mirror of https://github.com/istio/api.git
226 lines
9.7 KiB
YAML
226 lines
9.7 KiB
YAML
# Copyright 2019 Istio Authors
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
annotations:
|
|
- name: alpha.istio.io/kubernetes-serviceaccounts
|
|
variableName: AlphaKubernetesServiceAccounts
|
|
description: Specifies the Kubernetes service accounts that are allowed to run this
|
|
service on the VMs.
|
|
NOTE This API is Alpha and has no stability guarantees.
|
|
deprecated: false
|
|
hidden: true
|
|
- name: alpha.istio.io/canonical-serviceaccounts
|
|
variableName: AlphaCanonicalServiceAccounts
|
|
description: Specifies the non-Kubernetes service accounts that are allowed to
|
|
run this service.
|
|
NOTE This API is Alpha and has no stability guarantees.
|
|
deprecated: false
|
|
hidden: true
|
|
- name: alpha.istio.io/identity
|
|
description: Identity for the workload.
|
|
NOTE This API is Alpha and has no stability guarantees.
|
|
deprecated: false
|
|
hidden: true
|
|
- name: networking.alpha.istio.io/serviceVersion
|
|
description: Added to synthetic ServiceEntry resources to provide the raw resource
|
|
version from the most recent k8s Service update. This will always be available for
|
|
synthetic service entries.
|
|
NOTE This API is Alpha and has no stability guarantees.
|
|
deprecated: false
|
|
hidden: true
|
|
- name: networking.alpha.istio.io/endpointsVersion
|
|
description: Added to synthetic ServiceEntry resources to provide the raw resource
|
|
version from the most recent k8s Endpoints update (if available).
|
|
NOTE This API is Alpha and has no stability guarantees.
|
|
deprecated: false
|
|
hidden: true
|
|
- name: networking.alpha.istio.io/notReadyEndpoints
|
|
description: Added to synthetic ServiceEntry resources to provide the
|
|
'NotReadyAddresses' from the Kubernetes Endpoints resource. The value is a
|
|
comma-separated list of IP:port.
|
|
NOTE This API is Alpha and has no stability guarantees.
|
|
deprecated: false
|
|
hidden: true
|
|
- name: networking.istio.io/exportTo
|
|
description: Specifies the namespaces to which this service should be exported to.
|
|
A value of '*' indicates it is reachable within the mesh '.' indicates it is
|
|
reachable within its namespace.
|
|
deprecated: false
|
|
hidden: false
|
|
- name: sidecar.istio.io/inject
|
|
description: Specifies whether or not an istio-proxy sidecar should be automatically
|
|
injected into the workload.
|
|
deprecated: false
|
|
hidden: false
|
|
- name: sidecar.istio.io/status
|
|
description: Generated by istio-proxy sidecar injection that indicates the status of
|
|
the operation. Includes a version hash of the executed template, as well as names of
|
|
injected resources.
|
|
deprecated: false
|
|
hidden: false
|
|
- name: sidecar.istio.io/rewriteAppHTTPProbers
|
|
description: Rewrite HTTP readiness and liveness probes to be redirected to
|
|
istio-proxy sidecar.
|
|
deprecated: false
|
|
hidden: false
|
|
- name: sidecar.istio.io/controlPlaneAuthPolicy
|
|
description: Specifies the auth policy used by the Istio control plane. If NONE,
|
|
traffic will not be encrypted. If MUTUAL_TLS, traffic between istio-proxy sidecars
|
|
will be wrapped into mutual TLS connections.
|
|
deprecated: false
|
|
hidden: false
|
|
- name: sidecar.istio.io/discoveryAddress
|
|
description: Specifies the XDS discovery address to be used by the istio-proxy
|
|
sidecar.
|
|
deprecated: false
|
|
hidden: false
|
|
- name: sidecar.istio.io/proxyImage
|
|
description: Specifies the Docker image to be used by the istio-proxy sidecar.
|
|
deprecated: false
|
|
hidden: false
|
|
- name: sidecar.istio.io/proxyCPU
|
|
description: Specifies the requested CPU setting for the istio-proxy sidecar.
|
|
deprecated: false
|
|
hidden: false
|
|
- name: sidecar.istio.io/proxyMemory
|
|
description: Specifies the requested memory setting for the istio-proxy sidecar.
|
|
deprecated: false
|
|
hidden: false
|
|
- name: sidecar.istio.io/interceptionMode
|
|
description: Specifies the mode used to redirect inbound connections to Envoy
|
|
(REDIRECT or TPROXY).
|
|
deprecated: false
|
|
hidden: false
|
|
- name: sidecar.istio.io/bootstrapOverride
|
|
description: Specifies an alternative Envoy bootstrap configuration file.
|
|
deprecated: false
|
|
hidden: false
|
|
- name: sidecar.istio.io/statsInclusionPrefixes
|
|
description: Specifies the comma separated list of prefixes of the stats to be
|
|
emitted by Envoy.
|
|
deprecated: false
|
|
hidden: false
|
|
- name: sidecar.istio.io/statsInclusionSuffixes
|
|
description: Specifies the comma separated list of suffixes of the stats to be
|
|
emitted by Envoy.
|
|
deprecated: false
|
|
hidden: false
|
|
- name: sidecar.istio.io/statsInclusionRegexps
|
|
description: Specifies the comma separated list of regexes the stats should match
|
|
to be emitted by Envoy.
|
|
deprecated: false
|
|
hidden: false
|
|
- name: sidecar.istio.io/userVolume
|
|
description: Specifies one or more user volumes (as a JSON array) to be added to
|
|
the istio-proxy sidecar.
|
|
deprecated: false
|
|
hidden: false
|
|
- name: sidecar.istio.io/userVolumeMount
|
|
description: Specifies one or more user volume mounts (as a JSON array) to be added
|
|
to the istio-proxy sidecar.
|
|
deprecated: false
|
|
hidden: false
|
|
- name: status.sidecar.istio.io/port
|
|
description: Specifies the HTTP status Port for the istio-proxy sidecar. If zero, the
|
|
istio-proxy will not provide status.
|
|
deprecated: false
|
|
hidden: false
|
|
- name: sidecar.istio.io/logLevel
|
|
description: Specifies the log level for Envoy.
|
|
deprecated: false
|
|
hidden: false
|
|
- name: sidecar.istio.io/componentLogLevel
|
|
description: Specifies the component log level for Envoy.
|
|
deprecated: false
|
|
hidden: false
|
|
- name: readiness.status.sidecar.istio.io/initialDelaySeconds
|
|
description: Specifies the initial delay (in seconds) for the istio-proxy readiness
|
|
probe.
|
|
deprecated: false
|
|
hidden: false
|
|
- name: readiness.status.sidecar.istio.io/periodSeconds
|
|
description: Specifies the period (in seconds) for the istio-proxy readiness probe.
|
|
deprecated: false
|
|
hidden: false
|
|
- name: readiness.status.sidecar.istio.io/failureThreshold
|
|
description: Specifies the failure threshold for the istio-proxy readiness probe.
|
|
deprecated: false
|
|
hidden: false
|
|
- name: readiness.status.sidecar.istio.io/applicationPorts
|
|
description: Specifies the list of ports exposed by the application container. Used
|
|
by the istio-proxy readiness probe to determine that Envoy is configured and ready
|
|
to receive traffic.
|
|
deprecated: false
|
|
hidden: false
|
|
- name: traffic.sidecar.istio.io/includeOutboundIPRanges
|
|
description: A comma separated list of IP ranges in CIDR form to redirect to envoy
|
|
(optional). The wildcard character '*' can be used to redirect all outbound traffic.
|
|
An empty list will disable all outbound redirection.
|
|
deprecated: false
|
|
hidden: false
|
|
- name: traffic.sidecar.istio.io/excludeOutboundIPRanges
|
|
description: A comma separated list of IP ranges in CIDR form to be excluded from
|
|
redirection. Only applies when all outbound traffic (i.e. '*') is being redirected.
|
|
deprecated: false
|
|
hidden: false
|
|
- name: traffic.sidecar.istio.io/includeInboundPorts
|
|
description: A comma separated list of inbound ports for which traffic is to be
|
|
redirected to Envoy. The wildcard character '*' can be used to configure redirection
|
|
for all ports. An empty list will disable all inbound redirection.
|
|
deprecated: false
|
|
hidden: false
|
|
- name: traffic.sidecar.istio.io/excludeInboundPorts
|
|
description: A comma separated list of inbound ports to be excluded from redirection
|
|
to Envoy. Only applies when all inbound traffic (i.e. '*') is being redirected.
|
|
deprecated: false
|
|
hidden: false
|
|
- name: traffic.sidecar.istio.io/excludeOutboundPorts
|
|
description: A comma separated list of outbound ports to be excluded from redirection
|
|
to Envoy.
|
|
deprecated: false
|
|
hidden: false
|
|
- name: traffic.sidecar.istio.io/kubevirtInterfaces
|
|
description: A comma separated list of virtual interfaces whose inbound traffic
|
|
(from VM) will be treated as outbound.
|
|
deprecated: false
|
|
hidden: false
|
|
- name: policy.istio.io/lang
|
|
description: Selects the attribute expression langauge runtime for Mixer..
|
|
deprecated: false
|
|
hidden: false
|
|
- name: policy.istio.io/check
|
|
description: Determines the policy for behavior when unable to connect to Mixer. If
|
|
not set, FAIL_CLOSE is set, rejecting requests.
|
|
deprecated: false
|
|
hidden: false
|
|
- name: policy.istio.io/checkRetries
|
|
description: The maximum number of retries on transport errors to Mixer. If not set,
|
|
this will be 0, indicating no retries.
|
|
deprecated: false
|
|
hidden: false
|
|
- name: policy.istio.io/checkBaseRetryWaitTime
|
|
description: Base time to wait between retries, will be adjusted by backoff and jitter.
|
|
In duration format. If not set, this will be 80ms.
|
|
deprecated: false
|
|
hidden: false
|
|
- name: policy.istio.io/checkMaxRetryWaitTime
|
|
description: Maximum time to wait between retries to Mixer. In duration format. If not
|
|
set, this will be 1000ms.
|
|
deprecated: false
|
|
hidden: false
|
|
- name: kubernetes.io/ingress.class
|
|
description: Annotation on an Ingress resources denoting the class of controllers responsible for it.
|
|
deprecated: false
|
|
hidden: false
|