From 54c00a18202e7ecef351992a264a2f85efaf3440 Mon Sep 17 00:00:00 2001 From: Rama Chavali Date: Wed, 25 Jun 2025 20:44:18 +0530 Subject: [PATCH] add gateway sds extension provider (#3529) * add gateway sds extension provider Signed-off-by: Rama Chavali * address comments Signed-off-by: Rama Chavali * revert change Signed-off-by: Rama Chavali --------- Signed-off-by: Rama Chavali --- mesh/v1alpha1/config.pb.go | 311 ++++++++++++++-------- mesh/v1alpha1/config.proto | 24 +- mesh/v1alpha1/config_json.gen.go | 11 + mesh/v1alpha1/istio.mesh.v1alpha1.pb.html | 60 ++++- 4 files changed, 297 insertions(+), 109 deletions(-) diff --git a/mesh/v1alpha1/config.pb.go b/mesh/v1alpha1/config.pb.go index c0d74b8a..7bc42f31 100644 --- a/mesh/v1alpha1/config.pb.go +++ b/mesh/v1alpha1/config.pb.go @@ -2106,6 +2106,7 @@ type MeshConfig_ExtensionProvider struct { // *MeshConfig_ExtensionProvider_EnvoyHttpAls // *MeshConfig_ExtensionProvider_EnvoyTcpAls // *MeshConfig_ExtensionProvider_EnvoyOtelAls + // *MeshConfig_ExtensionProvider_Sds Provider isMeshConfig_ExtensionProvider_Provider `protobuf_oneof:"provider"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache @@ -2283,6 +2284,15 @@ func (x *MeshConfig_ExtensionProvider) GetEnvoyOtelAls() *MeshConfig_ExtensionPr return nil } +func (x *MeshConfig_ExtensionProvider) GetSds() *MeshConfig_ExtensionProvider_SDSProvider { + if x != nil { + if x, ok := x.Provider.(*MeshConfig_ExtensionProvider_Sds); ok { + return x.Sds + } + } + return nil +} + type isMeshConfig_ExtensionProvider_Provider interface { isMeshConfig_ExtensionProvider_Provider() } @@ -2366,6 +2376,14 @@ type MeshConfig_ExtensionProvider_EnvoyOtelAls struct { EnvoyOtelAls *MeshConfig_ExtensionProvider_EnvoyOpenTelemetryLogProvider `protobuf:"bytes,14,opt,name=envoy_otel_als,json=envoyOtelAls,proto3,oneof"` } +type MeshConfig_ExtensionProvider_Sds struct { + // Configures an Extension Provider for SDS. This can be used to + // configure an external SDS service to supply secrets for certain Gateways for example. + // This is useful for scenarios where the secrets are stored in an external secret store like Vault. + // The secret should be configured with sds://provider-name format. + Sds *MeshConfig_ExtensionProvider_SDSProvider `protobuf:"bytes,16,opt,name=sds,proto3,oneof"` +} + func (*MeshConfig_ExtensionProvider_EnvoyExtAuthzHttp) isMeshConfig_ExtensionProvider_Provider() {} func (*MeshConfig_ExtensionProvider_EnvoyExtAuthzGrpc) isMeshConfig_ExtensionProvider_Provider() {} @@ -2394,6 +2412,8 @@ func (*MeshConfig_ExtensionProvider_EnvoyTcpAls) isMeshConfig_ExtensionProvider_ func (*MeshConfig_ExtensionProvider_EnvoyOtelAls) isMeshConfig_ExtensionProvider_Provider() {} +func (*MeshConfig_ExtensionProvider_Sds) isMeshConfig_ExtensionProvider_Provider() {} + // Holds the name references to the providers that will be used by default // in other Istio configuration resources if the provider is not specified. // @@ -4211,6 +4231,75 @@ type MeshConfig_ExtensionProvider_OpenTelemetryTracingProvider_DynatraceSampler_ func (*MeshConfig_ExtensionProvider_OpenTelemetryTracingProvider_DynatraceSampler_) isMeshConfig_ExtensionProvider_OpenTelemetryTracingProvider_Sampling() { } +// Defines configuration for an Gateway SDS provider. +type MeshConfig_ExtensionProvider_SDSProvider struct { + state protoimpl.MessageState `protogen:"open.v1"` + // REQUIRED. Specifies the name of the provider. This should be used to configure the Gateway SDS. + Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` + // REQUIRED. Specifies the service that implements the SDS service. + // The format is `[/]`. The specification of `` is required only when it is insufficient + // to unambiguously resolve a service in the service registry. The `` is a fully qualified host name of a + // service defined by the Kubernetes service or ServiceEntry. + // + // Example: "gateway-sds.foo.svc.cluster.local" or "bar/gateway-sds.example.com". + Service string `protobuf:"bytes,2,opt,name=service,proto3" json:"service,omitempty"` + // REQUIRED. Specifies the port of the service. + Port uint32 `protobuf:"varint,3,opt,name=port,proto3" json:"port,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *MeshConfig_ExtensionProvider_SDSProvider) Reset() { + *x = MeshConfig_ExtensionProvider_SDSProvider{} + mi := &file_mesh_v1alpha1_config_proto_msgTypes[31] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *MeshConfig_ExtensionProvider_SDSProvider) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*MeshConfig_ExtensionProvider_SDSProvider) ProtoMessage() {} + +func (x *MeshConfig_ExtensionProvider_SDSProvider) ProtoReflect() protoreflect.Message { + mi := &file_mesh_v1alpha1_config_proto_msgTypes[31] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use MeshConfig_ExtensionProvider_SDSProvider.ProtoReflect.Descriptor instead. +func (*MeshConfig_ExtensionProvider_SDSProvider) Descriptor() ([]byte, []int) { + return file_mesh_v1alpha1_config_proto_rawDescGZIP(), []int{0, 6, 15} +} + +func (x *MeshConfig_ExtensionProvider_SDSProvider) GetName() string { + if x != nil { + return x.Name + } + return "" +} + +func (x *MeshConfig_ExtensionProvider_SDSProvider) GetService() string { + if x != nil { + return x.Service + } + return "" +} + +func (x *MeshConfig_ExtensionProvider_SDSProvider) GetPort() uint32 { + if x != nil { + return x.Port + } + return 0 +} + // Defines configuration for an HTTP service that can be used by an Extension Provider. // that does communication via HTTP. type MeshConfig_ExtensionProvider_HttpService struct { @@ -4229,7 +4318,7 @@ type MeshConfig_ExtensionProvider_HttpService struct { func (x *MeshConfig_ExtensionProvider_HttpService) Reset() { *x = MeshConfig_ExtensionProvider_HttpService{} - mi := &file_mesh_v1alpha1_config_proto_msgTypes[31] + mi := &file_mesh_v1alpha1_config_proto_msgTypes[32] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -4241,7 +4330,7 @@ func (x *MeshConfig_ExtensionProvider_HttpService) String() string { func (*MeshConfig_ExtensionProvider_HttpService) ProtoMessage() {} func (x *MeshConfig_ExtensionProvider_HttpService) ProtoReflect() protoreflect.Message { - mi := &file_mesh_v1alpha1_config_proto_msgTypes[31] + mi := &file_mesh_v1alpha1_config_proto_msgTypes[32] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -4254,7 +4343,7 @@ func (x *MeshConfig_ExtensionProvider_HttpService) ProtoReflect() protoreflect.M // Deprecated: Use MeshConfig_ExtensionProvider_HttpService.ProtoReflect.Descriptor instead. func (*MeshConfig_ExtensionProvider_HttpService) Descriptor() ([]byte, []int) { - return file_mesh_v1alpha1_config_proto_rawDescGZIP(), []int{0, 6, 15} + return file_mesh_v1alpha1_config_proto_rawDescGZIP(), []int{0, 6, 16} } func (x *MeshConfig_ExtensionProvider_HttpService) GetPath() string { @@ -4295,7 +4384,7 @@ type MeshConfig_ExtensionProvider_HttpHeader struct { func (x *MeshConfig_ExtensionProvider_HttpHeader) Reset() { *x = MeshConfig_ExtensionProvider_HttpHeader{} - mi := &file_mesh_v1alpha1_config_proto_msgTypes[32] + mi := &file_mesh_v1alpha1_config_proto_msgTypes[33] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -4307,7 +4396,7 @@ func (x *MeshConfig_ExtensionProvider_HttpHeader) String() string { func (*MeshConfig_ExtensionProvider_HttpHeader) ProtoMessage() {} func (x *MeshConfig_ExtensionProvider_HttpHeader) ProtoReflect() protoreflect.Message { - mi := &file_mesh_v1alpha1_config_proto_msgTypes[32] + mi := &file_mesh_v1alpha1_config_proto_msgTypes[33] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -4320,7 +4409,7 @@ func (x *MeshConfig_ExtensionProvider_HttpHeader) ProtoReflect() protoreflect.Me // Deprecated: Use MeshConfig_ExtensionProvider_HttpHeader.ProtoReflect.Descriptor instead. func (*MeshConfig_ExtensionProvider_HttpHeader) Descriptor() ([]byte, []int) { - return file_mesh_v1alpha1_config_proto_rawDescGZIP(), []int{0, 6, 16} + return file_mesh_v1alpha1_config_proto_rawDescGZIP(), []int{0, 6, 17} } func (x *MeshConfig_ExtensionProvider_HttpHeader) GetName() string { @@ -4389,7 +4478,7 @@ type MeshConfig_ExtensionProvider_ResourceDetectors struct { func (x *MeshConfig_ExtensionProvider_ResourceDetectors) Reset() { *x = MeshConfig_ExtensionProvider_ResourceDetectors{} - mi := &file_mesh_v1alpha1_config_proto_msgTypes[33] + mi := &file_mesh_v1alpha1_config_proto_msgTypes[34] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -4401,7 +4490,7 @@ func (x *MeshConfig_ExtensionProvider_ResourceDetectors) String() string { func (*MeshConfig_ExtensionProvider_ResourceDetectors) ProtoMessage() {} func (x *MeshConfig_ExtensionProvider_ResourceDetectors) ProtoReflect() protoreflect.Message { - mi := &file_mesh_v1alpha1_config_proto_msgTypes[33] + mi := &file_mesh_v1alpha1_config_proto_msgTypes[34] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -4414,7 +4503,7 @@ func (x *MeshConfig_ExtensionProvider_ResourceDetectors) ProtoReflect() protoref // Deprecated: Use MeshConfig_ExtensionProvider_ResourceDetectors.ProtoReflect.Descriptor instead. func (*MeshConfig_ExtensionProvider_ResourceDetectors) Descriptor() ([]byte, []int) { - return file_mesh_v1alpha1_config_proto_rawDescGZIP(), []int{0, 6, 17} + return file_mesh_v1alpha1_config_proto_rawDescGZIP(), []int{0, 6, 18} } func (x *MeshConfig_ExtensionProvider_ResourceDetectors) GetEnvironment() *MeshConfig_ExtensionProvider_ResourceDetectors_EnvironmentResourceDetector { @@ -4447,7 +4536,7 @@ type MeshConfig_ExtensionProvider_GrpcService struct { func (x *MeshConfig_ExtensionProvider_GrpcService) Reset() { *x = MeshConfig_ExtensionProvider_GrpcService{} - mi := &file_mesh_v1alpha1_config_proto_msgTypes[34] + mi := &file_mesh_v1alpha1_config_proto_msgTypes[35] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -4459,7 +4548,7 @@ func (x *MeshConfig_ExtensionProvider_GrpcService) String() string { func (*MeshConfig_ExtensionProvider_GrpcService) ProtoMessage() {} func (x *MeshConfig_ExtensionProvider_GrpcService) ProtoReflect() protoreflect.Message { - mi := &file_mesh_v1alpha1_config_proto_msgTypes[34] + mi := &file_mesh_v1alpha1_config_proto_msgTypes[35] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -4472,7 +4561,7 @@ func (x *MeshConfig_ExtensionProvider_GrpcService) ProtoReflect() protoreflect.M // Deprecated: Use MeshConfig_ExtensionProvider_GrpcService.ProtoReflect.Descriptor instead. func (*MeshConfig_ExtensionProvider_GrpcService) Descriptor() ([]byte, []int) { - return file_mesh_v1alpha1_config_proto_rawDescGZIP(), []int{0, 6, 18} + return file_mesh_v1alpha1_config_proto_rawDescGZIP(), []int{0, 6, 19} } func (x *MeshConfig_ExtensionProvider_GrpcService) GetTimeout() *duration.Duration { @@ -4507,7 +4596,7 @@ type MeshConfig_ExtensionProvider_StackdriverProvider_Logging struct { func (x *MeshConfig_ExtensionProvider_StackdriverProvider_Logging) Reset() { *x = MeshConfig_ExtensionProvider_StackdriverProvider_Logging{} - mi := &file_mesh_v1alpha1_config_proto_msgTypes[36] + mi := &file_mesh_v1alpha1_config_proto_msgTypes[37] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -4519,7 +4608,7 @@ func (x *MeshConfig_ExtensionProvider_StackdriverProvider_Logging) String() stri func (*MeshConfig_ExtensionProvider_StackdriverProvider_Logging) ProtoMessage() {} func (x *MeshConfig_ExtensionProvider_StackdriverProvider_Logging) ProtoReflect() protoreflect.Message { - mi := &file_mesh_v1alpha1_config_proto_msgTypes[36] + mi := &file_mesh_v1alpha1_config_proto_msgTypes[37] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -4555,7 +4644,7 @@ type MeshConfig_ExtensionProvider_EnvoyFileAccessLogProvider_LogFormat struct { func (x *MeshConfig_ExtensionProvider_EnvoyFileAccessLogProvider_LogFormat) Reset() { *x = MeshConfig_ExtensionProvider_EnvoyFileAccessLogProvider_LogFormat{} - mi := &file_mesh_v1alpha1_config_proto_msgTypes[38] + mi := &file_mesh_v1alpha1_config_proto_msgTypes[39] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -4567,7 +4656,7 @@ func (x *MeshConfig_ExtensionProvider_EnvoyFileAccessLogProvider_LogFormat) Stri func (*MeshConfig_ExtensionProvider_EnvoyFileAccessLogProvider_LogFormat) ProtoMessage() {} func (x *MeshConfig_ExtensionProvider_EnvoyFileAccessLogProvider_LogFormat) ProtoReflect() protoreflect.Message { - mi := &file_mesh_v1alpha1_config_proto_msgTypes[38] + mi := &file_mesh_v1alpha1_config_proto_msgTypes[39] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -4679,7 +4768,7 @@ type MeshConfig_ExtensionProvider_EnvoyOpenTelemetryLogProvider_LogFormat struct func (x *MeshConfig_ExtensionProvider_EnvoyOpenTelemetryLogProvider_LogFormat) Reset() { *x = MeshConfig_ExtensionProvider_EnvoyOpenTelemetryLogProvider_LogFormat{} - mi := &file_mesh_v1alpha1_config_proto_msgTypes[39] + mi := &file_mesh_v1alpha1_config_proto_msgTypes[40] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -4691,7 +4780,7 @@ func (x *MeshConfig_ExtensionProvider_EnvoyOpenTelemetryLogProvider_LogFormat) S func (*MeshConfig_ExtensionProvider_EnvoyOpenTelemetryLogProvider_LogFormat) ProtoMessage() {} func (x *MeshConfig_ExtensionProvider_EnvoyOpenTelemetryLogProvider_LogFormat) ProtoReflect() protoreflect.Message { - mi := &file_mesh_v1alpha1_config_proto_msgTypes[39] + mi := &file_mesh_v1alpha1_config_proto_msgTypes[40] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -4751,7 +4840,7 @@ type MeshConfig_ExtensionProvider_OpenTelemetryTracingProvider_DynatraceSampler func (x *MeshConfig_ExtensionProvider_OpenTelemetryTracingProvider_DynatraceSampler) Reset() { *x = MeshConfig_ExtensionProvider_OpenTelemetryTracingProvider_DynatraceSampler{} - mi := &file_mesh_v1alpha1_config_proto_msgTypes[40] + mi := &file_mesh_v1alpha1_config_proto_msgTypes[41] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -4763,7 +4852,7 @@ func (x *MeshConfig_ExtensionProvider_OpenTelemetryTracingProvider_DynatraceSamp func (*MeshConfig_ExtensionProvider_OpenTelemetryTracingProvider_DynatraceSampler) ProtoMessage() {} func (x *MeshConfig_ExtensionProvider_OpenTelemetryTracingProvider_DynatraceSampler) ProtoReflect() protoreflect.Message { - mi := &file_mesh_v1alpha1_config_proto_msgTypes[40] + mi := &file_mesh_v1alpha1_config_proto_msgTypes[41] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -4825,7 +4914,7 @@ type MeshConfig_ExtensionProvider_OpenTelemetryTracingProvider_DynatraceSampler_ func (x *MeshConfig_ExtensionProvider_OpenTelemetryTracingProvider_DynatraceSampler_DynatraceApi) Reset() { *x = MeshConfig_ExtensionProvider_OpenTelemetryTracingProvider_DynatraceSampler_DynatraceApi{} - mi := &file_mesh_v1alpha1_config_proto_msgTypes[41] + mi := &file_mesh_v1alpha1_config_proto_msgTypes[42] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -4838,7 +4927,7 @@ func (*MeshConfig_ExtensionProvider_OpenTelemetryTracingProvider_DynatraceSample } func (x *MeshConfig_ExtensionProvider_OpenTelemetryTracingProvider_DynatraceSampler_DynatraceApi) ProtoReflect() protoreflect.Message { - mi := &file_mesh_v1alpha1_config_proto_msgTypes[41] + mi := &file_mesh_v1alpha1_config_proto_msgTypes[42] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -4888,7 +4977,7 @@ type MeshConfig_ExtensionProvider_ResourceDetectors_EnvironmentResourceDetector func (x *MeshConfig_ExtensionProvider_ResourceDetectors_EnvironmentResourceDetector) Reset() { *x = MeshConfig_ExtensionProvider_ResourceDetectors_EnvironmentResourceDetector{} - mi := &file_mesh_v1alpha1_config_proto_msgTypes[42] + mi := &file_mesh_v1alpha1_config_proto_msgTypes[43] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -4900,7 +4989,7 @@ func (x *MeshConfig_ExtensionProvider_ResourceDetectors_EnvironmentResourceDetec func (*MeshConfig_ExtensionProvider_ResourceDetectors_EnvironmentResourceDetector) ProtoMessage() {} func (x *MeshConfig_ExtensionProvider_ResourceDetectors_EnvironmentResourceDetector) ProtoReflect() protoreflect.Message { - mi := &file_mesh_v1alpha1_config_proto_msgTypes[42] + mi := &file_mesh_v1alpha1_config_proto_msgTypes[43] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -4913,7 +5002,7 @@ func (x *MeshConfig_ExtensionProvider_ResourceDetectors_EnvironmentResourceDetec // Deprecated: Use MeshConfig_ExtensionProvider_ResourceDetectors_EnvironmentResourceDetector.ProtoReflect.Descriptor instead. func (*MeshConfig_ExtensionProvider_ResourceDetectors_EnvironmentResourceDetector) Descriptor() ([]byte, []int) { - return file_mesh_v1alpha1_config_proto_rawDescGZIP(), []int{0, 6, 17, 0} + return file_mesh_v1alpha1_config_proto_rawDescGZIP(), []int{0, 6, 18, 0} } // Dynatrace Resource Detector. @@ -4929,7 +5018,7 @@ type MeshConfig_ExtensionProvider_ResourceDetectors_DynatraceResourceDetector st func (x *MeshConfig_ExtensionProvider_ResourceDetectors_DynatraceResourceDetector) Reset() { *x = MeshConfig_ExtensionProvider_ResourceDetectors_DynatraceResourceDetector{} - mi := &file_mesh_v1alpha1_config_proto_msgTypes[43] + mi := &file_mesh_v1alpha1_config_proto_msgTypes[44] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -4941,7 +5030,7 @@ func (x *MeshConfig_ExtensionProvider_ResourceDetectors_DynatraceResourceDetecto func (*MeshConfig_ExtensionProvider_ResourceDetectors_DynatraceResourceDetector) ProtoMessage() {} func (x *MeshConfig_ExtensionProvider_ResourceDetectors_DynatraceResourceDetector) ProtoReflect() protoreflect.Message { - mi := &file_mesh_v1alpha1_config_proto_msgTypes[43] + mi := &file_mesh_v1alpha1_config_proto_msgTypes[44] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -4954,14 +5043,14 @@ func (x *MeshConfig_ExtensionProvider_ResourceDetectors_DynatraceResourceDetecto // Deprecated: Use MeshConfig_ExtensionProvider_ResourceDetectors_DynatraceResourceDetector.ProtoReflect.Descriptor instead. func (*MeshConfig_ExtensionProvider_ResourceDetectors_DynatraceResourceDetector) Descriptor() ([]byte, []int) { - return file_mesh_v1alpha1_config_proto_rawDescGZIP(), []int{0, 6, 17, 1} + return file_mesh_v1alpha1_config_proto_rawDescGZIP(), []int{0, 6, 18, 1} } var File_mesh_v1alpha1_config_proto protoreflect.FileDescriptor const file_mesh_v1alpha1_config_proto_rawDesc = "" + "\n" + - "\x1amesh/v1alpha1/config.proto\x12\x13istio.mesh.v1alpha1\x1a\x1egoogle/protobuf/duration.proto\x1a\x1cgoogle/protobuf/struct.proto\x1a\x1egoogle/protobuf/wrappers.proto\x1a\x19mesh/v1alpha1/proxy.proto\x1a*networking/v1alpha3/destination_rule.proto\x1a)networking/v1alpha3/virtual_service.proto\"\x81l\n" + + "\x1amesh/v1alpha1/config.proto\x12\x13istio.mesh.v1alpha1\x1a\x1egoogle/protobuf/duration.proto\x1a\x1cgoogle/protobuf/struct.proto\x1a\x1egoogle/protobuf/wrappers.proto\x1a\x19mesh/v1alpha1/proxy.proto\x1a*networking/v1alpha3/destination_rule.proto\x1a)networking/v1alpha3/virtual_service.proto\"\xa5m\n" + "\n" + "MeshConfig\x12*\n" + "\x11proxy_listen_port\x18\x04 \x01(\x05R\x0fproxyListenPort\x129\n" + @@ -5044,7 +5133,7 @@ const file_mesh_v1alpha1_config_proto_rawDesc = "" + "\ftls_settings\x18\x02 \x01(\v2,.istio.networking.v1alpha3.ClientTLSSettingsR\vtlsSettings\x12B\n" + "\x0frequest_timeout\x18\x03 \x01(\v2\x19.google.protobuf.DurationR\x0erequestTimeout\x12\x1f\n" + "\vistiod_side\x18\x04 \x01(\bR\n" + - "istiodSide\x1a\xcc=\n" + + "istiodSide\x1a\xf0>\n" + "\x11ExtensionProvider\x12\x12\n" + "\x04name\x18\x01 \x01(\tR\x04name\x12\x8b\x01\n" + "\x14envoy_ext_authz_http\x18\x02 \x01(\v2X.istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationHttpProviderH\x00R\x11envoyExtAuthzHttp\x12\x8b\x01\n" + @@ -5067,7 +5156,8 @@ const file_mesh_v1alpha1_config_proto_rawDesc = "" + "\x15envoy_file_access_log\x18\v \x01(\v2L.istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyFileAccessLogProviderH\x00R\x12envoyFileAccessLog\x12t\n" + "\x0eenvoy_http_als\x18\f \x01(\v2L.istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyHttpGrpcV3LogProviderH\x00R\fenvoyHttpAls\x12q\n" + "\renvoy_tcp_als\x18\r \x01(\v2K.istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyTcpGrpcV3LogProviderH\x00R\venvoyTcpAls\x12w\n" + - "\x0eenvoy_otel_als\x18\x0e \x01(\v2O.istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyOpenTelemetryLogProviderH\x00R\fenvoyOtelAls\x1a\xab\x01\n" + + "\x0eenvoy_otel_als\x18\x0e \x01(\v2O.istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyOpenTelemetryLogProviderH\x00R\fenvoyOtelAls\x12Q\n" + + "\x03sds\x18\x10 \x01(\v2=.istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.SDSProviderH\x00R\x03sds\x1a\xab\x01\n" + "%EnvoyExternalAuthorizationRequestBody\x12*\n" + "\x11max_request_bytes\x18\x01 \x01(\rR\x0fmaxRequestBytes\x122\n" + "\x15allow_partial_message\x18\x02 \x01(\bR\x13allowPartialMessage\x12\"\n" + @@ -5194,7 +5284,11 @@ const file_mesh_v1alpha1_config_proto_rawDesc = "" + "\x04port\x18\x02 \x01(\rR\x04port\x12Q\n" + "\x04http\x18\x03 \x01(\v2=.istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.HttpServiceR\x04httpB\n" + "\n" + - "\bsampling\x1a\xae\x01\n" + + "\bsampling\x1aO\n" + + "\vSDSProvider\x12\x12\n" + + "\x04name\x18\x01 \x01(\tR\x04name\x12\x18\n" + + "\aservice\x18\x02 \x01(\tR\aservice\x12\x12\n" + + "\x04port\x18\x03 \x01(\rR\x04port\x1a\xae\x01\n" + "\vHttpService\x12\x12\n" + "\x04path\x18\x01 \x01(\tR\x04path\x123\n" + "\atimeout\x18\x02 \x01(\v2\x19.google.protobuf.DurationR\atimeout\x12V\n" + @@ -5288,7 +5382,7 @@ func file_mesh_v1alpha1_config_proto_rawDescGZIP() []byte { } var file_mesh_v1alpha1_config_proto_enumTypes = make([]protoimpl.EnumInfo, 11) -var file_mesh_v1alpha1_config_proto_msgTypes = make([]protoimpl.MessageInfo, 45) +var file_mesh_v1alpha1_config_proto_msgTypes = make([]protoimpl.MessageInfo, 46) var file_mesh_v1alpha1_config_proto_goTypes = []any{ (Resource)(0), // 0: istio.mesh.v1alpha1.Resource (MeshConfig_IngressControllerMode)(0), // 1: istio.mesh.v1alpha1.MeshConfig.IngressControllerMode @@ -5332,61 +5426,62 @@ var file_mesh_v1alpha1_config_proto_goTypes = []any{ (*MeshConfig_ExtensionProvider_EnvoyTcpGrpcV3LogProvider)(nil), // 39: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyTcpGrpcV3LogProvider (*MeshConfig_ExtensionProvider_EnvoyOpenTelemetryLogProvider)(nil), // 40: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyOpenTelemetryLogProvider (*MeshConfig_ExtensionProvider_OpenTelemetryTracingProvider)(nil), // 41: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenTelemetryTracingProvider - (*MeshConfig_ExtensionProvider_HttpService)(nil), // 42: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.HttpService - (*MeshConfig_ExtensionProvider_HttpHeader)(nil), // 43: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.HttpHeader - (*MeshConfig_ExtensionProvider_ResourceDetectors)(nil), // 44: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.ResourceDetectors - (*MeshConfig_ExtensionProvider_GrpcService)(nil), // 45: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.GrpcService - nil, // 46: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationHttpProvider.IncludeAdditionalHeadersInCheckEntry - (*MeshConfig_ExtensionProvider_StackdriverProvider_Logging)(nil), // 47: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.StackdriverProvider.Logging - nil, // 48: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.StackdriverProvider.Logging.LabelsEntry - (*MeshConfig_ExtensionProvider_EnvoyFileAccessLogProvider_LogFormat)(nil), // 49: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyFileAccessLogProvider.LogFormat - (*MeshConfig_ExtensionProvider_EnvoyOpenTelemetryLogProvider_LogFormat)(nil), // 50: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyOpenTelemetryLogProvider.LogFormat - (*MeshConfig_ExtensionProvider_OpenTelemetryTracingProvider_DynatraceSampler)(nil), // 51: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenTelemetryTracingProvider.DynatraceSampler - (*MeshConfig_ExtensionProvider_OpenTelemetryTracingProvider_DynatraceSampler_DynatraceApi)(nil), // 52: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenTelemetryTracingProvider.DynatraceSampler.DynatraceApi - (*MeshConfig_ExtensionProvider_ResourceDetectors_EnvironmentResourceDetector)(nil), // 53: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.ResourceDetectors.EnvironmentResourceDetector - (*MeshConfig_ExtensionProvider_ResourceDetectors_DynatraceResourceDetector)(nil), // 54: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.ResourceDetectors.DynatraceResourceDetector - nil, // 55: istio.mesh.v1alpha1.LabelSelector.MatchLabelsEntry - (*duration.Duration)(nil), // 56: google.protobuf.Duration - (*v1alpha3.ConnectionPoolSettings_TCPSettings_TcpKeepalive)(nil), // 57: istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.TcpKeepalive - (*ProxyConfig)(nil), // 58: istio.mesh.v1alpha1.ProxyConfig - (*wrappers.BoolValue)(nil), // 59: google.protobuf.BoolValue - (*v1alpha3.LocalityLoadBalancerSetting)(nil), // 60: istio.networking.v1alpha3.LocalityLoadBalancerSetting - (*v1alpha3.HTTPRetry)(nil), // 61: istio.networking.v1alpha3.HTTPRetry - (*v1alpha3.ClientTLSSettings)(nil), // 62: istio.networking.v1alpha3.ClientTLSSettings - (*wrappers.Int64Value)(nil), // 63: google.protobuf.Int64Value - (*_struct.Struct)(nil), // 64: google.protobuf.Struct + (*MeshConfig_ExtensionProvider_SDSProvider)(nil), // 42: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.SDSProvider + (*MeshConfig_ExtensionProvider_HttpService)(nil), // 43: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.HttpService + (*MeshConfig_ExtensionProvider_HttpHeader)(nil), // 44: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.HttpHeader + (*MeshConfig_ExtensionProvider_ResourceDetectors)(nil), // 45: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.ResourceDetectors + (*MeshConfig_ExtensionProvider_GrpcService)(nil), // 46: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.GrpcService + nil, // 47: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationHttpProvider.IncludeAdditionalHeadersInCheckEntry + (*MeshConfig_ExtensionProvider_StackdriverProvider_Logging)(nil), // 48: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.StackdriverProvider.Logging + nil, // 49: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.StackdriverProvider.Logging.LabelsEntry + (*MeshConfig_ExtensionProvider_EnvoyFileAccessLogProvider_LogFormat)(nil), // 50: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyFileAccessLogProvider.LogFormat + (*MeshConfig_ExtensionProvider_EnvoyOpenTelemetryLogProvider_LogFormat)(nil), // 51: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyOpenTelemetryLogProvider.LogFormat + (*MeshConfig_ExtensionProvider_OpenTelemetryTracingProvider_DynatraceSampler)(nil), // 52: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenTelemetryTracingProvider.DynatraceSampler + (*MeshConfig_ExtensionProvider_OpenTelemetryTracingProvider_DynatraceSampler_DynatraceApi)(nil), // 53: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenTelemetryTracingProvider.DynatraceSampler.DynatraceApi + (*MeshConfig_ExtensionProvider_ResourceDetectors_EnvironmentResourceDetector)(nil), // 54: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.ResourceDetectors.EnvironmentResourceDetector + (*MeshConfig_ExtensionProvider_ResourceDetectors_DynatraceResourceDetector)(nil), // 55: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.ResourceDetectors.DynatraceResourceDetector + nil, // 56: istio.mesh.v1alpha1.LabelSelector.MatchLabelsEntry + (*duration.Duration)(nil), // 57: google.protobuf.Duration + (*v1alpha3.ConnectionPoolSettings_TCPSettings_TcpKeepalive)(nil), // 58: istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.TcpKeepalive + (*ProxyConfig)(nil), // 59: istio.mesh.v1alpha1.ProxyConfig + (*wrappers.BoolValue)(nil), // 60: google.protobuf.BoolValue + (*v1alpha3.LocalityLoadBalancerSetting)(nil), // 61: istio.networking.v1alpha3.LocalityLoadBalancerSetting + (*v1alpha3.HTTPRetry)(nil), // 62: istio.networking.v1alpha3.HTTPRetry + (*v1alpha3.ClientTLSSettings)(nil), // 63: istio.networking.v1alpha3.ClientTLSSettings + (*wrappers.Int64Value)(nil), // 64: google.protobuf.Int64Value + (*_struct.Struct)(nil), // 65: google.protobuf.Struct } var file_mesh_v1alpha1_config_proto_depIdxs = []int32{ - 56, // 0: istio.mesh.v1alpha1.MeshConfig.connect_timeout:type_name -> google.protobuf.Duration - 56, // 1: istio.mesh.v1alpha1.MeshConfig.protocol_detection_timeout:type_name -> google.protobuf.Duration - 57, // 2: istio.mesh.v1alpha1.MeshConfig.tcp_keepalive:type_name -> istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.TcpKeepalive + 57, // 0: istio.mesh.v1alpha1.MeshConfig.connect_timeout:type_name -> google.protobuf.Duration + 57, // 1: istio.mesh.v1alpha1.MeshConfig.protocol_detection_timeout:type_name -> google.protobuf.Duration + 58, // 2: istio.mesh.v1alpha1.MeshConfig.tcp_keepalive:type_name -> istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.TcpKeepalive 1, // 3: istio.mesh.v1alpha1.MeshConfig.ingress_controller_mode:type_name -> istio.mesh.v1alpha1.MeshConfig.IngressControllerMode 3, // 4: istio.mesh.v1alpha1.MeshConfig.access_log_encoding:type_name -> istio.mesh.v1alpha1.MeshConfig.AccessLogEncoding - 58, // 5: istio.mesh.v1alpha1.MeshConfig.default_config:type_name -> istio.mesh.v1alpha1.ProxyConfig + 59, // 5: istio.mesh.v1alpha1.MeshConfig.default_config:type_name -> istio.mesh.v1alpha1.ProxyConfig 16, // 6: istio.mesh.v1alpha1.MeshConfig.outbound_traffic_policy:type_name -> istio.mesh.v1alpha1.MeshConfig.OutboundTrafficPolicy 17, // 7: istio.mesh.v1alpha1.MeshConfig.inbound_traffic_policy:type_name -> istio.mesh.v1alpha1.MeshConfig.InboundTrafficPolicy 14, // 8: istio.mesh.v1alpha1.MeshConfig.config_sources:type_name -> istio.mesh.v1alpha1.ConfigSource - 59, // 9: istio.mesh.v1alpha1.MeshConfig.enable_auto_mtls:type_name -> google.protobuf.BoolValue + 60, // 9: istio.mesh.v1alpha1.MeshConfig.enable_auto_mtls:type_name -> google.protobuf.BoolValue 18, // 10: istio.mesh.v1alpha1.MeshConfig.ca_certificates:type_name -> istio.mesh.v1alpha1.MeshConfig.CertificateData - 60, // 11: istio.mesh.v1alpha1.MeshConfig.locality_lb_setting:type_name -> istio.networking.v1alpha3.LocalityLoadBalancerSetting - 56, // 12: istio.mesh.v1alpha1.MeshConfig.dns_refresh_rate:type_name -> google.protobuf.Duration + 61, // 11: istio.mesh.v1alpha1.MeshConfig.locality_lb_setting:type_name -> istio.networking.v1alpha3.LocalityLoadBalancerSetting + 57, // 12: istio.mesh.v1alpha1.MeshConfig.dns_refresh_rate:type_name -> google.protobuf.Duration 4, // 13: istio.mesh.v1alpha1.MeshConfig.h2_upgrade_policy:type_name -> istio.mesh.v1alpha1.MeshConfig.H2UpgradePolicy 15, // 14: istio.mesh.v1alpha1.MeshConfig.certificates:type_name -> istio.mesh.v1alpha1.Certificate 19, // 15: istio.mesh.v1alpha1.MeshConfig.service_settings:type_name -> istio.mesh.v1alpha1.MeshConfig.ServiceSettings 20, // 16: istio.mesh.v1alpha1.MeshConfig.service_scope_configs:type_name -> istio.mesh.v1alpha1.MeshConfig.ServiceScopeConfigs - 59, // 17: istio.mesh.v1alpha1.MeshConfig.enable_prometheus_merge:type_name -> google.protobuf.BoolValue - 59, // 18: istio.mesh.v1alpha1.MeshConfig.verify_certificate_at_client:type_name -> google.protobuf.BoolValue + 60, // 17: istio.mesh.v1alpha1.MeshConfig.enable_prometheus_merge:type_name -> google.protobuf.BoolValue + 60, // 18: istio.mesh.v1alpha1.MeshConfig.verify_certificate_at_client:type_name -> google.protobuf.BoolValue 21, // 19: istio.mesh.v1alpha1.MeshConfig.ca:type_name -> istio.mesh.v1alpha1.MeshConfig.CA 22, // 20: istio.mesh.v1alpha1.MeshConfig.extension_providers:type_name -> istio.mesh.v1alpha1.MeshConfig.ExtensionProvider 23, // 21: istio.mesh.v1alpha1.MeshConfig.default_providers:type_name -> istio.mesh.v1alpha1.MeshConfig.DefaultProviders 12, // 22: istio.mesh.v1alpha1.MeshConfig.discovery_selectors:type_name -> istio.mesh.v1alpha1.LabelSelector 24, // 23: istio.mesh.v1alpha1.MeshConfig.path_normalization:type_name -> istio.mesh.v1alpha1.MeshConfig.ProxyPathNormalization - 61, // 24: istio.mesh.v1alpha1.MeshConfig.default_http_retry_policy:type_name -> istio.networking.v1alpha3.HTTPRetry + 62, // 24: istio.mesh.v1alpha1.MeshConfig.default_http_retry_policy:type_name -> istio.networking.v1alpha3.HTTPRetry 25, // 25: istio.mesh.v1alpha1.MeshConfig.mesh_mTLS:type_name -> istio.mesh.v1alpha1.MeshConfig.TLSConfig 25, // 26: istio.mesh.v1alpha1.MeshConfig.tls_defaults:type_name -> istio.mesh.v1alpha1.MeshConfig.TLSConfig - 55, // 27: istio.mesh.v1alpha1.LabelSelector.matchLabels:type_name -> istio.mesh.v1alpha1.LabelSelector.MatchLabelsEntry + 56, // 27: istio.mesh.v1alpha1.LabelSelector.matchLabels:type_name -> istio.mesh.v1alpha1.LabelSelector.MatchLabelsEntry 13, // 28: istio.mesh.v1alpha1.LabelSelector.matchExpressions:type_name -> istio.mesh.v1alpha1.LabelSelectorRequirement - 62, // 29: istio.mesh.v1alpha1.ConfigSource.tls_settings:type_name -> istio.networking.v1alpha3.ClientTLSSettings + 63, // 29: istio.mesh.v1alpha1.ConfigSource.tls_settings:type_name -> istio.networking.v1alpha3.ClientTLSSettings 0, // 30: istio.mesh.v1alpha1.ConfigSource.subscribed_resources:type_name -> istio.mesh.v1alpha1.Resource 5, // 31: istio.mesh.v1alpha1.MeshConfig.OutboundTrafficPolicy.mode:type_name -> istio.mesh.v1alpha1.MeshConfig.OutboundTrafficPolicy.Mode 6, // 32: istio.mesh.v1alpha1.MeshConfig.InboundTrafficPolicy.mode:type_name -> istio.mesh.v1alpha1.MeshConfig.InboundTrafficPolicy.Mode @@ -5394,8 +5489,8 @@ var file_mesh_v1alpha1_config_proto_depIdxs = []int32{ 12, // 34: istio.mesh.v1alpha1.MeshConfig.ServiceScopeConfigs.namespace_selector:type_name -> istio.mesh.v1alpha1.LabelSelector 12, // 35: istio.mesh.v1alpha1.MeshConfig.ServiceScopeConfigs.services_selector:type_name -> istio.mesh.v1alpha1.LabelSelector 7, // 36: istio.mesh.v1alpha1.MeshConfig.ServiceScopeConfigs.scope:type_name -> istio.mesh.v1alpha1.MeshConfig.ServiceScopeConfigs.Scope - 62, // 37: istio.mesh.v1alpha1.MeshConfig.CA.tls_settings:type_name -> istio.networking.v1alpha3.ClientTLSSettings - 56, // 38: istio.mesh.v1alpha1.MeshConfig.CA.request_timeout:type_name -> google.protobuf.Duration + 63, // 37: istio.mesh.v1alpha1.MeshConfig.CA.tls_settings:type_name -> istio.networking.v1alpha3.ClientTLSSettings + 57, // 38: istio.mesh.v1alpha1.MeshConfig.CA.request_timeout:type_name -> google.protobuf.Duration 28, // 39: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.envoy_ext_authz_http:type_name -> istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationHttpProvider 29, // 40: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.envoy_ext_authz_grpc:type_name -> istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationGrpcProvider 30, // 41: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.zipkin:type_name -> istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.ZipkinTracingProvider @@ -5410,40 +5505,41 @@ var file_mesh_v1alpha1_config_proto_depIdxs = []int32{ 38, // 50: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.envoy_http_als:type_name -> istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyHttpGrpcV3LogProvider 39, // 51: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.envoy_tcp_als:type_name -> istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyTcpGrpcV3LogProvider 40, // 52: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.envoy_otel_als:type_name -> istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyOpenTelemetryLogProvider - 9, // 53: istio.mesh.v1alpha1.MeshConfig.ProxyPathNormalization.normalization:type_name -> istio.mesh.v1alpha1.MeshConfig.ProxyPathNormalization.NormalizationType - 10, // 54: istio.mesh.v1alpha1.MeshConfig.TLSConfig.min_protocol_version:type_name -> istio.mesh.v1alpha1.MeshConfig.TLSConfig.TLSProtocol - 56, // 55: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationHttpProvider.timeout:type_name -> google.protobuf.Duration - 46, // 56: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationHttpProvider.include_additional_headers_in_check:type_name -> istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationHttpProvider.IncludeAdditionalHeadersInCheckEntry - 27, // 57: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationHttpProvider.include_request_body_in_check:type_name -> istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationRequestBody - 56, // 58: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationGrpcProvider.timeout:type_name -> google.protobuf.Duration - 27, // 59: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationGrpcProvider.include_request_body_in_check:type_name -> istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationRequestBody - 63, // 60: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.StackdriverProvider.max_number_of_attributes:type_name -> google.protobuf.Int64Value - 63, // 61: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.StackdriverProvider.max_number_of_annotations:type_name -> google.protobuf.Int64Value - 63, // 62: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.StackdriverProvider.max_number_of_message_events:type_name -> google.protobuf.Int64Value - 47, // 63: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.StackdriverProvider.logging:type_name -> istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.StackdriverProvider.Logging - 8, // 64: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenCensusAgentTracingProvider.context:type_name -> istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenCensusAgentTracingProvider.TraceContext - 49, // 65: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyFileAccessLogProvider.log_format:type_name -> istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyFileAccessLogProvider.LogFormat - 50, // 66: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyOpenTelemetryLogProvider.log_format:type_name -> istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyOpenTelemetryLogProvider.LogFormat - 42, // 67: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenTelemetryTracingProvider.http:type_name -> istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.HttpService - 45, // 68: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenTelemetryTracingProvider.grpc:type_name -> istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.GrpcService - 44, // 69: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenTelemetryTracingProvider.resource_detectors:type_name -> istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.ResourceDetectors - 51, // 70: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenTelemetryTracingProvider.dynatrace_sampler:type_name -> istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenTelemetryTracingProvider.DynatraceSampler - 56, // 71: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.HttpService.timeout:type_name -> google.protobuf.Duration - 43, // 72: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.HttpService.headers:type_name -> istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.HttpHeader - 53, // 73: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.ResourceDetectors.environment:type_name -> istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.ResourceDetectors.EnvironmentResourceDetector - 54, // 74: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.ResourceDetectors.dynatrace:type_name -> istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.ResourceDetectors.DynatraceResourceDetector - 56, // 75: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.GrpcService.timeout:type_name -> google.protobuf.Duration - 43, // 76: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.GrpcService.initial_metadata:type_name -> istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.HttpHeader - 48, // 77: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.StackdriverProvider.Logging.labels:type_name -> istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.StackdriverProvider.Logging.LabelsEntry - 64, // 78: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyFileAccessLogProvider.LogFormat.labels:type_name -> google.protobuf.Struct - 64, // 79: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyOpenTelemetryLogProvider.LogFormat.labels:type_name -> google.protobuf.Struct - 52, // 80: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenTelemetryTracingProvider.DynatraceSampler.http_service:type_name -> istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenTelemetryTracingProvider.DynatraceSampler.DynatraceApi - 42, // 81: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenTelemetryTracingProvider.DynatraceSampler.DynatraceApi.http:type_name -> istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.HttpService - 82, // [82:82] is the sub-list for method output_type - 82, // [82:82] is the sub-list for method input_type - 82, // [82:82] is the sub-list for extension type_name - 82, // [82:82] is the sub-list for extension extendee - 0, // [0:82] is the sub-list for field type_name + 42, // 53: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.sds:type_name -> istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.SDSProvider + 9, // 54: istio.mesh.v1alpha1.MeshConfig.ProxyPathNormalization.normalization:type_name -> istio.mesh.v1alpha1.MeshConfig.ProxyPathNormalization.NormalizationType + 10, // 55: istio.mesh.v1alpha1.MeshConfig.TLSConfig.min_protocol_version:type_name -> istio.mesh.v1alpha1.MeshConfig.TLSConfig.TLSProtocol + 57, // 56: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationHttpProvider.timeout:type_name -> google.protobuf.Duration + 47, // 57: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationHttpProvider.include_additional_headers_in_check:type_name -> istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationHttpProvider.IncludeAdditionalHeadersInCheckEntry + 27, // 58: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationHttpProvider.include_request_body_in_check:type_name -> istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationRequestBody + 57, // 59: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationGrpcProvider.timeout:type_name -> google.protobuf.Duration + 27, // 60: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationGrpcProvider.include_request_body_in_check:type_name -> istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyExternalAuthorizationRequestBody + 64, // 61: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.StackdriverProvider.max_number_of_attributes:type_name -> google.protobuf.Int64Value + 64, // 62: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.StackdriverProvider.max_number_of_annotations:type_name -> google.protobuf.Int64Value + 64, // 63: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.StackdriverProvider.max_number_of_message_events:type_name -> google.protobuf.Int64Value + 48, // 64: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.StackdriverProvider.logging:type_name -> istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.StackdriverProvider.Logging + 8, // 65: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenCensusAgentTracingProvider.context:type_name -> istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenCensusAgentTracingProvider.TraceContext + 50, // 66: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyFileAccessLogProvider.log_format:type_name -> istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyFileAccessLogProvider.LogFormat + 51, // 67: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyOpenTelemetryLogProvider.log_format:type_name -> istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyOpenTelemetryLogProvider.LogFormat + 43, // 68: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenTelemetryTracingProvider.http:type_name -> istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.HttpService + 46, // 69: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenTelemetryTracingProvider.grpc:type_name -> istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.GrpcService + 45, // 70: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenTelemetryTracingProvider.resource_detectors:type_name -> istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.ResourceDetectors + 52, // 71: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenTelemetryTracingProvider.dynatrace_sampler:type_name -> istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenTelemetryTracingProvider.DynatraceSampler + 57, // 72: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.HttpService.timeout:type_name -> google.protobuf.Duration + 44, // 73: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.HttpService.headers:type_name -> istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.HttpHeader + 54, // 74: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.ResourceDetectors.environment:type_name -> istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.ResourceDetectors.EnvironmentResourceDetector + 55, // 75: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.ResourceDetectors.dynatrace:type_name -> istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.ResourceDetectors.DynatraceResourceDetector + 57, // 76: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.GrpcService.timeout:type_name -> google.protobuf.Duration + 44, // 77: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.GrpcService.initial_metadata:type_name -> istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.HttpHeader + 49, // 78: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.StackdriverProvider.Logging.labels:type_name -> istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.StackdriverProvider.Logging.LabelsEntry + 65, // 79: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyFileAccessLogProvider.LogFormat.labels:type_name -> google.protobuf.Struct + 65, // 80: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.EnvoyOpenTelemetryLogProvider.LogFormat.labels:type_name -> google.protobuf.Struct + 53, // 81: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenTelemetryTracingProvider.DynatraceSampler.http_service:type_name -> istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenTelemetryTracingProvider.DynatraceSampler.DynatraceApi + 43, // 82: istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.OpenTelemetryTracingProvider.DynatraceSampler.DynatraceApi.http:type_name -> istio.mesh.v1alpha1.MeshConfig.ExtensionProvider.HttpService + 83, // [83:83] is the sub-list for method output_type + 83, // [83:83] is the sub-list for method input_type + 83, // [83:83] is the sub-list for extension type_name + 83, // [83:83] is the sub-list for extension extendee + 0, // [0:83] is the sub-list for field type_name } func init() { file_mesh_v1alpha1_config_proto_init() } @@ -5471,15 +5567,16 @@ func file_mesh_v1alpha1_config_proto_init() { (*MeshConfig_ExtensionProvider_EnvoyHttpAls)(nil), (*MeshConfig_ExtensionProvider_EnvoyTcpAls)(nil), (*MeshConfig_ExtensionProvider_EnvoyOtelAls)(nil), + (*MeshConfig_ExtensionProvider_Sds)(nil), } file_mesh_v1alpha1_config_proto_msgTypes[30].OneofWrappers = []any{ (*MeshConfig_ExtensionProvider_OpenTelemetryTracingProvider_DynatraceSampler_)(nil), } - file_mesh_v1alpha1_config_proto_msgTypes[32].OneofWrappers = []any{ + file_mesh_v1alpha1_config_proto_msgTypes[33].OneofWrappers = []any{ (*MeshConfig_ExtensionProvider_HttpHeader_Value)(nil), (*MeshConfig_ExtensionProvider_HttpHeader_EnvName)(nil), } - file_mesh_v1alpha1_config_proto_msgTypes[38].OneofWrappers = []any{ + file_mesh_v1alpha1_config_proto_msgTypes[39].OneofWrappers = []any{ (*MeshConfig_ExtensionProvider_EnvoyFileAccessLogProvider_LogFormat_Text)(nil), (*MeshConfig_ExtensionProvider_EnvoyFileAccessLogProvider_LogFormat_Labels)(nil), } @@ -5489,7 +5586,7 @@ func file_mesh_v1alpha1_config_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: unsafe.Slice(unsafe.StringData(file_mesh_v1alpha1_config_proto_rawDesc), len(file_mesh_v1alpha1_config_proto_rawDesc)), NumEnums: 11, - NumMessages: 45, + NumMessages: 46, NumExtensions: 0, NumServices: 0, }, diff --git a/mesh/v1alpha1/config.proto b/mesh/v1alpha1/config.proto index 39f931e7..227e50a3 100755 --- a/mesh/v1alpha1/config.proto +++ b/mesh/v1alpha1/config.proto @@ -604,9 +604,14 @@ message MeshConfig { EnvoyTcpGrpcV3LogProvider envoy_tcp_als = 13; // Configures an Envoy Open Telemetry Access Logging Service provider. EnvoyOpenTelemetryLogProvider envoy_otel_als = 14; + // Configures an Extension Provider for SDS. This can be used to + // configure an external SDS service to supply secrets for certain Gateways for example. + // This is useful for scenarios where the secrets are stored in an external secret store like Vault. + // The secret should be configured with sds://provider-name format. + SDSProvider sds = 16; // $hide_from_docs - // next id: 16 + // next id: 17 } message EnvoyExternalAuthorizationRequestBody { @@ -1301,6 +1306,23 @@ message MeshConfig { } } + // Defines configuration for an Gateway SDS provider. + message SDSProvider { + // REQUIRED. Specifies the name of the provider. This should be used to configure the Gateway SDS. + string name = 1; + + // REQUIRED. Specifies the service that implements the SDS service. + // The format is `[/]`. The specification of `` is required only when it is insufficient + // to unambiguously resolve a service in the service registry. The `` is a fully qualified host name of a + // service defined by the Kubernetes service or ServiceEntry. + // + // Example: "gateway-sds.foo.svc.cluster.local" or "bar/gateway-sds.example.com". + string service = 2; + + // REQUIRED. Specifies the port of the service. + uint32 port = 3; + } + // Defines configuration for an HTTP service that can be used by an Extension Provider. // that does communication via HTTP. message HttpService { diff --git a/mesh/v1alpha1/config_json.gen.go b/mesh/v1alpha1/config_json.gen.go index d8cc52e6..20a0af3f 100644 --- a/mesh/v1alpha1/config_json.gen.go +++ b/mesh/v1alpha1/config_json.gen.go @@ -325,6 +325,17 @@ func (this *MeshConfig_ExtensionProvider_OpenTelemetryTracingProvider_DynatraceS return ConfigUnmarshaler.Unmarshal(bytes.NewReader(b), this) } +// MarshalJSON is a custom marshaler for MeshConfig_ExtensionProvider_SDSProvider +func (this *MeshConfig_ExtensionProvider_SDSProvider) MarshalJSON() ([]byte, error) { + str, err := ConfigMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for MeshConfig_ExtensionProvider_SDSProvider +func (this *MeshConfig_ExtensionProvider_SDSProvider) UnmarshalJSON(b []byte) error { + return ConfigUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + // MarshalJSON is a custom marshaler for MeshConfig_ExtensionProvider_HttpService func (this *MeshConfig_ExtensionProvider_HttpService) MarshalJSON() ([]byte, error) { str, err := ConfigMarshaler.MarshalToString(this) diff --git a/mesh/v1alpha1/istio.mesh.v1alpha1.pb.html b/mesh/v1alpha1/istio.mesh.v1alpha1.pb.html index d71028f6..0149ab78 100644 --- a/mesh/v1alpha1/istio.mesh.v1alpha1.pb.html +++ b/mesh/v1alpha1/istio.mesh.v1alpha1.pb.html @@ -5,7 +5,7 @@ location: https://istio.io/docs/reference/config/istio.mesh.v1alpha1.html layout: protoc-gen-docs generator: protoc-gen-docs weight: 20 -number_of_entries: 80 +number_of_entries: 81 ---

Configuration affecting the service mesh as a whole.

@@ -1014,6 +1014,18 @@ Default: true

Configures an Envoy Open Telemetry Access Logging Service provider.

+ + + +
sds
+
SDSProvider (oneof)
+
+ +

Configures an Extension Provider for SDS. This can be used to +configure an external SDS service to supply secrets for certain Gateways for example. +This is useful for scenarios where the secrets are stored in an external secret store like Vault. +The secret should be configured with sds://provider-name format.

+ @@ -2398,6 +2410,52 @@ host name defined in the ServiceEntry.

REQUIRED. Specifies sampling configuration URI.

+ + + + + +

SDSProvider

+
+

Defines configuration for an Gateway SDS provider.

+ + + + + + + + + + + + + + + + + + + +
FieldDescription
name
+
string
+
 +

REQUIRED. Specifies the name of the provider. This should be used to configure the Gateway SDS.

+ +
service
+
string
+
 +

REQUIRED. Specifies the service that implements the SDS service. +The format is [<Namespace>/]<Hostname>. The specification of <Namespace> is required only when it is insufficient +to unambiguously resolve a service in the service registry. The <Hostname> is a fully qualified host name of a +service defined by the Kubernetes service or ServiceEntry.

+

Example: “gateway-sds.foo.svc.cluster.local” or “bar/gateway-sds.example.com”.

+ +
port
+
uint32
+
 +

REQUIRED. Specifies the port of the service.

+