We don't use the optional flag on any other Istio resource, and it
creates strange semantics in the generated code. This aligns WasmPlugin
with existing CRDs.
* Add logical to service entry resolution
* Run make gen
* Attempt to come up with a better name instead of LOGICAL
* Run make gen
* Code review comments
* Add release notes
* Update comments
* Update previous definitions
* Fix releasenotes
* Run make gen
* Fix release notes
* Fix release notes
* Introduce InsecureSkipVerify to DR
* hide VerifyCertificateAtClient in ProxyConfig to eventually be
removed.
* Add InsecureSkipVerify bool to allow users to prevent any certificate
validation on desired external host.
* Updated release-notes and depricate VerifyCertificateAtClient
* Update release-notes to specify changes and purpose for adding
InsecureSkipVerify and deprecating VerifyCertificateAtClient
* VerifyCertificateAtClient gets deprecated instead of only hidden
* Update release-notes area to security
* Make grammatical corrections
* Rebased and ran make gen
* Clarify release notes and documentation
* Improve documentation clarity
* Fix typo
* Make clarification edits
* Improve description of InsecureSkipVerify
* Correct documentation
* Add alpha Telemetry API to allow metrics customization
* rebase + update
* remove telemetryrulematch and add access logging
* refactor tag overrides and address comments
* more refactoring
* updates to match comments
* remove all_metrics from API
* add metric selector with client/server terminology
* add comment for TagOverride
* Add release note
* clean up some comments
* fix oneof name
* fix release note
* address review comments
* clarify logging enablement example
* Add initial Telemetry API definition
* fix names and comments
* Rename TracingConfig to Tracing
* Remove TelemetryProviders and consolidate to just Tracing providers
* add new extension providers to oneof
* Remove providers from telemetry API
* Add release note
* Address comments
* Add back providers, remove match, simplify Trace API
* Collapse TracingRule into Tracing and remove deprecations in ProxyConfig
* Move from address to service + port in providers
* Remove exclude_mesh_tags
* Revert to boolean control of span reporting
* Cleanup documentation
* Replace subdomain with telemetry type
* Add root configuration API.
* Updates according to the feedback.
* Small update.
* Fixes.
* Add release notes.
* Rename the message.
* Small fixes on comments.
* Small fix
https://docs.buf.build/
Buf is the successor to https://github.com/uber/prototool which we
already use for linting.
This dramatically simplifies our Makefiles, which are both extremely
complicated and have led to numerous bugs historically, such as
https://github.com/istio/api/issues/1678.
This will make changes to the generation much simpler as well. For
example, to migrate to gogo protobuf, we will just need to change `gogo`
-> `go` in one location, rather than trying to wrangle 500 lines of
Makefiles. Additionally, its quite a bit faster - the whole proto stuff
is done in <1s now.
* add destination port support for envoyfilter
Signed-off-by: zhaohuabing <huabingzhao@tencent.com>
* modify the comment of destination port
We may use destination port match in other listeners in the future.
Signed-off-by: zhaohuabing <huabingzhao@tencent.com>
* make gen
Signed-off-by: zhaohuabing <huabingzhao@tencent.com>
Co-authored-by: zhaohuabing <huabingzhao@tencent.com>
Original intent was to document proxy config annotation and unhide the
proxy metadata section, which is used by many users now. On the way I
removed+reserved some dead fields and cleaned up a few comments. I can
revert the clean up if its controversial
* update external action API
* more generic in MeshConfig
* address comments
* more comments
* use ExternalProvider and many more updates
* use provider
* require fully qualified name in service
* add fail_open and share common settings for HTTP and GRPC
* update for extension_providers and EXTENDED action
* address comments
* make port required
* change to CUSTOM action
* fix
* create remote_ip_blocks in Source
By adding remote_ip_blocks and not_remote_ip_blocks in Source,
an AuthorizationPolicy can trigger actions based on the original
client IP address gleaned from the X-Forwarded-For header or the
proxy protocol.
* update comment to show that ip_blocks match on IP packet source address
* make reference to numTrustedProxies in remote_ip docs
* fix URL for gateway network topology
* add external action to authorization policy
* remove config for now and update comments
* use custom config that is mostly based on Envoy ext_authz with minimal changes
* fix comments
Every other API is named `<kind in snake case>.proto`, but authz. It is
named authorization.policy. This impacts the generated code. For
consistency, renaming it to match all of our other APIs
* add to proxyconfig
* lint
* follow k8s readiness probe exec field type
* match k8s exactly
* gen
* rename to snake case
* Update mesh/v1alpha1/proxy.proto
Co-authored-by: John Howard <howardjohn@google.com>
* fix some stuff
* lint & gen
* add to workloadgroup
* add example & comments
* make gen
Co-authored-by: John Howard <howardjohn@google.com>
These configurations were added to be consistent with Stackdriver and
provide extra performance tuning for OpenCensus. These are unlikely to
be used in production. Tuning should probably be performed by Istio
developers instead. We can remove the options for now.
This was triggered by a conversation at the end of the previous CL
merge: https://github.com/istio/api/pull/1563
Change-Id: Iab148ff87dfe5b1772d3cdf2a009ec9cf4ea0f27
Reviewed-on: https://gerrit.musta.ch/c/public/istio-api/+/596
Reviewed-by: Jungho Ahn <jungho.ahn@airbnb.com>
Reviewed-by: Ying Zhu <ying.zhu@airbnb.com>
* add meshconfig field
* rename field
* change name
* add detailed comment
* address comments
* change to boolvalue wrapper
* proto commit
* change name again
* add comment for SAN matching
* fix comment
* use concise documentation
Rei Shimizu