From e908150836d417b5ca90ec08c318a12a9fb4a193 Mon Sep 17 00:00:00 2001 From: "Roland.Ma" Date: Mon, 31 May 2021 02:19:39 +0000 Subject: [PATCH] delete istio crds Signed-off-by: Roland.Ma --- config/crds/istio-crds.yaml | 1116 ----------------- .../crds/istio_v1alpha3_destinationrule.yaml | 763 ----------- config/crds/istio_v1alpha3_gateway.yaml | 129 -- .../crds/istio_v1alpha3_virtualservice.yaml | 695 ---------- 4 files changed, 2703 deletions(-) delete mode 100644 config/crds/istio-crds.yaml delete mode 100644 config/crds/istio_v1alpha3_destinationrule.yaml delete mode 100644 config/crds/istio_v1alpha3_gateway.yaml delete mode 100644 config/crds/istio_v1alpha3_virtualservice.yaml diff --git a/config/crds/istio-crds.yaml b/config/crds/istio-crds.yaml deleted file mode 100644 index acdf5392b..000000000 --- a/config/crds/istio-crds.yaml +++ /dev/null @@ -1,1116 +0,0 @@ -# {{ if or .Values.global.crds (semverCompare ">=2.10.0-0" .Capabilities.TillerVersion.SemVer) }} -# these CRDs only make sense when pilot is enabled -# {{- if .Values.pilot.enabled }} -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: virtualservices.networking.istio.io - annotations: - "helm.sh/hook": crd-install - labels: - app: istio-pilot -spec: - group: networking.istio.io - names: - kind: VirtualService - listKind: VirtualServiceList - plural: virtualservices - singular: virtualservice - categories: - - istio-io - - networking-istio-io - scope: Namespaced - version: v1alpha3 ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: destinationrules.networking.istio.io - annotations: - "helm.sh/hook": crd-install - labels: - app: istio-pilot -spec: - group: networking.istio.io - names: - kind: DestinationRule - listKind: DestinationRuleList - plural: destinationrules - singular: destinationrule - categories: - - istio-io - - networking-istio-io - scope: Namespaced - version: v1alpha3 ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: serviceentries.networking.istio.io - annotations: - "helm.sh/hook": crd-install - labels: - app: istio-pilot -spec: - group: networking.istio.io - names: - kind: ServiceEntry - listKind: ServiceEntryList - plural: serviceentries - singular: serviceentry - categories: - - istio-io - - networking-istio-io - scope: Namespaced - version: v1alpha3 ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: gateways.networking.istio.io - annotations: - "helm.sh/hook": crd-install - "helm.sh/hook-weight": "-5" - labels: - app: istio-pilot -spec: - group: networking.istio.io - names: - kind: Gateway - plural: gateways - singular: gateway - categories: - - istio-io - - networking-istio-io - scope: Namespaced - version: v1alpha3 ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: envoyfilters.networking.istio.io - annotations: - "helm.sh/hook": crd-install - labels: - app: istio-pilot -spec: - group: networking.istio.io - names: - kind: EnvoyFilter - plural: envoyfilters - singular: envoyfilter - categories: - - istio-io - - networking-istio-io - scope: Namespaced - version: v1alpha3 ---- -# {{- end }} - -# these CRDs only make sense when security is enabled -# {{- if .Values.security.enabled }} -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - annotations: - "helm.sh/hook": crd-install - name: policies.authentication.istio.io -spec: - group: authentication.istio.io - names: - kind: Policy - plural: policies - singular: policy - categories: - - istio-io - - authentication-istio-io - scope: Namespaced - version: v1alpha1 ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - annotations: - "helm.sh/hook": crd-install - name: meshpolicies.authentication.istio.io -spec: - group: authentication.istio.io - names: - kind: MeshPolicy - listKind: MeshPolicyList - plural: meshpolicies - singular: meshpolicy - categories: - - istio-io - - authentication-istio-io - scope: Cluster - version: v1alpha1 ---- -# {{- end }} - -# {{- if .Values.mixer.enabled }} -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - annotations: - "helm.sh/hook": crd-install - name: httpapispecbindings.config.istio.io -spec: - group: config.istio.io - names: - kind: HTTPAPISpecBinding - plural: httpapispecbindings - singular: httpapispecbinding - categories: - - istio-io - - apim-istio-io - scope: Namespaced - version: v1alpha2 ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - annotations: - "helm.sh/hook": crd-install - name: httpapispecs.config.istio.io -spec: - group: config.istio.io - names: - kind: HTTPAPISpec - plural: httpapispecs - singular: httpapispec - categories: - - istio-io - - apim-istio-io - scope: Namespaced - version: v1alpha2 ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - annotations: - "helm.sh/hook": crd-install - name: quotaspecbindings.config.istio.io -spec: - group: config.istio.io - names: - kind: QuotaSpecBinding - plural: quotaspecbindings - singular: quotaspecbinding - categories: - - istio-io - - apim-istio-io - scope: Namespaced - version: v1alpha2 ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - annotations: - "helm.sh/hook": crd-install - name: quotaspecs.config.istio.io -spec: - group: config.istio.io - names: - kind: QuotaSpec - plural: quotaspecs - singular: quotaspec - categories: - - istio-io - - apim-istio-io - scope: Namespaced - version: v1alpha2 ---- - -# Mixer CRDs -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: rules.config.istio.io - annotations: - "helm.sh/hook": crd-install - labels: - app: mixer - package: istio.io.mixer - istio: core -spec: - group: config.istio.io - names: - kind: rule - plural: rules - singular: rule - categories: - - istio-io - - policy-istio-io - scope: Namespaced - version: v1alpha2 ---- - -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: attributemanifests.config.istio.io - annotations: - "helm.sh/hook": crd-install - labels: - app: mixer - package: istio.io.mixer - istio: core -spec: - group: config.istio.io - names: - kind: attributemanifest - plural: attributemanifests - singular: attributemanifest - categories: - - istio-io - - policy-istio-io - scope: Namespaced - version: v1alpha2 ---- - -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: bypasses.config.istio.io - annotations: - "helm.sh/hook": crd-install - labels: - app: mixer - package: bypass - istio: mixer-adapter -spec: - group: config.istio.io - names: - kind: bypass - plural: bypasses - singular: bypass - categories: - - istio-io - - policy-istio-io - scope: Namespaced - version: v1alpha2 ---- - -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: circonuses.config.istio.io - annotations: - "helm.sh/hook": crd-install - labels: - app: mixer - package: circonus - istio: mixer-adapter -spec: - group: config.istio.io - names: - kind: circonus - plural: circonuses - singular: circonus - categories: - - istio-io - - policy-istio-io - scope: Namespaced - version: v1alpha2 ---- - -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: deniers.config.istio.io - annotations: - "helm.sh/hook": crd-install - labels: - app: mixer - package: denier - istio: mixer-adapter -spec: - group: config.istio.io - names: - kind: denier - plural: deniers - singular: denier - categories: - - istio-io - - policy-istio-io - scope: Namespaced - version: v1alpha2 ---- - -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: fluentds.config.istio.io - annotations: - "helm.sh/hook": crd-install - labels: - app: mixer - package: fluentd - istio: mixer-adapter -spec: - group: config.istio.io - names: - kind: fluentd - plural: fluentds - singular: fluentd - categories: - - istio-io - - policy-istio-io - scope: Namespaced - version: v1alpha2 ---- - -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: kubernetesenvs.config.istio.io - annotations: - "helm.sh/hook": crd-install - labels: - app: mixer - package: kubernetesenv - istio: mixer-adapter -spec: - group: config.istio.io - names: - kind: kubernetesenv - plural: kubernetesenvs - singular: kubernetesenv - categories: - - istio-io - - policy-istio-io - scope: Namespaced - version: v1alpha2 ---- - -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: listcheckers.config.istio.io - annotations: - "helm.sh/hook": crd-install - labels: - app: mixer - package: listchecker - istio: mixer-adapter -spec: - group: config.istio.io - names: - kind: listchecker - plural: listcheckers - singular: listchecker - categories: - - istio-io - - policy-istio-io - scope: Namespaced - version: v1alpha2 ---- - -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: memquotas.config.istio.io - annotations: - "helm.sh/hook": crd-install - labels: - app: mixer - package: memquota - istio: mixer-adapter -spec: - group: config.istio.io - names: - kind: memquota - plural: memquotas - singular: memquota - categories: - - istio-io - - policy-istio-io - scope: Namespaced - version: v1alpha2 ---- - -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: noops.config.istio.io - annotations: - "helm.sh/hook": crd-install - labels: - app: mixer - package: noop - istio: mixer-adapter -spec: - group: config.istio.io - names: - kind: noop - plural: noops - singular: noop - categories: - - istio-io - - policy-istio-io - scope: Namespaced - version: v1alpha2 ---- - -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: opas.config.istio.io - annotations: - "helm.sh/hook": crd-install - labels: - app: mixer - package: opa - istio: mixer-adapter -spec: - group: config.istio.io - names: - kind: opa - plural: opas - singular: opa - categories: - - istio-io - - policy-istio-io - scope: Namespaced - version: v1alpha2 ---- - -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: prometheuses.config.istio.io - annotations: - "helm.sh/hook": crd-install - labels: - app: mixer - package: prometheus - istio: mixer-adapter -spec: - group: config.istio.io - names: - kind: prometheus - plural: prometheuses - singular: prometheus - categories: - - istio-io - - policy-istio-io - scope: Namespaced - version: v1alpha2 ---- - -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: rbacs.config.istio.io - annotations: - "helm.sh/hook": crd-install - labels: - app: mixer - package: rbac - istio: mixer-adapter -spec: - group: config.istio.io - names: - kind: rbac - plural: rbacs - singular: rbac - categories: - - istio-io - - policy-istio-io - scope: Namespaced - version: v1alpha2 ---- - -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: redisquotas.config.istio.io - annotations: - "helm.sh/hook": crd-install - labels: - package: redisquota - istio: mixer-adapter -spec: - group: config.istio.io - names: - kind: redisquota - plural: redisquotas - singular: redisquota - scope: Namespaced - version: v1alpha2 ---- - -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: servicecontrols.config.istio.io - annotations: - "helm.sh/hook": crd-install - labels: - app: mixer - package: servicecontrol - istio: mixer-adapter -spec: - group: config.istio.io - names: - kind: servicecontrol - plural: servicecontrols - singular: servicecontrol - categories: - - istio-io - - policy-istio-io - scope: Namespaced - version: v1alpha2 - ---- - -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: signalfxs.config.istio.io - annotations: - "helm.sh/hook": crd-install - labels: - app: mixer - package: signalfx - istio: mixer-adapter -spec: - group: config.istio.io - names: - kind: signalfx - plural: signalfxs - singular: signalfx - categories: - - istio-io - - policy-istio-io - scope: Namespaced - version: v1alpha2 ---- - -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: solarwindses.config.istio.io - annotations: - "helm.sh/hook": crd-install - labels: - app: mixer - package: solarwinds - istio: mixer-adapter -spec: - group: config.istio.io - names: - kind: solarwinds - plural: solarwindses - singular: solarwinds - categories: - - istio-io - - policy-istio-io - scope: Namespaced - version: v1alpha2 ---- - -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: stackdrivers.config.istio.io - annotations: - "helm.sh/hook": crd-install - labels: - app: mixer - package: stackdriver - istio: mixer-adapter -spec: - group: config.istio.io - names: - kind: stackdriver - plural: stackdrivers - singular: stackdriver - categories: - - istio-io - - policy-istio-io - scope: Namespaced - version: v1alpha2 ---- - -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: statsds.config.istio.io - annotations: - "helm.sh/hook": crd-install - labels: - app: mixer - package: statsd - istio: mixer-adapter -spec: - group: config.istio.io - names: - kind: statsd - plural: statsds - singular: statsd - categories: - - istio-io - - policy-istio-io - scope: Namespaced - version: v1alpha2 ---- - -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: stdios.config.istio.io - annotations: - "helm.sh/hook": crd-install - labels: - app: mixer - package: stdio - istio: mixer-adapter -spec: - group: config.istio.io - names: - kind: stdio - plural: stdios - singular: stdio - categories: - - istio-io - - policy-istio-io - scope: Namespaced - version: v1alpha2 ---- - -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: apikeys.config.istio.io - annotations: - "helm.sh/hook": crd-install - labels: - app: mixer - package: apikey - istio: mixer-instance -spec: - group: config.istio.io - names: - kind: apikey - plural: apikeys - singular: apikey - categories: - - istio-io - - policy-istio-io - scope: Namespaced - version: v1alpha2 ---- - -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: authorizations.config.istio.io - annotations: - "helm.sh/hook": crd-install - labels: - app: mixer - package: authorization - istio: mixer-instance -spec: - group: config.istio.io - names: - kind: authorization - plural: authorizations - singular: authorization - categories: - - istio-io - - policy-istio-io - scope: Namespaced - version: v1alpha2 ---- - -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: checknothings.config.istio.io - annotations: - "helm.sh/hook": crd-install - labels: - app: mixer - package: checknothing - istio: mixer-instance -spec: - group: config.istio.io - names: - kind: checknothing - plural: checknothings - singular: checknothing - categories: - - istio-io - - policy-istio-io - scope: Namespaced - version: v1alpha2 ---- - -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: kuberneteses.config.istio.io - annotations: - "helm.sh/hook": crd-install - labels: - app: mixer - package: adapter.template.kubernetes - istio: mixer-instance -spec: - group: config.istio.io - names: - kind: kubernetes - plural: kuberneteses - singular: kubernetes - categories: - - istio-io - - policy-istio-io - scope: Namespaced - version: v1alpha2 ---- - -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: listentries.config.istio.io - annotations: - "helm.sh/hook": crd-install - labels: - app: mixer - package: listentry - istio: mixer-instance -spec: - group: config.istio.io - names: - kind: listentry - plural: listentries - singular: listentry - categories: - - istio-io - - policy-istio-io - scope: Namespaced - version: v1alpha2 ---- - -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: logentries.config.istio.io - annotations: - "helm.sh/hook": crd-install - labels: - app: mixer - package: logentry - istio: mixer-instance -spec: - group: config.istio.io - names: - kind: logentry - plural: logentries - singular: logentry - categories: - - istio-io - - policy-istio-io - scope: Namespaced - version: v1alpha2 ---- - -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: edges.config.istio.io - annotations: - "helm.sh/hook": crd-install - labels: - app: mixer - package: edge - istio: mixer-instance -spec: - group: config.istio.io - names: - kind: edge - plural: edges - singular: edge - categories: - - istio-io - - policy-istio-io - scope: Namespaced - version: v1alpha2 ---- - -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: metrics.config.istio.io - annotations: - "helm.sh/hook": crd-install - labels: - app: mixer - package: metric - istio: mixer-instance -spec: - group: config.istio.io - names: - kind: metric - plural: metrics - singular: metric - categories: - - istio-io - - policy-istio-io - scope: Namespaced - version: v1alpha2 ---- - -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: quotas.config.istio.io - annotations: - "helm.sh/hook": crd-install - labels: - app: mixer - package: quota - istio: mixer-instance -spec: - group: config.istio.io - names: - kind: quota - plural: quotas - singular: quota - categories: - - istio-io - - policy-istio-io - scope: Namespaced - version: v1alpha2 ---- - -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: reportnothings.config.istio.io - annotations: - "helm.sh/hook": crd-install - labels: - app: mixer - package: reportnothing - istio: mixer-instance -spec: - group: config.istio.io - names: - kind: reportnothing - plural: reportnothings - singular: reportnothing - categories: - - istio-io - - policy-istio-io - scope: Namespaced - version: v1alpha2 ---- - -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: servicecontrolreports.config.istio.io - annotations: - "helm.sh/hook": crd-install - labels: - app: mixer - package: servicecontrolreport - istio: mixer-instance -spec: - group: config.istio.io - names: - kind: servicecontrolreport - plural: servicecontrolreports - singular: servicecontrolreport - categories: - - istio-io - - policy-istio-io - scope: Namespaced - version: v1alpha2 ---- - -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: tracespans.config.istio.io - annotations: - "helm.sh/hook": crd-install - labels: - app: mixer - package: tracespan - istio: mixer-instance -spec: - group: config.istio.io - names: - kind: tracespan - plural: tracespans - singular: tracespan - categories: - - istio-io - - policy-istio-io - scope: Namespaced - version: v1alpha2 ---- - -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: rbacconfigs.rbac.istio.io - annotations: - "helm.sh/hook": crd-install - labels: - app: mixer - package: istio.io.mixer - istio: rbac -spec: - group: rbac.istio.io - names: - kind: RbacConfig - plural: rbacconfigs - singular: rbacconfig - categories: - - istio-io - - rbac-istio-io - scope: Namespaced - version: v1alpha1 ---- - -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: serviceroles.rbac.istio.io - annotations: - "helm.sh/hook": crd-install - labels: - app: mixer - package: istio.io.mixer - istio: rbac -spec: - group: rbac.istio.io - names: - kind: ServiceRole - plural: serviceroles - singular: servicerole - categories: - - istio-io - - rbac-istio-io - scope: Namespaced - version: v1alpha1 ---- - -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: servicerolebindings.rbac.istio.io - annotations: - "helm.sh/hook": crd-install - labels: - app: mixer - package: istio.io.mixer - istio: rbac -spec: - group: rbac.istio.io - names: - kind: ServiceRoleBinding - plural: servicerolebindings - singular: servicerolebinding - categories: - - istio-io - - rbac-istio-io - scope: Namespaced - version: v1alpha1 ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: adapters.config.istio.io - annotations: - "helm.sh/hook": crd-install - labels: - app: mixer - package: adapter - istio: mixer-adapter -spec: - group: config.istio.io - names: - kind: adapter - plural: adapters - singular: adapter - categories: - - istio-io - - policy-istio-io - scope: Namespaced - version: v1alpha2 ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: instances.config.istio.io - annotations: - "helm.sh/hook": crd-install - labels: - app: mixer - package: instance - istio: mixer-instance -spec: - group: config.istio.io - names: - kind: instance - plural: instances - singular: instance - categories: - - istio-io - - policy-istio-io - scope: Namespaced - version: v1alpha2 ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: templates.config.istio.io - annotations: - "helm.sh/hook": crd-install - labels: - app: mixer - package: template - istio: mixer-template -spec: - group: config.istio.io - names: - kind: template - plural: templates - singular: template - categories: - - istio-io - - policy-istio-io - scope: Namespaced - version: v1alpha2 ---- -kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 -metadata: - name: handlers.config.istio.io - annotations: - "helm.sh/hook": crd-install - labels: - app: mixer - package: handler - istio: mixer-handler -spec: - group: config.istio.io - names: - kind: handler - plural: handlers - singular: handler - categories: - - istio-io - - policy-istio-io - scope: Namespaced - version: v1alpha2 ---- -# {{- end }} -# {{ end }} \ No newline at end of file diff --git a/config/crds/istio_v1alpha3_destinationrule.yaml b/config/crds/istio_v1alpha3_destinationrule.yaml deleted file mode 100644 index a20b44af8..000000000 --- a/config/crds/istio_v1alpha3_destinationrule.yaml +++ /dev/null @@ -1,763 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - labels: - controller-tools.k8s.io: "1.0" - name: destinationrules.istio.kubesphere.io -spec: - group: istio.kubesphere.io - names: - kind: DestinationRule - plural: destinationrules - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - host: - description: 'REQUIRED. The name of a service from the service registry. - Service names are looked up from the platform''s service registry - (e.g., Kubernetes services, Consul services, etc.) and from the hosts - declared by [ServiceEntries](#ServiceEntry). Rules defined for services - that do not exist in the service registry will be ignored. *Note - for Kubernetes users*: When short names are used (e.g. "reviews" instead - of "reviews.default.svc.cluster.local"), Istio will interpret the - short name based on the namespace of the rule, not the service. A - rule in the "default" namespace containing a host "reviews will be - interpreted as "reviews.default.svc.cluster.local", irrespective of - the actual namespace associated with the reviews service. _To avoid - potential misconfigurations, it is recommended to always use fully - qualified domain names over short names._ Note that the host field - applies to both HTTP and TCP services.' - type: string - subsets: - description: One or more named sets that represent individual versions - of a service. Traffic policies can be overridden at subset level. - items: - properties: - labels: - description: REQUIRED. Labels apply a filter over the endpoints - of a service in the service registry. See route rules for examples - of usage. - type: object - name: - description: REQUIRED. Name of the subset. The service name and - the subset name can be used for traffic splitting in a route - rule. - type: string - trafficPolicy: - description: Traffic policies that apply to this subset. Subsets - inherit the traffic policies specified at the DestinationRule - level. Settings specified at the subset level will override - the corresponding settings specified at the DestinationRule - level. - properties: - connectionPool: - description: Settings controlling the volume of connections - to an upstream service - properties: - http: - description: HTTP connection pool settings. - properties: - maxRequestsPerConnection: - description: Maximum number of requests per connection - to a backend. Setting this parameter to 1 disables - keep alive. - format: int32 - type: integer - maxRetries: - description: Maximum number of retries that can be - outstanding to all hosts in a cluster at a given - time. Defaults to 3. - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP upstream - connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections - to a destination host. - format: int32 - type: integer - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer algorithms. - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: REQUIRED. Name of the cookie. - type: string - path: - description: Path to set for the cookie. - type: string - ttl: - description: REQUIRED. Lifetime of the cookie. - type: string - required: - - name - - ttl - type: object - httpHeaderName: - description: 'It is required to specify exactly one - of the fields as hash key: HttpHeaderName, HttpCookie, - or UseSourceIP. Hash based on a specific HTTP header.' - type: string - minimumRingSize: - description: The minimum number of virtual nodes to - use for the hash ring. Defaults to 1024. Larger - ring sizes result in more granular load distributions. - If the number of hosts in the load balancing pool - is larger than the ring size, each host will be - assigned a single virtual node. - format: int64 - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - simple: - description: 'It is required to specify exactly one of - the fields: Simple or ConsistentHash' - type: string - type: object - outlierDetection: - description: Settings controlling eviction of unhealthy hosts - from the load balancing pool - properties: - baseEjectionTime: - description: 'Minimum ejection duration. A host will remain - ejected for a period equal to the product of minimum - ejection duration and the number of times the host has - been ejected. This technique allows the system to automatically - increase the ejection period for unhealthy upstream - servers. format: 1h/1m/1s/1ms. MUST BE >=1ms. Default - is 30s.' - type: string - consecutiveErrors: - description: Number of errors before a host is ejected - from the connection pool. Defaults to 5. When the upstream - host is accessed over HTTP, a 5xx return code qualifies - as an error. When the upstream host is accessed over - an opaque TCP connection, connect timeouts and connection - error/failure events qualify as an error. - format: int32 - type: integer - interval: - description: 'Time interval between ejection sweep analysis. - format: 1h/1m/1s/1ms. MUST BE >=1ms. Default is 10s.' - type: string - maxEjectionPercent: - description: Maximum % of hosts in the load balancing - pool for the upstream service that can be ejected. Defaults - to 10%. - format: int32 - type: integer - type: object - portLevelSettings: - description: Traffic policies specific to individual ports. - Note that port level settings will override the destination-level - settings. Traffic settings specified at the destination-level - will not be inherited when overridden by port-level settings, - i.e. default values will be applied to fields omitted in - port-level traffic policies. - items: - properties: - connectionPool: - description: Settings controlling the volume of connections - to an upstream service - properties: - http: - description: HTTP connection pool settings. - properties: - maxRequestsPerConnection: - description: Maximum number of requests per - connection to a backend. Setting this parameter - to 1 disables keep alive. - format: int32 - type: integer - maxRetries: - description: Maximum number of retries that - can be outstanding to all hosts in a cluster - at a given time. Defaults to 3. - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP - upstream connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections - to a destination host. - format: int32 - type: integer - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer - algorithms. - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: REQUIRED. Name of the cookie. - type: string - path: - description: Path to set for the cookie. - type: string - ttl: - description: REQUIRED. Lifetime of the cookie. - type: string - required: - - name - - ttl - type: object - httpHeaderName: - description: 'It is required to specify exactly - one of the fields as hash key: HttpHeaderName, - HttpCookie, or UseSourceIP. Hash based on - a specific HTTP header.' - type: string - minimumRingSize: - description: The minimum number of virtual nodes - to use for the hash ring. Defaults to 1024. - Larger ring sizes result in more granular - load distributions. If the number of hosts - in the load balancing pool is larger than - the ring size, each host will be assigned - a single virtual node. - format: int64 - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - simple: - description: 'It is required to specify exactly - one of the fields: Simple or ConsistentHash' - type: string - type: object - outlierDetection: - description: Settings controlling eviction of unhealthy - hosts from the load balancing pool - properties: - baseEjectionTime: - description: 'Minimum ejection duration. A host - will remain ejected for a period equal to the - product of minimum ejection duration and the number - of times the host has been ejected. This technique - allows the system to automatically increase the - ejection period for unhealthy upstream servers. - format: 1h/1m/1s/1ms. MUST BE >=1ms. Default is - 30s.' - type: string - consecutiveErrors: - description: Number of errors before a host is ejected - from the connection pool. Defaults to 5. When - the upstream host is accessed over HTTP, a 5xx - return code qualifies as an error. When the upstream - host is accessed over an opaque TCP connection, - connect timeouts and connection error/failure - events qualify as an error. - format: int32 - type: integer - interval: - description: 'Time interval between ejection sweep - analysis. format: 1h/1m/1s/1ms. MUST BE >=1ms. - Default is 10s.' - type: string - maxEjectionPercent: - description: Maximum % of hosts in the load balancing - pool for the upstream service that can be ejected. - Defaults to 10%. - format: int32 - type: integer - type: object - port: - description: Specifies the port name or number of a - port on the destination service on which this policy - is being applied. Names must comply with DNS label - syntax (rfc1035) and therefore cannot collide with - numbers. If there are multiple ports on a service - with the same protocol the names should be of the - form -. - properties: - name: - description: Valid port name - type: string - number: - description: Valid port number - format: int32 - type: integer - type: object - tls: - description: TLS related settings for connections to - the upstream service. - properties: - caCertificates: - description: 'OPTIONAL: The path to the file containing - certificate authority certificates to use in verifying - a presented server certificate. If omitted, the - proxy will not verify the server''s certificate. - Should be empty if mode is `ISTIO_MUTUAL`.' - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. The path - to the file holding the client-side TLS certificate - to use. Should be empty if mode is `ISTIO_MUTUAL`. - type: string - mode: - description: 'REQUIRED: Indicates whether connections - to this port should be secured using TLS. The - value of this field determines how TLS is enforced.' - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. The path - to the file holding the client's private key. - Should be empty if mode is `ISTIO_MUTUAL`. - type: string - sni: - description: SNI string to present to the server - during TLS handshake. Should be empty if mode - is `ISTIO_MUTUAL`. - type: string - subjectAltNames: - description: A list of alternate names to verify - the subject identity in the certificate. If specified, - the proxy will verify that the server certificate's - subject alt name matches one of the specified - values. Should be empty if mode is `ISTIO_MUTUAL`. - items: - type: string - type: array - required: - - mode - type: object - required: - - port - type: object - type: array - tls: - description: TLS related settings for connections to the upstream - service. - properties: - caCertificates: - description: 'OPTIONAL: The path to the file containing - certificate authority certificates to use in verifying - a presented server certificate. If omitted, the proxy - will not verify the server''s certificate. Should be - empty if mode is `ISTIO_MUTUAL`.' - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. The path to - the file holding the client-side TLS certificate to - use. Should be empty if mode is `ISTIO_MUTUAL`. - type: string - mode: - description: 'REQUIRED: Indicates whether connections - to this port should be secured using TLS. The value - of this field determines how TLS is enforced.' - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. The path to - the file holding the client's private key. Should be - empty if mode is `ISTIO_MUTUAL`. - type: string - sni: - description: SNI string to present to the server during - TLS handshake. Should be empty if mode is `ISTIO_MUTUAL`. - type: string - subjectAltNames: - description: A list of alternate names to verify the subject - identity in the certificate. If specified, the proxy - will verify that the server certificate's subject alt - name matches one of the specified values. Should be - empty if mode is `ISTIO_MUTUAL`. - items: - type: string - type: array - required: - - mode - type: object - type: object - required: - - name - - labels - type: object - type: array - trafficPolicy: - description: Traffic policies to apply (load balancing policy, connection - pool sizes, outlier detection). - properties: - connectionPool: - description: Settings controlling the volume of connections to an - upstream service - properties: - http: - description: HTTP connection pool settings. - properties: - maxRequestsPerConnection: - description: Maximum number of requests per connection to - a backend. Setting this parameter to 1 disables keep alive. - format: int32 - type: integer - maxRetries: - description: Maximum number of retries that can be outstanding - to all hosts in a cluster at a given time. Defaults to - 3. - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP upstream connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections to - a destination host. - format: int32 - type: integer - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer algorithms. - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: REQUIRED. Name of the cookie. - type: string - path: - description: Path to set for the cookie. - type: string - ttl: - description: REQUIRED. Lifetime of the cookie. - type: string - required: - - name - - ttl - type: object - httpHeaderName: - description: 'It is required to specify exactly one of the - fields as hash key: HttpHeaderName, HttpCookie, or UseSourceIP. - Hash based on a specific HTTP header.' - type: string - minimumRingSize: - description: The minimum number of virtual nodes to use - for the hash ring. Defaults to 1024. Larger ring sizes - result in more granular load distributions. If the number - of hosts in the load balancing pool is larger than the - ring size, each host will be assigned a single virtual - node. - format: int64 - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - simple: - description: 'It is required to specify exactly one of the fields: - Simple or ConsistentHash' - type: string - type: object - outlierDetection: - description: Settings controlling eviction of unhealthy hosts from - the load balancing pool - properties: - baseEjectionTime: - description: 'Minimum ejection duration. A host will remain - ejected for a period equal to the product of minimum ejection - duration and the number of times the host has been ejected. - This technique allows the system to automatically increase - the ejection period for unhealthy upstream servers. format: - 1h/1m/1s/1ms. MUST BE >=1ms. Default is 30s.' - type: string - consecutiveErrors: - description: Number of errors before a host is ejected from - the connection pool. Defaults to 5. When the upstream host - is accessed over HTTP, a 5xx return code qualifies as an error. - When the upstream host is accessed over an opaque TCP connection, - connect timeouts and connection error/failure events qualify - as an error. - format: int32 - type: integer - interval: - description: 'Time interval between ejection sweep analysis. - format: 1h/1m/1s/1ms. MUST BE >=1ms. Default is 10s.' - type: string - maxEjectionPercent: - description: Maximum % of hosts in the load balancing pool for - the upstream service that can be ejected. Defaults to 10%. - format: int32 - type: integer - type: object - portLevelSettings: - description: Traffic policies specific to individual ports. Note - that port level settings will override the destination-level settings. - Traffic settings specified at the destination-level will not be - inherited when overridden by port-level settings, i.e. default - values will be applied to fields omitted in port-level traffic - policies. - items: - properties: - connectionPool: - description: Settings controlling the volume of connections - to an upstream service - properties: - http: - description: HTTP connection pool settings. - properties: - maxRequestsPerConnection: - description: Maximum number of requests per connection - to a backend. Setting this parameter to 1 disables - keep alive. - format: int32 - type: integer - maxRetries: - description: Maximum number of retries that can be - outstanding to all hosts in a cluster at a given - time. Defaults to 3. - format: int32 - type: integer - type: object - tcp: - description: Settings common to both HTTP and TCP upstream - connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections - to a destination host. - format: int32 - type: integer - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer algorithms. - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: REQUIRED. Name of the cookie. - type: string - path: - description: Path to set for the cookie. - type: string - ttl: - description: REQUIRED. Lifetime of the cookie. - type: string - required: - - name - - ttl - type: object - httpHeaderName: - description: 'It is required to specify exactly one - of the fields as hash key: HttpHeaderName, HttpCookie, - or UseSourceIP. Hash based on a specific HTTP header.' - type: string - minimumRingSize: - description: The minimum number of virtual nodes to - use for the hash ring. Defaults to 1024. Larger - ring sizes result in more granular load distributions. - If the number of hosts in the load balancing pool - is larger than the ring size, each host will be - assigned a single virtual node. - format: int64 - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - simple: - description: 'It is required to specify exactly one of - the fields: Simple or ConsistentHash' - type: string - type: object - outlierDetection: - description: Settings controlling eviction of unhealthy hosts - from the load balancing pool - properties: - baseEjectionTime: - description: 'Minimum ejection duration. A host will remain - ejected for a period equal to the product of minimum - ejection duration and the number of times the host has - been ejected. This technique allows the system to automatically - increase the ejection period for unhealthy upstream - servers. format: 1h/1m/1s/1ms. MUST BE >=1ms. Default - is 30s.' - type: string - consecutiveErrors: - description: Number of errors before a host is ejected - from the connection pool. Defaults to 5. When the upstream - host is accessed over HTTP, a 5xx return code qualifies - as an error. When the upstream host is accessed over - an opaque TCP connection, connect timeouts and connection - error/failure events qualify as an error. - format: int32 - type: integer - interval: - description: 'Time interval between ejection sweep analysis. - format: 1h/1m/1s/1ms. MUST BE >=1ms. Default is 10s.' - type: string - maxEjectionPercent: - description: Maximum % of hosts in the load balancing - pool for the upstream service that can be ejected. Defaults - to 10%. - format: int32 - type: integer - type: object - port: - description: Specifies the port name or number of a port on - the destination service on which this policy is being applied. Names - must comply with DNS label syntax (rfc1035) and therefore - cannot collide with numbers. If there are multiple ports - on a service with the same protocol the names should be - of the form -. - properties: - name: - description: Valid port name - type: string - number: - description: Valid port number - format: int32 - type: integer - type: object - tls: - description: TLS related settings for connections to the upstream - service. - properties: - caCertificates: - description: 'OPTIONAL: The path to the file containing - certificate authority certificates to use in verifying - a presented server certificate. If omitted, the proxy - will not verify the server''s certificate. Should be - empty if mode is `ISTIO_MUTUAL`.' - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. The path to - the file holding the client-side TLS certificate to - use. Should be empty if mode is `ISTIO_MUTUAL`. - type: string - mode: - description: 'REQUIRED: Indicates whether connections - to this port should be secured using TLS. The value - of this field determines how TLS is enforced.' - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. The path to - the file holding the client's private key. Should be - empty if mode is `ISTIO_MUTUAL`. - type: string - sni: - description: SNI string to present to the server during - TLS handshake. Should be empty if mode is `ISTIO_MUTUAL`. - type: string - subjectAltNames: - description: A list of alternate names to verify the subject - identity in the certificate. If specified, the proxy - will verify that the server certificate's subject alt - name matches one of the specified values. Should be - empty if mode is `ISTIO_MUTUAL`. - items: - type: string - type: array - required: - - mode - type: object - required: - - port - type: object - type: array - tls: - description: TLS related settings for connections to the upstream - service. - properties: - caCertificates: - description: 'OPTIONAL: The path to the file containing certificate - authority certificates to use in verifying a presented server - certificate. If omitted, the proxy will not verify the server''s - certificate. Should be empty if mode is `ISTIO_MUTUAL`.' - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. The path to the file - holding the client-side TLS certificate to use. Should be - empty if mode is `ISTIO_MUTUAL`. - type: string - mode: - description: 'REQUIRED: Indicates whether connections to this - port should be secured using TLS. The value of this field - determines how TLS is enforced.' - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. The path to the file - holding the client's private key. Should be empty if mode - is `ISTIO_MUTUAL`. - type: string - sni: - description: SNI string to present to the server during TLS - handshake. Should be empty if mode is `ISTIO_MUTUAL`. - type: string - subjectAltNames: - description: A list of alternate names to verify the subject - identity in the certificate. If specified, the proxy will - verify that the server certificate's subject alt name matches - one of the specified values. Should be empty if mode is `ISTIO_MUTUAL`. - items: - type: string - type: array - required: - - mode - type: object - type: object - required: - - host - type: object - required: - - spec - version: v1alpha3 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/config/crds/istio_v1alpha3_gateway.yaml b/config/crds/istio_v1alpha3_gateway.yaml deleted file mode 100644 index 72a81f4e8..000000000 --- a/config/crds/istio_v1alpha3_gateway.yaml +++ /dev/null @@ -1,129 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - labels: - controller-tools.k8s.io: "1.0" - name: gateways.istio.kubesphere.io -spec: - group: istio.kubesphere.io - names: - kind: Gateway - plural: gateways - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - selector: - description: One or more labels that indicate a specific set of pods/VMs - on which this gateway configuration should be applied. If no selectors - are provided, the gateway will be implemented by the default istio-ingress - controller. - type: object - servers: - description: 'REQUIRED: A list of server specifications.' - items: - properties: - hosts: - description: A list of hosts exposed by this gateway. While typically - applicable to HTTP services, it can also be used for TCP services - using TLS with SNI. Standard DNS wildcard prefix syntax is permitted. A - VirtualService that is bound to a gateway must having a matching - host in its default destination. Specifically one of the VirtualService - destination hosts is a strict suffix of a gateway host or a - gateway host is a suffix of one of the VirtualService hosts. - items: - type: string - type: array - port: - description: 'REQUIRED: The Port on which the proxy should listen - for incoming connections' - properties: - name: - description: Label assigned to the port. - type: string - number: - description: 'REQUIRED: A valid non-negative integer port - number.' - format: int64 - type: integer - protocol: - description: 'REQUIRED: The protocol exposed on the port. - MUST BE one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP.' - type: string - required: - - number - - protocol - type: object - tls: - description: Set of TLS related options that govern the server's - behavior. Use these options to control if all http requests - should be redirected to https, and the TLS modes to use. - properties: - caCertificates: - description: REQUIRED if mode is "MUTUAL". The path to a file - containing certificate authority certificates to use in - verifying a presented client side certificate. - type: string - httpsRedirect: - description: If set to true, the load balancer will send a - 302 redirect for all http connections, asking the clients - to use HTTPS. - type: boolean - mode: - description: 'Optional: Indicates whether connections to this - port should be secured using TLS. The value of this field - determines how TLS is enforced.' - type: string - privateKey: - description: REQUIRED if mode is "SIMPLE" or "MUTUAL". The - path to the file holding the server's private key. - type: string - serverCertificate: - description: REQUIRED if mode is "SIMPLE" or "MUTUAL". The - path to the file holding the server-side TLS certificate - to use. - type: string - subjectAltNames: - description: A list of alternate names to verify the subject - identity in the certificate presented by the client. - items: - type: string - type: array - required: - - httpsRedirect - - serverCertificate - - privateKey - - caCertificates - - subjectAltNames - type: object - required: - - port - type: object - type: array - required: - - servers - type: object - required: - - spec - version: v1alpha3 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/config/crds/istio_v1alpha3_virtualservice.yaml b/config/crds/istio_v1alpha3_virtualservice.yaml deleted file mode 100644 index 23ef3f681..000000000 --- a/config/crds/istio_v1alpha3_virtualservice.yaml +++ /dev/null @@ -1,695 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - creationTimestamp: null - labels: - controller-tools.k8s.io: "1.0" - name: virtualservices.istio.kubesphere.io -spec: - group: istio.kubesphere.io - names: - kind: VirtualService - plural: virtualservices - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - gateways: - description: The names of gateways and sidecars that should apply these - routes. A single VirtualService is used for sidecars inside the mesh - as well as for one or more gateways. The selection condition imposed - by this field can be overridden using the source field in the match - conditions of HTTP/TCP routes. The reserved word "mesh" is used to - imply all the sidecars in the mesh. When this field is omitted, the - default gateway ("mesh") will be used, which would apply the rule - to all sidecars in the mesh. If a list of gateway names is provided, - the rules will apply only to the gateways. To apply the rules to both - gateways and sidecars, specify "mesh" as one of the gateway names. - items: - type: string - type: array - hosts: - description: REQUIRED. The destination address for traffic captured - by this virtual service. Could be a DNS name with wildcard prefix - or a CIDR prefix. Depending on the platform, short-names can also - be used instead of a FQDN (i.e. has no dots in the name). In such - a scenario, the FQDN of the host would be derived based on the underlying - platform. For example on Kubernetes, when hosts contains a short - name, Istio will interpret the short name based on the namespace of - the rule. Thus, when a client namespace applies a rule in the "default" - namespace containing a name "reviews, Istio will setup routes to the - "reviews.default.svc.cluster.local" service. However, if a different - name such as "reviews.sales.svc.cluster.local" is used, it would be - treated as a FQDN during virtual host matching. In Consul, a plain - service name would be resolved to the FQDN "reviews.service.consul". Note - that the hosts field applies to both HTTP and TCP services. Service - inside the mesh, i.e., those found in the service registry, must always - be referred to using their alphanumeric names. IP addresses or CIDR - prefixes are allowed only for services defined via the Gateway. - items: - type: string - type: array - http: - description: An ordered list of route rules for HTTP traffic. The first - rule matching an incoming request is used. - items: - properties: - appendHeaders: - description: Additional HTTP headers to add before forwarding - a request to the destination service. - type: object - corsPolicy: - description: Cross-Origin Resource Sharing policy - properties: - allowCredentials: - description: Indicates whether the caller is allowed to send - the actual request (not the preflight) using credentials. - Translates to Access-Control-Allow-Credentials header. - type: boolean - allowHeaders: - description: List of HTTP headers that can be used when requesting - the resource. Serialized to Access-Control-Allow-Methods - header. - items: - type: string - type: array - allowMethods: - description: List of HTTP methods allowed to access the resource. - The content will be serialized into the Access-Control-Allow-Methods - header. - items: - type: string - type: array - allowOrigin: - description: The list of origins that are allowed to perform - CORS requests. The content will be serialized into the Access-Control-Allow-Origin - header. Wildcard * will allow all origins. - items: - type: string - type: array - exposeHeaders: - description: A white list of HTTP headers that the browsers - are allowed to access. Serialized into Access-Control-Expose-Headers - header. - items: - type: string - type: array - maxAge: - description: Specifies how long the the results of a preflight - request can be cached. Translates to the Access-Control-Max-Age - header. - type: string - type: object - fault: - description: Fault injection policy to apply on HTTP traffic. - properties: - abort: - description: Abort Http request attempts and return error - codes back to downstream service, giving the impression - that the upstream service is faulty. - properties: - httpStatus: - description: REQUIRED. HTTP status code to use to abort - the Http request. - format: int64 - type: integer - percent: - description: Percentage of requests to be aborted with - the error code provided (0-100). - format: int64 - type: integer - required: - - httpStatus - type: object - delay: - description: Delay requests before forwarding, emulating various - failures such as network issues, overloaded upstream service, - etc. - properties: - exponentialDelay: - description: (-- Add a delay (based on an exponential - function) before forwarding the request. mean delay - needed to derive the exponential delay values --) - type: string - fixedDelay: - description: 'REQUIRED. Add a fixed delay before forwarding - the request. Format: 1h/1m/1s/1ms. MUST be >=1ms.' - type: string - percent: - description: Percentage of requests on which the delay - will be injected (0-100). - format: int64 - type: integer - required: - - fixedDelay - type: object - type: object - match: - description: Match conditions to be satisfied for the rule to - be activated. All conditions inside a single match block have - AND semantics, while the list of match blocks have OR semantics. - The rule is matched if any one of the match blocks succeed. - items: - properties: - authority: - description: 'HTTP Authority values are case-sensitive and - formatted as follows: - `exact: "value"` for exact string - match - `prefix: "value"` for prefix-based match - `regex: - "value"` for ECMAscript style regex-based match' - properties: - exact: - description: exact string match - type: string - prefix: - description: prefix-based match - type: string - regex: - description: ECMAscript style regex-based match - type: string - suffix: - description: suffix-based match. - type: string - type: object - gateways: - description: Names of gateways where the rule should be - applied to. Gateway names at the top of the VirtualService - (if any) are overridden. The gateway match is independent - of sourceLabels. - items: - type: string - type: array - headers: - description: 'The header keys must be lowercase and use - hyphen as the separator, e.g. _x-request-id_. Header - values are case-sensitive and formatted as follows: - - `exact: "value"` for exact string match - `prefix: "value"` - for prefix-based match - `regex: "value"` for ECMAscript - style regex-based match **Note:** The keys `uri`, `scheme`, - `method`, and `authority` will be ignored.' - type: object - method: - description: 'HTTP Method values are case-sensitive and - formatted as follows: - `exact: "value"` for exact string - match - `prefix: "value"` for prefix-based match - `regex: - "value"` for ECMAscript style regex-based match' - properties: - exact: - description: exact string match - type: string - prefix: - description: prefix-based match - type: string - regex: - description: ECMAscript style regex-based match - type: string - suffix: - description: suffix-based match. - type: string - type: object - port: - description: Specifies the ports on the host that is being - addressed. Many services only expose a single port or - label ports with the protocols they support, in these - cases it is not required to explicitly select the port. - format: int32 - type: integer - scheme: - description: 'URI Scheme values are case-sensitive and formatted - as follows: - `exact: "value"` for exact string match - - `prefix: "value"` for prefix-based match - `regex: "value"` - for ECMAscript style regex-based match' - properties: - exact: - description: exact string match - type: string - prefix: - description: prefix-based match - type: string - regex: - description: ECMAscript style regex-based match - type: string - suffix: - description: suffix-based match. - type: string - type: object - sourceLabels: - description: One or more labels that constrain the applicability - of a rule to workloads with the given labels. If the VirtualService - has a list of gateways specified at the top, it should - include the reserved gateway `mesh` in order for this - field to be applicable. - type: object - uri: - description: 'URI to match values are case-sensitive and - formatted as follows: - `exact: "value"` for exact string - match - `prefix: "value"` for prefix-based match - `regex: - "value"` for ECMAscript style regex-based match' - properties: - exact: - description: exact string match - type: string - prefix: - description: prefix-based match - type: string - regex: - description: ECMAscript style regex-based match - type: string - suffix: - description: suffix-based match. - type: string - type: object - type: object - type: array - mirror: - description: Mirror HTTP traffic to a another destination in addition - to forwarding the requests to the intended destination. Mirrored - traffic is on a best effort basis where the sidecar/gateway - will not wait for the mirrored cluster to respond before returning - the response from the original destination. Statistics will - be generated for the mirrored destination. - properties: - host: - description: 'REQUIRED. The name of a service from the service - registry. Service names are looked up from the platform''s - service registry (e.g., Kubernetes services, Consul services, - etc.) and from the hosts declared by [ServiceEntry](#ServiceEntry). - Traffic forwarded to destinations that are not found in - either of the two, will be dropped. *Note for Kubernetes - users*: When short names are used (e.g. "reviews" instead - of "reviews.default.svc.cluster.local"), Istio will interpret - the short name based on the namespace of the rule, not the - service. A rule in the "default" namespace containing a - host "reviews will be interpreted as "reviews.default.svc.cluster.local", - irrespective of the actual namespace associated with the - reviews service. _To avoid potential misconfigurations, - it is recommended to always use fully qualified domain names - over short names._' - type: string - port: - description: Specifies the port on the host that is being - addressed. If a service exposes only a single port it is - not required to explicitly select the port. - properties: - name: - description: Valid port name - type: string - number: - description: Valid port number - format: int32 - type: integer - type: object - subset: - description: The name of a subset within the service. Applicable - only to services within the mesh. The subset must be defined - in a corresponding DestinationRule. - type: string - required: - - host - type: object - redirect: - description: A http rule can either redirect or forward (default) - traffic. If traffic passthrough option is specified in the rule, - route/redirect will be ignored. The redirect primitive can be - used to send a HTTP 302 redirect to a different URI or Authority. - properties: - authority: - description: On a redirect, overwrite the Authority/Host portion - of the URL with this value. - type: string - uri: - description: On a redirect, overwrite the Path portion of - the URL with this value. Note that the entire path will - be replaced, irrespective of the request URI being matched - as an exact path or prefix. - type: string - type: object - removeResponseHeaders: - description: Http headers to remove before returning the response - to the caller - type: object - retries: - description: Retry policy for HTTP requests. - properties: - attempts: - description: REQUIRED. Number of retries for a given request. - The interval between retries will be determined automatically - (25ms+). Actual number of retries attempted depends on the - httpReqTimeout. - format: int64 - type: integer - perTryTimeout: - description: 'Timeout per retry attempt for a given request. - format: 1h/1m/1s/1ms. MUST BE >=1ms.' - type: string - required: - - attempts - - perTryTimeout - type: object - rewrite: - description: Rewrite HTTP URIs and Authority headers. Rewrite - cannot be used with Redirect primitive. Rewrite will be performed - before forwarding. - properties: - authority: - description: rewrite the Authority/Host header with this value. - type: string - uri: - description: rewrite the path (or the prefix) portion of the - URI with this value. If the original URI was matched based - on prefix, the value provided in this field will replace - the corresponding matched prefix. - type: string - type: object - route: - description: A http rule can either redirect or forward (default) - traffic. The forwarding target can be one of several versions - of a service (see glossary in beginning of document). Weights - associated with the service version determine the proportion - of traffic it receives. - items: - properties: - destination: - description: REQUIRED. Destination uniquely identifies the - instances of a service to which the request/connection - should be forwarded to. - properties: - host: - description: 'REQUIRED. The name of a service from the - service registry. Service names are looked up from - the platform''s service registry (e.g., Kubernetes - services, Consul services, etc.) and from the hosts - declared by [ServiceEntry](#ServiceEntry). Traffic - forwarded to destinations that are not found in either - of the two, will be dropped. *Note for Kubernetes - users*: When short names are used (e.g. "reviews" - instead of "reviews.default.svc.cluster.local"), Istio - will interpret the short name based on the namespace - of the rule, not the service. A rule in the "default" - namespace containing a host "reviews will be interpreted - as "reviews.default.svc.cluster.local", irrespective - of the actual namespace associated with the reviews - service. _To avoid potential misconfigurations, it - is recommended to always use fully qualified domain - names over short names._' - type: string - port: - description: Specifies the port on the host that is - being addressed. If a service exposes only a single - port it is not required to explicitly select the port. - properties: - name: - description: Valid port name - type: string - number: - description: Valid port number - format: int32 - type: integer - type: object - subset: - description: The name of a subset within the service. - Applicable only to services within the mesh. The subset - must be defined in a corresponding DestinationRule. - type: string - required: - - host - type: object - weight: - description: REQUIRED. The proportion of traffic to be forwarded - to the service version. (0-100). Sum of weights across - destinations SHOULD BE == 100. If there is only destination - in a rule, the weight value is assumed to be 100. - format: int64 - type: integer - required: - - destination - - weight - type: object - type: array - timeout: - description: Timeout for HTTP requests. - type: string - websocketUpgrade: - description: Indicates that a HTTP/1.1 client connection to this - particular route should be allowed (and expected) to upgrade - to a WebSocket connection. The default is false. Istio's reference - sidecar implementation (Envoy) expects the first request to - this route to contain the WebSocket upgrade headers. Otherwise, - the request will be rejected. Note that Websocket allows secondary - protocol negotiation which may then be subject to further routing - rules based on the protocol selected. - type: boolean - type: object - type: array - tcp: - description: An ordered list of route rules for TCP traffic. The first - rule matching an incoming request is used. - items: - properties: - match: - description: Match conditions to be satisfied for the rule to - be activated. All conditions inside a single match block have - AND semantics, while the list of match blocks have OR semantics. - The rule is matched if any one of the match blocks succeed. - items: - properties: - destinationSubnets: - description: IPv4 or IPv6 ip address of destination with - optional subnet. E.g., a.b.c.d/xx form or just a.b.c.d. - items: - type: string - type: array - gateways: - description: Names of gateways where the rule should be - applied to. Gateway names at the top of the VirtualService - (if any) are overridden. The gateway match is independent - of sourceLabels. - items: - type: string - type: array - port: - description: Specifies the port on the host that is being - addressed. Many services only expose a single port or - label ports with the protocols they support, in these - cases it is not required to explicitly select the port. - format: int64 - type: integer - sourceLabels: - description: One or more labels that constrain the applicability - of a rule to workloads with the given labels. If the VirtualService - has a list of gateways specified at the top, it should - include the reserved gateway `mesh` in order for this - field to be applicable. - type: object - type: object - type: array - route: - description: The destinations to which the connection should be - forwarded to. Weights must add to 100%. - items: - properties: - destination: - description: REQUIRED. Destination uniquely identifies the - instances of a service to which the request/connection - should be forwarded to. - properties: - host: - description: 'REQUIRED. The name of a service from the - service registry. Service names are looked up from - the platform''s service registry (e.g., Kubernetes - services, Consul services, etc.) and from the hosts - declared by [ServiceEntry](#ServiceEntry). Traffic - forwarded to destinations that are not found in either - of the two, will be dropped. *Note for Kubernetes - users*: When short names are used (e.g. "reviews" - instead of "reviews.default.svc.cluster.local"), Istio - will interpret the short name based on the namespace - of the rule, not the service. A rule in the "default" - namespace containing a host "reviews will be interpreted - as "reviews.default.svc.cluster.local", irrespective - of the actual namespace associated with the reviews - service. _To avoid potential misconfigurations, it - is recommended to always use fully qualified domain - names over short names._' - type: string - port: - description: Specifies the port on the host that is - being addressed. If a service exposes only a single - port it is not required to explicitly select the port. - properties: - name: - description: Valid port name - type: string - number: - description: Valid port number - format: int32 - type: integer - type: object - subset: - description: The name of a subset within the service. - Applicable only to services within the mesh. The subset - must be defined in a corresponding DestinationRule. - type: string - required: - - host - type: object - weight: - description: REQUIRED. The proportion of traffic to be forwarded - to the service version. (0-100). Sum of weights across - destinations SHOULD BE == 100. If there is only destination - in a rule, the weight value is assumed to be 100. - format: int64 - type: integer - required: - - destination - - weight - type: object - type: array - required: - - match - - route - type: object - type: array - tls: - items: - properties: - match: - description: REQUIRED. Match conditions to be satisfied for the - rule to be activated. All conditions inside a single match block - have AND semantics, while the list of match blocks have OR semantics. - The rule is matched if any one of the match blocks succeed. - items: - properties: - destinationSubnets: - description: IPv4 or IPv6 ip addresses of destination with - optional subnet. E.g., a.b.c.d/xx form or just a.b.c.d. - items: - type: string - type: array - gateways: - description: Names of gateways where the rule should be - applied to. Gateway names at the top of the VirtualService - (if any) are overridden. The gateway match is independent - of sourceLabels. - items: - type: string - type: array - port: - description: Specifies the port on the host that is being - addressed. Many services only expose a single port or - label ports with the protocols they support, in these - cases it is not required to explicitly select the port. - format: int64 - type: integer - sniHosts: - description: REQUIRED. SNI (server name indicator) to match - on. Wildcard prefixes can be used in the SNI value, e.g., - *.com will match foo.example.com as well as example.com. - An SNI value must be a subset (i.e., fall within the domain) - of the corresponding virtual service's hosts - items: - type: string - type: array - sourceLabels: - description: One or more labels that constrain the applicability - of a rule to workloads with the given labels. If the VirtualService - has a list of gateways specified at the top, it should - include the reserved gateway `mesh` in order for this - field to be applicable. - type: object - required: - - sniHosts - type: object - type: array - route: - description: The destination to which the connection should be - forwarded to. - items: - properties: - destination: - description: REQUIRED. Destination uniquely identifies the - instances of a service to which the request/connection - should be forwarded to. - properties: - host: - description: 'REQUIRED. The name of a service from the - service registry. Service names are looked up from - the platform''s service registry (e.g., Kubernetes - services, Consul services, etc.) and from the hosts - declared by [ServiceEntry](#ServiceEntry). Traffic - forwarded to destinations that are not found in either - of the two, will be dropped. *Note for Kubernetes - users*: When short names are used (e.g. "reviews" - instead of "reviews.default.svc.cluster.local"), Istio - will interpret the short name based on the namespace - of the rule, not the service. A rule in the "default" - namespace containing a host "reviews will be interpreted - as "reviews.default.svc.cluster.local", irrespective - of the actual namespace associated with the reviews - service. _To avoid potential misconfigurations, it - is recommended to always use fully qualified domain - names over short names._' - type: string - port: - description: Specifies the port on the host that is - being addressed. If a service exposes only a single - port it is not required to explicitly select the port. - properties: - name: - description: Valid port name - type: string - number: - description: Valid port number - format: int32 - type: integer - type: object - subset: - description: The name of a subset within the service. - Applicable only to services within the mesh. The subset - must be defined in a corresponding DestinationRule. - type: string - required: - - host - type: object - weight: - description: REQUIRED. The proportion of traffic to be forwarded - to the service version. (0-100). Sum of weights across - destinations SHOULD BE == 100. If there is only destination - in a rule, the weight value is assumed to be 100. - format: int64 - type: integer - required: - - destination - - weight - type: object - type: array - required: - - match - - route - type: object - type: array - required: - - hosts - type: object - required: - - spec - version: v1alpha3 -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: []