mirror of
https://github.com/rancher/types.git
synced 2025-08-15 11:12:57 +00:00
Update vendors
This commit is contained in:
parent
29db9d560e
commit
22e321a584
@ -4,3 +4,4 @@ github.com/rancher/types
|
||||
github.com/pkg/errors v0.8.0
|
||||
github.com/rancher/norman 2da1bd2ffcacdef4bdf7e2c193d32f3b04ebd6d0 transitive=true
|
||||
github.com/coreos/prometheus-operator v0.25.0
|
||||
github.com/knative/pkg b30ab9de040eb4ba56fdb4108a29045ecac0c46a https://github.com/rancher/pkg.git
|
||||
|
10
vendor/github.com/knative/pkg/.gitattributes
generated
vendored
Normal file
10
vendor/github.com/knative/pkg/.gitattributes
generated
vendored
Normal file
@ -0,0 +1,10 @@
|
||||
# This file is documented at https://git-scm.com/docs/gitattributes.
|
||||
# Linguist-specific attributes are documented at
|
||||
# https://github.com/github/linguist.
|
||||
|
||||
**/zz_generated.*.go linguist-generated=true
|
||||
/client/** linguist-generated=true
|
||||
/test/** coverage-excluded=true
|
||||
/metrics/gcp_metadata.go coverage-excluded=true
|
||||
|
||||
*.sh text eol=lf
|
11
vendor/github.com/knative/pkg/.gitignore
generated
vendored
Normal file
11
vendor/github.com/knative/pkg/.gitignore
generated
vendored
Normal file
@ -0,0 +1,11 @@
|
||||
# Operating system temporary files
|
||||
.DS_Store
|
||||
|
||||
# Editor/IDE specific settings
|
||||
.idea
|
||||
.vscode/
|
||||
*.iml
|
||||
|
||||
# Temporary output of build tools
|
||||
bazel-*
|
||||
*.out
|
5
vendor/github.com/knative/pkg/CONTRIBUTING.md
generated
vendored
Normal file
5
vendor/github.com/knative/pkg/CONTRIBUTING.md
generated
vendored
Normal file
@ -0,0 +1,5 @@
|
||||
# Contribution guidelines
|
||||
|
||||
So you want to hack on Knative `pkg`? Yay! Please refer to Knative's overall
|
||||
[contribution guidelines](https://github.com/knative/docs/blob/master/community/CONTRIBUTING.md)
|
||||
to find out how you can help.
|
71
vendor/github.com/knative/pkg/DEVELOPMENT.md
generated
vendored
Normal file
71
vendor/github.com/knative/pkg/DEVELOPMENT.md
generated
vendored
Normal file
@ -0,0 +1,71 @@
|
||||
# Development
|
||||
|
||||
This doc explains how to setup a development environment so you can get started
|
||||
[contributing](https://github.com/knative/docs/blob/master/community/CONTRIBUTING.md)
|
||||
to Knative `pkg`. Also take a look at:
|
||||
|
||||
- [The pull request workflow](https://github.com/knative/docs/blob/master/community/CONTRIBUTING.md#pull-requests)
|
||||
|
||||
## Getting started
|
||||
|
||||
1. Create [a GitHub account](https://github.com/join)
|
||||
1. Setup
|
||||
[GitHub access via SSH](https://help.github.com/articles/connecting-to-github-with-ssh/)
|
||||
1. Install [requirements](#requirements)
|
||||
1. Set up your [shell environment](#environment-setup)
|
||||
1. [Create and checkout a repo fork](#checkout-your-fork)
|
||||
|
||||
Before submitting a PR, see also [CONTRIBUTING.md](./CONTRIBUTING.md).
|
||||
|
||||
### Requirements
|
||||
|
||||
You must install these tools:
|
||||
|
||||
1. [`go`](https://golang.org/doc/install): The language Knative `pkg` is built
|
||||
in
|
||||
1. [`git`](https://help.github.com/articles/set-up-git/): For source control
|
||||
1. [`dep`](https://github.com/golang/dep): For managing external dependencies.
|
||||
|
||||
### Environment setup
|
||||
|
||||
To get started you'll need to set these environment variables (we recommend
|
||||
adding them to your `.bashrc`):
|
||||
|
||||
1. `GOPATH`: If you don't have one, simply pick a directory and add
|
||||
`export GOPATH=...`
|
||||
1. `$GOPATH/bin` on `PATH`: This is so that tooling installed via `go get` will
|
||||
work properly.
|
||||
|
||||
`.bashrc` example:
|
||||
|
||||
```shell
|
||||
export GOPATH="$HOME/go"
|
||||
export PATH="${PATH}:${GOPATH}/bin"
|
||||
```
|
||||
|
||||
### Checkout your fork
|
||||
|
||||
The Go tools require that you clone the repository to the
|
||||
`src/github.com/knative/pkg` directory in your
|
||||
[`GOPATH`](https://github.com/golang/go/wiki/SettingGOPATH).
|
||||
|
||||
To check out this repository:
|
||||
|
||||
1. Create your own
|
||||
[fork of this repo](https://help.github.com/articles/fork-a-repo/)
|
||||
1. Clone it to your machine:
|
||||
|
||||
```shell
|
||||
mkdir -p ${GOPATH}/src/github.com/knative
|
||||
cd ${GOPATH}/src/github.com/knative
|
||||
git clone git@github.com:${YOUR_GITHUB_USERNAME}/pkg.git
|
||||
cd pkg
|
||||
git remote add upstream git@github.com:knative/pkg.git
|
||||
git remote set-url --push upstream no_push
|
||||
```
|
||||
|
||||
_Adding the `upstream` remote sets you up nicely for regularly
|
||||
[syncing your fork](https://help.github.com/articles/syncing-a-fork/)._
|
||||
|
||||
Once you reach this point you are ready to do a full build and deploy as
|
||||
described below.
|
1164
vendor/github.com/knative/pkg/Gopkg.lock
generated
vendored
Normal file
1164
vendor/github.com/knative/pkg/Gopkg.lock
generated
vendored
Normal file
File diff suppressed because it is too large
Load Diff
74
vendor/github.com/knative/pkg/Gopkg.toml
generated
vendored
Normal file
74
vendor/github.com/knative/pkg/Gopkg.toml
generated
vendored
Normal file
@ -0,0 +1,74 @@
|
||||
# Refer to https://golang.github.io/dep/docs/Gopkg.toml.html
|
||||
# for detailed Gopkg.toml documentation.
|
||||
|
||||
required = [
|
||||
"k8s.io/apimachinery/pkg/util/sets/types",
|
||||
"k8s.io/code-generator/cmd/deepcopy-gen",
|
||||
"k8s.io/code-generator/cmd/defaulter-gen",
|
||||
"k8s.io/code-generator/cmd/client-gen",
|
||||
"k8s.io/code-generator/cmd/lister-gen",
|
||||
"k8s.io/code-generator/cmd/informer-gen",
|
||||
"github.com/evanphx/json-patch",
|
||||
"github.com/knative/test-infra/scripts",
|
||||
"github.com/knative/test-infra/tools/dep-collector",
|
||||
"github.com/pkg/errors",
|
||||
]
|
||||
|
||||
[[constraint]]
|
||||
name = "k8s.io/api"
|
||||
version = "kubernetes-1.12.6"
|
||||
|
||||
[[constraint]]
|
||||
name = "k8s.io/apimachinery"
|
||||
version = "kubernetes-1.12.6"
|
||||
|
||||
[[constraint]]
|
||||
name = "k8s.io/client-go"
|
||||
version = "kubernetes-1.12.6"
|
||||
|
||||
[[constraint]]
|
||||
name = "k8s.io/code-generator"
|
||||
version = "kubernetes-1.12.6"
|
||||
|
||||
[[override]]
|
||||
name = "github.com/json-iterator/go"
|
||||
# This is the commit at which k8s depends on this in 1.11
|
||||
# It seems to be broken at HEAD.
|
||||
revision = "f2b4162afba35581b6d4a50d3b8f34e33c144682"
|
||||
|
||||
[[override]]
|
||||
name = "go.uber.org/zap"
|
||||
revision = "67bc79d13d155c02fd008f721863ff8cc5f30659"
|
||||
|
||||
[[constraint]]
|
||||
name = "github.com/google/go-cmp"
|
||||
# HEAD as of 2019-04-09
|
||||
revision = "6f77996f0c42f7b84e5a2b252227263f93432e9b"
|
||||
|
||||
[[override]]
|
||||
name = "github.com/rogpeppe/go-internal"
|
||||
# HEAD as of 2019-01-09
|
||||
# Needed because release 1.0.0 does not contain a LICENSE file
|
||||
revision = "4bbc89b6501cca7dd6b5557d78d70c8d2c6e8b97"
|
||||
|
||||
[[constraint]]
|
||||
name = "contrib.go.opencensus.io/exporter/stackdriver"
|
||||
version = "0.9.2"
|
||||
|
||||
[[constraint]]
|
||||
name = "github.com/knative/test-infra"
|
||||
branch = "master"
|
||||
|
||||
[prune]
|
||||
go-tests = true
|
||||
unused-packages = true
|
||||
non-go = true
|
||||
|
||||
[[prune.project]]
|
||||
name = "k8s.io/code-generator"
|
||||
unused-packages = false
|
||||
non-go = false
|
||||
|
||||
[[prune.project]]
|
||||
name = "github.com/knative/test-infra"
|
||||
non-go = false
|
201
vendor/github.com/knative/pkg/LICENSE
generated
vendored
Normal file
201
vendor/github.com/knative/pkg/LICENSE
generated
vendored
Normal file
@ -0,0 +1,201 @@
|
||||
Apache License
|
||||
Version 2.0, January 2004
|
||||
http://www.apache.org/licenses/
|
||||
|
||||
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
||||
|
||||
1. Definitions.
|
||||
|
||||
"License" shall mean the terms and conditions for use, reproduction,
|
||||
and distribution as defined by Sections 1 through 9 of this document.
|
||||
|
||||
"Licensor" shall mean the copyright owner or entity authorized by
|
||||
the copyright owner that is granting the License.
|
||||
|
||||
"Legal Entity" shall mean the union of the acting entity and all
|
||||
other entities that control, are controlled by, or are under common
|
||||
control with that entity. For the purposes of this definition,
|
||||
"control" means (i) the power, direct or indirect, to cause the
|
||||
direction or management of such entity, whether by contract or
|
||||
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
||||
outstanding shares, or (iii) beneficial ownership of such entity.
|
||||
|
||||
"You" (or "Your") shall mean an individual or Legal Entity
|
||||
exercising permissions granted by this License.
|
||||
|
||||
"Source" form shall mean the preferred form for making modifications,
|
||||
including but not limited to software source code, documentation
|
||||
source, and configuration files.
|
||||
|
||||
"Object" form shall mean any form resulting from mechanical
|
||||
transformation or translation of a Source form, including but
|
||||
not limited to compiled object code, generated documentation,
|
||||
and conversions to other media types.
|
||||
|
||||
"Work" shall mean the work of authorship, whether in Source or
|
||||
Object form, made available under the License, as indicated by a
|
||||
copyright notice that is included in or attached to the work
|
||||
(an example is provided in the Appendix below).
|
||||
|
||||
"Derivative Works" shall mean any work, whether in Source or Object
|
||||
form, that is based on (or derived from) the Work and for which the
|
||||
editorial revisions, annotations, elaborations, or other modifications
|
||||
represent, as a whole, an original work of authorship. For the purposes
|
||||
of this License, Derivative Works shall not include works that remain
|
||||
separable from, or merely link (or bind by name) to the interfaces of,
|
||||
the Work and Derivative Works thereof.
|
||||
|
||||
"Contribution" shall mean any work of authorship, including
|
||||
the original version of the Work and any modifications or additions
|
||||
to that Work or Derivative Works thereof, that is intentionally
|
||||
submitted to Licensor for inclusion in the Work by the copyright owner
|
||||
or by an individual or Legal Entity authorized to submit on behalf of
|
||||
the copyright owner. For the purposes of this definition, "submitted"
|
||||
means any form of electronic, verbal, or written communication sent
|
||||
to the Licensor or its representatives, including but not limited to
|
||||
communication on electronic mailing lists, source code control systems,
|
||||
and issue tracking systems that are managed by, or on behalf of, the
|
||||
Licensor for the purpose of discussing and improving the Work, but
|
||||
excluding communication that is conspicuously marked or otherwise
|
||||
designated in writing by the copyright owner as "Not a Contribution."
|
||||
|
||||
"Contributor" shall mean Licensor and any individual or Legal Entity
|
||||
on behalf of whom a Contribution has been received by Licensor and
|
||||
subsequently incorporated within the Work.
|
||||
|
||||
2. Grant of Copyright License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
copyright license to reproduce, prepare Derivative Works of,
|
||||
publicly display, publicly perform, sublicense, and distribute the
|
||||
Work and such Derivative Works in Source or Object form.
|
||||
|
||||
3. Grant of Patent License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
(except as stated in this section) patent license to make, have made,
|
||||
use, offer to sell, sell, import, and otherwise transfer the Work,
|
||||
where such license applies only to those patent claims licensable
|
||||
by such Contributor that are necessarily infringed by their
|
||||
Contribution(s) alone or by combination of their Contribution(s)
|
||||
with the Work to which such Contribution(s) was submitted. If You
|
||||
institute patent litigation against any entity (including a
|
||||
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
||||
or a Contribution incorporated within the Work constitutes direct
|
||||
or contributory patent infringement, then any patent licenses
|
||||
granted to You under this License for that Work shall terminate
|
||||
as of the date such litigation is filed.
|
||||
|
||||
4. Redistribution. You may reproduce and distribute copies of the
|
||||
Work or Derivative Works thereof in any medium, with or without
|
||||
modifications, and in Source or Object form, provided that You
|
||||
meet the following conditions:
|
||||
|
||||
(a) You must give any other recipients of the Work or
|
||||
Derivative Works a copy of this License; and
|
||||
|
||||
(b) You must cause any modified files to carry prominent notices
|
||||
stating that You changed the files; and
|
||||
|
||||
(c) You must retain, in the Source form of any Derivative Works
|
||||
that You distribute, all copyright, patent, trademark, and
|
||||
attribution notices from the Source form of the Work,
|
||||
excluding those notices that do not pertain to any part of
|
||||
the Derivative Works; and
|
||||
|
||||
(d) If the Work includes a "NOTICE" text file as part of its
|
||||
distribution, then any Derivative Works that You distribute must
|
||||
include a readable copy of the attribution notices contained
|
||||
within such NOTICE file, excluding those notices that do not
|
||||
pertain to any part of the Derivative Works, in at least one
|
||||
of the following places: within a NOTICE text file distributed
|
||||
as part of the Derivative Works; within the Source form or
|
||||
documentation, if provided along with the Derivative Works; or,
|
||||
within a display generated by the Derivative Works, if and
|
||||
wherever such third-party notices normally appear. The contents
|
||||
of the NOTICE file are for informational purposes only and
|
||||
do not modify the License. You may add Your own attribution
|
||||
notices within Derivative Works that You distribute, alongside
|
||||
or as an addendum to the NOTICE text from the Work, provided
|
||||
that such additional attribution notices cannot be construed
|
||||
as modifying the License.
|
||||
|
||||
You may add Your own copyright statement to Your modifications and
|
||||
may provide additional or different license terms and conditions
|
||||
for use, reproduction, or distribution of Your modifications, or
|
||||
for any such Derivative Works as a whole, provided Your use,
|
||||
reproduction, and distribution of the Work otherwise complies with
|
||||
the conditions stated in this License.
|
||||
|
||||
5. Submission of Contributions. Unless You explicitly state otherwise,
|
||||
any Contribution intentionally submitted for inclusion in the Work
|
||||
by You to the Licensor shall be under the terms and conditions of
|
||||
this License, without any additional terms or conditions.
|
||||
Notwithstanding the above, nothing herein shall supersede or modify
|
||||
the terms of any separate license agreement you may have executed
|
||||
with Licensor regarding such Contributions.
|
||||
|
||||
6. Trademarks. This License does not grant permission to use the trade
|
||||
names, trademarks, service marks, or product names of the Licensor,
|
||||
except as required for reasonable and customary use in describing the
|
||||
origin of the Work and reproducing the content of the NOTICE file.
|
||||
|
||||
7. Disclaimer of Warranty. Unless required by applicable law or
|
||||
agreed to in writing, Licensor provides the Work (and each
|
||||
Contributor provides its Contributions) on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
implied, including, without limitation, any warranties or conditions
|
||||
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
||||
PARTICULAR PURPOSE. You are solely responsible for determining the
|
||||
appropriateness of using or redistributing the Work and assume any
|
||||
risks associated with Your exercise of permissions under this License.
|
||||
|
||||
8. Limitation of Liability. In no event and under no legal theory,
|
||||
whether in tort (including negligence), contract, or otherwise,
|
||||
unless required by applicable law (such as deliberate and grossly
|
||||
negligent acts) or agreed to in writing, shall any Contributor be
|
||||
liable to You for damages, including any direct, indirect, special,
|
||||
incidental, or consequential damages of any character arising as a
|
||||
result of this License or out of the use or inability to use the
|
||||
Work (including but not limited to damages for loss of goodwill,
|
||||
work stoppage, computer failure or malfunction, or any and all
|
||||
other commercial damages or losses), even if such Contributor
|
||||
has been advised of the possibility of such damages.
|
||||
|
||||
9. Accepting Warranty or Additional Liability. While redistributing
|
||||
the Work or Derivative Works thereof, You may choose to offer,
|
||||
and charge a fee for, acceptance of support, warranty, indemnity,
|
||||
or other liability obligations and/or rights consistent with this
|
||||
License. However, in accepting such obligations, You may act only
|
||||
on Your own behalf and on Your sole responsibility, not on behalf
|
||||
of any other Contributor, and only if You agree to indemnify,
|
||||
defend, and hold each Contributor harmless for any liability
|
||||
incurred by, or claims asserted against, such Contributor by reason
|
||||
of your accepting any such warranty or additional liability.
|
||||
|
||||
END OF TERMS AND CONDITIONS
|
||||
|
||||
APPENDIX: How to apply the Apache License to your work.
|
||||
|
||||
To apply the Apache License to your work, attach the following
|
||||
boilerplate notice, with the fields enclosed by brackets "[]"
|
||||
replaced with your own identifying information. (Don't include
|
||||
the brackets!) The text should be enclosed in the appropriate
|
||||
comment syntax for the file format. We also recommend that a
|
||||
file or class name and description of purpose be included on the
|
||||
same "printed page" as the copyright notice for easier
|
||||
identification within third-party archives.
|
||||
|
||||
Copyright [yyyy] [name of copyright owner]
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
6
vendor/github.com/knative/pkg/OWNERS
generated
vendored
Normal file
6
vendor/github.com/knative/pkg/OWNERS
generated
vendored
Normal file
@ -0,0 +1,6 @@
|
||||
# The OWNERS file is used by prow to automatically merge approved PRs.
|
||||
|
||||
approvers:
|
||||
- evankanderson
|
||||
- mattmoor
|
||||
- vaikas-google
|
13
vendor/github.com/knative/pkg/README.md
generated
vendored
Normal file
13
vendor/github.com/knative/pkg/README.md
generated
vendored
Normal file
@ -0,0 +1,13 @@
|
||||
# Knative Common Packages
|
||||
|
||||
[](https://godoc.org/github.com/knative/pkg)
|
||||
[](https://goreportcard.com/report/knative/pkg)
|
||||
|
||||
Knative `pkg` provides a place for sharing common Knative packages across the
|
||||
Knative repos.
|
||||
|
||||
To learn more about Knative, please visit our
|
||||
[Knative docs](https://github.com/knative/docs) repository.
|
||||
|
||||
If you are interested in contributing, see [CONTRIBUTING.md](./CONTRIBUTING.md)
|
||||
and [DEVELOPMENT.md](./DEVELOPMENT.md).
|
6
vendor/github.com/knative/pkg/apis/OWNERS
generated
vendored
Normal file
6
vendor/github.com/knative/pkg/apis/OWNERS
generated
vendored
Normal file
@ -0,0 +1,6 @@
|
||||
# The OWNERS file is used by prow to automatically merge approved PRs.
|
||||
|
||||
approvers:
|
||||
- mattmoor
|
||||
- vaikas-google
|
||||
- n3wscott
|
4
vendor/github.com/knative/pkg/apis/istio/OWNERS
generated
vendored
Normal file
4
vendor/github.com/knative/pkg/apis/istio/OWNERS
generated
vendored
Normal file
@ -0,0 +1,4 @@
|
||||
# The OWNERS file is used by prow to automatically merge approved PRs.
|
||||
|
||||
approvers:
|
||||
- tcnghia
|
35
vendor/github.com/knative/pkg/apis/istio/common/v1alpha1/string.go
generated
vendored
Normal file
35
vendor/github.com/knative/pkg/apis/istio/common/v1alpha1/string.go
generated
vendored
Normal file
@ -0,0 +1,35 @@
|
||||
/*
|
||||
Copyright 2018 The Knative Authors
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package v1alpha1
|
||||
|
||||
// Describes how to match a given string in HTTP headers. Match is
|
||||
// case-sensitive.
|
||||
type StringMatch struct {
|
||||
// Specified exactly one of the fields below.
|
||||
|
||||
// exact string match
|
||||
Exact string `json:"exact,omitempty"`
|
||||
|
||||
// prefix-based match
|
||||
Prefix string `json:"prefix,omitempty"`
|
||||
|
||||
// suffix-based match.
|
||||
Suffix string `json:"suffix,omitempty"`
|
||||
|
||||
// ECMAscript style regex-based match
|
||||
Regex string `json:"regex,omitempty"`
|
||||
}
|
21
vendor/github.com/knative/pkg/apis/istio/register.go
generated
vendored
Normal file
21
vendor/github.com/knative/pkg/apis/istio/register.go
generated
vendored
Normal file
@ -0,0 +1,21 @@
|
||||
/*
|
||||
Copyright 2018 The Knative Authors
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package istio
|
||||
|
||||
const (
|
||||
GroupName = "networking.istio.io"
|
||||
)
|
17
vendor/github.com/knative/pkg/apis/istio/v1alpha3/README.md
generated
vendored
Normal file
17
vendor/github.com/knative/pkg/apis/istio/v1alpha3/README.md
generated
vendored
Normal file
@ -0,0 +1,17 @@
|
||||
# What are these files?
|
||||
|
||||
These are Go structs for Istio CRD. We translated them from proto files in
|
||||
https://github.com/istio/api/tree/master/networking/v1alpha3 .
|
||||
|
||||
# Why do we hand-translate from proto? i.e Why can't we vendor these?
|
||||
|
||||
Istio needs to run on many platforms and as a reason they represent their
|
||||
objects internally as proto. On Kubernetes, their API take in JSON objects and
|
||||
convert to proto before processing them.
|
||||
|
||||
So they have nothing we can vendor, except for the Go files that are generated
|
||||
by the proto compiler, which is not compatible with K8s API code-generator at
|
||||
all.
|
||||
|
||||
We may be able to donate our translation so they can maintain it themselves. See
|
||||
https://github.com/istio/istio/issues/6084.
|
547
vendor/github.com/knative/pkg/apis/istio/v1alpha3/destinationrule_types.go
generated
vendored
Normal file
547
vendor/github.com/knative/pkg/apis/istio/v1alpha3/destinationrule_types.go
generated
vendored
Normal file
@ -0,0 +1,547 @@
|
||||
/*
|
||||
Copyright 2018 The Knative Authors
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package v1alpha3
|
||||
|
||||
import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
// +genclient
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
// DestinationRule
|
||||
type DestinationRule struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ObjectMeta `json:"metadata,omitempty"`
|
||||
Spec DestinationRuleSpec `json:"spec"`
|
||||
}
|
||||
|
||||
// DestinationRule defines policies that apply to traffic intended for a
|
||||
// service after routing has occurred. These rules specify configuration
|
||||
// for load balancing, connection pool size from the sidecar, and outlier
|
||||
// detection settings to detect and evict unhealthy hosts from the load
|
||||
// balancing pool. For example, a simple load balancing policy for the
|
||||
// ratings service would look as follows:
|
||||
//
|
||||
//
|
||||
// apiVersion: networking.istio.io/v1alpha3
|
||||
// kind: DestinationRule
|
||||
// metadata:
|
||||
// name: bookinfo-ratings
|
||||
// spec:
|
||||
// host: ratings.prod.svc.cluster.local
|
||||
// trafficPolicy:
|
||||
// loadBalancer:
|
||||
// simple: LEAST_CONN
|
||||
//
|
||||
//
|
||||
// Version specific policies can be specified by defining a named
|
||||
// subset and overriding the settings specified at the service level. The
|
||||
// following rule uses a round robin load balancing policy for all traffic
|
||||
// going to a subset named testversion that is composed of endpoints (e.g.,
|
||||
// pods) with labels (version:v3).
|
||||
//
|
||||
//
|
||||
// apiVersion: networking.istio.io/v1alpha3
|
||||
// kind: DestinationRule
|
||||
// metadata:
|
||||
// name: bookinfo-ratings
|
||||
// spec:
|
||||
// host: ratings.prod.svc.cluster.local
|
||||
// trafficPolicy:
|
||||
// loadBalancer:
|
||||
// simple: LEAST_CONN
|
||||
// subsets:
|
||||
// - name: testversion
|
||||
// labels:
|
||||
// version: v3
|
||||
// trafficPolicy:
|
||||
// loadBalancer:
|
||||
// simple: ROUND_ROBIN
|
||||
//
|
||||
//
|
||||
// **Note:** Policies specified for subsets will not take effect until
|
||||
// a route rule explicitly sends traffic to this subset.
|
||||
//
|
||||
// Traffic policies can be customized to specific ports as well. The
|
||||
// following rule uses the least connection load balancing policy for all
|
||||
// traffic to port 80, while uses a round robin load balancing setting for
|
||||
// traffic to the port 9080.
|
||||
//
|
||||
//
|
||||
// apiVersion: networking.istio.io/v1alpha3
|
||||
// kind: DestinationRule
|
||||
// metadata:
|
||||
// name: bookinfo-ratings-port
|
||||
// spec:
|
||||
// host: ratings.prod.svc.cluster.local
|
||||
// trafficPolicy: # Apply to all ports
|
||||
// portLevelSettings:
|
||||
// - port:
|
||||
// number: 80
|
||||
// loadBalancer:
|
||||
// simple: LEAST_CONN
|
||||
// - port:
|
||||
// number: 9080
|
||||
// loadBalancer:
|
||||
// simple: ROUND_ROBIN
|
||||
//
|
||||
type DestinationRuleSpec struct {
|
||||
// REQUIRED. The name of a service from the service registry. Service
|
||||
// names are looked up from the platform's service registry (e.g.,
|
||||
// Kubernetes services, Consul services, etc.) and from the hosts
|
||||
// declared by [ServiceEntries](#ServiceEntry). Rules defined for
|
||||
// services that do not exist in the service registry will be ignored.
|
||||
//
|
||||
// *Note for Kubernetes users*: When short names are used (e.g. "reviews"
|
||||
// instead of "reviews.default.svc.cluster.local"), Istio will interpret
|
||||
// the short name based on the namespace of the rule, not the service. A
|
||||
// rule in the "default" namespace containing a host "reviews will be
|
||||
// interpreted as "reviews.default.svc.cluster.local", irrespective of
|
||||
// the actual namespace associated with the reviews service. _To avoid
|
||||
// potential misconfigurations, it is recommended to always use fully
|
||||
// qualified domain names over short names._
|
||||
//
|
||||
// Note that the host field applies to both HTTP and TCP services.
|
||||
Host string `json:"host"`
|
||||
|
||||
// Traffic policies to apply (load balancing policy, connection pool
|
||||
// sizes, outlier detection).
|
||||
TrafficPolicy *TrafficPolicy `json:"trafficPolicy,omitempty"`
|
||||
|
||||
// One or more named sets that represent individual versions of a
|
||||
// service. Traffic policies can be overridden at subset level.
|
||||
Subsets []Subset `json:"subsets,omitempty"`
|
||||
}
|
||||
|
||||
// Traffic policies to apply for a specific destination, across all
|
||||
// destination ports. See DestinationRule for examples.
|
||||
type TrafficPolicy struct {
|
||||
|
||||
// Settings controlling the load balancer algorithms.
|
||||
LoadBalancer *LoadBalancerSettings `json:"loadBalancer,omitempty"`
|
||||
|
||||
// Settings controlling the volume of connections to an upstream service
|
||||
ConnectionPool *ConnectionPoolSettings `json:"connectionPool,omitempty"`
|
||||
|
||||
// Settings controlling eviction of unhealthy hosts from the load balancing pool
|
||||
OutlierDetection *OutlierDetection `json:"outlierDetection,omitempty"`
|
||||
|
||||
// TLS related settings for connections to the upstream service.
|
||||
TLS *TLSSettings `json:"tls,omitempty"`
|
||||
|
||||
// Traffic policies specific to individual ports. Note that port level
|
||||
// settings will override the destination-level settings. Traffic
|
||||
// settings specified at the destination-level will not be inherited when
|
||||
// overridden by port-level settings, i.e. default values will be applied
|
||||
// to fields omitted in port-level traffic policies.
|
||||
PortLevelSettings []PortTrafficPolicy `json:"portLevelSettings,omitempty"`
|
||||
}
|
||||
|
||||
// Traffic policies that apply to specific ports of the service
|
||||
type PortTrafficPolicy struct {
|
||||
// Specifies the port name or number of a port on the destination service
|
||||
// on which this policy is being applied.
|
||||
//
|
||||
// Names must comply with DNS label syntax (rfc1035) and therefore cannot
|
||||
// collide with numbers. If there are multiple ports on a service with
|
||||
// the same protocol the names should be of the form <protocol-name>-<DNS
|
||||
// label>.
|
||||
Port PortSelector `json:"port"`
|
||||
|
||||
// Settings controlling the load balancer algorithms.
|
||||
LoadBalancer *LoadBalancerSettings `json:"loadBalancer,omitempty"`
|
||||
|
||||
// Settings controlling the volume of connections to an upstream service
|
||||
ConnectionPool *ConnectionPoolSettings `json:"connectionPool,omitempty"`
|
||||
|
||||
// Settings controlling eviction of unhealthy hosts from the load balancing pool
|
||||
OutlierDetection *OutlierDetection `json:"outlierDetection,omitempty"`
|
||||
|
||||
// TLS related settings for connections to the upstream service.
|
||||
TLS *TLSSettings `json:"tls,omitempty"`
|
||||
}
|
||||
|
||||
// A subset of endpoints of a service. Subsets can be used for scenarios
|
||||
// like A/B testing, or routing to a specific version of a service. Refer
|
||||
// to [VirtualService](#VirtualService) documentation for examples of using
|
||||
// subsets in these scenarios. In addition, traffic policies defined at the
|
||||
// service-level can be overridden at a subset-level. The following rule
|
||||
// uses a round robin load balancing policy for all traffic going to a
|
||||
// subset named testversion that is composed of endpoints (e.g., pods) with
|
||||
// labels (version:v3).
|
||||
//
|
||||
// apiVersion: networking.istio.io/v1alpha3
|
||||
// kind: DestinationRule
|
||||
// metadata:
|
||||
// name: bookinfo-ratings
|
||||
// spec:
|
||||
// host: ratings.prod.svc.cluster.local
|
||||
// trafficPolicy:
|
||||
// loadBalancer:
|
||||
// simple: LEAST_CONN
|
||||
// subsets:
|
||||
// - name: testversion
|
||||
// labels:
|
||||
// version: v3
|
||||
// trafficPolicy:
|
||||
// loadBalancer:
|
||||
// simple: ROUND_ROBIN
|
||||
//
|
||||
// **Note:** Policies specified for subsets will not take effect until
|
||||
// a route rule explicitly sends traffic to this subset.
|
||||
type Subset struct {
|
||||
// REQUIRED. Name of the subset. The service name and the subset name can
|
||||
// be used for traffic splitting in a route rule.
|
||||
Name string `json:"name"`
|
||||
|
||||
// REQUIRED. Labels apply a filter over the endpoints of a service in the
|
||||
// service registry. See route rules for examples of usage.
|
||||
Labels map[string]string `json:"labels"`
|
||||
|
||||
// Traffic policies that apply to this subset. Subsets inherit the
|
||||
// traffic policies specified at the DestinationRule level. Settings
|
||||
// specified at the subset level will override the corresponding settings
|
||||
// specified at the DestinationRule level.
|
||||
TrafficPolicy *TrafficPolicy `json:"trafficPolicy,omitempty"`
|
||||
}
|
||||
|
||||
// Load balancing policies to apply for a specific destination. See Envoy's
|
||||
// load balancing
|
||||
// [documentation](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/load_balancing.html)
|
||||
// for more details.
|
||||
//
|
||||
// For example, the following rule uses a round robin load balancing policy
|
||||
// for all traffic going to the ratings service.
|
||||
//
|
||||
// apiVersion: networking.istio.io/v1alpha3
|
||||
// kind: DestinationRule
|
||||
// metadata:
|
||||
// name: bookinfo-ratings
|
||||
// spec:
|
||||
// host: ratings.prod.svc.cluster.local
|
||||
// trafficPolicy:
|
||||
// loadBalancer:
|
||||
// simple: ROUND_ROBIN
|
||||
//
|
||||
// The following example sets up sticky sessions for the ratings service
|
||||
// hashing-based load balancer for the same ratings service using the
|
||||
// the User cookie as the hash key.
|
||||
//
|
||||
// apiVersion: networking.istio.io/v1alpha3
|
||||
// kind: DestinationRule
|
||||
// metadata:
|
||||
// name: bookinfo-ratings
|
||||
// spec:
|
||||
// host: ratings.prod.svc.cluster.local
|
||||
// trafficPolicy:
|
||||
// loadBalancer:
|
||||
// consistentHash:
|
||||
// httpCookie:
|
||||
// name: user
|
||||
// ttl: 0s
|
||||
type LoadBalancerSettings struct {
|
||||
// It is required to specify exactly one of the fields:
|
||||
// Simple or ConsistentHash
|
||||
Simple SimpleLB `json:"simple,omitempty"`
|
||||
ConsistentHash *ConsistentHashLB `json:"consistentHash,omitempty"`
|
||||
}
|
||||
|
||||
// Standard load balancing algorithms that require no tuning.
|
||||
type SimpleLB string
|
||||
|
||||
const (
|
||||
// Round Robin policy. Default
|
||||
SimpleLBRoundRobin SimpleLB = "ROUND_ROBIN"
|
||||
|
||||
// The least request load balancer uses an O(1) algorithm which selects
|
||||
// two random healthy hosts and picks the host which has fewer active
|
||||
// requests.
|
||||
SimpleLBLeastConn SimpleLB = "LEAST_CONN"
|
||||
|
||||
// The random load balancer selects a random healthy host. The random
|
||||
// load balancer generally performs better than round robin if no health
|
||||
// checking policy is configured.
|
||||
SimpleLBRandom SimpleLB = "RANDOM"
|
||||
|
||||
// This option will forward the connection to the original IP address
|
||||
// requested by the caller without doing any form of load
|
||||
// balancing. This option must be used with care. It is meant for
|
||||
// advanced use cases. Refer to Original Destination load balancer in
|
||||
// Envoy for further details.
|
||||
SimpleLBPassthrough SimpleLB = "PASSTHROUGH"
|
||||
)
|
||||
|
||||
// Consistent Hash-based load balancing can be used to provide soft
|
||||
// session affinity based on HTTP headers, cookies or other
|
||||
// properties. This load balancing policy is applicable only for HTTP
|
||||
// connections. The affinity to a particular destination host will be
|
||||
// lost when one or more hosts are added/removed from the destination
|
||||
// service.
|
||||
type ConsistentHashLB struct {
|
||||
|
||||
// It is required to specify exactly one of the fields as hash key:
|
||||
// HTTPHeaderName, HTTPCookie, or UseSourceIP.
|
||||
// Hash based on a specific HTTP header.
|
||||
HTTPHeaderName string `json:"httpHeaderName,omitempty"`
|
||||
|
||||
// Hash based on HTTP cookie.
|
||||
HTTPCookie *HTTPCookie `json:"httpCookie,omitempty"`
|
||||
|
||||
// Hash based on the source IP address.
|
||||
UseSourceIP bool `json:"useSourceIp,omitempty"`
|
||||
|
||||
// The minimum number of virtual nodes to use for the hash
|
||||
// ring. Defaults to 1024. Larger ring sizes result in more granular
|
||||
// load distributions. If the number of hosts in the load balancing
|
||||
// pool is larger than the ring size, each host will be assigned a
|
||||
// single virtual node.
|
||||
MinimumRingSize uint64 `json:"minimumRingSize,omitempty"`
|
||||
}
|
||||
|
||||
// Describes a HTTP cookie that will be used as the hash key for the
|
||||
// Consistent Hash load balancer. If the cookie is not present, it will
|
||||
// be generated.
|
||||
type HTTPCookie struct {
|
||||
// REQUIRED. Name of the cookie.
|
||||
Name string `json:"name"`
|
||||
|
||||
// Path to set for the cookie.
|
||||
Path string `json:"path,omitempty"`
|
||||
|
||||
// REQUIRED. Lifetime of the cookie.
|
||||
TTL string `json:"ttl"`
|
||||
}
|
||||
|
||||
// Connection pool settings for an upstream host. The settings apply to
|
||||
// each individual host in the upstream service. See Envoy's [circuit
|
||||
// breaker](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/circuit_breaking)
|
||||
// for more details. Connection pool settings can be applied at the TCP
|
||||
// level as well as at HTTP level.
|
||||
//
|
||||
// For example, the following rule sets a limit of 100 connections to redis
|
||||
// service called myredissrv with a connect timeout of 30ms
|
||||
//
|
||||
// apiVersion: networking.istio.io/v1alpha3
|
||||
// kind: DestinationRule
|
||||
// metadata:
|
||||
// name: bookinfo-redis
|
||||
// spec:
|
||||
// host: myredissrv.prod.svc.cluster.local
|
||||
// trafficPolicy:
|
||||
// connectionPool:
|
||||
// tcp:
|
||||
// maxConnections: 100
|
||||
// connectTimeout: 30ms
|
||||
type ConnectionPoolSettings struct {
|
||||
|
||||
// Settings common to both HTTP and TCP upstream connections.
|
||||
TCP *TCPSettings `json:"tcp,omitempty"`
|
||||
|
||||
// HTTP connection pool settings.
|
||||
HTTP *HTTPSettings `json:"http,omitempty"`
|
||||
}
|
||||
|
||||
// Settings common to both HTTP and TCP upstream connections.
|
||||
type TCPSettings struct {
|
||||
// Maximum number of HTTP1 /TCP connections to a destination host.
|
||||
MaxConnections int32 `json:"maxConnections,omitempty"`
|
||||
|
||||
// TCP connection timeout.
|
||||
ConnectTimeout string `json:"connectTimeout,omitempty"`
|
||||
}
|
||||
|
||||
// Settings applicable to HTTP1.1/HTTP2/GRPC connections.
|
||||
type HTTPSettings struct {
|
||||
// Maximum number of pending HTTP requests to a destination. Default 1024.
|
||||
HTTP1MaxPendingRequests int32 `json:"http1MaxPendingRequests,omitempty"`
|
||||
|
||||
// Maximum number of requests to a backend. Default 1024.
|
||||
HTTP2MaxRequests int32 `json:"http2MaxRequests,omitempty"`
|
||||
|
||||
// Maximum number of requests per connection to a backend. Setting this
|
||||
// parameter to 1 disables keep alive.
|
||||
MaxRequestsPerConnection int32 `json:"maxRequestsPerConnection,omitempty"`
|
||||
|
||||
// Maximum number of retries that can be outstanding to all hosts in a
|
||||
// cluster at a given time. Defaults to 3.
|
||||
MaxRetries int32 `json:"maxRetries,omitempty"`
|
||||
}
|
||||
|
||||
// A Circuit breaker implementation that tracks the status of each
|
||||
// individual host in the upstream service. Applicable to both HTTP and
|
||||
// TCP services. For HTTP services, hosts that continually return 5xx
|
||||
// errors for API calls are ejected from the pool for a pre-defined period
|
||||
// of time. For TCP services, connection timeouts or connection
|
||||
// failures to a given host counts as an error when measuring the
|
||||
// consecutive errors metric. See Envoy's [outlier
|
||||
// detection](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/outlier)
|
||||
// for more details.
|
||||
//
|
||||
// The following rule sets a connection pool size of 100 connections and
|
||||
// 1000 concurrent HTTP2 requests, with no more than 10 req/connection to
|
||||
// "reviews" service. In addition, it configures upstream hosts to be
|
||||
// scanned every 5 mins, such that any host that fails 7 consecutive times
|
||||
// with 5XX error code will be ejected for 15 minutes.
|
||||
//
|
||||
// apiVersion: networking.istio.io/v1alpha3
|
||||
// kind: DestinationRule
|
||||
// metadata:
|
||||
// name: reviews-cb-policy
|
||||
// spec:
|
||||
// host: reviews.prod.svc.cluster.local
|
||||
// trafficPolicy:
|
||||
// connectionPool:
|
||||
// tcp:
|
||||
// maxConnections: 100
|
||||
// http:
|
||||
// http2MaxRequests: 1000
|
||||
// maxRequestsPerConnection: 10
|
||||
// outlierDetection:
|
||||
// consecutiveErrors: 7
|
||||
// interval: 5m
|
||||
// baseEjectionTime: 15m
|
||||
type OutlierDetection struct {
|
||||
// Number of errors before a host is ejected from the connection
|
||||
// pool. Defaults to 5. When the upstream host is accessed over HTTP, a
|
||||
// 5xx return code qualifies as an error. When the upstream host is
|
||||
// accessed over an opaque TCP connection, connect timeouts and
|
||||
// connection error/failure events qualify as an error.
|
||||
ConsecutiveErrors int32 `json:"consecutiveErrors,omitempty"`
|
||||
|
||||
// Time interval between ejection sweep analysis. format:
|
||||
// 1h/1m/1s/1ms. MUST BE >=1ms. Default is 10s.
|
||||
Interval string `json:"interval,omitempty"`
|
||||
|
||||
// Minimum ejection duration. A host will remain ejected for a period
|
||||
// equal to the product of minimum ejection duration and the number of
|
||||
// times the host has been ejected. This technique allows the system to
|
||||
// automatically increase the ejection period for unhealthy upstream
|
||||
// servers. format: 1h/1m/1s/1ms. MUST BE >=1ms. Default is 30s.
|
||||
BaseEjectionTime string `json:"baseEjectionTime,omitempty"`
|
||||
|
||||
// Maximum % of hosts in the load balancing pool for the upstream
|
||||
// service that can be ejected. Defaults to 10%.
|
||||
MaxEjectionPercent int32 `json:"maxEjectionPercent,omitempty"`
|
||||
}
|
||||
|
||||
// SSL/TLS related settings for upstream connections. See Envoy's [TLS
|
||||
// context](https://www.envoyproxy.io/docs/envoy/latest/api-v1/cluster_manager/cluster_ssl.html#config-cluster-manager-cluster-ssl)
|
||||
// for more details. These settings are common to both HTTP and TCP upstreams.
|
||||
//
|
||||
// For example, the following rule configures a client to use mutual TLS
|
||||
// for connections to upstream database cluster.
|
||||
//
|
||||
// apiVersion: networking.istio.io/v1alpha3
|
||||
// kind: DestinationRule
|
||||
// metadata:
|
||||
// name: db-mtls
|
||||
// spec:
|
||||
// host: mydbserver.prod.svc.cluster.local
|
||||
// trafficPolicy:
|
||||
// tls:
|
||||
// mode: MUTUAL
|
||||
// clientCertificate: /etc/certs/myclientcert.pem
|
||||
// privateKey: /etc/certs/client_private_key.pem
|
||||
// caCertificates: /etc/certs/rootcacerts.pem
|
||||
//
|
||||
// The following rule configures a client to use TLS when talking to a
|
||||
// foreign service whose domain matches *.foo.com.
|
||||
//
|
||||
// apiVersion: networking.istio.io/v1alpha3
|
||||
// kind: DestinationRule
|
||||
// metadata:
|
||||
// name: tls-foo
|
||||
// spec:
|
||||
// host: "*.foo.com"
|
||||
// trafficPolicy:
|
||||
// tls:
|
||||
// mode: SIMPLE
|
||||
//
|
||||
// The following rule configures a client to use Istio mutual TLS when talking
|
||||
// to rating services.
|
||||
//
|
||||
// apiVersion: networking.istio.io/v1alpha3
|
||||
// kind: DestinationRule
|
||||
// metadata:
|
||||
// name: ratings-istio-mtls
|
||||
// spec:
|
||||
// host: ratings.prod.svc.cluster.local
|
||||
// trafficPolicy:
|
||||
// tls:
|
||||
// mode: ISTIO_MUTUAL
|
||||
type TLSSettings struct {
|
||||
|
||||
// REQUIRED: Indicates whether connections to this port should be secured
|
||||
// using TLS. The value of this field determines how TLS is enforced.
|
||||
Mode TLSmode `json:"mode"`
|
||||
|
||||
// REQUIRED if mode is `MUTUAL`. The path to the file holding the
|
||||
// client-side TLS certificate to use.
|
||||
// Should be empty if mode is `ISTIO_MUTUAL`.
|
||||
ClientCertificate string `json:"clientCertificate,omitempty"`
|
||||
|
||||
// REQUIRED if mode is `MUTUAL`. The path to the file holding the
|
||||
// client's private key.
|
||||
// Should be empty if mode is `ISTIO_MUTUAL`.
|
||||
PrivateKey string `json:"privateKey,omitempty"`
|
||||
|
||||
// OPTIONAL: The path to the file containing certificate authority
|
||||
// certificates to use in verifying a presented server certificate. If
|
||||
// omitted, the proxy will not verify the server's certificate.
|
||||
// Should be empty if mode is `ISTIO_MUTUAL`.
|
||||
CaCertificates string `json:"caCertificates,omitempty"`
|
||||
|
||||
// A list of alternate names to verify the subject identity in the
|
||||
// certificate. If specified, the proxy will verify that the server
|
||||
// certificate's subject alt name matches one of the specified values.
|
||||
// Should be empty if mode is `ISTIO_MUTUAL`.
|
||||
SubjectAltNames []string `json:"subjectAltNames,omitempty"`
|
||||
|
||||
// SNI string to present to the server during TLS handshake.
|
||||
// Should be empty if mode is `ISTIO_MUTUAL`.
|
||||
Sni string `json:"sni,omitempty"`
|
||||
}
|
||||
|
||||
// TLS connection mode
|
||||
type TLSmode string
|
||||
|
||||
const (
|
||||
// Do not setup a TLS connection to the upstream endpoint.
|
||||
TLSmodeDisable TLSmode = "DISABLE"
|
||||
|
||||
// Originate a TLS connection to the upstream endpoint.
|
||||
TLSmodeSimple TLSmode = "SIMPLE"
|
||||
|
||||
// Secure connections to the upstream using mutual TLS by presenting
|
||||
// client certificates for authentication.
|
||||
TLSmodeMutual TLSmode = "MUTUAL"
|
||||
|
||||
// Secure connections to the upstream using mutual TLS by presenting
|
||||
// client certificates for authentication.
|
||||
// Compared to Mutual mode, this mode uses certificates generated
|
||||
// automatically by Istio for mTLS authentication. When this mode is
|
||||
// used, all other fields in `TLSSettings` should be empty.
|
||||
TLSmodeIstioMutual TLSmode = "ISTIO_MUTUAL"
|
||||
)
|
||||
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
// DestinationRuleList is a list of DestinationRule resources
|
||||
type DestinationRuleList struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ListMeta `json:"metadata"`
|
||||
Items []DestinationRule `json:"items"`
|
||||
}
|
23
vendor/github.com/knative/pkg/apis/istio/v1alpha3/doc.go
generated
vendored
Normal file
23
vendor/github.com/knative/pkg/apis/istio/v1alpha3/doc.go
generated
vendored
Normal file
@ -0,0 +1,23 @@
|
||||
/*
|
||||
Copyright 2018 The Knative Authors
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
// Api versions allow the api contract for a resource to be changed while keeping
|
||||
// backward compatibility by support multiple concurrent versions
|
||||
// of the same resource
|
||||
|
||||
// +k8s:deepcopy-gen=package
|
||||
// +groupName=networking.istio.io
|
||||
package v1alpha3
|
336
vendor/github.com/knative/pkg/apis/istio/v1alpha3/gateway_types.go
generated
vendored
Normal file
336
vendor/github.com/knative/pkg/apis/istio/v1alpha3/gateway_types.go
generated
vendored
Normal file
@ -0,0 +1,336 @@
|
||||
/*
|
||||
Copyright 2018 The Knative Authors
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package v1alpha3
|
||||
|
||||
import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
// +genclient
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
|
||||
// Gateway describes a load balancer operating at the edge of the mesh
|
||||
// receiving incoming or outgoing HTTP/TCP connections. The specification
|
||||
// describes a set of ports that should be exposed, the type of protocol to
|
||||
// use, SNI configuration for the load balancer, etc.
|
||||
//
|
||||
// For example, the following gateway spec sets up a proxy to act as a load
|
||||
// balancer exposing port 80 and 9080 (http), 443 (https), and port 2379
|
||||
// (TCP) for ingress. The gateway will be applied to the proxy running on
|
||||
// a pod with labels "app: my-gateway-controller". While Istio will configure the
|
||||
// proxy to listen on these ports, it is the responsibility of the user to
|
||||
// ensure that external traffic to these ports are allowed into the mesh.
|
||||
//
|
||||
// apiVersion: networking.istio.io/v1alpha3
|
||||
// kind: Gateway
|
||||
// metadata:
|
||||
// name: my-gateway
|
||||
// spec:
|
||||
// selector:
|
||||
// app: my-gatweway-controller
|
||||
// servers:
|
||||
// - port:
|
||||
// number: 80
|
||||
// name: http
|
||||
// protocol: HTTP
|
||||
// hosts:
|
||||
// - uk.bookinfo.com
|
||||
// - eu.bookinfo.com
|
||||
// tls:
|
||||
// httpsRedirect: true # sends 302 redirect for http requests
|
||||
// - port:
|
||||
// number: 443
|
||||
// name: https
|
||||
// protocol: HTTPS
|
||||
// hosts:
|
||||
// - uk.bookinfo.com
|
||||
// - eu.bookinfo.com
|
||||
// tls:
|
||||
// mode: SIMPLE #enables HTTPS on this port
|
||||
// serverCertificate: /etc/certs/servercert.pem
|
||||
// privateKey: /etc/certs/privatekey.pem
|
||||
// - port:
|
||||
// number: 9080
|
||||
// name: http-wildcard
|
||||
// protocol: HTTP
|
||||
// # no hosts implies wildcard match
|
||||
// - port:
|
||||
// number: 2379 #to expose internal service via external port 2379
|
||||
// name: mongo
|
||||
// protocol: MONGO
|
||||
//
|
||||
// The gateway specification above describes the L4-L6 properties of a load
|
||||
// balancer. A VirtualService can then be bound to a gateway to control
|
||||
// the forwarding of traffic arriving at a particular host or gateway port.
|
||||
//
|
||||
// For example, the following VirtualService splits traffic for
|
||||
// https://uk.bookinfo.com/reviews, https://eu.bookinfo.com/reviews,
|
||||
// http://uk.bookinfo.com:9080/reviews, http://eu.bookinfo.com:9080/reviews
|
||||
// into two versions (prod and qa) of an internal reviews service on port
|
||||
// 9080. In addition, requests containing the cookie user: dev-123 will be
|
||||
// sent to special port 7777 in the qa version. The same rule is also
|
||||
// applicable inside the mesh for requests to the reviews.prod
|
||||
// service. This rule is applicable across ports 443, 9080. Note that
|
||||
// http://uk.bookinfo.com gets redirected to https://uk.bookinfo.com
|
||||
// (i.e. 80 redirects to 443).
|
||||
//
|
||||
// apiVersion: networking.istio.io/v1alpha3
|
||||
// kind: VirtualService
|
||||
// metadata:
|
||||
// name: bookinfo-rule
|
||||
// spec:
|
||||
// hosts:
|
||||
// - reviews.prod
|
||||
// - uk.bookinfo.com
|
||||
// - eu.bookinfo.com
|
||||
// gateways:
|
||||
// - my-gateway
|
||||
// - mesh # applies to all the sidecars in the mesh
|
||||
// http:
|
||||
// - match:
|
||||
// - headers:
|
||||
// cookie:
|
||||
// user: dev-123
|
||||
// route:
|
||||
// - destination:
|
||||
// port:
|
||||
// number: 7777
|
||||
// name: reviews.qa
|
||||
// - match:
|
||||
// uri:
|
||||
// prefix: /reviews/
|
||||
// route:
|
||||
// - destination:
|
||||
// port:
|
||||
// number: 9080 # can be omitted if its the only port for reviews
|
||||
// name: reviews.prod
|
||||
// weight: 80
|
||||
// - destination:
|
||||
// name: reviews.qa
|
||||
// weight: 20
|
||||
//
|
||||
// The following VirtualService forwards traffic arriving at (external) port
|
||||
// 2379 from 172.17.16.0/24 subnet to internal Mongo server on port 5555. This
|
||||
// rule is not applicable internally in the mesh as the gateway list omits
|
||||
// the reserved name "mesh".
|
||||
//
|
||||
// apiVersion: networking.istio.io/v1alpha3
|
||||
// kind: VirtualService
|
||||
// metadata:
|
||||
// name: bookinfo-Mongo
|
||||
// spec:
|
||||
// hosts:
|
||||
// - mongosvr #name of Mongo service
|
||||
// gateways:
|
||||
// - my-gateway
|
||||
// tcp:
|
||||
// - match:
|
||||
// - port:
|
||||
// number: 2379
|
||||
// sourceSubnet: "172.17.16.0/24"
|
||||
// route:
|
||||
// - destination:
|
||||
// name: mongo.prod
|
||||
//
|
||||
type Gateway struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ObjectMeta `json:"metadata,omitempty"`
|
||||
|
||||
Spec GatewaySpec `json:"spec"`
|
||||
}
|
||||
|
||||
type GatewaySpec struct {
|
||||
// REQUIRED: A list of server specifications.
|
||||
Servers []Server `json:"servers"`
|
||||
|
||||
// One or more labels that indicate a specific set of pods/VMs
|
||||
// on which this gateway configuration should be applied.
|
||||
// If no selectors are provided, the gateway will be implemented by
|
||||
// the default istio-ingress controller.
|
||||
Selector map[string]string `json:"selector,omitempty"`
|
||||
}
|
||||
|
||||
// Server describes the properties of the proxy on a given load balancer port.
|
||||
// For example,
|
||||
//
|
||||
// apiVersion: networking.istio.io/v1alpha3
|
||||
// kind: Gateway
|
||||
// metadata:
|
||||
// name: my-ingress
|
||||
// spec:
|
||||
// selector:
|
||||
// app: my-ingress-controller
|
||||
// servers:
|
||||
// - port:
|
||||
// number: 80
|
||||
// name: http2
|
||||
// protocol: HTTP2
|
||||
//
|
||||
// Another example
|
||||
//
|
||||
// apiVersion: networking.istio.io/v1alpha3
|
||||
// kind: Gateway
|
||||
// metadata:
|
||||
// name: my-tcp-ingress
|
||||
// spec:
|
||||
// selector:
|
||||
// app: my-tcp-ingress-controller
|
||||
// servers:
|
||||
// - port:
|
||||
// number: 27018
|
||||
// name: mongo
|
||||
// protocol: MONGO
|
||||
//
|
||||
// The following is an example of TLS configuration for port 443
|
||||
//
|
||||
// apiVersion: networking.istio.io/v1alpha3
|
||||
// kind: Gateway
|
||||
// metadata:
|
||||
// name: my-tls-ingress
|
||||
// spec:
|
||||
// selector:
|
||||
// app: my-tls-ingress-controller
|
||||
// servers:
|
||||
// - port:
|
||||
// number: 443
|
||||
// name: https
|
||||
// protocol: HTTPS
|
||||
// tls:
|
||||
// mode: SIMPLE
|
||||
// serverCertificate: /etc/certs/server.pem
|
||||
// privateKey: /etc/certs/privatekey.pem
|
||||
//
|
||||
type Server struct {
|
||||
// REQUIRED: The Port on which the proxy should listen for incoming
|
||||
// connections
|
||||
Port Port `json:"port"`
|
||||
|
||||
// A list of hosts exposed by this gateway. While
|
||||
// typically applicable to HTTP services, it can also be used for TCP
|
||||
// services using TLS with SNI. Standard DNS wildcard prefix syntax
|
||||
// is permitted.
|
||||
//
|
||||
// A VirtualService that is bound to a gateway must having a matching host
|
||||
// in its default destination. Specifically one of the VirtualService
|
||||
// destination hosts is a strict suffix of a gateway host or
|
||||
// a gateway host is a suffix of one of the VirtualService hosts.
|
||||
Hosts []string `json:"hosts,omitempty"`
|
||||
|
||||
// Set of TLS related options that govern the server's behavior. Use
|
||||
// these options to control if all http requests should be redirected to
|
||||
// https, and the TLS modes to use.
|
||||
TLS *TLSOptions `json:"tls,omitempty"`
|
||||
}
|
||||
|
||||
type TLSOptions struct {
|
||||
// If set to true, the load balancer will send a 302 redirect for all
|
||||
// http connections, asking the clients to use HTTPS.
|
||||
HTTPSRedirect bool `json:"httpsRedirect"`
|
||||
|
||||
// Optional: Indicates whether connections to this port should be
|
||||
// secured using TLS. The value of this field determines how TLS is
|
||||
// enforced.
|
||||
Mode TLSMode `json:"mode,omitempty"`
|
||||
|
||||
// REQUIRED if mode is "SIMPLE" or "MUTUAL". The path to the file
|
||||
// holding the server-side TLS certificate to use.
|
||||
ServerCertificate string `json:"serverCertificate"`
|
||||
|
||||
// REQUIRED if mode is "SIMPLE" or "MUTUAL". The path to the file
|
||||
// holding the server's private key.
|
||||
PrivateKey string `json:"privateKey"`
|
||||
|
||||
// REQUIRED if mode is "MUTUAL". The path to a file containing
|
||||
// certificate authority certificates to use in verifying a presented
|
||||
// client side certificate.
|
||||
CaCertificates string `json:"caCertificates"`
|
||||
|
||||
// The credentialName stands for a unique identifier that can be used
|
||||
// to identify the serverCertificate and the privateKey. The
|
||||
// credentialName appended with suffix "-cacert" is used to identify
|
||||
// the CaCertificates associated with this server. Gateway workloads
|
||||
// capable of fetching credentials from a remote credential store such
|
||||
// as Kubernetes secrets, will be configured to retrieve the
|
||||
// serverCertificate and the privateKey using credentialName, instead
|
||||
// of using the file system paths specified above. If using mutual TLS,
|
||||
// gateway workload instances will retrieve the CaCertificates using
|
||||
// credentialName-cacert. The semantics of the name are platform
|
||||
// dependent. In Kubernetes, the default Istio supplied credential
|
||||
// server expects the credentialName to match the name of the
|
||||
// Kubernetes secret that holds the server certificate, the private
|
||||
// key, and the CA certificate (if using mutual TLS). Set the
|
||||
// `ISTIO_META_USER_SDS` metadata variable in the gateway's proxy to
|
||||
// enable the dynamic credential fetching feature.
|
||||
CredentialName string `json:"credentialName,omitempty"`
|
||||
|
||||
// A list of alternate names to verify the subject identity in the
|
||||
// certificate presented by the client.
|
||||
SubjectAltNames []string `json:"subjectAltNames"`
|
||||
}
|
||||
|
||||
// TLS modes enforced by the proxy
|
||||
type TLSMode string
|
||||
|
||||
const (
|
||||
// If set to "PASSTHROUGH", the proxy will forward the connection
|
||||
// to the upstream server selected based on the SNI string presented
|
||||
// by the client.
|
||||
TLSModePassThrough TLSMode = "PASSTHROUGH"
|
||||
|
||||
// If set to "SIMPLE", the proxy will secure connections with
|
||||
// standard TLS semantics.
|
||||
TLSModeSimple TLSMode = "SIMPLE"
|
||||
|
||||
// If set to "MUTUAL", the proxy will secure connections to the
|
||||
// upstream using mutual TLS by presenting client certificates for
|
||||
// authentication.
|
||||
TLSModeMutual TLSMode = "MUTUAL"
|
||||
)
|
||||
|
||||
// Port describes the properties of a specific port of a service.
|
||||
type Port struct {
|
||||
// REQUIRED: A valid non-negative integer port number.
|
||||
Number int `json:"number"`
|
||||
|
||||
// REQUIRED: The protocol exposed on the port.
|
||||
// MUST BE one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP.
|
||||
Protocol PortProtocol `json:"protocol"`
|
||||
|
||||
// Label assigned to the port.
|
||||
Name string `json:"name,omitempty"`
|
||||
}
|
||||
|
||||
type PortProtocol string
|
||||
|
||||
const (
|
||||
ProtocolHTTP PortProtocol = "HTTP"
|
||||
ProtocolHTTPS PortProtocol = "HTTPS"
|
||||
ProtocolGRPC PortProtocol = "GRPC"
|
||||
ProtocolHTTP2 PortProtocol = "HTTP2"
|
||||
ProtocolMongo PortProtocol = "Mongo"
|
||||
ProtocolTCP PortProtocol = "TCP"
|
||||
)
|
||||
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
|
||||
// GatewayList is a list of Gateway resources
|
||||
type GatewayList struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ListMeta `json:"metadata"`
|
||||
|
||||
Items []Gateway `json:"items"`
|
||||
}
|
58
vendor/github.com/knative/pkg/apis/istio/v1alpha3/register.go
generated
vendored
Normal file
58
vendor/github.com/knative/pkg/apis/istio/v1alpha3/register.go
generated
vendored
Normal file
@ -0,0 +1,58 @@
|
||||
/*
|
||||
Copyright 2018 The Knative Authors
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package v1alpha3
|
||||
|
||||
import (
|
||||
"github.com/knative/pkg/apis/istio"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||
)
|
||||
|
||||
// SchemeGroupVersion is group version used to register these objects
|
||||
var SchemeGroupVersion = schema.GroupVersion{Group: istio.GroupName, Version: "v1alpha3"}
|
||||
|
||||
// Kind takes an unqualified kind and returns back a Group qualified GroupKind
|
||||
func Kind(kind string) schema.GroupKind {
|
||||
return SchemeGroupVersion.WithKind(kind).GroupKind()
|
||||
}
|
||||
|
||||
// Resource takes an unqualified resource and returns a Group qualified GroupResource
|
||||
func Resource(resource string) schema.GroupResource {
|
||||
return SchemeGroupVersion.WithResource(resource).GroupResource()
|
||||
}
|
||||
|
||||
var (
|
||||
SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
|
||||
AddToScheme = SchemeBuilder.AddToScheme
|
||||
)
|
||||
|
||||
// Adds the list of known types to Scheme.
|
||||
func addKnownTypes(scheme *runtime.Scheme) error {
|
||||
scheme.AddKnownTypes(SchemeGroupVersion,
|
||||
&VirtualService{},
|
||||
&Gateway{},
|
||||
&DestinationRule{},
|
||||
&VirtualServiceList{},
|
||||
&GatewayList{},
|
||||
&DestinationRuleList{},
|
||||
&ServiceEntry{},
|
||||
&ServiceEntryList{},
|
||||
)
|
||||
metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
|
||||
return nil
|
||||
}
|
39
vendor/github.com/knative/pkg/apis/istio/v1alpha3/service_entry.go
generated
vendored
Normal file
39
vendor/github.com/knative/pkg/apis/istio/v1alpha3/service_entry.go
generated
vendored
Normal file
@ -0,0 +1,39 @@
|
||||
package v1alpha3
|
||||
|
||||
import (
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
// +genclient
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
|
||||
type ServiceEntry struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ObjectMeta `json:"metadata,omitempty"`
|
||||
|
||||
Spec ServiceEntrySpec `json:"spec"`
|
||||
}
|
||||
|
||||
type ServiceEntrySpec struct {
|
||||
Hosts []string `json:"hosts,omitempty"`
|
||||
Addresses []string `json:"addresses,omitempty"`
|
||||
Ports []Port `json:"ports,omitempty"`
|
||||
Location int32 `json:"location,omitempty"`
|
||||
Resolution int32 `json:"resolution,omitempty"`
|
||||
Endpoints []ServiceEntry_Endpoint `json:"endpoints,omitempty"`
|
||||
}
|
||||
|
||||
type ServiceEntry_Endpoint struct {
|
||||
Address string `json:"address,omitempty"`
|
||||
Ports map[string]uint32 `json:"ports,omitempty"`
|
||||
Labels map[string]string `json:"labels,omitempty"`
|
||||
}
|
||||
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
|
||||
type ServiceEntryList struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ListMeta `json:"metadata"`
|
||||
|
||||
Items []ServiceEntry `json:"items"`
|
||||
}
|
882
vendor/github.com/knative/pkg/apis/istio/v1alpha3/virtualservice_types.go
generated
vendored
Normal file
882
vendor/github.com/knative/pkg/apis/istio/v1alpha3/virtualservice_types.go
generated
vendored
Normal file
@ -0,0 +1,882 @@
|
||||
/*
|
||||
Copyright 2018 The Knative Authors
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package v1alpha3
|
||||
|
||||
import (
|
||||
"github.com/knative/pkg/apis/istio/common/v1alpha1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
// +genclient
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
|
||||
// VirtualService
|
||||
type VirtualService struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ObjectMeta `json:"metadata,omitempty"`
|
||||
|
||||
Spec VirtualServiceSpec `json:"spec"`
|
||||
}
|
||||
|
||||
// A VirtualService defines a set of traffic routing rules to apply when a host is
|
||||
// addressed. Each routing rule defines matching criteria for traffic of a specific
|
||||
// protocol. If the traffic is matched, then it is sent to a named destination service
|
||||
// (or subset/version of it) defined in the registry.
|
||||
//
|
||||
// The source of traffic can also be matched in a routing rule. This allows routing
|
||||
// to be customized for specific client contexts.
|
||||
//
|
||||
// The following example routes all HTTP traffic by default to
|
||||
// pods of the reviews service with label "version: v1". In addition,
|
||||
// HTTP requests containing /wpcatalog/, /consumercatalog/ url prefixes will
|
||||
// be rewritten to /newcatalog and sent to pods with label "version: v2". The
|
||||
// rules will be applied at the gateway named "bookinfo" as well as at all
|
||||
// the sidecars in the mesh (indicated by the reserved gateway name
|
||||
// "mesh").
|
||||
//
|
||||
// apiVersion: networking.istio.io/v1alpha3
|
||||
// kind: VirtualService
|
||||
// metadata:
|
||||
// name: reviews-route
|
||||
// spec:
|
||||
// hosts:
|
||||
// - reviews
|
||||
// gateways: # if omitted, defaults to "mesh"
|
||||
// - bookinfo
|
||||
// - mesh
|
||||
// http:
|
||||
// - match:
|
||||
// - uri:
|
||||
// prefix: "/wpcatalog"
|
||||
// - uri:
|
||||
// prefix: "/consumercatalog"
|
||||
// rewrite:
|
||||
// uri: "/newcatalog"
|
||||
// route:
|
||||
// - destination:
|
||||
// host: reviews
|
||||
// subset: v2
|
||||
// - route:
|
||||
// - destination:
|
||||
// host: reviews
|
||||
// subset: v1
|
||||
//
|
||||
// A subset/version of a route destination is identified with a reference
|
||||
// to a named service subset which must be declared in a corresponding
|
||||
// DestinationRule.
|
||||
//
|
||||
// apiVersion: networking.istio.io/v1alpha3
|
||||
// kind: DestinationRule
|
||||
// metadata:
|
||||
// name: reviews-destination
|
||||
// spec:
|
||||
// host: reviews
|
||||
// subsets:
|
||||
// - name: v1
|
||||
// labels:
|
||||
// version: v1
|
||||
// - name: v2
|
||||
// labels:
|
||||
// version: v2
|
||||
//
|
||||
// A host name can be defined by only one VirtualService. A single
|
||||
// VirtualService can be used to describe traffic properties for multiple
|
||||
// HTTP and TCP ports.
|
||||
type VirtualServiceSpec struct {
|
||||
// REQUIRED. The destination address for traffic captured by this virtual
|
||||
// service. Could be a DNS name with wildcard prefix or a CIDR
|
||||
// prefix. Depending on the platform, short-names can also be used
|
||||
// instead of a FQDN (i.e. has no dots in the name). In such a scenario,
|
||||
// the FQDN of the host would be derived based on the underlying
|
||||
// platform.
|
||||
//
|
||||
// For example on Kubernetes, when hosts contains a short name, Istio will
|
||||
// interpret the short name based on the namespace of the rule. Thus, when a
|
||||
// client namespace applies a rule in the "default" namespace containing a name
|
||||
// "reviews, Istio will setup routes to the "reviews.default.svc.cluster.local"
|
||||
// service. However, if a different name such as "reviews.sales.svc.cluster.local"
|
||||
// is used, it would be treated as a FQDN during virtual host matching.
|
||||
// In Consul, a plain service name would be resolved to the FQDN
|
||||
// "reviews.service.consul".
|
||||
//
|
||||
// Note that the hosts field applies to both HTTP and TCP
|
||||
// services. Service inside the mesh, i.e., those found in the service
|
||||
// registry, must always be referred to using their alphanumeric
|
||||
// names. IP addresses or CIDR prefixes are allowed only for services
|
||||
// defined via the Gateway.
|
||||
Hosts []string `json:"hosts"`
|
||||
|
||||
// The names of gateways and sidecars that should apply these routes. A
|
||||
// single VirtualService is used for sidecars inside the mesh as well
|
||||
// as for one or more gateways. The selection condition imposed by this field
|
||||
// can be overridden using the source field in the match conditions of HTTP/TCP
|
||||
// routes. The reserved word "mesh" is used to imply all the sidecars in
|
||||
// the mesh. When this field is omitted, the default gateway ("mesh")
|
||||
// will be used, which would apply the rule to all sidecars in the
|
||||
// mesh. If a list of gateway names is provided, the rules will apply
|
||||
// only to the gateways. To apply the rules to both gateways and sidecars,
|
||||
// specify "mesh" as one of the gateway names.
|
||||
Gateways []string `json:"gateways,omitempty"`
|
||||
|
||||
// An ordered list of route rules for HTTP traffic.
|
||||
// The first rule matching an incoming request is used.
|
||||
HTTP []HTTPRoute `json:"http,omitempty"`
|
||||
|
||||
// An ordered list of route rules for TCP traffic.
|
||||
// The first rule matching an incoming request is used.
|
||||
TCP []TCPRoute `json:"tcp,omitempty"`
|
||||
|
||||
TLS []TLSRoute `json:"tls,omitempty"`
|
||||
}
|
||||
|
||||
// Describes match conditions and actions for routing HTTP/1.1, HTTP2, and
|
||||
// gRPC traffic. See VirtualService for usage examples.
|
||||
type HTTPRoute struct {
|
||||
// Match conditions to be satisfied for the rule to be
|
||||
// activated. All conditions inside a single match block have AND
|
||||
// semantics, while the list of match blocks have OR semantics. The rule
|
||||
// is matched if any one of the match blocks succeed.
|
||||
Match []HTTPMatchRequest `json:"match,omitempty"`
|
||||
|
||||
// A http rule can either redirect or forward (default) traffic. The
|
||||
// forwarding target can be one of several versions of a service (see
|
||||
// glossary in beginning of document). Weights associated with the
|
||||
// service version determine the proportion of traffic it receives.
|
||||
Route []HTTPRouteDestination `json:"route,omitempty"`
|
||||
|
||||
// A http rule can either redirect or forward (default) traffic. If
|
||||
// traffic passthrough option is specified in the rule,
|
||||
// route/redirect will be ignored. The redirect primitive can be used to
|
||||
// send a HTTP 302 redirect to a different URI or Authority.
|
||||
Redirect *HTTPRedirect `json:"redirect,omitempty"`
|
||||
|
||||
// Rewrite HTTP URIs and Authority headers. Rewrite cannot be used with
|
||||
// Redirect primitive. Rewrite will be performed before forwarding.
|
||||
Rewrite *HTTPRewrite `json:"rewrite,omitempty"`
|
||||
|
||||
// Indicates that a HTTP/1.1 client connection to this particular route
|
||||
// should be allowed (and expected) to upgrade to a WebSocket connection.
|
||||
// The default is false. Istio's reference sidecar implementation (Envoy)
|
||||
// expects the first request to this route to contain the WebSocket
|
||||
// upgrade headers. Otherwise, the request will be rejected. Note that
|
||||
// Websocket allows secondary protocol negotiation which may then be
|
||||
// subject to further routing rules based on the protocol selected.
|
||||
WebsocketUpgrade bool `json:"websocketUpgrade,omitempty"`
|
||||
|
||||
// Timeout for HTTP requests.
|
||||
Timeout string `json:"timeout,omitempty"`
|
||||
|
||||
// Retry policy for HTTP requests.
|
||||
Retries *HTTPRetry `json:"retries,omitempty"`
|
||||
|
||||
// Fault injection policy to apply on HTTP traffic.
|
||||
Fault *HTTPFaultInjection `json:"fault,omitempty"`
|
||||
|
||||
// Mirror HTTP traffic to a another destination in addition to forwarding
|
||||
// the requests to the intended destination. Mirrored traffic is on a
|
||||
// best effort basis where the sidecar/gateway will not wait for the
|
||||
// mirrored cluster to respond before returning the response from the
|
||||
// original destination. Statistics will be generated for the mirrored
|
||||
// destination.
|
||||
Mirror *Destination `json:"mirror,omitempty"`
|
||||
|
||||
// Additional HTTP headers to add before forwarding a request to the
|
||||
// destination service.
|
||||
DeprecatedAppendHeaders map[string]string `json:"appendHeaders,omitempty"`
|
||||
|
||||
// Header manipulation rules
|
||||
Headers *Headers `json:"headers,omitempty"`
|
||||
|
||||
// Http headers to remove before returning the response to the caller
|
||||
RemoveResponseHeaders map[string]string `json:"removeResponseHeaders,omitempty"`
|
||||
|
||||
// Cross-Origin Resource Sharing policy
|
||||
CorsPolicy *CorsPolicy `json:"corsPolicy,omitempty"`
|
||||
}
|
||||
|
||||
// Headers describes header manipulation rules.
|
||||
type Headers struct {
|
||||
// Header manipulation rules to apply before forwarding a request
|
||||
// to the destination service
|
||||
Request *HeaderOperations `json:"request,omitempty"`
|
||||
|
||||
// Header manipulation rules to apply before returning a response
|
||||
// to the caller
|
||||
Response *HeaderOperations `json:"response,omitempty"`
|
||||
}
|
||||
|
||||
// HeaderOperations Describes the header manipulations to apply
|
||||
type HeaderOperations struct {
|
||||
// Overwrite the headers specified by key with the given values
|
||||
Set map[string]string `json:"set,omitempty"`
|
||||
|
||||
// Append the given values to the headers specified by keys
|
||||
// (will create a comma-separated list of values)
|
||||
Add map[string]string `json:"add,omitempty"`
|
||||
|
||||
// Remove a the specified headers
|
||||
Remove []string `json:"remove,omitempty"`
|
||||
}
|
||||
|
||||
// HttpMatchRequest specifies a set of criterion to be met in order for the
|
||||
// rule to be applied to the HTTP request. For example, the following
|
||||
// restricts the rule to match only requests where the URL path
|
||||
// starts with /ratings/v2/ and the request contains a "cookie" with value
|
||||
// "user=jason".
|
||||
//
|
||||
// apiVersion: networking.istio.io/v1alpha3
|
||||
// kind: VirtualService
|
||||
// metadata:
|
||||
// name: ratings-route
|
||||
// spec:
|
||||
// hosts:
|
||||
// - ratings
|
||||
// http:
|
||||
// - match:
|
||||
// - headers:
|
||||
// cookie:
|
||||
// regex: "^(.*?;)?(user=jason)(;.*)?"
|
||||
// uri:
|
||||
// prefix: "/ratings/v2/"
|
||||
// route:
|
||||
// - destination:
|
||||
// host: ratings
|
||||
//
|
||||
// HTTPMatchRequest CANNOT be empty.
|
||||
type HTTPMatchRequest struct {
|
||||
// URI to match
|
||||
// values are case-sensitive and formatted as follows:
|
||||
//
|
||||
// - `exact: "value"` for exact string match
|
||||
//
|
||||
// - `prefix: "value"` for prefix-based match
|
||||
//
|
||||
// - `regex: "value"` for ECMAscript style regex-based match
|
||||
//
|
||||
URI *v1alpha1.StringMatch `json:"uri,omitempty"`
|
||||
|
||||
// URI Scheme
|
||||
// values are case-sensitive and formatted as follows:
|
||||
//
|
||||
// - `exact: "value"` for exact string match
|
||||
//
|
||||
// - `prefix: "value"` for prefix-based match
|
||||
//
|
||||
// - `regex: "value"` for ECMAscript style regex-based match
|
||||
//
|
||||
Scheme *v1alpha1.StringMatch `json:"scheme,omitempty"`
|
||||
|
||||
// HTTP Method
|
||||
// values are case-sensitive and formatted as follows:
|
||||
//
|
||||
// - `exact: "value"` for exact string match
|
||||
//
|
||||
// - `prefix: "value"` for prefix-based match
|
||||
//
|
||||
// - `regex: "value"` for ECMAscript style regex-based match
|
||||
//
|
||||
Method *v1alpha1.StringMatch `json:"method,omitempty"`
|
||||
|
||||
// HTTP Authority
|
||||
// values are case-sensitive and formatted as follows:
|
||||
//
|
||||
// - `exact: "value"` for exact string match
|
||||
//
|
||||
// - `prefix: "value"` for prefix-based match
|
||||
//
|
||||
// - `regex: "value"` for ECMAscript style regex-based match
|
||||
//
|
||||
Authority *v1alpha1.StringMatch `json:"authority,omitempty"`
|
||||
|
||||
// The header keys must be lowercase and use hyphen as the separator,
|
||||
// e.g. _x-request-id_.
|
||||
//
|
||||
// Header values are case-sensitive and formatted as follows:
|
||||
//
|
||||
// - `exact: "value"` for exact string match
|
||||
//
|
||||
// - `prefix: "value"` for prefix-based match
|
||||
//
|
||||
// - `regex: "value"` for ECMAscript style regex-based match
|
||||
//
|
||||
// **Note:** The keys `uri`, `scheme`, `method`, and `authority` will be ignored.
|
||||
Headers map[string]v1alpha1.StringMatch `json:"headers,omitempty"`
|
||||
|
||||
// Specifies the ports on the host that is being addressed. Many services
|
||||
// only expose a single port or label ports with the protocols they support,
|
||||
// in these cases it is not required to explicitly select the port.
|
||||
Port uint32 `json:"port,omitempty"`
|
||||
|
||||
// One or more labels that constrain the applicability of a rule to
|
||||
// workloads with the given labels. If the VirtualService has a list of
|
||||
// gateways specified at the top, it should include the reserved gateway
|
||||
// `mesh` in order for this field to be applicable.
|
||||
SourceLabels map[string]string `json:"sourceLabels,omitempty"`
|
||||
|
||||
// Names of gateways where the rule should be applied to. Gateway names
|
||||
// at the top of the VirtualService (if any) are overridden. The gateway match is
|
||||
// independent of sourceLabels.
|
||||
Gateways []string `json:"gateways,omitempty"`
|
||||
}
|
||||
|
||||
type HTTPRouteDestination struct {
|
||||
// REQUIRED. Destination uniquely identifies the instances of a service
|
||||
// to which the request/connection should be forwarded to.
|
||||
Destination Destination `json:"destination"`
|
||||
|
||||
// REQUIRED. The proportion of traffic to be forwarded to the service
|
||||
// version. (0-100). Sum of weights across destinations SHOULD BE == 100.
|
||||
// If there is only destination in a rule, the weight value is assumed to
|
||||
// be 100.
|
||||
Weight int `json:"weight"`
|
||||
|
||||
// Header manipulation rules
|
||||
Headers *Headers `json:"headers,omitempty"`
|
||||
}
|
||||
|
||||
// Destination indicates the network addressable service to which the
|
||||
// request/connection will be sent after processing a routing rule. The
|
||||
// destination.name should unambiguously refer to a service in the service
|
||||
// registry. It can be a short name or a fully qualified domain name from
|
||||
// the service registry, a resolvable DNS name, an IP address or a service
|
||||
// name from the service registry and a subset name. The order of inference
|
||||
// is as follows:
|
||||
//
|
||||
// 1. Service registry lookup. The entire name is looked up in the service
|
||||
// registry. If the lookup succeeds, the search terminates. The requests
|
||||
// will be routed to any instance of the service in the mesh. When the
|
||||
// service name consists of a single word, the FQDN will be constructed in
|
||||
// a platform specific manner. For example, in Kubernetes, the namespace
|
||||
// associated with the routing rule will be used to identify the service as
|
||||
// <servicename>.<rulenamespace>. However, if the service name contains
|
||||
// multiple words separated by a dot (e.g., reviews.prod), the name in its
|
||||
// entirety would be looked up in the service registry.
|
||||
//
|
||||
// 2. Runtime DNS lookup by the proxy. If step 1 fails, and the name is not
|
||||
// an IP address, it will be considered as a DNS name that is not in the
|
||||
// service registry (e.g., wikipedia.org). The sidecar/gateway will resolve
|
||||
// the DNS and load balance requests appropriately. See Envoy's strict_dns
|
||||
// for details.
|
||||
//
|
||||
// The following example routes all traffic by default to pods of the
|
||||
// reviews service with label "version: v1" (i.e., subset v1), and some
|
||||
// to subset v2, in a kubernetes environment.
|
||||
//
|
||||
// apiVersion: networking.istio.io/v1alpha3
|
||||
// kind: VirtualService
|
||||
// metadata:
|
||||
// name: reviews-route
|
||||
// spec:
|
||||
// hosts:
|
||||
// - reviews # namespace is same as the client/caller's namespace
|
||||
// http:
|
||||
// - match:
|
||||
// - uri:
|
||||
// prefix: "/wpcatalog"
|
||||
// - uri:
|
||||
// prefix: "/consumercatalog"
|
||||
// rewrite:
|
||||
// uri: "/newcatalog"
|
||||
// route:
|
||||
// - destination:
|
||||
// host: reviews
|
||||
// subset: v2
|
||||
// - route:
|
||||
// - destination:
|
||||
// host: reviews
|
||||
// subset: v1
|
||||
//
|
||||
// And the associated DestinationRule
|
||||
//
|
||||
// apiVersion: networking.istio.io/v1alpha3
|
||||
// kind: DestinationRule
|
||||
// metadata:
|
||||
// name: reviews-destination
|
||||
// spec:
|
||||
// host: reviews
|
||||
// subsets:
|
||||
// - name: v1
|
||||
// labels:
|
||||
// version: v1
|
||||
// - name: v2
|
||||
// labels:
|
||||
// version: v2
|
||||
//
|
||||
// The following VirtualService sets a timeout of 5s for all calls to
|
||||
// productpage.prod service. Notice that there are no subsets defined in
|
||||
// this rule. Istio will fetch all instances of productpage.prod service
|
||||
// from the service registry and populate the sidecar's load balancing
|
||||
// pool.
|
||||
//
|
||||
// apiVersion: networking.istio.io/v1alpha3
|
||||
// kind: VirtualService
|
||||
// metadata:
|
||||
// name: my-productpage-rule
|
||||
// spec:
|
||||
// hosts:
|
||||
// - productpage.prod # in kubernetes, this applies only to prod namespace
|
||||
// http:
|
||||
// - timeout: 5s
|
||||
// route:
|
||||
// - destination:
|
||||
// host: productpage.prod
|
||||
//
|
||||
// The following sets a timeout of 5s for all calls to the external
|
||||
// service wikipedia.org, as there is no internal service of that name.
|
||||
//
|
||||
// apiVersion: networking.istio.io/v1alpha3
|
||||
// kind: VirtualService
|
||||
// metadata:
|
||||
// name: my-wiki-rule
|
||||
// spec:
|
||||
// hosts:
|
||||
// - wikipedia.org
|
||||
// http:
|
||||
// - timeout: 5s
|
||||
// route:
|
||||
// - destination:
|
||||
// host: wikipedia.org
|
||||
//
|
||||
type Destination struct {
|
||||
// REQUIRED. The name of a service from the service registry. Service
|
||||
// names are looked up from the platform's service registry (e.g.,
|
||||
// Kubernetes services, Consul services, etc.) and from the hosts
|
||||
// declared by [ServiceEntry](#ServiceEntry). Traffic forwarded to
|
||||
// destinations that are not found in either of the two, will be dropped.
|
||||
//
|
||||
// *Note for Kubernetes users*: When short names are used (e.g. "reviews"
|
||||
// instead of "reviews.default.svc.cluster.local"), Istio will interpret
|
||||
// the short name based on the namespace of the rule, not the service. A
|
||||
// rule in the "default" namespace containing a host "reviews will be
|
||||
// interpreted as "reviews.default.svc.cluster.local", irrespective of
|
||||
// the actual namespace associated with the reviews service. _To avoid
|
||||
// potential misconfigurations, it is recommended to always use fully
|
||||
// qualified domain names over short names._
|
||||
Host string `json:"host"`
|
||||
|
||||
// The name of a subset within the service. Applicable only to services
|
||||
// within the mesh. The subset must be defined in a corresponding
|
||||
// DestinationRule.
|
||||
Subset string `json:"subset,omitempty"`
|
||||
|
||||
// Specifies the port on the host that is being addressed. If a service
|
||||
// exposes only a single port it is not required to explicitly select the
|
||||
// port.
|
||||
Port PortSelector `json:"port,omitempty"`
|
||||
}
|
||||
|
||||
// PortSelector specifies the number of a port to be used for
|
||||
// matching or selection for final routing.
|
||||
type PortSelector struct {
|
||||
// Choose one of the fields below.
|
||||
|
||||
// Valid port number
|
||||
Number uint32 `json:"number,omitempty"`
|
||||
|
||||
// Valid port name
|
||||
Name string `json:"name,omitempty"`
|
||||
}
|
||||
|
||||
// Describes match conditions and actions for routing TCP traffic. The
|
||||
// following routing rule forwards traffic arriving at port 27017 for
|
||||
// mongo.prod.svc.cluster.local from 172.17.16.* subnet to another Mongo
|
||||
// server on port 5555.
|
||||
//
|
||||
// ```yaml
|
||||
// apiVersion: networking.istio.io/v1alpha3
|
||||
// kind: VirtualService
|
||||
// metadata:
|
||||
// name: bookinfo-Mongo
|
||||
// spec:
|
||||
// hosts:
|
||||
// - mongo.prod.svc.cluster.local
|
||||
// tcp:
|
||||
// - match:
|
||||
// - port: 27017
|
||||
// sourceSubnet: "172.17.16.0/24"
|
||||
// route:
|
||||
// - destination:
|
||||
// host: mongo.backup.svc.cluster.local
|
||||
// port:
|
||||
// number: 5555
|
||||
// ```
|
||||
type TCPRoute struct {
|
||||
// Match conditions to be satisfied for the rule to be
|
||||
// activated. All conditions inside a single match block have AND
|
||||
// semantics, while the list of match blocks have OR semantics. The rule
|
||||
// is matched if any one of the match blocks succeed.
|
||||
Match []L4MatchAttributes `json:"match"`
|
||||
|
||||
// The destinations to which the connection should be forwarded to. Weights
|
||||
// must add to 100%.
|
||||
Route []HTTPRouteDestination `json:"route"`
|
||||
}
|
||||
|
||||
// Describes match conditions and actions for routing unterminated TLS
|
||||
// traffic (TLS/HTTPS) The following routing rule forwards unterminated TLS
|
||||
// traffic arriving at port 443 of gateway called mygateway to internal
|
||||
// services in the mesh based on the SNI value.
|
||||
//
|
||||
// ```yaml
|
||||
// kind: VirtualService
|
||||
// metadata:
|
||||
// name: bookinfo-sni
|
||||
// spec:
|
||||
// hosts:
|
||||
// - '*.bookinfo.com'
|
||||
// gateways:
|
||||
// - mygateway
|
||||
// tls:
|
||||
// - match:
|
||||
// - port: 443
|
||||
// sniHosts:
|
||||
// - login.bookinfo.com
|
||||
// route:
|
||||
// - destination:
|
||||
// host: login.prod.svc.cluster.local
|
||||
// - match:
|
||||
// - port: 443
|
||||
// sniHosts:
|
||||
// - reviews.bookinfo.com
|
||||
// route:
|
||||
// - destination:
|
||||
// host: reviews.prod.svc.cluster.local
|
||||
// ```
|
||||
type TLSRoute struct {
|
||||
// REQUIRED. Match conditions to be satisfied for the rule to be
|
||||
// activated. All conditions inside a single match block have AND
|
||||
// semantics, while the list of match blocks have OR semantics. The rule
|
||||
// is matched if any one of the match blocks succeed.
|
||||
Match []TLSMatchAttributes `json:"match"`
|
||||
|
||||
// The destination to which the connection should be forwarded to.
|
||||
Route []HTTPRouteDestination `json:"route"`
|
||||
}
|
||||
|
||||
// L4 connection match attributes. Note that L4 connection matching support
|
||||
// is incomplete.
|
||||
type L4MatchAttributes struct {
|
||||
// IPv4 or IPv6 ip address of destination with optional subnet. E.g.,
|
||||
// a.b.c.d/xx form or just a.b.c.d.
|
||||
DestinationSubnets []string `json:"destinationSubnets,omitempty"`
|
||||
|
||||
// Specifies the port on the host that is being addressed. Many services
|
||||
// only expose a single port or label ports with the protocols they support,
|
||||
// in these cases it is not required to explicitly select the port.
|
||||
Port int `json:"port,omitempty"`
|
||||
|
||||
// One or more labels that constrain the applicability of a rule to
|
||||
// workloads with the given labels. If the VirtualService has a list of
|
||||
// gateways specified at the top, it should include the reserved gateway
|
||||
// `mesh` in order for this field to be applicable.
|
||||
SourceLabels map[string]string `json:"sourceLabels,omitempty"`
|
||||
|
||||
// Names of gateways where the rule should be applied to. Gateway names
|
||||
// at the top of the VirtualService (if any) are overridden. The gateway match is
|
||||
// independent of sourceLabels.
|
||||
Gateways []string `json:"gateways,omitempty"`
|
||||
}
|
||||
|
||||
// TLS connection match attributes.
|
||||
type TLSMatchAttributes struct {
|
||||
// REQUIRED. SNI (server name indicator) to match on. Wildcard prefixes
|
||||
// can be used in the SNI value, e.g., *.com will match foo.example.com
|
||||
// as well as example.com. An SNI value must be a subset (i.e., fall
|
||||
// within the domain) of the corresponding virtual service's hosts
|
||||
SniHosts []string `json:"sniHosts"`
|
||||
|
||||
// IPv4 or IPv6 ip addresses of destination with optional subnet. E.g.,
|
||||
// a.b.c.d/xx form or just a.b.c.d.
|
||||
DestinationSubnets []string `json:"destinationSubnets,omitempty"`
|
||||
|
||||
// Specifies the port on the host that is being addressed. Many services
|
||||
// only expose a single port or label ports with the protocols they support,
|
||||
// in these cases it is not required to explicitly select the port.
|
||||
Port int `json:"port,omitempty"`
|
||||
|
||||
// One or more labels that constrain the applicability of a rule to
|
||||
// workloads with the given labels. If the VirtualService has a list of
|
||||
// gateways specified at the top, it should include the reserved gateway
|
||||
// `mesh` in order for this field to be applicable.
|
||||
SourceLabels map[string]string `json:"sourceLabels,omitempty"`
|
||||
|
||||
// Names of gateways where the rule should be applied to. Gateway names
|
||||
// at the top of the VirtualService (if any) are overridden. The gateway match is
|
||||
// independent of sourceLabels.
|
||||
Gateways []string `json:"gateways,omitempty"`
|
||||
}
|
||||
|
||||
// HTTPRedirect can be used to send a 302 redirect response to the caller,
|
||||
// where the Authority/Host and the URI in the response can be swapped with
|
||||
// the specified values. For example, the following rule redirects
|
||||
// requests for /v1/getProductRatings API on the ratings service to
|
||||
// /v1/bookRatings provided by the bookratings service.
|
||||
//
|
||||
// apiVersion: networking.istio.io/v1alpha3
|
||||
// kind: VirtualService
|
||||
// metadata:
|
||||
// name: ratings-route
|
||||
// spec:
|
||||
// hosts:
|
||||
// - ratings
|
||||
// http:
|
||||
// - match:
|
||||
// - uri:
|
||||
// exact: /v1/getProductRatings
|
||||
// redirect:
|
||||
// uri: /v1/bookRatings
|
||||
// authority: bookratings.default.svc.cluster.local
|
||||
// ...
|
||||
//
|
||||
type HTTPRedirect struct {
|
||||
// On a redirect, overwrite the Path portion of the URL with this
|
||||
// value. Note that the entire path will be replaced, irrespective of the
|
||||
// request URI being matched as an exact path or prefix.
|
||||
URI string `json:"uri,omitempty"`
|
||||
|
||||
// On a redirect, overwrite the Authority/Host portion of the URL with
|
||||
// this value.
|
||||
Authority string `json:"authority,omitempty"`
|
||||
}
|
||||
|
||||
// HTTPRewrite can be used to rewrite specific parts of a HTTP request
|
||||
// before forwarding the request to the destination. Rewrite primitive can
|
||||
// be used only with the HTTPRouteDestinations. The following example
|
||||
// demonstrates how to rewrite the URL prefix for api call (/ratings) to
|
||||
// ratings service before making the actual API call.
|
||||
//
|
||||
// apiVersion: networking.istio.io/v1alpha3
|
||||
// kind: VirtualService
|
||||
// metadata:
|
||||
// name: ratings-route
|
||||
// spec:
|
||||
// hosts:
|
||||
// - ratings
|
||||
// http:
|
||||
// - match:
|
||||
// - uri:
|
||||
// prefix: /ratings
|
||||
// rewrite:
|
||||
// uri: /v1/bookRatings
|
||||
// route:
|
||||
// - destination:
|
||||
// host: ratings
|
||||
// subset: v1
|
||||
//
|
||||
type HTTPRewrite struct {
|
||||
// rewrite the path (or the prefix) portion of the URI with this
|
||||
// value. If the original URI was matched based on prefix, the value
|
||||
// provided in this field will replace the corresponding matched prefix.
|
||||
URI string `json:"uri,omitempty"`
|
||||
|
||||
// rewrite the Authority/Host header with this value.
|
||||
Authority string `json:"authority,omitempty"`
|
||||
}
|
||||
|
||||
// Describes the retry policy to use when a HTTP request fails. For
|
||||
// example, the following rule sets the maximum number of retries to 3 when
|
||||
// calling ratings:v1 service, with a 2s timeout per retry attempt.
|
||||
//
|
||||
// apiVersion: networking.istio.io/v1alpha3
|
||||
// kind: VirtualService
|
||||
// metadata:
|
||||
// name: ratings-route
|
||||
// spec:
|
||||
// hosts:
|
||||
// - ratings
|
||||
// http:
|
||||
// - route:
|
||||
// - destination:
|
||||
// host: ratings
|
||||
// subset: v1
|
||||
// retries:
|
||||
// attempts: 3
|
||||
// perTryTimeout: 2s
|
||||
//
|
||||
type HTTPRetry struct {
|
||||
// REQUIRED. Number of retries for a given request. The interval
|
||||
// between retries will be determined automatically (25ms+). Actual
|
||||
// number of retries attempted depends on the httpReqTimeout.
|
||||
Attempts int `json:"attempts"`
|
||||
|
||||
// Timeout per retry attempt for a given request. format: 1h/1m/1s/1ms. MUST BE >=1ms.
|
||||
PerTryTimeout string `json:"perTryTimeout"`
|
||||
}
|
||||
|
||||
// Describes the Cross-Origin Resource Sharing (CORS) policy, for a given
|
||||
// service. Refer to
|
||||
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
|
||||
// for further details about cross origin resource sharing. For example,
|
||||
// the following rule restricts cross origin requests to those originating
|
||||
// from example.com domain using HTTP POST/GET, and sets the
|
||||
// Access-Control-Allow-Credentials header to false. In addition, it only
|
||||
// exposes X-Foo-bar header and sets an expiry period of 1 day.
|
||||
//
|
||||
// apiVersion: networking.istio.io/v1alpha3
|
||||
// kind: VirtualService
|
||||
// metadata:
|
||||
// name: ratings-route
|
||||
// spec:
|
||||
// hosts:
|
||||
// - ratings
|
||||
// http:
|
||||
// - route:
|
||||
// - destination:
|
||||
// host: ratings
|
||||
// subset: v1
|
||||
// corsPolicy:
|
||||
// allowOrigin:
|
||||
// - example.com
|
||||
// allowMethods:
|
||||
// - POST
|
||||
// - GET
|
||||
// allowCredentials: false
|
||||
// allowHeaders:
|
||||
// - X-Foo-Bar
|
||||
// maxAge: "1d"
|
||||
//
|
||||
type CorsPolicy struct {
|
||||
// The list of origins that are allowed to perform CORS requests. The
|
||||
// content will be serialized into the Access-Control-Allow-Origin
|
||||
// header. Wildcard * will allow all origins.
|
||||
AllowOrigin []string `json:"allowOrigin,omitempty"`
|
||||
|
||||
// List of HTTP methods allowed to access the resource. The content will
|
||||
// be serialized into the Access-Control-Allow-Methods header.
|
||||
AllowMethods []string `json:"allowMethods,omitempty"`
|
||||
|
||||
// List of HTTP headers that can be used when requesting the
|
||||
// resource. Serialized to Access-Control-Allow-Methods header.
|
||||
AllowHeaders []string `json:"allowHeaders,omitempty"`
|
||||
|
||||
// A white list of HTTP headers that the browsers are allowed to
|
||||
// access. Serialized into Access-Control-Expose-Headers header.
|
||||
ExposeHeaders []string `json:"exposeHeaders,omitempty"`
|
||||
|
||||
// Specifies how long the results of a preflight request can be
|
||||
// cached. Translates to the Access-Control-Max-Age header.
|
||||
MaxAge string `json:"maxAge,omitempty"`
|
||||
|
||||
// Indicates whether the caller is allowed to send the actual request
|
||||
// (not the preflight) using credentials. Translates to
|
||||
// Access-Control-Allow-Credentials header.
|
||||
AllowCredentials bool `json:"allowCredentials,omitempty"`
|
||||
}
|
||||
|
||||
// HTTPFaultInjection can be used to specify one or more faults to inject
|
||||
// while forwarding http requests to the destination specified in a route.
|
||||
// Fault specification is part of a VirtualService rule. Faults include
|
||||
// aborting the Http request from downstream service, and/or delaying
|
||||
// proxying of requests. A fault rule MUST HAVE delay or abort or both.
|
||||
//
|
||||
// *Note:* Delay and abort faults are independent of one another, even if
|
||||
// both are specified simultaneously.
|
||||
type HTTPFaultInjection struct {
|
||||
// Delay requests before forwarding, emulating various failures such as
|
||||
// network issues, overloaded upstream service, etc.
|
||||
Delay *InjectDelay `json:"delay,omitempty"`
|
||||
|
||||
// Abort Http request attempts and return error codes back to downstream
|
||||
// service, giving the impression that the upstream service is faulty.
|
||||
Abort *InjectAbort `json:"abort,omitempty"`
|
||||
}
|
||||
|
||||
// Delay specification is used to inject latency into the request
|
||||
// forwarding path. The following example will introduce a 5 second delay
|
||||
// in 10% of the requests to the "v1" version of the "reviews"
|
||||
// service from all pods with label env: prod
|
||||
//
|
||||
// apiVersion: networking.istio.io/v1alpha3
|
||||
// kind: VirtualService
|
||||
// metadata:
|
||||
// name: reviews-route
|
||||
// spec:
|
||||
// hosts:
|
||||
// - reviews
|
||||
// http:
|
||||
// - match:
|
||||
// - sourceLabels:
|
||||
// env: prod
|
||||
// route:
|
||||
// - destination:
|
||||
// host: reviews
|
||||
// subset: v1
|
||||
// fault:
|
||||
// delay:
|
||||
// percent: 10
|
||||
// fixedDelay: 5s
|
||||
//
|
||||
// The _fixedDelay_ field is used to indicate the amount of delay in
|
||||
// seconds. An optional _percent_ field, a value between 0 and 100, can
|
||||
// be used to only delay a certain percentage of requests. If left
|
||||
// unspecified, all request will be delayed.
|
||||
type InjectDelay struct {
|
||||
// Percentage of requests on which the delay will be injected (0-100).
|
||||
Percent int `json:"percent,omitempty"`
|
||||
|
||||
// REQUIRED. Add a fixed delay before forwarding the request. Format:
|
||||
// 1h/1m/1s/1ms. MUST be >=1ms.
|
||||
FixedDelay string `json:"fixedDelay"`
|
||||
|
||||
// (-- Add a delay (based on an exponential function) before forwarding
|
||||
// the request. mean delay needed to derive the exponential delay
|
||||
// values --)
|
||||
ExponentialDelay string `json:"exponentialDelay,omitempty"`
|
||||
}
|
||||
|
||||
// Abort specification is used to prematurely abort a request with a
|
||||
// pre-specified error code. The following example will return an HTTP
|
||||
// 400 error code for 10% of the requests to the "ratings" service "v1".
|
||||
//
|
||||
// apiVersion: networking.istio.io/v1alpha3
|
||||
// kind: VirtualService
|
||||
// metadata:
|
||||
// name: ratings-route
|
||||
// spec:
|
||||
// hosts:
|
||||
// - ratings
|
||||
// http:
|
||||
// - route:
|
||||
// - destination:
|
||||
// host: ratings
|
||||
// subset: v1
|
||||
// fault:
|
||||
// abort:
|
||||
// percent: 10
|
||||
// httpStatus: 400
|
||||
//
|
||||
// The _httpStatus_ field is used to indicate the HTTP status code to
|
||||
// return to the caller. The optional _percent_ field, a value between 0
|
||||
// and 100, is used to only abort a certain percentage of requests. If
|
||||
// not specified, all requests are aborted.
|
||||
type InjectAbort struct {
|
||||
// Percentage of requests to be aborted with the error code provided (0-100).
|
||||
Percent int `json:"percent,omitempty"`
|
||||
|
||||
// REQUIRED. HTTP status code to use to abort the Http request.
|
||||
HTTPStatus int `json:"httpStatus"`
|
||||
}
|
||||
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
|
||||
// VirtualServiceList is a list of VirtualService resources
|
||||
type VirtualServiceList struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ListMeta `json:"metadata"`
|
||||
|
||||
Items []VirtualService `json:"items"`
|
||||
}
|
1287
vendor/github.com/knative/pkg/apis/istio/v1alpha3/zz_generated.deepcopy.go
generated
vendored
Normal file
1287
vendor/github.com/knative/pkg/apis/istio/v1alpha3/zz_generated.deepcopy.go
generated
vendored
Normal file
File diff suppressed because it is too large
Load Diff
75
vendor/github.com/knative/pkg/code-of-conduct.md
generated
vendored
Normal file
75
vendor/github.com/knative/pkg/code-of-conduct.md
generated
vendored
Normal file
@ -0,0 +1,75 @@
|
||||
# Contributor Covenant Code of Conduct
|
||||
|
||||
## Our Pledge
|
||||
|
||||
In the interest of fostering an open and welcoming environment, we as
|
||||
contributors and maintainers pledge to making participation in our project and
|
||||
our community a harassment-free experience for everyone, regardless of age, body
|
||||
size, disability, ethnicity, gender identity and expression, level of
|
||||
experience, education, socio-economic status, nationality, personal appearance,
|
||||
race, religion, or sexual identity and orientation.
|
||||
|
||||
## Our Standards
|
||||
|
||||
Examples of behavior that contributes to creating a positive environment
|
||||
include:
|
||||
|
||||
- Using welcoming and inclusive language
|
||||
- Being respectful of differing viewpoints and experiences
|
||||
- Gracefully accepting constructive criticism
|
||||
- Focusing on what is best for the community
|
||||
- Showing empathy towards other community members
|
||||
|
||||
Examples of unacceptable behavior by participants include:
|
||||
|
||||
- The use of sexualized language or imagery and unwelcome sexual attention or
|
||||
advances
|
||||
- Trolling, insulting/derogatory comments, and personal or political attacks
|
||||
- Public or private harassment
|
||||
- Publishing others' private information, such as a physical or electronic
|
||||
address, without explicit permission
|
||||
- Other conduct which could reasonably be considered inappropriate in a
|
||||
professional setting
|
||||
|
||||
## Our Responsibilities
|
||||
|
||||
Project maintainers are responsible for clarifying the standards of acceptable
|
||||
behavior and are expected to take appropriate and fair corrective action in
|
||||
response to any instances of unacceptable behavior.
|
||||
|
||||
Project maintainers have the right and responsibility to remove, edit, or reject
|
||||
comments, commits, code, wiki edits, issues, and other contributions that are
|
||||
not aligned to this Code of Conduct, or to ban temporarily or permanently any
|
||||
contributor for other behaviors that they deem inappropriate, threatening,
|
||||
offensive, or harmful.
|
||||
|
||||
## Scope
|
||||
|
||||
This Code of Conduct applies both within project spaces and in public spaces
|
||||
when an individual is representing the project or its community. Examples of
|
||||
representing a project or community include using an official project e-mail
|
||||
address, posting via an official social media account, or acting as an appointed
|
||||
representative at an online or offline event. Representation of a project may be
|
||||
further defined and clarified by project maintainers.
|
||||
|
||||
## Enforcement
|
||||
|
||||
Instances of abusive, harassing, or otherwise unacceptable behavior may be
|
||||
reported by contacting the project team at
|
||||
knative-code-of-conduct@googlegroups.com. All complaints will be reviewed and
|
||||
investigated and will result in a response that is deemed necessary and
|
||||
appropriate to the circumstances. The project team is obligated to maintain
|
||||
confidentiality with regard to the reporter of an incident. Further details of
|
||||
specific enforcement policies may be posted separately.
|
||||
|
||||
Project maintainers who do not follow or enforce the Code of Conduct in good
|
||||
faith may face temporary or permanent repercussions as determined by other
|
||||
members of the project's leadership.
|
||||
|
||||
## Attribution
|
||||
|
||||
This Code of Conduct is adapted from the [Contributor Covenant][homepage],
|
||||
version 1.4, available at
|
||||
https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
|
||||
|
||||
[homepage]: https://www.contributor-covenant.org
|
Loading…
Reference in New Issue
Block a user