admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6d264572dc15f8a805d74371e33d30b4e164639e
kubesphere/vendor/istio.io/api/networking/v1beta1/sidecar.pb.go
hongming fe6c5de00f update dependencies 
Signed-off-by: hongming <talonwan@yunify.com>
2021-01-04 15:35:32 +08:00

2901 lines
80 KiB
Go
Raw Blame History

// Code generated by protoc-gen-gogo. DO NOT EDIT.
// source: networking/v1beta1/sidecar.proto
// `Sidecar` describes the configuration of the sidecar proxy that mediates
// inbound and outbound communication to the workload instance it is attached to. By
// default, Istio will program all sidecar proxies in the mesh with the
// necessary configuration required to reach every workload instance in the mesh, as
// well as accept traffic on all the ports associated with the
// workload. The `Sidecar` configuration provides a way to fine tune the set of
// ports, protocols that the proxy will accept when forwarding traffic to
// and from the workload. In addition, it is possible to restrict the set
// of services that the proxy can reach when forwarding outbound traffic
// from workload instances.
//
// Services and configuration in a mesh are organized into one or more
// namespaces (e.g., a Kubernetes namespace or a CF org/space). A `Sidecar`
// configuration in a namespace will apply to one or more workload instances in the same
// namespace, selected using the `workloadSelector` field. In the absence of a
// `workloadSelector`, it will apply to all workload instances in the same
// namespace. When determining the `Sidecar` configuration to be applied to a
// workload instance, preference will be given to the resource with a
// `workloadSelector` that selects this workload instance, over a `Sidecar` configuration
// without any `workloadSelector`.
//
// **NOTE 1**: *_Each namespace can have only one `Sidecar`
// configuration without any `workloadSelector`_ that specifies the
// default for all pods in that namespace*. It is recommended to use
// the name `default` for the namespace-wide sidecar. The behavior of
// the system is undefined if more than one selector-less `Sidecar`
// configurations exist in a given namespace. The behavior of the
// system is undefined if two or more `Sidecar` configurations with a
// `workloadSelector` select the same workload instance.
//
// **NOTE 2**: *_A `Sidecar` configuration in the `MeshConfig`
// [root namespace](https://istio.io/docs/reference/config/istio.mesh.v1alpha1/#MeshConfig)
// will be applied by default to all namespaces without a `Sidecar`
// configuration_*. This global default `Sidecar` configuration should not have
// any `workloadSelector`.
//
// The example below declares a global default `Sidecar` configuration
// in the root namespace called `istio-config`, that configures
// sidecars in all namespaces to allow egress traffic only to other
// workloads in the same namespace as well as to services in the
// `istio-system` namespace.
//
// {{<tabset category-name="example">}}
// {{<tab name="v1alpha3" category-value="v1alpha3">}}
// ```yaml
// apiVersion: networking.istio.io/v1alpha3
// kind: Sidecar
// metadata:
// name: default
// namespace: istio-config
// spec:
// egress:
// - hosts:
// - "./*"
// - "istio-system/*"
// ```
// {{</tab>}}
//
// {{<tab name="v1beta1" category-value="v1beta1">}}
// ```yaml
// apiVersion: networking.istio.io/v1beta1
// kind: Sidecar
// metadata:
// name: default
// namespace: istio-config
// spec:
// egress:
// - hosts:
// - "./*"
// - "istio-system/*"
// ```
// {{</tab>}}
// {{</tabset>}}
//
// The example below declares a `Sidecar` configuration in the
// `prod-us1` namespace that overrides the global default defined
// above, and configures the sidecars in the namespace to allow egress
// traffic to public services in the `prod-us1`, `prod-apis`, and the
// `istio-system` namespaces.
//
// {{<tabset category-name="example">}}
// {{<tab name="v1alpha3" category-value="v1alpha3">}}
// ```yaml
// apiVersion: networking.istio.io/v1alpha3
// kind: Sidecar
// metadata:
// name: default
// namespace: prod-us1
// spec:
// egress:
// - hosts:
// - "prod-us1/*"
// - "prod-apis/*"
// - "istio-system/*"
// ```
// {{</tab>}}
//
// {{<tab name="v1beta1" category-value="v1beta1">}}
// ```yaml
// apiVersion: networking.istio.io/v1beta1
// kind: Sidecar
// metadata:
// name: default
// namespace: prod-us1
// spec:
// egress:
// - hosts:
// - "prod-us1/*"
// - "prod-apis/*"
// - "istio-system/*"
// ```
// {{</tab>}}
// {{</tabset>}}
//
// The following example declares a `Sidecar` configuration in the
// `prod-us1` namespace for all pods with labels `app: ratings`
// belonging to the `ratings.prod-us1` service. The workload accepts
// inbound HTTP traffic on port 9080. The traffic is then forwarded to
// the attached workload instance listening on a Unix domain
// socket. In the egress direction, in addition to the `istio-system`
// namespace, the sidecar proxies only HTTP traffic bound for port
// 9080 for services in the `prod-us1` namespace.
//
// {{<tabset category-name="example">}}
// {{<tab name="v1alpha3" category-value="v1alpha3">}}
// ```yaml
// apiVersion: networking.istio.io/v1alpha3
// kind: Sidecar
// metadata:
// name: ratings
// namespace: prod-us1
// spec:
// workloadSelector:
// labels:
// app: ratings
// ingress:
// - port:
// number: 9080
// protocol: HTTP
// name: somename
// defaultEndpoint: unix:///var/run/someuds.sock
// egress:
// - port:
// number: 9080
// protocol: HTTP
// name: egresshttp
// hosts:
// - "prod-us1/*"
// - hosts:
// - "istio-system/*"
// ```
// {{</tab>}}
//
// {{<tab name="v1beta1" category-value="v1beta1">}}
// ```yaml
// apiVersion: networking.istio.io/v1beta1
// kind: Sidecar
// metadata:
// name: ratings
// namespace: prod-us1
// spec:
// workloadSelector:
// labels:
// app: ratings
// ingress:
// - port:
// number: 9080
// protocol: HTTP
// name: somename
// defaultEndpoint: unix:///var/run/someuds.sock
// egress:
// - port:
// number: 9080
// protocol: HTTP
// name: egresshttp
// hosts:
// - "prod-us1/*"
// - hosts:
// - "istio-system/*"
// ```
// {{</tab>}}
// {{</tabset>}}
//
// If the workload is deployed without IPTables-based traffic capture,
// the `Sidecar` configuration is the only way to configure the ports
// on the proxy attached to the workload instance. The following
// example declares a `Sidecar` configuration in the `prod-us1`
// namespace for all pods with labels `app: productpage` belonging to
// the `productpage.prod-us1` service. Assuming that these pods are
// deployed without IPtable rules (i.e. the `istio-init` container)
// and the proxy metadata `ISTIO_META_INTERCEPTION_MODE` is set to
// `NONE`, the specification, below, allows such pods to receive HTTP
// traffic on port 9080 (wrapped inside Istio mutual TLS) and forward
// it to the application listening on `127.0.0.1:8080`. It also allows
// the application to communicate with a backing MySQL database on
// `127.0.0.1:3306`, that then gets proxied to the externally hosted
// MySQL service at `mysql.foo.com:3306`.
//
// {{<tabset category-name="example">}}
// {{<tab name="v1alpha3" category-value="v1alpha3">}}
// ```yaml
// apiVersion: networking.istio.io/v1alpha3
// kind: Sidecar
// metadata:
// name: no-ip-tables
// namespace: prod-us1
// spec:
// workloadSelector:
// labels:
// app: productpage
// ingress:
// - port:
// number: 9080 # binds to proxy_instance_ip:9080 (0.0.0.0:9080, if no unicast IP is available for the instance)
// protocol: HTTP
// name: somename
// defaultEndpoint: 127.0.0.1:8080
// captureMode: NONE # not needed if metadata is set for entire proxy
// egress:
// - port:
// number: 3306
// protocol: MYSQL
// name: egressmysql
// captureMode: NONE # not needed if metadata is set for entire proxy
// bind: 127.0.0.1
// hosts:
// - "*/mysql.foo.com"
// ```
// {{</tab>}}
//
// {{<tab name="v1beta1" category-value="v1beta1">}}
// ```yaml
// apiVersion: networking.istio.io/v1beta1
// kind: Sidecar
// metadata:
// name: no-ip-tables
// namespace: prod-us1
// spec:
// workloadSelector:
// labels:
// app: productpage
// ingress:
// - port:
// number: 9080 # binds to proxy_instance_ip:9080 (0.0.0.0:9080, if no unicast IP is available for the instance)
// protocol: HTTP
// name: somename
// defaultEndpoint: 127.0.0.1:8080
// captureMode: NONE # not needed if metadata is set for entire proxy
// egress:
// - port:
// number: 3306
// protocol: MYSQL
// name: egressmysql
// captureMode: NONE # not needed if metadata is set for entire proxy
// bind: 127.0.0.1
// hosts:
// - "*/mysql.foo.com"
// ```
// {{</tab>}}
// {{</tabset>}}
//
// And the associated service entry for routing to `mysql.foo.com:3306`
//
// {{<tabset category-name="example">}}
// {{<tab name="v1alpha3" category-value="v1alpha3">}}
// ```yaml
// apiVersion: networking.istio.io/v1alpha3
// kind: ServiceEntry
// metadata:
// name: external-svc-mysql
// namespace: ns1
// spec:
// hosts:
// - mysql.foo.com
// ports:
// - number: 3306
// name: mysql
// protocol: MYSQL
// location: MESH_EXTERNAL
// resolution: DNS
// ```
// {{</tab>}}
//
// {{<tab name="v1beta1" category-value="v1beta1">}}
// ```yaml
// apiVersion: networking.istio.io/v1beta1
// kind: ServiceEntry
// metadata:
// name: external-svc-mysql
// namespace: ns1
// spec:
// hosts:
// - mysql.foo.com
// ports:
// - number: 3306
// name: mysql
// protocol: MYSQL
// location: MESH_EXTERNAL
// resolution: DNS
// ```
// {{</tab>}}
// {{</tabset>}}
//
// It is also possible to mix and match traffic capture modes in a single
// proxy. For example, consider a setup where internal services are on the
// `192.168.0.0/16` subnet. So, IP tables are setup on the VM to capture all
// outbound traffic on `192.168.0.0/16` subnet. Assume that the VM has an
// additional network interface on `172.16.0.0/16` subnet for inbound
// traffic. The following `Sidecar` configuration allows the VM to expose a
// listener on `172.16.1.32:80` (the VM's IP) for traffic arriving from the
// `172.16.0.0/16` subnet.
//
// **NOTE**: The `ISTIO_META_INTERCEPTION_MODE` metadata on the
// proxy in the VM should contain `REDIRECT` or `TPROXY` as its value,
// implying that IP tables based traffic capture is active.
//
// {{<tabset category-name="example">}}
// {{<tab name="v1alpha3" category-value="v1alpha3">}}
// ```yaml
// apiVersion: networking.istio.io/v1alpha3
// kind: Sidecar
// metadata:
// name: partial-ip-tables
// namespace: prod-us1
// spec:
// workloadSelector:
// labels:
// app: productpage
// ingress:
// - bind: 172.16.1.32
// port:
// number: 80 # binds to 172.16.1.32:80
// protocol: HTTP
// name: somename
// defaultEndpoint: 127.0.0.1:8080
// captureMode: NONE
// egress:
// # use the system detected defaults
// # sets up configuration to handle outbound traffic to services
// # in 192.168.0.0/16 subnet, based on information provided by the
// # service registry
// - captureMode: IPTABLES
// hosts:
// - "*/*"
// ```
// {{</tab>}}
//
// {{<tab name="v1beta1" category-value="v1beta1">}}
// ```yaml
// apiVersion: networking.istio.io/v1beta1
// kind: Sidecar
// metadata:
// name: partial-ip-tables
// namespace: prod-us1
// spec:
// workloadSelector:
// labels:
// app: productpage
// ingress:
// - bind: 172.16.1.32
// port:
// number: 80 # binds to 172.16.1.32:80
// protocol: HTTP
// name: somename
// defaultEndpoint: 127.0.0.1:8080
// captureMode: NONE
// egress:
// # use the system detected defaults
// # sets up configuration to handle outbound traffic to services
// # in 192.168.0.0/16 subnet, based on information provided by the
// # service registry
// - captureMode: IPTABLES
// hosts:
// - "*/*"
// ```
// {{</tab>}}
// {{</tabset>}}
//
package v1beta1
import (
fmt "fmt"
proto "github.com/gogo/protobuf/proto"
io "io"
_ "istio.io/gogo-genproto/googleapis/google/api"
math "math"
math_bits "math/bits"
)
// Reference imports to suppress errors if they are not otherwise used.
var _ = proto.Marshal
var _ = fmt.Errorf
var _ = math.Inf
// This is a compile-time assertion to ensure that this generated file
// is compatible with the proto package it is being compiled against.
// A compilation error at this line likely means your copy of the
// proto package needs to be updated.
const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
// `CaptureMode` describes how traffic to a listener is expected to be
// captured. Applicable only when the listener is bound to an IP.
type CaptureMode int32
const (
// The default capture mode defined by the environment.
CaptureMode_DEFAULT CaptureMode = 0
// Capture traffic using IPtables redirection.
CaptureMode_IPTABLES CaptureMode = 1
// No traffic capture. When used in an egress listener, the application is
// expected to explicitly communicate with the listener port or Unix
// domain socket. When used in an ingress listener, care needs to be taken
// to ensure that the listener port is not in use by other processes on
// the host.
CaptureMode_NONE CaptureMode = 2
)
var CaptureMode_name = map[int32]string{
0: "DEFAULT",
1: "IPTABLES",
2: "NONE",
}
var CaptureMode_value = map[string]int32{
"DEFAULT": 0,
"IPTABLES": 1,
"NONE": 2,
}
func (x CaptureMode) String() string {
return proto.EnumName(CaptureMode_name, int32(x))
}
func (CaptureMode) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_e7023408fb338e10, []int{0}
}
type OutboundTrafficPolicy_Mode int32
const (
// Outbound traffic will be restricted to services defined in the
// service registry as well as those defined through `ServiceEntry` configurations.
OutboundTrafficPolicy_REGISTRY_ONLY OutboundTrafficPolicy_Mode = 0
// Outbound traffic to unknown destinations will be allowed, in case
// there are no services or `ServiceEntry` configurations for the destination port.
OutboundTrafficPolicy_ALLOW_ANY OutboundTrafficPolicy_Mode = 1
)
var OutboundTrafficPolicy_Mode_name = map[int32]string{
0: "REGISTRY_ONLY",
1: "ALLOW_ANY",
}
var OutboundTrafficPolicy_Mode_value = map[string]int32{
"REGISTRY_ONLY": 0,
"ALLOW_ANY": 1,
}
func (x OutboundTrafficPolicy_Mode) String() string {
return proto.EnumName(OutboundTrafficPolicy_Mode_name, int32(x))
}
func (OutboundTrafficPolicy_Mode) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_e7023408fb338e10, []int{4, 0}
}
// `Sidecar` describes the configuration of the sidecar proxy that mediates
// inbound and outbound communication of the workload instance to which it is
// attached.
//
// <!-- crd generation tags
// +cue-gen:Sidecar:groupName:networking.istio.io
// +cue-gen:Sidecar:version:v1beta1
// +cue-gen:Sidecar:annotations:helm.sh/resource-policy=keep
// +cue-gen:Sidecar:labels:app=istio-pilot,chart=istio,heritage=Tiller,release=istio
// +cue-gen:Sidecar:subresource:status
// +cue-gen:Sidecar:scope:Namespaced
// +cue-gen:Sidecar:resource:categories=istio-io,networking-istio-io
// +cue-gen:Sidecar:preserveUnknownFields:false
// -->
//
// <!-- go code generation tags
// +kubetype-gen
// +kubetype-gen:groupVersion=networking.istio.io/v1beta1
// +genclient
// +k8s:deepcopy-gen=true
// -->
type Sidecar struct {
// Criteria used to select the specific set of pods/VMs on which this
// `Sidecar` configuration should be applied. If omitted, the `Sidecar`
// configuration will be applied to all workload instances in the same namespace.
WorkloadSelector *WorkloadSelector `protobuf:"bytes,1,opt,name=workload_selector,json=workloadSelector,proto3" json:"workload_selector,omitempty"`
// Ingress specifies the configuration of the sidecar for processing
// inbound traffic to the attached workload instance. If omitted, Istio will
// automatically configure the sidecar based on the information about the workload
// obtained from the orchestration platform (e.g., exposed ports, services,
// etc.). If specified, inbound ports are configured if and only if the
// workload instance is associated with a service.
Ingress []*IstioIngressListener `protobuf:"bytes,2,rep,name=ingress,proto3" json:"ingress,omitempty"`
// Egress specifies the configuration of the sidecar for processing
// outbound traffic from the attached workload instance to other
// services in the mesh. If not specified, inherits the system
// detected defaults from the namespace-wide or the global default Sidecar.
Egress []*IstioEgressListener `protobuf:"bytes,3,rep,name=egress,proto3" json:"egress,omitempty"`
// Configuration for the outbound traffic policy. If your
// application uses one or more external services that are not known
// apriori, setting the policy to `ALLOW_ANY` will cause the
// sidecars to route any unknown traffic originating from the
// application to its requested destination. If not specified,
// inherits the system detected defaults from the namespace-wide or
// the global default Sidecar.
OutboundTrafficPolicy *OutboundTrafficPolicy `protobuf:"bytes,4,opt,name=outbound_traffic_policy,json=outboundTrafficPolicy,proto3" json:"outbound_traffic_policy,omitempty"`
// $hide_from_docs
// `Localhost` describes the sidecar settings related to the
// communication between the sidecar and the workload it is attached to
// in a Kubernetes Pod or a VM. These settings apply to all ingress
// and egress listeners in a sidecar unless overridden. There are no
// built in defaults for this setting. If not specified, the
// features will be disabled.
Localhost *Localhost `protobuf:"bytes,6,opt,name=localhost,proto3" json:"localhost,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *Sidecar) Reset() { *m = Sidecar{} }
func (m *Sidecar) String() string { return proto.CompactTextString(m) }
func (*Sidecar) ProtoMessage() {}
func (*Sidecar) Descriptor() ([]byte, []int) {
return fileDescriptor_e7023408fb338e10, []int{0}
}
func (m *Sidecar) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *Sidecar) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_Sidecar.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *Sidecar) XXX_Merge(src proto.Message) {
xxx_messageInfo_Sidecar.Merge(m, src)
}
func (m *Sidecar) XXX_Size() int {
return m.Size()
}
func (m *Sidecar) XXX_DiscardUnknown() {
xxx_messageInfo_Sidecar.DiscardUnknown(m)
}
var xxx_messageInfo_Sidecar proto.InternalMessageInfo
func (m *Sidecar) GetWorkloadSelector() *WorkloadSelector {
if m != nil {
return m.WorkloadSelector
}
return nil
}
func (m *Sidecar) GetIngress() []*IstioIngressListener {
if m != nil {
return m.Ingress
}
return nil
}
func (m *Sidecar) GetEgress() []*IstioEgressListener {
if m != nil {
return m.Egress
}
return nil
}
func (m *Sidecar) GetOutboundTrafficPolicy() *OutboundTrafficPolicy {
if m != nil {
return m.OutboundTrafficPolicy
}
return nil
}
func (m *Sidecar) GetLocalhost() *Localhost {
if m != nil {
return m.Localhost
}
return nil
}
// `IstioIngressListener` specifies the properties of an inbound
// traffic listener on the sidecar proxy attached to a workload instance.
type IstioIngressListener struct {
// The port associated with the listener.
Port *Port `protobuf:"bytes,1,opt,name=port,proto3" json:"port,omitempty"`
// The IP to which the listener should be bound. Must be in the
// format `x.x.x.x`. Unix domain socket addresses are not allowed in
// the bind field for ingress listeners. If omitted, Istio will
// automatically configure the defaults based on imported services
// and the workload instances to which this configuration is applied
// to.
Bind string `protobuf:"bytes,2,opt,name=bind,proto3" json:"bind,omitempty"`
// The captureMode option dictates how traffic to the listener is
// expected to be captured (or not).
CaptureMode CaptureMode `protobuf:"varint,3,opt,name=capture_mode,json=captureMode,proto3,enum=istio.networking.v1beta1.CaptureMode" json:"capture_mode,omitempty"`
// The loopback IP endpoint or Unix domain socket to which
// traffic should be forwarded to. This configuration can be used to
// redirect traffic arriving at the bind `IP:Port` on the sidecar to a `localhost:port`
// or Unix domain socket where the application workload instance is listening for
// connections. Format should be `127.0.0.1:PORT` or `unix:///path/to/socket`
DefaultEndpoint string `protobuf:"bytes,4,opt,name=default_endpoint,json=defaultEndpoint,proto3" json:"default_endpoint,omitempty"`
// $hide_from_docs
// TLS settings to be used by the sidecar (client) when forwarding
// traffic from the sidecar to the workload (server) on the
// localhost. Overrides the `localhost` level `clientTls` settings.
//
// **NOTE**: DISABLE, SIMPLE and MUTUAL are the only valid TLS modes.
LocalhostClientTls *ClientTLSSettings `protobuf:"bytes,6,opt,name=localhost_client_tls,json=localhostClientTls,proto3" json:"localhost_client_tls,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *IstioIngressListener) Reset() { *m = IstioIngressListener{} }
func (m *IstioIngressListener) String() string { return proto.CompactTextString(m) }
func (*IstioIngressListener) ProtoMessage() {}
func (*IstioIngressListener) Descriptor() ([]byte, []int) {
return fileDescriptor_e7023408fb338e10, []int{1}
}
func (m *IstioIngressListener) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *IstioIngressListener) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_IstioIngressListener.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *IstioIngressListener) XXX_Merge(src proto.Message) {
xxx_messageInfo_IstioIngressListener.Merge(m, src)
}
func (m *IstioIngressListener) XXX_Size() int {
return m.Size()
}
func (m *IstioIngressListener) XXX_DiscardUnknown() {
xxx_messageInfo_IstioIngressListener.DiscardUnknown(m)
}
var xxx_messageInfo_IstioIngressListener proto.InternalMessageInfo
func (m *IstioIngressListener) GetPort() *Port {
if m != nil {
return m.Port
}
return nil
}
func (m *IstioIngressListener) GetBind() string {
if m != nil {
return m.Bind
}
return ""
}
func (m *IstioIngressListener) GetCaptureMode() CaptureMode {
if m != nil {
return m.CaptureMode
}
return CaptureMode_DEFAULT
}
func (m *IstioIngressListener) GetDefaultEndpoint() string {
if m != nil {
return m.DefaultEndpoint
}
return ""
}
func (m *IstioIngressListener) GetLocalhostClientTls() *ClientTLSSettings {
if m != nil {
return m.LocalhostClientTls
}
return nil
}
// `IstioEgressListener` specifies the properties of an outbound traffic
// listener on the sidecar proxy attached to a workload instance.
type IstioEgressListener struct {
// The port associated with the listener. If using Unix domain socket,
// use 0 as the port number, with a valid protocol. The port if
// specified, will be used as the default destination port associated
// with the imported hosts. If the port is omitted, Istio will infer the
// listener ports based on the imported hosts. Note that when multiple
// egress listeners are specified, where one or more listeners have
// specific ports while others have no port, the hosts exposed on a
// listener port will be based on the listener with the most specific
// port.
Port *Port `protobuf:"bytes,1,opt,name=port,proto3" json:"port,omitempty"`
// The IP or the Unix domain socket to which the listener should be bound
// to. Port MUST be specified if bind is not empty. Format: `x.x.x.x` or
// `unix:///path/to/uds` or `unix://@foobar` (Linux abstract namespace). If
// omitted, Istio will automatically configure the defaults based on imported
// services, the workload instances to which this configuration is applied to and
// the captureMode. If captureMode is `NONE`, bind will default to
// 127.0.0.1.
Bind string `protobuf:"bytes,2,opt,name=bind,proto3" json:"bind,omitempty"`
// When the bind address is an IP, the captureMode option dictates
// how traffic to the listener is expected to be captured (or not).
// captureMode must be DEFAULT or `NONE` for Unix domain socket binds.
CaptureMode CaptureMode `protobuf:"varint,3,opt,name=capture_mode,json=captureMode,proto3,enum=istio.networking.v1beta1.CaptureMode" json:"capture_mode,omitempty"`
// One or more service hosts exposed by the listener
// in `namespace/dnsName` format. Services in the specified namespace
// matching `dnsName` will be exposed.
// The corresponding service can be a service in the service registry
// (e.g., a Kubernetes or cloud foundry service) or a service specified
// using a `ServiceEntry` or `VirtualService` configuration. Any
// associated `DestinationRule` in the same namespace will also be used.
//
// The `dnsName` should be specified using FQDN format, optionally including
// a wildcard character in the left-most component (e.g., `prod/*.example.com`).
// Set the `dnsName` to `*` to select all services from the specified namespace
// (e.g., `prod/*`).
//
// The `namespace` can be set to `*`, `.`, or `~`, representing any, the current,
// or no namespace, respectively. For example, `*/foo.example.com` selects the
// service from any available namespace while `./foo.example.com` only selects
// the service from the namespace of the sidecar. If a host is set to `*/*`,
// Istio will configure the sidecar to be able to reach every service in the
// mesh that is exported to the sidecar's namespace. The value `~/*` can be used
// to completely trim the configuration for sidecars that simply receive traffic
// and respond, but make no outbound connections of their own.
//
// NOTE: Only services and configuration artifacts exported to the sidecar's
// namespace (e.g., `exportTo` value of `*`) can be referenced.
// Private configurations (e.g., `exportTo` set to `.`) will
// not be available. Refer to the `exportTo` setting in `VirtualService`,
// `DestinationRule`, and `ServiceEntry` configurations for details.
//
// **WARNING:** The list of egress hosts in a `Sidecar` must also include
// the Mixer control plane services if they are enabled. Envoy will not
// be able to reach them otherwise. For example, add host
// `istio-system/istio-telemetry.istio-system.svc.cluster.local` if telemetry
// is enabled, `istio-system/istio-policy.istio-system.svc.cluster.local` if
// policy is enabled, or add `istio-system/*` to allow all services in the
// `istio-system` namespace. This requirement is temporary and will be removed
// in a future Istio release.
Hosts []string `protobuf:"bytes,4,rep,name=hosts,proto3" json:"hosts,omitempty"`
// $hide_from_docs
// TLS settings to be used by the sidecar (server) when receiving
// traffic from the workload (client) on the
// localhost. Overrides the `localhost` level `serverTls` settings.
//
// **NOTE**: SIMPLE and MUTUAL are the only valid TLS
// modes. `httpsRedirect` and `credentialName` (for fetching
// certificates from Kubernetes secrets) are not valid. All
// certificates must be mounted as files inside the sidecar
// container.
LocalhostServerTls *ServerTLSSettings `protobuf:"bytes,5,opt,name=localhost_server_tls,json=localhostServerTls,proto3" json:"localhost_server_tls,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *IstioEgressListener) Reset() { *m = IstioEgressListener{} }
func (m *IstioEgressListener) String() string { return proto.CompactTextString(m) }
func (*IstioEgressListener) ProtoMessage() {}
func (*IstioEgressListener) Descriptor() ([]byte, []int) {
return fileDescriptor_e7023408fb338e10, []int{2}
}
func (m *IstioEgressListener) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *IstioEgressListener) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_IstioEgressListener.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *IstioEgressListener) XXX_Merge(src proto.Message) {
xxx_messageInfo_IstioEgressListener.Merge(m, src)
}
func (m *IstioEgressListener) XXX_Size() int {
return m.Size()
}
func (m *IstioEgressListener) XXX_DiscardUnknown() {
xxx_messageInfo_IstioEgressListener.DiscardUnknown(m)
}
var xxx_messageInfo_IstioEgressListener proto.InternalMessageInfo
func (m *IstioEgressListener) GetPort() *Port {
if m != nil {
return m.Port
}
return nil
}
func (m *IstioEgressListener) GetBind() string {
if m != nil {
return m.Bind
}
return ""
}
func (m *IstioEgressListener) GetCaptureMode() CaptureMode {
if m != nil {
return m.CaptureMode
}
return CaptureMode_DEFAULT
}
func (m *IstioEgressListener) GetHosts() []string {
if m != nil {
return m.Hosts
}
return nil
}
func (m *IstioEgressListener) GetLocalhostServerTls() *ServerTLSSettings {
if m != nil {
return m.LocalhostServerTls
}
return nil
}
// `WorkloadSelector` specifies the criteria used to determine if the `Gateway`,
// `Sidecar`, or `EnvoyFilter` configuration can be applied to a proxy. The matching criteria
// includes the metadata associated with a proxy, workload instance info such as
// labels attached to the pod/VM, or any other info that the proxy provides
// to Istio during the initial handshake. If multiple conditions are
// specified, all conditions need to match in order for the workload instance to be
// selected. Currently, only label based selection mechanism is supported.
type WorkloadSelector struct {
// One or more labels that indicate a specific set of pods/VMs
// on which this `Sidecar` configuration should be applied. The scope of
// label search is restricted to the configuration namespace in which the
// the resource is present.
Labels map[string]string `protobuf:"bytes,1,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *WorkloadSelector) Reset() { *m = WorkloadSelector{} }
func (m *WorkloadSelector) String() string { return proto.CompactTextString(m) }
func (*WorkloadSelector) ProtoMessage() {}
func (*WorkloadSelector) Descriptor() ([]byte, []int) {
return fileDescriptor_e7023408fb338e10, []int{3}
}
func (m *WorkloadSelector) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *WorkloadSelector) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_WorkloadSelector.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *WorkloadSelector) XXX_Merge(src proto.Message) {
xxx_messageInfo_WorkloadSelector.Merge(m, src)
}
func (m *WorkloadSelector) XXX_Size() int {
return m.Size()
}
func (m *WorkloadSelector) XXX_DiscardUnknown() {
xxx_messageInfo_WorkloadSelector.DiscardUnknown(m)
}
var xxx_messageInfo_WorkloadSelector proto.InternalMessageInfo
func (m *WorkloadSelector) GetLabels() map[string]string {
if m != nil {
return m.Labels
}
return nil
}
// `OutboundTrafficPolicy` sets the default behavior of the sidecar for
// handling outbound traffic from the application.
// If your application uses one or more external
// services that are not known apriori, setting the policy to `ALLOW_ANY`
// will cause the sidecars to route any unknown traffic originating from
// the application to its requested destination. Users are strongly
// encouraged to use `ServiceEntry` configurations to explicitly declare any external
// dependencies, instead of using `ALLOW_ANY`, so that traffic to these
// services can be monitored.
type OutboundTrafficPolicy struct {
Mode OutboundTrafficPolicy_Mode `protobuf:"varint,1,opt,name=mode,proto3,enum=istio.networking.v1beta1.OutboundTrafficPolicy_Mode" json:"mode,omitempty"`
// Specifies the details of the egress proxy to which unknown
// traffic should be forwarded to from the sidecar. Valid only if
// the mode is set to ALLOW_ANY. If not specified when the mode is
// ALLOW_ANY, the sidecar will send the unknown traffic directly to
// the IP requested by the application.
//
// ** NOTE 1**: The specified egress host must be imported in the
// egress section for the traffic forwarding to work.
//
// ** NOTE 2**: An Envoy based egress gateway is unlikely to be able
// to handle plain text TCP connections forwarded from the sidecar.
// Envoy's dynamic forward proxy can handle only HTTP and TLS
// connections.
// $hide_from_docs
EgressProxy *Destination `protobuf:"bytes,2,opt,name=egress_proxy,json=egressProxy,proto3" json:"egress_proxy,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *OutboundTrafficPolicy) Reset() { *m = OutboundTrafficPolicy{} }
func (m *OutboundTrafficPolicy) String() string { return proto.CompactTextString(m) }
func (*OutboundTrafficPolicy) ProtoMessage() {}
func (*OutboundTrafficPolicy) Descriptor() ([]byte, []int) {
return fileDescriptor_e7023408fb338e10, []int{4}
}
func (m *OutboundTrafficPolicy) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *OutboundTrafficPolicy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_OutboundTrafficPolicy.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *OutboundTrafficPolicy) XXX_Merge(src proto.Message) {
xxx_messageInfo_OutboundTrafficPolicy.Merge(m, src)
}
func (m *OutboundTrafficPolicy) XXX_Size() int {
return m.Size()
}
func (m *OutboundTrafficPolicy) XXX_DiscardUnknown() {
xxx_messageInfo_OutboundTrafficPolicy.DiscardUnknown(m)
}
var xxx_messageInfo_OutboundTrafficPolicy proto.InternalMessageInfo
func (m *OutboundTrafficPolicy) GetMode() OutboundTrafficPolicy_Mode {
if m != nil {
return m.Mode
}
return OutboundTrafficPolicy_REGISTRY_ONLY
}
func (m *OutboundTrafficPolicy) GetEgressProxy() *Destination {
if m != nil {
return m.EgressProxy
}
return nil
}
// $hide_from_docs
// `Localhost` describes the sidecar settings related to the
// communication between the sidecar and the workload it is attached
// to in a Kubernetes Pod or a VM. These settings apply by default to all
// ingress and egress listeners in a sidecar unless overridden.
//
// The following example configures the sidecars on pods of the
// reviews service to use TLS for traffic to/from the sidecar to the
// workload in the same pod, assuming the appropriate
// certificates are mounted in the sidecar.
//
// {{<tabset category-name="example">}}
// {{<tab name="v1alpha3" category-value="v1alpha3">}}
// ```yaml
// apiVersion: networking.istio.io/v1alpha3
// kind: Sidecar
// metadata:
// name: reviews-localhost-tls
// namespace: prod-us1
// spec:
// workloadSelector:
// labels:
// app: reviews
// localhost:
// clientTls:
// mode: SIMPLE
// caCertificates: /etc/legacy/ca.pem
// serverTls:
// mode: SIMPLE
// serverCertificate: /etc/legacy/server.pem
// privateKey: /etc/legacy/private.pem
// egress:
// - hosts:
// - "./"
// ```
// {{</tab>}}
//
// {{<tab name="v1beta1" category-value="v1beta1">}}
// ```yaml
// apiVersion: networking.istio.io/v1beta1
// kind: Sidecar
// metadata:
// name: reviews-localhost-tls
// namespace: prod-us1
// spec:
// workloadSelector:
// labels:
// app: reviews
// localhost:
// clientTls:
// mode: SIMPLE
// caCertificates: /etc/legacy/ca.pem
// serverTls:
// mode: SIMPLE
// serverCertificate: /etc/legacy/server.pem
// privateKey: /etc/legacy/private.pem
// egress:
// - hosts:
// - "./"
// ```
// {{</tab>}}
// {{</tabset>}}
//
type Localhost struct {
// TLS settings to be used by the sidecar (client) when forwarding
// traffic from the sidecar to the workload it is attached to
// (server) on the localhost.
//
// **NOTE**: DISABLE, SIMPLE and MUTUAL are the only valid TLS modes.
ClientTls *ClientTLSSettings `protobuf:"bytes,1,opt,name=client_tls,json=clientTls,proto3" json:"client_tls,omitempty"`
// TLS settings to be used by the sidecar (server) when receiving
// traffic from the workload (client) on the localhost.
//
// **NOTE**: SIMPLE and MUTUAL are the only valid TLS
// modes. `httpsRedirect` and `credentialName` (for fetching
// certificates from Kubernetes secrets) are not valid. All
// certificates must be mounted as files inside the sidecar
// container.
ServerTls *ServerTLSSettings `protobuf:"bytes,2,opt,name=server_tls,json=serverTls,proto3" json:"server_tls,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *Localhost) Reset() { *m = Localhost{} }
func (m *Localhost) String() string { return proto.CompactTextString(m) }
func (*Localhost) ProtoMessage() {}
func (*Localhost) Descriptor() ([]byte, []int) {
return fileDescriptor_e7023408fb338e10, []int{5}
}
func (m *Localhost) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *Localhost) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_Localhost.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *Localhost) XXX_Merge(src proto.Message) {
xxx_messageInfo_Localhost.Merge(m, src)
}
func (m *Localhost) XXX_Size() int {
return m.Size()
}
func (m *Localhost) XXX_DiscardUnknown() {
xxx_messageInfo_Localhost.DiscardUnknown(m)
}
var xxx_messageInfo_Localhost proto.InternalMessageInfo
func (m *Localhost) GetClientTls() *ClientTLSSettings {
if m != nil {
return m.ClientTls
}
return nil
}
func (m *Localhost) GetServerTls() *ServerTLSSettings {
if m != nil {
return m.ServerTls
}
return nil
}
func init() {
proto.RegisterEnum("istio.networking.v1beta1.CaptureMode", CaptureMode_name, CaptureMode_value)
proto.RegisterEnum("istio.networking.v1beta1.OutboundTrafficPolicy_Mode", OutboundTrafficPolicy_Mode_name, OutboundTrafficPolicy_Mode_value)
proto.RegisterType((*Sidecar)(nil), "istio.networking.v1beta1.Sidecar")
proto.RegisterType((*IstioIngressListener)(nil), "istio.networking.v1beta1.IstioIngressListener")
proto.RegisterType((*IstioEgressListener)(nil), "istio.networking.v1beta1.IstioEgressListener")
proto.RegisterType((*WorkloadSelector)(nil), "istio.networking.v1beta1.WorkloadSelector")
proto.RegisterMapType((map[string]string)(nil), "istio.networking.v1beta1.WorkloadSelector.LabelsEntry")
proto.RegisterType((*OutboundTrafficPolicy)(nil), "istio.networking.v1beta1.OutboundTrafficPolicy")
proto.RegisterType((*Localhost)(nil), "istio.networking.v1beta1.Localhost")
}
func init() { proto.RegisterFile("networking/v1beta1/sidecar.proto", fileDescriptor_e7023408fb338e10) }
var fileDescriptor_e7023408fb338e10 = []byte{
// 765 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x55, 0xdd, 0x8e, 0xdb, 0x44,
0x14, 0xee, 0x38, 0xd9, 0xdd, 0xfa, 0xb8, 0x05, 0x77, 0xd8, 0x0a, 0xb3, 0x17, 0xdb, 0x28, 0x08,
0x29, 0x14, 0xd5, 0x51, 0x03, 0xe2, 0xef, 0x2e, 0x4b, 0x0d, 0xbb, 0xc8, 0x6c, 0x22, 0x3b, 0x68,
0xb5, 0x48, 0xc8, 0x72, 0xec, 0x49, 0x3a, 0xea, 0xe0, 0x89, 0x66, 0x26, 0x59, 0xf2, 0x34, 0x08,
0x78, 0x0d, 0x1e, 0x80, 0x4b, 0x6e, 0xb8, 0xaf, 0xf6, 0x49, 0x90, 0xc7, 0x93, 0x4d, 0x5a, 0x9c,
0x2e, 0xb9, 0xe1, 0xce, 0x33, 0xe7, 0xfb, 0x3e, 0xcf, 0xf9, 0xce, 0x39, 0x33, 0xd0, 0x2a, 0x88,
0xba, 0xe2, 0xe2, 0x05, 0x2d, 0xa6, 0xdd, 0xc5, 0xd3, 0x31, 0x51, 0xe9, 0xd3, 0xae, 0xa4, 0x39,
0xc9, 0x52, 0xe1, 0xcf, 0x04, 0x57, 0x1c, 0x7b, 0x54, 0x2a, 0xca, 0xfd, 0x35, 0xce, 0x37, 0xb8,
0xa3, 0x47, 0x53, 0xce, 0xa7, 0x8c, 0x74, 0xd3, 0x19, 0xed, 0x4e, 0x28, 0x61, 0x79, 0x32, 0x26,
0xcf, 0xd3, 0x05, 0xe5, 0x86, 0x7a, 0x54, 0x27, 0x3e, 0x4d, 0x15, 0xb9, 0x4a, 0x97, 0x06, 0xd1,
0xa9, 0x41, 0x2c, 0xa8, 0x50, 0xf3, 0x94, 0x25, 0x92, 0x88, 0x05, 0xcd, 0x88, 0x41, 0x7e, 0x58,
0x83, 0xcc, 0x89, 0x54, 0xb4, 0x48, 0x15, 0xe5, 0x45, 0x22, 0xe6, 0xcc, 0x40, 0xdb, 0xbf, 0x34,
0xe0, 0x20, 0xae, 0x72, 0xc0, 0x17, 0xf0, 0xa0, 0x64, 0x31, 0x9e, 0xe6, 0x89, 0x24, 0x8c, 0x64,
0x8a, 0x0b, 0x0f, 0xb5, 0x50, 0xc7, 0xe9, 0x3d, 0xf6, 0xb7, 0x65, 0xe6, 0x5f, 0x18, 0x4a, 0x6c,
0x18, 0x91, 0x7b, 0xf5, 0xda, 0x0e, 0x3e, 0x85, 0x03, 0x5a, 0x4c, 0x05, 0x91, 0xd2, 0xb3, 0x5a,
0x8d, 0x8e, 0xd3, 0xf3, 0xb7, 0xcb, 0x9d, 0x95, 0x81, 0xb3, 0x0a, 0x1d, 0x52, 0xa9, 0x48, 0x41,
0x44, 0xb4, 0xa2, 0xe3, 0x00, 0xf6, 0x49, 0x25, 0xd4, 0xd0, 0x42, 0x4f, 0x6e, 0x11, 0x0a, 0x5e,
0xd5, 0x31, 0x64, 0x3c, 0x85, 0x77, 0xf9, 0x5c, 0x8d, 0xf9, 0xbc, 0xc8, 0x13, 0x25, 0xd2, 0xc9,
0x84, 0x66, 0xc9, 0x8c, 0x33, 0x9a, 0x2d, 0xbd, 0xa6, 0xce, 0xb7, 0xbb, 0x5d, 0x77, 0x60, 0x88,
0xa3, 0x8a, 0x37, 0xd4, 0xb4, 0xe8, 0x21, 0xaf, 0xdb, 0xc6, 0x7d, 0xb0, 0x19, 0xcf, 0x52, 0xf6,
0x9c, 0x4b, 0xe5, 0xed, 0x6b, 0xe9, 0xf7, 0xb7, 0x4b, 0x87, 0x2b, 0x68, 0xb4, 0x66, 0xb5, 0xff,
0xb0, 0xe0, 0xb0, 0xce, 0x14, 0xfc, 0x19, 0x34, 0x67, 0x5c, 0x28, 0x53, 0xa1, 0xe3, 0xed, 0xb2,
0x43, 0x2e, 0xd4, 0x49, 0xe3, 0x65, 0xdf, 0x8a, 0x34, 0x01, 0x63, 0x68, 0x8e, 0x69, 0x91, 0x7b,
0x56, 0x0b, 0x75, 0xec, 0x48, 0x7f, 0xe3, 0x53, 0xb8, 0x97, 0xa5, 0x33, 0x35, 0x17, 0x24, 0xf9,
0x89, 0xe7, 0xc4, 0x6b, 0xb4, 0x50, 0xe7, 0xad, 0xde, 0x07, 0xdb, 0x45, 0xbf, 0xaa, 0xd0, 0xdf,
0xf1, 0x9c, 0x44, 0x4e, 0xb6, 0x5e, 0x60, 0x1f, 0xdc, 0x9c, 0x4c, 0xd2, 0x39, 0x53, 0x09, 0x29,
0xf2, 0x19, 0xa7, 0x85, 0xd2, 0xa6, 0xda, 0xd5, 0x11, 0xde, 0x36, 0xc1, 0xc0, 0xc4, 0xf0, 0x8f,
0x70, 0x78, 0x93, 0x6c, 0x92, 0x31, 0x4a, 0x0a, 0x95, 0x28, 0x26, 0x8d, 0x5b, 0x1f, 0xbd, 0xe1,
0x04, 0x1a, 0x3b, 0x0a, 0xe3, 0x98, 0x28, 0x45, 0x8b, 0xa9, 0x8c, 0xf0, 0x8d, 0x90, 0x89, 0x31,
0xd9, 0xfe, 0xd5, 0x82, 0x77, 0x6a, 0x5a, 0x01, 0xf7, 0x76, 0x71, 0xef, 0x7f, 0x31, 0xee, 0x3d,
0xd8, 0x2b, 0x8f, 0x2e, 0xbd, 0x66, 0xab, 0xb1, 0x72, 0xab, 0xda, 0x79, 0xd5, 0xa3, 0x72, 0xd6,
0x89, 0xd0, 0x1e, 0xed, 0xdd, 0xe6, 0x51, 0xac, 0xb1, 0xf5, 0x1e, 0x99, 0x18, 0x93, 0xed, 0xdf,
0x10, 0xb8, 0xaf, 0x8f, 0x31, 0x8e, 0x61, 0x9f, 0xa5, 0x63, 0xc2, 0xa4, 0x87, 0xf4, 0xa8, 0x7d,
0xfa, 0xdf, 0xaf, 0x00, 0x3f, 0xd4, 0xc4, 0xa0, 0x50, 0x62, 0x59, 0xe5, 0x61, 0xa4, 0x8e, 0xbe,
0x00, 0x67, 0x23, 0x86, 0x5d, 0x68, 0xbc, 0x20, 0x4b, 0x5d, 0x03, 0x3b, 0x2a, 0x3f, 0xf1, 0x21,
0xec, 0x2d, 0x52, 0x36, 0x27, 0xc6, 0xe3, 0x6a, 0xf1, 0xa5, 0xf5, 0x39, 0x6a, 0xff, 0x8d, 0xe0,
0x61, 0xed, 0xec, 0xe1, 0x53, 0x68, 0x6a, 0xeb, 0x91, 0xb6, 0xfe, 0x93, 0x1d, 0x47, 0xd7, 0xd7,
0x95, 0xd0, 0x0a, 0x65, 0x31, 0xab, 0x1b, 0x22, 0x99, 0x09, 0xfe, 0xf3, 0x52, 0x1f, 0xc2, 0x79,
0x53, 0x31, 0x9f, 0xad, 0x6f, 0xd5, 0xc8, 0xa9, 0xa8, 0xc3, 0x92, 0xd9, 0xee, 0x40, 0x53, 0x17,
0xf5, 0x01, 0xdc, 0x8f, 0x82, 0x6f, 0xce, 0xe2, 0x51, 0x74, 0x99, 0x0c, 0xce, 0xc3, 0x4b, 0xf7,
0x0e, 0xbe, 0x0f, 0x76, 0x3f, 0x0c, 0x07, 0x17, 0x49, 0xff, 0xfc, 0xd2, 0x45, 0xed, 0xdf, 0x11,
0xd8, 0x37, 0x83, 0x8f, 0xbf, 0x05, 0xd8, 0x98, 0x01, 0xb4, 0xfb, 0x0c, 0xd8, 0xd9, 0xaa, 0xf5,
0x4b, 0xad, 0x8d, 0x5e, 0xb1, 0x76, 0xef, 0x15, 0x5b, 0xae, 0x5a, 0xe4, 0x71, 0x0f, 0x9c, 0x8d,
0xc6, 0xc5, 0x0e, 0x1c, 0x3c, 0x0b, 0xbe, 0xee, 0x7f, 0x1f, 0x8e, 0xdc, 0x3b, 0xf8, 0x1e, 0xdc,
0x3d, 0x1b, 0x8e, 0xfa, 0x27, 0x61, 0x10, 0xbb, 0x08, 0xdf, 0x85, 0xe6, 0xf9, 0xe0, 0x3c, 0x70,
0xad, 0x93, 0x27, 0x7f, 0x5e, 0x1f, 0xa3, 0xbf, 0xae, 0x8f, 0xd1, 0xcb, 0xeb, 0x63, 0xf4, 0xc3,
0xa3, 0xea, 0xc7, 0x94, 0xeb, 0x37, 0xf0, 0xdf, 0x2f, 0xd4, 0x78, 0x5f, 0xbf, 0x48, 0x1f, 0xff,
0x13, 0x00, 0x00, 0xff, 0xff, 0x95, 0xb2, 0xa7, 0x1d, 0x67, 0x07, 0x00, 0x00,
}
func (m *Sidecar) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *Sidecar) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *Sidecar) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.Localhost != nil {
{
size, err := m.Localhost.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintSidecar(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x32
}
if m.OutboundTrafficPolicy != nil {
{
size, err := m.OutboundTrafficPolicy.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintSidecar(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
}
if len(m.Egress) > 0 {
for iNdEx := len(m.Egress) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Egress[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintSidecar(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1a
}
}
if len(m.Ingress) > 0 {
for iNdEx := len(m.Ingress) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Ingress[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintSidecar(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
}
}
if m.WorkloadSelector != nil {
{
size, err := m.WorkloadSelector.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintSidecar(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *IstioIngressListener) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *IstioIngressListener) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *IstioIngressListener) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.LocalhostClientTls != nil {
{
size, err := m.LocalhostClientTls.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintSidecar(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x32
}
if len(m.DefaultEndpoint) > 0 {
i -= len(m.DefaultEndpoint)
copy(dAtA[i:], m.DefaultEndpoint)
i = encodeVarintSidecar(dAtA, i, uint64(len(m.DefaultEndpoint)))
i--
dAtA[i] = 0x22
}
if m.CaptureMode != 0 {
i = encodeVarintSidecar(dAtA, i, uint64(m.CaptureMode))
i--
dAtA[i] = 0x18
}
if len(m.Bind) > 0 {
i -= len(m.Bind)
copy(dAtA[i:], m.Bind)
i = encodeVarintSidecar(dAtA, i, uint64(len(m.Bind)))
i--
dAtA[i] = 0x12
}
if m.Port != nil {
{
size, err := m.Port.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintSidecar(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *IstioEgressListener) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *IstioEgressListener) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *IstioEgressListener) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.LocalhostServerTls != nil {
{
size, err := m.LocalhostServerTls.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintSidecar(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
}
if len(m.Hosts) > 0 {
for iNdEx := len(m.Hosts) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Hosts[iNdEx])
copy(dAtA[i:], m.Hosts[iNdEx])
i = encodeVarintSidecar(dAtA, i, uint64(len(m.Hosts[iNdEx])))
i--
dAtA[i] = 0x22
}
}
if m.CaptureMode != 0 {
i = encodeVarintSidecar(dAtA, i, uint64(m.CaptureMode))
i--
dAtA[i] = 0x18
}
if len(m.Bind) > 0 {
i -= len(m.Bind)
copy(dAtA[i:], m.Bind)
i = encodeVarintSidecar(dAtA, i, uint64(len(m.Bind)))
i--
dAtA[i] = 0x12
}
if m.Port != nil {
{
size, err := m.Port.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintSidecar(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *WorkloadSelector) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *WorkloadSelector) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *WorkloadSelector) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Labels) > 0 {
for k := range m.Labels {
v := m.Labels[k]
baseI := i
i -= len(v)
copy(dAtA[i:], v)
i = encodeVarintSidecar(dAtA, i, uint64(len(v)))
i--
dAtA[i] = 0x12
i -= len(k)
copy(dAtA[i:], k)
i = encodeVarintSidecar(dAtA, i, uint64(len(k)))
i--
dAtA[i] = 0xa
i = encodeVarintSidecar(dAtA, i, uint64(baseI-i))
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *OutboundTrafficPolicy) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *OutboundTrafficPolicy) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *OutboundTrafficPolicy) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.EgressProxy != nil {
{
size, err := m.EgressProxy.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintSidecar(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
}
if m.Mode != 0 {
i = encodeVarintSidecar(dAtA, i, uint64(m.Mode))
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *Localhost) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *Localhost) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *Localhost) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.ServerTls != nil {
{
size, err := m.ServerTls.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintSidecar(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
}
if m.ClientTls != nil {
{
size, err := m.ClientTls.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintSidecar(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func encodeVarintSidecar(dAtA []byte, offset int, v uint64) int {
offset -= sovSidecar(v)
base := offset
for v >= 1<<7 {
dAtA[offset] = uint8(v&0x7f | 0x80)
v >>= 7
offset++
}
dAtA[offset] = uint8(v)
return base
}
func (m *Sidecar) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.WorkloadSelector != nil {
l = m.WorkloadSelector.Size()
n += 1 + l + sovSidecar(uint64(l))
}
if len(m.Ingress) > 0 {
for _, e := range m.Ingress {
l = e.Size()
n += 1 + l + sovSidecar(uint64(l))
}
}
if len(m.Egress) > 0 {
for _, e := range m.Egress {
l = e.Size()
n += 1 + l + sovSidecar(uint64(l))
}
}
if m.OutboundTrafficPolicy != nil {
l = m.OutboundTrafficPolicy.Size()
n += 1 + l + sovSidecar(uint64(l))
}
if m.Localhost != nil {
l = m.Localhost.Size()
n += 1 + l + sovSidecar(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *IstioIngressListener) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.Port != nil {
l = m.Port.Size()
n += 1 + l + sovSidecar(uint64(l))
}
l = len(m.Bind)
if l > 0 {
n += 1 + l + sovSidecar(uint64(l))
}
if m.CaptureMode != 0 {
n += 1 + sovSidecar(uint64(m.CaptureMode))
}
l = len(m.DefaultEndpoint)
if l > 0 {
n += 1 + l + sovSidecar(uint64(l))
}
if m.LocalhostClientTls != nil {
l = m.LocalhostClientTls.Size()
n += 1 + l + sovSidecar(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *IstioEgressListener) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.Port != nil {
l = m.Port.Size()
n += 1 + l + sovSidecar(uint64(l))
}
l = len(m.Bind)
if l > 0 {
n += 1 + l + sovSidecar(uint64(l))
}
if m.CaptureMode != 0 {
n += 1 + sovSidecar(uint64(m.CaptureMode))
}
if len(m.Hosts) > 0 {
for _, s := range m.Hosts {
l = len(s)
n += 1 + l + sovSidecar(uint64(l))
}
}
if m.LocalhostServerTls != nil {
l = m.LocalhostServerTls.Size()
n += 1 + l + sovSidecar(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *WorkloadSelector) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.Labels) > 0 {
for k, v := range m.Labels {
_ = k
_ = v
mapEntrySize := 1 + len(k) + sovSidecar(uint64(len(k))) + 1 + len(v) + sovSidecar(uint64(len(v)))
n += mapEntrySize + 1 + sovSidecar(uint64(mapEntrySize))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *OutboundTrafficPolicy) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.Mode != 0 {
n += 1 + sovSidecar(uint64(m.Mode))
}
if m.EgressProxy != nil {
l = m.EgressProxy.Size()
n += 1 + l + sovSidecar(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *Localhost) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.ClientTls != nil {
l = m.ClientTls.Size()
n += 1 + l + sovSidecar(uint64(l))
}
if m.ServerTls != nil {
l = m.ServerTls.Size()
n += 1 + l + sovSidecar(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func sovSidecar(x uint64) (n int) {
return (math_bits.Len64(x|1) + 6) / 7
}
func sozSidecar(x uint64) (n int) {
return sovSidecar(uint64((x << 1) ^ uint64((int64(x) >> 63))))
}
func (m *Sidecar) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
preIndex := iNdEx
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowSidecar
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
fieldNum := int32(wire >> 3)
wireType := int(wire & 0x7)
if wireType == 4 {
return fmt.Errorf("proto: Sidecar: wiretype end group for non-group")
}
if fieldNum <= 0 {
return fmt.Errorf("proto: Sidecar: illegal tag %d (wire type %d)", fieldNum, wire)
}
switch fieldNum {
case 1:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field WorkloadSelector", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowSidecar
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthSidecar
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthSidecar
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
if m.WorkloadSelector == nil {
m.WorkloadSelector = &WorkloadSelector{}
}
if err := m.WorkloadSelector.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
case 2:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Ingress", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowSidecar
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthSidecar
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthSidecar
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Ingress = append(m.Ingress, &IstioIngressListener{})
if err := m.Ingress[len(m.Ingress)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
case 3:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Egress", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowSidecar
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthSidecar
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthSidecar
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Egress = append(m.Egress, &IstioEgressListener{})
if err := m.Egress[len(m.Egress)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
case 4:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field OutboundTrafficPolicy", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowSidecar
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthSidecar
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthSidecar
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
if m.OutboundTrafficPolicy == nil {
m.OutboundTrafficPolicy = &OutboundTrafficPolicy{}
}
if err := m.OutboundTrafficPolicy.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
case 6:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Localhost", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowSidecar
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthSidecar
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthSidecar
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
if m.Localhost == nil {
m.Localhost = &Localhost{}
}
if err := m.Localhost.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipSidecar(dAtA[iNdEx:])
if err != nil {
return err
}
if skippy < 0 {
return ErrInvalidLengthSidecar
}
if (iNdEx + skippy) < 0 {
return ErrInvalidLengthSidecar
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
iNdEx += skippy
}
}
if iNdEx > l {
return io.ErrUnexpectedEOF
}
return nil
}
func (m *IstioIngressListener) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
preIndex := iNdEx
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowSidecar
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
fieldNum := int32(wire >> 3)
wireType := int(wire & 0x7)
if wireType == 4 {
return fmt.Errorf("proto: IstioIngressListener: wiretype end group for non-group")
}
if fieldNum <= 0 {
return fmt.Errorf("proto: IstioIngressListener: illegal tag %d (wire type %d)", fieldNum, wire)
}
switch fieldNum {
case 1:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Port", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowSidecar
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthSidecar
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthSidecar
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
if m.Port == nil {
m.Port = &Port{}
}
if err := m.Port.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
case 2:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Bind", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowSidecar
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthSidecar
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthSidecar
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Bind = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 3:
if wireType != 0 {
return fmt.Errorf("proto: wrong wireType = %d for field CaptureMode", wireType)
}
m.CaptureMode = 0
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowSidecar
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
m.CaptureMode |= CaptureMode(b&0x7F) << shift
if b < 0x80 {
break
}
}
case 4:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field DefaultEndpoint", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowSidecar
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthSidecar
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthSidecar
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.DefaultEndpoint = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 6:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field LocalhostClientTls", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowSidecar
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthSidecar
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthSidecar
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
if m.LocalhostClientTls == nil {
m.LocalhostClientTls = &ClientTLSSettings{}
}
if err := m.LocalhostClientTls.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipSidecar(dAtA[iNdEx:])
if err != nil {
return err
}
if skippy < 0 {
return ErrInvalidLengthSidecar
}
if (iNdEx + skippy) < 0 {
return ErrInvalidLengthSidecar
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
iNdEx += skippy
}
}
if iNdEx > l {
return io.ErrUnexpectedEOF
}
return nil
}
func (m *IstioEgressListener) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
preIndex := iNdEx
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowSidecar
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
fieldNum := int32(wire >> 3)
wireType := int(wire & 0x7)
if wireType == 4 {
return fmt.Errorf("proto: IstioEgressListener: wiretype end group for non-group")
}
if fieldNum <= 0 {
return fmt.Errorf("proto: IstioEgressListener: illegal tag %d (wire type %d)", fieldNum, wire)
}
switch fieldNum {
case 1:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Port", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowSidecar
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthSidecar
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthSidecar
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
if m.Port == nil {
m.Port = &Port{}
}
if err := m.Port.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
case 2:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Bind", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowSidecar
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthSidecar
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthSidecar
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Bind = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 3:
if wireType != 0 {
return fmt.Errorf("proto: wrong wireType = %d for field CaptureMode", wireType)
}
m.CaptureMode = 0
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowSidecar
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
m.CaptureMode |= CaptureMode(b&0x7F) << shift
if b < 0x80 {
break
}
}
case 4:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Hosts", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowSidecar
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthSidecar
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthSidecar
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Hosts = append(m.Hosts, string(dAtA[iNdEx:postIndex]))
iNdEx = postIndex
case 5:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field LocalhostServerTls", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowSidecar
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthSidecar
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthSidecar
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
if m.LocalhostServerTls == nil {
m.LocalhostServerTls = &ServerTLSSettings{}
}
if err := m.LocalhostServerTls.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipSidecar(dAtA[iNdEx:])
if err != nil {
return err
}
if skippy < 0 {
return ErrInvalidLengthSidecar
}
if (iNdEx + skippy) < 0 {
return ErrInvalidLengthSidecar
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
iNdEx += skippy
}
}
if iNdEx > l {
return io.ErrUnexpectedEOF
}
return nil
}
func (m *WorkloadSelector) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
preIndex := iNdEx
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowSidecar
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
fieldNum := int32(wire >> 3)
wireType := int(wire & 0x7)
if wireType == 4 {
return fmt.Errorf("proto: WorkloadSelector: wiretype end group for non-group")
}
if fieldNum <= 0 {
return fmt.Errorf("proto: WorkloadSelector: illegal tag %d (wire type %d)", fieldNum, wire)
}
switch fieldNum {
case 1:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Labels", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowSidecar
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthSidecar
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthSidecar
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
if m.Labels == nil {
m.Labels = make(map[string]string)
}
var mapkey string
var mapvalue string
for iNdEx < postIndex {
entryPreIndex := iNdEx
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowSidecar
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
fieldNum := int32(wire >> 3)
if fieldNum == 1 {
var stringLenmapkey uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowSidecar
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLenmapkey |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLenmapkey := int(stringLenmapkey)
if intStringLenmapkey < 0 {
return ErrInvalidLengthSidecar
}
postStringIndexmapkey := iNdEx + intStringLenmapkey
if postStringIndexmapkey < 0 {
return ErrInvalidLengthSidecar
}
if postStringIndexmapkey > l {
return io.ErrUnexpectedEOF
}
mapkey = string(dAtA[iNdEx:postStringIndexmapkey])
iNdEx = postStringIndexmapkey
} else if fieldNum == 2 {
var stringLenmapvalue uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowSidecar
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLenmapvalue |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLenmapvalue := int(stringLenmapvalue)
if intStringLenmapvalue < 0 {
return ErrInvalidLengthSidecar
}
postStringIndexmapvalue := iNdEx + intStringLenmapvalue
if postStringIndexmapvalue < 0 {
return ErrInvalidLengthSidecar
}
if postStringIndexmapvalue > l {
return io.ErrUnexpectedEOF
}
mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue])
iNdEx = postStringIndexmapvalue
} else {
iNdEx = entryPreIndex
skippy, err := skipSidecar(dAtA[iNdEx:])
if err != nil {
return err
}
if skippy < 0 {
return ErrInvalidLengthSidecar
}
if (iNdEx + skippy) > postIndex {
return io.ErrUnexpectedEOF
}
iNdEx += skippy
}
}
m.Labels[mapkey] = mapvalue
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipSidecar(dAtA[iNdEx:])
if err != nil {
return err
}
if skippy < 0 {
return ErrInvalidLengthSidecar
}
if (iNdEx + skippy) < 0 {
return ErrInvalidLengthSidecar
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
iNdEx += skippy
}
}
if iNdEx > l {
return io.ErrUnexpectedEOF
}
return nil
}
func (m *OutboundTrafficPolicy) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
preIndex := iNdEx
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowSidecar
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
fieldNum := int32(wire >> 3)
wireType := int(wire & 0x7)
if wireType == 4 {
return fmt.Errorf("proto: OutboundTrafficPolicy: wiretype end group for non-group")
}
if fieldNum <= 0 {
return fmt.Errorf("proto: OutboundTrafficPolicy: illegal tag %d (wire type %d)", fieldNum, wire)
}
switch fieldNum {
case 1:
if wireType != 0 {
return fmt.Errorf("proto: wrong wireType = %d for field Mode", wireType)
}
m.Mode = 0
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowSidecar
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
m.Mode |= OutboundTrafficPolicy_Mode(b&0x7F) << shift
if b < 0x80 {
break
}
}
case 2:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field EgressProxy", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowSidecar
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthSidecar
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthSidecar
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
if m.EgressProxy == nil {
m.EgressProxy = &Destination{}
}
if err := m.EgressProxy.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipSidecar(dAtA[iNdEx:])
if err != nil {
return err
}
if skippy < 0 {
return ErrInvalidLengthSidecar
}
if (iNdEx + skippy) < 0 {
return ErrInvalidLengthSidecar
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
iNdEx += skippy
}
}
if iNdEx > l {
return io.ErrUnexpectedEOF
}
return nil
}
func (m *Localhost) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
preIndex := iNdEx
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowSidecar
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
fieldNum := int32(wire >> 3)
wireType := int(wire & 0x7)
if wireType == 4 {
return fmt.Errorf("proto: Localhost: wiretype end group for non-group")
}
if fieldNum <= 0 {
return fmt.Errorf("proto: Localhost: illegal tag %d (wire type %d)", fieldNum, wire)
}
switch fieldNum {
case 1:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field ClientTls", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowSidecar
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthSidecar
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthSidecar
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
if m.ClientTls == nil {
m.ClientTls = &ClientTLSSettings{}
}
if err := m.ClientTls.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
case 2:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field ServerTls", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowSidecar
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthSidecar
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthSidecar
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
if m.ServerTls == nil {
m.ServerTls = &ServerTLSSettings{}
}
if err := m.ServerTls.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipSidecar(dAtA[iNdEx:])
if err != nil {
return err
}
if skippy < 0 {
return ErrInvalidLengthSidecar
}
if (iNdEx + skippy) < 0 {
return ErrInvalidLengthSidecar
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
iNdEx += skippy
}
}
if iNdEx > l {
return io.ErrUnexpectedEOF
}
return nil
}
func skipSidecar(dAtA []byte) (n int, err error) {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return 0, ErrIntOverflowSidecar
}
if iNdEx >= l {
return 0, io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
wireType := int(wire & 0x7)
switch wireType {
case 0:
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return 0, ErrIntOverflowSidecar
}
if iNdEx >= l {
return 0, io.ErrUnexpectedEOF
}
iNdEx++
if dAtA[iNdEx-1] < 0x80 {
break
}
}
return iNdEx, nil
case 1:
iNdEx += 8
return iNdEx, nil
case 2:
var length int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return 0, ErrIntOverflowSidecar
}
if iNdEx >= l {
return 0, io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
length |= (int(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
if length < 0 {
return 0, ErrInvalidLengthSidecar
}
iNdEx += length
if iNdEx < 0 {
return 0, ErrInvalidLengthSidecar
}
return iNdEx, nil
case 3:
for {
var innerWire uint64
var start int = iNdEx
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return 0, ErrIntOverflowSidecar
}
if iNdEx >= l {
return 0, io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
innerWire |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
innerWireType := int(innerWire & 0x7)
if innerWireType == 4 {
break
}
next, err := skipSidecar(dAtA[start:])
if err != nil {
return 0, err
}
iNdEx = start + next
if iNdEx < 0 {
return 0, ErrInvalidLengthSidecar
}
}
return iNdEx, nil
case 4:
return iNdEx, nil
case 5:
iNdEx += 4
return iNdEx, nil
default:
return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
}
}
panic("unreachable")
}
var (
ErrInvalidLengthSidecar = fmt.Errorf("proto: negative length found during unmarshaling")
ErrIntOverflowSidecar = fmt.Errorf("proto: integer overflow")
)
Reference in New Issue View Git Blame Copy Permalink