admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

service policy

Browse Source 
refactor virtualservice controller
This commit is contained in:
Jeff
2019-03-28 14:02:51 +08:00
committed by zryfish
parent 43217d16a3
commit 2e1dc6a7b5
28 changed files with 2095 additions and 565 deletions
Download Patch File Download Diff File Expand all files Collapse all files

822
config/crds/servicemesh_v1alpha2_servicepolicy.yaml Normal file
View File

@@ -0,0 +1,822 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
labels:
controller-tools.k8s.io: "1.0"
name: servicepolicies.servicemesh.kubesphere.io
spec:
group: servicemesh.kubesphere.io
names:
kind: ServicePolicy
plural: servicepolicies
scope: Namespaced
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
properties:
selector:
description: Label selector for destination rules.
type: object
template:
description: Template used to create a destination rule
properties:
spec:
description: Spec indicates the behavior of a destination rule.
properties:
host:
description: 'REQUIRED. The name of a service from the service
registry. Service names are looked up from the platform''s
service registry (e.g., Kubernetes services, Consul services,
etc.) and from the hosts declared by [ServiceEntries](#ServiceEntry).
Rules defined for services that do not exist in the service
registry will be ignored. *Note for Kubernetes users*: When
short names are used (e.g. "reviews" instead of "reviews.default.svc.cluster.local"),
Istio will interpret the short name based on the namespace
of the rule, not the service. A rule in the "default" namespace
containing a host "reviews will be interpreted as "reviews.default.svc.cluster.local",
irrespective of the actual namespace associated with the reviews
service. _To avoid potential misconfigurations, it is recommended
to always use fully qualified domain names over short names._ Note
that the host field applies to both HTTP and TCP services.'
type: string
subsets:
description: One or more named sets that represent individual
versions of a service. Traffic policies can be overridden
at subset level.
items:
properties:
labels:
description: REQUIRED. Labels apply a filter over the
endpoints of a service in the service registry. See
route rules for examples of usage.
type: object
name:
description: REQUIRED. Name of the subset. The service
name and the subset name can be used for traffic splitting
in a route rule.
type: string
trafficPolicy:
description: Traffic policies that apply to this subset.
Subsets inherit the traffic policies specified at the
DestinationRule level. Settings specified at the subset
level will override the corresponding settings specified
at the DestinationRule level.
properties:
connectionPool:
description: Settings controlling the volume of connections
to an upstream service
properties:
http:
description: HTTP connection pool settings.
properties:
maxRequestsPerConnection:
description: Maximum number of requests per
connection to a backend. Setting this parameter
to 1 disables keep alive.
format: int32
type: integer
maxRetries:
description: Maximum number of retries that
can be outstanding to all hosts in a cluster
at a given time. Defaults to 3.
format: int32
type: integer
type: object
tcp:
description: Settings common to both HTTP and
TCP upstream connections.
properties:
connectTimeout:
description: TCP connection timeout.
type: string
maxConnections:
description: Maximum number of HTTP1 /TCP
connections to a destination host.
format: int32
type: integer
type: object
type: object
loadBalancer:
description: Settings controlling the load balancer
algorithms.
properties:
consistentHash:
properties:
httpCookie:
description: Hash based on HTTP cookie.
properties:
name:
description: REQUIRED. Name of the cookie.
type: string
path:
description: Path to set for the cookie.
type: string
ttl:
description: REQUIRED. Lifetime of the
cookie.
type: string
required:
- name
- ttl
type: object
httpHeaderName:
description: 'It is required to specify exactly
one of the fields as hash key: HttpHeaderName,
HttpCookie, or UseSourceIP. Hash based on
a specific HTTP header.'
type: string
minimumRingSize:
description: The minimum number of virtual
nodes to use for the hash ring. Defaults
to 1024. Larger ring sizes result in more
granular load distributions. If the number
of hosts in the load balancing pool is larger
than the ring size, each host will be assigned
a single virtual node.
format: int64
type: integer
useSourceIp:
description: Hash based on the source IP address.
type: boolean
type: object
simple:
description: 'It is required to specify exactly
one of the fields: Simple or ConsistentHash'
type: string
type: object
outlierDetection:
description: Settings controlling eviction of unhealthy
hosts from the load balancing pool
properties:
baseEjectionTime:
description: 'Minimum ejection duration. A host
will remain ejected for a period equal to the
product of minimum ejection duration and the
number of times the host has been ejected. This
technique allows the system to automatically
increase the ejection period for unhealthy upstream
servers. format: 1h/1m/1s/1ms. MUST BE >=1ms.
Default is 30s.'
type: string
consecutiveErrors:
description: Number of errors before a host is
ejected from the connection pool. Defaults to
5. When the upstream host is accessed over HTTP,
a 5xx return code qualifies as an error. When
the upstream host is accessed over an opaque
TCP connection, connect timeouts and connection
error/failure events qualify as an error.
format: int32
type: integer
interval:
description: 'Time interval between ejection sweep
analysis. format: 1h/1m/1s/1ms. MUST BE >=1ms.
Default is 10s.'
type: string
maxEjectionPercent:
description: Maximum % of hosts in the load balancing
pool for the upstream service that can be ejected.
Defaults to 10%.
format: int32
type: integer
type: object
portLevelSettings:
description: Traffic policies specific to individual
ports. Note that port level settings will override
the destination-level settings. Traffic settings
specified at the destination-level will not be inherited
when overridden by port-level settings, i.e. default
values will be applied to fields omitted in port-level
traffic policies.
items:
properties:
connectionPool:
description: Settings controlling the volume
of connections to an upstream service
properties:
http:
description: HTTP connection pool settings.
properties:
maxRequestsPerConnection:
description: Maximum number of requests
per connection to a backend. Setting
this parameter to 1 disables keep
alive.
format: int32
type: integer
maxRetries:
description: Maximum number of retries
that can be outstanding to all hosts
in a cluster at a given time. Defaults
to 3.
format: int32
type: integer
type: object
tcp:
description: Settings common to both HTTP
and TCP upstream connections.
properties:
connectTimeout:
description: TCP connection timeout.
type: string
maxConnections:
description: Maximum number of HTTP1
/TCP connections to a destination
host.
format: int32
type: integer
type: object
type: object
loadBalancer:
description: Settings controlling the load balancer
algorithms.
properties:
consistentHash:
properties:
httpCookie:
description: Hash based on HTTP cookie.
properties:
name:
description: REQUIRED. Name of the
cookie.
type: string
path:
description: Path to set for the
cookie.
type: string
ttl:
description: REQUIRED. Lifetime
of the cookie.
type: string
required:
- name
- ttl
type: object
httpHeaderName:
description: 'It is required to specify
exactly one of the fields as hash
key: HttpHeaderName, HttpCookie, or
UseSourceIP. Hash based on a specific
HTTP header.'
type: string
minimumRingSize:
description: The minimum number of virtual
nodes to use for the hash ring. Defaults
to 1024. Larger ring sizes result
in more granular load distributions.
If the number of hosts in the load
balancing pool is larger than the
ring size, each host will be assigned
a single virtual node.
format: int64
type: integer
useSourceIp:
description: Hash based on the source
IP address.
type: boolean
type: object
simple:
description: 'It is required to specify
exactly one of the fields: Simple or ConsistentHash'
type: string
type: object
outlierDetection:
description: Settings controlling eviction of
unhealthy hosts from the load balancing pool
properties:
baseEjectionTime:
description: 'Minimum ejection duration.
A host will remain ejected for a period
equal to the product of minimum ejection
duration and the number of times the host
has been ejected. This technique allows
the system to automatically increase the
ejection period for unhealthy upstream
servers. format: 1h/1m/1s/1ms. MUST BE
>=1ms. Default is 30s.'
type: string
consecutiveErrors:
description: Number of errors before a host
is ejected from the connection pool. Defaults
to 5. When the upstream host is accessed
over HTTP, a 5xx return code qualifies
as an error. When the upstream host is
accessed over an opaque TCP connection,
connect timeouts and connection error/failure
events qualify as an error.
format: int32
type: integer
interval:
description: 'Time interval between ejection
sweep analysis. format: 1h/1m/1s/1ms.
MUST BE >=1ms. Default is 10s.'
type: string
maxEjectionPercent:
description: Maximum % of hosts in the load
balancing pool for the upstream service
that can be ejected. Defaults to 10%.
format: int32
type: integer
type: object
port:
description: Specifies the port name or number
of a port on the destination service on which
this policy is being applied. Names must
comply with DNS label syntax (rfc1035) and
therefore cannot collide with numbers. If
there are multiple ports on a service with
the same protocol the names should be of the
form <protocol-name>-<DNS label>.
properties:
name:
description: Valid port name
type: string
number:
description: Valid port number
format: int32
type: integer
type: object
tls:
description: TLS related settings for connections
to the upstream service.
properties:
caCertificates:
description: 'OPTIONAL: The path to the
file containing certificate authority
certificates to use in verifying a presented
server certificate. If omitted, the proxy
will not verify the server''s certificate.
Should be empty if mode is `ISTIO_MUTUAL`.'
type: string
clientCertificate:
description: REQUIRED if mode is `MUTUAL`.
The path to the file holding the client-side
TLS certificate to use. Should be empty
if mode is `ISTIO_MUTUAL`.
type: string
mode:
description: 'REQUIRED: Indicates whether
connections to this port should be secured
using TLS. The value of this field determines
how TLS is enforced.'
type: string
privateKey:
description: REQUIRED if mode is `MUTUAL`.
The path to the file holding the client's
private key. Should be empty if mode is
`ISTIO_MUTUAL`.
type: string
sni:
description: SNI string to present to the
server during TLS handshake. Should be
empty if mode is `ISTIO_MUTUAL`.
type: string
subjectAltNames:
description: A list of alternate names to
verify the subject identity in the certificate.
If specified, the proxy will verify that
the server certificate's subject alt name
matches one of the specified values. Should
be empty if mode is `ISTIO_MUTUAL`.
items:
type: string
type: array
required:
- mode
type: object
required:
- port
type: object
type: array
tls:
description: TLS related settings for connections
to the upstream service.
properties:
caCertificates:
description: 'OPTIONAL: The path to the file containing
certificate authority certificates to use in
verifying a presented server certificate. If
omitted, the proxy will not verify the server''s
certificate. Should be empty if mode is `ISTIO_MUTUAL`.'
type: string
clientCertificate:
description: REQUIRED if mode is `MUTUAL`. The
path to the file holding the client-side TLS
certificate to use. Should be empty if mode
is `ISTIO_MUTUAL`.
type: string
mode:
description: 'REQUIRED: Indicates whether connections
to this port should be secured using TLS. The
value of this field determines how TLS is enforced.'
type: string
privateKey:
description: REQUIRED if mode is `MUTUAL`. The
path to the file holding the client's private
key. Should be empty if mode is `ISTIO_MUTUAL`.
type: string
sni:
description: SNI string to present to the server
during TLS handshake. Should be empty if mode
is `ISTIO_MUTUAL`.
type: string
subjectAltNames:
description: A list of alternate names to verify
the subject identity in the certificate. If
specified, the proxy will verify that the server
certificate's subject alt name matches one of
the specified values. Should be empty if mode
is `ISTIO_MUTUAL`.
items:
type: string
type: array
required:
- mode
type: object
type: object
required:
- name
- labels
type: object
type: array
trafficPolicy:
description: Traffic policies to apply (load balancing policy,
connection pool sizes, outlier detection).
properties:
connectionPool:
description: Settings controlling the volume of connections
to an upstream service
properties:
http:
description: HTTP connection pool settings.
properties:
maxRequestsPerConnection:
description: Maximum number of requests per connection
to a backend. Setting this parameter to 1 disables
keep alive.
format: int32
type: integer
maxRetries:
description: Maximum number of retries that can
be outstanding to all hosts in a cluster at a
given time. Defaults to 3.
format: int32
type: integer
type: object
tcp:
description: Settings common to both HTTP and TCP upstream
connections.
properties:
connectTimeout:
description: TCP connection timeout.
type: string
maxConnections:
description: Maximum number of HTTP1 /TCP connections
to a destination host.
format: int32
type: integer
type: object
type: object
loadBalancer:
description: Settings controlling the load balancer algorithms.
properties:
consistentHash:
properties:
httpCookie:
description: Hash based on HTTP cookie.
properties:
name:
description: REQUIRED. Name of the cookie.
type: string
path:
description: Path to set for the cookie.
type: string
ttl:
description: REQUIRED. Lifetime of the cookie.
type: string
required:
- name
- ttl
type: object
httpHeaderName:
description: 'It is required to specify exactly
one of the fields as hash key: HttpHeaderName,
HttpCookie, or UseSourceIP. Hash based on a specific
HTTP header.'
type: string
minimumRingSize:
description: The minimum number of virtual nodes
to use for the hash ring. Defaults to 1024. Larger
ring sizes result in more granular load distributions.
If the number of hosts in the load balancing pool
is larger than the ring size, each host will be
assigned a single virtual node.
format: int64
type: integer
useSourceIp:
description: Hash based on the source IP address.
type: boolean
type: object
simple:
description: 'It is required to specify exactly one
of the fields: Simple or ConsistentHash'
type: string
type: object
outlierDetection:
description: Settings controlling eviction of unhealthy
hosts from the load balancing pool
properties:
baseEjectionTime:
description: 'Minimum ejection duration. A host will
remain ejected for a period equal to the product of
minimum ejection duration and the number of times
the host has been ejected. This technique allows the
system to automatically increase the ejection period
for unhealthy upstream servers. format: 1h/1m/1s/1ms.
MUST BE >=1ms. Default is 30s.'
type: string
consecutiveErrors:
description: Number of errors before a host is ejected
from the connection pool. Defaults to 5. When the
upstream host is accessed over HTTP, a 5xx return
code qualifies as an error. When the upstream host
is accessed over an opaque TCP connection, connect
timeouts and connection error/failure events qualify
as an error.
format: int32
type: integer
interval:
description: 'Time interval between ejection sweep analysis.
format: 1h/1m/1s/1ms. MUST BE >=1ms. Default is 10s.'
type: string
maxEjectionPercent:
description: Maximum % of hosts in the load balancing
pool for the upstream service that can be ejected.
Defaults to 10%.
format: int32
type: integer
type: object
portLevelSettings:
description: Traffic policies specific to individual ports.
Note that port level settings will override the destination-level
settings. Traffic settings specified at the destination-level
will not be inherited when overridden by port-level settings,
i.e. default values will be applied to fields omitted
in port-level traffic policies.
items:
properties:
connectionPool:
description: Settings controlling the volume of connections
to an upstream service
properties:
http:
description: HTTP connection pool settings.
properties:
maxRequestsPerConnection:
description: Maximum number of requests per
connection to a backend. Setting this parameter
to 1 disables keep alive.
format: int32
type: integer
maxRetries:
description: Maximum number of retries that
can be outstanding to all hosts in a cluster
at a given time. Defaults to 3.
format: int32
type: integer
type: object
tcp:
description: Settings common to both HTTP and
TCP upstream connections.
properties:
connectTimeout:
description: TCP connection timeout.
type: string
maxConnections:
description: Maximum number of HTTP1 /TCP
connections to a destination host.
format: int32
type: integer
type: object
type: object
loadBalancer:
description: Settings controlling the load balancer
algorithms.
properties:
consistentHash:
properties:
httpCookie:
description: Hash based on HTTP cookie.
properties:
name:
description: REQUIRED. Name of the cookie.
type: string
path:
description: Path to set for the cookie.
type: string
ttl:
description: REQUIRED. Lifetime of the
cookie.
type: string
required:
- name
- ttl
type: object
httpHeaderName:
description: 'It is required to specify exactly
one of the fields as hash key: HttpHeaderName,
HttpCookie, or UseSourceIP. Hash based on
a specific HTTP header.'
type: string
minimumRingSize:
description: The minimum number of virtual
nodes to use for the hash ring. Defaults
to 1024. Larger ring sizes result in more
granular load distributions. If the number
of hosts in the load balancing pool is larger
than the ring size, each host will be assigned
a single virtual node.
format: int64
type: integer
useSourceIp:
description: Hash based on the source IP address.
type: boolean
type: object
simple:
description: 'It is required to specify exactly
one of the fields: Simple or ConsistentHash'
type: string
type: object
outlierDetection:
description: Settings controlling eviction of unhealthy
hosts from the load balancing pool
properties:
baseEjectionTime:
description: 'Minimum ejection duration. A host
will remain ejected for a period equal to the
product of minimum ejection duration and the
number of times the host has been ejected. This
technique allows the system to automatically
increase the ejection period for unhealthy upstream
servers. format: 1h/1m/1s/1ms. MUST BE >=1ms.
Default is 30s.'
type: string
consecutiveErrors:
description: Number of errors before a host is
ejected from the connection pool. Defaults to
5. When the upstream host is accessed over HTTP,
a 5xx return code qualifies as an error. When
the upstream host is accessed over an opaque
TCP connection, connect timeouts and connection
error/failure events qualify as an error.
format: int32
type: integer
interval:
description: 'Time interval between ejection sweep
analysis. format: 1h/1m/1s/1ms. MUST BE >=1ms.
Default is 10s.'
type: string
maxEjectionPercent:
description: Maximum % of hosts in the load balancing
pool for the upstream service that can be ejected.
Defaults to 10%.
format: int32
type: integer
type: object
port:
description: Specifies the port name or number of
a port on the destination service on which this
policy is being applied. Names must comply with
DNS label syntax (rfc1035) and therefore cannot
collide with numbers. If there are multiple ports
on a service with the same protocol the names should
be of the form <protocol-name>-<DNS label>.
properties:
name:
description: Valid port name
type: string
number:
description: Valid port number
format: int32
type: integer
type: object
tls:
description: TLS related settings for connections
to the upstream service.
properties:
caCertificates:
description: 'OPTIONAL: The path to the file containing
certificate authority certificates to use in
verifying a presented server certificate. If
omitted, the proxy will not verify the server''s
certificate. Should be empty if mode is `ISTIO_MUTUAL`.'
type: string
clientCertificate:
description: REQUIRED if mode is `MUTUAL`. The
path to the file holding the client-side TLS
certificate to use. Should be empty if mode
is `ISTIO_MUTUAL`.
type: string
mode:
description: 'REQUIRED: Indicates whether connections
to this port should be secured using TLS. The
value of this field determines how TLS is enforced.'
type: string
privateKey:
description: REQUIRED if mode is `MUTUAL`. The
path to the file holding the client's private
key. Should be empty if mode is `ISTIO_MUTUAL`.
type: string
sni:
description: SNI string to present to the server
during TLS handshake. Should be empty if mode
is `ISTIO_MUTUAL`.
type: string
subjectAltNames:
description: A list of alternate names to verify
the subject identity in the certificate. If
specified, the proxy will verify that the server
certificate's subject alt name matches one of
the specified values. Should be empty if mode
is `ISTIO_MUTUAL`.
items:
type: string
type: array
required:
- mode
type: object
required:
- port
type: object
type: array
tls:
description: TLS related settings for connections to the
upstream service.
properties:
caCertificates:
description: 'OPTIONAL: The path to the file containing
certificate authority certificates to use in verifying
a presented server certificate. If omitted, the proxy
will not verify the server''s certificate. Should
be empty if mode is `ISTIO_MUTUAL`.'
type: string
clientCertificate:
description: REQUIRED if mode is `MUTUAL`. The path
to the file holding the client-side TLS certificate
to use. Should be empty if mode is `ISTIO_MUTUAL`.
type: string
mode:
description: 'REQUIRED: Indicates whether connections
to this port should be secured using TLS. The value
of this field determines how TLS is enforced.'
type: string
privateKey:
description: REQUIRED if mode is `MUTUAL`. The path
to the file holding the client's private key. Should
be empty if mode is `ISTIO_MUTUAL`.
type: string
sni:
description: SNI string to present to the server during
TLS handshake. Should be empty if mode is `ISTIO_MUTUAL`.
type: string
subjectAltNames:
description: A list of alternate names to verify the
subject identity in the certificate. If specified,
the proxy will verify that the server certificate's
subject alt name matches one of the specified values.
Should be empty if mode is `ISTIO_MUTUAL`.
items:
type: string
type: array
required:
- mode
type: object
type: object
required:
- host
type: object
type: object
type: object
status:
type: object
version: v1alpha2
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []