1167 lines
72 KiB
YAML
Generated
1167 lines
72 KiB
YAML
Generated
|
||
---
|
||
apiVersion: apiextensions.k8s.io/v1beta1
|
||
kind: CustomResourceDefinition
|
||
metadata:
|
||
annotations:
|
||
controller-gen.kubebuilder.io/version: (devel)
|
||
creationTimestamp: null
|
||
name: strategies.servicemesh.kubesphere.io
|
||
spec:
|
||
additionalPrinterColumns:
|
||
- JSONPath: .spec.type
|
||
description: type of strategy
|
||
name: Type
|
||
type: string
|
||
- JSONPath: .spec.template.spec.hosts
|
||
description: destination hosts
|
||
name: Hosts
|
||
type: string
|
||
- JSONPath: .metadata.creationTimestamp
|
||
description: 'CreationTimestamp is a timestamp representing the server time when
|
||
this object was created. It is not guaranteed to be set in happens-before order
|
||
across separate operations. Clients may not set this value. It is represented
|
||
in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
|
||
lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
|
||
name: Age
|
||
type: date
|
||
group: servicemesh.kubesphere.io
|
||
names:
|
||
kind: Strategy
|
||
listKind: StrategyList
|
||
plural: strategies
|
||
singular: strategy
|
||
scope: Namespaced
|
||
subresources: {}
|
||
validation:
|
||
openAPIV3Schema:
|
||
description: Strategy is the Schema for the strategies API
|
||
properties:
|
||
apiVersion:
|
||
description: 'APIVersion defines the versioned schema of this representation
|
||
of an object. Servers should convert recognized schemas to the latest
|
||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||
type: string
|
||
kind:
|
||
description: 'Kind is a string value representing the REST resource this
|
||
object represents. Servers may infer this from the endpoint the client
|
||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||
type: string
|
||
metadata:
|
||
type: object
|
||
spec:
|
||
description: StrategySpec defines the desired state of Strategy
|
||
properties:
|
||
governor:
|
||
description: Governor version, the version takes control of all incoming
|
||
traffic label version value
|
||
type: string
|
||
principal:
|
||
description: Principal version, the one as reference version label version
|
||
value
|
||
type: string
|
||
selector:
|
||
description: Label selector for virtual services.
|
||
properties:
|
||
matchExpressions:
|
||
description: matchExpressions is a list of label selector requirements.
|
||
The requirements are ANDed.
|
||
items:
|
||
description: A label selector requirement is a selector that contains
|
||
values, a key, and an operator that relates the key and values.
|
||
properties:
|
||
key:
|
||
description: key is the label key that the selector applies
|
||
to.
|
||
type: string
|
||
operator:
|
||
description: operator represents a key's relationship to a
|
||
set of values. Valid operators are In, NotIn, Exists and
|
||
DoesNotExist.
|
||
type: string
|
||
values:
|
||
description: values is an array of string values. If the operator
|
||
is In or NotIn, the values array must be non-empty. If the
|
||
operator is Exists or DoesNotExist, the values array must
|
||
be empty. This array is replaced during a strategic merge
|
||
patch.
|
||
items:
|
||
type: string
|
||
type: array
|
||
required:
|
||
- key
|
||
- operator
|
||
type: object
|
||
type: array
|
||
matchLabels:
|
||
additionalProperties:
|
||
type: string
|
||
description: matchLabels is a map of {key,value} pairs. A single
|
||
{key,value} in the matchLabels map is equivalent to an element
|
||
of matchExpressions, whose key field is "key", the operator is
|
||
"In", and the values array contains only "value". The requirements
|
||
are ANDed.
|
||
type: object
|
||
type: object
|
||
strategyPolicy:
|
||
description: strategy policy, how the strategy will be applied by the
|
||
strategy controller
|
||
type: string
|
||
template:
|
||
description: Template describes the virtual service that will be created.
|
||
properties:
|
||
metadata:
|
||
description: Metadata of the virtual services created from this
|
||
template
|
||
type: object
|
||
spec:
|
||
description: Spec indicates the behavior of a virtual service.
|
||
properties:
|
||
export_to:
|
||
description: "A list of namespaces to which this virtual service
|
||
is exported. Exporting a virtual service allows it to be used
|
||
by sidecars and gateways defined in other namespaces. This
|
||
feature provides a mechanism for service owners and mesh administrators
|
||
to control the visibility of virtual services across namespace
|
||
boundaries. \n If no namespaces are specified then the virtual
|
||
service is exported to all namespaces by default. \n The value
|
||
\".\" is reserved and defines an export to the same namespace
|
||
that the virtual service is declared in. Similarly the value
|
||
\"*\" is reserved and defines an export to all namespaces.
|
||
\n NOTE: in the current release, the `exportTo` value is restricted
|
||
to \".\" or \"*\" (i.e., the current namespace or all namespaces)."
|
||
items:
|
||
type: string
|
||
type: array
|
||
gateways:
|
||
description: The names of gateways and sidecars that should
|
||
apply these routes. A single VirtualService is used for sidecars
|
||
inside the mesh as well as for one or more gateways. The selection
|
||
condition imposed by this field can be overridden using the
|
||
source field in the match conditions of protocol-specific
|
||
routes. The reserved word `mesh` is used to imply all the
|
||
sidecars in the mesh. When this field is omitted, the default
|
||
gateway (`mesh`) will be used, which would apply the rule
|
||
to all sidecars in the mesh. If a list of gateway names is
|
||
provided, the rules will apply only to the gateways. To apply
|
||
the rules to both gateways and sidecars, specify `mesh` as
|
||
one of the gateway names.
|
||
items:
|
||
type: string
|
||
type: array
|
||
hosts:
|
||
description: "The destination hosts to which traffic is being
|
||
sent. Could be a DNS name with wildcard prefix or an IP address.
|
||
\ Depending on the platform, short-names can also be used
|
||
instead of a FQDN (i.e. has no dots in the name). In such
|
||
a scenario, the FQDN of the host would be derived based on
|
||
the underlying platform. \n A single VirtualService can be
|
||
used to describe all the traffic properties of the corresponding
|
||
hosts, including those for multiple HTTP and TCP ports. Alternatively,
|
||
the traffic properties of a host can be defined using more
|
||
than one VirtualService, with certain caveats. Refer to the
|
||
[Operations Guide](https://istio.io/docs/ops/traffic-management/deploy-guidelines/#multiple-virtual-services-and-destination-rules-for-the-same-host)
|
||
for details. \n *Note for Kubernetes users*: When short names
|
||
are used (e.g. \"reviews\" instead of \"reviews.default.svc.cluster.local\"),
|
||
Istio will interpret the short name based on the namespace
|
||
of the rule, not the service. A rule in the \"default\" namespace
|
||
containing a host \"reviews\" will be interpreted as \"reviews.default.svc.cluster.local\",
|
||
irrespective of the actual namespace associated with the reviews
|
||
service. _To avoid potential misconfigurations, it is recommended
|
||
to always use fully qualified domain names over short names._
|
||
\n The hosts field applies to both HTTP and TCP services.
|
||
Service inside the mesh, i.e., those found in the service
|
||
registry, must always be referred to using their alphanumeric
|
||
names. IP addresses are allowed only for services defined
|
||
via the Gateway."
|
||
items:
|
||
type: string
|
||
type: array
|
||
http:
|
||
description: An ordered list of route rules for HTTP traffic.
|
||
HTTP routes will be applied to platform service ports named
|
||
'http-*'/'http2-*'/'grpc-*', gateway ports with protocol HTTP/HTTP2/GRPC/
|
||
TLS-terminated-HTTPS and service entry ports using HTTP/HTTP2/GRPC
|
||
protocols. The first rule matching an incoming request is
|
||
used.
|
||
items:
|
||
description: Describes match conditions and actions for routing
|
||
HTTP/1.1, HTTP2, and gRPC traffic. See VirtualService for
|
||
usage examples.
|
||
properties:
|
||
append_headers:
|
||
additionalProperties:
|
||
type: string
|
||
description: $hide_from_docs
|
||
type: object
|
||
append_request_headers:
|
||
additionalProperties:
|
||
type: string
|
||
description: $hide_from_docs
|
||
type: object
|
||
append_response_headers:
|
||
additionalProperties:
|
||
type: string
|
||
description: $hide_from_docs
|
||
type: object
|
||
cors_policy:
|
||
description: Cross-Origin Resource Sharing policy (CORS).
|
||
Refer to [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS)
|
||
for further details about cross origin resource sharing.
|
||
properties:
|
||
allow_credentials:
|
||
description: Indicates whether the caller is allowed
|
||
to send the actual request (not the preflight) using
|
||
credentials. Translates to `Access-Control-Allow-Credentials`
|
||
header.
|
||
properties:
|
||
value:
|
||
description: The bool value.
|
||
type: boolean
|
||
type: object
|
||
allow_headers:
|
||
description: List of HTTP headers that can be used
|
||
when requesting the resource. Serialized to Access-Control-Allow-Headers
|
||
header.
|
||
items:
|
||
type: string
|
||
type: array
|
||
allow_methods:
|
||
description: List of HTTP methods allowed to access
|
||
the resource. The content will be serialized into
|
||
the Access-Control-Allow-Methods header.
|
||
items:
|
||
type: string
|
||
type: array
|
||
allow_origin:
|
||
description: The list of origins that are allowed
|
||
to perform CORS requests. The content will be serialized
|
||
into the Access-Control-Allow-Origin header. Wildcard
|
||
* will allow all origins.
|
||
items:
|
||
type: string
|
||
type: array
|
||
expose_headers:
|
||
description: A white list of HTTP headers that the
|
||
browsers are allowed to access. Serialized into
|
||
Access-Control-Expose-Headers header.
|
||
items:
|
||
type: string
|
||
type: array
|
||
max_age:
|
||
description: Specifies how long the results of a preflight
|
||
request can be cached. Translates to the `Access-Control-Max-Age`
|
||
header.
|
||
properties:
|
||
nanos:
|
||
description: Signed fractions of a second at nanosecond
|
||
resolution of the span of time. Durations less
|
||
than one second are represented with a 0 `seconds`
|
||
field and a positive or negative `nanos` field.
|
||
For durations of one second or more, a non-zero
|
||
value for the `nanos` field must be of the same
|
||
sign as the `seconds` field. Must be from -999,999,999
|
||
to +999,999,999 inclusive.
|
||
format: int32
|
||
type: integer
|
||
seconds:
|
||
description: 'Signed seconds of the span of time.
|
||
Must be from -315,576,000,000 to +315,576,000,000
|
||
inclusive. Note: these bounds are computed from:
|
||
60 sec/min * 60 min/hr * 24 hr/day * 365.25
|
||
days/year * 10000 years'
|
||
format: int64
|
||
type: integer
|
||
type: object
|
||
type: object
|
||
fault:
|
||
description: Fault injection policy to apply on HTTP traffic
|
||
at the client side. Note that timeouts or retries will
|
||
not be enabled when faults are enabled on the client
|
||
side.
|
||
properties:
|
||
abort:
|
||
description: Abort Http request attempts and return
|
||
error codes back to downstream service, giving the
|
||
impression that the upstream service is faulty.
|
||
properties:
|
||
percent:
|
||
description: Percentage of requests to be aborted
|
||
with the error code provided (0-100). Use of
|
||
integer `percent` value is deprecated. Use the
|
||
double `percentage` field instead.
|
||
format: int32
|
||
type: integer
|
||
percentage:
|
||
description: Percentage of requests to be aborted
|
||
with the error code provided.
|
||
properties:
|
||
value: {}
|
||
type: object
|
||
type: object
|
||
delay:
|
||
description: Delay requests before forwarding, emulating
|
||
various failures such as network issues, overloaded
|
||
upstream service, etc.
|
||
properties:
|
||
percent:
|
||
description: Percentage of requests on which the
|
||
delay will be injected (0-100). Use of integer
|
||
`percent` value is deprecated. Use the double
|
||
`percentage` field instead.
|
||
format: int32
|
||
type: integer
|
||
percentage:
|
||
description: Percentage of requests on which the
|
||
delay will be injected.
|
||
properties:
|
||
value: {}
|
||
type: object
|
||
type: object
|
||
type: object
|
||
headers:
|
||
description: Header manipulation rules
|
||
properties:
|
||
request:
|
||
description: Header manipulation rules to apply before
|
||
forwarding a request to the destination service
|
||
properties:
|
||
add:
|
||
additionalProperties:
|
||
type: string
|
||
description: Append the given values to the headers
|
||
specified by keys (will create a comma-separated
|
||
list of values)
|
||
type: object
|
||
remove:
|
||
description: Remove a the specified headers
|
||
items:
|
||
type: string
|
||
type: array
|
||
set:
|
||
additionalProperties:
|
||
type: string
|
||
description: Overwrite the headers specified by
|
||
key with the given values
|
||
type: object
|
||
type: object
|
||
response:
|
||
description: Header manipulation rules to apply before
|
||
returning a response to the caller
|
||
properties:
|
||
add:
|
||
additionalProperties:
|
||
type: string
|
||
description: Append the given values to the headers
|
||
specified by keys (will create a comma-separated
|
||
list of values)
|
||
type: object
|
||
remove:
|
||
description: Remove a the specified headers
|
||
items:
|
||
type: string
|
||
type: array
|
||
set:
|
||
additionalProperties:
|
||
type: string
|
||
description: Overwrite the headers specified by
|
||
key with the given values
|
||
type: object
|
||
type: object
|
||
type: object
|
||
match:
|
||
description: Match conditions to be satisfied for the
|
||
rule to be activated. All conditions inside a single
|
||
match block have AND semantics, while the list of match
|
||
blocks have OR semantics. The rule is matched if any
|
||
one of the match blocks succeed.
|
||
items:
|
||
description: "HttpMatchRequest specifies a set of criterion
|
||
to be met in order for the rule to be applied to the
|
||
HTTP request. For example, the following restricts
|
||
the rule to match only requests where the URL path
|
||
starts with /ratings/v2/ and the request contains
|
||
a custom `end-user` header with value `jason`. \n
|
||
```yaml apiVersion: networking.istio.io/v1alpha3 kind:
|
||
VirtualService metadata: name: ratings-route spec:
|
||
\ hosts: - ratings.prod.svc.cluster.local http:
|
||
\ - match: - headers: end-user: exact:
|
||
jason uri: prefix: \"/ratings/v2/\"
|
||
\ ignoreUriCase: true route: - destination:
|
||
\ host: ratings.prod.svc.cluster.local ```
|
||
\n HTTPMatchRequest CANNOT be empty."
|
||
properties:
|
||
authority:
|
||
description: "HTTP Authority values are case-sensitive
|
||
and formatted as follows: \n - `exact: \"value\"`
|
||
for exact string match \n - `prefix: \"value\"`
|
||
for prefix-based match \n - `regex: \"value\"`
|
||
for ECMAscript style regex-based match"
|
||
type: object
|
||
gateways:
|
||
description: $hide_from_docs
|
||
items:
|
||
type: string
|
||
type: array
|
||
headers:
|
||
description: "The header keys must be lowercase
|
||
and use hyphen as the separator, e.g. _x-request-id_.
|
||
\n Header values are case-sensitive and formatted
|
||
as follows: \n - `exact: \"value\"` for exact
|
||
string match \n - `prefix: \"value\"` for prefix-based
|
||
match \n - `regex: \"value\"` for ECMAscript style
|
||
regex-based match \n **Note:** The keys `uri`,
|
||
`scheme`, `method`, and `authority` will be ignored."
|
||
ignore_uri_case:
|
||
description: "Flag to specify whether the URI matching
|
||
should be case-insensitive. \n **Note:** The case
|
||
will be ignored only in the case of `exact` and
|
||
`prefix` URI matches."
|
||
type: boolean
|
||
method:
|
||
description: "HTTP Method values are case-sensitive
|
||
and formatted as follows: \n - `exact: \"value\"`
|
||
for exact string match \n - `prefix: \"value\"`
|
||
for prefix-based match \n - `regex: \"value\"`
|
||
for ECMAscript style regex-based match"
|
||
type: object
|
||
name:
|
||
description: The name assigned to a match. The match's
|
||
name will be concatenated with the parent route's
|
||
name and will be logged in the access logs for
|
||
requests matching this route.
|
||
type: string
|
||
port:
|
||
description: Specifies the ports on the host that
|
||
is being addressed. Many services only expose
|
||
a single port or label ports with the protocols
|
||
they support, in these cases it is not required
|
||
to explicitly select the port.
|
||
format: int32
|
||
type: integer
|
||
query_params:
|
||
description: "Query parameters for matching. \n
|
||
Ex: - For a query parameter like \"?key=true\",
|
||
the map key would be \"key\" and the string
|
||
match could be defined as `exact: \"true\"`. -
|
||
For a query parameter like \"?key\", the map key
|
||
would be \"key\" and the string match could
|
||
be defined as `exact: \"\"`. - For a query parameter
|
||
like \"?key=123\", the map key would be \"key\"
|
||
and the string match could be defined as `regex:
|
||
\"\\d+$\"`. Note that this configuration will
|
||
only match values like \"123\" but not \"a123\"
|
||
or \"123a\". \n **Note:** `prefix` matching is
|
||
currently not supported."
|
||
scheme:
|
||
description: "URI Scheme values are case-sensitive
|
||
and formatted as follows: \n - `exact: \"value\"`
|
||
for exact string match \n - `prefix: \"value\"`
|
||
for prefix-based match \n - `regex: \"value\"`
|
||
for ECMAscript style regex-based match"
|
||
type: object
|
||
source_labels:
|
||
additionalProperties:
|
||
type: string
|
||
description: One or more labels that constrain the
|
||
applicability of a rule to workloads with the
|
||
given labels. If the VirtualService has a list
|
||
of gateways specified at the top, it must include
|
||
the reserved gateway `mesh` for this field to
|
||
be applicable.
|
||
type: object
|
||
uri:
|
||
description: "URI to match values are case-sensitive
|
||
and formatted as follows: \n - `exact: \"value\"`
|
||
for exact string match \n - `prefix: \"value\"`
|
||
for prefix-based match \n - `regex: \"value\"`
|
||
for ECMAscript style regex-based match \n **Note:**
|
||
Case-insensitive matching could be enabled via
|
||
the `ignore_uri_case` flag."
|
||
type: object
|
||
type: object
|
||
type: array
|
||
mirror:
|
||
description: Mirror HTTP traffic to a another destination
|
||
in addition to forwarding the requests to the intended
|
||
destination. Mirrored traffic is on a best effort basis
|
||
where the sidecar/gateway will not wait for the mirrored
|
||
cluster to respond before returning the response from
|
||
the original destination. Statistics will be generated
|
||
for the mirrored destination.
|
||
properties:
|
||
host:
|
||
description: "The name of a service from the service
|
||
registry. Service names are looked up from the platform's
|
||
service registry (e.g., Kubernetes services, Consul
|
||
services, etc.) and from the hosts declared by [ServiceEntry](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry).
|
||
Traffic forwarded to destinations that are not found
|
||
in either of the two, will be dropped. \n *Note
|
||
for Kubernetes users*: When short names are used
|
||
(e.g. \"reviews\" instead of \"reviews.default.svc.cluster.local\"),
|
||
Istio will interpret the short name based on the
|
||
namespace of the rule, not the service. A rule in
|
||
the \"default\" namespace containing a host \"reviews
|
||
will be interpreted as \"reviews.default.svc.cluster.local\",
|
||
irrespective of the actual namespace associated
|
||
with the reviews service. _To avoid potential misconfigurations,
|
||
it is recommended to always use fully qualified
|
||
domain names over short names._"
|
||
type: string
|
||
port:
|
||
description: Specifies the port on the host that is
|
||
being addressed. If a service exposes only a single
|
||
port it is not required to explicitly select the
|
||
port.
|
||
properties:
|
||
number:
|
||
description: Valid port number
|
||
format: int32
|
||
type: integer
|
||
type: object
|
||
subset:
|
||
description: The name of a subset within the service.
|
||
Applicable only to services within the mesh. The
|
||
subset must be defined in a corresponding DestinationRule.
|
||
type: string
|
||
type: object
|
||
mirror_percent:
|
||
description: Percentage of the traffic to be mirrored
|
||
by the `mirror` field. If this field is absent, all
|
||
the traffic (100%) will be mirrored. Max value is 100.
|
||
properties:
|
||
value:
|
||
description: The uint32 value.
|
||
format: int32
|
||
type: integer
|
||
type: object
|
||
name:
|
||
description: The name assigned to the route for debugging
|
||
purposes. The route's name will be concatenated with
|
||
the match's name and will be logged in the access logs
|
||
for requests matching this route/match.
|
||
type: string
|
||
redirect:
|
||
description: A http rule can either redirect or forward
|
||
(default) traffic. If traffic passthrough option is
|
||
specified in the rule, route/redirect will be ignored.
|
||
The redirect primitive can be used to send a HTTP 301
|
||
redirect to a different URI or Authority.
|
||
properties:
|
||
authority:
|
||
description: On a redirect, overwrite the Authority/Host
|
||
portion of the URL with this value.
|
||
type: string
|
||
redirect_code:
|
||
description: On a redirect, Specifies the HTTP status
|
||
code to use in the redirect response. The default
|
||
response code is MOVED_PERMANENTLY (301).
|
||
format: int32
|
||
type: integer
|
||
uri:
|
||
description: On a redirect, overwrite the Path portion
|
||
of the URL with this value. Note that the entire
|
||
path will be replaced, irrespective of the request
|
||
URI being matched as an exact path or prefix.
|
||
type: string
|
||
type: object
|
||
remove_request_headers:
|
||
description: $hide_from_docs
|
||
items:
|
||
type: string
|
||
type: array
|
||
remove_response_headers:
|
||
description: $hide_from_docs
|
||
items:
|
||
type: string
|
||
type: array
|
||
retries:
|
||
description: Retry policy for HTTP requests.
|
||
properties:
|
||
attempts:
|
||
description: Number of retries for a given request.
|
||
The interval between retries will be determined
|
||
automatically (25ms+). Actual number of retries
|
||
attempted depends on the httpReqTimeout.
|
||
format: int32
|
||
type: integer
|
||
per_try_timeout:
|
||
description: 'Timeout per retry attempt for a given
|
||
request. format: 1h/1m/1s/1ms. MUST BE >=1ms.'
|
||
properties:
|
||
nanos:
|
||
description: Signed fractions of a second at nanosecond
|
||
resolution of the span of time. Durations less
|
||
than one second are represented with a 0 `seconds`
|
||
field and a positive or negative `nanos` field.
|
||
For durations of one second or more, a non-zero
|
||
value for the `nanos` field must be of the same
|
||
sign as the `seconds` field. Must be from -999,999,999
|
||
to +999,999,999 inclusive.
|
||
format: int32
|
||
type: integer
|
||
seconds:
|
||
description: 'Signed seconds of the span of time.
|
||
Must be from -315,576,000,000 to +315,576,000,000
|
||
inclusive. Note: these bounds are computed from:
|
||
60 sec/min * 60 min/hr * 24 hr/day * 365.25
|
||
days/year * 10000 years'
|
||
format: int64
|
||
type: integer
|
||
type: object
|
||
retry_on:
|
||
description: Specifies the conditions under which
|
||
retry takes place. One or more policies can be specified
|
||
using a ‘,’ delimited list. See the [retry policies](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-on)
|
||
and [gRPC retry policies](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-grpc-on)
|
||
for more details.
|
||
type: string
|
||
type: object
|
||
rewrite:
|
||
description: Rewrite HTTP URIs and Authority headers.
|
||
Rewrite cannot be used with Redirect primitive. Rewrite
|
||
will be performed before forwarding.
|
||
properties:
|
||
authority:
|
||
description: rewrite the Authority/Host header with
|
||
this value.
|
||
type: string
|
||
uri:
|
||
description: rewrite the path (or the prefix) portion
|
||
of the URI with this value. If the original URI
|
||
was matched based on prefix, the value provided
|
||
in this field will replace the corresponding matched
|
||
prefix.
|
||
type: string
|
||
type: object
|
||
route:
|
||
description: A http rule can either redirect or forward
|
||
(default) traffic. The forwarding target can be one
|
||
of several versions of a service (see glossary in beginning
|
||
of document). Weights associated with the service version
|
||
determine the proportion of traffic it receives.
|
||
items:
|
||
description: "Each routing rule is associated with one
|
||
or more service versions (see glossary in beginning
|
||
of document). Weights associated with the version
|
||
determine the proportion of traffic it receives. For
|
||
example, the following rule will route 25% of traffic
|
||
for the \"reviews\" service to instances with the
|
||
\"v2\" tag and the remaining traffic (i.e., 75%) to
|
||
\"v1\". \n ```yaml apiVersion: networking.istio.io/v1alpha3
|
||
kind: VirtualService metadata: name: reviews-route
|
||
spec: hosts: - reviews.prod.svc.cluster.local
|
||
\ http: - route: - destination: host:
|
||
reviews.prod.svc.cluster.local subset: v2
|
||
\ weight: 25 - destination: host:
|
||
reviews.prod.svc.cluster.local subset: v1
|
||
\ weight: 75 ``` \n And the associated DestinationRule
|
||
\n ```yaml apiVersion: networking.istio.io/v1alpha3
|
||
kind: DestinationRule metadata: name: reviews-destination
|
||
spec: host: reviews.prod.svc.cluster.local subsets:
|
||
\ - name: v1 labels: version: v1 - name:
|
||
v2 labels: version: v2 ``` \n Traffic can
|
||
also be split across two entirely different services
|
||
without having to define new subsets. For example,
|
||
the following rule forwards 25% of traffic to reviews.com
|
||
to dev.reviews.com \n ```yaml apiVersion: networking.istio.io/v1alpha3
|
||
kind: VirtualService metadata: name: reviews-route-two-domains
|
||
spec: hosts: - reviews.com http: - route:
|
||
\ - destination: host: dev.reviews.com
|
||
\ weight: 25 - destination: host:
|
||
reviews.com weight: 75 ```"
|
||
properties:
|
||
append_request_headers:
|
||
additionalProperties:
|
||
type: string
|
||
description: Use of `append_request_headers` is
|
||
deprecated. Use the `headers` field instead.
|
||
type: object
|
||
append_response_headers:
|
||
additionalProperties:
|
||
type: string
|
||
description: Use of `append_response_headers` is
|
||
deprecated. Use the `headers` field instead.
|
||
type: object
|
||
destination:
|
||
description: Destination uniquely identifies the
|
||
instances of a service to which the request/connection
|
||
should be forwarded to.
|
||
properties:
|
||
host:
|
||
description: "The name of a service from the
|
||
service registry. Service names are looked
|
||
up from the platform's service registry (e.g.,
|
||
Kubernetes services, Consul services, etc.)
|
||
and from the hosts declared by [ServiceEntry](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry).
|
||
Traffic forwarded to destinations that are
|
||
not found in either of the two, will be dropped.
|
||
\n *Note for Kubernetes users*: When short
|
||
names are used (e.g. \"reviews\" instead of
|
||
\"reviews.default.svc.cluster.local\"), Istio
|
||
will interpret the short name based on the
|
||
namespace of the rule, not the service. A
|
||
rule in the \"default\" namespace containing
|
||
a host \"reviews will be interpreted as \"reviews.default.svc.cluster.local\",
|
||
irrespective of the actual namespace associated
|
||
with the reviews service. _To avoid potential
|
||
misconfigurations, it is recommended to always
|
||
use fully qualified domain names over short
|
||
names._"
|
||
type: string
|
||
port:
|
||
description: Specifies the port on the host
|
||
that is being addressed. If a service exposes
|
||
only a single port it is not required to explicitly
|
||
select the port.
|
||
properties:
|
||
number:
|
||
description: Valid port number
|
||
format: int32
|
||
type: integer
|
||
type: object
|
||
subset:
|
||
description: The name of a subset within the
|
||
service. Applicable only to services within
|
||
the mesh. The subset must be defined in a
|
||
corresponding DestinationRule.
|
||
type: string
|
||
type: object
|
||
headers:
|
||
description: Header manipulation rules
|
||
properties:
|
||
request:
|
||
description: Header manipulation rules to apply
|
||
before forwarding a request to the destination
|
||
service
|
||
properties:
|
||
add:
|
||
additionalProperties:
|
||
type: string
|
||
description: Append the given values to
|
||
the headers specified by keys (will create
|
||
a comma-separated list of values)
|
||
type: object
|
||
remove:
|
||
description: Remove a the specified headers
|
||
items:
|
||
type: string
|
||
type: array
|
||
set:
|
||
additionalProperties:
|
||
type: string
|
||
description: Overwrite the headers specified
|
||
by key with the given values
|
||
type: object
|
||
type: object
|
||
response:
|
||
description: Header manipulation rules to apply
|
||
before returning a response to the caller
|
||
properties:
|
||
add:
|
||
additionalProperties:
|
||
type: string
|
||
description: Append the given values to
|
||
the headers specified by keys (will create
|
||
a comma-separated list of values)
|
||
type: object
|
||
remove:
|
||
description: Remove a the specified headers
|
||
items:
|
||
type: string
|
||
type: array
|
||
set:
|
||
additionalProperties:
|
||
type: string
|
||
description: Overwrite the headers specified
|
||
by key with the given values
|
||
type: object
|
||
type: object
|
||
type: object
|
||
remove_request_headers:
|
||
description: Use of `remove_request_headers` is
|
||
deprecated. Use the `headers` field instead.
|
||
items:
|
||
type: string
|
||
type: array
|
||
remove_response_headers:
|
||
description: Use of `remove_response_header` is
|
||
deprecated. Use the `headers` field instead.
|
||
items:
|
||
type: string
|
||
type: array
|
||
weight:
|
||
description: The proportion of traffic to be forwarded
|
||
to the service version. (0-100). Sum of weights
|
||
across destinations SHOULD BE == 100. If there
|
||
is only one destination in a rule, the weight
|
||
value is assumed to be 100.
|
||
format: int32
|
||
type: integer
|
||
type: object
|
||
type: array
|
||
timeout:
|
||
description: Timeout for HTTP requests.
|
||
properties:
|
||
nanos:
|
||
description: Signed fractions of a second at nanosecond
|
||
resolution of the span of time. Durations less than
|
||
one second are represented with a 0 `seconds` field
|
||
and a positive or negative `nanos` field. For durations
|
||
of one second or more, a non-zero value for the
|
||
`nanos` field must be of the same sign as the `seconds`
|
||
field. Must be from -999,999,999 to +999,999,999
|
||
inclusive.
|
||
format: int32
|
||
type: integer
|
||
seconds:
|
||
description: 'Signed seconds of the span of time.
|
||
Must be from -315,576,000,000 to +315,576,000,000
|
||
inclusive. Note: these bounds are computed from:
|
||
60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year
|
||
* 10000 years'
|
||
format: int64
|
||
type: integer
|
||
type: object
|
||
websocket_upgrade:
|
||
description: Deprecated. Websocket upgrades are done automatically
|
||
starting from Istio 1.0. $hide_from_docs
|
||
type: boolean
|
||
type: object
|
||
type: array
|
||
tcp:
|
||
description: An ordered list of route rules for opaque TCP traffic.
|
||
TCP routes will be applied to any port that is not a HTTP
|
||
or TLS port. The first rule matching an incoming request is
|
||
used.
|
||
items:
|
||
description: "Describes match conditions and actions for routing
|
||
TCP traffic. The following routing rule forwards traffic
|
||
arriving at port 27017 for mongo.prod.svc.cluster.local
|
||
to another Mongo server on port 5555. \n ```yaml apiVersion:
|
||
networking.istio.io/v1alpha3 kind: VirtualService metadata:
|
||
\ name: bookinfo-Mongo spec: hosts: - mongo.prod.svc.cluster.local
|
||
\ tcp: - match: - port: 27017 route: - destination:
|
||
\ host: mongo.backup.svc.cluster.local port:
|
||
\ number: 5555 ```"
|
||
properties:
|
||
match:
|
||
description: Match conditions to be satisfied for the
|
||
rule to be activated. All conditions inside a single
|
||
match block have AND semantics, while the list of match
|
||
blocks have OR semantics. The rule is matched if any
|
||
one of the match blocks succeed.
|
||
items:
|
||
description: L4 connection match attributes. Note that
|
||
L4 connection matching support is incomplete.
|
||
properties:
|
||
destination_subnets:
|
||
description: IPv4 or IPv6 ip addresses of destination
|
||
with optional subnet. E.g., a.b.c.d/xx form or
|
||
just a.b.c.d.
|
||
items:
|
||
type: string
|
||
type: array
|
||
gateways:
|
||
description: Names of gateways where the rule should
|
||
be applied to. Gateway names at the top of the
|
||
VirtualService (if any) are overridden. The gateway
|
||
match is independent of sourceLabels.
|
||
items:
|
||
type: string
|
||
type: array
|
||
port:
|
||
description: Specifies the port on the host that
|
||
is being addressed. Many services only expose
|
||
a single port or label ports with the protocols
|
||
they support, in these cases it is not required
|
||
to explicitly select the port.
|
||
format: int32
|
||
type: integer
|
||
source_labels:
|
||
additionalProperties:
|
||
type: string
|
||
description: One or more labels that constrain the
|
||
applicability of a rule to workloads with the
|
||
given labels. If the VirtualService has a list
|
||
of gateways specified at the top, it should include
|
||
the reserved gateway `mesh` in order for this
|
||
field to be applicable.
|
||
type: object
|
||
source_subnet:
|
||
description: IPv4 or IPv6 ip address of source with
|
||
optional subnet. E.g., a.b.c.d/xx form or just
|
||
a.b.c.d $hide_from_docs
|
||
type: string
|
||
type: object
|
||
type: array
|
||
route:
|
||
description: The destination to which the connection should
|
||
be forwarded to.
|
||
items:
|
||
description: L4 routing rule weighted destination.
|
||
properties:
|
||
destination:
|
||
description: Destination uniquely identifies the
|
||
instances of a service to which the request/connection
|
||
should be forwarded to.
|
||
properties:
|
||
host:
|
||
description: "The name of a service from the
|
||
service registry. Service names are looked
|
||
up from the platform's service registry (e.g.,
|
||
Kubernetes services, Consul services, etc.)
|
||
and from the hosts declared by [ServiceEntry](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry).
|
||
Traffic forwarded to destinations that are
|
||
not found in either of the two, will be dropped.
|
||
\n *Note for Kubernetes users*: When short
|
||
names are used (e.g. \"reviews\" instead of
|
||
\"reviews.default.svc.cluster.local\"), Istio
|
||
will interpret the short name based on the
|
||
namespace of the rule, not the service. A
|
||
rule in the \"default\" namespace containing
|
||
a host \"reviews will be interpreted as \"reviews.default.svc.cluster.local\",
|
||
irrespective of the actual namespace associated
|
||
with the reviews service. _To avoid potential
|
||
misconfigurations, it is recommended to always
|
||
use fully qualified domain names over short
|
||
names._"
|
||
type: string
|
||
port:
|
||
description: Specifies the port on the host
|
||
that is being addressed. If a service exposes
|
||
only a single port it is not required to explicitly
|
||
select the port.
|
||
properties:
|
||
number:
|
||
description: Valid port number
|
||
format: int32
|
||
type: integer
|
||
type: object
|
||
subset:
|
||
description: The name of a subset within the
|
||
service. Applicable only to services within
|
||
the mesh. The subset must be defined in a
|
||
corresponding DestinationRule.
|
||
type: string
|
||
type: object
|
||
weight:
|
||
description: The proportion of traffic to be forwarded
|
||
to the service version. If there is only one destination
|
||
in a rule, all traffic will be routed to it irrespective
|
||
of the weight.
|
||
format: int32
|
||
type: integer
|
||
type: object
|
||
type: array
|
||
type: object
|
||
type: array
|
||
tls:
|
||
description: 'An ordered list of route rule for non-terminated
|
||
TLS & HTTPS traffic. Routing is typically performed using
|
||
the SNI value presented by the ClientHello message. TLS routes
|
||
will be applied to platform service ports named ''https-*'',
|
||
''tls-*'', unterminated gateway ports using HTTPS/TLS protocols
|
||
(i.e. with "passthrough" TLS mode) and service entry ports
|
||
using HTTPS/TLS protocols. The first rule matching an incoming
|
||
request is used. NOTE: Traffic ''https-*'' or ''tls-*'' ports
|
||
without associated virtual service will be treated as opaque
|
||
TCP traffic.'
|
||
items:
|
||
description: "Describes match conditions and actions for routing
|
||
unterminated TLS traffic (TLS/HTTPS) The following routing
|
||
rule forwards unterminated TLS traffic arriving at port
|
||
443 of gateway called \"mygateway\" to internal services
|
||
in the mesh based on the SNI value. \n ```yaml apiVersion:
|
||
networking.istio.io/v1alpha3 kind: VirtualService metadata:
|
||
\ name: bookinfo-sni spec: hosts: - \"*.bookinfo.com\"
|
||
\ gateways: - mygateway tls: - match: - port:
|
||
443 sniHosts: - login.bookinfo.com route:
|
||
\ - destination: host: login.prod.svc.cluster.local
|
||
\ - match: - port: 443 sniHosts: - reviews.bookinfo.com
|
||
\ route: - destination: host: reviews.prod.svc.cluster.local
|
||
```"
|
||
properties:
|
||
match:
|
||
description: Match conditions to be satisfied for the
|
||
rule to be activated. All conditions inside a single
|
||
match block have AND semantics, while the list of match
|
||
blocks have OR semantics. The rule is matched if any
|
||
one of the match blocks succeed.
|
||
items:
|
||
description: TLS connection match attributes.
|
||
properties:
|
||
destination_subnets:
|
||
description: IPv4 or IPv6 ip addresses of destination
|
||
with optional subnet. E.g., a.b.c.d/xx form or
|
||
just a.b.c.d.
|
||
items:
|
||
type: string
|
||
type: array
|
||
gateways:
|
||
description: Names of gateways where the rule should
|
||
be applied to. Gateway names at the top of the
|
||
VirtualService (if any) are overridden. The gateway
|
||
match is independent of sourceLabels.
|
||
items:
|
||
type: string
|
||
type: array
|
||
port:
|
||
description: Specifies the port on the host that
|
||
is being addressed. Many services only expose
|
||
a single port or label ports with the protocols
|
||
they support, in these cases it is not required
|
||
to explicitly select the port.
|
||
format: int32
|
||
type: integer
|
||
sni_hosts:
|
||
description: SNI (server name indicator) to match
|
||
on. Wildcard prefixes can be used in the SNI value,
|
||
e.g., *.com will match foo.example.com as well
|
||
as example.com. An SNI value must be a subset
|
||
(i.e., fall within the domain) of the corresponding
|
||
virtual serivce's hosts.
|
||
items:
|
||
type: string
|
||
type: array
|
||
source_labels:
|
||
additionalProperties:
|
||
type: string
|
||
description: One or more labels that constrain the
|
||
applicability of a rule to workloads with the
|
||
given labels. If the VirtualService has a list
|
||
of gateways specified at the top, it should include
|
||
the reserved gateway `mesh` in order for this
|
||
field to be applicable.
|
||
type: object
|
||
source_subnet:
|
||
description: IPv4 or IPv6 ip address of source with
|
||
optional subnet. E.g., a.b.c.d/xx form or just
|
||
a.b.c.d $hide_from_docs
|
||
type: string
|
||
type: object
|
||
type: array
|
||
route:
|
||
description: The destination to which the connection should
|
||
be forwarded to.
|
||
items:
|
||
description: L4 routing rule weighted destination.
|
||
properties:
|
||
destination:
|
||
description: Destination uniquely identifies the
|
||
instances of a service to which the request/connection
|
||
should be forwarded to.
|
||
properties:
|
||
host:
|
||
description: "The name of a service from the
|
||
service registry. Service names are looked
|
||
up from the platform's service registry (e.g.,
|
||
Kubernetes services, Consul services, etc.)
|
||
and from the hosts declared by [ServiceEntry](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry).
|
||
Traffic forwarded to destinations that are
|
||
not found in either of the two, will be dropped.
|
||
\n *Note for Kubernetes users*: When short
|
||
names are used (e.g. \"reviews\" instead of
|
||
\"reviews.default.svc.cluster.local\"), Istio
|
||
will interpret the short name based on the
|
||
namespace of the rule, not the service. A
|
||
rule in the \"default\" namespace containing
|
||
a host \"reviews will be interpreted as \"reviews.default.svc.cluster.local\",
|
||
irrespective of the actual namespace associated
|
||
with the reviews service. _To avoid potential
|
||
misconfigurations, it is recommended to always
|
||
use fully qualified domain names over short
|
||
names._"
|
||
type: string
|
||
port:
|
||
description: Specifies the port on the host
|
||
that is being addressed. If a service exposes
|
||
only a single port it is not required to explicitly
|
||
select the port.
|
||
properties:
|
||
number:
|
||
description: Valid port number
|
||
format: int32
|
||
type: integer
|
||
type: object
|
||
subset:
|
||
description: The name of a subset within the
|
||
service. Applicable only to services within
|
||
the mesh. The subset must be defined in a
|
||
corresponding DestinationRule.
|
||
type: string
|
||
type: object
|
||
weight:
|
||
description: The proportion of traffic to be forwarded
|
||
to the service version. If there is only one destination
|
||
in a rule, all traffic will be routed to it irrespective
|
||
of the weight.
|
||
format: int32
|
||
type: integer
|
||
type: object
|
||
type: array
|
||
type: object
|
||
type: array
|
||
type: object
|
||
type: object
|
||
type:
|
||
description: Strategy type
|
||
type: string
|
||
type: object
|
||
status:
|
||
description: StrategyStatus defines the observed state of Strategy
|
||
properties:
|
||
completionTime:
|
||
description: Represents time when the strategy was completed. It is
|
||
represented in RFC3339 form and is in UTC.
|
||
format: date-time
|
||
type: string
|
||
conditions:
|
||
description: The latest available observations of an object's current
|
||
state.
|
||
items:
|
||
description: StrategyCondition describes current state of a strategy.
|
||
properties:
|
||
lastProbeTime:
|
||
description: Last time the condition was checked.
|
||
format: date-time
|
||
type: string
|
||
lastTransitionTime:
|
||
description: Last time the condition transit from one status to
|
||
another
|
||
format: date-time
|
||
type: string
|
||
message:
|
||
description: Human readable message indicating details about last
|
||
transition.
|
||
type: string
|
||
reason:
|
||
description: reason for the condition's last transition
|
||
type: string
|
||
status:
|
||
description: Status of the condition, one of True, False, Unknown
|
||
type: string
|
||
type:
|
||
description: Type of strategy condition, Complete or Failed.
|
||
type: string
|
||
type: object
|
||
type: array
|
||
startTime:
|
||
description: Represents time when the strategy was acknowledged by the
|
||
controller. It is represented in RFC3339 form and is in UTC.
|
||
format: date-time
|
||
type: string
|
||
type: object
|
||
type: object
|
||
version: v1alpha2
|
||
versions:
|
||
- name: v1alpha2
|
||
served: true
|
||
storage: true
|
||
status:
|
||
acceptedNames:
|
||
kind: ""
|
||
plural: ""
|
||
conditions: []
|
||
storedVersions: []
|