diff --git a/content/en/docs/reference/config/networking/sidecar/index.html b/content/en/docs/reference/config/networking/sidecar/index.html index f5c7fd15b4..1fdd98821d 100644 --- a/content/en/docs/reference/config/networking/sidecar/index.html +++ b/content/en/docs/reference/config/networking/sidecar/index.html @@ -628,6 +628,19 @@ connections. Arbitrary IPs are not supported. Format should be one of 127. Yes + +tls +ServerTLSSettings + +

Set of TLS related options that will enable TLS termination on the +sidecar for requests originating from outside the mesh. +Currently supports only SIMPLE and MUTUAL TLS modes.

+ + + +No + + diff --git a/content/en/docs/reference/config/networking/virtual-service/index.html b/content/en/docs/reference/config/networking/virtual-service/index.html index b1fd89900d..a9106ff481 100644 --- a/content/en/docs/reference/config/networking/virtual-service/index.html +++ b/content/en/docs/reference/config/networking/virtual-service/index.html @@ -8,7 +8,7 @@ layout: protoc-gen-docs generator: protoc-gen-docs schema: istio.networking.v1alpha3.VirtualService aliases: [/docs/reference/config/networking/v1alpha3/virtual-service] -number_of_entries: 25 +number_of_entries: 27 ---

Configuration affecting traffic routing. Here are a few terms useful to define in the context of traffic routing.

@@ -669,8 +669,8 @@ No route HTTPRouteDestination[] -

A HTTP rule can either redirect or forward (default) traffic. The -forwarding target can be one of several versions of a service (see +

A HTTP rule can either return a direct_response, redirect or forward (default) traffic. +The forwarding target can be one of several versions of a service (see glossary in beginning of document). Weights associated with the service version determine the proportion of traffic it receives.

@@ -683,11 +683,26 @@ No redirect HTTPRedirect -

A HTTP rule can either redirect or forward (default) traffic. If -traffic passthrough option is specified in the rule, +

A HTTP rule can either return a direct_response, redirect or forward (default) traffic. +If traffic passthrough option is specified in the rule, route/redirect will be ignored. The redirect primitive can be used to send a HTTP 301 redirect to a different URI or Authority.

+ + +No + + + +directResponse +HTTPDirectResponse + +

A HTTP rule can either return a direct_response, redirect or forward (default) traffic. +Direct Response is used to specify a fixed response that should +be sent to clients.

+ +

It can be set only when Route and Redirect are empty.

+ No @@ -1515,6 +1530,22 @@ No If the VirtualService has a list of gateways specified in the top-level gateways field, it must include the reserved gateway mesh for this field to be applicable.

+ + +No + + + +statPrefix +string + +

The human readable prefix to use when emitting statistics for this route. +The statistics are generated with prefix route.. +This should be set for highly critical routes that one wishes to get “per-route” statistics on. +This prefix is only for proxy-level statistics (envoy*) and not service-level (istio*) statistics. +Refer to https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-route-stat-prefix +for statistics that are generated when this is configured.

+ No @@ -2073,6 +2104,238 @@ No

On a redirect, Specifies the HTTP status code to use in the redirect response. The default response code is MOVED_PERMANENTLY (301).

+ + +No + + + + + +

HTTPDirectResponse

+
+

HTTPDirectResponse can be used to send a fixed response to clients. +For example, the following rule returns a fixed 503 status with a body +to requests for /v1/getProductRatings API.

+ +

{{}} +{{}}

+ +
apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: ratings-route
+spec:
+  hosts:
+  - ratings.prod.svc.cluster.local
+  http:
+  - match:
+    - uri:
+        exact: /v1/getProductRatings
+    directResponse:
+      status: 503
+      body:
+        string: "unknown error"
+  ...
+
+ +

{{}}

+ +

{{}}

+ +
apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+metadata:
+  name: ratings-route
+spec:
+  hosts:
+  - ratings.prod.svc.cluster.local
+  http:
+  - match:
+    - uri:
+        exact: /v1/getProductRatings
+    directResponse:
+      status: 503
+      body:
+        string: "unknown error"
+  ...
+
+ +

{{}} +{{}}

+ +

It is also possible to specify a binary response body. +This is mostly useful for non text-based protocols such as gRPC.

+ +

{{}} +{{}}

+ +
apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: ratings-route
+spec:
+  hosts:
+  - ratings.prod.svc.cluster.local
+  http:
+  - match:
+    - uri:
+        exact: /v1/getProductRatings
+    directResponse:
+      status: 503
+      body:
+        bytes: "dW5rbm93biBlcnJvcg==" # "unknown error" in base64
+  ...
+
+ +

{{}}

+ +

{{}}

+ +
apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+metadata:
+  name: ratings-route
+spec:
+  hosts:
+  - ratings.prod.svc.cluster.local
+  http:
+  - match:
+    - uri:
+        exact: /v1/getProductRatings
+    directResponse:
+      status: 503
+      body:
+        bytes: "dW5rbm93biBlcnJvcg==" # "unknown error" in base64
+  ...
+
+ +

{{}} +{{}}

+ +

It is good practice to add headers in the HTTPRoute +as well as the direct_response, for example to specify +the returned Content-Type.

+ +

{{}} +{{}}

+ +
apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: ratings-route
+spec:
+  hosts:
+  - ratings.prod.svc.cluster.local
+  http:
+  - match:
+    - uri:
+        exact: /v1/getProductRatings
+    directResponse:
+      status: 503
+      body:
+        string: "{\"error\": \"unknown error\"}"
+    headers:
+      response:
+        set:
+          content-type: "appliation/json"
+  ...
+
+ +

{{}}

+ +

{{}}

+ +
apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+metadata:
+  name: ratings-route
+spec:
+  hosts:
+  - ratings.prod.svc.cluster.local
+  http:
+  - match:
+    - uri:
+        exact: /v1/getProductRatings
+    directResponse:
+      status: 503
+      body:
+        string: "{\"error\": \"unknown error\"}"
+    headers:
+      response:
+        set:
+          content-type: "text/plain"
+  ...
+
+ +

{{}} +{{}}

+ + + + + + + + + + + + + + + + + + + + + + + + +
FieldTypeDescriptionRequired
statusuint32 +

Specifies the HTTP response status to be returned.

+ +		 +Yes +
bodyHTTPBody +

Specifies the content of the response body. If this setting is omitted, +no body is included in the generated response.

+ +		 +No +
+
+

HTTPBody

+
+ + + + + + + + + + + + + + + + + + + + + + + + + +
FieldTypeDescriptionRequired
stringstring (oneof) +

response body as a string

+ +		 +No +
bytesbytes (oneof) +

response body as base64 encoded bytes.

+ 		No diff --git a/content/zh/docs/reference/config/networking/sidecar/index.html b/content/zh/docs/reference/config/networking/sidecar/index.html index 332824e82b..d3868716d8 100644 --- a/content/zh/docs/reference/config/networking/sidecar/index.html +++ b/content/zh/docs/reference/config/networking/sidecar/index.html @@ -628,6 +628,19 @@ connections. Arbitrary IPs are not supported. Format should be one of 127. Yes
tlsServerTLSSettings +

Set of TLS related options that will enable TLS termination on the +sidecar for requests originating from outside the mesh. +Currently supports only SIMPLE and MUTUAL TLS modes.

+ +		 +No +
diff --git a/content/zh/docs/reference/config/networking/virtual-service/index.html b/content/zh/docs/reference/config/networking/virtual-service/index.html index 7cc77f141e..ad012d60ef 100644 --- a/content/zh/docs/reference/config/networking/virtual-service/index.html +++ b/content/zh/docs/reference/config/networking/virtual-service/index.html @@ -8,7 +8,7 @@ layout: protoc-gen-docs generator: protoc-gen-docs schema: istio.networking.v1alpha3.VirtualService aliases: [/zh/docs/reference/config/networking/v1alpha3/virtual-service] -number_of_entries: 25 +number_of_entries: 27 ---

Configuration affecting traffic routing. Here are a few terms useful to define in the context of traffic routing.

@@ -669,8 +669,8 @@ No route HTTPRouteDestination[] -

A HTTP rule can either redirect or forward (default) traffic. The -forwarding target can be one of several versions of a service (see +

A HTTP rule can either return a direct_response, redirect or forward (default) traffic. +The forwarding target can be one of several versions of a service (see glossary in beginning of document). Weights associated with the service version determine the proportion of traffic it receives.

@@ -683,11 +683,26 @@ No redirect HTTPRedirect -

A HTTP rule can either redirect or forward (default) traffic. If -traffic passthrough option is specified in the rule, +

A HTTP rule can either return a direct_response, redirect or forward (default) traffic. +If traffic passthrough option is specified in the rule, route/redirect will be ignored. The redirect primitive can be used to send a HTTP 301 redirect to a different URI or Authority.

+ + +No + + + +directResponse +HTTPDirectResponse + +

A HTTP rule can either return a direct_response, redirect or forward (default) traffic. +Direct Response is used to specify a fixed response that should +be sent to clients.

+ +

It can be set only when Route and Redirect are empty.

+ No @@ -1515,6 +1530,22 @@ No If the VirtualService has a list of gateways specified in the top-level gateways field, it must include the reserved gateway mesh for this field to be applicable.

+ + +No + + + +statPrefix +string + +

The human readable prefix to use when emitting statistics for this route. +The statistics are generated with prefix route.. +This should be set for highly critical routes that one wishes to get “per-route” statistics on. +This prefix is only for proxy-level statistics (envoy*) and not service-level (istio*) statistics. +Refer to https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-route-stat-prefix +for statistics that are generated when this is configured.

+ No @@ -2073,6 +2104,238 @@ No

On a redirect, Specifies the HTTP status code to use in the redirect response. The default response code is MOVED_PERMANENTLY (301).

+ + +No + + + + + +

HTTPDirectResponse

+
+

HTTPDirectResponse can be used to send a fixed response to clients. +For example, the following rule returns a fixed 503 status with a body +to requests for /v1/getProductRatings API.

+ +

{{}} +{{}}

+ +
apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: ratings-route
+spec:
+  hosts:
+  - ratings.prod.svc.cluster.local
+  http:
+  - match:
+    - uri:
+        exact: /v1/getProductRatings
+    directResponse:
+      status: 503
+      body:
+        string: "unknown error"
+  ...
+
+ +

{{}}

+ +

{{}}

+ +
apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+metadata:
+  name: ratings-route
+spec:
+  hosts:
+  - ratings.prod.svc.cluster.local
+  http:
+  - match:
+    - uri:
+        exact: /v1/getProductRatings
+    directResponse:
+      status: 503
+      body:
+        string: "unknown error"
+  ...
+
+ +

{{}} +{{}}

+ +

It is also possible to specify a binary response body. +This is mostly useful for non text-based protocols such as gRPC.

+ +

{{}} +{{}}

+ +
apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: ratings-route
+spec:
+  hosts:
+  - ratings.prod.svc.cluster.local
+  http:
+  - match:
+    - uri:
+        exact: /v1/getProductRatings
+    directResponse:
+      status: 503
+      body:
+        bytes: "dW5rbm93biBlcnJvcg==" # "unknown error" in base64
+  ...
+
+ +

{{}}

+ +

{{}}

+ +
apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+metadata:
+  name: ratings-route
+spec:
+  hosts:
+  - ratings.prod.svc.cluster.local
+  http:
+  - match:
+    - uri:
+        exact: /v1/getProductRatings
+    directResponse:
+      status: 503
+      body:
+        bytes: "dW5rbm93biBlcnJvcg==" # "unknown error" in base64
+  ...
+
+ +

{{}} +{{}}

+ +

It is good practice to add headers in the HTTPRoute +as well as the direct_response, for example to specify +the returned Content-Type.

+ +

{{}} +{{}}

+ +
apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: ratings-route
+spec:
+  hosts:
+  - ratings.prod.svc.cluster.local
+  http:
+  - match:
+    - uri:
+        exact: /v1/getProductRatings
+    directResponse:
+      status: 503
+      body:
+        string: "{\"error\": \"unknown error\"}"
+    headers:
+      response:
+        set:
+          content-type: "appliation/json"
+  ...
+
+ +

{{}}

+ +

{{}}

+ +
apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+metadata:
+  name: ratings-route
+spec:
+  hosts:
+  - ratings.prod.svc.cluster.local
+  http:
+  - match:
+    - uri:
+        exact: /v1/getProductRatings
+    directResponse:
+      status: 503
+      body:
+        string: "{\"error\": \"unknown error\"}"
+    headers:
+      response:
+        set:
+          content-type: "text/plain"
+  ...
+
+ +

{{}} +{{}}

+ + + + + + + + + + + + + + + + + + + + + + + + +
FieldTypeDescriptionRequired
statusuint32 +

Specifies the HTTP response status to be returned.

+ +		 +Yes +
bodyHTTPBody +

Specifies the content of the response body. If this setting is omitted, +no body is included in the generated response.

+ +		 +No +
+
+

HTTPBody

+
+ + + + + + + + + + + + + + + + + + + +
FieldTypeDescriptionRequired
stringstring (oneof) +

response body as a string

+ +		 +No +
bytesbytes (oneof) +

response body as base64 encoded bytes.

+ 		No