admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4cd5b81cebbcb8d6bf694eda1780ba7b873267b1
kubesphere/config/ks-core/crds/servicemesh.kubesphere.io_strategies.yaml
hongming 129e6fbec3 chore: Generating CRDs supports multiple versions (#5497) 
Generating CRDs supports multiple versions
2023-01-31 15:23:12 +08:00

1269 lines
83 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
creationTimestamp: null
name: strategies.servicemesh.kubesphere.io
spec:
group: servicemesh.kubesphere.io
names:
kind: Strategy
listKind: StrategyList
plural: strategies
singular: strategy
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: type of strategy
jsonPath: .spec.type
name: Type
type: string
- description: destination hosts
jsonPath: .spec.template.spec.hosts
name: Hosts
type: string
- description: 'CreationTimestamp is a timestamp representing the server time
when this object was created. It is not guaranteed to be set in happens-before
order across separate operations. Clients may not set this value. It is represented
in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha2
schema:
openAPIV3Schema:
description: Strategy is the Schema for the strategies API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: StrategySpec defines the desired state of Strategy
properties:
governor:
description: Governor version, the version takes control of all incoming
traffic label version value
type: string
principal:
description: Principal version, the one as reference version label
version value
type: string
selector:
description: Label selector for virtual services.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: A label selector requirement is a selector that
contains values, a key, and an operator that relates the key
and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: operator represents a key's relationship to
a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
strategyPolicy:
description: strategy policy, how the strategy will be applied by
the strategy controller
type: string
template:
description: Template describes the virtual service that will be created.
properties:
metadata:
description: Metadata of the virtual services created from this
template
type: object
spec:
description: Spec indicates the behavior of a virtual service.
properties:
export_to:
description: "A list of namespaces to which this virtual service
is exported. Exporting a virtual service allows it to be
used by sidecars and gateways defined in other namespaces.
This feature provides a mechanism for service owners and
mesh administrators to control the visibility of virtual
services across namespace boundaries. \n If no namespaces
are specified then the virtual service is exported to all
namespaces by default. \n The value \".\" is reserved and
defines an export to the same namespace that the virtual
service is declared in. Similarly the value \"*\" is reserved
and defines an export to all namespaces. \n NOTE: in the
current release, the `exportTo` value is restricted to \".\"
or \"*\" (i.e., the current namespace or all namespaces)."
items:
type: string
type: array
gateways:
description: The names of gateways and sidecars that should
apply these routes. Gateways in other namespaces may be
referred to by `<gateway namespace>/<gateway name>`; specifying
a gateway with no namespace qualifier is the same as specifying
the VirtualService's namespace. A single VirtualService
is used for sidecars inside the mesh as well as for one
or more gateways. The selection condition imposed by this
field can be overridden using the source field in the match
conditions of protocol-specific routes. The reserved word
`mesh` is used to imply all the sidecars in the mesh. When
this field is omitted, the default gateway (`mesh`) will
be used, which would apply the rule to all sidecars in the
mesh. If a list of gateway names is provided, the rules
will apply only to the gateways. To apply the rules to both
gateways and sidecars, specify `mesh` as one of the gateway
names.
items:
type: string
type: array
hosts:
description: "The destination hosts to which traffic is being
sent. Could be a DNS name with wildcard prefix or an IP
address. Depending on the platform, short-names can also
be used instead of a FQDN (i.e. has no dots in the name).
In such a scenario, the FQDN of the host would be derived
based on the underlying platform. \n A single VirtualService
can be used to describe all the traffic properties of the
corresponding hosts, including those for multiple HTTP and
TCP ports. Alternatively, the traffic properties of a host
can be defined using more than one VirtualService, with
certain caveats. Refer to the [Operations Guide](https://istio.io/docs/ops/best-practices/traffic-management/#split-virtual-services)
for details. \n *Note for Kubernetes users*: When short
names are used (e.g. \"reviews\" instead of \"reviews.default.svc.cluster.local\"),
Istio will interpret the short name based on the namespace
of the rule, not the service. A rule in the \"default\"
namespace containing a host \"reviews\" will be interpreted
as \"reviews.default.svc.cluster.local\", irrespective of
the actual namespace associated with the reviews service.
_To avoid potential misconfigurations, it is recommended
to always use fully qualified domain names over short names._
\n The hosts field applies to both HTTP and TCP services.
Service inside the mesh, i.e., those found in the service
registry, must always be referred to using their alphanumeric
names. IP addresses are allowed only for services defined
via the Gateway. \n *Note*: It must be empty for a delegate
VirtualService."
items:
type: string
type: array
http:
description: An ordered list of route rules for HTTP traffic.
HTTP routes will be applied to platform service ports named
'http-*'/'http2-*'/'grpc-*', gateway ports with protocol
HTTP/HTTP2/GRPC/ TLS-terminated-HTTPS and service entry
ports using HTTP/HTTP2/GRPC protocols. The first rule matching
an incoming request is used.
items:
description: Describes match conditions and actions for
routing HTTP/1.1, HTTP2, and gRPC traffic. See VirtualService
for usage examples.
properties:
cors_policy:
description: Cross-Origin Resource Sharing policy (CORS).
Refer to [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS)
for further details about cross origin resource sharing.
properties:
allow_credentials:
description: Indicates whether the caller is allowed
to send the actual request (not the preflight)
using credentials. Translates to `Access-Control-Allow-Credentials`
header.
properties:
value:
description: The bool value.
type: boolean
type: object
allow_headers:
description: List of HTTP headers that can be used
when requesting the resource. Serialized to Access-Control-Allow-Headers
header.
items:
type: string
type: array
allow_methods:
description: List of HTTP methods allowed to access
the resource. The content will be serialized into
the Access-Control-Allow-Methods header.
items:
type: string
type: array
allow_origin:
description: The list of origins that are allowed
to perform CORS requests. The content will be
serialized into the Access-Control-Allow-Origin
header. Wildcard * will allow all origins. $hide_from_docs
items:
type: string
type: array
allow_origins:
description: String patterns that match allowed
origins. An origin is allowed if any of the string
matchers match. If a match is found, then the
outgoing Access-Control-Allow-Origin would be
set to the origin as provided by the client.
items:
description: Describes how to match a given string
in HTTP headers. Match is case-sensitive.
type: object
type: array
expose_headers:
description: A white list of HTTP headers that the
browsers are allowed to access. Serialized into
Access-Control-Expose-Headers header.
items:
type: string
type: array
max_age:
description: Specifies how long the results of a
preflight request can be cached. Translates to
the `Access-Control-Max-Age` header.
properties:
nanos:
description: Signed fractions of a second at
nanosecond resolution of the span of time.
Durations less than one second are represented
with a 0 `seconds` field and a positive or
negative `nanos` field. For durations of one
second or more, a non-zero value for the `nanos`
field must be of the same sign as the `seconds`
field. Must be from -999,999,999 to +999,999,999
inclusive.
format: int32
type: integer
seconds:
description: 'Signed seconds of the span of
time. Must be from -315,576,000,000 to +315,576,000,000
inclusive. Note: these bounds are computed
from: 60 sec/min * 60 min/hr * 24 hr/day *
365.25 days/year * 10000 years'
format: int64
type: integer
type: object
type: object
delegate:
description: 'Delegate is used to specify the particular
VirtualService which can be used to define delegate
HTTPRoute. It can be set only when `Route` and `Redirect`
are empty, and the route rules of the delegate VirtualService
will be merged with that in the current one. **NOTE**:
1. Only one level delegation is supported. 2. The
delegate''s HTTPMatchRequest must be a strict subset
of the root''s, otherwise there is a conflict and
the HTTPRoute will not take effect.'
properties:
name:
description: Name specifies the name of the delegate
VirtualService.
type: string
namespace:
description: Namespace specifies the namespace where
the delegate VirtualService resides. By default,
it is same to the root's.
type: string
type: object
fault:
description: Fault injection policy to apply on HTTP
traffic at the client side. Note that timeouts or
retries will not be enabled when faults are enabled
on the client side.
properties:
abort:
description: Abort Http request attempts and return
error codes back to downstream service, giving
the impression that the upstream service is faulty.
properties:
percentage:
description: Percentage of requests to be aborted
with the error code provided.
properties:
value:
type: number
type: object
type: object
delay:
description: Delay requests before forwarding, emulating
various failures such as network issues, overloaded
upstream service, etc.
properties:
percent:
description: Percentage of requests on which
the delay will be injected (0-100). Use of
integer `percent` value is deprecated. Use
the double `percentage` field instead.
format: int32
type: integer
percentage:
description: Percentage of requests on which
the delay will be injected.
properties:
value:
type: number
type: object
type: object
type: object
headers:
description: Header manipulation rules
properties:
request:
description: Header manipulation rules to apply
before forwarding a request to the destination
service
properties:
add:
additionalProperties:
type: string
description: Append the given values to the
headers specified by keys (will create a comma-separated
list of values)
type: object
remove:
description: Remove a the specified headers
items:
type: string
type: array
set:
additionalProperties:
type: string
description: Overwrite the headers specified
by key with the given values
type: object
type: object
response:
description: Header manipulation rules to apply
before returning a response to the caller
properties:
add:
additionalProperties:
type: string
description: Append the given values to the
headers specified by keys (will create a comma-separated
list of values)
type: object
remove:
description: Remove a the specified headers
items:
type: string
type: array
set:
additionalProperties:
type: string
description: Overwrite the headers specified
by key with the given values
type: object
type: object
type: object
match:
description: Match conditions to be satisfied for the
rule to be activated. All conditions inside a single
match block have AND semantics, while the list of
match blocks have OR semantics. The rule is matched
if any one of the match blocks succeed.
items:
description: "HttpMatchRequest specifies a set of
criterion to be met in order for the rule to be
applied to the HTTP request. For example, the following
restricts the rule to match only requests where
the URL path starts with /ratings/v2/ and the request
contains a custom `end-user` header with value `jason`.
\n {{<tabset category-name=\"example\">}} {{<tab
name=\"v1alpha3\" category-value=\"v1alpha3\">}}
```yaml apiVersion: networking.istio.io/v1alpha3
kind: VirtualService metadata: name: ratings-route
spec: hosts: - ratings.prod.svc.cluster.local http:
- match: - headers: end-user: exact: jason uri:
prefix: \"/ratings/v2/\" ignoreUriCase: true route:
- destination: host: ratings.prod.svc.cluster.local
``` {{</tab>}} \n {{<tab name=\"v1beta1\" category-value=\"v1beta1\">}}
```yaml apiVersion: networking.istio.io/v1beta1
kind: VirtualService metadata: name: ratings-route
spec: hosts: - ratings.prod.svc.cluster.local http:
- match: - headers: end-user: exact: jason uri:
prefix: \"/ratings/v2/\" ignoreUriCase: true route:
- destination: host: ratings.prod.svc.cluster.local
``` {{</tab>}} {{</tabset>}} \n HTTPMatchRequest
CANNOT be empty. **Note:** No regex string match
can be set when delegate VirtualService is specified."
properties:
authority:
description: "HTTP Authority values are case-sensitive
and formatted as follows: \n - `exact: \"value\"`
for exact string match \n - `prefix: \"value\"`
for prefix-based match \n - `regex: \"value\"`
for ECMAscript style regex-based match"
type: object
gateways:
description: Names of gateways where the rule
should be applied. Gateway names in the top-level
`gateways` field of the VirtualService (if any)
are overridden. The gateway match is independent
of sourceLabels.
items:
type: string
type: array
headers:
additionalProperties:
description: Describes how to match a given
string in HTTP headers. Match is case-sensitive.
type: object
description: "The header keys must be lowercase
and use hyphen as the separator, e.g. _x-request-id_.
\n Header values are case-sensitive and formatted
as follows: \n - `exact: \"value\"` for exact
string match \n - `prefix: \"value\"` for prefix-based
match \n - `regex: \"value\"` for ECMAscript
style regex-based match \n If the value is empty
and only the name of header is specfied, presence
of the header is checked. **Note:** The keys
`uri`, `scheme`, `method`, and `authority` will
be ignored."
type: object
ignore_uri_case:
description: "Flag to specify whether the URI
matching should be case-insensitive. \n **Note:**
The case will be ignored only in the case of
`exact` and `prefix` URI matches."
type: boolean
method:
description: "HTTP Method values are case-sensitive
and formatted as follows: \n - `exact: \"value\"`
for exact string match \n - `prefix: \"value\"`
for prefix-based match \n - `regex: \"value\"`
for ECMAscript style regex-based match"
type: object
name:
description: The name assigned to a match. The
match's name will be concatenated with the parent
route's name and will be logged in the access
logs for requests matching this route.
type: string
port:
description: Specifies the ports on the host that
is being addressed. Many services only expose
a single port or label ports with the protocols
they support, in these cases it is not required
to explicitly select the port.
format: int32
type: integer
query_params:
additionalProperties:
description: Describes how to match a given
string in HTTP headers. Match is case-sensitive.
type: object
description: "Query parameters for matching. \n
Ex: - For a query parameter like \"?key=true\",
the map key would be \"key\" and the string
match could be defined as `exact: \"true\"`.
- For a query parameter like \"?key\", the map
key would be \"key\" and the string match could
be defined as `exact: \"\"`. - For a query parameter
like \"?key=123\", the map key would be \"key\"
and the string match could be defined as `regex:
\"\\d+$\"`. Note that this configuration will
only match values like \"123\" but not \"a123\"
or \"123a\". \n **Note:** `prefix` matching
is currently not supported."
type: object
scheme:
description: "URI Scheme values are case-sensitive
and formatted as follows: \n - `exact: \"value\"`
for exact string match \n - `prefix: \"value\"`
for prefix-based match \n - `regex: \"value\"`
for ECMAscript style regex-based match"
type: object
source_labels:
additionalProperties:
type: string
description: One or more labels that constrain
the applicability of a rule to workloads with
the given labels. If the VirtualService has
a list of gateways specified in the top-level
`gateways` field, it must include the reserved
gateway `mesh` for this field to be applicable.
type: object
source_namespace:
description: Source namespace constraining the
applicability of a rule to workloads in that
namespace. If the VirtualService has a list
of gateways specified in the top-level `gateways`
field, it must include the reserved gateway
`mesh` for this field to be applicable.
type: string
uri:
description: "URI to match values are case-sensitive
and formatted as follows: \n - `exact: \"value\"`
for exact string match \n - `prefix: \"value\"`
for prefix-based match \n - `regex: \"value\"`
for ECMAscript style regex-based match \n **Note:**
Case-insensitive matching could be enabled via
the `ignore_uri_case` flag."
type: object
without_headers:
additionalProperties:
description: Describes how to match a given
string in HTTP headers. Match is case-sensitive.
type: object
description: withoutHeader has the same syntax
with the header, but has opposite meaning. If
a header is matched with a matching rule among
withoutHeader, the traffic becomes not matched
one.
type: object
type: object
type: array
mirror:
description: Mirror HTTP traffic to a another destination
in addition to forwarding the requests to the intended
destination. Mirrored traffic is on a best effort
basis where the sidecar/gateway will not wait for
the mirrored cluster to respond before returning the
response from the original destination. Statistics
will be generated for the mirrored destination.
properties:
host:
description: "The name of a service from the service
registry. Service names are looked up from the
platform's service registry (e.g., Kubernetes
services, Consul services, etc.) and from the
hosts declared by [ServiceEntry](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry).
Traffic forwarded to destinations that are not
found in either of the two, will be dropped. \n
*Note for Kubernetes users*: When short names
are used (e.g. \"reviews\" instead of \"reviews.default.svc.cluster.local\"),
Istio will interpret the short name based on the
namespace of the rule, not the service. A rule
in the \"default\" namespace containing a host
\"reviews will be interpreted as \"reviews.default.svc.cluster.local\",
irrespective of the actual namespace associated
with the reviews service. To avoid potential misconfiguration,
it is recommended to always use fully qualified
domain names over short names."
type: string
port:
description: Specifies the port on the host that
is being addressed. If a service exposes only
a single port it is not required to explicitly
select the port.
properties:
number:
description: Valid port number
format: int32
type: integer
type: object
subset:
description: The name of a subset within the service.
Applicable only to services within the mesh. The
subset must be defined in a corresponding DestinationRule.
type: string
type: object
mirror_percent:
description: Percentage of the traffic to be mirrored
by the `mirror` field. Use of integer `mirror_percent`
value is deprecated. Use the double `mirror_percentage`
field instead
properties:
value:
description: The uint32 value.
format: int32
type: integer
type: object
mirror_percentage:
description: Percentage of the traffic to be mirrored
by the `mirror` field. If this field is absent, all
the traffic (100%) will be mirrored. Max value is
100.
properties:
value:
type: number
type: object
name:
description: The name assigned to the route for debugging
purposes. The route's name will be concatenated with
the match's name and will be logged in the access
logs for requests matching this route/match.
type: string
redirect:
description: A HTTP rule can either redirect or forward
(default) traffic. If traffic passthrough option is
specified in the rule, route/redirect will be ignored.
The redirect primitive can be used to send a HTTP
301 redirect to a different URI or Authority.
properties:
authority:
description: On a redirect, overwrite the Authority/Host
portion of the URL with this value.
type: string
redirect_code:
description: On a redirect, Specifies the HTTP status
code to use in the redirect response. The default
response code is MOVED_PERMANENTLY (301).
format: int32
type: integer
uri:
description: On a redirect, overwrite the Path portion
of the URL with this value. Note that the entire
path will be replaced, irrespective of the request
URI being matched as an exact path or prefix.
type: string
type: object
retries:
description: Retry policy for HTTP requests.
properties:
attempts:
description: Number of retries for a given request.
The interval between retries will be determined
automatically (25ms+). Actual number of retries
attempted depends on the request `timeout` of
the [HTTP route](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPRoute).
format: int32
type: integer
per_try_timeout:
description: 'Timeout per retry attempt for a given
request. format: 1h/1m/1s/1ms. MUST BE >=1ms.'
properties:
nanos:
description: Signed fractions of a second at
nanosecond resolution of the span of time.
Durations less than one second are represented
with a 0 `seconds` field and a positive or
negative `nanos` field. For durations of one
second or more, a non-zero value for the `nanos`
field must be of the same sign as the `seconds`
field. Must be from -999,999,999 to +999,999,999
inclusive.
format: int32
type: integer
seconds:
description: 'Signed seconds of the span of
time. Must be from -315,576,000,000 to +315,576,000,000
inclusive. Note: these bounds are computed
from: 60 sec/min * 60 min/hr * 24 hr/day *
365.25 days/year * 10000 years'
format: int64
type: integer
type: object
retry_on:
description: Specifies the conditions under which
retry takes place. One or more policies can be
specified using a , delimited list. See the
[retry policies](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-on)
and [gRPC retry policies](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-grpc-on)
for more details.
type: string
retry_remote_localities:
description: Flag to specify whether the retries
should retry to other localities. See the [retry
plugin configuration](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/http/http_connection_management#retry-plugin-configuration)
for more details.
properties:
value:
description: The bool value.
type: boolean
type: object
type: object
rewrite:
description: Rewrite HTTP URIs and Authority headers.
Rewrite cannot be used with Redirect primitive. Rewrite
will be performed before forwarding.
properties:
authority:
description: rewrite the Authority/Host header with
this value.
type: string
uri:
description: rewrite the path (or the prefix) portion
of the URI with this value. If the original URI
was matched based on prefix, the value provided
in this field will replace the corresponding matched
prefix.
type: string
type: object
route:
description: A HTTP rule can either redirect or forward
(default) traffic. The forwarding target can be one
of several versions of a service (see glossary in
beginning of document). Weights associated with the
service version determine the proportion of traffic
it receives.
items:
description: "Each routing rule is associated with
one or more service versions (see glossary in beginning
of document). Weights associated with the version
determine the proportion of traffic it receives.
For example, the following rule will route 25% of
traffic for the \"reviews\" service to instances
with the \"v2\" tag and the remaining traffic (i.e.,
75%) to \"v1\". \n {{<tabset category-name=\"example\">}}
{{<tab name=\"v1alpha3\" category-value=\"v1alpha3\">}}
```yaml apiVersion: networking.istio.io/v1alpha3
kind: VirtualService metadata: name: reviews-route
spec: hosts: - reviews.prod.svc.cluster.local http:
- route: - destination: host: reviews.prod.svc.cluster.local
subset: v2 weight: 25 - destination: host: reviews.prod.svc.cluster.local
subset: v1 weight: 75 ``` {{</tab>}} \n {{<tab name=\"v1beta1\"
category-value=\"v1beta1\">}} ```yaml apiVersion:
networking.istio.io/v1beta1 kind: VirtualService
metadata: name: reviews-route spec: hosts: - reviews.prod.svc.cluster.local
http: - route: - destination: host: reviews.prod.svc.cluster.local
subset: v2 weight: 25 - destination: host: reviews.prod.svc.cluster.local
subset: v1 weight: 75 ``` {{</tab>}} {{</tabset>}}
\n And the associated DestinationRule \n {{<tabset
category-name=\"example\">}} {{<tab name=\"v1alpha3\"
category-value=\"v1alpha3\">}} ```yaml apiVersion:
networking.istio.io/v1alpha3 kind: DestinationRule
metadata: name: reviews-destination spec: host:
reviews.prod.svc.cluster.local subsets: - name:
v1 labels: version: v1 - name: v2 labels: version:
v2 ``` {{</tab>}} \n {{<tab name=\"v1beta1\" category-value=\"v1beta1\">}}
```yaml apiVersion: networking.istio.io/v1beta1
kind: DestinationRule metadata: name: reviews-destination
spec: host: reviews.prod.svc.cluster.local subsets:
- name: v1 labels: version: v1 - name: v2 labels:
version: v2 ``` {{</tab>}} {{</tabset>}} \n Traffic
can also be split across two entirely different
services without having to define new subsets. For
example, the following rule forwards 25% of traffic
to reviews.com to dev.reviews.com \n {{<tabset category-name=\"example\">}}
{{<tab name=\"v1alpha3\" category-value=\"v1alpha3\">}}
```yaml apiVersion: networking.istio.io/v1alpha3
kind: VirtualService metadata: name: reviews-route-two-domains
spec: hosts: - reviews.com http: - route: - destination:
host: dev.reviews.com weight: 25 - destination:
host: reviews.com weight: 75 ``` {{</tab>}} \n {{<tab
name=\"v1beta1\" category-value=\"v1beta1\">}} ```yaml
apiVersion: networking.istio.io/v1beta1 kind: VirtualService
metadata: name: reviews-route-two-domains spec:
hosts: - reviews.com http: - route: - destination:
host: dev.reviews.com weight: 25 - destination:
host: reviews.com weight: 75 ``` {{</tab>}} {{</tabset>}}"
properties:
destination:
description: Destination uniquely identifies the
instances of a service to which the request/connection
should be forwarded to.
properties:
host:
description: "The name of a service from the
service registry. Service names are looked
up from the platform's service registry
(e.g., Kubernetes services, Consul services,
etc.) and from the hosts declared by [ServiceEntry](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry).
Traffic forwarded to destinations that are
not found in either of the two, will be
dropped. \n *Note for Kubernetes users*:
When short names are used (e.g. \"reviews\"
instead of \"reviews.default.svc.cluster.local\"),
Istio will interpret the short name based
on the namespace of the rule, not the service.
A rule in the \"default\" namespace containing
a host \"reviews will be interpreted as
\"reviews.default.svc.cluster.local\", irrespective
of the actual namespace associated with
the reviews service. To avoid potential
misconfiguration, it is recommended to always
use fully qualified domain names over short
names."
type: string
port:
description: Specifies the port on the host
that is being addressed. If a service exposes
only a single port it is not required to
explicitly select the port.
properties:
number:
description: Valid port number
format: int32
type: integer
type: object
subset:
description: The name of a subset within the
service. Applicable only to services within
the mesh. The subset must be defined in
a corresponding DestinationRule.
type: string
type: object
headers:
description: Header manipulation rules
properties:
request:
description: Header manipulation rules to
apply before forwarding a request to the
destination service
properties:
add:
additionalProperties:
type: string
description: Append the given values to
the headers specified by keys (will
create a comma-separated list of values)
type: object
remove:
description: Remove a the specified headers
items:
type: string
type: array
set:
additionalProperties:
type: string
description: Overwrite the headers specified
by key with the given values
type: object
type: object
response:
description: Header manipulation rules to
apply before returning a response to the
caller
properties:
add:
additionalProperties:
type: string
description: Append the given values to
the headers specified by keys (will
create a comma-separated list of values)
type: object
remove:
description: Remove a the specified headers
items:
type: string
type: array
set:
additionalProperties:
type: string
description: Overwrite the headers specified
by key with the given values
type: object
type: object
type: object
weight:
description: The proportion of traffic to be forwarded
to the service version. (0-100). Sum of weights
across destinations SHOULD BE == 100. If there
is only one destination in a rule, the weight
value is assumed to be 100.
format: int32
type: integer
type: object
type: array
timeout:
description: Timeout for HTTP requests.
properties:
nanos:
description: Signed fractions of a second at nanosecond
resolution of the span of time. Durations less
than one second are represented with a 0 `seconds`
field and a positive or negative `nanos` field.
For durations of one second or more, a non-zero
value for the `nanos` field must be of the same
sign as the `seconds` field. Must be from -999,999,999
to +999,999,999 inclusive.
format: int32
type: integer
seconds:
description: 'Signed seconds of the span of time.
Must be from -315,576,000,000 to +315,576,000,000
inclusive. Note: these bounds are computed from:
60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year
* 10000 years'
format: int64
type: integer
type: object
type: object
type: array
tcp:
description: An ordered list of route rules for opaque TCP
traffic. TCP routes will be applied to any port that is
not a HTTP or TLS port. The first rule matching an incoming
request is used.
items:
description: "Describes match conditions and actions for
routing TCP traffic. The following routing rule forwards
traffic arriving at port 27017 for mongo.prod.svc.cluster.local
to another Mongo server on port 5555. \n {{<tabset category-name=\"example\">}}
{{<tab name=\"v1alpha3\" category-value=\"v1alpha3\">}}
```yaml apiVersion: networking.istio.io/v1alpha3 kind:
VirtualService metadata: name: bookinfo-Mongo spec: hosts:
- mongo.prod.svc.cluster.local tcp: - match: - port: 27017
route: - destination: host: mongo.backup.svc.cluster.local
port: number: 5555 ``` {{</tab>}} \n {{<tab name=\"v1beta1\"
category-value=\"v1beta1\">}} ```yaml apiVersion: networking.istio.io/v1beta1
kind: VirtualService metadata: name: bookinfo-Mongo spec:
hosts: - mongo.prod.svc.cluster.local tcp: - match: -
port: 27017 route: - destination: host: mongo.backup.svc.cluster.local
port: number: 5555 ``` {{</tab>}} {{</tabset>}}"
properties:
match:
description: Match conditions to be satisfied for the
rule to be activated. All conditions inside a single
match block have AND semantics, while the list of
match blocks have OR semantics. The rule is matched
if any one of the match blocks succeed.
items:
description: L4 connection match attributes. Note
that L4 connection matching support is incomplete.
properties:
destination_subnets:
description: IPv4 or IPv6 ip addresses of destination
with optional subnet. E.g., a.b.c.d/xx form
or just a.b.c.d.
items:
type: string
type: array
gateways:
description: Names of gateways where the rule
should be applied. Gateway names in the top-level
`gateways` field of the VirtualService (if any)
are overridden. The gateway match is independent
of sourceLabels.
items:
type: string
type: array
port:
description: Specifies the port on the host that
is being addressed. Many services only expose
a single port or label ports with the protocols
they support, in these cases it is not required
to explicitly select the port.
format: int32
type: integer
source_labels:
additionalProperties:
type: string
description: One or more labels that constrain
the applicability of a rule to workloads with
the given labels. If the VirtualService has
a list of gateways specified in the top-level
`gateways` field, it should include the reserved
gateway `mesh` in order for this field to be
applicable.
type: object
source_namespace:
description: Source namespace constraining the
applicability of a rule to workloads in that
namespace. If the VirtualService has a list
of gateways specified in the top-level `gateways`
field, it must include the reserved gateway
`mesh` for this field to be applicable.
type: string
source_subnet:
description: IPv4 or IPv6 ip address of source
with optional subnet. E.g., a.b.c.d/xx form
or just a.b.c.d $hide_from_docs
type: string
type: object
type: array
route:
description: The destination to which the connection
should be forwarded to.
items:
description: L4 routing rule weighted destination.
properties:
destination:
description: Destination uniquely identifies the
instances of a service to which the request/connection
should be forwarded to.
properties:
host:
description: "The name of a service from the
service registry. Service names are looked
up from the platform's service registry
(e.g., Kubernetes services, Consul services,
etc.) and from the hosts declared by [ServiceEntry](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry).
Traffic forwarded to destinations that are
not found in either of the two, will be
dropped. \n *Note for Kubernetes users*:
When short names are used (e.g. \"reviews\"
instead of \"reviews.default.svc.cluster.local\"),
Istio will interpret the short name based
on the namespace of the rule, not the service.
A rule in the \"default\" namespace containing
a host \"reviews will be interpreted as
\"reviews.default.svc.cluster.local\", irrespective
of the actual namespace associated with
the reviews service. To avoid potential
misconfiguration, it is recommended to always
use fully qualified domain names over short
names."
type: string
port:
description: Specifies the port on the host
that is being addressed. If a service exposes
only a single port it is not required to
explicitly select the port.
properties:
number:
description: Valid port number
format: int32
type: integer
type: object
subset:
description: The name of a subset within the
service. Applicable only to services within
the mesh. The subset must be defined in
a corresponding DestinationRule.
type: string
type: object
weight:
description: The proportion of traffic to be forwarded
to the service version. If there is only one
destination in a rule, all traffic will be routed
to it irrespective of the weight.
format: int32
type: integer
type: object
type: array
type: object
type: array
tls:
description: 'An ordered list of route rule for non-terminated
TLS & HTTPS traffic. Routing is typically performed using
the SNI value presented by the ClientHello message. TLS
routes will be applied to platform service ports named ''https-*'',
''tls-*'', unterminated gateway ports using HTTPS/TLS protocols
(i.e. with "passthrough" TLS mode) and service entry ports
using HTTPS/TLS protocols. The first rule matching an incoming
request is used. NOTE: Traffic ''https-*'' or ''tls-*''
ports without associated virtual service will be treated
as opaque TCP traffic.'
items:
description: "Describes match conditions and actions for
routing unterminated TLS traffic (TLS/HTTPS) The following
routing rule forwards unterminated TLS traffic arriving
at port 443 of gateway called \"mygateway\" to internal
services in the mesh based on the SNI value. \n {{<tabset
category-name=\"example\">}} {{<tab name=\"v1alpha3\"
category-value=\"v1alpha3\">}} ```yaml apiVersion: networking.istio.io/v1alpha3
kind: VirtualService metadata: name: bookinfo-sni spec:
hosts: - \"*.bookinfo.com\" gateways: - mygateway tls:
- match: - port: 443 sniHosts: - login.bookinfo.com route:
- destination: host: login.prod.svc.cluster.local - match:
- port: 443 sniHosts: - reviews.bookinfo.com route: -
destination: host: reviews.prod.svc.cluster.local ```
{{</tab>}} \n {{<tab name=\"v1beta1\" category-value=\"v1beta1\">}}
```yaml apiVersion: networking.istio.io/v1beta1 kind:
VirtualService metadata: name: bookinfo-sni spec: hosts:
- \"*.bookinfo.com\" gateways: - mygateway tls: - match:
- port: 443 sniHosts: - login.bookinfo.com route: - destination:
host: login.prod.svc.cluster.local - match: - port: 443
sniHosts: - reviews.bookinfo.com route: - destination:
host: reviews.prod.svc.cluster.local ``` {{</tab>}} {{</tabset>}}"
properties:
match:
description: Match conditions to be satisfied for the
rule to be activated. All conditions inside a single
match block have AND semantics, while the list of
match blocks have OR semantics. The rule is matched
if any one of the match blocks succeed.
items:
description: TLS connection match attributes.
properties:
destination_subnets:
description: IPv4 or IPv6 ip addresses of destination
with optional subnet. E.g., a.b.c.d/xx form
or just a.b.c.d.
items:
type: string
type: array
gateways:
description: Names of gateways where the rule
should be applied. Gateway names in the top-level
`gateways` field of the VirtualService (if any)
are overridden. The gateway match is independent
of sourceLabels.
items:
type: string
type: array
port:
description: Specifies the port on the host that
is being addressed. Many services only expose
a single port or label ports with the protocols
they support, in these cases it is not required
to explicitly select the port.
format: int32
type: integer
sni_hosts:
description: SNI (server name indicator) to match
on. Wildcard prefixes can be used in the SNI
value, e.g., *.com will match foo.example.com
as well as example.com. An SNI value must be
a subset (i.e., fall within the domain) of the
corresponding virtual serivce's hosts.
items:
type: string
type: array
source_labels:
additionalProperties:
type: string
description: One or more labels that constrain
the applicability of a rule to workloads with
the given labels. If the VirtualService has
a list of gateways specified in the top-level
`gateways` field, it should include the reserved
gateway `mesh` in order for this field to be
applicable.
type: object
source_namespace:
description: Source namespace constraining the
applicability of a rule to workloads in that
namespace. If the VirtualService has a list
of gateways specified in the top-level `gateways`
field, it must include the reserved gateway
`mesh` for this field to be applicable.
type: string
type: object
type: array
route:
description: The destination to which the connection
should be forwarded to.
items:
description: L4 routing rule weighted destination.
properties:
destination:
description: Destination uniquely identifies the
instances of a service to which the request/connection
should be forwarded to.
properties:
host:
description: "The name of a service from the
service registry. Service names are looked
up from the platform's service registry
(e.g., Kubernetes services, Consul services,
etc.) and from the hosts declared by [ServiceEntry](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry).
Traffic forwarded to destinations that are
not found in either of the two, will be
dropped. \n *Note for Kubernetes users*:
When short names are used (e.g. \"reviews\"
instead of \"reviews.default.svc.cluster.local\"),
Istio will interpret the short name based
on the namespace of the rule, not the service.
A rule in the \"default\" namespace containing
a host \"reviews will be interpreted as
\"reviews.default.svc.cluster.local\", irrespective
of the actual namespace associated with
the reviews service. To avoid potential
misconfiguration, it is recommended to always
use fully qualified domain names over short
names."
type: string
port:
description: Specifies the port on the host
that is being addressed. If a service exposes
only a single port it is not required to
explicitly select the port.
properties:
number:
description: Valid port number
format: int32
type: integer
type: object
subset:
description: The name of a subset within the
service. Applicable only to services within
the mesh. The subset must be defined in
a corresponding DestinationRule.
type: string
type: object
weight:
description: The proportion of traffic to be forwarded
to the service version. If there is only one
destination in a rule, all traffic will be routed
to it irrespective of the weight.
format: int32
type: integer
type: object
type: array
type: object
type: array
type: object
type: object
type:
description: Strategy type
type: string
type: object
status:
description: StrategyStatus defines the observed state of Strategy
properties:
completionTime:
description: Represents time when the strategy was completed. It is
represented in RFC3339 form and is in UTC.
format: date-time
type: string
conditions:
description: The latest available observations of an object's current
state.
items:
description: StrategyCondition describes current state of a strategy.
properties:
lastProbeTime:
description: Last time the condition was checked.
format: date-time
type: string
lastTransitionTime:
description: Last time the condition transit from one status
to another
format: date-time
type: string
message:
description: Human readable message indicating details about
last transition.
type: string
reason:
description: reason for the condition's last transition
type: string
status:
description: Status of the condition, one of True, False, Unknown
type: string
type:
description: Type of strategy condition, Complete or Failed.
type: string
type: object
type: array
startTime:
description: Represents time when the strategy was acknowledged by
the controller. It is represented in RFC3339 form and is in UTC.
format: date-time
type: string
type: object
type: object
served: true
storage: true
subresources: {}
Reference in New Issue View Git Blame Copy Permalink