fb318b28df
Add support for VirtualService delegate ( #1209 )
...
* Added route delegate in virtualservice
* make gen
* make proto-commit
* make gen
* address comment
2020-04-02 23:49:18 -07:00
ce1b8dd24c
Localhost TLS termination and initiation in Sidecar ( #1333 )
...
* Localhost TLS termination and initiation in Sidecar
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* cleanup gateway SDS documentation
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* nits
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* release lock status
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* updates
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* update release locks
* nits
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* undo
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
2020-03-26 12:33:17 -07:00
8217d7225b
VMs: Separate endpoints from service entry into WorkloadEntry ( #1331 )
...
* Separate endpoints from service entry
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* updates
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* fixes
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* sync
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* move message out
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* renaming
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* generate files
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* update release lock status
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* make gen
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* bad merge
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
2020-03-24 17:53:57 -07:00
32b3c42553
Remove old envoyfilter fields ( #1344 )
...
* Remove old envoyfilter fields
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* updates
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* release lock status
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
2020-03-24 08:51:20 -07:00
200da86cbc
revert #1248 - sidecar inboundTls ( #1330 )
...
* revert #1248 - sidecar inboundTls
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* protos
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
2020-03-17 06:45:32 -07:00
7fd43ea7fc
fix destination rule ttl mismatched type ( #1285 )
2020-02-17 17:31:18 -08:00
7e4faad991
Sidecar Outbound Traffic Policy allow_any mode tweaks ( #1279 )
...
* Catch all egress gateway
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* doc updates
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* refactor
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* updates
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* updates 2
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
2020-02-11 12:39:08 -08:00
251e511063
add retry_remote_localities for retry ( #1156 )
2020-02-11 08:30:25 -08:00
e090ac3f82
custom TLS termination at sidecar ( #1248 )
...
* wip
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* adding TLS to sidecar ingress
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* updates
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* v1beta1
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* proto gen
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* updates
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* doc updates
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* updates
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* fixes
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* Revert "fixes"
This reverts commit cf52ae57386019f00dc8
2020-02-07 14:56:51 -08:00
8af5bcd0f1
Add query param based hash ( #1272 )
2020-02-06 09:06:18 -08:00
365fa8c98b
Add source_namespace to match attributes ( #1254 )
...
It would be useful to be able to route on source namespace additional to
source labels
2020-02-03 10:54:40 -08:00
5866f09f1c
Sync between v1alpha3 and v1beta1 and add back reverted commit ( #1255 )
2020-01-30 16:44:44 -08:00
2e8814b40f
Revert "Add without_headers field to HTTPMatchRequest for specifying if-not-present semantics ( #1233 )" ( #1250 )
...
This reverts commit b255104af7
2020-01-25 20:16:26 -08:00
5978992a6e
Add option INSERT_FIRST in EnvoyFilter.Patch.Operation ( #1234 )
2020-01-21 16:27:00 -08:00
b255104af7
Add without_headers field to HTTPMatchRequest for specifying if-not-present semantics ( #1233 )
2020-01-20 13:13:38 -08:00
e7b15ef814
Remove some fields in virtualservice ( #1214 )
...
* Remove deprecated fields in VS
* gen crd
2020-01-10 02:44:35 -08:00
08509ba5b8
add allow_origins in CorsPolicy. ( #1197 )
2020-01-10 01:00:34 -08:00
ad468de08f
add enabled for locality lb ( #1182 )
2020-01-08 09:15:19 -08:00
b5c3569683
deprecate consecutive_errors and add consecutive_gateway_errors & consecutive_5xx_errors ( #1189 )
...
* istio-api: add consecutive_5xx_errors for outlier detection
This CL adds consecutive_5xx_errors field in OutlierDetection.
This field describes the number of 5xx errors before a host is
ejected from the connection pool.
I made changes to destination_rule.proto, the other files are auto-generated.
Change-Id: Ib5097b3c6bf3ea2b8b2f857491537acb674ae1ff
Reviewed-on: https://gerrit.musta.ch/c/public/istio-api/+/195
Reviewed-by: Brian Wolfe <brian.wolfe@airbnb.com>
Reviewed-by: Jungho Ahn <jungho.ahn@airbnb.com>
Reviewed-by: Weibo He <weibo.he@airbnb.com>
* Revert "istio-api: add consecutive_5xx_errors for outlier detection"
This reverts commit 064b737396200a84ed5fd6303ae6b68b48c569b3.
Reason for revert: decided to deprecate consecutive_errors
Change-Id: I95e3191db30711b1ce7abdebe7639de4899f2ab1
Reviewed-on: https://gerrit.musta.ch/c/public/istio-api/+/163
Reviewed-by: Jungho Ahn <jungho.ahn@airbnb.com>
* istio-api: deprecate consecutive_errors and add gateway & 5xx errors
With the original consecutive_errors design, there is no way to turn
off consecutive gateway errors. This CL deprecate the field and add two
new fields: consecutive_gateway_errors and consecutive_5xx_errors.
See discussions here: https://github.com/istio/api/issues/909
Change-Id: I0e98990d194216cef842fb792a76a5f59b6e674e
Reviewed-on: https://gerrit.musta.ch/c/public/istio-api/+/199
Reviewed-by: Jungho Ahn <jungho.ahn@airbnb.com>
Reviewed-by: Weibo He <weibo.he@airbnb.com>
* istio-api: consecutive 5xx defaults to 5, gateway defaults to 0
This CL changes the description of consecutive_5xx_errors and
consecutive_gateway errors. 5xx defaults to 5 and gateway defaults to 0.
Change-Id: I6c3b29cf92df1c972a7850a726eb159b5e23bf90
Reviewed-on: https://gerrit.musta.ch/c/public/istio-api/+/211
Reviewed-by: Jungho Ahn <jungho.ahn@airbnb.com>
* istio-api: reword consecutive 5xx & gateway descriptions
This CL rewords the descriptions of consecutive 5xx & gateway as
suggected in https://github.com/istio/api/pull/1189/files .
Change-Id: Ia95c03da78a2c9f12c8762b9d8fb95e7add08516
Reviewed-on: https://gerrit.musta.ch/c/public/istio-api/+/214
Reviewed-by: Jungho Ahn <jungho.ahn@airbnb.com>
2019-12-20 09:53:05 -08:00
2a7248f229
VirtualService: use a double for mirror_percent ( #1173 )
...
To support mirroring less than 1% of traffic to a destination, the
mirror_percent field should provide specification of percentages less
than 1. Envoy permits mirroring fractions as small as 1 in 1,000,000.
The Delay and Abort messages already encountered this issue and
solved it by using a Percent (== double) field called percentage instead
of an integer field called percent.
Here, we support small fractions in mirroring using the same pattern,
using mirror_percentage in place of mirror_percent and deprecating the
mirror_percent field.
When reading mirror_percentage, we will need to handle rounding
of numbers near 1.0e-6 carefully because the floating point
representation will not be exact.
2019-11-25 18:37:42 -08:00
9a5ec23e27
Add locality load balancer settings on destination rule ( #1141 )
...
* Move locality load balancer settings to destination rule and use it in config.
* Add proto generated files with protolock
* Update based on proto run.
* Fix conventions
* Additional changes after generation
* Update the protolock status files.
* Add locality load balancer settings under port traffic policy
* Moved locality load balancer settings under load balancer settings.
* Remove extra lines added.
* Update after make gen.
2019-10-28 11:16:01 -07:00
1187adbd14
Use field_behavior as an option for required fields ( #1125 )
...
* use field_behavior opiton for required fields
* modify makefile to replace import path for field_behavior
* generate after image update
* changes after comments from policy and telemetry team
* regen after changes
* update networking and rebase
2019-10-14 10:42:57 -07:00
5e9ae71274
removed port name from the port selector ( #1100 )
2019-09-25 07:27:42 -07:00
8920ca4382
Add mirror_percent ( #1079 )
...
This allows us to mirror only a percentage of the traffic, instead
of always mirroring 100%.
This partially fixes https://github.com/istio/istio/issues/14437 , in
conjuction with https://github.com/istio/istio/pull/16939 .
2019-09-13 12:48:55 -07:00
cd150f8ca1
Update common files. ( #1075 )
2019-09-08 08:12:11 -07:00
4d7314930b
revert stat name from destination rule ( #1062 )
...
Signed-off-by: Rama Chavali <rama.rao@salesforce.com>
2019-08-27 20:19:52 -07:00
47d59557d3
add stat name pattern ( #1056 )
...
* add stat name pattern
Signed-off-by: Rama Chavali <rama.rao@salesforce.com>
* add subset name
Signed-off-by: Rama Chavali <rama.rao@salesforce.com>
2019-08-27 10:11:54 -07:00
1c58b135ae
Update common files. ( #1055 )
...
- Fix some broken dependency tracking.
- Remove a superfluous proto import to get rid of a warning.
- Explicitly select an older build-tools container version, since
the current one has some problems building the protos.
2019-08-26 09:57:37 -07:00
9dc74657c5
Update common files. ( #1050 )
...
This introduces a new protoc compiler, which affects the python code
gen a bit.
2019-08-21 19:43:58 -07:00
0e77ec0023
Named routes in VS and few more fields in envoyfilter api ( #1026 )
...
* adding few more fields to envoyfilter api
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* nits
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* adding names to virtual service routes
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* proto commit
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* return name to envoy filter
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* docs
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
2019-08-08 14:32:17 -04:00
590323566e
fix proxy version match ( #1012 )
...
* fix proxy version match
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* bad merge
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
2019-07-31 18:32:11 -04:00
0988834cd4
DNM - a test of gogo forked tooling
2019-07-30 08:22:31 -07:00
fee961ba53
EnvoyFilter: add ability to match on proxy metadata and version ( #1003 )
...
* add a proxy version check for envoy patch match
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* update docs
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* update protolock
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* generic proxy match
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
2019-07-29 14:06:31 -04:00
67272e757e
Add TLS certificate default validation options ( #973 )
...
* Add TLS certificate default validation options
* Fix nits in gateway.proto
* Regenerate files
* Simplify spki comment
* Remove trusted_ca field and CertificateValidationContext message.
Move validate_certificate_spki near other validation settings.
Add validate_certificate_hash.
* Add TLS certificate default validation options
* Fix nits in gateway.proto
* Regenerate files
* Simplify spki comment
* Remove trusted_ca field and CertificateValidationContext message.
Move validate_certificate_spki near other validation settings.
Add validate_certificate_hash.
* Rebase from upstream
* Revert "Merge branch 'certificateValidation' of https://github.com/Phlak106/api into certificateValidation"
This reverts commit 8ee3ba793101f3b1decc
2019-07-26 22:12:00 +00:00
ae67f60b2e
Generate a doc page for our annotations. ( #993 )
2019-07-25 21:09:24 +00:00
48457f4161
Introduce ISTIO_MUTUAL TLSmode in gateway.proto ( #991 )
...
It is not possible to specify Istio certificate locations using MUTUAL
mode, so we must introduce ISTIO_MUTUAL TLSmode (as found in
destination_rule.proto). Allows us to use secure mTLS connection
between the gateway and workloads with SDS enabled
2019-07-24 17:56:52 +00:00
99722f53e7
add parameter to specify HTTP redirect code ( #970 )
2019-07-17 23:51:23 -04:00
115cae5613
Tweaks to EnvoyFilter docs and minor api fix ( #982 )
...
* tweaks to envoy filter docs and api
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* protolock
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
2019-07-16 13:11:33 -04:00
70f6e4eada
include PatchContext in EnvoyFilter_EnvoyConfigObjectMatch ( #971 )
2019-07-08 13:04:18 -07:00
4b6c61ecac
Fixes #12873 . Add property Sidecar.OutboundTrafficPolicy to configure… ( #964 )
...
* Fixes #12873 . Add property Sidecar.OutboundTrafficPolicy to configure outbound traffic policy individually per application
* Fix difference in proto.lock
2019-07-08 13:58:44 -04:00
8685353777
fix field type ( #956 )
...
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
2019-06-24 11:47:50 -07:00
812ed88951
Enhancing EnvoyFilter with listener/cluster/route mods ( #899 )
...
* Add replace/merge semantics in EnvoyFilter
Signed-off-by: Shriram Rajagopalan <rshriram@gmail.com>
* updates
Signed-off-by: Shriram Rajagopalan <rshriram@gmail.com>
* Using JSON XPaths
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* doc updates
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* protolock
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* updates
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* updates
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* proto lock
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* updates
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* release-lock status
Signed-off-by: Shriram Rajagopalan <rshriram@tetrate.io>
* undo
* Revert "undo"
This reverts commit ae659a19b3
2019-06-24 14:16:44 -04:00
5dd7dbbe45
H2 auto upgrade options ( #930 )
...
* Add h2upgrade policy
* review comments
* Add generated files
2019-06-01 20:47:16 -07:00
1dffc8d3d2
Add parameter to ignore HTTP match case ( #926 )
...
This adds a ignoreUriCase parameter to HTTPMatchRequest to allow for
configuring case-insensitive HTTP URI matching.
Signed-off-by: Venil Noronha <veniln@vmware.com>
2019-05-21 17:40:26 -07:00
6b8d1849e7
Adding idle_timeout field to DestinationRule ( #891 )
...
* adding idle_timeout setting for upstream connections.
* typo: removing extra whitespace from idle_timeout documentation.
* running proto-commit.
2019-04-05 10:27:52 -04:00
8a1240dcc3
Add configuration for matching on query params ( #883 )
...
This adds the necessary configuration for matching over query
parameters.
Signed-off-by: Venil Noronha <veniln@vmware.com>
2019-04-02 08:34:26 -04:00
3094619c84
Add subject_alt_names field in ServiceEntry ( #785 )
...
* Add service_accounts field in ServiceEntry
* Ran make proto-commit
* Added example with format
* Rename to subject_alt_names
* Move example out of the message definition
* Added a period
* Remove hide_from_docs
2019-02-05 13:26:00 -08:00
e3015e7a46
Fixing SDS field/semantics in the gateway ( #780 )
...
* Enabling SDS in the gateway
Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com>
* lint
Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com>
* nits
Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com>
* cleanups
Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com>
* update
Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com>
* updates
Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com>
* protolock
Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com>
2019-01-31 15:56:14 -08:00
d5da499b61
revert sds name ( #781 )
...
Signed-off-by: Shriram Rajagopalan <shriramr@vmware.com>
2019-01-30 20:15:20 -05:00
5c6aec28eb
Revert "Enabling SDS in the gateway ( #778 )" ( #779 )
...
This reverts commit 3c7e31a648
2019-01-29 19:40:38 -05:00
Zhonghu Xu