apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: creationTimestamp: null labels: controller-tools.k8s.io: "1.0" name: servicepolicies.servicemesh.kubesphere.io spec: group: servicemesh.kubesphere.io names: kind: ServicePolicy plural: servicepolicies scope: Namespaced validation: openAPIV3Schema: properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: selector: description: Label selector for destination rules. type: object template: description: Template used to create a destination rule properties: spec: description: Spec indicates the behavior of a destination rule. properties: host: description: 'REQUIRED. The name of a service from the service registry. Service names are looked up from the platform''s service registry (e.g., Kubernetes services, Consul services, etc.) and from the hosts declared by [ServiceEntries](#ServiceEntry). Rules defined for services that do not exist in the service registry will be ignored. *Note for Kubernetes users*: When short names are used (e.g. "reviews" instead of "reviews.default.svc.cluster.local"), Istio will interpret the short name based on the namespace of the rule, not the service. A rule in the "default" namespace containing a host "reviews will be interpreted as "reviews.default.svc.cluster.local", irrespective of the actual namespace associated with the reviews service. _To avoid potential misconfigurations, it is recommended to always use fully qualified domain names over short names._ Note that the host field applies to both HTTP and TCP services.' type: string subsets: description: One or more named sets that represent individual versions of a service. Traffic policies can be overridden at subset level. items: properties: labels: description: REQUIRED. Labels apply a filter over the endpoints of a service in the service registry. See route rules for examples of usage. type: object name: description: REQUIRED. Name of the subset. The service name and the subset name can be used for traffic splitting in a route rule. type: string trafficPolicy: description: Traffic policies that apply to this subset. Subsets inherit the traffic policies specified at the DestinationRule level. Settings specified at the subset level will override the corresponding settings specified at the DestinationRule level. properties: connectionPool: description: Settings controlling the volume of connections to an upstream service properties: http: description: HTTP connection pool settings. properties: http1MaxPendingRequests: description: Maximum number of pending HTTP requests to a destination. Default 1024. format: int32 type: integer http2MaxRequests: description: Maximum number of requests to a backend. Default 1024. format: int32 type: integer maxRequestsPerConnection: description: Maximum number of requests per connection to a backend. Setting this parameter to 1 disables keep alive. format: int32 type: integer maxRetries: description: Maximum number of retries that can be outstanding to all hosts in a cluster at a given time. Defaults to 3. format: int32 type: integer type: object tcp: description: Settings common to both HTTP and TCP upstream connections. properties: connectTimeout: description: TCP connection timeout. type: string maxConnections: description: Maximum number of HTTP1 /TCP connections to a destination host. format: int32 type: integer type: object type: object loadBalancer: description: Settings controlling the load balancer algorithms. properties: consistentHash: properties: httpCookie: description: Hash based on HTTP cookie. properties: name: description: REQUIRED. Name of the cookie. type: string path: description: Path to set for the cookie. type: string ttl: description: REQUIRED. Lifetime of the cookie. type: string required: - name - ttl type: object httpHeaderName: description: 'It is required to specify exactly one of the fields as hash key: HttpHeaderName, HttpCookie, or UseSourceIP. Hash based on a specific HTTP header.' type: string minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. Defaults to 1024. Larger ring sizes result in more granular load distributions. If the number of hosts in the load balancing pool is larger than the ring size, each host will be assigned a single virtual node. format: int64 type: integer useSourceIp: description: Hash based on the source IP address. type: boolean type: object simple: description: 'It is required to specify exactly one of the fields: Simple or ConsistentHash' type: string type: object outlierDetection: description: Settings controlling eviction of unhealthy hosts from the load balancing pool properties: baseEjectionTime: description: 'Minimum ejection duration. A host will remain ejected for a period equal to the product of minimum ejection duration and the number of times the host has been ejected. This technique allows the system to automatically increase the ejection period for unhealthy upstream servers. format: 1h/1m/1s/1ms. MUST BE >=1ms. Default is 30s.' type: string consecutiveErrors: description: Number of errors before a host is ejected from the connection pool. Defaults to 5. When the upstream host is accessed over HTTP, a 5xx return code qualifies as an error. When the upstream host is accessed over an opaque TCP connection, connect timeouts and connection error/failure events qualify as an error. format: int32 type: integer interval: description: 'Time interval between ejection sweep analysis. format: 1h/1m/1s/1ms. MUST BE >=1ms. Default is 10s.' type: string maxEjectionPercent: description: Maximum % of hosts in the load balancing pool for the upstream service that can be ejected. Defaults to 10%. format: int32 type: integer type: object portLevelSettings: description: Traffic policies specific to individual ports. Note that port level settings will override the destination-level settings. Traffic settings specified at the destination-level will not be inherited when overridden by port-level settings, i.e. default values will be applied to fields omitted in port-level traffic policies. items: properties: connectionPool: description: Settings controlling the volume of connections to an upstream service properties: http: description: HTTP connection pool settings. properties: http1MaxPendingRequests: description: Maximum number of pending HTTP requests to a destination. Default 1024. format: int32 type: integer http2MaxRequests: description: Maximum number of requests to a backend. Default 1024. format: int32 type: integer maxRequestsPerConnection: description: Maximum number of requests per connection to a backend. Setting this parameter to 1 disables keep alive. format: int32 type: integer maxRetries: description: Maximum number of retries that can be outstanding to all hosts in a cluster at a given time. Defaults to 3. format: int32 type: integer type: object tcp: description: Settings common to both HTTP and TCP upstream connections. properties: connectTimeout: description: TCP connection timeout. type: string maxConnections: description: Maximum number of HTTP1 /TCP connections to a destination host. format: int32 type: integer type: object type: object loadBalancer: description: Settings controlling the load balancer algorithms. properties: consistentHash: properties: httpCookie: description: Hash based on HTTP cookie. properties: name: description: REQUIRED. Name of the cookie. type: string path: description: Path to set for the cookie. type: string ttl: description: REQUIRED. Lifetime of the cookie. type: string required: - name - ttl type: object httpHeaderName: description: 'It is required to specify exactly one of the fields as hash key: HttpHeaderName, HttpCookie, or UseSourceIP. Hash based on a specific HTTP header.' type: string minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. Defaults to 1024. Larger ring sizes result in more granular load distributions. If the number of hosts in the load balancing pool is larger than the ring size, each host will be assigned a single virtual node. format: int64 type: integer useSourceIp: description: Hash based on the source IP address. type: boolean type: object simple: description: 'It is required to specify exactly one of the fields: Simple or ConsistentHash' type: string type: object outlierDetection: description: Settings controlling eviction of unhealthy hosts from the load balancing pool properties: baseEjectionTime: description: 'Minimum ejection duration. A host will remain ejected for a period equal to the product of minimum ejection duration and the number of times the host has been ejected. This technique allows the system to automatically increase the ejection period for unhealthy upstream servers. format: 1h/1m/1s/1ms. MUST BE >=1ms. Default is 30s.' type: string consecutiveErrors: description: Number of errors before a host is ejected from the connection pool. Defaults to 5. When the upstream host is accessed over HTTP, a 5xx return code qualifies as an error. When the upstream host is accessed over an opaque TCP connection, connect timeouts and connection error/failure events qualify as an error. format: int32 type: integer interval: description: 'Time interval between ejection sweep analysis. format: 1h/1m/1s/1ms. MUST BE >=1ms. Default is 10s.' type: string maxEjectionPercent: description: Maximum % of hosts in the load balancing pool for the upstream service that can be ejected. Defaults to 10%. format: int32 type: integer type: object port: description: Specifies the port name or number of a port on the destination service on which this policy is being applied. Names must comply with DNS label syntax (rfc1035) and therefore cannot collide with numbers. If there are multiple ports on a service with the same protocol the names should be of the form -. properties: name: description: Valid port name type: string number: description: Valid port number format: int32 type: integer type: object tls: description: TLS related settings for connections to the upstream service. properties: caCertificates: description: 'OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate. If omitted, the proxy will not verify the server''s certificate. Should be empty if mode is `ISTIO_MUTUAL`.' type: string clientCertificate: description: REQUIRED if mode is `MUTUAL`. The path to the file holding the client-side TLS certificate to use. Should be empty if mode is `ISTIO_MUTUAL`. type: string mode: description: 'REQUIRED: Indicates whether connections to this port should be secured using TLS. The value of this field determines how TLS is enforced.' type: string privateKey: description: REQUIRED if mode is `MUTUAL`. The path to the file holding the client's private key. Should be empty if mode is `ISTIO_MUTUAL`. type: string sni: description: SNI string to present to the server during TLS handshake. Should be empty if mode is `ISTIO_MUTUAL`. type: string subjectAltNames: description: A list of alternate names to verify the subject identity in the certificate. If specified, the proxy will verify that the server certificate's subject alt name matches one of the specified values. Should be empty if mode is `ISTIO_MUTUAL`. items: type: string type: array required: - mode type: object required: - port type: object type: array tls: description: TLS related settings for connections to the upstream service. properties: caCertificates: description: 'OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate. If omitted, the proxy will not verify the server''s certificate. Should be empty if mode is `ISTIO_MUTUAL`.' type: string clientCertificate: description: REQUIRED if mode is `MUTUAL`. The path to the file holding the client-side TLS certificate to use. Should be empty if mode is `ISTIO_MUTUAL`. type: string mode: description: 'REQUIRED: Indicates whether connections to this port should be secured using TLS. The value of this field determines how TLS is enforced.' type: string privateKey: description: REQUIRED if mode is `MUTUAL`. The path to the file holding the client's private key. Should be empty if mode is `ISTIO_MUTUAL`. type: string sni: description: SNI string to present to the server during TLS handshake. Should be empty if mode is `ISTIO_MUTUAL`. type: string subjectAltNames: description: A list of alternate names to verify the subject identity in the certificate. If specified, the proxy will verify that the server certificate's subject alt name matches one of the specified values. Should be empty if mode is `ISTIO_MUTUAL`. items: type: string type: array required: - mode type: object type: object required: - name - labels type: object type: array trafficPolicy: description: Traffic policies to apply (load balancing policy, connection pool sizes, outlier detection). properties: connectionPool: description: Settings controlling the volume of connections to an upstream service properties: http: description: HTTP connection pool settings. properties: http1MaxPendingRequests: description: Maximum number of pending HTTP requests to a destination. Default 1024. format: int32 type: integer http2MaxRequests: description: Maximum number of requests to a backend. Default 1024. format: int32 type: integer maxRequestsPerConnection: description: Maximum number of requests per connection to a backend. Setting this parameter to 1 disables keep alive. format: int32 type: integer maxRetries: description: Maximum number of retries that can be outstanding to all hosts in a cluster at a given time. Defaults to 3. format: int32 type: integer type: object tcp: description: Settings common to both HTTP and TCP upstream connections. properties: connectTimeout: description: TCP connection timeout. type: string maxConnections: description: Maximum number of HTTP1 /TCP connections to a destination host. format: int32 type: integer type: object type: object loadBalancer: description: Settings controlling the load balancer algorithms. properties: consistentHash: properties: httpCookie: description: Hash based on HTTP cookie. properties: name: description: REQUIRED. Name of the cookie. type: string path: description: Path to set for the cookie. type: string ttl: description: REQUIRED. Lifetime of the cookie. type: string required: - name - ttl type: object httpHeaderName: description: 'It is required to specify exactly one of the fields as hash key: HttpHeaderName, HttpCookie, or UseSourceIP. Hash based on a specific HTTP header.' type: string minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. Defaults to 1024. Larger ring sizes result in more granular load distributions. If the number of hosts in the load balancing pool is larger than the ring size, each host will be assigned a single virtual node. format: int64 type: integer useSourceIp: description: Hash based on the source IP address. type: boolean type: object simple: description: 'It is required to specify exactly one of the fields: Simple or ConsistentHash' type: string type: object outlierDetection: description: Settings controlling eviction of unhealthy hosts from the load balancing pool properties: baseEjectionTime: description: 'Minimum ejection duration. A host will remain ejected for a period equal to the product of minimum ejection duration and the number of times the host has been ejected. This technique allows the system to automatically increase the ejection period for unhealthy upstream servers. format: 1h/1m/1s/1ms. MUST BE >=1ms. Default is 30s.' type: string consecutiveErrors: description: Number of errors before a host is ejected from the connection pool. Defaults to 5. When the upstream host is accessed over HTTP, a 5xx return code qualifies as an error. When the upstream host is accessed over an opaque TCP connection, connect timeouts and connection error/failure events qualify as an error. format: int32 type: integer interval: description: 'Time interval between ejection sweep analysis. format: 1h/1m/1s/1ms. MUST BE >=1ms. Default is 10s.' type: string maxEjectionPercent: description: Maximum % of hosts in the load balancing pool for the upstream service that can be ejected. Defaults to 10%. format: int32 type: integer type: object portLevelSettings: description: Traffic policies specific to individual ports. Note that port level settings will override the destination-level settings. Traffic settings specified at the destination-level will not be inherited when overridden by port-level settings, i.e. default values will be applied to fields omitted in port-level traffic policies. items: properties: connectionPool: description: Settings controlling the volume of connections to an upstream service properties: http: description: HTTP connection pool settings. properties: http1MaxPendingRequests: description: Maximum number of pending HTTP requests to a destination. Default 1024. format: int32 type: integer http2MaxRequests: description: Maximum number of requests to a backend. Default 1024. format: int32 type: integer maxRequestsPerConnection: description: Maximum number of requests per connection to a backend. Setting this parameter to 1 disables keep alive. format: int32 type: integer maxRetries: description: Maximum number of retries that can be outstanding to all hosts in a cluster at a given time. Defaults to 3. format: int32 type: integer type: object tcp: description: Settings common to both HTTP and TCP upstream connections. properties: connectTimeout: description: TCP connection timeout. type: string maxConnections: description: Maximum number of HTTP1 /TCP connections to a destination host. format: int32 type: integer type: object type: object loadBalancer: description: Settings controlling the load balancer algorithms. properties: consistentHash: properties: httpCookie: description: Hash based on HTTP cookie. properties: name: description: REQUIRED. Name of the cookie. type: string path: description: Path to set for the cookie. type: string ttl: description: REQUIRED. Lifetime of the cookie. type: string required: - name - ttl type: object httpHeaderName: description: 'It is required to specify exactly one of the fields as hash key: HttpHeaderName, HttpCookie, or UseSourceIP. Hash based on a specific HTTP header.' type: string minimumRingSize: description: The minimum number of virtual nodes to use for the hash ring. Defaults to 1024. Larger ring sizes result in more granular load distributions. If the number of hosts in the load balancing pool is larger than the ring size, each host will be assigned a single virtual node. format: int64 type: integer useSourceIp: description: Hash based on the source IP address. type: boolean type: object simple: description: 'It is required to specify exactly one of the fields: Simple or ConsistentHash' type: string type: object outlierDetection: description: Settings controlling eviction of unhealthy hosts from the load balancing pool properties: baseEjectionTime: description: 'Minimum ejection duration. A host will remain ejected for a period equal to the product of minimum ejection duration and the number of times the host has been ejected. This technique allows the system to automatically increase the ejection period for unhealthy upstream servers. format: 1h/1m/1s/1ms. MUST BE >=1ms. Default is 30s.' type: string consecutiveErrors: description: Number of errors before a host is ejected from the connection pool. Defaults to 5. When the upstream host is accessed over HTTP, a 5xx return code qualifies as an error. When the upstream host is accessed over an opaque TCP connection, connect timeouts and connection error/failure events qualify as an error. format: int32 type: integer interval: description: 'Time interval between ejection sweep analysis. format: 1h/1m/1s/1ms. MUST BE >=1ms. Default is 10s.' type: string maxEjectionPercent: description: Maximum % of hosts in the load balancing pool for the upstream service that can be ejected. Defaults to 10%. format: int32 type: integer type: object port: description: Specifies the port name or number of a port on the destination service on which this policy is being applied. Names must comply with DNS label syntax (rfc1035) and therefore cannot collide with numbers. If there are multiple ports on a service with the same protocol the names should be of the form -. properties: name: description: Valid port name type: string number: description: Valid port number format: int32 type: integer type: object tls: description: TLS related settings for connections to the upstream service. properties: caCertificates: description: 'OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate. If omitted, the proxy will not verify the server''s certificate. Should be empty if mode is `ISTIO_MUTUAL`.' type: string clientCertificate: description: REQUIRED if mode is `MUTUAL`. The path to the file holding the client-side TLS certificate to use. Should be empty if mode is `ISTIO_MUTUAL`. type: string mode: description: 'REQUIRED: Indicates whether connections to this port should be secured using TLS. The value of this field determines how TLS is enforced.' type: string privateKey: description: REQUIRED if mode is `MUTUAL`. The path to the file holding the client's private key. Should be empty if mode is `ISTIO_MUTUAL`. type: string sni: description: SNI string to present to the server during TLS handshake. Should be empty if mode is `ISTIO_MUTUAL`. type: string subjectAltNames: description: A list of alternate names to verify the subject identity in the certificate. If specified, the proxy will verify that the server certificate's subject alt name matches one of the specified values. Should be empty if mode is `ISTIO_MUTUAL`. items: type: string type: array required: - mode type: object required: - port type: object type: array tls: description: TLS related settings for connections to the upstream service. properties: caCertificates: description: 'OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate. If omitted, the proxy will not verify the server''s certificate. Should be empty if mode is `ISTIO_MUTUAL`.' type: string clientCertificate: description: REQUIRED if mode is `MUTUAL`. The path to the file holding the client-side TLS certificate to use. Should be empty if mode is `ISTIO_MUTUAL`. type: string mode: description: 'REQUIRED: Indicates whether connections to this port should be secured using TLS. The value of this field determines how TLS is enforced.' type: string privateKey: description: REQUIRED if mode is `MUTUAL`. The path to the file holding the client's private key. Should be empty if mode is `ISTIO_MUTUAL`. type: string sni: description: SNI string to present to the server during TLS handshake. Should be empty if mode is `ISTIO_MUTUAL`. type: string subjectAltNames: description: A list of alternate names to verify the subject identity in the certificate. If specified, the proxy will verify that the server certificate's subject alt name matches one of the specified values. Should be empty if mode is `ISTIO_MUTUAL`. items: type: string type: array required: - mode type: object type: object required: - host type: object type: object type: object status: type: object version: v1alpha2 status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: []