istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Just the proxy docs (#122)

This commit is contained in:
Zack 2017-05-05 16:48:23 -07:00 committed by Shriram Rajagopalan
parent 6ab9d461d2
commit b590cfa219
5 changed files with 1175 additions and 905 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

287
_docs/reference/api/destination-policies.md Normal file
View File

@ -0,0 +1,287 @@
---
title: Destination Policies
overview: Generated documentation for the Istio's Configuration Schemas
order: 1000
layout: docs
type: markdown
---
<a name="rpcIstio.proxy.v1.configIndex"></a>
### Index
* [CircuitBreaker](#istio.proxy.v1.config.CircuitBreaker)
(message)
* [CircuitBreaker.SimpleCircuitBreakerPolicy](#istio.proxy.v1.config.CircuitBreaker.SimpleCircuitBreakerPolicy)
(message)
* [DestinationPolicy](#istio.proxy.v1.config.DestinationPolicy)
(message)
* [DestinationVersionPolicy](#istio.proxy.v1.config.DestinationVersionPolicy)
(message)
* [LoadBalancing](#istio.proxy.v1.config.LoadBalancing)
(message)
* [LoadBalancing.SimpleLBPolicy](#istio.proxy.v1.config.LoadBalancing.SimpleLBPolicy)
(enum)
<a name="istio.proxy.v1.config.CircuitBreaker"></a>
### CircuitBreaker
Circuit breaker configuration for Envoy. The circuit breaker
implementation is fine-grained in that it tracks the success/failure
rates of individual hosts in the load balancing pool. Hosts that
continually return errors for API calls are ejected from the pool for a
pre-defined period of time. See Envoy's [outlier
detection](https://lyft.github.io/envoy/docs/intro/archOverview/outlier.html)
for more details.
<table>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1.config.CircuitBreaker.simpleCb"></a>
<tr>
<td><code>simpleCb</code></td>
<td><a href="#istio.proxy.v1.config.CircuitBreaker.SimpleCircuitBreakerPolicy">SimpleCircuitBreakerPolicy</a></td>
<td></td>
</tr>
</table>
<a name="istio.proxy.v1.config.CircuitBreaker.SimpleCircuitBreakerPolicy"></a>
### SimpleCircuitBreakerPolicy
Parameters to tune Envoy's circuit breaker configuration. A simple
circuit breaker can be set based on a number of criteria such as
connection and request limits. For example, the following destination
policy sets a limit of 100 connections to "reviews" service version
"v1" backends.
destination: reviews.default.svc.cluster.local
policy:
- tags:
version: v1
circuitBreaker:
simpleCb:
maxConnections: 100
The following destination policy sets a limit of 100 connections and
1000 concurrent requests, with no more than 10 req/connection to
"reviews" service version "v1" backends. In addition, it configures
hosts to be scanned every 5 mins, such that any host that fails 7
consecutive times with 5XX error code will be ejected for 15 minutes.
destination: reviews.default.svc.cluster.local
policy:
- tags:
version: v1
circuitBreaker:
simpleCb:
maxConnections: 100
httpMaxRequests: 1000
httpMaxRequestsPerConnection: 10
httpConsecutiveErrors: 7
sleepWindow: 15m
httpDetectionInterval: 5m
<table>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1.config.CircuitBreaker.SimpleCircuitBreakerPolicy.maxConnections"></a>
<tr>
<td><code>maxConnections</code></td>
<td>int32</td>
<td>Maximum number of connections to a backend.</td>
</tr>
<a name="istio.proxy.v1.config.CircuitBreaker.SimpleCircuitBreakerPolicy.httpMaxPendingRequests"></a>
<tr>
<td><code>httpMaxPendingRequests</code></td>
<td>int32</td>
<td>Maximum number of pending requests to a backend. Default 1024</td>
</tr>
<a name="istio.proxy.v1.config.CircuitBreaker.SimpleCircuitBreakerPolicy.httpMaxRequests"></a>
<tr>
<td><code>httpMaxRequests</code></td>
<td>int32</td>
<td>Maximum number of requests to a backend. Default 1024</td>
</tr>
<a name="istio.proxy.v1.config.CircuitBreaker.SimpleCircuitBreakerPolicy.sleepWindow"></a>
<tr>
<td><code>sleepWindow</code></td>
<td><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></td>
<td>Minimum time the circuit will be closed. format: 1h/1m/1s/1ms. MUST BE &gt;=1ms. Default is 30s.</td>
</tr>
<a name="istio.proxy.v1.config.CircuitBreaker.SimpleCircuitBreakerPolicy.httpConsecutiveErrors"></a>
<tr>
<td><code>httpConsecutiveErrors</code></td>
<td>int32</td>
<td>Number of 5XX errors before circuit is opened. Defaults to 5.</td>
</tr>
<a name="istio.proxy.v1.config.CircuitBreaker.SimpleCircuitBreakerPolicy.httpDetectionInterval"></a>
<tr>
<td><code>httpDetectionInterval</code></td>
<td><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></td>
<td>Time interval between ejection sweep analysis. format: 1h/1m/1s/1ms. MUST BE &gt;=1ms. Default is 10s.</td>
</tr>
<a name="istio.proxy.v1.config.CircuitBreaker.SimpleCircuitBreakerPolicy.httpMaxRequestsPerConnection"></a>
<tr>
<td><code>httpMaxRequestsPerConnection</code></td>
<td>int32</td>
<td>Maximum number of requests per connection to a backend. Setting this parameter to 1 disables keep alive.</td>
</tr>
<a name="istio.proxy.v1.config.CircuitBreaker.SimpleCircuitBreakerPolicy.httpMaxEjectionPercent"></a>
<tr>
<td><code>httpMaxEjectionPercent</code></td>
<td>int32</td>
<td>Maximum % of hosts in the load balancing pool for the destination service that can be ejected by the circuit breaker. Defaults to 10%.</td>
</tr>
</table>
<a name="istio.proxy.v1.config.DestinationPolicy"></a>
### DestinationPolicy
DestinationPolicy defines client/caller-side policies that determine how
to handle traffic bound to a particular destination service. The policy
specifies configuration for load balancing and circuit breakers. For
example, a simple load balancing policy for the reviews service would
look as follows:
destination: reviews.default.svc.cluster.local
policy:
- loadBalancing: RANDOM
simpleCb:
maxConnections: 1000
Policies are applicable per individual service versions. ONLY
ONE policy can be defined per service version. Policy CANNOT be empty.
<table>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1.config.DestinationPolicy.destination"></a>
<tr>
<td><code>destination</code></td>
<td>string</td>
<td>REQUIRED. Service name for which the service version is defined. The value MUST BE a fully-qualified domain name, e.g. <em>my-service.default.svc.cluster.local</em>.</td>
</tr>
<a name="istio.proxy.v1.config.DestinationPolicy.policy"></a>
<tr>
<td><code>policy[]</code></td>
<td>repeated <a href="#istio.proxy.v1.config.DestinationVersionPolicy">DestinationVersionPolicy</a></td>
<td>REQUIRED. List of policies, one per service version.</td>
</tr>
</table>
<a name="istio.proxy.v1.config.DestinationVersionPolicy"></a>
### DestinationVersionPolicy
A destination policy can be restricted to a particular version of a
service or applied to all versions. The tags field in the
DestinationVersionPolicy allow restricting the scope of a
DestinationPolicy. For example, the following load balancing policy
applies to version v1 of the reviews service running in the prod
environment:
destination: reviews.default.svc.cluster.local
policy:
- tags:
env: prod
version: v1
loadBalancing: RANDOM
If tags are omitted, the policy applies for all versions of the
service. Policy CANNOT BE empty.
*Note:* Destination policies will be applied only if the corresponding
tagged instances are explicity routed to. In other words, for every
destination policy defined, atleast one route rule must refer to the
service version indicated in the destination policy.
<table>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1.config.DestinationVersionPolicy.tags"></a>
<tr>
<td><code>tags</code></td>
<td>repeated map&lt;string, string&gt;</td>
<td>Optional set of tags that identify a particular version of the destination service. If omitted, the policy will apply to all versions of the service.</td>
</tr>
<a name="istio.proxy.v1.config.DestinationVersionPolicy.loadBalancing"></a>
<tr>
<td><code>loadBalancing</code></td>
<td><a href="#istio.proxy.v1.config.LoadBalancing">LoadBalancing</a></td>
<td>Load balancing policy.</td>
</tr>
<a name="istio.proxy.v1.config.DestinationVersionPolicy.circuitBreaker"></a>
<tr>
<td><code>circuitBreaker</code></td>
<td><a href="#istio.proxy.v1.config.CircuitBreaker">CircuitBreaker</a></td>
<td>Circuit breaker policy.</td>
</tr>
</table>
<a name="istio.proxy.v1.config.LoadBalancing"></a>
### LoadBalancing
Load balancing policy to use when forwarding traffic. These policies
directly correlate to [load balancer
types](https://lyft.github.io/envoy/docs/intro/archOverview/loadBalancing.html)
supported by Envoy. Example,
destination: reviews.default.svc.cluster.local
policy:
- loadBalancing: RANDOM
<table>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1.config.LoadBalancing.name"></a>
<tr>
<td><code>name</code></td>
<td><a href="#istio.proxy.v1.config.LoadBalancing.SimpleLBPolicy">SimpleLBPolicy</a></td>
<td>Load balancing policy name (as defined in SimpleLBPolicy below)</td>
</tr>
</table>
<a name="istio.proxy.v1.config.LoadBalancing.SimpleLBPolicy"></a>
### SimpleLBPolicy
Load balancing algorithms supported by Envoy proxy.
<table>
<tr>
<th>Value</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1.config.LoadBalancing.SimpleLBPolicy.ROUNDROBIN"></a>
<tr>
<td>ROUNDROBIN</td>
<td>Simple round robin policy.</td>
</tr>
<a name="istio.proxy.v1.config.LoadBalancing.SimpleLBPolicy.LEASTCONN"></a>
<tr>
<td>LEASTCONN</td>
<td>The least request load balancer uses an O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests.</td>
</tr>
<a name="istio.proxy.v1.config.LoadBalancing.SimpleLBPolicy.RANDOM"></a>
<tr>
<td>RANDOM</td>
<td>The random load balancer selects a random healthy host. The random load balancer generally performs better than round robin if no health checking policy is configured.</td>
</tr>
</table>

136
_docs/reference/api/fault-injection.md Normal file
View File

@ -0,0 +1,136 @@
---
title: Fault Injection
overview: Generated documentation for the Istio's Configuration Schemas
order: 1010
layout: docs
type: markdown
---
<a name="rpcIstio.proxy.v1.configIndex"></a>
### Index
* [HTTPFaultInjection](#istio.proxy.v1.config.HTTPFaultInjection)
(message)
* [HTTPFaultInjection.Abort](#istio.proxy.v1.config.HTTPFaultInjection.Abort)
(message)
* [HTTPFaultInjection.Delay](#istio.proxy.v1.config.HTTPFaultInjection.Delay)
(message)
<a name="istio.proxy.v1.config.HTTPFaultInjection"></a>
### HTTPFaultInjection
HTTPFaultInjection can be used to specify one or more faults to inject
while forwarding http requests to the destination specified in the route
rule. Fault specification is part of a route rule. Faults include
aborting the Http request from downstream service, and/or delaying
proxying of requests. A fault rule MUST HAVE delay or abort or both.
*Note:* Delay and abort faults are independent of one another, even if
both are specified simultaneously.
<table>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1.config.HTTPFaultInjection.delay"></a>
<tr>
<td><code>delay</code></td>
<td><a href="#istio.proxy.v1.config.HTTPFaultInjection.Delay">Delay</a></td>
<td>Delay requests before forwarding, emulating various failures such as network issues, overloaded upstream service, etc.</td>
</tr>
<a name="istio.proxy.v1.config.HTTPFaultInjection.abort"></a>
<tr>
<td><code>abort</code></td>
<td><a href="#istio.proxy.v1.config.HTTPFaultInjection.Abort">Abort</a></td>
<td>Abort Http request attempts and return error codes back to downstream service, giving the impression that the upstream service is faulty.</td>
</tr>
</table>
<a name="istio.proxy.v1.config.HTTPFaultInjection.Abort"></a>
### Abort
Abort specification is used to prematurely abort a request with a
pre-specified error code. The following example will return an HTTP
400 error code for 10% of the requests to the "ratings" service "v1".
destination: ratings.default.svc.cluster.local
route:
- tags:
version: v1
httpFault:
abort:
percent: 10
httpStatus: 400
The HttpStatus_ field is used to indicate the HTTP status code to
return to the caller. The optional Percent_ field, a value between 0
and 100, is used to only abort a certain percentage of requests. If
not specified, all requests are aborted.
<table>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1.config.HTTPFaultInjection.Abort.percent"></a>
<tr>
<td><code>percent</code></td>
<td>float</td>
<td>percentage of requests to be aborted with the error code provided (0-100).</td>
</tr>
<a name="istio.proxy.v1.config.HTTPFaultInjection.Abort.httpStatus"></a>
<tr>
<td><code>httpStatus</code></td>
<td>int32</td>
<td>REQUIRED. HTTP status code to use to abort the Http request.</td>
</tr>
</table>
<a name="istio.proxy.v1.config.HTTPFaultInjection.Delay"></a>
### Delay
Delay specification is used to inject latency into the request
forwarding path. The following example will introduce a 5 second delay
in 10% of the requests to the "v1" version of the "reviews"
service.
destination: reviews.default.svc.cluster.local
route:
- tags:
version: v1
httpFault:
delay:
percent: 10
fixedDelay: 5s
The FixedDelay_ field is used to indicate the amount of delay in
seconds. An optional Percent_ field, a value between 0 and 100, can
be used to only delay a certain percentage of requests. If left
unspecified, all request will be delayed.
<table>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1.config.HTTPFaultInjection.Delay.percent"></a>
<tr>
<td><code>percent</code></td>
<td>float</td>
<td>percentage of requests on which the delay will be injected (0-100)</td>
</tr>
<a name="istio.proxy.v1.config.HTTPFaultInjection.Delay.fixedDelay"></a>
<tr>
<td><code>fixedDelay</code></td>
<td><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></td>
<td>REQUIRED. Add a fixed delay before forwarding the request. Format: 1h/1m/1s/1ms. MUST be &gt;=1ms.</td>
</tr>
</table>

176
_docs/reference/api/manager-config.md Normal file
View File

@ -0,0 +1,176 @@
---
title: Manager
overview: Generated documentation for the Istio's Configuration Schemas
order: 1020
layout: docs
type: markdown
---
<a name="rpcIstio.proxy.v1.configIndex"></a>
### Index
* [ProxyMeshConfig](#istio.proxy.v1.config.ProxyMeshConfig)
(message)
* [ProxyMeshConfig.AuthPolicy](#istio.proxy.v1.config.ProxyMeshConfig.AuthPolicy)
(enum)
* [ProxyMeshConfig.IngressControllerMode](#istio.proxy.v1.config.ProxyMeshConfig.IngressControllerMode)
(enum)
<a name="istio.proxy.v1.config.ProxyMeshConfig"></a>
### ProxyMeshConfig
ProxyMeshConfig defines variables shared by all Envoy instances in the
Istio service mesh.
<table>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1.config.ProxyMeshConfig.egressProxyAddress"></a>
<tr>
<td><code>egressProxyAddress</code></td>
<td>string</td>
<td>Address of the egress envoy service (e.g. <em>istio-egress:80</em>).</td>
</tr>
<a name="istio.proxy.v1.config.ProxyMeshConfig.discoveryAddress"></a>
<tr>
<td><code>discoveryAddress</code></td>
<td>string</td>
<td>Address of the discovery service exposing SDS, CDS, RDS (e.g. <em>istio-manager:8080</em>).</td>
</tr>
<a name="istio.proxy.v1.config.ProxyMeshConfig.mixerAddress"></a>
<tr>
<td><code>mixerAddress</code></td>
<td>string</td>
<td>Address of the mixer service (e.g. <em>istio-mixer:9090</em>).</td>
</tr>
<a name="istio.proxy.v1.config.ProxyMeshConfig.zipkinAddress"></a>
<tr>
<td><code>zipkinAddress</code></td>
<td>string</td>
<td>Address of the Zipkin service (e.g. <em>zipkin:9411</em>).</td>
</tr>
<a name="istio.proxy.v1.config.ProxyMeshConfig.proxyListenPort"></a>
<tr>
<td><code>proxyListenPort</code></td>
<td>int32</td>
<td>Port on which egress envoy should listen for incoming connections from other services.</td>
</tr>
<a name="istio.proxy.v1.config.ProxyMeshConfig.proxyAdminPort"></a>
<tr>
<td><code>proxyAdminPort</code></td>
<td>int32</td>
<td>Port on which egress envoy should listen for administrative commands.</td>
</tr>
<a name="istio.proxy.v1.config.ProxyMeshConfig.drainDuration"></a>
<tr>
<td><code>drainDuration</code></td>
<td><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></td>
<td>The time in seconds that Envoy will drain connections during a hot restart. MUST be &gt;=1s (e.g., <em>1s/1m/1h</em>)</td>
</tr>
<a name="istio.proxy.v1.config.ProxyMeshConfig.parentShutdownDuration"></a>
<tr>
<td><code>parentShutdownDuration</code></td>
<td><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></td>
<td>The time in seconds that Envoy will wait before shutting down the parent process during a hot restart. MUST be &gt;=1s (e.g., <em>1s/1m/1h</em>). MUST BE greater than <em>drainDuration</em> parameter.</td>
</tr>
<a name="istio.proxy.v1.config.ProxyMeshConfig.istioServiceCluster"></a>
<tr>
<td><code>istioServiceCluster</code></td>
<td>string</td>
<td><p>istioServiceCluster defines the name for the serviceCluster that is shared by all Envoy instances. This setting corresponds to <em>--service-cluster</em> flag in Envoy. In a typical Envoy deployment, the <em>service-cluster</em> flag is used to identify the caller, for source-based routing scenarios.</p><p>Since Istio does not assign a local service/service version to each Envoy instance, the name is same for all of them. However, the source/caller's identity (e.g., IP address) is encoded in the <em>--service-node</em> flag when launching Envoy. When the RDS service receives API calls from Envoy, it uses the value of the <em>service-node</em> flag to compute routes that are relative to the service instances located at that IP address.</p></td>
</tr>
<a name="istio.proxy.v1.config.ProxyMeshConfig.discoveryRefreshDelay"></a>
<tr>
<td><code>discoveryRefreshDelay</code></td>
<td><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></td>
<td>Polling interval for service discovery. (MUST BE &gt;=1ms)</td>
</tr>
<a name="istio.proxy.v1.config.ProxyMeshConfig.connectTimeout"></a>
<tr>
<td><code>connectTimeout</code></td>
<td><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></td>
<td>Connection timeout used by Envoy. (MUST BE &gt;=1ms)</td>
</tr>
<a name="istio.proxy.v1.config.ProxyMeshConfig.ingressClass"></a>
<tr>
<td><code>ingressClass</code></td>
<td>string</td>
<td>Class of ingress resources to be processed by Istio ingress controller. This corresponds to the value of "kubernetes.io/ingress.class" annotation.</td>
</tr>
<a name="istio.proxy.v1.config.ProxyMeshConfig.ingressService"></a>
<tr>
<td><code>ingressService</code></td>
<td>string</td>
<td>Name of the kubernetes service used for the istio ingress controller.</td>
</tr>
<a name="istio.proxy.v1.config.ProxyMeshConfig.ingressControllerMode"></a>
<tr>
<td><code>ingressControllerMode</code></td>
<td><a href="#istio.proxy.v1.config.ProxyMeshConfig.IngressControllerMode">IngressControllerMode</a></td>
<td>Defines whether to use Istio ingress controller for annotated or all ingress resources.</td>
</tr>
<a name="istio.proxy.v1.config.ProxyMeshConfig.authPolicy"></a>
<tr>
<td><code>authPolicy</code></td>
<td><a href="#istio.proxy.v1.config.ProxyMeshConfig.AuthPolicy">AuthPolicy</a></td>
<td>Authentication policy defines the global switch to control authentication for Envoy-to-Envoy communication.</td>
</tr>
<a name="istio.proxy.v1.config.ProxyMeshConfig.authCertsPath"></a>
<tr>
<td><code>authCertsPath</code></td>
<td>string</td>
<td>Path to the secrets used by the authentication policy.</td>
</tr>
</table>
<a name="istio.proxy.v1.config.ProxyMeshConfig.AuthPolicy"></a>
### AuthPolicy
<table>
<tr>
<th>Value</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1.config.ProxyMeshConfig.AuthPolicy.NONE"></a>
<tr>
<td>NONE</td>
<td>Do not encrypt Envoy to Envoy traffic.</td>
</tr>
<a name="istio.proxy.v1.config.ProxyMeshConfig.AuthPolicy.MUTUALTLS"></a>
<tr>
<td>MUTUALTLS</td>
<td>Envoy to Envoy traffic is wrapped into mutual TLS connections.</td>
</tr>
</table>
<a name="istio.proxy.v1.config.ProxyMeshConfig.IngressControllerMode"></a>
### IngressControllerMode
<table>
<tr>
<th>Value</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1.config.ProxyMeshConfig.IngressControllerMode.OFF"></a>
<tr>
<td>OFF</td>
<td>Disables Istio ingress controller.</td>
</tr>
<a name="istio.proxy.v1.config.ProxyMeshConfig.IngressControllerMode.DEFAULT"></a>
<tr>
<td>DEFAULT</td>
<td>Istio ingress controller will act on ingress resources that do not contain any annotation or whose annotations match the value specified in the ingressClass parameter described earlier. Use this mode if Istio ingress controller will be the default ingress controller for the entire kubernetes cluster.</td>
</tr>
<a name="istio.proxy.v1.config.ProxyMeshConfig.IngressControllerMode.STRICT"></a>
<tr>
<td>STRICT</td>
<td>Istio ingress controller will only act on ingress resources whose annotations match the value specified in the ingressClass parameter described earlier. Use this mode if Istio ingress controller will be a secondary ingress controller (e.g., in addition to a cloud-provided ingress controller).</td>
</tr>
</table>

905
_docs/reference/api/proxy-config.md
View File

@ -1,905 +0,0 @@
---
title: Traffic Rules Configuration Schema
overview: Generated documentation for the Istio Traffic Rules Configuration Schema
order: 60
layout: docs
type: markdown
---
<a name="rpc_istio.proxy.v1alpha.config"></a>
## Package istio.proxy.v1alpha.config
<a name="rpc_istio.proxy.v1alpha.config_index"></a>
### Index
* [CircuitBreaker](#istio.proxy.v1alpha.config.CircuitBreaker)
(message)
* [CircuitBreaker.SimpleCircuitBreakerPolicy](#istio.proxy.v1alpha.config.CircuitBreaker.SimpleCircuitBreakerPolicy)
(message)
* [DestinationPolicy](#istio.proxy.v1alpha.config.DestinationPolicy)
(message)
* [DestinationWeight](#istio.proxy.v1alpha.config.DestinationWeight)
(message)
* [HTTPFaultInjection](#istio.proxy.v1alpha.config.HTTPFaultInjection)
(message)
* [HTTPFaultInjection.Abort](#istio.proxy.v1alpha.config.HTTPFaultInjection.Abort)
(message)
* [HTTPFaultInjection.Delay](#istio.proxy.v1alpha.config.HTTPFaultInjection.Delay)
(message)
* [HTTPRetry](#istio.proxy.v1alpha.config.HTTPRetry)
(message)
* [HTTPRetry.SimpleRetryPolicy](#istio.proxy.v1alpha.config.HTTPRetry.SimpleRetryPolicy)
(message)
* [HTTPTimeout](#istio.proxy.v1alpha.config.HTTPTimeout)
(message)
* [HTTPTimeout.SimpleTimeoutPolicy](#istio.proxy.v1alpha.config.HTTPTimeout.SimpleTimeoutPolicy)
(message)
* [L4FaultInjection](#istio.proxy.v1alpha.config.L4FaultInjection)
(message)
* [L4FaultInjection.Terminate](#istio.proxy.v1alpha.config.L4FaultInjection.Terminate)
(message)
* [L4FaultInjection.Throttle](#istio.proxy.v1alpha.config.L4FaultInjection.Throttle)
(message)
* [L4MatchAttributes](#istio.proxy.v1alpha.config.L4MatchAttributes)
(message)
* [LoadBalancing](#istio.proxy.v1alpha.config.LoadBalancing)
(message)
* [LoadBalancing.SimpleLBPolicy](#istio.proxy.v1alpha.config.LoadBalancing.SimpleLBPolicy)
(enum)
* [MatchCondition](#istio.proxy.v1alpha.config.MatchCondition)
(message)
* [ProxyMeshConfig](#istio.proxy.v1alpha.config.ProxyMeshConfig)
(message)
* [ProxyMeshConfig.AuthPolicy](#istio.proxy.v1alpha.config.ProxyMeshConfig.AuthPolicy)
(enum)
* [ProxyMeshConfig.IngressControllerMode](#istio.proxy.v1alpha.config.ProxyMeshConfig.IngressControllerMode)
(enum)
* [RouteRule](#istio.proxy.v1alpha.config.RouteRule)
(message)
* [StringMatch](#istio.proxy.v1alpha.config.StringMatch)
(message)
<a name="istio.proxy.v1alpha.config.CircuitBreaker"></a>
### CircuitBreaker
Circuit breaker configuration.
<table>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1alpha.config.CircuitBreaker.simple_cb"></a>
<tr>
<td><code>simple_cb</code></td>
<td><a href="#istio.proxy.v1alpha.config.CircuitBreaker.SimpleCircuitBreakerPolicy">SimpleCircuitBreakerPolicy</a> (oneof )</td>
<td></td>
</tr>
<a name="istio.proxy.v1alpha.config.CircuitBreaker.custom"></a>
<tr>
<td><code>custom</code></td>
<td><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#any">Any</a> (oneof )</td>
<td>For proxies that support custom circuit breaker policies.</td>
</tr>
</table>
<a name="istio.proxy.v1alpha.config.CircuitBreaker.SimpleCircuitBreakerPolicy"></a>
### SimpleCircuitBreakerPolicy
<table>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1alpha.config.CircuitBreaker.SimpleCircuitBreakerPolicy.max_connections"></a>
<tr>
<td><code>max_connections</code></td>
<td>int32</td>
<td>Maximum number of connections to a backend.</td>
</tr>
<a name="istio.proxy.v1alpha.config.CircuitBreaker.SimpleCircuitBreakerPolicy.http_max_pending_requests"></a>
<tr>
<td><code>http_max_pending_requests</code></td>
<td>int32</td>
<td>Maximum number of pending requests to a backend.</td>
</tr>
<a name="istio.proxy.v1alpha.config.CircuitBreaker.SimpleCircuitBreakerPolicy.http_max_requests"></a>
<tr>
<td><code>http_max_requests</code></td>
<td>int32</td>
<td>Maximum number of requests to a backend.</td>
</tr>
<a name="istio.proxy.v1alpha.config.CircuitBreaker.SimpleCircuitBreakerPolicy.sleep_window"></a>
<tr>
<td><code>sleep_window</code></td>
<td>double</td>
<td>Minimum time the circuit will be closed. In floating point seconds format.</td>
</tr>
<a name="istio.proxy.v1alpha.config.CircuitBreaker.SimpleCircuitBreakerPolicy.http_consecutive_errors"></a>
<tr>
<td><code>http_consecutive_errors</code></td>
<td>int32</td>
<td>Number of 5XX errors before circuit is opened.</td>
</tr>
<a name="istio.proxy.v1alpha.config.CircuitBreaker.SimpleCircuitBreakerPolicy.http_detection_interval"></a>
<tr>
<td><code>http_detection_interval</code></td>
<td>double</td>
<td>Interval for checking state of hystrix circuit.</td>
</tr>
<a name="istio.proxy.v1alpha.config.CircuitBreaker.SimpleCircuitBreakerPolicy.http_max_requests_per_connection"></a>
<tr>
<td><code>http_max_requests_per_connection</code></td>
<td>int32</td>
<td>Maximum number of requests per connection to a backend.</td>
</tr>
<a name="istio.proxy.v1alpha.config.CircuitBreaker.SimpleCircuitBreakerPolicy.http_max_ejection_percent"></a>
<tr>
<td><code>http_max_ejection_percent</code></td>
<td>int32</td>
<td>Maximum % of hosts in the destination service that can be ejected due to circuit breaking. Defaults to 10%.</td>
</tr>
</table>
<a name="istio.proxy.v1alpha.config.DestinationPolicy"></a>
### DestinationPolicy
DestinationPolicy declares policies that determine how to handle traffic for a
destination service (load balancing policies, failure recovery policies such
as timeouts, retries, circuit breakers, etc). Policies are applicable per
individual service versions. ONLY ONE policy can be defined per service version.
/
Note that these policies are enforced on client-side connections or
requests, i.e., enforced when the service is opening a
connection/sending a request via the proxy to the destination.
<table>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1alpha.config.DestinationPolicy.destination"></a>
<tr>
<td><code>destination</code></td>
<td>string</td>
<td>REQUIRED. Service name for which the service version is defined. The value MUST be a fully-qualified domain name, e.g. "my-service.default.svc.cluster.local".</td>
</tr>
<a name="istio.proxy.v1alpha.config.DestinationPolicy.tags"></a>
<tr>
<td><code>tags</code></td>
<td>repeated map&lt;string, string&gt;</td>
<td>Service version destination identifier for the destination service. The identifier is qualified by the destination service name, e.g. version "env=prod" in "my-service.default.svc.cluster.local". N.B. The map is used instead of pstruct due to lack of serialization support in golang protobuf library (see <a href="https://github.com/golang/protobuf/pull/208">https://github.com/golang/protobuf/pull/208</a>)</td>
</tr>
<a name="istio.proxy.v1alpha.config.DestinationPolicy.load_balancing"></a>
<tr>
<td><code>load_balancing</code></td>
<td><a href="#istio.proxy.v1alpha.config.LoadBalancing">LoadBalancing</a></td>
<td>Load balancing policy</td>
</tr>
<a name="istio.proxy.v1alpha.config.DestinationPolicy.circuit_breaker"></a>
<tr>
<td><code>circuit_breaker</code></td>
<td><a href="#istio.proxy.v1alpha.config.CircuitBreaker">CircuitBreaker</a></td>
<td>Circuit breaker policy</td>
</tr>
<a name="istio.proxy.v1alpha.config.DestinationPolicy.custom"></a>
<tr>
<td><code>custom</code></td>
<td><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#any">Any</a></td>
<td>Other custom policy implementations</td>
</tr>
</table>
<a name="istio.proxy.v1alpha.config.DestinationWeight"></a>
### DestinationWeight
Each routing rule is associated with one or more service versions (see
glossary in beginning of document). Weights associated with the version
determine the proportion of traffic it receives.
<table>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1alpha.config.DestinationWeight.destination"></a>
<tr>
<td><code>destination</code></td>
<td>string</td>
<td>Destination uniquely identifies the destination service. If not specified, the value is inherited from the parent route rule. Value must be in fully qualified domain name format (e.g., "my-service.default.svc.cluster.local").</td>
</tr>
<a name="istio.proxy.v1alpha.config.DestinationWeight.tags"></a>
<tr>
<td><code>tags</code></td>
<td>repeated map&lt;string, string&gt;</td>
<td>Service version identifier for the destination service. N.B. The map is used instead of pstruct due to lack of serialization support in golang protobuf library (see <a href="https://github.com/golang/protobuf/pull/208">https://github.com/golang/protobuf/pull/208</a>)</td>
</tr>
<a name="istio.proxy.v1alpha.config.DestinationWeight.weight"></a>
<tr>
<td><code>weight</code></td>
<td>int32</td>
<td>The proportion of traffic to be forwarded to the service version. Max is 100. Sum of weights across destinations should add up to 100. If there is only destination in a rule, the weight value is assumed to be 100.</td>
</tr>
</table>
<a name="istio.proxy.v1alpha.config.HTTPFaultInjection"></a>
### HTTPFaultInjection
Faults can be injected into the API calls by the proxy, for testing the
failure recovery capabilities of downstream services. Faults include
aborting the Http request from downstream service, delaying the proxying of
requests, or both. MUST specify either delay or abort or both.
<table>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1alpha.config.HTTPFaultInjection.delay"></a>
<tr>
<td><code>delay</code></td>
<td><a href="#istio.proxy.v1alpha.config.HTTPFaultInjection.Delay">Delay</a></td>
<td>Delay requests before forwarding, emulating various failures such as network issues, overloaded upstream service, etc.</td>
</tr>
<a name="istio.proxy.v1alpha.config.HTTPFaultInjection.abort"></a>
<tr>
<td><code>abort</code></td>
<td><a href="#istio.proxy.v1alpha.config.HTTPFaultInjection.Abort">Abort</a></td>
<td>Abort Http request attempts and return error codes back to downstream service, giving the impression that the upstream service is faulty. N.B. Both delay and abort can be specified simultaneously. Delay and Abort are independent of one another. For e.g., if Delay is restricted to 5% of requests while Abort is restricted to 10% of requests, the 10% in abort specification applies to all requests directed to the service. It may be the case that one or more requests being aborted were also delayed.</td>
</tr>
</table>
<a name="istio.proxy.v1alpha.config.HTTPFaultInjection.Abort"></a>
### Abort
Abort Http request attempts and return error codes back to downstream
service.
<table>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1alpha.config.HTTPFaultInjection.Abort.percent"></a>
<tr>
<td><code>percent</code></td>
<td>float</td>
<td>percentage of requests to be aborted with the error code provided.</td>
</tr>
<a name="istio.proxy.v1alpha.config.HTTPFaultInjection.Abort.override_header_name"></a>
<tr>
<td><code>override_header_name</code></td>
<td>string</td>
<td>Specify abort code as part of Http request.</td>
</tr>
<a name="istio.proxy.v1alpha.config.HTTPFaultInjection.Abort.grpc_status"></a>
<tr>
<td><code>grpc_status</code></td>
<td>string (oneof )</td>
<td></td>
</tr>
<a name="istio.proxy.v1alpha.config.HTTPFaultInjection.Abort.http2_error"></a>
<tr>
<td><code>http2_error</code></td>
<td>string (oneof )</td>
<td></td>
</tr>
<a name="istio.proxy.v1alpha.config.HTTPFaultInjection.Abort.http_status"></a>
<tr>
<td><code>http_status</code></td>
<td>int32 (oneof )</td>
<td></td>
</tr>
</table>
<a name="istio.proxy.v1alpha.config.HTTPFaultInjection.Delay"></a>
### Delay
MUST specify either a fixed delay or exponential delay. Exponential
delay is unsupported at the moment.
<table>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1alpha.config.HTTPFaultInjection.Delay.percent"></a>
<tr>
<td><code>percent</code></td>
<td>float</td>
<td>percentage of requests on which the delay will be injected</td>
</tr>
<a name="istio.proxy.v1alpha.config.HTTPFaultInjection.Delay.override_header_name"></a>
<tr>
<td><code>override_header_name</code></td>
<td>string</td>
<td>Specify delay duration as part of Http request.</td>
</tr>
<a name="istio.proxy.v1alpha.config.HTTPFaultInjection.Delay.fixed_delay"></a>
<tr>
<td><code>fixed_delay</code></td>
<td>double (oneof )</td>
<td>Add a fixed delay before forwarding the request. Delay duration in seconds.nanoseconds</td>
</tr>
<a name="istio.proxy.v1alpha.config.HTTPFaultInjection.Delay.exponential_delay"></a>
<tr>
<td><code>exponential_delay</code></td>
<td>double (oneof )</td>
<td>Add a delay (based on an exponential function) before forwarding the request. mean delay needed to derive the exponential delay values</td>
</tr>
</table>
<a name="istio.proxy.v1alpha.config.HTTPRetry"></a>
### HTTPRetry
Retry policy to use when a request fails.
<table>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1alpha.config.HTTPRetry.simple_retry"></a>
<tr>
<td><code>simple_retry</code></td>
<td><a href="#istio.proxy.v1alpha.config.HTTPRetry.SimpleRetryPolicy">SimpleRetryPolicy</a> (oneof )</td>
<td></td>
</tr>
<a name="istio.proxy.v1alpha.config.HTTPRetry.custom"></a>
<tr>
<td><code>custom</code></td>
<td><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#any">Any</a> (oneof )</td>
<td>For proxies that support custom retry policies</td>
</tr>
</table>
<a name="istio.proxy.v1alpha.config.HTTPRetry.SimpleRetryPolicy"></a>
### SimpleRetryPolicy
<table>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1alpha.config.HTTPRetry.SimpleRetryPolicy.attempts"></a>
<tr>
<td><code>attempts</code></td>
<td>int32</td>
<td>Number of retries for a given request. The interval between retries will be determined automatically (25ms+). Actual number of retries attempted depends on the http_timeout</td>
</tr>
<a name="istio.proxy.v1alpha.config.HTTPRetry.SimpleRetryPolicy.per_try_timeout"></a>
<tr>
<td><code>per_try_timeout</code></td>
<td>double</td>
<td>Timeout per retry attempt for a given request. Specified in seconds.nanoseconds format.</td>
</tr>
<a name="istio.proxy.v1alpha.config.HTTPRetry.SimpleRetryPolicy.override_header_name"></a>
<tr>
<td><code>override_header_name</code></td>
<td>string</td>
<td>Downstream Service could specify retry attempts via Http header to the proxy, if the proxy supports such a feature.</td>
</tr>
</table>
<a name="istio.proxy.v1alpha.config.HTTPTimeout"></a>
### HTTPTimeout
Request timeout: wait time until a response is received. Does not
indicate the time for the entire response to arrive.
<table>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1alpha.config.HTTPTimeout.simple_timeout"></a>
<tr>
<td><code>simple_timeout</code></td>
<td><a href="#istio.proxy.v1alpha.config.HTTPTimeout.SimpleTimeoutPolicy">SimpleTimeoutPolicy</a> (oneof )</td>
<td></td>
</tr>
<a name="istio.proxy.v1alpha.config.HTTPTimeout.custom"></a>
<tr>
<td><code>custom</code></td>
<td><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#any">Any</a> (oneof )</td>
<td>For proxies that support custom timeout policies</td>
</tr>
</table>
<a name="istio.proxy.v1alpha.config.HTTPTimeout.SimpleTimeoutPolicy"></a>
### SimpleTimeoutPolicy
<table>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1alpha.config.HTTPTimeout.SimpleTimeoutPolicy.timeout"></a>
<tr>
<td><code>timeout</code></td>
<td>double</td>
<td>Timeout for a HTTP request. Includes retries as well. Unit is in floating point seconds. Default 15 seconds. Specified in seconds.nanoseconds format</td>
</tr>
<a name="istio.proxy.v1alpha.config.HTTPTimeout.SimpleTimeoutPolicy.override_header_name"></a>
<tr>
<td><code>override_header_name</code></td>
<td>string</td>
<td>Downstream service could specify timeout via Http header to the proxy, if the proxy supports such a feature.</td>
</tr>
</table>
<a name="istio.proxy.v1alpha.config.L4FaultInjection"></a>
### L4FaultInjection
/@exclude Faults can be injected into the connections from downstream by the
proxy, for testing the failure recovery capabilities of downstream
services. Faults include aborting the connection from downstream
service, delaying the proxying of connection to the destination
service, and throttling the bandwidth of the connection (either
end). Bandwidth throttling for failure testing should not be confused
with the rate limiting policy enforcement provided by the Mixer
component. L4 fault injection is not supported at the moment.
Unlike Http services, we have very little context for raw Tcp|Udp
connections. We could throttle bandwidth of the connections (slow down
the connection) and/or abruptly reset (terminate) the Tcp connection
after it has been established.
<table>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1alpha.config.L4FaultInjection.throttle"></a>
<tr>
<td><code>throttle</code></td>
<td><a href="#istio.proxy.v1alpha.config.L4FaultInjection.Throttle">Throttle</a></td>
<td>We first throttle (if set) and then terminate the connection.</td>
</tr>
<a name="istio.proxy.v1alpha.config.L4FaultInjection.terminate"></a>
<tr>
<td><code>terminate</code></td>
<td><a href="#istio.proxy.v1alpha.config.L4FaultInjection.Terminate">Terminate</a></td>
<td></td>
</tr>
</table>
<a name="istio.proxy.v1alpha.config.L4FaultInjection.Terminate"></a>
### Terminate
Abruptly reset (terminate) the Tcp connection after it has been
established, emulating remote server crash or link failure.
<table>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1alpha.config.L4FaultInjection.Terminate.percent"></a>
<tr>
<td><code>percent</code></td>
<td>float</td>
<td>percentage of established Tcp connections to be terminated/reset</td>
</tr>
<a name="istio.proxy.v1alpha.config.L4FaultInjection.Terminate.terminate_after_period"></a>
<tr>
<td><code>terminate_after_period</code></td>
<td>double</td>
<td></td>
</tr>
</table>
<a name="istio.proxy.v1alpha.config.L4FaultInjection.Throttle"></a>
### Throttle
Bandwidth throttling for Tcp and Udp connections
<table>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1alpha.config.L4FaultInjection.Throttle.percent"></a>
<tr>
<td><code>percent</code></td>
<td>float</td>
<td>percentage of connections to throttle.</td>
</tr>
<a name="istio.proxy.v1alpha.config.L4FaultInjection.Throttle.downstream_limit_bps"></a>
<tr>
<td><code>downstream_limit_bps</code></td>
<td>int64</td>
<td>bandwidth limit in "bits" per second between downstream and proxy</td>
</tr>
<a name="istio.proxy.v1alpha.config.L4FaultInjection.Throttle.upstream_limit_bps"></a>
<tr>
<td><code>upstream_limit_bps</code></td>
<td>int64</td>
<td>bandwidth limits in "bits" per second between proxy and upstream</td>
</tr>
<a name="istio.proxy.v1alpha.config.L4FaultInjection.Throttle.throttle_for_period"></a>
<tr>
<td><code>throttle_for_period</code></td>
<td><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#doublevalue">DoubleValue</a></td>
<td>Stop throttling after the given duration. If not set, the connection will be throttled for its lifetime.</td>
</tr>
<a name="istio.proxy.v1alpha.config.L4FaultInjection.Throttle.throttle_after_period"></a>
<tr>
<td><code>throttle_after_period</code></td>
<td>double (oneof )</td>
<td>Wait for X seconds after the connection is established, before starting bandwidth throttling. This would allow us to inject fault after the application protocol (e.g., MySQL) has had time to establish sessions/whatever handshake necessary.</td>
</tr>
<a name="istio.proxy.v1alpha.config.L4FaultInjection.Throttle.throttle_after_bytes"></a>
<tr>
<td><code>throttle_after_bytes</code></td>
<td>double (oneof )</td>
<td>Alternatively, we could wait for a certain number of bytes to be transferred to upstream before throttling the bandwidth.</td>
</tr>
</table>
<a name="istio.proxy.v1alpha.config.L4MatchAttributes"></a>
### L4MatchAttributes
L4 connection match attributes. Note that L4 connection matching
support is incomplete.
<table>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1alpha.config.L4MatchAttributes.source_subnet"></a>
<tr>
<td><code>source_subnet[]</code></td>
<td>repeated string</td>
<td>IPv4 or IPv6 ip address with optional subnet. E.g., a.b.c.d/xx form or just a.b.c.d</td>
</tr>
<a name="istio.proxy.v1alpha.config.L4MatchAttributes.destination_subnet"></a>
<tr>
<td><code>destination_subnet[]</code></td>
<td>repeated string</td>
<td>IPv4 or IPv6 ip address of destination with optional subnet. E.g., a.b.c.d/xx form or just a.b.c.d. This is only valid when the destination service has several IPs and the application explicitly specifies a particular IP.</td>
</tr>
</table>
<a name="istio.proxy.v1alpha.config.LoadBalancing"></a>
### LoadBalancing
Load balancing policy to use when forwarding traffic.
<table>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1alpha.config.LoadBalancing.name"></a>
<tr>
<td><code>name</code></td>
<td><a href="#istio.proxy.v1alpha.config.LoadBalancing.SimpleLBPolicy">SimpleLBPolicy</a> (oneof )</td>
<td></td>
</tr>
<a name="istio.proxy.v1alpha.config.LoadBalancing.custom"></a>
<tr>
<td><code>custom</code></td>
<td><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#any">Any</a> (oneof )</td>
<td>/Custom LB policy implementations</td>
</tr>
</table>
<a name="istio.proxy.v1alpha.config.LoadBalancing.SimpleLBPolicy"></a>
### SimpleLBPolicy
Common load balancing policies supported in Istio service mesh.
<table>
<tr>
<th>Value</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1alpha.config.LoadBalancing.SimpleLBPolicy.ROUND_ROBIN"></a>
<tr>
<td>ROUND_ROBIN</td>
<td></td>
</tr>
<a name="istio.proxy.v1alpha.config.LoadBalancing.SimpleLBPolicy.LEAST_CONN"></a>
<tr>
<td>LEAST_CONN</td>
<td></td>
</tr>
<a name="istio.proxy.v1alpha.config.LoadBalancing.SimpleLBPolicy.RANDOM"></a>
<tr>
<td>RANDOM</td>
<td>Envoy has IP_HASH, but requires a HTTP header name to hash on</td>
</tr>
</table>
<a name="istio.proxy.v1alpha.config.MatchCondition"></a>
### MatchCondition
Match condition specifies a set of criterion to be met in order for the
route rule to be applied to the connection or HTTP request. The
condition provides distinct set of conditions for each protocol with
the intention that conditions apply only to the service ports that
match the protocol.
<table>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1alpha.config.MatchCondition.source"></a>
<tr>
<td><code>source</code></td>
<td>string</td>
<td>Identifies the service initiating a connection or a request by its name. If specified, name MUST BE a fully qualified domain name such as foo.bar.com</td>
</tr>
<a name="istio.proxy.v1alpha.config.MatchCondition.source_tags"></a>
<tr>
<td><code>source_tags</code></td>
<td>repeated map&lt;string, string&gt;</td>
<td>Identifies the source service version. The identifier is interpreted by the platform to match a service version for the source service. N.B. The map is used instead of pstruct due to lack of serialization support in golang protobuf library (see <a href="https://github.com/golang/protobuf/pull/208">https://github.com/golang/protobuf/pull/208</a>)</td>
</tr>
<a name="istio.proxy.v1alpha.config.MatchCondition.tcp"></a>
<tr>
<td><code>tcp</code></td>
<td><a href="#istio.proxy.v1alpha.config.L4MatchAttributes">L4MatchAttributes</a></td>
<td>Set of layer 4 match conditions based on the IP ranges. INCOMPLETE implementation</td>
</tr>
<a name="istio.proxy.v1alpha.config.MatchCondition.udp"></a>
<tr>
<td><code>udp</code></td>
<td><a href="#istio.proxy.v1alpha.config.L4MatchAttributes">L4MatchAttributes</a></td>
<td>Set of layer 4 match conditions based on the IP ranges</td>
</tr>
<a name="istio.proxy.v1alpha.config.MatchCondition.http_headers"></a>
<tr>
<td><code>http_headers</code></td>
<td>repeated map&lt;string, <a href="#istio.proxy.v1alpha.config.StringMatch">StringMatch</a>&gt;</td>
<td>Set of HTTP match conditions based on HTTP/1.1, HTTP/2, GRPC request metadata, such as "uri", "scheme", "authority". The header keys are case-insensitive.</td>
</tr>
</table>
<a name="istio.proxy.v1alpha.config.ProxyMeshConfig"></a>
### ProxyMeshConfig
ProxyMeshConfig defines variables shared by all proxies in the Istio
service mesh.
<table>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1alpha.config.ProxyMeshConfig.egress_proxy_address"></a>
<tr>
<td><code>egress_proxy_address</code></td>
<td>string</td>
<td>Address of the egress proxy service (e.g. "istio-egress:80")</td>
</tr>
<a name="istio.proxy.v1alpha.config.ProxyMeshConfig.discovery_address"></a>
<tr>
<td><code>discovery_address</code></td>
<td>string</td>
<td>Address of the discovery service exposing SDS, CDS, RDS (e.g. "manager:8080")</td>
</tr>
<a name="istio.proxy.v1alpha.config.ProxyMeshConfig.mixer_address"></a>
<tr>
<td><code>mixer_address</code></td>
<td>string</td>
<td>Address of the mixer service (e.g. "mixer:9090")</td>
</tr>
<a name="istio.proxy.v1alpha.config.ProxyMeshConfig.proxy_listen_port"></a>
<tr>
<td><code>proxy_listen_port</code></td>
<td>int32</td>
<td>Port opened by the proxy for the traffic capture</td>
</tr>
<a name="istio.proxy.v1alpha.config.ProxyMeshConfig.proxy_admin_port"></a>
<tr>
<td><code>proxy_admin_port</code></td>
<td>int32</td>
<td>Port opened by the proxy for the administrative interface</td>
</tr>
<a name="istio.proxy.v1alpha.config.ProxyMeshConfig.drain_duration"></a>
<tr>
<td><code>drain_duration</code></td>
<td><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></td>
<td>Duration of the grace period to drain connections from the parent proxy instance</td>
</tr>
<a name="istio.proxy.v1alpha.config.ProxyMeshConfig.parent_shutdown_duration"></a>
<tr>
<td><code>parent_shutdown_duration</code></td>
<td><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></td>
<td>Duration to wait before shutting down the parent proxy instance</td>
</tr>
<a name="istio.proxy.v1alpha.config.ProxyMeshConfig.istio_service_cluster"></a>
<tr>
<td><code>istio_service_cluster</code></td>
<td>string</td>
<td>IstioServiceCluster defines the name for the service_cluster that is shared by all proxy instances. Since Istio does not assign a local service/service version to each proxy instance, the name is same for all of them. This setting corresponds to "--service-cluster" flag in Envoy. The value for "--service-node" is used by the proxy to identify its set of local instances to RDS for source-based routing. For example, if proxy sends its IP address, the RDS can compute routes that are relative to the service instances located at that IP address.</td>
</tr>
<a name="istio.proxy.v1alpha.config.ProxyMeshConfig.discovery_refresh_delay"></a>
<tr>
<td><code>discovery_refresh_delay</code></td>
<td><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></td>
<td>Delay between polling requests to the discovery service</td>
</tr>
<a name="istio.proxy.v1alpha.config.ProxyMeshConfig.connect_timeout"></a>
<tr>
<td><code>connect_timeout</code></td>
<td><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></td>
<td>Connection timeout used by the Envoy clusters</td>
</tr>
<a name="istio.proxy.v1alpha.config.ProxyMeshConfig.ingress_class"></a>
<tr>
<td><code>ingress_class</code></td>
<td>string</td>
<td>Class of ingress resources to be processed by Istio ingress controller. This corresponds to the value of "kubernetes.io/ingress.class" annotation.</td>
</tr>
<a name="istio.proxy.v1alpha.config.ProxyMeshConfig.ingress_controller_mode"></a>
<tr>
<td><code>ingress_controller_mode</code></td>
<td><a href="#istio.proxy.v1alpha.config.ProxyMeshConfig.IngressControllerMode">IngressControllerMode</a></td>
<td>Defines whether to use Istio ingress proxy for annotated or all ingress resources</td>
</tr>
<a name="istio.proxy.v1alpha.config.ProxyMeshConfig.auth_policy"></a>
<tr>
<td><code>auth_policy</code></td>
<td><a href="#istio.proxy.v1alpha.config.ProxyMeshConfig.AuthPolicy">AuthPolicy</a></td>
<td>Authentication policy defines the global switch to control authentication for proxy-to-proxy communication</td>
</tr>
<a name="istio.proxy.v1alpha.config.ProxyMeshConfig.auth_certs_path"></a>
<tr>
<td><code>auth_certs_path</code></td>
<td>string</td>
<td>Path to the secrets used by the authentication policy</td>
</tr>
</table>
<a name="istio.proxy.v1alpha.config.ProxyMeshConfig.AuthPolicy"></a>
### AuthPolicy
<table>
<tr>
<th>Value</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1alpha.config.ProxyMeshConfig.AuthPolicy.NONE"></a>
<tr>
<td>NONE</td>
<td></td>
</tr>
<a name="istio.proxy.v1alpha.config.ProxyMeshConfig.AuthPolicy.MUTUAL_TLS"></a>
<tr>
<td>MUTUAL_TLS</td>
<td>Proxy to proxy traffic is wrapped into mutual TLS connections</td>
</tr>
</table>
<a name="istio.proxy.v1alpha.config.ProxyMeshConfig.IngressControllerMode"></a>
### IngressControllerMode
<table>
<tr>
<th>Value</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1alpha.config.ProxyMeshConfig.IngressControllerMode.OFF"></a>
<tr>
<td>OFF</td>
<td>Disables Ingress controller.</td>
</tr>
<a name="istio.proxy.v1alpha.config.ProxyMeshConfig.IngressControllerMode.DEFAULT"></a>
<tr>
<td>DEFAULT</td>
<td>Ingress resources are applied if annotated with the configured ingress class, or not annotated with an ingress class at all. This mode is suitable for a controller running as the cluster's default ingress controller, which is expected to also process ingress resources not annotated at all.</td>
</tr>
<a name="istio.proxy.v1alpha.config.ProxyMeshConfig.IngressControllerMode.STRICT"></a>
<tr>
<td>STRICT</td>
<td>Ingress resources are applied only if annotated with the configured ingress class. This mode is suitable for a controller which is a running as a secondary ingress controller (e.g., in addition to a cloud-provided ingress controller).</td>
</tr>
</table>
<a name="istio.proxy.v1alpha.config.RouteRule"></a>
### RouteRule
Route rule provides a custom routing policy based on the source and
destination service versions and connection/request metadata. The rule must
provide a set of conditions for each protocol (TCP, UDP, HTTP) that the
destination service exposes on its ports. The rule applies only to the ports
on the destination service for which it provides protocol-specific match
condition, e.g. if the rule does not specify TCP condition, the rule does
not apply to TCP traffic towards the destination service.
<table>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1alpha.config.RouteRule.destination"></a>
<tr>
<td><code>destination</code></td>
<td>string</td>
<td>REQUIRED: Destination uniquely identifies the destination associated with this routing rule. This field is applicable for hostname-based resolution for HTTP traffic as well as IP-based resolution for TCP/UDP traffic. The value MUST be a fully-qualified domain name, e.g. "my-service.default.svc.cluster.local".</td>
</tr>
<a name="istio.proxy.v1alpha.config.RouteRule.precedence"></a>
<tr>
<td><code>precedence</code></td>
<td>int32</td>
<td>Precedence is used to disambiguate the order of application of rules for the same destination service. A higher number takes priority. If not specified, the value is assumed to be 0. The order of application for rules with the same precedence is unspecified.</td>
</tr>
<a name="istio.proxy.v1alpha.config.RouteRule.match"></a>
<tr>
<td><code>match</code></td>
<td><a href="#istio.proxy.v1alpha.config.MatchCondition">MatchCondition</a></td>
<td>Optional match condtions to be satisfied for the route rule to be activated. If match is omitted, the route rule applies only to HTTP traffic.</td>
</tr>
<a name="istio.proxy.v1alpha.config.RouteRule.route"></a>
<tr>
<td><code>route[]</code></td>
<td>repeated <a href="#istio.proxy.v1alpha.config.DestinationWeight">DestinationWeight</a></td>
<td>Each routing rule is associated with one or more service version destinations (see glossary in beginning of document). Weights associated with the service version determine the proportion of traffic it receives.</td>
</tr>
<a name="istio.proxy.v1alpha.config.RouteRule.http_req_timeout"></a>
<tr>
<td><code>http_req_timeout</code></td>
<td><a href="#istio.proxy.v1alpha.config.HTTPTimeout">HTTPTimeout</a></td>
<td>Timeout policy for HTTP requests.</td>
</tr>
<a name="istio.proxy.v1alpha.config.RouteRule.http_req_retries"></a>
<tr>
<td><code>http_req_retries</code></td>
<td><a href="#istio.proxy.v1alpha.config.HTTPRetry">HTTPRetry</a></td>
<td>Retry policy for HTTP requests.</td>
</tr>
<a name="istio.proxy.v1alpha.config.RouteRule.http_fault"></a>
<tr>
<td><code>http_fault</code></td>
<td><a href="#istio.proxy.v1alpha.config.HTTPFaultInjection">HTTPFaultInjection</a></td>
<td>/L7 fault injection policy applies to Http traffic</td>
</tr>
<a name="istio.proxy.v1alpha.config.RouteRule.l4_fault"></a>
<tr>
<td><code>l4_fault</code></td>
<td><a href="#istio.proxy.v1alpha.config.L4FaultInjection">L4FaultInjection</a></td>
<td>/@exclude L4 fault injection policy applies to Tcp/Udp (not Http) traffic</td>
</tr>
</table>
<a name="istio.proxy.v1alpha.config.StringMatch"></a>
### StringMatch
Describes how to matches a given string (exact match, prefix-based
match or posix style regex based match). Match is case-sensitive. NOTE:
use of regex depends on the specific proxy implementation.
<table>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1alpha.config.StringMatch.exact"></a>
<tr>
<td><code>exact</code></td>
<td>string (oneof )</td>
<td></td>
</tr>
<a name="istio.proxy.v1alpha.config.StringMatch.prefix"></a>
<tr>
<td><code>prefix</code></td>
<td>string (oneof )</td>
<td></td>
</tr>
<a name="istio.proxy.v1alpha.config.StringMatch.regex"></a>
<tr>
<td><code>regex</code></td>
<td>string (oneof )</td>
<td></td>
</tr>
</table>

576
_docs/reference/api/routing-rules.md Normal file
View File

@ -0,0 +1,576 @@
---
title: Routing Rules
overview: Generated documentation for the Istio's Configuration Schemas
order: 990
layout: docs
type: markdown
---
<a name="rpcIstio.proxy.v1.configIndex"></a>
### Index
* [DestinationWeight](#istio.proxy.v1.config.DestinationWeight)
(message)
* [HTTPFaultInjection](#istio.proxy.v1.config.HTTPFaultInjection)
(message)
* [HTTPFaultInjection.Abort](#istio.proxy.v1.config.HTTPFaultInjection.Abort)
(message)
* [HTTPFaultInjection.Delay](#istio.proxy.v1.config.HTTPFaultInjection.Delay)
(message)
* [HTTPRedirect](#istio.proxy.v1.config.HTTPRedirect)
(message)
* [HTTPRetry](#istio.proxy.v1.config.HTTPRetry)
(message)
* [HTTPRetry.SimpleRetryPolicy](#istio.proxy.v1.config.HTTPRetry.SimpleRetryPolicy)
(message)
* [HTTPRewrite](#istio.proxy.v1.config.HTTPRewrite)
(message)
* [HTTPTimeout](#istio.proxy.v1.config.HTTPTimeout)
(message)
* [HTTPTimeout.SimpleTimeoutPolicy](#istio.proxy.v1.config.HTTPTimeout.SimpleTimeoutPolicy)
(message)
* [MatchCondition](#istio.proxy.v1.config.MatchCondition)
(message)
* [RouteRule](#istio.proxy.v1.config.RouteRule)
(message)
* [StringMatch](#istio.proxy.v1.config.StringMatch)
(message)
<a name="istio.proxy.v1.config.DestinationWeight"></a>
### DestinationWeight
Each routing rule is associated with one or more service versions (see
glossary in beginning of document). Weights associated with the version
determine the proportion of traffic it receives. For example, the
following rule will route 25% of traffic for the "reviews" service to
instances with the "v2" tag and the remaining traffic (i.e., 75%) to
"v1".
destination: reviews.default.svc.cluster.local
route:
- tags:
version: v2
weight: 25
- tags:
version: v1
weight: 75
<table>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1.config.DestinationWeight.destination"></a>
<tr>
<td><code>destination</code></td>
<td>string</td>
<td>Destination uniquely identifies the destination service. If not specified, the value is inherited from the parent route rule. Value must be in fully qualified domain name format (e.g., "my-service.default.svc.cluster.local").</td>
</tr>
<a name="istio.proxy.v1.config.DestinationWeight.tags"></a>
<tr>
<td><code>tags</code></td>
<td>repeated map&lt;string, string&gt;</td>
<td>Service version identifier for the destination service.</td>
</tr>
<a name="istio.proxy.v1.config.DestinationWeight.weight"></a>
<tr>
<td><code>weight</code></td>
<td>int32</td>
<td>REQUIRED. The proportion of traffic to be forwarded to the service version. (0-100). Sum of weights across destinations SHOULD BE == 100. If there is only destination in a rule, the weight value is assumed to be 100.</td>
</tr>
</table>
<a name="istio.proxy.v1.config.HTTPFaultInjection"></a>
### HTTPFaultInjection
HTTPFaultInjection can be used to specify one or more faults to inject
while forwarding http requests to the destination specified in the route
rule. Fault specification is part of a route rule. Faults include
aborting the Http request from downstream service, and/or delaying
proxying of requests. A fault rule MUST HAVE delay or abort or both.
*Note:* Delay and abort faults are independent of one another, even if
both are specified simultaneously.
<table>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1.config.HTTPFaultInjection.delay"></a>
<tr>
<td><code>delay</code></td>
<td><a href="#istio.proxy.v1.config.HTTPFaultInjection.Delay">Delay</a></td>
<td>Delay requests before forwarding, emulating various failures such as network issues, overloaded upstream service, etc.</td>
</tr>
<a name="istio.proxy.v1.config.HTTPFaultInjection.abort"></a>
<tr>
<td><code>abort</code></td>
<td><a href="#istio.proxy.v1.config.HTTPFaultInjection.Abort">Abort</a></td>
<td>Abort Http request attempts and return error codes back to downstream service, giving the impression that the upstream service is faulty.</td>
</tr>
</table>
<a name="istio.proxy.v1.config.HTTPFaultInjection.Abort"></a>
### Abort
Abort specification is used to prematurely abort a request with a
pre-specified error code. The following example will return an HTTP
400 error code for 10% of the requests to the "ratings" service "v1".
destination: ratings.default.svc.cluster.local
route:
- tags:
version: v1
httpFault:
abort:
percent: 10
httpStatus: 400
The HttpStatus_ field is used to indicate the HTTP status code to
return to the caller. The optional Percent_ field, a value between 0
and 100, is used to only abort a certain percentage of requests. If
not specified, all requests are aborted.
<table>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1.config.HTTPFaultInjection.Abort.percent"></a>
<tr>
<td><code>percent</code></td>
<td>float</td>
<td>percentage of requests to be aborted with the error code provided (0-100).</td>
</tr>
<a name="istio.proxy.v1.config.HTTPFaultInjection.Abort.httpStatus"></a>
<tr>
<td><code>httpStatus</code></td>
<td>int32</td>
<td>REQUIRED. HTTP status code to use to abort the Http request.</td>
</tr>
</table>
<a name="istio.proxy.v1.config.HTTPFaultInjection.Delay"></a>
### Delay
Delay specification is used to inject latency into the request
forwarding path. The following example will introduce a 5 second delay
in 10% of the requests to the "v1" version of the "reviews"
service.
destination: reviews.default.svc.cluster.local
route:
- tags:
version: v1
httpFault:
delay:
percent: 10
fixedDelay: 5s
The FixedDelay_ field is used to indicate the amount of delay in
seconds. An optional Percent_ field, a value between 0 and 100, can
be used to only delay a certain percentage of requests. If left
unspecified, all request will be delayed.
<table>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1.config.HTTPFaultInjection.Delay.percent"></a>
<tr>
<td><code>percent</code></td>
<td>float</td>
<td>percentage of requests on which the delay will be injected (0-100)</td>
</tr>
<a name="istio.proxy.v1.config.HTTPFaultInjection.Delay.fixedDelay"></a>
<tr>
<td><code>fixedDelay</code></td>
<td><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></td>
<td>REQUIRED. Add a fixed delay before forwarding the request. Format: 1h/1m/1s/1ms. MUST be &gt;=1ms.</td>
</tr>
</table>
<a name="istio.proxy.v1.config.HTTPRedirect"></a>
### HTTPRedirect
HTTPRedirect can be used to send a 302 redirect response to the caller,
where the Authority/Host and the URI in the response can be swapped with
the specified values. For example, the following route rule redirects
requests for /v1/getProductRatings API on the ratings service to
/v1/bookRatings provided by the bookratings service.
destination: ratings.default.svc.cluster.local
match:
httpHeaders:
uri:
exact: /v1/getProductRatings
redirect:
uri: /v1/bookRatings
authority: bookratings.default.svc.cluster.local
<table>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1.config.HTTPRedirect.uri"></a>
<tr>
<td><code>uri</code></td>
<td>string</td>
<td>On a redirect, overwrite the Path portion of the URL with this value. Note that the entire path will be replaced, irrespective of the request URI being matched as an exact path or prefix.</td>
</tr>
<a name="istio.proxy.v1.config.HTTPRedirect.authority"></a>
<tr>
<td><code>authority</code></td>
<td>string</td>
<td>On a redirect, overwrite the Authority/Host portion of the URL with this value</td>
</tr>
</table>
<a name="istio.proxy.v1.config.HTTPRetry"></a>
### HTTPRetry
Describes the retry policy to use when a HTTP request fails. For
example, the following rule sets the maximum number of retries to 3 when
calling ratings:v1 service, with a 2s timeout per retry attempt.
destination: ratings.default.svc.cluster.local
route:
- tags:
version: v1
httpReqRetries:
simpleRetry:
attempts: 3
perTryTimeout: 2s
<table>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1.config.HTTPRetry.simpleRetry"></a>
<tr>
<td><code>simpleRetry</code></td>
<td><a href="#istio.proxy.v1.config.HTTPRetry.SimpleRetryPolicy">SimpleRetryPolicy</a></td>
<td></td>
</tr>
</table>
<a name="istio.proxy.v1.config.HTTPRetry.SimpleRetryPolicy"></a>
### SimpleRetryPolicy
<table>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1.config.HTTPRetry.SimpleRetryPolicy.attempts"></a>
<tr>
<td><code>attempts</code></td>
<td>int32</td>
<td>REQUIRED. Number of retries for a given request. The interval between retries will be determined automatically (25ms+). Actual number of retries attempted depends on the httpReqTimeout.</td>
</tr>
<a name="istio.proxy.v1.config.HTTPRetry.SimpleRetryPolicy.perTryTimeout"></a>
<tr>
<td><code>perTryTimeout</code></td>
<td><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></td>
<td>Timeout per retry attempt for a given request. format: 1h/1m/1s/1ms. MUST BE &gt;=1ms.</td>
</tr>
</table>
<a name="istio.proxy.v1.config.HTTPRewrite"></a>
### HTTPRewrite
HTTPRewrite can be used to rewrite specific parts of a HTTP request
before forwarding the request to the destination. Rewrite primitive can
be used only with the DestinationWeights. The following example
demonstrates how to rewrite the URL prefix for api call (/ratings) to
ratings service before making the actual API call.
destination: ratings.default.svc.cluster.local
match:
httpHeaders:
uri:
prefix: /ratings
rewrite:
uri: /v1/bookRatings
route:
- tags:
version: v1
<table>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1.config.HTTPRewrite.uri"></a>
<tr>
<td><code>uri</code></td>
<td>string</td>
<td>rewrite the Path (or the prefix) portion of the URI with this value. If the original URI was matched based on prefix, the value provided in this field will replace the corresponding matched prefix.</td>
</tr>
<a name="istio.proxy.v1.config.HTTPRewrite.authority"></a>
<tr>
<td><code>authority</code></td>
<td>string</td>
<td>rewrite the Authority/Host header with this value.</td>
</tr>
</table>
<a name="istio.proxy.v1.config.HTTPTimeout"></a>
### HTTPTimeout
Describes HTTP request timeout. For example, the following rule sets a
10 second timeout for calls to the ratings:v1 service
destination: ratings.default.svc.cluster.local
route:
- tags:
version: v1
httpReqTimeout:
simpleTimeout:
timeout: 10s
<table>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1.config.HTTPTimeout.simpleTimeout"></a>
<tr>
<td><code>simpleTimeout</code></td>
<td><a href="#istio.proxy.v1.config.HTTPTimeout.SimpleTimeoutPolicy">SimpleTimeoutPolicy</a></td>
<td></td>
</tr>
</table>
<a name="istio.proxy.v1.config.HTTPTimeout.SimpleTimeoutPolicy"></a>
### SimpleTimeoutPolicy
<table>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1.config.HTTPTimeout.SimpleTimeoutPolicy.timeout"></a>
<tr>
<td><code>timeout</code></td>
<td><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#duration">Duration</a></td>
<td>REQUIRED. Timeout for a HTTP request. Includes retries as well. Default 15s. format: 1h/1m/1s/1ms. MUST BE &gt;=1ms. It is possible to control timeout per request by supplying the timeout value via x-envoy-upstream-rq-timeout-ms HTTP header.</td>
</tr>
</table>
<a name="istio.proxy.v1.config.MatchCondition"></a>
### MatchCondition
Match condition specifies a set of criterion to be met in order for the
route rule to be applied to the connection or HTTP request. The
condition provides distinct set of conditions for each protocol with the
intention that conditions apply only to the service ports that match the
protocol. For example, the following route rule restricts the rule to
match only requests originating from "reviews:v2", accessing ratings
service where the URL path starts with /ratings/v2/ and the request
contains a "cookie" with value "user=jason",
destination: ratings.default.svc.cluster.local
match:
source: reviews.default.svc.cluster.local
sourceTags:
version: v2
httpHeaders:
cookie:
regex: "^(.*?;)?(user=jason)(;.*)?$"
uri:
prefix: "/ratings/v2/"
MatchCondition CANNOT BE empty. Atleast one of source, sourceTags or
httpHeaders must be specified.
<table>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1.config.MatchCondition.source"></a>
<tr>
<td><code>source</code></td>
<td>string</td>
<td>Identifies the service initiating a connection or a request by its name. If specified, name MUST BE a fully qualified domain name such as foo.bar.com</td>
</tr>
<a name="istio.proxy.v1.config.MatchCondition.sourceTags"></a>
<tr>
<td><code>sourceTags</code></td>
<td>repeated map&lt;string, string&gt;</td>
<td>One or more tags that uniquely identify the source service version. In Kubernetes, tags correspond to the labels associated with pods.</td>
</tr>
<a name="istio.proxy.v1.config.MatchCondition.httpHeaders"></a>
<tr>
<td><code>httpHeaders</code></td>
<td>repeated map&lt;string, <a href="#istio.proxy.v1.config.StringMatch">StringMatch</a>&gt;</td>
<td><p>Set of HTTP match conditions based on HTTP/1.1, HTTP/2, GRPC request metadata, such as <em>uri</em>, <em>scheme</em>, <em>authority</em>. The header keys must be lowercase and use hyphen as the separator, e.g. <em>x-request-id</em>.</p><p><em>Note 1:</em> The keys <em>uri</em>, <em>scheme</em>, <em>method</em>, and <em>authority</em> correspond to URI, protocol scheme (e.g., HTTP, HTTPS), HTTP method (e.g., GET, POST), and the HTTP Host header respectively.</p><p><em>Note 2:</em> <em>uri</em> can be used to perform URL matches. For URL matches (Uri_), only prefix and exact (see StringMatch) matches are supported. For other HTTP headers, exact, prefix and ECMA style regular expression matches are supported.</p></td>
</tr>
</table>
<a name="istio.proxy.v1.config.RouteRule"></a>
### RouteRule
<a name="rpcIstio.proxy.v1.configIstio.proxy.v1.config.RouteRuleDescriptionSubsectionSubsectionSubsection"></a>
#### Glossary & concepts
*Service* is a unit of an application with a unique name that other services
use to refer to the functionality being called. Service instances are
pods/VMs/containers that implement the service.
*Service versions* - In a continuous deployment scenario, for a given service,
there can be multiple sets of instances running potentially different
variants of the application binary. These variants are not necessarily
different API versions. They could be iterative changes to the same service,
deployed in different environments (prod, staging, dev, etc.). Common
scenarios where this occurs include A/B testing, canary rollouts, etc. The
choice of a particular version can be decided based on various criterion
(headers, url, etc.) and/or by weights assigned to each version. Each
service has a default version consisting of all its instances.
*Source* - downstream client (browser or another service) calling the
Envoy proxy/sidecar (typically to reach another service).
*Destination* - The remote upstream service to which the Envoy proxy/sidecar is
talking to, on behalf of the source service. There can be one or more
service versions for a given service (see the discussion on versions above).
Envoy would choose the version based on various routing rules.
*Access model* - Applications address only the destination service
without knowledge of individual service versions. The actual choice of
the version is determined by Envoy, enabling the application code to
decouple itself from the evolution of dependent services.
Route rule provides a custom routing policy based on the source and
destination service versions and connection/request metadata. The rule
must provide a set of conditions for each protocol (TCP, UDP, HTTP) that
the destination service exposes on its ports.
The rule applies only to the ports on the destination service for which
it provides protocol-specific match condition, e.g. if the rule does not
specify TCP condition, the rule does not apply to TCP traffic towards
the destination service.
For example, a simple rule to send 100% of incoming traffic for a
"reviews" service to version "v1" can be specified as follows:
destination: reviews.default.svc.cluster.local
route:
- tags:
version: v1
weight: 100
<table>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1.config.RouteRule.destination"></a>
<tr>
<td><code>destination</code></td>
<td>string</td>
<td>REQUIRED: Destination uniquely identifies the destination associated with this routing rule. This field is applicable for hostname-based resolution for HTTP traffic as well as IP-based resolution for TCP/UDP traffic. The value MUST BE a fully-qualified domain name, e.g. "my-service.default.svc.cluster.local".</td>
</tr>
<a name="istio.proxy.v1.config.RouteRule.precedence"></a>
<tr>
<td><code>precedence</code></td>
<td>int32</td>
<td>RECOMMENDED. Precedence is used to disambiguate the order of application of rules for the same destination service. A higher number takes priority. If not specified, the value is assumed to be 0. The order of application for rules with the same precedence is unspecified.</td>
</tr>
<a name="istio.proxy.v1.config.RouteRule.match"></a>
<tr>
<td><code>match</code></td>
<td><a href="#istio.proxy.v1.config.MatchCondition">MatchCondition</a></td>
<td>Match condtions to be satisfied for the route rule to be activated. If match is omitted, the route rule applies only to HTTP traffic.</td>
</tr>
<a name="istio.proxy.v1.config.RouteRule.route"></a>
<tr>
<td><code>route[]</code></td>
<td>repeated <a href="#istio.proxy.v1.config.DestinationWeight">DestinationWeight</a></td>
<td>REQUIRED (route|redirect). A routing rule can either redirect traffic or forward traffic. The forwarding target can be one of several versions of a service (see glossary in beginning of document). Weights associated with the service version determine the proportion of traffic it receives.</td>
</tr>
<a name="istio.proxy.v1.config.RouteRule.redirect"></a>
<tr>
<td><code>redirect</code></td>
<td><a href="#istio.proxy.v1.config.HTTPRedirect">HTTPRedirect</a></td>
<td>REQUIRED (route|redirect). A routing rule can either redirect traffic or forward traffic. The redirect primitive can be used to send a HTTP 302 redirect to a different URI or Authority.</td>
</tr>
<a name="istio.proxy.v1.config.RouteRule.rewrite"></a>
<tr>
<td><code>rewrite</code></td>
<td><a href="#istio.proxy.v1.config.HTTPRewrite">HTTPRewrite</a></td>
<td>Rewrite HTTP URIs and Authority headers. Rewrite cannot be used with Redirect primitive. Rewrite will be performed before forwarding.</td>
</tr>
<a name="istio.proxy.v1.config.RouteRule.httpReqTimeout"></a>
<tr>
<td><code>httpReqTimeout</code></td>
<td><a href="#istio.proxy.v1.config.HTTPTimeout">HTTPTimeout</a></td>
<td>Timeout policy for HTTP requests.</td>
</tr>
<a name="istio.proxy.v1.config.RouteRule.httpReqRetries"></a>
<tr>
<td><code>httpReqRetries</code></td>
<td><a href="#istio.proxy.v1.config.HTTPRetry">HTTPRetry</a></td>
<td>Retry policy for HTTP requests.</td>
</tr>
<a name="istio.proxy.v1.config.RouteRule.httpFault"></a>
<tr>
<td><code>httpFault</code></td>
<td><a href="#istio.proxy.v1.config.HTTPFaultInjection">HTTPFaultInjection</a></td>
<td>Fault injection policy to apply on HTTP traffic</td>
</tr>
</table>
<a name="istio.proxy.v1.config.StringMatch"></a>
### StringMatch
Describes how to match a given string in HTTP headers. Match is case-sensitive.
<table>
<tr>
<th>Field</th>
<th>Type</th>
<th>Description</th>
</tr>
<a name="istio.proxy.v1.config.StringMatch.exact"></a>
<tr>
<td><code>exact</code></td>
<td>string (oneof )</td>
<td>exact string match</td>
</tr>
<a name="istio.proxy.v1.config.StringMatch.prefix"></a>
<tr>
<td><code>prefix</code></td>
<td>string (oneof )</td>
<td>prefix-based match</td>
</tr>
<a name="istio.proxy.v1.config.StringMatch.regex"></a>
<tr>
<td><code>regex</code></td>
<td>string (oneof )</td>
<td>ECMAscript style regex-based match</td>
</tr>
</table>