ea88c8803d
use istio client-go library instead of knative bump kubernetes dependency version change code coverage to codecov
391 lines
20 KiB
JSON
391 lines
20 KiB
JSON
{
|
|
"openapi": "3.0.0",
|
|
"info": {
|
|
"title": "Configuration affecting load balancing, outlier detection, etc.",
|
|
"version": "v1alpha3"
|
|
},
|
|
"components": {
|
|
"schemas": {
|
|
"istio.networking.v1alpha3.DestinationRule": {
|
|
"description": "DestinationRule defines policies that apply to traffic intended for a service after routing has occurred.",
|
|
"type": "object",
|
|
"properties": {
|
|
"host": {
|
|
"description": "The name of a service from the service registry. Service names are looked up from the platform's service registry (e.g., Kubernetes services, Consul services, etc.) and from the hosts declared by [ServiceEntries](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry). Rules defined for services that do not exist in the service registry will be ignored.",
|
|
"type": "string",
|
|
"format": "string"
|
|
},
|
|
"trafficPolicy": {
|
|
"$ref": "#/components/schemas/istio.networking.v1alpha3.TrafficPolicy"
|
|
},
|
|
"subsets": {
|
|
"description": "One or more named sets that represent individual versions of a service. Traffic policies can be overridden at subset level.",
|
|
"type": "array",
|
|
"items": {
|
|
"$ref": "#/components/schemas/istio.networking.v1alpha3.Subset"
|
|
}
|
|
},
|
|
"exportTo": {
|
|
"description": "A list of namespaces to which this destination rule is exported. The resolution of a destination rule to apply to a service occurs in the context of a hierarchy of namespaces. Exporting a destination rule allows it to be included in the resolution hierarchy for services in other namespaces. This feature provides a mechanism for service owners and mesh administrators to control the visibility of destination rules across namespace boundaries.",
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"istio.networking.v1alpha3.TrafficPolicy": {
|
|
"description": "Traffic policies to apply for a specific destination, across all destination ports. See DestinationRule for examples.",
|
|
"type": "object",
|
|
"properties": {
|
|
"loadBalancer": {
|
|
"$ref": "#/components/schemas/istio.networking.v1alpha3.LoadBalancerSettings"
|
|
},
|
|
"connectionPool": {
|
|
"$ref": "#/components/schemas/istio.networking.v1alpha3.ConnectionPoolSettings"
|
|
},
|
|
"outlierDetection": {
|
|
"$ref": "#/components/schemas/istio.networking.v1alpha3.OutlierDetection"
|
|
},
|
|
"tls": {
|
|
"$ref": "#/components/schemas/istio.networking.v1alpha3.TLSSettings"
|
|
},
|
|
"portLevelSettings": {
|
|
"description": "Traffic policies specific to individual ports. Note that port level settings will override the destination-level settings. Traffic settings specified at the destination-level will not be inherited when overridden by port-level settings, i.e. default values will be applied to fields omitted in port-level traffic policies.",
|
|
"type": "array",
|
|
"items": {
|
|
"$ref": "#/components/schemas/istio.networking.v1alpha3.TrafficPolicy.PortTrafficPolicy"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"istio.networking.v1alpha3.Subset": {
|
|
"description": "A subset of endpoints of a service. Subsets can be used for scenarios like A/B testing, or routing to a specific version of a service. Refer to [VirtualService](https://istio.io/docs/reference/config/networking/virtual-service/#VirtualService) documentation for examples of using subsets in these scenarios. In addition, traffic policies defined at the service-level can be overridden at a subset-level. The following rule uses a round robin load balancing policy for all traffic going to a subset named testversion that is composed of endpoints (e.g., pods) with labels (version:v3).",
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"description": "Name of the subset. The service name and the subset name can be used for traffic splitting in a route rule.",
|
|
"type": "string",
|
|
"format": "string"
|
|
},
|
|
"trafficPolicy": {
|
|
"$ref": "#/components/schemas/istio.networking.v1alpha3.TrafficPolicy"
|
|
},
|
|
"labels": {
|
|
"description": "Labels apply a filter over the endpoints of a service in the service registry. See route rules for examples of usage.",
|
|
"type": "object",
|
|
"additionalProperties": {
|
|
"type": "string",
|
|
"format": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"istio.networking.v1alpha3.LoadBalancerSettings": {
|
|
"description": "Load balancing policies to apply for a specific destination. See Envoy's load balancing [documentation](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancing) for more details.",
|
|
"type": "object",
|
|
"oneOf": [
|
|
{
|
|
"required": [
|
|
"simple"
|
|
],
|
|
"properties": {
|
|
"simple": {
|
|
"$ref": "#/components/schemas/istio.networking.v1alpha3.LoadBalancerSettings.SimpleLB"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"required": [
|
|
"consistentHash"
|
|
],
|
|
"properties": {
|
|
"consistentHash": {
|
|
"$ref": "#/components/schemas/istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB"
|
|
}
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"istio.networking.v1alpha3.ConnectionPoolSettings": {
|
|
"description": "Connection pool settings for an upstream host. The settings apply to each individual host in the upstream service. See Envoy's [circuit breaker](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/circuit_breaking) for more details. Connection pool settings can be applied at the TCP level as well as at HTTP level.",
|
|
"type": "object",
|
|
"properties": {
|
|
"tcp": {
|
|
"$ref": "#/components/schemas/istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings"
|
|
},
|
|
"http": {
|
|
"$ref": "#/components/schemas/istio.networking.v1alpha3.ConnectionPoolSettings.HTTPSettings"
|
|
}
|
|
}
|
|
},
|
|
"istio.networking.v1alpha3.OutlierDetection": {
|
|
"description": "A Circuit breaker implementation that tracks the status of each individual host in the upstream service. Applicable to both HTTP and TCP services. For HTTP services, hosts that continually return 5xx errors for API calls are ejected from the pool for a pre-defined period of time. For TCP services, connection timeouts or connection failures to a given host counts as an error when measuring the consecutive errors metric. See Envoy's [outlier detection](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/outlier) for more details.",
|
|
"type": "object",
|
|
"properties": {
|
|
"interval": {
|
|
"description": "Time interval between ejection sweep analysis. format: 1h/1m/1s/1ms. MUST BE \u003e=1ms. Default is 10s.",
|
|
"type": "string"
|
|
},
|
|
"consecutiveErrors": {
|
|
"description": "Number of errors before a host is ejected from the connection pool. Defaults to 5. When the upstream host is accessed over HTTP, a 502, 503, or 504 return code qualifies as an error. When the upstream host is accessed over an opaque TCP connection, connect timeouts and connection error/failure events qualify as an error.",
|
|
"type": "integer",
|
|
"format": "int32"
|
|
},
|
|
"baseEjectionTime": {
|
|
"description": "Minimum ejection duration. A host will remain ejected for a period equal to the product of minimum ejection duration and the number of times the host has been ejected. This technique allows the system to automatically increase the ejection period for unhealthy upstream servers. format: 1h/1m/1s/1ms. MUST BE \u003e=1ms. Default is 30s.",
|
|
"type": "string"
|
|
},
|
|
"maxEjectionPercent": {
|
|
"description": "Maximum % of hosts in the load balancing pool for the upstream service that can be ejected. Defaults to 10%.",
|
|
"type": "integer",
|
|
"format": "int32"
|
|
},
|
|
"minHealthPercent": {
|
|
"description": "Outlier detection will be enabled as long as the associated load balancing pool has at least min_health_percent hosts in healthy mode. When the percentage of healthy hosts in the load balancing pool drops below this threshold, outlier detection will be disabled and the proxy will load balance across all hosts in the pool (healthy and unhealthy). The threshold can be disabled by setting it to 0%. The default is 0% as it's not typically applicable in k8s environments with few pods per service.",
|
|
"type": "integer",
|
|
"format": "int32"
|
|
}
|
|
}
|
|
},
|
|
"istio.networking.v1alpha3.TLSSettings": {
|
|
"description": "SSL/TLS related settings for upstream connections. See Envoy's [TLS context](https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/auth/cert.proto.html) for more details. These settings are common to both HTTP and TCP upstreams.",
|
|
"type": "object",
|
|
"properties": {
|
|
"mode": {
|
|
"$ref": "#/components/schemas/istio.networking.v1alpha3.TLSSettings.TLSmode"
|
|
},
|
|
"clientCertificate": {
|
|
"description": "REQUIRED if mode is `MUTUAL`. The path to the file holding the client-side TLS certificate to use. Should be empty if mode is `ISTIO_MUTUAL`.",
|
|
"type": "string",
|
|
"format": "string"
|
|
},
|
|
"privateKey": {
|
|
"description": "REQUIRED if mode is `MUTUAL`. The path to the file holding the client's private key. Should be empty if mode is `ISTIO_MUTUAL`.",
|
|
"type": "string",
|
|
"format": "string"
|
|
},
|
|
"caCertificates": {
|
|
"description": "OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate. If omitted, the proxy will not verify the server's certificate. Should be empty if mode is `ISTIO_MUTUAL`.",
|
|
"type": "string",
|
|
"format": "string"
|
|
},
|
|
"subjectAltNames": {
|
|
"description": "A list of alternate names to verify the subject identity in the certificate. If specified, the proxy will verify that the server certificate's subject alt name matches one of the specified values. If specified, this list overrides the value of subject_alt_names from the ServiceEntry.",
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "string"
|
|
}
|
|
},
|
|
"sni": {
|
|
"description": "SNI string to present to the server during TLS handshake.",
|
|
"type": "string",
|
|
"format": "string"
|
|
}
|
|
}
|
|
},
|
|
"istio.networking.v1alpha3.TrafficPolicy.PortTrafficPolicy": {
|
|
"description": "Traffic policies that apply to specific ports of the service",
|
|
"type": "object",
|
|
"properties": {
|
|
"loadBalancer": {
|
|
"$ref": "#/components/schemas/istio.networking.v1alpha3.LoadBalancerSettings"
|
|
},
|
|
"connectionPool": {
|
|
"$ref": "#/components/schemas/istio.networking.v1alpha3.ConnectionPoolSettings"
|
|
},
|
|
"outlierDetection": {
|
|
"$ref": "#/components/schemas/istio.networking.v1alpha3.OutlierDetection"
|
|
},
|
|
"tls": {
|
|
"$ref": "#/components/schemas/istio.networking.v1alpha3.TLSSettings"
|
|
},
|
|
"port": {
|
|
"$ref": "#/components/schemas/istio.networking.v1alpha3.PortSelector"
|
|
}
|
|
}
|
|
},
|
|
"istio.networking.v1alpha3.PortSelector": {
|
|
"description": "PortSelector specifies the number of a port to be used for matching or selection for final routing.",
|
|
"type": "object",
|
|
"properties": {
|
|
"number": {
|
|
"description": "Valid port number",
|
|
"type": "integer"
|
|
}
|
|
}
|
|
},
|
|
"istio.networking.v1alpha3.LoadBalancerSettings.SimpleLB": {
|
|
"description": "Standard load balancing algorithms that require no tuning.",
|
|
"type": "string",
|
|
"enum": [
|
|
"ROUND_ROBIN",
|
|
"LEAST_CONN",
|
|
"RANDOM",
|
|
"PASSTHROUGH"
|
|
]
|
|
},
|
|
"istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB": {
|
|
"description": "Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. This load balancing policy is applicable only for HTTP connections. The affinity to a particular destination host will be lost when one or more hosts are added/removed from the destination service.",
|
|
"type": "object",
|
|
"oneOf": [
|
|
{
|
|
"required": [
|
|
"httpHeaderName"
|
|
],
|
|
"properties": {
|
|
"minimumRingSize": {
|
|
"description": "The minimum number of virtual nodes to use for the hash ring. Defaults to 1024. Larger ring sizes result in more granular load distributions. If the number of hosts in the load balancing pool is larger than the ring size, each host will be assigned a single virtual node.",
|
|
"type": "integer"
|
|
},
|
|
"httpHeaderName": {
|
|
"description": "Hash based on a specific HTTP header.",
|
|
"type": "string",
|
|
"format": "string"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"required": [
|
|
"httpCookie"
|
|
],
|
|
"properties": {
|
|
"minimumRingSize": {
|
|
"description": "The minimum number of virtual nodes to use for the hash ring. Defaults to 1024. Larger ring sizes result in more granular load distributions. If the number of hosts in the load balancing pool is larger than the ring size, each host will be assigned a single virtual node.",
|
|
"type": "integer"
|
|
},
|
|
"httpCookie": {
|
|
"$ref": "#/components/schemas/istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB.HTTPCookie"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"required": [
|
|
"useSourceIp"
|
|
],
|
|
"properties": {
|
|
"minimumRingSize": {
|
|
"description": "The minimum number of virtual nodes to use for the hash ring. Defaults to 1024. Larger ring sizes result in more granular load distributions. If the number of hosts in the load balancing pool is larger than the ring size, each host will be assigned a single virtual node.",
|
|
"type": "integer"
|
|
},
|
|
"useSourceIp": {
|
|
"description": "Hash based on the source IP address.",
|
|
"type": "boolean"
|
|
}
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB.HTTPCookie": {
|
|
"description": "Describes a HTTP cookie that will be used as the hash key for the Consistent Hash load balancer. If the cookie is not present, it will be generated.",
|
|
"type": "object",
|
|
"properties": {
|
|
"path": {
|
|
"description": "Path to set for the cookie.",
|
|
"type": "string",
|
|
"format": "string"
|
|
},
|
|
"name": {
|
|
"description": "Name of the cookie.",
|
|
"type": "string",
|
|
"format": "string"
|
|
},
|
|
"ttl": {
|
|
"description": "Lifetime of the cookie.",
|
|
"type": "string"
|
|
}
|
|
}
|
|
},
|
|
"istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings": {
|
|
"description": "Settings common to both HTTP and TCP upstream connections.",
|
|
"type": "object",
|
|
"properties": {
|
|
"maxConnections": {
|
|
"description": "Maximum number of HTTP1 /TCP connections to a destination host. Default 2^32-1.",
|
|
"type": "integer",
|
|
"format": "int32"
|
|
},
|
|
"connectTimeout": {
|
|
"description": "TCP connection timeout.",
|
|
"type": "string"
|
|
},
|
|
"tcpKeepalive": {
|
|
"$ref": "#/components/schemas/istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.TcpKeepalive"
|
|
}
|
|
}
|
|
},
|
|
"istio.networking.v1alpha3.ConnectionPoolSettings.HTTPSettings": {
|
|
"description": "Settings applicable to HTTP1.1/HTTP2/GRPC connections.",
|
|
"type": "object",
|
|
"properties": {
|
|
"http1MaxPendingRequests": {
|
|
"description": "Maximum number of pending HTTP requests to a destination. Default 2^32-1.",
|
|
"type": "integer",
|
|
"format": "int32"
|
|
},
|
|
"http2MaxRequests": {
|
|
"description": "Maximum number of requests to a backend. Default 2^32-1.",
|
|
"type": "integer",
|
|
"format": "int32"
|
|
},
|
|
"maxRequestsPerConnection": {
|
|
"description": "Maximum number of requests per connection to a backend. Setting this parameter to 1 disables keep alive. Default 0, meaning \"unlimited\", up to 2^29.",
|
|
"type": "integer",
|
|
"format": "int32"
|
|
},
|
|
"maxRetries": {
|
|
"description": "Maximum number of retries that can be outstanding to all hosts in a cluster at a given time. Defaults to 2^32-1.",
|
|
"type": "integer",
|
|
"format": "int32"
|
|
},
|
|
"idleTimeout": {
|
|
"description": "The idle timeout for upstream connection pool connections. The idle timeout is defined as the period in which there are no active requests. If not set, there is no idle timeout. When the idle timeout is reached the connection will be closed. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. Applies to both HTTP1.1 and HTTP2 connections.",
|
|
"type": "string"
|
|
},
|
|
"h2UpgradePolicy": {
|
|
"$ref": "#/components/schemas/istio.networking.v1alpha3.ConnectionPoolSettings.HTTPSettings.H2UpgradePolicy"
|
|
}
|
|
}
|
|
},
|
|
"istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.TcpKeepalive": {
|
|
"description": "TCP keepalive.",
|
|
"type": "object",
|
|
"properties": {
|
|
"time": {
|
|
"description": "The time duration a connection needs to be idle before keep-alive probes start being sent. Default is to use the OS level configuration (unless overridden, Linux defaults to 7200s (ie 2 hours.)",
|
|
"type": "string"
|
|
},
|
|
"probes": {
|
|
"description": "Maximum number of keepalive probes to send without response before deciding the connection is dead. Default is to use the OS level configuration (unless overridden, Linux defaults to 9.)",
|
|
"type": "integer"
|
|
},
|
|
"interval": {
|
|
"description": "The time duration between keep-alive probes. Default is to use the OS level configuration (unless overridden, Linux defaults to 75s.)",
|
|
"type": "string"
|
|
}
|
|
}
|
|
},
|
|
"istio.networking.v1alpha3.ConnectionPoolSettings.HTTPSettings.H2UpgradePolicy": {
|
|
"description": "Policy for upgrading http1.1 connections to http2.",
|
|
"type": "string",
|
|
"enum": [
|
|
"DEFAULT",
|
|
"DO_NOT_UPGRADE",
|
|
"UPGRADE"
|
|
]
|
|
},
|
|
"istio.networking.v1alpha3.TLSSettings.TLSmode": {
|
|
"description": "TLS connection mode",
|
|
"type": "string",
|
|
"enum": [
|
|
"DISABLE",
|
|
"SIMPLE",
|
|
"MUTUAL",
|
|
"ISTIO_MUTUAL"
|
|
]
|
|
}
|
|
}
|
|
}
|
|
} |