, 0xcb, 0x01, 0x0a, 0x05, 0x41, 0x62, 0x6f, 0x72, 0x74, 0x12, 0x21, 0x0a, 0x0b, + 0x68, 0x74, 0x74, 0x70, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x05, 0x48, 0x00, 0x52, 0x0a, 0x68, 0x74, 0x74, 0x70, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, + 0x21, 0x0a, 0x0b, 0x67, 0x72, 0x70, 0x63, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x03, + 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x0a, 0x67, 0x72, 0x70, 0x63, 0x53, 0x74, 0x61, 0x74, + 0x75, 0x73, 0x12, 0x21, 0x0a, 0x0b, 0x68, 0x74, 0x74, 0x70, 0x32, 0x5f, 0x65, 0x72, 0x72, 0x6f, + 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x0a, 0x68, 0x74, 0x74, 0x70, 0x32, + 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x3c, 0x0a, 0x0a, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, + 0x61, 0x67, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x69, 0x73, 0x74, 0x69, + 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, + 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x52, 0x0a, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, + 0x61, 0x67, 0x65, 0x42, 0x0c, 0x0a, 0x0a, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x5f, 0x74, 0x79, 0x70, + 0x65, 0x4a, 0x04, 0x08, 0x01, 0x10, 0x02, 0x52, 0x07, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, + 0x22, 0x99, 0x01, 0x0a, 0x10, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x50, + 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x47, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, 0x73, 0x74, + 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, + 0x2e, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x03, 0xe0, 0x41, + 0x02, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x3c, + 0x0a, 0x0a, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x61, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, + 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, + 0x52, 0x0a, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x61, 0x67, 0x65, 0x22, 0x32, 0x0a, 0x0c, + 0x50, 0x6f, 0x72, 0x74, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x16, 0x0a, 0x06, + 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x6e, 0x75, + 0x6d, 0x62, 0x65, 0x72, 0x4a, 0x04, 0x08, 0x02, 0x10, 0x03, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, + 0x22, 0x1f, 0x0a, 0x07, 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x76, + 0x61, 0x6c, 0x75, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x01, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, + 0x65, 0x42, 0x1c, 0x5a, 0x1a, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, + 0x69, 0x2f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, + 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_networking_v1_virtual_service_proto_rawDescOnce sync.Once + file_networking_v1_virtual_service_proto_rawDescData = file_networking_v1_virtual_service_proto_rawDesc +) + +func file_networking_v1_virtual_service_proto_rawDescGZIP() []byte { + file_networking_v1_virtual_service_proto_rawDescOnce.Do(func() { + file_networking_v1_virtual_service_proto_rawDescData = protoimpl.X.CompressGZIP(file_networking_v1_virtual_service_proto_rawDescData) + }) + return file_networking_v1_virtual_service_proto_rawDescData +} + +var file_networking_v1_virtual_service_proto_enumTypes = make([]protoimpl.EnumInfo, 1) +var file_networking_v1_virtual_service_proto_msgTypes = make([]protoimpl.MessageInfo, 35) +var file_networking_v1_virtual_service_proto_goTypes = []interface{}{ + (HTTPRedirect_RedirectPortSelection)(0), // 0: istio.networking.v1.HTTPRedirect.RedirectPortSelection + (*VirtualService)(nil), // 1: istio.networking.v1.VirtualService + (*Destination)(nil), // 2: istio.networking.v1.Destination + (*HTTPRoute)(nil), // 3: istio.networking.v1.HTTPRoute + (*Delegate)(nil), // 4: istio.networking.v1.Delegate + (*Headers)(nil), // 5: istio.networking.v1.Headers + (*TLSRoute)(nil), // 6: istio.networking.v1.TLSRoute + (*TCPRoute)(nil), // 7: istio.networking.v1.TCPRoute + (*HTTPMatchRequest)(nil), // 8: istio.networking.v1.HTTPMatchRequest + (*HTTPRouteDestination)(nil), // 9: istio.networking.v1.HTTPRouteDestination + (*RouteDestination)(nil), // 10: istio.networking.v1.RouteDestination + (*L4MatchAttributes)(nil), // 11: istio.networking.v1.L4MatchAttributes + (*TLSMatchAttributes)(nil), // 12: istio.networking.v1.TLSMatchAttributes + (*HTTPRedirect)(nil), // 13: istio.networking.v1.HTTPRedirect + (*HTTPDirectResponse)(nil), // 14: istio.networking.v1.HTTPDirectResponse + (*HTTPBody)(nil), // 15: istio.networking.v1.HTTPBody + (*HTTPRewrite)(nil), // 16: istio.networking.v1.HTTPRewrite + (*RegexRewrite)(nil), // 17: istio.networking.v1.RegexRewrite + (*StringMatch)(nil), // 18: istio.networking.v1.StringMatch + (*HTTPRetry)(nil), // 19: istio.networking.v1.HTTPRetry + (*CorsPolicy)(nil), // 20: istio.networking.v1.CorsPolicy + (*HTTPFaultInjection)(nil), // 21: istio.networking.v1.HTTPFaultInjection + (*HTTPMirrorPolicy)(nil), // 22: istio.networking.v1.HTTPMirrorPolicy + (*PortSelector)(nil), // 23: istio.networking.v1.PortSelector + (*Percent)(nil), // 24: istio.networking.v1.Percent + (*Headers_HeaderOperations)(nil), // 25: istio.networking.v1.Headers.HeaderOperations + nil, // 26: istio.networking.v1.Headers.HeaderOperations.SetEntry + nil, // 27: istio.networking.v1.Headers.HeaderOperations.AddEntry + nil, // 28: istio.networking.v1.HTTPMatchRequest.HeadersEntry + nil, // 29: istio.networking.v1.HTTPMatchRequest.SourceLabelsEntry + nil, // 30: istio.networking.v1.HTTPMatchRequest.QueryParamsEntry + nil, // 31: istio.networking.v1.HTTPMatchRequest.WithoutHeadersEntry + nil, // 32: istio.networking.v1.L4MatchAttributes.SourceLabelsEntry + nil, // 33: istio.networking.v1.TLSMatchAttributes.SourceLabelsEntry + (*HTTPFaultInjection_Delay)(nil), // 34: istio.networking.v1.HTTPFaultInjection.Delay + (*HTTPFaultInjection_Abort)(nil), // 35: istio.networking.v1.HTTPFaultInjection.Abort + (*duration.Duration)(nil), // 36: google.protobuf.Duration + (*wrappers.UInt32Value)(nil), // 37: google.protobuf.UInt32Value + (*wrappers.BoolValue)(nil), // 38: google.protobuf.BoolValue +} +var file_networking_v1_virtual_service_proto_depIdxs = []int32{ + 3, // 0: istio.networking.v1.VirtualService.http:type_name -> istio.networking.v1.HTTPRoute + 6, // 1: istio.networking.v1.VirtualService.tls:type_name -> istio.networking.v1.TLSRoute + 7, // 2: istio.networking.v1.VirtualService.tcp:type_name -> istio.networking.v1.TCPRoute + 23, // 3: istio.networking.v1.Destination.port:type_name -> istio.networking.v1.PortSelector + 8, // 4: istio.networking.v1.HTTPRoute.match:type_name -> istio.networking.v1.HTTPMatchRequest + 9, // 5: istio.networking.v1.HTTPRoute.route:type_name -> istio.networking.v1.HTTPRouteDestination + 13, // 6: istio.networking.v1.HTTPRoute.redirect:type_name -> istio.networking.v1.HTTPRedirect + 14, // 7: istio.networking.v1.HTTPRoute.direct_response:type_name -> istio.networking.v1.HTTPDirectResponse + 4, // 8: istio.networking.v1.HTTPRoute.delegate:type_name -> istio.networking.v1.Delegate + 16, // 9: istio.networking.v1.HTTPRoute.rewrite:type_name -> istio.networking.v1.HTTPRewrite + 36, // 10: istio.networking.v1.HTTPRoute.timeout:type_name -> google.protobuf.Duration + 19, // 11: istio.networking.v1.HTTPRoute.retries:type_name -> istio.networking.v1.HTTPRetry + 21, // 12: istio.networking.v1.HTTPRoute.fault:type_name -> istio.networking.v1.HTTPFaultInjection + 2, // 13: istio.networking.v1.HTTPRoute.mirror:type_name -> istio.networking.v1.Destination + 22, // 14: istio.networking.v1.HTTPRoute.mirrors:type_name -> istio.networking.v1.HTTPMirrorPolicy + 37, // 15: istio.networking.v1.HTTPRoute.mirror_percent:type_name -> google.protobuf.UInt32Value + 24, // 16: istio.networking.v1.HTTPRoute.mirror_percentage:type_name -> istio.networking.v1.Percent + 20, // 17: istio.networking.v1.HTTPRoute.cors_policy:type_name -> istio.networking.v1.CorsPolicy + 5, // 18: istio.networking.v1.HTTPRoute.headers:type_name -> istio.networking.v1.Headers + 25, // 19: istio.networking.v1.Headers.request:type_name -> istio.networking.v1.Headers.HeaderOperations + 25, // 20: istio.networking.v1.Headers.response:type_name -> istio.networking.v1.Headers.HeaderOperations + 12, // 21: istio.networking.v1.TLSRoute.match:type_name -> istio.networking.v1.TLSMatchAttributes + 10, // 22: istio.networking.v1.TLSRoute.route:type_name -> istio.networking.v1.RouteDestination + 11, // 23: istio.networking.v1.TCPRoute.match:type_name -> istio.networking.v1.L4MatchAttributes + 10, // 24: istio.networking.v1.TCPRoute.route:type_name -> istio.networking.v1.RouteDestination + 18, // 25: istio.networking.v1.HTTPMatchRequest.uri:type_name -> istio.networking.v1.StringMatch + 18, // 26: istio.networking.v1.HTTPMatchRequest.scheme:type_name -> istio.networking.v1.StringMatch + 18, // 27: istio.networking.v1.HTTPMatchRequest.method:type_name -> istio.networking.v1.StringMatch + 18, // 28: istio.networking.v1.HTTPMatchRequest.authority:type_name -> istio.networking.v1.StringMatch + 28, // 29: istio.networking.v1.HTTPMatchRequest.headers:type_name -> istio.networking.v1.HTTPMatchRequest.HeadersEntry + 29, // 30: istio.networking.v1.HTTPMatchRequest.source_labels:type_name -> istio.networking.v1.HTTPMatchRequest.SourceLabelsEntry + 30, // 31: istio.networking.v1.HTTPMatchRequest.query_params:type_name -> istio.networking.v1.HTTPMatchRequest.QueryParamsEntry + 31, // 32: istio.networking.v1.HTTPMatchRequest.without_headers:type_name -> istio.networking.v1.HTTPMatchRequest.WithoutHeadersEntry + 2, // 33: istio.networking.v1.HTTPRouteDestination.destination:type_name -> istio.networking.v1.Destination + 5, // 34: istio.networking.v1.HTTPRouteDestination.headers:type_name -> istio.networking.v1.Headers + 2, // 35: istio.networking.v1.RouteDestination.destination:type_name -> istio.networking.v1.Destination + 32, // 36: istio.networking.v1.L4MatchAttributes.source_labels:type_name -> istio.networking.v1.L4MatchAttributes.SourceLabelsEntry + 33, // 37: istio.networking.v1.TLSMatchAttributes.source_labels:type_name -> istio.networking.v1.TLSMatchAttributes.SourceLabelsEntry + 0, // 38: istio.networking.v1.HTTPRedirect.derive_port:type_name -> istio.networking.v1.HTTPRedirect.RedirectPortSelection + 15, // 39: istio.networking.v1.HTTPDirectResponse.body:type_name -> istio.networking.v1.HTTPBody + 17, // 40: istio.networking.v1.HTTPRewrite.uri_regex_rewrite:type_name -> istio.networking.v1.RegexRewrite + 36, // 41: istio.networking.v1.HTTPRetry.per_try_timeout:type_name -> google.protobuf.Duration + 38, // 42: istio.networking.v1.HTTPRetry.retry_remote_localities:type_name -> google.protobuf.BoolValue + 18, // 43: istio.networking.v1.CorsPolicy.allow_origins:type_name -> istio.networking.v1.StringMatch + 36, // 44: istio.networking.v1.CorsPolicy.max_age:type_name -> google.protobuf.Duration + 38, // 45: istio.networking.v1.CorsPolicy.allow_credentials:type_name -> google.protobuf.BoolValue + 34, // 46: istio.networking.v1.HTTPFaultInjection.delay:type_name -> istio.networking.v1.HTTPFaultInjection.Delay + 35, // 47: istio.networking.v1.HTTPFaultInjection.abort:type_name -> istio.networking.v1.HTTPFaultInjection.Abort + 2, // 48: istio.networking.v1.HTTPMirrorPolicy.destination:type_name -> istio.networking.v1.Destination + 24, // 49: istio.networking.v1.HTTPMirrorPolicy.percentage:type_name -> istio.networking.v1.Percent + 26, // 50: istio.networking.v1.Headers.HeaderOperations.set:type_name -> istio.networking.v1.Headers.HeaderOperations.SetEntry + 27, // 51: istio.networking.v1.Headers.HeaderOperations.add:type_name -> istio.networking.v1.Headers.HeaderOperations.AddEntry + 18, // 52: istio.networking.v1.HTTPMatchRequest.HeadersEntry.value:type_name -> istio.networking.v1.StringMatch + 18, // 53: istio.networking.v1.HTTPMatchRequest.QueryParamsEntry.value:type_name -> istio.networking.v1.StringMatch + 18, // 54: istio.networking.v1.HTTPMatchRequest.WithoutHeadersEntry.value:type_name -> istio.networking.v1.StringMatch + 36, // 55: istio.networking.v1.HTTPFaultInjection.Delay.fixed_delay:type_name -> google.protobuf.Duration + 36, // 56: istio.networking.v1.HTTPFaultInjection.Delay.exponential_delay:type_name -> google.protobuf.Duration + 24, // 57: istio.networking.v1.HTTPFaultInjection.Delay.percentage:type_name -> istio.networking.v1.Percent + 24, // 58: istio.networking.v1.HTTPFaultInjection.Abort.percentage:type_name -> istio.networking.v1.Percent + 59, // [59:59] is the sub-list for method output_type + 59, // [59:59] is the sub-list for method input_type + 59, // [59:59] is the sub-list for extension type_name + 59, // [59:59] is the sub-list for extension extendee + 0, // [0:59] is the sub-list for field type_name +} + +func init() { file_networking_v1_virtual_service_proto_init() } +func file_networking_v1_virtual_service_proto_init() { + if File_networking_v1_virtual_service_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_networking_v1_virtual_service_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*VirtualService); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_virtual_service_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Destination); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_virtual_service_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*HTTPRoute); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_virtual_service_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Delegate); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_virtual_service_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Headers); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_virtual_service_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*TLSRoute); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_virtual_service_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*TCPRoute); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_virtual_service_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*HTTPMatchRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_virtual_service_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*HTTPRouteDestination); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_virtual_service_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*RouteDestination); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_virtual_service_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*L4MatchAttributes); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_virtual_service_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*TLSMatchAttributes); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_virtual_service_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*HTTPRedirect); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_virtual_service_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*HTTPDirectResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_virtual_service_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*HTTPBody); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_virtual_service_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*HTTPRewrite); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_virtual_service_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*RegexRewrite); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_virtual_service_proto_msgTypes[17].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*StringMatch); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_virtual_service_proto_msgTypes[18].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*HTTPRetry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_virtual_service_proto_msgTypes[19].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CorsPolicy); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_virtual_service_proto_msgTypes[20].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*HTTPFaultInjection); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_virtual_service_proto_msgTypes[21].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*HTTPMirrorPolicy); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_virtual_service_proto_msgTypes[22].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*PortSelector); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_virtual_service_proto_msgTypes[23].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Percent); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_virtual_service_proto_msgTypes[24].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Headers_HeaderOperations); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_virtual_service_proto_msgTypes[33].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*HTTPFaultInjection_Delay); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_virtual_service_proto_msgTypes[34].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*HTTPFaultInjection_Abort); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + file_networking_v1_virtual_service_proto_msgTypes[12].OneofWrappers = []interface{}{ + (*HTTPRedirect_Port)(nil), + (*HTTPRedirect_DerivePort)(nil), + } + file_networking_v1_virtual_service_proto_msgTypes[14].OneofWrappers = []interface{}{ + (*HTTPBody_String_)(nil), + (*HTTPBody_Bytes)(nil), + } + file_networking_v1_virtual_service_proto_msgTypes[17].OneofWrappers = []interface{}{ + (*StringMatch_Exact)(nil), + (*StringMatch_Prefix)(nil), + (*StringMatch_Regex)(nil), + } + file_networking_v1_virtual_service_proto_msgTypes[33].OneofWrappers = []interface{}{ + (*HTTPFaultInjection_Delay_FixedDelay)(nil), + (*HTTPFaultInjection_Delay_ExponentialDelay)(nil), + } + file_networking_v1_virtual_service_proto_msgTypes[34].OneofWrappers = []interface{}{ + (*HTTPFaultInjection_Abort_HttpStatus)(nil), + (*HTTPFaultInjection_Abort_GrpcStatus)(nil), + (*HTTPFaultInjection_Abort_Http2Error)(nil), + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_networking_v1_virtual_service_proto_rawDesc, + NumEnums: 1, + NumMessages: 35, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_networking_v1_virtual_service_proto_goTypes, + DependencyIndexes: file_networking_v1_virtual_service_proto_depIdxs, + EnumInfos: file_networking_v1_virtual_service_proto_enumTypes, + MessageInfos: file_networking_v1_virtual_service_proto_msgTypes, + }.Build() + File_networking_v1_virtual_service_proto = out.File + file_networking_v1_virtual_service_proto_rawDesc = nil + file_networking_v1_virtual_service_proto_goTypes = nil + file_networking_v1_virtual_service_proto_depIdxs = nil +} diff --git a/networking/v1/virtual_service.proto b/networking/v1/virtual_service.proto new file mode 100644 index 00000000..96291029 --- /dev/null +++ b/networking/v1/virtual_service.proto @@ -0,0 +1,1520 @@ +// Copyright 2020 Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +import "google/api/field_behavior.proto"; +import "google/protobuf/duration.proto"; +import "google/protobuf/wrappers.proto"; + +// $schema: istio.networking.v1.VirtualService +// $title: Virtual Service +// $description: Configuration affecting label/content routing, sni routing, etc. +// $location: https://istio.io/docs/reference/config/networking/virtual-service.html +// $aliases: [/docs/reference/config/networking/v1/virtual-service] +// $mode: none + +// Configuration affecting traffic routing. Here are a few terms useful to define +// in the context of traffic routing. +// +// `Service` a unit of application behavior bound to a unique name in a +// service registry. Services consist of multiple network *endpoints* +// implemented by workload instances running on pods, containers, VMs etc. +// +// `Service versions (a.k.a. subsets)` - In a continuous deployment +// scenario, for a given service, there can be distinct subsets of +// instances running different variants of the application binary. These +// variants are not necessarily different API versions. They could be +// iterative changes to the same service, deployed in different +// environments (prod, staging, dev, etc.). Common scenarios where this +// occurs include A/B testing, canary rollouts, etc. The choice of a +// particular version can be decided based on various criterion (headers, +// url, etc.) and/or by weights assigned to each version. Each service has +// a default version consisting of all its instances. +// +// `Source` - A downstream client calling a service. +// +// `Host` - The address used by a client when attempting to connect to a +// service. +// +// `Access model` - Applications address only the destination service +// (Host) without knowledge of individual service versions (subsets). The +// actual choice of the version is determined by the proxy/sidecar, enabling the +// application code to decouple itself from the evolution of dependent +// services. +// +// A `VirtualService` defines a set of traffic routing rules to apply when a host is +// addressed. Each routing rule defines matching criteria for traffic of a specific +// protocol. If the traffic is matched, then it is sent to a named destination service +// (or subset/version of it) defined in the registry. +// +// The source of traffic can also be matched in a routing rule. This allows routing +// to be customized for specific client contexts. +// +// The following example on Kubernetes, routes all HTTP traffic by default to +// pods of the reviews service with label "version: v1". In addition, +// HTTP requests with path starting with /wpcatalog/ or /consumercatalog/ will +// be rewritten to /newcatalog and sent to pods with label "version: v2". +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: VirtualService +// metadata: +// name: reviews-route +// spec: +// hosts: +// - reviews.prod.svc.cluster.local +// http: +// - name: "reviews-v2-routes" +// match: +// - uri: +// prefix: "/wpcatalog" +// - uri: +// prefix: "/consumercatalog" +// rewrite: +// uri: "/newcatalog" +// route: +// - destination: +// host: reviews.prod.svc.cluster.local +// subset: v2 +// - name: "reviews-v1-route" +// route: +// - destination: +// host: reviews.prod.svc.cluster.local +// subset: v1 +// ``` +// +// A subset/version of a route destination is identified with a reference +// to a named service subset which must be declared in a corresponding +// `DestinationRule`. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: DestinationRule +// metadata: +// name: reviews-destination +// spec: +// host: reviews.prod.svc.cluster.local +// subsets: +// - name: v1 +// labels: +// version: v1 +// - name: v2 +// labels: +// version: v2 +// ``` +package istio.networking.v1; + +option go_package = "istio.io/api/networking/v1"; + +// Configuration affecting traffic routing. +// +// +// +// +// +message VirtualService { + // The destination hosts to which traffic is being sent. Could + // be a DNS name with wildcard prefix or an IP address. Depending on the + // platform, short-names can also be used instead of a FQDN (i.e. has no + // dots in the name). In such a scenario, the FQDN of the host would be + // derived based on the underlying platform. + // + // A single VirtualService can be used to describe all the traffic + // properties of the corresponding hosts, including those for multiple + // HTTP and TCP ports. Alternatively, the traffic properties of a host + // can be defined using more than one VirtualService, with certain + // caveats. Refer to the + // [Operations Guide](https://istio.io/docs/ops/best-practices/traffic-management/#split-virtual-services) + // for details. + // + // *Note for Kubernetes users*: When short names are used (e.g. "reviews" + // instead of "reviews.default.svc.cluster.local"), Istio will interpret + // the short name based on the namespace of the rule, not the service. A + // rule in the "default" namespace containing a host "reviews" will be + // interpreted as "reviews.default.svc.cluster.local", irrespective of + // the actual namespace associated with the reviews service. _To avoid + // potential misconfigurations, it is recommended to always use fully + // qualified domain names over short names._ + // + // The hosts field applies to both HTTP and TCP services. Service inside + // the mesh, i.e., those found in the service registry, must always be + // referred to using their alphanumeric names. IP addresses are allowed + // only for services defined via the Gateway. + // + // *Note*: It must be empty for a delegate VirtualService. + repeated string hosts = 1; + + // The names of gateways and sidecars that should apply these routes. + // Gateways in other namespaces may be referred to by + // `/`; specifying a gateway with no + // namespace qualifier is the same as specifying the VirtualService's + // namespace. A single VirtualService is used for sidecars inside the mesh as + // well as for one or more gateways. The selection condition imposed by this + // field can be overridden using the source field in the match conditions + // of protocol-specific routes. The reserved word `mesh` is used to imply + // all the sidecars in the mesh. When this field is omitted, the default + // gateway (`mesh`) will be used, which would apply the rule to all + // sidecars in the mesh. If a list of gateway names is provided, the + // rules will apply only to the gateways. To apply the rules to both + // gateways and sidecars, specify `mesh` as one of the gateway names. + repeated string gateways = 2; + + // An ordered list of route rules for HTTP traffic. HTTP routes will be + // applied to platform service ports using HTTP/HTTP2/GRPC protocols, gateway + // ports with protocol HTTP/HTTP2/GRPC/TLS-terminated-HTTPS and service + // entry ports using HTTP/HTTP2/GRPC protocols. The first rule matching + // an incoming request is used. + repeated HTTPRoute http = 3; + + // An ordered list of route rule for non-terminated TLS & HTTPS + // traffic. Routing is typically performed using the SNI value presented + // by the ClientHello message. TLS routes will be applied to platform + // service ports named 'https-*', 'tls-*', unterminated gateway ports using + // HTTPS/TLS protocols (i.e. with "passthrough" TLS mode) and service + // entry ports using HTTPS/TLS protocols. The first rule matching an + // incoming request is used. NOTE: Traffic 'https-*' or 'tls-*' ports + // without associated virtual service will be treated as opaque TCP + // traffic. + repeated TLSRoute tls = 5; + + // An ordered list of route rules for opaque TCP traffic. TCP routes will + // be applied to any port that is not a HTTP or TLS port. The first rule + // matching an incoming request is used. + repeated TCPRoute tcp = 4; + + // A list of namespaces to which this virtual service is exported. Exporting a + // virtual service allows it to be used by sidecars and gateways defined in + // other namespaces. This feature provides a mechanism for service owners + // and mesh administrators to control the visibility of virtual services + // across namespace boundaries. + // + // If no namespaces are specified then the virtual service is exported to all + // namespaces by default. + // + // The value "." is reserved and defines an export to the same namespace that + // the virtual service is declared in. Similarly the value "*" is reserved and + // defines an export to all namespaces. + repeated string export_to = 6; +} + +// Destination indicates the network addressable service to which the +// request/connection will be sent after processing a routing rule. The +// destination.host should unambiguously refer to a service in the service +// registry. Istio's service registry is composed of all the services found +// in the platform's service registry (e.g., Kubernetes services, Consul +// services), as well as services declared through the +// [ServiceEntry](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry) resource. +// +// *Note for Kubernetes users*: When short names are used (e.g. "reviews" +// instead of "reviews.default.svc.cluster.local"), Istio will interpret +// the short name based on the namespace of the rule, not the service. A +// rule in the "default" namespace containing a host "reviews will be +// interpreted as "reviews.default.svc.cluster.local", irrespective of the +// actual namespace associated with the reviews service. _To avoid potential +// misconfigurations, it is recommended to always use fully qualified +// domain names over short names._ +// +// The following Kubernetes example routes all traffic by default to pods +// of the reviews service with label "version: v1" (i.e., subset v1), and +// some to subset v2, in a Kubernetes environment. +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: VirtualService +// metadata: +// name: reviews-route +// namespace: foo +// spec: +// hosts: +// - reviews # interpreted as reviews.foo.svc.cluster.local +// http: +// - match: +// - uri: +// prefix: "/wpcatalog" +// - uri: +// prefix: "/consumercatalog" +// rewrite: +// uri: "/newcatalog" +// route: +// - destination: +// host: reviews # interpreted as reviews.foo.svc.cluster.local +// subset: v2 +// - route: +// - destination: +// host: reviews # interpreted as reviews.foo.svc.cluster.local +// subset: v1 +// ``` +// +// And the associated DestinationRule +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: DestinationRule +// metadata: +// name: reviews-destination +// namespace: foo +// spec: +// host: reviews # interpreted as reviews.foo.svc.cluster.local +// subsets: +// - name: v1 +// labels: +// version: v1 +// - name: v2 +// labels: +// version: v2 +// ``` +// +// The following VirtualService sets a timeout of 5s for all calls to +// productpage.prod.svc.cluster.local service in Kubernetes. Notice that +// there are no subsets defined in this rule. Istio will fetch all +// instances of productpage.prod.svc.cluster.local service from the service +// registry and populate the sidecar's load balancing pool. Also, notice +// that this rule is set in the istio-system namespace but uses the fully +// qualified domain name of the productpage service, +// productpage.prod.svc.cluster.local. Therefore the rule's namespace does +// not have an impact in resolving the name of the productpage service. +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: VirtualService +// metadata: +// name: my-productpage-rule +// namespace: istio-system +// spec: +// hosts: +// - productpage.prod.svc.cluster.local # ignores rule namespace +// http: +// - timeout: 5s +// route: +// - destination: +// host: productpage.prod.svc.cluster.local +// ``` +// +// To control routing for traffic bound to services outside the mesh, external +// services must first be added to Istio's internal service registry using the +// ServiceEntry resource. VirtualServices can then be defined to control traffic +// bound to these external services. For example, the following rules define a +// Service for wikipedia.org and set a timeout of 5s for HTTP requests. +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: ServiceEntry +// metadata: +// name: external-svc-wikipedia +// spec: +// hosts: +// - wikipedia.org +// location: MESH_EXTERNAL +// ports: +// - number: 80 +// name: example-http +// protocol: HTTP +// resolution: DNS +// --- +// apiVersion: networking.istio.io/v1beta1 +// kind: VirtualService +// metadata: +// name: my-wiki-rule +// spec: +// hosts: +// - wikipedia.org +// http: +// - timeout: 5s +// route: +// - destination: +// host: wikipedia.org +// ``` +// +message Destination { + // The name of a service from the service registry. Service + // names are looked up from the platform's service registry (e.g., + // Kubernetes services, Consul services, etc.) and from the hosts + // declared by [ServiceEntry](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry). Traffic forwarded to + // destinations that are not found in either of the two, will be dropped. + // + // *Note for Kubernetes users*: When short names are used (e.g. "reviews" + // instead of "reviews.default.svc.cluster.local"), Istio will interpret + // the short name based on the namespace of the rule, not the service. A + // rule in the "default" namespace containing a host "reviews will be + // interpreted as "reviews.default.svc.cluster.local", irrespective of + // the actual namespace associated with the reviews service. To avoid + // potential misconfiguration, it is recommended to always use fully + // qualified domain names over short names. + string host = 1 [(google.api.field_behavior) = REQUIRED]; + + // The name of a subset within the service. Applicable only to services + // within the mesh. The subset must be defined in a corresponding + // DestinationRule. + string subset = 2; + + // Specifies the port on the host that is being addressed. If a service + // exposes only a single port it is not required to explicitly select the + // port. + PortSelector port = 3; +} + +// Describes match conditions and actions for routing HTTP/1.1, HTTP2, and +// gRPC traffic. See VirtualService for usage examples. +message HTTPRoute { + // The name assigned to the route for debugging purposes. The + // route's name will be concatenated with the match's name and will + // be logged in the access logs for requests matching this + // route/match. + string name = 17; + + // Match conditions to be satisfied for the rule to be + // activated. All conditions inside a single match block have AND + // semantics, while the list of match blocks have OR semantics. The rule + // is matched if any one of the match blocks succeed. + repeated HTTPMatchRequest match = 1; + + // A HTTP rule can either return a direct_response, redirect or forward (default) traffic. + // The forwarding target can be one of several versions of a service (see + // glossary in beginning of document). Weights associated with the + // service version determine the proportion of traffic it receives. + repeated HTTPRouteDestination route = 2; + + // A HTTP rule can either return a direct_response, redirect or forward (default) traffic. + // If traffic passthrough option is specified in the rule, + // route/redirect will be ignored. The redirect primitive can be used to + // send a HTTP 301 redirect to a different URI or Authority. + HTTPRedirect redirect = 3; + + // A HTTP rule can either return a direct_response, redirect or forward (default) traffic. + // Direct Response is used to specify a fixed response that should + // be sent to clients. + // + // It can be set only when `Route` and `Redirect` are empty. + HTTPDirectResponse direct_response = 21; + + // Delegate is used to specify the particular VirtualService which + // can be used to define delegate HTTPRoute. + // + // It can be set only when `Route` and `Redirect` are empty, and the route + // rules of the delegate VirtualService will be merged with that in the + // current one. + // + // **NOTE**: + // + // 1. Only one level delegation is supported. + // 2. The delegate's HTTPMatchRequest must be a strict subset of the root's, + // otherwise there is a conflict and the HTTPRoute will not take effect. + Delegate delegate = 20; + + // Rewrite HTTP URIs and Authority headers. Rewrite cannot be used with + // Redirect primitive. Rewrite will be performed before forwarding. + HTTPRewrite rewrite = 4; + + reserved 5; + reserved "websocket_upgrade"; + + // Timeout for HTTP requests, default is disabled. + google.protobuf.Duration timeout = 6; + + // Retry policy for HTTP requests. + HTTPRetry retries = 7; + + // Fault injection policy to apply on HTTP traffic at the client side. + // Note that timeouts or retries will not be enabled when faults are + // enabled on the client side. + HTTPFaultInjection fault = 8; + + // Mirror HTTP traffic to a another destination in addition to forwarding + // the requests to the intended destination. Mirrored traffic is on a + // best effort basis where the sidecar/gateway will not wait for the + // mirrored cluster to respond before returning the response from the + // original destination. Statistics will be generated for the mirrored + // destination. + Destination mirror = 9; + + // Specifies the destinations to mirror HTTP traffic in addition + // to the original destination. Mirrored traffic is on a + // best effort basis where the sidecar/gateway will not wait for the + // mirrored destinations to respond before returning the response from the + // original destination. Statistics will be generated for the mirrored + // destination. + repeated HTTPMirrorPolicy mirrors = 22; + + // Percentage of the traffic to be mirrored by the `mirror` field. + // Use of integer `mirror_percent` value is deprecated. Use the + // double `mirror_percentage` field instead + // $hide_from_docs + // +kubebuilder:altName=mirror_percent + google.protobuf.UInt32Value mirror_percent = 18 [deprecated=true]; + + // Percentage of the traffic to be mirrored by the `mirror` field. + // If this field is absent, all the traffic (100%) will be mirrored. + // Max value is 100. + Percent mirror_percentage = 19; + + // Cross-Origin Resource Sharing policy (CORS). Refer to + // [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) + // for further details about cross origin resource sharing. + CorsPolicy cors_policy = 10; + + reserved 11 to 15; + reserved "append_headers", "remove_response_headers", "append_response_headers","remove_request_headers", "append_request_headers"; + + // Header manipulation rules + Headers headers = 16; + + // $hide_from_docs + // Next available field number: 23 +} + + +// Describes the delegate VirtualService. +// The following routing rules forward the traffic to `/productpage` by a delegate VirtualService named `productpage`, +// forward the traffic to `/reviews` by a delegate VirtualService named `reviews`. +// +// ```yaml +// apiVersion: networking.istio.io/v1alpha3 +// kind: VirtualService +// metadata: +// name: bookinfo +// spec: +// hosts: +// - "bookinfo.com" +// gateways: +// - mygateway +// http: +// - match: +// - uri: +// prefix: "/productpage" +// delegate: +// name: productpage +// namespace: nsA +// - match: +// - uri: +// prefix: "/reviews" +// delegate: +// name: reviews +// namespace: nsB +// ``` +// +// ```yaml +// apiVersion: networking.istio.io/v1alpha3 +// kind: VirtualService +// metadata: +// name: productpage +// namespace: nsA +// spec: +// http: +// - match: +// - uri: +// prefix: "/productpage/v1/" +// route: +// - destination: +// host: productpage-v1.nsA.svc.cluster.local +// - route: +// - destination: +// host: productpage.nsA.svc.cluster.local +// ``` +// +// ```yaml +// apiVersion: networking.istio.io/v1alpha3 +// kind: VirtualService +// metadata: +// name: reviews +// namespace: nsB +// spec: +// http: +// - route: +// - destination: +// host: reviews.nsB.svc.cluster.local +// ``` +message Delegate { + // Name specifies the name of the delegate VirtualService. + string name = 1; + // Namespace specifies the namespace where the delegate VirtualService resides. + // By default, it is same to the root's. + string namespace = 2; +} + + +// Message headers can be manipulated when Envoy forwards requests to, +// or responses from, a destination service. Header manipulation rules can +// be specified for a specific route destination or for all destinations. +// The following VirtualService adds a `test` header with the value `true` +// to requests that are routed to any `reviews` service destination. +// It also removes the `foo` response header, but only from responses +// coming from the `v1` subset (version) of the `reviews` service. +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: VirtualService +// metadata: +// name: reviews-route +// spec: +// hosts: +// - reviews.prod.svc.cluster.local +// http: +// - headers: +// request: +// set: +// test: "true" +// route: +// - destination: +// host: reviews.prod.svc.cluster.local +// subset: v2 +// weight: 25 +// - destination: +// host: reviews.prod.svc.cluster.local +// subset: v1 +// headers: +// response: +// remove: +// - foo +// weight: 75 +// ``` +message Headers { + // Header manipulation rules to apply before forwarding a request + // to the destination service + HeaderOperations request = 1; + // Header manipulation rules to apply before returning a response + // to the caller + HeaderOperations response = 2; + + // HeaderOperations Describes the header manipulations to apply + message HeaderOperations { + // Overwrite the headers specified by key with the given values + map set = 1; + // Append the given values to the headers specified by keys + // (will create a comma-separated list of values) + map add = 2; + // Remove the specified headers + repeated string remove = 3; + } +} + +// Describes match conditions and actions for routing unterminated TLS +// traffic (TLS/HTTPS) The following routing rule forwards unterminated TLS +// traffic arriving at port 443 of gateway called "mygateway" to internal +// services in the mesh based on the SNI value. +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: VirtualService +// metadata: +// name: bookinfo-sni +// spec: +// hosts: +// - "*.bookinfo.com" +// gateways: +// - mygateway +// tls: +// - match: +// - port: 443 +// sniHosts: +// - login.bookinfo.com +// route: +// - destination: +// host: login.prod.svc.cluster.local +// - match: +// - port: 443 +// sniHosts: +// - reviews.bookinfo.com +// route: +// - destination: +// host: reviews.prod.svc.cluster.local +// ``` +message TLSRoute { + // Match conditions to be satisfied for the rule to be + // activated. All conditions inside a single match block have AND + // semantics, while the list of match blocks have OR semantics. The rule + // is matched if any one of the match blocks succeed. + repeated TLSMatchAttributes match = 1 [(google.api.field_behavior) = REQUIRED]; + + // The destination to which the connection should be forwarded to. + repeated RouteDestination route = 2; +} + +// Describes match conditions and actions for routing TCP traffic. The +// following routing rule forwards traffic arriving at port 27017 for +// mongo.prod.svc.cluster.local to another Mongo server on port 5555. +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: VirtualService +// metadata: +// name: bookinfo-mongo +// spec: +// hosts: +// - mongo.prod.svc.cluster.local +// tcp: +// - match: +// - port: 27017 +// route: +// - destination: +// host: mongo.backup.svc.cluster.local +// port: +// number: 5555 +// ``` +message TCPRoute { + // Match conditions to be satisfied for the rule to be + // activated. All conditions inside a single match block have AND + // semantics, while the list of match blocks have OR semantics. The rule + // is matched if any one of the match blocks succeed. + repeated L4MatchAttributes match = 1; + + // The destination to which the connection should be forwarded to. + repeated RouteDestination route = 2; +} + +// HttpMatchRequest specifies a set of criterion to be met in order for the +// rule to be applied to the HTTP request. For example, the following +// restricts the rule to match only requests where the URL path +// starts with /ratings/v2/ and the request contains a custom `end-user` header +// with value `jason`. +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: VirtualService +// metadata: +// name: ratings-route +// spec: +// hosts: +// - ratings.prod.svc.cluster.local +// http: +// - match: +// - headers: +// end-user: +// exact: jason +// uri: +// prefix: "/ratings/v2/" +// ignoreUriCase: true +// route: +// - destination: +// host: ratings.prod.svc.cluster.local +// ``` +// +// HTTPMatchRequest CANNOT be empty. +// **Note:** +// 1. If a root VirtualService have matched any property (path, header etc.) by regex, delegate VirtualServices should not have any other matches on the same property. +// 2. If a delegate VirtualService have matched any property (path, header etc.) by regex, root VirtualServices should not have any other matches on the same property. +message HTTPMatchRequest { + // The name assigned to a match. The match's name will be + // concatenated with the parent route's name and will be logged in + // the access logs for requests matching this route. + string name = 11; + + // URI to match + // values are case-sensitive and formatted as follows: + // + // - `exact: "value"` for exact string match + // + // - `prefix: "value"` for prefix-based match + // + // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + // + // **Note:** Case-insensitive matching could be enabled via the + // `ignoreUriCase` flag. + StringMatch uri = 1; + + // URI Scheme + // values are case-sensitive and formatted as follows: + // + // - `exact: "value"` for exact string match + // + // - `prefix: "value"` for prefix-based match + // + // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + // + StringMatch scheme = 2; + + // HTTP Method + // values are case-sensitive and formatted as follows: + // + // - `exact: "value"` for exact string match + // + // - `prefix: "value"` for prefix-based match + // + // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + // + StringMatch method = 3; + + // HTTP Authority + // values are case-sensitive and formatted as follows: + // + // - `exact: "value"` for exact string match + // + // - `prefix: "value"` for prefix-based match + // + // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + // + StringMatch authority = 4; + + // The header keys must be lowercase and use hyphen as the separator, + // e.g. _x-request-id_. + // + // Header values are case-sensitive and formatted as follows: + // + // - `exact: "value"` for exact string match + // + // - `prefix: "value"` for prefix-based match + // + // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + // + // If the value is empty and only the name of header is specified, presence of the header is checked. + // To provide an empty value, use `{}`, for example: + // + // ``` + // - match: + // - headers: + // myheader: {} + // ``` + // **Note:** The keys `uri`, `scheme`, `method`, and `authority` will be ignored. + map headers = 5; + + // Specifies the ports on the host that is being addressed. Many services + // only expose a single port or label ports with the protocols they support, + // in these cases it is not required to explicitly select the port. + uint32 port = 6; + + // One or more labels that constrain the applicability of a rule to source (client) workloads + // with the given labels. If the VirtualService has a list of gateways specified + // in the top-level `gateways` field, it must include the reserved gateway + // `mesh` for this field to be applicable. + map source_labels = 7; + + // Names of gateways where the rule should be applied. Gateway names + // in the top-level `gateways` field of the VirtualService (if any) are overridden. The gateway + // match is independent of sourceLabels. + repeated string gateways = 8; + + // Query parameters for matching. + // + // Ex: + // + // - For a query parameter like "?key=true", the map key would be "key" and + // the string match could be defined as `exact: "true"`. + // + // - For a query parameter like "?key", the map key would be "key" and the + // string match could be defined as `exact: ""`. + // + // - For a query parameter like "?key=abc" or "?key=abx", the map key would be "key" and the + // string match could be defined as `prefix: "ab"`. + // + // - For a query parameter like "?key=123", the map key would be "key" and the + // string match could be defined as `regex: "\d+$"`. Note that this + // configuration will only match values like "123" but not "a123" or "123a". + map query_params = 9; + + // Flag to specify whether the URI matching should be case-insensitive. + // + // **Note:** The case will be ignored only in the case of `exact` and `prefix` + // URI matches. + bool ignore_uri_case = 10; + + // withoutHeader has the same syntax with the header, but has opposite meaning. + // If a header is matched with a matching rule among withoutHeader, the traffic becomes not matched one. + map without_headers = 12; + + // Source namespace constraining the applicability of a rule to workloads in that namespace. + // If the VirtualService has a list of gateways specified in the top-level `gateways` field, + // it must include the reserved gateway `mesh` for this field to be applicable. + string source_namespace = 13; + + // The human readable prefix to use when emitting statistics for this route. + // The statistics are generated with prefix route.. + // This should be set for highly critical routes that one wishes to get "per-route" statistics on. + // This prefix is only for proxy-level statistics (envoy_*) and not service-level (istio_*) statistics. + // Refer to https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-route-stat-prefix + // for statistics that are generated when this is configured. + string stat_prefix = 14; +} + +// Each routing rule is associated with one or more service versions (see +// glossary in beginning of document). Weights associated with the version +// determine the proportion of traffic it receives. For example, the +// following rule will route 25% of traffic for the "reviews" service to +// instances with the "v2" tag and the remaining traffic (i.e., 75%) to +// "v1". +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: VirtualService +// metadata: +// name: reviews-route +// spec: +// hosts: +// - reviews.prod.svc.cluster.local +// http: +// - route: +// - destination: +// host: reviews.prod.svc.cluster.local +// subset: v2 +// weight: 25 +// - destination: +// host: reviews.prod.svc.cluster.local +// subset: v1 +// weight: 75 +// ``` +// +// And the associated DestinationRule +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: DestinationRule +// metadata: +// name: reviews-destination +// spec: +// host: reviews.prod.svc.cluster.local +// subsets: +// - name: v1 +// labels: +// version: v1 +// - name: v2 +// labels: +// version: v2 +// ``` +// +// Traffic can also be split across two entirely different services without +// having to define new subsets. For example, the following rule forwards 25% of +// traffic to reviews.com to dev.reviews.com +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: VirtualService +// metadata: +// name: reviews-route-two-domains +// spec: +// hosts: +// - reviews.com +// http: +// - route: +// - destination: +// host: dev.reviews.com +// weight: 25 +// - destination: +// host: reviews.com +// weight: 75 +// ``` +// +message HTTPRouteDestination { + // Destination uniquely identifies the instances of a service + // to which the request/connection should be forwarded to. + Destination destination = 1 [(google.api.field_behavior) = REQUIRED]; + + // Weight specifies the relative proportion of traffic to be forwarded to the destination. A destination will receive `weight/(sum of all weights)` requests. + // If there is only one destination in a rule, it will receive all traffic. + // Otherwise, if weight is `0`, the destination will not receive any traffic. + int32 weight = 2; + + reserved 3 to 6; + reserved "remove_response_headers", "append_response_headers", "remove_request_headers", "append_request_headers"; + + // Header manipulation rules + Headers headers = 7; +} + +// L4 routing rule weighted destination. +message RouteDestination { + // Destination uniquely identifies the instances of a service + // to which the request/connection should be forwarded to. + Destination destination = 1 [(google.api.field_behavior) = REQUIRED]; + + // Weight specifies the relative proportion of traffic to be forwarded to the destination. A destination will receive `weight/(sum of all weights)` requests. + // If there is only one destination in a rule, it will receive all traffic. + // Otherwise, if weight is `0`, the destination will not receive any traffic. + int32 weight = 2; +} + +// L4 connection match attributes. Note that L4 connection matching support +// is incomplete. +message L4MatchAttributes { + // IPv4 or IPv6 ip addresses of destination with optional subnet. E.g., + // a.b.c.d/xx form or just a.b.c.d. + repeated string destination_subnets = 1; + + // Specifies the port on the host that is being addressed. Many services + // only expose a single port or label ports with the protocols they support, + // in these cases it is not required to explicitly select the port. + uint32 port = 2; + + // IPv4 or IPv6 ip address of source with optional subnet. E.g., a.b.c.d/xx + // form or just a.b.c.d + // $hide_from_docs + string source_subnet = 3; + + // One or more labels that constrain the applicability of a rule to + // workloads with the given labels. If the VirtualService has a list of + // gateways specified in the top-level `gateways` field, it should include the reserved gateway + // `mesh` in order for this field to be applicable. + map source_labels = 4; + + // Names of gateways where the rule should be applied. Gateway names + // in the top-level `gateways` field of the VirtualService (if any) are overridden. The gateway + // match is independent of sourceLabels. + repeated string gateways = 5; + + // Source namespace constraining the applicability of a rule to workloads in that namespace. + // If the VirtualService has a list of gateways specified in the top-level `gateways` field, + // it must include the reserved gateway `mesh` for this field to be applicable. + string source_namespace = 6; +} + +// TLS connection match attributes. +message TLSMatchAttributes { + // SNI (server name indicator) to match on. Wildcard prefixes + // can be used in the SNI value, e.g., *.com will match foo.example.com + // as well as example.com. An SNI value must be a subset (i.e., fall + // within the domain) of the corresponding virtual service's hosts. + repeated string sni_hosts = 1 [(google.api.field_behavior) = REQUIRED]; + + // IPv4 or IPv6 ip addresses of destination with optional subnet. E.g., + // a.b.c.d/xx form or just a.b.c.d. + repeated string destination_subnets = 2; + + // Specifies the port on the host that is being addressed. Many services + // only expose a single port or label ports with the protocols they + // support, in these cases it is not required to explicitly select the + // port. + uint32 port = 3; + + reserved 4; + reserved "source_subnet"; + + // One or more labels that constrain the applicability of a rule to + // workloads with the given labels. If the VirtualService has a list of + // gateways specified in the top-level `gateways` field, it should include the reserved gateway + // `mesh` in order for this field to be applicable. + map source_labels = 5; + + // Names of gateways where the rule should be applied. Gateway names + // in the top-level `gateways` field of the VirtualService (if any) are overridden. The gateway + // match is independent of sourceLabels. + repeated string gateways = 6; + + // Source namespace constraining the applicability of a rule to workloads in that namespace. + // If the VirtualService has a list of gateways specified in the top-level `gateways` field, + // it must include the reserved gateway `mesh` for this field to be applicable. + string source_namespace = 7; +} + +// HTTPRedirect can be used to send a 301 redirect response to the caller, +// where the Authority/Host and the URI in the response can be swapped with +// the specified values. For example, the following rule redirects +// requests for /v1/getProductRatings API on the ratings service to +// /v1/bookRatings provided by the bookratings service. +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: VirtualService +// metadata: +// name: ratings-route +// spec: +// hosts: +// - ratings.prod.svc.cluster.local +// http: +// - match: +// - uri: +// exact: /v1/getProductRatings +// redirect: +// uri: /v1/bookRatings +// authority: newratings.default.svc.cluster.local +// ... +// ``` +// +message HTTPRedirect { + // On a redirect, overwrite the Path portion of the URL with this + // value. Note that the entire path will be replaced, irrespective of the + // request URI being matched as an exact path or prefix. + string uri = 1; + + // On a redirect, overwrite the Authority/Host portion of the URL with + // this value. + string authority = 2; + + enum RedirectPortSelection { + FROM_PROTOCOL_DEFAULT = 0; + FROM_REQUEST_PORT = 1; + } + oneof redirect_port { + // On a redirect, overwrite the port portion of the URL with this value. + uint32 port = 4; + // On a redirect, dynamically set the port: + // * FROM_PROTOCOL_DEFAULT: automatically set to 80 for HTTP and 443 for HTTPS. + // * FROM_REQUEST_PORT: automatically use the port of the request. + RedirectPortSelection derive_port = 5; + } + + // On a redirect, overwrite the scheme portion of the URL with this value. + // For example, `http` or `https`. + // If unset, the original scheme will be used. + // If `derivePort` is set to `FROM_PROTOCOL_DEFAULT`, this will impact the port used as well + string scheme = 6; + + // On a redirect, Specifies the HTTP status code to use in the redirect + // response. The default response code is MOVED_PERMANENTLY (301). + uint32 redirect_code = 3; +} + +// HTTPDirectResponse can be used to send a fixed response to clients. +// For example, the following rule returns a fixed 503 status with a body +// to requests for /v1/getProductRatings API. +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: VirtualService +// metadata: +// name: ratings-route +// spec: +// hosts: +// - ratings.prod.svc.cluster.local +// http: +// - match: +// - uri: +// exact: /v1/getProductRatings +// directResponse: +// status: 503 +// body: +// string: "unknown error" +// ... +// ``` +// +// It is also possible to specify a binary response body. +// This is mostly useful for non text-based protocols such as gRPC. +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: VirtualService +// metadata: +// name: ratings-route +// spec: +// hosts: +// - ratings.prod.svc.cluster.local +// http: +// - match: +// - uri: +// exact: /v1/getProductRatings +// directResponse: +// status: 503 +// body: +// bytes: "dW5rbm93biBlcnJvcg==" # "unknown error" in base64 +// ... +// ``` +// +// It is good practice to add headers in the HTTPRoute +// as well as the direct_response, for example to specify +// the returned Content-Type. +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: VirtualService +// metadata: +// name: ratings-route +// spec: +// hosts: +// - ratings.prod.svc.cluster.local +// http: +// - match: +// - uri: +// exact: /v1/getProductRatings +// directResponse: +// status: 503 +// body: +// string: "{\"error\": \"unknown error\"}" +// headers: +// response: +// set: +// content-type: "text/plain" +// ... +// ``` +// +message HTTPDirectResponse { + // Specifies the HTTP response status to be returned. + uint32 status = 1 [(google.api.field_behavior) = REQUIRED]; + + // Specifies the content of the response body. If this setting is omitted, + // no body is included in the generated response. + HTTPBody body = 2; +} + +message HTTPBody { + oneof specifier { + // response body as a string + string string = 1; + + // response body as base64 encoded bytes. + bytes bytes = 2; + } +} + +// HTTPRewrite can be used to rewrite specific parts of a HTTP request +// before forwarding the request to the destination. Rewrite primitive can +// be used only with HTTPRouteDestination. The following example +// demonstrates how to rewrite the URL prefix for api call (/ratings) to +// ratings service before making the actual API call. +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: VirtualService +// metadata: +// name: ratings-route +// spec: +// hosts: +// - ratings.prod.svc.cluster.local +// http: +// - match: +// - uri: +// prefix: /ratings +// rewrite: +// uri: /v1/bookRatings +// route: +// - destination: +// host: ratings.prod.svc.cluster.local +// subset: v1 +// ``` +// +message HTTPRewrite { + // rewrite the path (or the prefix) portion of the URI with this + // value. If the original URI was matched based on prefix, the value + // provided in this field will replace the corresponding matched prefix. + string uri = 1; + + // rewrite the Authority/Host header with this value. + string authority = 2; + + // rewrite the path portion of the URI with the specified regex. + RegexRewrite uri_regex_rewrite = 3; +} + +message RegexRewrite { + // RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + string match = 1; + + // The string that should replace into matching portions of original URI. + // Capture groups in the pattern can be referenced in the new URI. + // Examples: + // + // Example 1: rewrite with capture groups + // Path pattern "/service/update/v1/api" with match "^/service/([^/]+)(/.*)$" and + // rewrite string of "/customprefix/\2/\1" would transform into "/customprefix/v1/api/update". + // + // Example 2: case insensitive rewrite + // Path pattern "/aaa/XxX/bbb" with match "(?i)/xxx/" and a rewrite string of /yyy/ would do a + // case-insensitive match and transform the path to "/aaa/yyy/bbb". + string rewrite = 2; +} + +// Describes how to match a given string in HTTP headers. Match is +// case-sensitive. +message StringMatch { + oneof match_type { + + // exact string match + string exact = 1; + + // prefix-based match + string prefix = 2; + + // RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + string regex = 3; + } +} + +// Describes the retry policy to use when a HTTP request fails. For +// example, the following rule sets the maximum number of retries to 3 when +// calling ratings:v1 service, with a 2s timeout per retry attempt. +// A retry will be attempted if there is a connect-failure, refused_stream +// or when the upstream server responds with Service Unavailable(503). +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: VirtualService +// metadata: +// name: ratings-route +// spec: +// hosts: +// - ratings.prod.svc.cluster.local +// http: +// - route: +// - destination: +// host: ratings.prod.svc.cluster.local +// subset: v1 +// retries: +// attempts: 3 +// perTryTimeout: 2s +// retryOn: gateway-error,connect-failure,refused-stream +// ``` +// +message HTTPRetry { + // Number of retries to be allowed for a given request. The interval + // between retries will be determined automatically (25ms+). When request + // `timeout` of the [HTTP route](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPRoute) + // or `per_try_timeout` is configured, the actual number of retries attempted also depends on + // the specified request `timeout` and `per_try_timeout` values. MUST BE >= 0. If `0`, retries will be disabled. + // The maximum possible number of requests made will be 1 + `attempts`. + int32 attempts = 1; + + // Timeout per attempt for a given request, including the initial call and any retries. Format: 1h/1m/1s/1ms. MUST BE >=1ms. + // Default is same value as request + // `timeout` of the [HTTP route](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPRoute), + // which means no timeout. + google.protobuf.Duration per_try_timeout = 2; + + // Specifies the conditions under which retry takes place. + // One or more policies can be specified using a ‘,’ delimited list. + // If `retry_on` specifies a valid HTTP status, it will be added to retriable_status_codes retry policy. + // See the [retry policies](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-on) + // and [gRPC retry policies](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-grpc-on) for more details. + string retry_on = 3; + + // Flag to specify whether the retries should retry to other localities. + // See the [retry plugin configuration](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/http/http_connection_management#retry-plugin-configuration) for more details. + google.protobuf.BoolValue retry_remote_localities = 4; +} + +// Describes the Cross-Origin Resource Sharing (CORS) policy, for a given +// service. Refer to [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS) +// for further details about cross origin resource sharing. For example, +// the following rule restricts cross origin requests to those originating +// from example.com domain using HTTP POST/GET, and sets the +// `Access-Control-Allow-Credentials` header to false. In addition, it only +// exposes `X-Foo-bar` header and sets an expiry period of 1 day. +// +// ```yaml +// apiVersion: networking.istio.io/v1beta1 +// kind: VirtualService +// metadata: +// name: ratings-route +// spec: +// hosts: +// - ratings.prod.svc.cluster.local +// http: +// - route: +// - destination: +// host: ratings.prod.svc.cluster.local +// subset: v1 +// corsPolicy: +// allowOrigins: +// - exact: https://example.com +// allowMethods: +// - POST +// - GET +// allowCredentials: false +// allowHeaders: +// - X-Foo-Bar +// maxAge: "24h" +// ``` +// +message CorsPolicy { + // The list of origins that are allowed to perform CORS requests. The + // content will be serialized into the Access-Control-Allow-Origin + // header. Wildcard * will allow all origins. + // $hide_from_docs + repeated string allow_origin = 1 [deprecated=true]; + + // String patterns that match allowed origins. + // An origin is allowed if any of the string matchers match. + // If a match is found, then the outgoing Access-Control-Allow-Origin would be set to the origin as provided by the client. + repeated StringMatch allow_origins = 7; + + // List of HTTP methods allowed to access the resource. The content will + // be serialized into the Access-Control-Allow-Methods header. + repeated string allow_methods = 2; + + // List of HTTP headers that can be used when requesting the + // resource. Serialized to Access-Control-Allow-Headers header. + repeated string allow_headers = 3; + + // A list of HTTP headers that the browsers are allowed to + // access. Serialized into Access-Control-Expose-Headers header. + repeated string expose_headers = 4; + + // Specifies how long the results of a preflight request can be + // cached. Translates to the `Access-Control-Max-Age` header. + google.protobuf.Duration max_age = 5; + + // Indicates whether the caller is allowed to send the actual request + // (not the preflight) using credentials. Translates to + // `Access-Control-Allow-Credentials` header. + google.protobuf.BoolValue allow_credentials = 6; +} + +// HTTPFaultInjection can be used to specify one or more faults to inject +// while forwarding HTTP requests to the destination specified in a route. +// Fault specification is part of a VirtualService rule. Faults include +// aborting the Http request from downstream service, and/or delaying +// proxying of requests. A fault rule MUST HAVE delay or abort or both. +// +// *Note:* Delay and abort faults are independent of one another, even if +// both are specified simultaneously. +message HTTPFaultInjection { + // Delay requests before forwarding, emulating various failures such as + // network issues, overloaded upstream service, etc. + Delay delay = 1; + + // Abort Http request attempts and return error codes back to downstream + // service, giving the impression that the upstream service is faulty. + Abort abort = 2; + + // Delay specification is used to inject latency into the request + // forwarding path. The following example will introduce a 5 second delay + // in 1 out of every 1000 requests to the "v1" version of the "reviews" + // service from all pods with label env: prod + // + // ```yaml + // apiVersion: networking.istio.io/v1beta1 + // kind: VirtualService + // metadata: + // name: reviews-route + // spec: + // hosts: + // - reviews.prod.svc.cluster.local + // http: + // - match: + // - sourceLabels: + // env: prod + // route: + // - destination: + // host: reviews.prod.svc.cluster.local + // subset: v1 + // fault: + // delay: + // percentage: + // value: 0.1 + // fixedDelay: 5s + // ``` + // + // The _fixedDelay_ field is used to indicate the amount of delay in seconds. + // The optional _percentage_ field can be used to only delay a certain + // percentage of requests. If left unspecified, no request will be delayed. + message Delay { + // Percentage of requests on which the delay will be injected (0-100). + // Use of integer `percent` value is deprecated. Use the double `percentage` + // field instead. + int32 percent = 1 [deprecated=true]; + + oneof http_delay_type { + // Add a fixed delay before forwarding the request. Format: + // 1h/1m/1s/1ms. MUST be >=1ms. + google.protobuf.Duration fixed_delay = 2; + + // $hide_from_docs + google.protobuf.Duration exponential_delay = 3 ; + } + + // Percentage of requests on which the delay will be injected. + // If left unspecified, no request will be delayed. + Percent percentage = 5; + } + + // Abort specification is used to prematurely abort a request with a + // pre-specified error code. The following example will return an HTTP 400 + // error code for 1 out of every 1000 requests to the "ratings" service "v1". + // + // ```yaml + // apiVersion: networking.istio.io/v1beta1 + // kind: VirtualService + // metadata: + // name: ratings-route + // spec: + // hosts: + // - ratings.prod.svc.cluster.local + // http: + // - route: + // - destination: + // host: ratings.prod.svc.cluster.local + // subset: v1 + // fault: + // abort: + // percentage: + // value: 0.1 + // httpStatus: 400 + // ``` + // + // The _httpStatus_ field is used to indicate the HTTP status code to + // return to the caller. The optional _percentage_ field can be used to only + // abort a certain percentage of requests. If not specified, no request will be + // aborted. + message Abort { + reserved 1; + reserved "percent"; + + oneof error_type { + // HTTP status code to use to abort the Http request. + int32 http_status = 2; + + // GRPC status code to use to abort the request. The supported + // codes are documented in https://github.com/grpc/grpc/blob/master/doc/statuscodes.md + // Note: If you want to return the status "Unavailable", then you should + // specify the code as `UNAVAILABLE`(all caps), but not `14`. + string grpc_status = 3; + + // $hide_from_docs + string http2_error = 4; + } + + // Percentage of requests to be aborted with the error code provided. + // If not specified, no request will be aborted. + Percent percentage = 5; + } +} + +// HTTPMirrorPolicy can be used to specify the destinations to mirror HTTP traffic in addition +// to the original destination. Mirrored traffic is on a +// best effort basis where the sidecar/gateway will not wait for the +// mirrored destinations to respond before returning the response from the +// original destination. Statistics will be generated for the mirrored +// destination. +message HTTPMirrorPolicy { + // Destination specifies the target of the mirror operation. + Destination destination = 1 [(google.api.field_behavior) = REQUIRED]; + + // Percentage of the traffic to be mirrored by the `destination` field. + // If this field is absent, all the traffic (100%) will be mirrored. + // Max value is 100. + Percent percentage = 2; +} + +// PortSelector specifies the number of a port to be used for +// matching or selection for final routing. +message PortSelector { + // Valid port number + uint32 number = 1; + + reserved 2; + reserved "name"; +} + +// Percent specifies a percentage in the range of [0.0, 100.0]. +message Percent { + double value = 1; +} diff --git a/networking/v1/virtual_service_deepcopy.gen.go b/networking/v1/virtual_service_deepcopy.gen.go new file mode 100644 index 00000000..470c80f5 --- /dev/null +++ b/networking/v1/virtual_service_deepcopy.gen.go @@ -0,0 +1,573 @@ +// Code generated by protoc-gen-deepcopy. DO NOT EDIT. +package v1 + +import ( + proto "google.golang.org/protobuf/proto" +) + +// DeepCopyInto supports using VirtualService within kubernetes types, where deepcopy-gen is used. +func (in *VirtualService) DeepCopyInto(out *VirtualService) { + p := proto.Clone(in).(*VirtualService) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VirtualService. Required by controller-gen. +func (in *VirtualService) DeepCopy() *VirtualService { + if in == nil { + return nil + } + out := new(VirtualService) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new VirtualService. Required by controller-gen. +func (in *VirtualService) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using Destination within kubernetes types, where deepcopy-gen is used. +func (in *Destination) DeepCopyInto(out *Destination) { + p := proto.Clone(in).(*Destination) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Destination. Required by controller-gen. +func (in *Destination) DeepCopy() *Destination { + if in == nil { + return nil + } + out := new(Destination) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Destination. Required by controller-gen. +func (in *Destination) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using HTTPRoute within kubernetes types, where deepcopy-gen is used. +func (in *HTTPRoute) DeepCopyInto(out *HTTPRoute) { + p := proto.Clone(in).(*HTTPRoute) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRoute. Required by controller-gen. +func (in *HTTPRoute) DeepCopy() *HTTPRoute { + if in == nil { + return nil + } + out := new(HTTPRoute) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRoute. Required by controller-gen. +func (in *HTTPRoute) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using Delegate within kubernetes types, where deepcopy-gen is used. +func (in *Delegate) DeepCopyInto(out *Delegate) { + p := proto.Clone(in).(*Delegate) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Delegate. Required by controller-gen. +func (in *Delegate) DeepCopy() *Delegate { + if in == nil { + return nil + } + out := new(Delegate) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Delegate. Required by controller-gen. +func (in *Delegate) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using Headers within kubernetes types, where deepcopy-gen is used. +func (in *Headers) DeepCopyInto(out *Headers) { + p := proto.Clone(in).(*Headers) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Headers. Required by controller-gen. +func (in *Headers) DeepCopy() *Headers { + if in == nil { + return nil + } + out := new(Headers) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Headers. Required by controller-gen. +func (in *Headers) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using Headers_HeaderOperations within kubernetes types, where deepcopy-gen is used. +func (in *Headers_HeaderOperations) DeepCopyInto(out *Headers_HeaderOperations) { + p := proto.Clone(in).(*Headers_HeaderOperations) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Headers_HeaderOperations. Required by controller-gen. +func (in *Headers_HeaderOperations) DeepCopy() *Headers_HeaderOperations { + if in == nil { + return nil + } + out := new(Headers_HeaderOperations) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Headers_HeaderOperations. Required by controller-gen. +func (in *Headers_HeaderOperations) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using TLSRoute within kubernetes types, where deepcopy-gen is used. +func (in *TLSRoute) DeepCopyInto(out *TLSRoute) { + p := proto.Clone(in).(*TLSRoute) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSRoute. Required by controller-gen. +func (in *TLSRoute) DeepCopy() *TLSRoute { + if in == nil { + return nil + } + out := new(TLSRoute) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new TLSRoute. Required by controller-gen. +func (in *TLSRoute) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using TCPRoute within kubernetes types, where deepcopy-gen is used. +func (in *TCPRoute) DeepCopyInto(out *TCPRoute) { + p := proto.Clone(in).(*TCPRoute) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPRoute. Required by controller-gen. +func (in *TCPRoute) DeepCopy() *TCPRoute { + if in == nil { + return nil + } + out := new(TCPRoute) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new TCPRoute. Required by controller-gen. +func (in *TCPRoute) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using HTTPMatchRequest within kubernetes types, where deepcopy-gen is used. +func (in *HTTPMatchRequest) DeepCopyInto(out *HTTPMatchRequest) { + p := proto.Clone(in).(*HTTPMatchRequest) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPMatchRequest. Required by controller-gen. +func (in *HTTPMatchRequest) DeepCopy() *HTTPMatchRequest { + if in == nil { + return nil + } + out := new(HTTPMatchRequest) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPMatchRequest. Required by controller-gen. +func (in *HTTPMatchRequest) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using HTTPRouteDestination within kubernetes types, where deepcopy-gen is used. +func (in *HTTPRouteDestination) DeepCopyInto(out *HTTPRouteDestination) { + p := proto.Clone(in).(*HTTPRouteDestination) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRouteDestination. Required by controller-gen. +func (in *HTTPRouteDestination) DeepCopy() *HTTPRouteDestination { + if in == nil { + return nil + } + out := new(HTTPRouteDestination) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRouteDestination. Required by controller-gen. +func (in *HTTPRouteDestination) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using RouteDestination within kubernetes types, where deepcopy-gen is used. +func (in *RouteDestination) DeepCopyInto(out *RouteDestination) { + p := proto.Clone(in).(*RouteDestination) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteDestination. Required by controller-gen. +func (in *RouteDestination) DeepCopy() *RouteDestination { + if in == nil { + return nil + } + out := new(RouteDestination) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new RouteDestination. Required by controller-gen. +func (in *RouteDestination) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using L4MatchAttributes within kubernetes types, where deepcopy-gen is used. +func (in *L4MatchAttributes) DeepCopyInto(out *L4MatchAttributes) { + p := proto.Clone(in).(*L4MatchAttributes) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new L4MatchAttributes. Required by controller-gen. +func (in *L4MatchAttributes) DeepCopy() *L4MatchAttributes { + if in == nil { + return nil + } + out := new(L4MatchAttributes) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new L4MatchAttributes. Required by controller-gen. +func (in *L4MatchAttributes) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using TLSMatchAttributes within kubernetes types, where deepcopy-gen is used. +func (in *TLSMatchAttributes) DeepCopyInto(out *TLSMatchAttributes) { + p := proto.Clone(in).(*TLSMatchAttributes) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSMatchAttributes. Required by controller-gen. +func (in *TLSMatchAttributes) DeepCopy() *TLSMatchAttributes { + if in == nil { + return nil + } + out := new(TLSMatchAttributes) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new TLSMatchAttributes. Required by controller-gen. +func (in *TLSMatchAttributes) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using HTTPRedirect within kubernetes types, where deepcopy-gen is used. +func (in *HTTPRedirect) DeepCopyInto(out *HTTPRedirect) { + p := proto.Clone(in).(*HTTPRedirect) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRedirect. Required by controller-gen. +func (in *HTTPRedirect) DeepCopy() *HTTPRedirect { + if in == nil { + return nil + } + out := new(HTTPRedirect) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRedirect. Required by controller-gen. +func (in *HTTPRedirect) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using HTTPDirectResponse within kubernetes types, where deepcopy-gen is used. +func (in *HTTPDirectResponse) DeepCopyInto(out *HTTPDirectResponse) { + p := proto.Clone(in).(*HTTPDirectResponse) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPDirectResponse. Required by controller-gen. +func (in *HTTPDirectResponse) DeepCopy() *HTTPDirectResponse { + if in == nil { + return nil + } + out := new(HTTPDirectResponse) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPDirectResponse. Required by controller-gen. +func (in *HTTPDirectResponse) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using HTTPBody within kubernetes types, where deepcopy-gen is used. +func (in *HTTPBody) DeepCopyInto(out *HTTPBody) { + p := proto.Clone(in).(*HTTPBody) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPBody. Required by controller-gen. +func (in *HTTPBody) DeepCopy() *HTTPBody { + if in == nil { + return nil + } + out := new(HTTPBody) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPBody. Required by controller-gen. +func (in *HTTPBody) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using HTTPRewrite within kubernetes types, where deepcopy-gen is used. +func (in *HTTPRewrite) DeepCopyInto(out *HTTPRewrite) { + p := proto.Clone(in).(*HTTPRewrite) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRewrite. Required by controller-gen. +func (in *HTTPRewrite) DeepCopy() *HTTPRewrite { + if in == nil { + return nil + } + out := new(HTTPRewrite) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRewrite. Required by controller-gen. +func (in *HTTPRewrite) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using RegexRewrite within kubernetes types, where deepcopy-gen is used. +func (in *RegexRewrite) DeepCopyInto(out *RegexRewrite) { + p := proto.Clone(in).(*RegexRewrite) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegexRewrite. Required by controller-gen. +func (in *RegexRewrite) DeepCopy() *RegexRewrite { + if in == nil { + return nil + } + out := new(RegexRewrite) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new RegexRewrite. Required by controller-gen. +func (in *RegexRewrite) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using StringMatch within kubernetes types, where deepcopy-gen is used. +func (in *StringMatch) DeepCopyInto(out *StringMatch) { + p := proto.Clone(in).(*StringMatch) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StringMatch. Required by controller-gen. +func (in *StringMatch) DeepCopy() *StringMatch { + if in == nil { + return nil + } + out := new(StringMatch) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new StringMatch. Required by controller-gen. +func (in *StringMatch) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using HTTPRetry within kubernetes types, where deepcopy-gen is used. +func (in *HTTPRetry) DeepCopyInto(out *HTTPRetry) { + p := proto.Clone(in).(*HTTPRetry) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRetry. Required by controller-gen. +func (in *HTTPRetry) DeepCopy() *HTTPRetry { + if in == nil { + return nil + } + out := new(HTTPRetry) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRetry. Required by controller-gen. +func (in *HTTPRetry) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using CorsPolicy within kubernetes types, where deepcopy-gen is used. +func (in *CorsPolicy) DeepCopyInto(out *CorsPolicy) { + p := proto.Clone(in).(*CorsPolicy) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CorsPolicy. Required by controller-gen. +func (in *CorsPolicy) DeepCopy() *CorsPolicy { + if in == nil { + return nil + } + out := new(CorsPolicy) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new CorsPolicy. Required by controller-gen. +func (in *CorsPolicy) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using HTTPFaultInjection within kubernetes types, where deepcopy-gen is used. +func (in *HTTPFaultInjection) DeepCopyInto(out *HTTPFaultInjection) { + p := proto.Clone(in).(*HTTPFaultInjection) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPFaultInjection. Required by controller-gen. +func (in *HTTPFaultInjection) DeepCopy() *HTTPFaultInjection { + if in == nil { + return nil + } + out := new(HTTPFaultInjection) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPFaultInjection. Required by controller-gen. +func (in *HTTPFaultInjection) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using HTTPFaultInjection_Delay within kubernetes types, where deepcopy-gen is used. +func (in *HTTPFaultInjection_Delay) DeepCopyInto(out *HTTPFaultInjection_Delay) { + p := proto.Clone(in).(*HTTPFaultInjection_Delay) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPFaultInjection_Delay. Required by controller-gen. +func (in *HTTPFaultInjection_Delay) DeepCopy() *HTTPFaultInjection_Delay { + if in == nil { + return nil + } + out := new(HTTPFaultInjection_Delay) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPFaultInjection_Delay. Required by controller-gen. +func (in *HTTPFaultInjection_Delay) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using HTTPFaultInjection_Abort within kubernetes types, where deepcopy-gen is used. +func (in *HTTPFaultInjection_Abort) DeepCopyInto(out *HTTPFaultInjection_Abort) { + p := proto.Clone(in).(*HTTPFaultInjection_Abort) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPFaultInjection_Abort. Required by controller-gen. +func (in *HTTPFaultInjection_Abort) DeepCopy() *HTTPFaultInjection_Abort { + if in == nil { + return nil + } + out := new(HTTPFaultInjection_Abort) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPFaultInjection_Abort. Required by controller-gen. +func (in *HTTPFaultInjection_Abort) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using HTTPMirrorPolicy within kubernetes types, where deepcopy-gen is used. +func (in *HTTPMirrorPolicy) DeepCopyInto(out *HTTPMirrorPolicy) { + p := proto.Clone(in).(*HTTPMirrorPolicy) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPMirrorPolicy. Required by controller-gen. +func (in *HTTPMirrorPolicy) DeepCopy() *HTTPMirrorPolicy { + if in == nil { + return nil + } + out := new(HTTPMirrorPolicy) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPMirrorPolicy. Required by controller-gen. +func (in *HTTPMirrorPolicy) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using PortSelector within kubernetes types, where deepcopy-gen is used. +func (in *PortSelector) DeepCopyInto(out *PortSelector) { + p := proto.Clone(in).(*PortSelector) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PortSelector. Required by controller-gen. +func (in *PortSelector) DeepCopy() *PortSelector { + if in == nil { + return nil + } + out := new(PortSelector) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new PortSelector. Required by controller-gen. +func (in *PortSelector) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using Percent within kubernetes types, where deepcopy-gen is used. +func (in *Percent) DeepCopyInto(out *Percent) { + p := proto.Clone(in).(*Percent) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Percent. Required by controller-gen. +func (in *Percent) DeepCopy() *Percent { + if in == nil { + return nil + } + out := new(Percent) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Percent. Required by controller-gen. +func (in *Percent) DeepCopyInterface() interface{} { + return in.DeepCopy() +} diff --git a/networking/v1/virtual_service_json.gen.go b/networking/v1/virtual_service_json.gen.go new file mode 100644 index 00000000..35c8f0ef --- /dev/null +++ b/networking/v1/virtual_service_json.gen.go @@ -0,0 +1,309 @@ +// Code generated by protoc-gen-jsonshim. DO NOT EDIT. +package v1 + +import ( + bytes "bytes" + jsonpb "github.com/golang/protobuf/jsonpb" +) + +// MarshalJSON is a custom marshaler for VirtualService +func (this *VirtualService) MarshalJSON() ([]byte, error) { + str, err := VirtualServiceMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for VirtualService +func (this *VirtualService) UnmarshalJSON(b []byte) error { + return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for Destination +func (this *Destination) MarshalJSON() ([]byte, error) { + str, err := VirtualServiceMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for Destination +func (this *Destination) UnmarshalJSON(b []byte) error { + return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for HTTPRoute +func (this *HTTPRoute) MarshalJSON() ([]byte, error) { + str, err := VirtualServiceMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for HTTPRoute +func (this *HTTPRoute) UnmarshalJSON(b []byte) error { + return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for Delegate +func (this *Delegate) MarshalJSON() ([]byte, error) { + str, err := VirtualServiceMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for Delegate +func (this *Delegate) UnmarshalJSON(b []byte) error { + return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for Headers +func (this *Headers) MarshalJSON() ([]byte, error) { + str, err := VirtualServiceMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for Headers +func (this *Headers) UnmarshalJSON(b []byte) error { + return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for Headers_HeaderOperations +func (this *Headers_HeaderOperations) MarshalJSON() ([]byte, error) { + str, err := VirtualServiceMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for Headers_HeaderOperations +func (this *Headers_HeaderOperations) UnmarshalJSON(b []byte) error { + return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for TLSRoute +func (this *TLSRoute) MarshalJSON() ([]byte, error) { + str, err := VirtualServiceMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for TLSRoute +func (this *TLSRoute) UnmarshalJSON(b []byte) error { + return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for TCPRoute +func (this *TCPRoute) MarshalJSON() ([]byte, error) { + str, err := VirtualServiceMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for TCPRoute +func (this *TCPRoute) UnmarshalJSON(b []byte) error { + return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for HTTPMatchRequest +func (this *HTTPMatchRequest) MarshalJSON() ([]byte, error) { + str, err := VirtualServiceMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for HTTPMatchRequest +func (this *HTTPMatchRequest) UnmarshalJSON(b []byte) error { + return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for HTTPRouteDestination +func (this *HTTPRouteDestination) MarshalJSON() ([]byte, error) { + str, err := VirtualServiceMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for HTTPRouteDestination +func (this *HTTPRouteDestination) UnmarshalJSON(b []byte) error { + return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for RouteDestination +func (this *RouteDestination) MarshalJSON() ([]byte, error) { + str, err := VirtualServiceMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for RouteDestination +func (this *RouteDestination) UnmarshalJSON(b []byte) error { + return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for L4MatchAttributes +func (this *L4MatchAttributes) MarshalJSON() ([]byte, error) { + str, err := VirtualServiceMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for L4MatchAttributes +func (this *L4MatchAttributes) UnmarshalJSON(b []byte) error { + return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for TLSMatchAttributes +func (this *TLSMatchAttributes) MarshalJSON() ([]byte, error) { + str, err := VirtualServiceMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for TLSMatchAttributes +func (this *TLSMatchAttributes) UnmarshalJSON(b []byte) error { + return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for HTTPRedirect +func (this *HTTPRedirect) MarshalJSON() ([]byte, error) { + str, err := VirtualServiceMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for HTTPRedirect +func (this *HTTPRedirect) UnmarshalJSON(b []byte) error { + return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for HTTPDirectResponse +func (this *HTTPDirectResponse) MarshalJSON() ([]byte, error) { + str, err := VirtualServiceMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for HTTPDirectResponse +func (this *HTTPDirectResponse) UnmarshalJSON(b []byte) error { + return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for HTTPBody +func (this *HTTPBody) MarshalJSON() ([]byte, error) { + str, err := VirtualServiceMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for HTTPBody +func (this *HTTPBody) UnmarshalJSON(b []byte) error { + return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for HTTPRewrite +func (this *HTTPRewrite) MarshalJSON() ([]byte, error) { + str, err := VirtualServiceMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for HTTPRewrite +func (this *HTTPRewrite) UnmarshalJSON(b []byte) error { + return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for RegexRewrite +func (this *RegexRewrite) MarshalJSON() ([]byte, error) { + str, err := VirtualServiceMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for RegexRewrite +func (this *RegexRewrite) UnmarshalJSON(b []byte) error { + return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for StringMatch +func (this *StringMatch) MarshalJSON() ([]byte, error) { + str, err := VirtualServiceMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for StringMatch +func (this *StringMatch) UnmarshalJSON(b []byte) error { + return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for HTTPRetry +func (this *HTTPRetry) MarshalJSON() ([]byte, error) { + str, err := VirtualServiceMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for HTTPRetry +func (this *HTTPRetry) UnmarshalJSON(b []byte) error { + return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for CorsPolicy +func (this *CorsPolicy) MarshalJSON() ([]byte, error) { + str, err := VirtualServiceMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for CorsPolicy +func (this *CorsPolicy) UnmarshalJSON(b []byte) error { + return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for HTTPFaultInjection +func (this *HTTPFaultInjection) MarshalJSON() ([]byte, error) { + str, err := VirtualServiceMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for HTTPFaultInjection +func (this *HTTPFaultInjection) UnmarshalJSON(b []byte) error { + return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for HTTPFaultInjection_Delay +func (this *HTTPFaultInjection_Delay) MarshalJSON() ([]byte, error) { + str, err := VirtualServiceMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for HTTPFaultInjection_Delay +func (this *HTTPFaultInjection_Delay) UnmarshalJSON(b []byte) error { + return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for HTTPFaultInjection_Abort +func (this *HTTPFaultInjection_Abort) MarshalJSON() ([]byte, error) { + str, err := VirtualServiceMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for HTTPFaultInjection_Abort +func (this *HTTPFaultInjection_Abort) UnmarshalJSON(b []byte) error { + return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for HTTPMirrorPolicy +func (this *HTTPMirrorPolicy) MarshalJSON() ([]byte, error) { + str, err := VirtualServiceMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for HTTPMirrorPolicy +func (this *HTTPMirrorPolicy) UnmarshalJSON(b []byte) error { + return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for PortSelector +func (this *PortSelector) MarshalJSON() ([]byte, error) { + str, err := VirtualServiceMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for PortSelector +func (this *PortSelector) UnmarshalJSON(b []byte) error { + return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for Percent +func (this *Percent) MarshalJSON() ([]byte, error) { + str, err := VirtualServiceMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for Percent +func (this *Percent) UnmarshalJSON(b []byte) error { + return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +var ( + VirtualServiceMarshaler = &jsonpb.Marshaler{} + VirtualServiceUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} +) diff --git a/networking/v1/workload_entry.pb.go b/networking/v1/workload_entry.pb.go new file mode 100644 index 00000000..209e35fc --- /dev/null +++ b/networking/v1/workload_entry.pb.go @@ -0,0 +1,447 @@ +// Copyright 2020 Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.33.0 +// protoc (unknown) +// source: networking/v1/workload_entry.proto + +// $schema: istio.networking.v1.WorkloadEntry +// $title: Workload Entry +// $description: Configuration affecting VMs onboarded into the mesh. +// $location: https://istio.io/docs/reference/config/networking/workload-entry.html +// $aliases: [/docs/reference/config/networking/v1/workload-entry] +// $mode: none + +// `WorkloadEntry` enables operators to describe the properties of a +// single non-Kubernetes workload such as a VM or a bare metal server +// as it is onboarded into the mesh. A `WorkloadEntry` must be +// accompanied by an Istio `ServiceEntry` that selects the workload +// through the appropriate labels and provides the service definition +// for a `MESH_INTERNAL` service (hostnames, port properties, etc.). A +// `ServiceEntry` object can select multiple workload entries as well +// as Kubernetes pods based on the label selector specified in the +// service entry. +// +// When a workload connects to `istiod`, the status field in the +// custom resource will be updated to indicate the health of the +// workload along with other details, similar to how Kubernetes +// updates the status of a pod. +// +// The following example declares a workload entry representing a VM +// for the `details.bookinfo.com` service. This VM has sidecar +// installed and bootstrapped using the `details-legacy` service +// account. The service is exposed on port 80 to applications in the +// mesh. The HTTP traffic to this service is wrapped in Istio mutual +// TLS and sent to sidecars on VMs on target port 8080, that in turn +// forward it to the application on localhost on the same port. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: WorkloadEntry +// metadata: +// name: details-svc +// spec: +// # use of the service account indicates that the workload has a +// # sidecar proxy bootstrapped with this service account. Pods with +// # sidecars will automatically communicate with the workload using +// # istio mutual TLS. +// serviceAccount: details-legacy +// address: 2.2.2.2 +// labels: +// app: details-legacy +// instance-id: vm1 +// ``` +// +// and the associated service entry +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: ServiceEntry +// metadata: +// name: details-svc +// spec: +// hosts: +// - details.bookinfo.com +// location: MESH_INTERNAL +// ports: +// - number: 80 +// name: http +// protocol: HTTP +// targetPort: 8080 +// resolution: STATIC +// workloadSelector: +// labels: +// app: details-legacy +// ``` +// +// +// The following example declares the same VM workload using +// its fully qualified DNS name. The service entry's resolution +// mode should be changed to DNS to indicate that the client-side +// sidecars should dynamically resolve the DNS name at runtime before +// forwarding the request. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: WorkloadEntry +// metadata: +// name: details-svc +// spec: +// # use of the service account indicates that the workload has a +// # sidecar proxy bootstrapped with this service account. Pods with +// # sidecars will automatically communicate with the workload using +// # istio mutual TLS. +// serviceAccount: details-legacy +// address: vm1.vpc01.corp.net +// labels: +// app: details-legacy +// instance-id: vm1 +// ``` +// +// and the associated service entry +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: ServiceEntry +// metadata: +// name: details-svc +// spec: +// hosts: +// - details.bookinfo.com +// location: MESH_INTERNAL +// ports: +// - number: 80 +// name: http +// protocol: HTTP +// targetPort: 8080 +// resolution: DNS +// workloadSelector: +// labels: +// app: details-legacy +// ``` +// +// The following example declares a VM workload without an address. +// An alternative to having istiod read from remote API servers is +// to write a `WorkloadEntry` in the local cluster that represents +// the Workload(s) in the remote network with the given labels. A +// single `WorkloadEntry` with weights represent the aggregate of all +// the actual workloads in a given remote network. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: WorkloadEntry +// metadata: +// name: foo-workloads-cluster-2 +// spec: +// serviceAccount: foo +// network: cluster-2-network +// labels: +// app: foo +// ``` + +package v1 + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// WorkloadEntry enables specifying the properties of a single non-Kubernetes workload such a VM or a bare metal services that can be referred to by service entries. +// +// +// +// +// +type WorkloadEntry struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Address associated with the network endpoint without the + // port. Domain names can be used if and only if the resolution is set + // to DNS, and must be fully-qualified without wildcards. Use the form + // unix:///absolute/path/to/socket for Unix domain socket endpoints. + // If address is empty, network must be specified. + Address string `protobuf:"bytes,1,opt,name=address,proto3" json:"address,omitempty"` + // Set of ports associated with the endpoint. If the port map is + // specified, it must be a map of servicePortName to this endpoint's + // port, such that traffic to the service port will be forwarded to + // the endpoint port that maps to the service's portName. If + // omitted, and the targetPort is specified as part of the service's + // port specification, traffic to the service port will be forwarded + // to one of the endpoints on the specified `targetPort`. If both + // the targetPort and endpoint's port map are not specified, traffic + // to a service port will be forwarded to one of the endpoints on + // the same port. + // + // **NOTE 1:** Do not use for `unix://` addresses. + // + // **NOTE 2:** endpoint port map takes precedence over targetPort. + Ports map[string]uint32 `protobuf:"bytes,2,rep,name=ports,proto3" json:"ports,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"varint,2,opt,name=value,proto3"` + // One or more labels associated with the endpoint. + Labels map[string]string `protobuf:"bytes,3,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + // Network enables Istio to group endpoints resident in the same L3 + // domain/network. All endpoints in the same network are assumed to be + // directly reachable from one another. When endpoints in different + // networks cannot reach each other directly, an Istio Gateway can be + // used to establish connectivity (usually using the + // `AUTO_PASSTHROUGH` mode in a Gateway Server). This is + // an advanced configuration used typically for spanning an Istio mesh + // over multiple clusters. Required if address is not provided. + Network string `protobuf:"bytes,4,opt,name=network,proto3" json:"network,omitempty"` + // The locality associated with the endpoint. A locality corresponds + // to a failure domain (e.g., country/region/zone). Arbitrary failure + // domain hierarchies can be represented by separating each + // encapsulating failure domain by /. For example, the locality of an + // an endpoint in US, in US-East-1 region, within availability zone + // az-1, in data center rack r11 can be represented as + // us/us-east-1/az-1/r11. Istio will configure the sidecar to route to + // endpoints within the same locality as the sidecar. If none of the + // endpoints in the locality are available, endpoints parent locality + // (but within the same network ID) will be chosen. For example, if + // there are two endpoints in same network (networkID "n1"), say e1 + // with locality us/us-east-1/az-1/r11 and e2 with locality + // us/us-east-1/az-2/r12, a sidecar from us/us-east-1/az-1/r11 locality + // will prefer e1 from the same locality over e2 from a different + // locality. Endpoint e2 could be the IP associated with a gateway + // (that bridges networks n1 and n2), or the IP associated with a + // standard service endpoint. + Locality string `protobuf:"bytes,5,opt,name=locality,proto3" json:"locality,omitempty"` + // The load balancing weight associated with the endpoint. Endpoints + // with higher weights will receive proportionally higher traffic. + Weight uint32 `protobuf:"varint,6,opt,name=weight,proto3" json:"weight,omitempty"` + // The service account associated with the workload if a sidecar + // is present in the workload. The service account must be present + // in the same namespace as the configuration ( WorkloadEntry or a + // ServiceEntry) + ServiceAccount string `protobuf:"bytes,7,opt,name=service_account,json=serviceAccount,proto3" json:"service_account,omitempty"` +} + +func (x *WorkloadEntry) Reset() { + *x = WorkloadEntry{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_workload_entry_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *WorkloadEntry) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*WorkloadEntry) ProtoMessage() {} + +func (x *WorkloadEntry) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_workload_entry_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use WorkloadEntry.ProtoReflect.Descriptor instead. +func (*WorkloadEntry) Descriptor() ([]byte, []int) { + return file_networking_v1_workload_entry_proto_rawDescGZIP(), []int{0} +} + +func (x *WorkloadEntry) GetAddress() string { + if x != nil { + return x.Address + } + return "" +} + +func (x *WorkloadEntry) GetPorts() map[string]uint32 { + if x != nil { + return x.Ports + } + return nil +} + +func (x *WorkloadEntry) GetLabels() map[string]string { + if x != nil { + return x.Labels + } + return nil +} + +func (x *WorkloadEntry) GetNetwork() string { + if x != nil { + return x.Network + } + return "" +} + +func (x *WorkloadEntry) GetLocality() string { + if x != nil { + return x.Locality + } + return "" +} + +func (x *WorkloadEntry) GetWeight() uint32 { + if x != nil { + return x.Weight + } + return 0 +} + +func (x *WorkloadEntry) GetServiceAccount() string { + if x != nil { + return x.ServiceAccount + } + return "" +} + +var File_networking_v1_workload_entry_proto protoreflect.FileDescriptor + +var file_networking_v1_workload_entry_proto_rawDesc = []byte{ + 0x0a, 0x22, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x2f, + 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x13, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, + 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x22, 0xa2, 0x03, 0x0a, 0x0d, 0x57, 0x6f, + 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x18, 0x0a, 0x07, 0x61, + 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x61, 0x64, + 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x43, 0x0a, 0x05, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, 0x02, + 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, + 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, + 0x6f, 0x61, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x50, 0x6f, 0x72, 0x74, 0x73, 0x45, 0x6e, + 0x74, 0x72, 0x79, 0x52, 0x05, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x12, 0x46, 0x0a, 0x06, 0x6c, 0x61, + 0x62, 0x65, 0x6c, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x69, 0x73, 0x74, + 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, + 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4c, + 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x6c, 0x61, 0x62, 0x65, + 0x6c, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x18, 0x04, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x07, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x12, 0x1a, 0x0a, 0x08, + 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, + 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x12, 0x16, 0x0a, 0x06, 0x77, 0x65, 0x69, 0x67, + 0x68, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, + 0x12, 0x27, 0x0a, 0x0f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x61, 0x63, 0x63, 0x6f, + 0x75, 0x6e, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x73, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x1a, 0x38, 0x0a, 0x0a, 0x50, 0x6f, 0x72, + 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, + 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, + 0x02, 0x38, 0x01, 0x1a, 0x39, 0x0a, 0x0b, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, + 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x42, 0x1c, + 0x5a, 0x1a, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6e, + 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_networking_v1_workload_entry_proto_rawDescOnce sync.Once + file_networking_v1_workload_entry_proto_rawDescData = file_networking_v1_workload_entry_proto_rawDesc +) + +func file_networking_v1_workload_entry_proto_rawDescGZIP() []byte { + file_networking_v1_workload_entry_proto_rawDescOnce.Do(func() { + file_networking_v1_workload_entry_proto_rawDescData = protoimpl.X.CompressGZIP(file_networking_v1_workload_entry_proto_rawDescData) + }) + return file_networking_v1_workload_entry_proto_rawDescData +} + +var file_networking_v1_workload_entry_proto_msgTypes = make([]protoimpl.MessageInfo, 3) +var file_networking_v1_workload_entry_proto_goTypes = []interface{}{ + (*WorkloadEntry)(nil), // 0: istio.networking.v1.WorkloadEntry + nil, // 1: istio.networking.v1.WorkloadEntry.PortsEntry + nil, // 2: istio.networking.v1.WorkloadEntry.LabelsEntry +} +var file_networking_v1_workload_entry_proto_depIdxs = []int32{ + 1, // 0: istio.networking.v1.WorkloadEntry.ports:type_name -> istio.networking.v1.WorkloadEntry.PortsEntry + 2, // 1: istio.networking.v1.WorkloadEntry.labels:type_name -> istio.networking.v1.WorkloadEntry.LabelsEntry + 2, // [2:2] is the sub-list for method output_type + 2, // [2:2] is the sub-list for method input_type + 2, // [2:2] is the sub-list for extension type_name + 2, // [2:2] is the sub-list for extension extendee + 0, // [0:2] is the sub-list for field type_name +} + +func init() { file_networking_v1_workload_entry_proto_init() } +func file_networking_v1_workload_entry_proto_init() { + if File_networking_v1_workload_entry_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_networking_v1_workload_entry_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*WorkloadEntry); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_networking_v1_workload_entry_proto_rawDesc, + NumEnums: 0, + NumMessages: 3, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_networking_v1_workload_entry_proto_goTypes, + DependencyIndexes: file_networking_v1_workload_entry_proto_depIdxs, + MessageInfos: file_networking_v1_workload_entry_proto_msgTypes, + }.Build() + File_networking_v1_workload_entry_proto = out.File + file_networking_v1_workload_entry_proto_rawDesc = nil + file_networking_v1_workload_entry_proto_goTypes = nil + file_networking_v1_workload_entry_proto_depIdxs = nil +} diff --git a/networking/v1/workload_entry.proto b/networking/v1/workload_entry.proto new file mode 100644 index 00000000..bbaf98e7 --- /dev/null +++ b/networking/v1/workload_entry.proto @@ -0,0 +1,246 @@ +// Copyright 2020 Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +// $schema: istio.networking.v1.WorkloadEntry +// $title: Workload Entry +// $description: Configuration affecting VMs onboarded into the mesh. +// $location: https://istio.io/docs/reference/config/networking/workload-entry.html +// $aliases: [/docs/reference/config/networking/v1/workload-entry] +// $mode: none + +// `WorkloadEntry` enables operators to describe the properties of a +// single non-Kubernetes workload such as a VM or a bare metal server +// as it is onboarded into the mesh. A `WorkloadEntry` must be +// accompanied by an Istio `ServiceEntry` that selects the workload +// through the appropriate labels and provides the service definition +// for a `MESH_INTERNAL` service (hostnames, port properties, etc.). A +// `ServiceEntry` object can select multiple workload entries as well +// as Kubernetes pods based on the label selector specified in the +// service entry. +// +// When a workload connects to `istiod`, the status field in the +// custom resource will be updated to indicate the health of the +// workload along with other details, similar to how Kubernetes +// updates the status of a pod. +// +// The following example declares a workload entry representing a VM +// for the `details.bookinfo.com` service. This VM has sidecar +// installed and bootstrapped using the `details-legacy` service +// account. The service is exposed on port 80 to applications in the +// mesh. The HTTP traffic to this service is wrapped in Istio mutual +// TLS and sent to sidecars on VMs on target port 8080, that in turn +// forward it to the application on localhost on the same port. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: WorkloadEntry +// metadata: +// name: details-svc +// spec: +// # use of the service account indicates that the workload has a +// # sidecar proxy bootstrapped with this service account. Pods with +// # sidecars will automatically communicate with the workload using +// # istio mutual TLS. +// serviceAccount: details-legacy +// address: 2.2.2.2 +// labels: +// app: details-legacy +// instance-id: vm1 +// ``` +// +// and the associated service entry +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: ServiceEntry +// metadata: +// name: details-svc +// spec: +// hosts: +// - details.bookinfo.com +// location: MESH_INTERNAL +// ports: +// - number: 80 +// name: http +// protocol: HTTP +// targetPort: 8080 +// resolution: STATIC +// workloadSelector: +// labels: +// app: details-legacy +// ``` +// +// +// The following example declares the same VM workload using +// its fully qualified DNS name. The service entry's resolution +// mode should be changed to DNS to indicate that the client-side +// sidecars should dynamically resolve the DNS name at runtime before +// forwarding the request. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: WorkloadEntry +// metadata: +// name: details-svc +// spec: +// # use of the service account indicates that the workload has a +// # sidecar proxy bootstrapped with this service account. Pods with +// # sidecars will automatically communicate with the workload using +// # istio mutual TLS. +// serviceAccount: details-legacy +// address: vm1.vpc01.corp.net +// labels: +// app: details-legacy +// instance-id: vm1 +// ``` +// +// and the associated service entry +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: ServiceEntry +// metadata: +// name: details-svc +// spec: +// hosts: +// - details.bookinfo.com +// location: MESH_INTERNAL +// ports: +// - number: 80 +// name: http +// protocol: HTTP +// targetPort: 8080 +// resolution: DNS +// workloadSelector: +// labels: +// app: details-legacy +// ``` +// +// The following example declares a VM workload without an address. +// An alternative to having istiod read from remote API servers is +// to write a `WorkloadEntry` in the local cluster that represents +// the Workload(s) in the remote network with the given labels. A +// single `WorkloadEntry` with weights represent the aggregate of all +// the actual workloads in a given remote network. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: WorkloadEntry +// metadata: +// name: foo-workloads-cluster-2 +// spec: +// serviceAccount: foo +// network: cluster-2-network +// labels: +// app: foo +// ``` +package istio.networking.v1; + +option go_package = "istio.io/api/networking/v1"; + +// WorkloadEntry enables specifying the properties of a single non-Kubernetes workload such a VM or a bare metal services that can be referred to by service entries. +// +// +// +// +// +message WorkloadEntry { + // Address associated with the network endpoint without the + // port. Domain names can be used if and only if the resolution is set + // to DNS, and must be fully-qualified without wildcards. Use the form + // unix:///absolute/path/to/socket for Unix domain socket endpoints. + // If address is empty, network must be specified. + string address = 1; + + // Set of ports associated with the endpoint. If the port map is + // specified, it must be a map of servicePortName to this endpoint's + // port, such that traffic to the service port will be forwarded to + // the endpoint port that maps to the service's portName. If + // omitted, and the targetPort is specified as part of the service's + // port specification, traffic to the service port will be forwarded + // to one of the endpoints on the specified `targetPort`. If both + // the targetPort and endpoint's port map are not specified, traffic + // to a service port will be forwarded to one of the endpoints on + // the same port. + // + // **NOTE 1:** Do not use for `unix://` addresses. + // + // **NOTE 2:** endpoint port map takes precedence over targetPort. + map ports = 2; + + // One or more labels associated with the endpoint. + map labels = 3; + + // Network enables Istio to group endpoints resident in the same L3 + // domain/network. All endpoints in the same network are assumed to be + // directly reachable from one another. When endpoints in different + // networks cannot reach each other directly, an Istio Gateway can be + // used to establish connectivity (usually using the + // `AUTO_PASSTHROUGH` mode in a Gateway Server). This is + // an advanced configuration used typically for spanning an Istio mesh + // over multiple clusters. Required if address is not provided. + string network = 4; + + // The locality associated with the endpoint. A locality corresponds + // to a failure domain (e.g., country/region/zone). Arbitrary failure + // domain hierarchies can be represented by separating each + // encapsulating failure domain by /. For example, the locality of an + // an endpoint in US, in US-East-1 region, within availability zone + // az-1, in data center rack r11 can be represented as + // us/us-east-1/az-1/r11. Istio will configure the sidecar to route to + // endpoints within the same locality as the sidecar. If none of the + // endpoints in the locality are available, endpoints parent locality + // (but within the same network ID) will be chosen. For example, if + // there are two endpoints in same network (networkID "n1"), say e1 + // with locality us/us-east-1/az-1/r11 and e2 with locality + // us/us-east-1/az-2/r12, a sidecar from us/us-east-1/az-1/r11 locality + // will prefer e1 from the same locality over e2 from a different + // locality. Endpoint e2 could be the IP associated with a gateway + // (that bridges networks n1 and n2), or the IP associated with a + // standard service endpoint. + string locality = 5; + + // The load balancing weight associated with the endpoint. Endpoints + // with higher weights will receive proportionally higher traffic. + uint32 weight = 6; + + // The service account associated with the workload if a sidecar + // is present in the workload. The service account must be present + // in the same namespace as the configuration ( WorkloadEntry or a + // ServiceEntry) + string service_account = 7; +}; diff --git a/networking/v1/workload_entry_deepcopy.gen.go b/networking/v1/workload_entry_deepcopy.gen.go new file mode 100644 index 00000000..802c5072 --- /dev/null +++ b/networking/v1/workload_entry_deepcopy.gen.go @@ -0,0 +1,27 @@ +// Code generated by protoc-gen-deepcopy. DO NOT EDIT. +package v1 + +import ( + proto "google.golang.org/protobuf/proto" +) + +// DeepCopyInto supports using WorkloadEntry within kubernetes types, where deepcopy-gen is used. +func (in *WorkloadEntry) DeepCopyInto(out *WorkloadEntry) { + p := proto.Clone(in).(*WorkloadEntry) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadEntry. Required by controller-gen. +func (in *WorkloadEntry) DeepCopy() *WorkloadEntry { + if in == nil { + return nil + } + out := new(WorkloadEntry) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadEntry. Required by controller-gen. +func (in *WorkloadEntry) DeepCopyInterface() interface{} { + return in.DeepCopy() +} diff --git a/networking/v1/workload_entry_json.gen.go b/networking/v1/workload_entry_json.gen.go new file mode 100644 index 00000000..c0a4afb5 --- /dev/null +++ b/networking/v1/workload_entry_json.gen.go @@ -0,0 +1,23 @@ +// Code generated by protoc-gen-jsonshim. DO NOT EDIT. +package v1 + +import ( + bytes "bytes" + jsonpb "github.com/golang/protobuf/jsonpb" +) + +// MarshalJSON is a custom marshaler for WorkloadEntry +func (this *WorkloadEntry) MarshalJSON() ([]byte, error) { + str, err := WorkloadEntryMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for WorkloadEntry +func (this *WorkloadEntry) UnmarshalJSON(b []byte) error { + return WorkloadEntryUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +var ( + WorkloadEntryMarshaler = &jsonpb.Marshaler{} + WorkloadEntryUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} +) diff --git a/networking/v1/workload_group.pb.go b/networking/v1/workload_group.pb.go new file mode 100644 index 00000000..53593e29 --- /dev/null +++ b/networking/v1/workload_group.pb.go @@ -0,0 +1,910 @@ +// Copyright 2020 Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.33.0 +// protoc (unknown) +// source: networking/v1/workload_group.proto + +// $schema: istio.networking.v1alpha3.WorkloadGroup +// $title: Workload Group +// $description: Describes a collection of workload instances. +// $location: https://istio.io/docs/reference/config/networking/workload-group.html +// $aliases: [/docs/reference/config/networking/v1alpha3/workload-group] +// $mode: none + +// `WorkloadGroup` describes a collection of workload instances. +// It provides a specification that the workload instances can use to bootstrap +// their proxies, including the metadata and identity. It is only intended to +// be used with non-k8s workloads like Virtual Machines, and is meant to mimic +// the existing sidecar injection and deployment specification model used for +// Kubernetes workloads to bootstrap Istio proxies. +// +// The following example declares a workload group representing a collection +// of workloads that will be registered under `reviews` in namespace +// `bookinfo`. The set of labels will be associated with each workload +// instance during the bootstrap process, and the ports 3550 and 8080 +// will be associated with the workload group and use service account `default`. +// `app.kubernetes.io/version` is just an arbitrary example of a label. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: WorkloadGroup +// metadata: +// name: reviews +// namespace: bookinfo +// spec: +// metadata: +// labels: +// app.kubernetes.io/name: reviews +// app.kubernetes.io/version: "1.3.4" +// template: +// ports: +// grpc: 3550 +// http: 8080 +// serviceAccount: default +// probe: +// initialDelaySeconds: 5 +// timeoutSeconds: 3 +// periodSeconds: 4 +// successThreshold: 3 +// failureThreshold: 3 +// httpGet: +// path: /foo/bar +// host: 127.0.0.1 +// port: 3100 +// scheme: HTTPS +// httpHeaders: +// - name: Lit-Header +// value: Im-The-Best +// ``` + +package v1 + +import ( + _ "google.golang.org/genproto/googleapis/api/annotations" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// `WorkloadGroup` enables specifying the properties of a single workload for bootstrap and +// provides a template for `WorkloadEntry`, similar to how `Deployment` specifies properties +// of workloads via `Pod` templates. A `WorkloadGroup` can have more than one `WorkloadEntry`. +// `WorkloadGroup` has no relationship to resources which control service registry like `ServiceEntry` +// and as such doesn't configure host name for these workloads. +// +// +// +// +// +type WorkloadGroup struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Metadata that will be used for all corresponding `WorkloadEntries`. + // User labels for a workload group should be set here in `metadata` rather than in `template`. + Metadata *WorkloadGroup_ObjectMeta `protobuf:"bytes,1,opt,name=metadata,proto3" json:"metadata,omitempty"` + // Template to be used for the generation of `WorkloadEntry` resources that belong to this `WorkloadGroup`. + // Please note that `address` and `labels` fields should not be set in the template, and an empty `serviceAccount` + // should default to `default`. The workload identities (mTLS certificates) will be bootstrapped using the + // specified service account's token. Workload entries in this group will be in the same namespace as the + // workload group, and inherit the labels and annotations from the above `metadata` field. + Template *WorkloadEntry `protobuf:"bytes,2,opt,name=template,proto3" json:"template,omitempty"` + // `ReadinessProbe` describes the configuration the user must provide for healthchecking on their workload. + // This configuration mirrors K8S in both syntax and logic for the most part. + Probe *ReadinessProbe `protobuf:"bytes,3,opt,name=probe,proto3" json:"probe,omitempty"` +} + +func (x *WorkloadGroup) Reset() { + *x = WorkloadGroup{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_workload_group_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *WorkloadGroup) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*WorkloadGroup) ProtoMessage() {} + +func (x *WorkloadGroup) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_workload_group_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use WorkloadGroup.ProtoReflect.Descriptor instead. +func (*WorkloadGroup) Descriptor() ([]byte, []int) { + return file_networking_v1_workload_group_proto_rawDescGZIP(), []int{0} +} + +func (x *WorkloadGroup) GetMetadata() *WorkloadGroup_ObjectMeta { + if x != nil { + return x.Metadata + } + return nil +} + +func (x *WorkloadGroup) GetTemplate() *WorkloadEntry { + if x != nil { + return x.Template + } + return nil +} + +func (x *WorkloadGroup) GetProbe() *ReadinessProbe { + if x != nil { + return x.Probe + } + return nil +} + +type ReadinessProbe struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Number of seconds after the container has started before readiness probes are initiated. + InitialDelaySeconds int32 `protobuf:"varint,2,opt,name=initial_delay_seconds,json=initialDelaySeconds,proto3" json:"initial_delay_seconds,omitempty"` + // Number of seconds after which the probe times out. + // Defaults to 1 second. Minimum value is 1 second. + TimeoutSeconds int32 `protobuf:"varint,3,opt,name=timeout_seconds,json=timeoutSeconds,proto3" json:"timeout_seconds,omitempty"` + // How often (in seconds) to perform the probe. + // Default to 10 seconds. Minimum value is 1 second. + PeriodSeconds int32 `protobuf:"varint,4,opt,name=period_seconds,json=periodSeconds,proto3" json:"period_seconds,omitempty"` + // Minimum consecutive successes for the probe to be considered successful after having failed. + // Defaults to 1 second. + SuccessThreshold int32 `protobuf:"varint,5,opt,name=success_threshold,json=successThreshold,proto3" json:"success_threshold,omitempty"` + // Minimum consecutive failures for the probe to be considered failed after having succeeded. + // Defaults to 3 seconds. + FailureThreshold int32 `protobuf:"varint,6,opt,name=failure_threshold,json=failureThreshold,proto3" json:"failure_threshold,omitempty"` + // Users can only provide one configuration for healthchecks (tcp, http, exec), + // and this is expressed as a oneof. All of the other configuration values + // hold true for any of the healthcheck methods. + // + // Types that are assignable to HealthCheckMethod: + // + // *ReadinessProbe_HttpGet + // *ReadinessProbe_TcpSocket + // *ReadinessProbe_Exec + HealthCheckMethod isReadinessProbe_HealthCheckMethod `protobuf_oneof:"health_check_method"` +} + +func (x *ReadinessProbe) Reset() { + *x = ReadinessProbe{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_workload_group_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ReadinessProbe) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ReadinessProbe) ProtoMessage() {} + +func (x *ReadinessProbe) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_workload_group_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ReadinessProbe.ProtoReflect.Descriptor instead. +func (*ReadinessProbe) Descriptor() ([]byte, []int) { + return file_networking_v1_workload_group_proto_rawDescGZIP(), []int{1} +} + +func (x *ReadinessProbe) GetInitialDelaySeconds() int32 { + if x != nil { + return x.InitialDelaySeconds + } + return 0 +} + +func (x *ReadinessProbe) GetTimeoutSeconds() int32 { + if x != nil { + return x.TimeoutSeconds + } + return 0 +} + +func (x *ReadinessProbe) GetPeriodSeconds() int32 { + if x != nil { + return x.PeriodSeconds + } + return 0 +} + +func (x *ReadinessProbe) GetSuccessThreshold() int32 { + if x != nil { + return x.SuccessThreshold + } + return 0 +} + +func (x *ReadinessProbe) GetFailureThreshold() int32 { + if x != nil { + return x.FailureThreshold + } + return 0 +} + +func (m *ReadinessProbe) GetHealthCheckMethod() isReadinessProbe_HealthCheckMethod { + if m != nil { + return m.HealthCheckMethod + } + return nil +} + +func (x *ReadinessProbe) GetHttpGet() *HTTPHealthCheckConfig { + if x, ok := x.GetHealthCheckMethod().(*ReadinessProbe_HttpGet); ok { + return x.HttpGet + } + return nil +} + +func (x *ReadinessProbe) GetTcpSocket() *TCPHealthCheckConfig { + if x, ok := x.GetHealthCheckMethod().(*ReadinessProbe_TcpSocket); ok { + return x.TcpSocket + } + return nil +} + +func (x *ReadinessProbe) GetExec() *ExecHealthCheckConfig { + if x, ok := x.GetHealthCheckMethod().(*ReadinessProbe_Exec); ok { + return x.Exec + } + return nil +} + +type isReadinessProbe_HealthCheckMethod interface { + isReadinessProbe_HealthCheckMethod() +} + +type ReadinessProbe_HttpGet struct { + // `httpGet` is performed to a given endpoint + // and the status/able to connect determines health. + HttpGet *HTTPHealthCheckConfig `protobuf:"bytes,7,opt,name=http_get,json=httpGet,proto3,oneof"` +} + +type ReadinessProbe_TcpSocket struct { + // Health is determined by if the proxy is able to connect. + TcpSocket *TCPHealthCheckConfig `protobuf:"bytes,8,opt,name=tcp_socket,json=tcpSocket,proto3,oneof"` +} + +type ReadinessProbe_Exec struct { + // Health is determined by how the command that is executed exited. + Exec *ExecHealthCheckConfig `protobuf:"bytes,9,opt,name=exec,proto3,oneof"` +} + +func (*ReadinessProbe_HttpGet) isReadinessProbe_HealthCheckMethod() {} + +func (*ReadinessProbe_TcpSocket) isReadinessProbe_HealthCheckMethod() {} + +func (*ReadinessProbe_Exec) isReadinessProbe_HealthCheckMethod() {} + +type HTTPHealthCheckConfig struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Path to access on the HTTP server. + Path string `protobuf:"bytes,1,opt,name=path,proto3" json:"path,omitempty"` + // Port on which the endpoint lives. + Port uint32 `protobuf:"varint,2,opt,name=port,proto3" json:"port,omitempty"` + // Host name to connect to, defaults to the pod IP. You probably want to set + // "Host" in httpHeaders instead. + Host string `protobuf:"bytes,3,opt,name=host,proto3" json:"host,omitempty"` + // HTTP or HTTPS, defaults to HTTP + Scheme string `protobuf:"bytes,4,opt,name=scheme,proto3" json:"scheme,omitempty"` + // Headers the proxy will pass on to make the request. + // Allows repeated headers. + HttpHeaders []*HTTPHeader `protobuf:"bytes,5,rep,name=http_headers,json=httpHeaders,proto3" json:"http_headers,omitempty"` +} + +func (x *HTTPHealthCheckConfig) Reset() { + *x = HTTPHealthCheckConfig{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_workload_group_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *HTTPHealthCheckConfig) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*HTTPHealthCheckConfig) ProtoMessage() {} + +func (x *HTTPHealthCheckConfig) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_workload_group_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use HTTPHealthCheckConfig.ProtoReflect.Descriptor instead. +func (*HTTPHealthCheckConfig) Descriptor() ([]byte, []int) { + return file_networking_v1_workload_group_proto_rawDescGZIP(), []int{2} +} + +func (x *HTTPHealthCheckConfig) GetPath() string { + if x != nil { + return x.Path + } + return "" +} + +func (x *HTTPHealthCheckConfig) GetPort() uint32 { + if x != nil { + return x.Port + } + return 0 +} + +func (x *HTTPHealthCheckConfig) GetHost() string { + if x != nil { + return x.Host + } + return "" +} + +func (x *HTTPHealthCheckConfig) GetScheme() string { + if x != nil { + return x.Scheme + } + return "" +} + +func (x *HTTPHealthCheckConfig) GetHttpHeaders() []*HTTPHeader { + if x != nil { + return x.HttpHeaders + } + return nil +} + +type HTTPHeader struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The header field name + Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` + // The header field value + Value string `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"` +} + +func (x *HTTPHeader) Reset() { + *x = HTTPHeader{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_workload_group_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *HTTPHeader) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*HTTPHeader) ProtoMessage() {} + +func (x *HTTPHeader) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_workload_group_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use HTTPHeader.ProtoReflect.Descriptor instead. +func (*HTTPHeader) Descriptor() ([]byte, []int) { + return file_networking_v1_workload_group_proto_rawDescGZIP(), []int{3} +} + +func (x *HTTPHeader) GetName() string { + if x != nil { + return x.Name + } + return "" +} + +func (x *HTTPHeader) GetValue() string { + if x != nil { + return x.Value + } + return "" +} + +type TCPHealthCheckConfig struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Host to connect to, defaults to localhost + Host string `protobuf:"bytes,1,opt,name=host,proto3" json:"host,omitempty"` + // Port of host + Port uint32 `protobuf:"varint,2,opt,name=port,proto3" json:"port,omitempty"` +} + +func (x *TCPHealthCheckConfig) Reset() { + *x = TCPHealthCheckConfig{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_workload_group_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *TCPHealthCheckConfig) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*TCPHealthCheckConfig) ProtoMessage() {} + +func (x *TCPHealthCheckConfig) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_workload_group_proto_msgTypes[4] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use TCPHealthCheckConfig.ProtoReflect.Descriptor instead. +func (*TCPHealthCheckConfig) Descriptor() ([]byte, []int) { + return file_networking_v1_workload_group_proto_rawDescGZIP(), []int{4} +} + +func (x *TCPHealthCheckConfig) GetHost() string { + if x != nil { + return x.Host + } + return "" +} + +func (x *TCPHealthCheckConfig) GetPort() uint32 { + if x != nil { + return x.Port + } + return 0 +} + +type ExecHealthCheckConfig struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Command to run. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + Command []string `protobuf:"bytes,1,rep,name=command,proto3" json:"command,omitempty"` +} + +func (x *ExecHealthCheckConfig) Reset() { + *x = ExecHealthCheckConfig{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_workload_group_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ExecHealthCheckConfig) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ExecHealthCheckConfig) ProtoMessage() {} + +func (x *ExecHealthCheckConfig) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_workload_group_proto_msgTypes[5] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ExecHealthCheckConfig.ProtoReflect.Descriptor instead. +func (*ExecHealthCheckConfig) Descriptor() ([]byte, []int) { + return file_networking_v1_workload_group_proto_rawDescGZIP(), []int{5} +} + +func (x *ExecHealthCheckConfig) GetCommand() []string { + if x != nil { + return x.Command + } + return nil +} + +// `ObjectMeta` describes metadata that will be attached to a `WorkloadEntry`. +// It is a subset of the supported Kubernetes metadata. +type WorkloadGroup_ObjectMeta struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Labels to attach + Labels map[string]string `protobuf:"bytes,1,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + // Annotations to attach + Annotations map[string]string `protobuf:"bytes,2,rep,name=annotations,proto3" json:"annotations,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` +} + +func (x *WorkloadGroup_ObjectMeta) Reset() { + *x = WorkloadGroup_ObjectMeta{} + if protoimpl.UnsafeEnabled { + mi := &file_networking_v1_workload_group_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *WorkloadGroup_ObjectMeta) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*WorkloadGroup_ObjectMeta) ProtoMessage() {} + +func (x *WorkloadGroup_ObjectMeta) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1_workload_group_proto_msgTypes[6] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use WorkloadGroup_ObjectMeta.ProtoReflect.Descriptor instead. +func (*WorkloadGroup_ObjectMeta) Descriptor() ([]byte, []int) { + return file_networking_v1_workload_group_proto_rawDescGZIP(), []int{0, 0} +} + +func (x *WorkloadGroup_ObjectMeta) GetLabels() map[string]string { + if x != nil { + return x.Labels + } + return nil +} + +func (x *WorkloadGroup_ObjectMeta) GetAnnotations() map[string]string { + if x != nil { + return x.Annotations + } + return nil +} + +var File_networking_v1_workload_group_proto protoreflect.FileDescriptor + +var file_networking_v1_workload_group_proto_rawDesc = []byte{ + 0x0a, 0x22, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x2f, + 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x13, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, + 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, + 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x22, 0x6e, 0x65, 0x74, 0x77, + 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x2f, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, + 0x61, 0x64, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x99, + 0x04, 0x0a, 0x0d, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x47, 0x72, 0x6f, 0x75, 0x70, + 0x12, 0x49, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, + 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, + 0x64, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x4d, 0x65, 0x74, + 0x61, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x43, 0x0a, 0x08, 0x74, + 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, + 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, + 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x45, 0x6e, 0x74, 0x72, + 0x79, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x08, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, + 0x12, 0x39, 0x0a, 0x05, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x23, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, + 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x61, 0x64, 0x69, 0x6e, 0x65, 0x73, 0x73, 0x50, + 0x72, 0x6f, 0x62, 0x65, 0x52, 0x05, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x1a, 0xbc, 0x02, 0x0a, 0x0a, + 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x51, 0x0a, 0x06, 0x6c, 0x61, + 0x62, 0x65, 0x6c, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x69, 0x73, 0x74, + 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, + 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x2e, 0x4f, + 0x62, 0x6a, 0x65, 0x63, 0x74, 0x4d, 0x65, 0x74, 0x61, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, + 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x12, 0x60, 0x0a, + 0x0b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x02, 0x20, 0x03, + 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, + 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, + 0x64, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x4d, 0x65, 0x74, + 0x61, 0x2e, 0x41, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x45, 0x6e, 0x74, + 0x72, 0x79, 0x52, 0x0b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x1a, + 0x39, 0x0a, 0x0b, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, + 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, + 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x3e, 0x0a, 0x10, 0x41, 0x6e, + 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, + 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, + 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xdc, 0x03, 0x0a, 0x0e, 0x52, + 0x65, 0x61, 0x64, 0x69, 0x6e, 0x65, 0x73, 0x73, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x12, 0x32, 0x0a, + 0x15, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x5f, 0x73, + 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x13, 0x69, 0x6e, + 0x69, 0x74, 0x69, 0x61, 0x6c, 0x44, 0x65, 0x6c, 0x61, 0x79, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, + 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x5f, 0x73, 0x65, 0x63, + 0x6f, 0x6e, 0x64, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0e, 0x74, 0x69, 0x6d, 0x65, + 0x6f, 0x75, 0x74, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x70, 0x65, + 0x72, 0x69, 0x6f, 0x64, 0x5f, 0x73, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x18, 0x04, 0x20, 0x01, + 0x28, 0x05, 0x52, 0x0d, 0x70, 0x65, 0x72, 0x69, 0x6f, 0x64, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, + 0x73, 0x12, 0x2b, 0x0a, 0x11, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x74, 0x68, 0x72, + 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x05, 0x52, 0x10, 0x73, 0x75, + 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x2b, + 0x0a, 0x11, 0x66, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x5f, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, + 0x6f, 0x6c, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x05, 0x52, 0x10, 0x66, 0x61, 0x69, 0x6c, 0x75, + 0x72, 0x65, 0x54, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x47, 0x0a, 0x08, 0x68, + 0x74, 0x74, 0x70, 0x5f, 0x67, 0x65, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e, + 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, + 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, + 0x65, 0x63, 0x6b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x48, 0x00, 0x52, 0x07, 0x68, 0x74, 0x74, + 0x70, 0x47, 0x65, 0x74, 0x12, 0x4a, 0x0a, 0x0a, 0x74, 0x63, 0x70, 0x5f, 0x73, 0x6f, 0x63, 0x6b, + 0x65, 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, + 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x54, + 0x43, 0x50, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x43, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x48, 0x00, 0x52, 0x09, 0x74, 0x63, 0x70, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, + 0x12, 0x40, 0x0a, 0x04, 0x65, 0x78, 0x65, 0x63, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, + 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, + 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x45, 0x78, 0x65, 0x63, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, + 0x68, 0x65, 0x63, 0x6b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x48, 0x00, 0x52, 0x04, 0x65, 0x78, + 0x65, 0x63, 0x42, 0x15, 0x0a, 0x13, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x5f, 0x63, 0x68, 0x65, + 0x63, 0x6b, 0x5f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x22, 0xb4, 0x01, 0x0a, 0x15, 0x48, 0x54, + 0x54, 0x50, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x43, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x17, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, + 0x12, 0x12, 0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, + 0x68, 0x6f, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x65, 0x18, 0x04, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x65, 0x12, 0x42, 0x0a, 0x0c, + 0x68, 0x74, 0x74, 0x70, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x05, 0x20, 0x03, + 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, + 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, + 0x64, 0x65, 0x72, 0x52, 0x0b, 0x68, 0x74, 0x74, 0x70, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, + 0x22, 0x36, 0x0a, 0x0a, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x12, + 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, + 0x6d, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x43, 0x0a, 0x14, 0x54, 0x43, 0x50, 0x48, + 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x12, 0x12, 0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, + 0x68, 0x6f, 0x73, 0x74, 0x12, 0x17, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x0d, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x22, 0x31, 0x0a, + 0x15, 0x45, 0x78, 0x65, 0x63, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, + 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x18, 0x0a, 0x07, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, + 0x64, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, + 0x42, 0x1c, 0x5a, 0x1a, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, + 0x2f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, 0x06, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_networking_v1_workload_group_proto_rawDescOnce sync.Once + file_networking_v1_workload_group_proto_rawDescData = file_networking_v1_workload_group_proto_rawDesc +) + +func file_networking_v1_workload_group_proto_rawDescGZIP() []byte { + file_networking_v1_workload_group_proto_rawDescOnce.Do(func() { + file_networking_v1_workload_group_proto_rawDescData = protoimpl.X.CompressGZIP(file_networking_v1_workload_group_proto_rawDescData) + }) + return file_networking_v1_workload_group_proto_rawDescData +} + +var file_networking_v1_workload_group_proto_msgTypes = make([]protoimpl.MessageInfo, 9) +var file_networking_v1_workload_group_proto_goTypes = []interface{}{ + (*WorkloadGroup)(nil), // 0: istio.networking.v1.WorkloadGroup + (*ReadinessProbe)(nil), // 1: istio.networking.v1.ReadinessProbe + (*HTTPHealthCheckConfig)(nil), // 2: istio.networking.v1.HTTPHealthCheckConfig + (*HTTPHeader)(nil), // 3: istio.networking.v1.HTTPHeader + (*TCPHealthCheckConfig)(nil), // 4: istio.networking.v1.TCPHealthCheckConfig + (*ExecHealthCheckConfig)(nil), // 5: istio.networking.v1.ExecHealthCheckConfig + (*WorkloadGroup_ObjectMeta)(nil), // 6: istio.networking.v1.WorkloadGroup.ObjectMeta + nil, // 7: istio.networking.v1.WorkloadGroup.ObjectMeta.LabelsEntry + nil, // 8: istio.networking.v1.WorkloadGroup.ObjectMeta.AnnotationsEntry + (*WorkloadEntry)(nil), // 9: istio.networking.v1.WorkloadEntry +} +var file_networking_v1_workload_group_proto_depIdxs = []int32{ + 6, // 0: istio.networking.v1.WorkloadGroup.metadata:type_name -> istio.networking.v1.WorkloadGroup.ObjectMeta + 9, // 1: istio.networking.v1.WorkloadGroup.template:type_name -> istio.networking.v1.WorkloadEntry + 1, // 2: istio.networking.v1.WorkloadGroup.probe:type_name -> istio.networking.v1.ReadinessProbe + 2, // 3: istio.networking.v1.ReadinessProbe.http_get:type_name -> istio.networking.v1.HTTPHealthCheckConfig + 4, // 4: istio.networking.v1.ReadinessProbe.tcp_socket:type_name -> istio.networking.v1.TCPHealthCheckConfig + 5, // 5: istio.networking.v1.ReadinessProbe.exec:type_name -> istio.networking.v1.ExecHealthCheckConfig + 3, // 6: istio.networking.v1.HTTPHealthCheckConfig.http_headers:type_name -> istio.networking.v1.HTTPHeader + 7, // 7: istio.networking.v1.WorkloadGroup.ObjectMeta.labels:type_name -> istio.networking.v1.WorkloadGroup.ObjectMeta.LabelsEntry + 8, // 8: istio.networking.v1.WorkloadGroup.ObjectMeta.annotations:type_name -> istio.networking.v1.WorkloadGroup.ObjectMeta.AnnotationsEntry + 9, // [9:9] is the sub-list for method output_type + 9, // [9:9] is the sub-list for method input_type + 9, // [9:9] is the sub-list for extension type_name + 9, // [9:9] is the sub-list for extension extendee + 0, // [0:9] is the sub-list for field type_name +} + +func init() { file_networking_v1_workload_group_proto_init() } +func file_networking_v1_workload_group_proto_init() { + if File_networking_v1_workload_group_proto != nil { + return + } + file_networking_v1_workload_entry_proto_init() + if !protoimpl.UnsafeEnabled { + file_networking_v1_workload_group_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*WorkloadGroup); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_workload_group_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ReadinessProbe); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_workload_group_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*HTTPHealthCheckConfig); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_workload_group_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*HTTPHeader); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_workload_group_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*TCPHealthCheckConfig); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_workload_group_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ExecHealthCheckConfig); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_networking_v1_workload_group_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*WorkloadGroup_ObjectMeta); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + file_networking_v1_workload_group_proto_msgTypes[1].OneofWrappers = []interface{}{ + (*ReadinessProbe_HttpGet)(nil), + (*ReadinessProbe_TcpSocket)(nil), + (*ReadinessProbe_Exec)(nil), + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_networking_v1_workload_group_proto_rawDesc, + NumEnums: 0, + NumMessages: 9, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_networking_v1_workload_group_proto_goTypes, + DependencyIndexes: file_networking_v1_workload_group_proto_depIdxs, + MessageInfos: file_networking_v1_workload_group_proto_msgTypes, + }.Build() + File_networking_v1_workload_group_proto = out.File + file_networking_v1_workload_group_proto_rawDesc = nil + file_networking_v1_workload_group_proto_goTypes = nil + file_networking_v1_workload_group_proto_depIdxs = nil +} diff --git a/networking/v1/workload_group.proto b/networking/v1/workload_group.proto new file mode 100644 index 00000000..50272505 --- /dev/null +++ b/networking/v1/workload_group.proto @@ -0,0 +1,204 @@ +// Copyright 2020 Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +import "google/api/field_behavior.proto"; +import "networking/v1/workload_entry.proto"; + +// $schema: istio.networking.v1alpha3.WorkloadGroup +// $title: Workload Group +// $description: Describes a collection of workload instances. +// $location: https://istio.io/docs/reference/config/networking/workload-group.html +// $aliases: [/docs/reference/config/networking/v1alpha3/workload-group] +// $mode: none + +// `WorkloadGroup` describes a collection of workload instances. +// It provides a specification that the workload instances can use to bootstrap +// their proxies, including the metadata and identity. It is only intended to +// be used with non-k8s workloads like Virtual Machines, and is meant to mimic +// the existing sidecar injection and deployment specification model used for +// Kubernetes workloads to bootstrap Istio proxies. +// +// The following example declares a workload group representing a collection +// of workloads that will be registered under `reviews` in namespace +// `bookinfo`. The set of labels will be associated with each workload +// instance during the bootstrap process, and the ports 3550 and 8080 +// will be associated with the workload group and use service account `default`. +// `app.kubernetes.io/version` is just an arbitrary example of a label. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: WorkloadGroup +// metadata: +// name: reviews +// namespace: bookinfo +// spec: +// metadata: +// labels: +// app.kubernetes.io/name: reviews +// app.kubernetes.io/version: "1.3.4" +// template: +// ports: +// grpc: 3550 +// http: 8080 +// serviceAccount: default +// probe: +// initialDelaySeconds: 5 +// timeoutSeconds: 3 +// periodSeconds: 4 +// successThreshold: 3 +// failureThreshold: 3 +// httpGet: +// path: /foo/bar +// host: 127.0.0.1 +// port: 3100 +// scheme: HTTPS +// httpHeaders: +// - name: Lit-Header +// value: Im-The-Best +// ``` +package istio.networking.v1; + +option go_package = "istio.io/api/networking/v1"; + +// `WorkloadGroup` enables specifying the properties of a single workload for bootstrap and +// provides a template for `WorkloadEntry`, similar to how `Deployment` specifies properties +// of workloads via `Pod` templates. A `WorkloadGroup` can have more than one `WorkloadEntry`. +// `WorkloadGroup` has no relationship to resources which control service registry like `ServiceEntry` +// and as such doesn't configure host name for these workloads. +// +// +// +// +// +message WorkloadGroup { + // Metadata that will be used for all corresponding `WorkloadEntries`. + // User labels for a workload group should be set here in `metadata` rather than in `template`. + ObjectMeta metadata = 1; + + // Template to be used for the generation of `WorkloadEntry` resources that belong to this `WorkloadGroup`. + // Please note that `address` and `labels` fields should not be set in the template, and an empty `serviceAccount` + // should default to `default`. The workload identities (mTLS certificates) will be bootstrapped using the + // specified service account's token. Workload entries in this group will be in the same namespace as the + // workload group, and inherit the labels and annotations from the above `metadata` field. + WorkloadEntry template = 2 [(google.api.field_behavior) = REQUIRED]; + + // `ObjectMeta` describes metadata that will be attached to a `WorkloadEntry`. + // It is a subset of the supported Kubernetes metadata. + message ObjectMeta { + // Labels to attach + map labels = 1; + + // Annotations to attach + map annotations = 2; + } + + // `ReadinessProbe` describes the configuration the user must provide for healthchecking on their workload. + // This configuration mirrors K8S in both syntax and logic for the most part. + ReadinessProbe probe = 3; +} + +message ReadinessProbe { + + // Number of seconds after the container has started before readiness probes are initiated. + int32 initial_delay_seconds = 2; + + // Number of seconds after which the probe times out. + // Defaults to 1 second. Minimum value is 1 second. + int32 timeout_seconds = 3; + + // How often (in seconds) to perform the probe. + // Default to 10 seconds. Minimum value is 1 second. + int32 period_seconds = 4; + + // Minimum consecutive successes for the probe to be considered successful after having failed. + // Defaults to 1 second. + int32 success_threshold = 5; + + // Minimum consecutive failures for the probe to be considered failed after having succeeded. + // Defaults to 3 seconds. + int32 failure_threshold = 6; + + // Users can only provide one configuration for healthchecks (tcp, http, exec), + // and this is expressed as a oneof. All of the other configuration values + // hold true for any of the healthcheck methods. + oneof health_check_method { + // `httpGet` is performed to a given endpoint + // and the status/able to connect determines health. + HTTPHealthCheckConfig http_get = 7; + // Health is determined by if the proxy is able to connect. + TCPHealthCheckConfig tcp_socket = 8; + // Health is determined by how the command that is executed exited. + ExecHealthCheckConfig exec = 9; + } +} + +message HTTPHealthCheckConfig { + // Path to access on the HTTP server. + string path = 1; + + // Port on which the endpoint lives. + uint32 port = 2 [(google.api.field_behavior) = REQUIRED]; + + // Host name to connect to, defaults to the pod IP. You probably want to set + // "Host" in httpHeaders instead. + string host = 3; + + // HTTP or HTTPS, defaults to HTTP + string scheme = 4; + + // Headers the proxy will pass on to make the request. + // Allows repeated headers. + repeated HTTPHeader http_headers = 5; +} + +message HTTPHeader { + // The header field name + string name = 1; + + // The header field value + string value = 2; +} + +message TCPHealthCheckConfig { + // Host to connect to, defaults to localhost + string host = 1; + // Port of host + uint32 port = 2 [(google.api.field_behavior) = REQUIRED]; +} + +message ExecHealthCheckConfig { + // Command to run. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + repeated string command = 1; +} diff --git a/networking/v1/workload_group_deepcopy.gen.go b/networking/v1/workload_group_deepcopy.gen.go new file mode 100644 index 00000000..b1e3441c --- /dev/null +++ b/networking/v1/workload_group_deepcopy.gen.go @@ -0,0 +1,153 @@ +// Code generated by protoc-gen-deepcopy. DO NOT EDIT. +package v1 + +import ( + proto "google.golang.org/protobuf/proto" +) + +// DeepCopyInto supports using WorkloadGroup within kubernetes types, where deepcopy-gen is used. +func (in *WorkloadGroup) DeepCopyInto(out *WorkloadGroup) { + p := proto.Clone(in).(*WorkloadGroup) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadGroup. Required by controller-gen. +func (in *WorkloadGroup) DeepCopy() *WorkloadGroup { + if in == nil { + return nil + } + out := new(WorkloadGroup) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadGroup. Required by controller-gen. +func (in *WorkloadGroup) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using WorkloadGroup_ObjectMeta within kubernetes types, where deepcopy-gen is used. +func (in *WorkloadGroup_ObjectMeta) DeepCopyInto(out *WorkloadGroup_ObjectMeta) { + p := proto.Clone(in).(*WorkloadGroup_ObjectMeta) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadGroup_ObjectMeta. Required by controller-gen. +func (in *WorkloadGroup_ObjectMeta) DeepCopy() *WorkloadGroup_ObjectMeta { + if in == nil { + return nil + } + out := new(WorkloadGroup_ObjectMeta) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadGroup_ObjectMeta. Required by controller-gen. +func (in *WorkloadGroup_ObjectMeta) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using ReadinessProbe within kubernetes types, where deepcopy-gen is used. +func (in *ReadinessProbe) DeepCopyInto(out *ReadinessProbe) { + p := proto.Clone(in).(*ReadinessProbe) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReadinessProbe. Required by controller-gen. +func (in *ReadinessProbe) DeepCopy() *ReadinessProbe { + if in == nil { + return nil + } + out := new(ReadinessProbe) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ReadinessProbe. Required by controller-gen. +func (in *ReadinessProbe) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using HTTPHealthCheckConfig within kubernetes types, where deepcopy-gen is used. +func (in *HTTPHealthCheckConfig) DeepCopyInto(out *HTTPHealthCheckConfig) { + p := proto.Clone(in).(*HTTPHealthCheckConfig) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPHealthCheckConfig. Required by controller-gen. +func (in *HTTPHealthCheckConfig) DeepCopy() *HTTPHealthCheckConfig { + if in == nil { + return nil + } + out := new(HTTPHealthCheckConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPHealthCheckConfig. Required by controller-gen. +func (in *HTTPHealthCheckConfig) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using HTTPHeader within kubernetes types, where deepcopy-gen is used. +func (in *HTTPHeader) DeepCopyInto(out *HTTPHeader) { + p := proto.Clone(in).(*HTTPHeader) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPHeader. Required by controller-gen. +func (in *HTTPHeader) DeepCopy() *HTTPHeader { + if in == nil { + return nil + } + out := new(HTTPHeader) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPHeader. Required by controller-gen. +func (in *HTTPHeader) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using TCPHealthCheckConfig within kubernetes types, where deepcopy-gen is used. +func (in *TCPHealthCheckConfig) DeepCopyInto(out *TCPHealthCheckConfig) { + p := proto.Clone(in).(*TCPHealthCheckConfig) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPHealthCheckConfig. Required by controller-gen. +func (in *TCPHealthCheckConfig) DeepCopy() *TCPHealthCheckConfig { + if in == nil { + return nil + } + out := new(TCPHealthCheckConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new TCPHealthCheckConfig. Required by controller-gen. +func (in *TCPHealthCheckConfig) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using ExecHealthCheckConfig within kubernetes types, where deepcopy-gen is used. +func (in *ExecHealthCheckConfig) DeepCopyInto(out *ExecHealthCheckConfig) { + p := proto.Clone(in).(*ExecHealthCheckConfig) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecHealthCheckConfig. Required by controller-gen. +func (in *ExecHealthCheckConfig) DeepCopy() *ExecHealthCheckConfig { + if in == nil { + return nil + } + out := new(ExecHealthCheckConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ExecHealthCheckConfig. Required by controller-gen. +func (in *ExecHealthCheckConfig) DeepCopyInterface() interface{} { + return in.DeepCopy() +} diff --git a/networking/v1/workload_group_json.gen.go b/networking/v1/workload_group_json.gen.go new file mode 100644 index 00000000..096e6802 --- /dev/null +++ b/networking/v1/workload_group_json.gen.go @@ -0,0 +1,89 @@ +// Code generated by protoc-gen-jsonshim. DO NOT EDIT. +package v1 + +import ( + bytes "bytes" + jsonpb "github.com/golang/protobuf/jsonpb" +) + +// MarshalJSON is a custom marshaler for WorkloadGroup +func (this *WorkloadGroup) MarshalJSON() ([]byte, error) { + str, err := WorkloadGroupMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for WorkloadGroup +func (this *WorkloadGroup) UnmarshalJSON(b []byte) error { + return WorkloadGroupUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for WorkloadGroup_ObjectMeta +func (this *WorkloadGroup_ObjectMeta) MarshalJSON() ([]byte, error) { + str, err := WorkloadGroupMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for WorkloadGroup_ObjectMeta +func (this *WorkloadGroup_ObjectMeta) UnmarshalJSON(b []byte) error { + return WorkloadGroupUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for ReadinessProbe +func (this *ReadinessProbe) MarshalJSON() ([]byte, error) { + str, err := WorkloadGroupMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for ReadinessProbe +func (this *ReadinessProbe) UnmarshalJSON(b []byte) error { + return WorkloadGroupUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for HTTPHealthCheckConfig +func (this *HTTPHealthCheckConfig) MarshalJSON() ([]byte, error) { + str, err := WorkloadGroupMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for HTTPHealthCheckConfig +func (this *HTTPHealthCheckConfig) UnmarshalJSON(b []byte) error { + return WorkloadGroupUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for HTTPHeader +func (this *HTTPHeader) MarshalJSON() ([]byte, error) { + str, err := WorkloadGroupMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for HTTPHeader +func (this *HTTPHeader) UnmarshalJSON(b []byte) error { + return WorkloadGroupUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for TCPHealthCheckConfig +func (this *TCPHealthCheckConfig) MarshalJSON() ([]byte, error) { + str, err := WorkloadGroupMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for TCPHealthCheckConfig +func (this *TCPHealthCheckConfig) UnmarshalJSON(b []byte) error { + return WorkloadGroupUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for ExecHealthCheckConfig +func (this *ExecHealthCheckConfig) MarshalJSON() ([]byte, error) { + str, err := WorkloadGroupMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for ExecHealthCheckConfig +func (this *ExecHealthCheckConfig) UnmarshalJSON(b []byte) error { + return WorkloadGroupUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +var ( + WorkloadGroupMarshaler = &jsonpb.Marshaler{} + WorkloadGroupUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} +) diff --git a/networking/v1alpha3/destination_rule.pb.go b/networking/v1alpha3/destination_rule.pb.go index afb22c51..9b89b4e2 100644 --- a/networking/v1alpha3/destination_rule.pb.go +++ b/networking/v1alpha3/destination_rule.pb.go @@ -391,7 +391,6 @@ func (ClientTLSSettings_TLSmode) EnumDescriptor() ([]byte, []int) { //