admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fbfbb8b8d2e4574932dce8e30458c7422ec00a50
kubesphere/vendor/istio.io/api/networking/v1alpha3/service_entry.json
zryfish ea88c8803d use istio client-go library instead of knative (#1661) 
use istio client-go library instead of knative
bump kubernetes dependency version
change code coverage to codecov
2019-12-13 11:26:18 +08:00

146 lines
8.9 KiB
JSON
Raw Blame History

{
"openapi": "3.0.0",
"info": {
"title": "Configuration affecting service registry.",
"version": "v1alpha3"
},
"components": {
"schemas": {
"istio.networking.v1alpha3.Port": {
"description": "Port describes the properties of a specific port of a service.",
"type": "object",
"properties": {
"name": {
"description": "Label assigned to the port.",
"type": "string",
"format": "string"
},
"number": {
"description": "A valid non-negative integer port number.",
"type": "integer"
},
"protocol": {
"description": "The protocol exposed on the port. MUST BE one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TLS. TLS implies the connection will be routed based on the SNI header to the destination without terminating the TLS connection.",
"type": "string",
"format": "string"
}
}
},
"istio.networking.v1alpha3.ServiceEntry": {
"description": "ServiceEntry enables adding additional entries into Istio's internal service registry.",
"type": "object",
"properties": {
"exportTo": {
"description": "A list of namespaces to which this service is exported. Exporting a service allows it to be used by sidecars, gateways and virtual services defined in other namespaces. This feature provides a mechanism for service owners and mesh administrators to control the visibility of services across namespace boundaries.",
"type": "array",
"items": {
"type": "string",
"format": "string"
}
},
"subjectAltNames": {
"description": "The list of subject alternate names allowed for workload instances that implement this service. This information is used to enforce [secure-naming](https://istio.io/docs/concepts/security/#secure-naming). If specified, the proxy will verify that the server certificate's subject alternate name matches one of the specified values.",
"type": "array",
"items": {
"type": "string",
"format": "string"
}
},
"hosts": {
"description": "The hosts associated with the ServiceEntry. Could be a DNS name with wildcard prefix.",
"type": "array",
"items": {
"type": "string",
"format": "string"
}
},
"addresses": {
"description": "The virtual IP addresses associated with the service. Could be CIDR prefix. For HTTP traffic, generated route configurations will include http route domains for both the `addresses` and `hosts` field values and the destination will be identified based on the HTTP Host/Authority header. If one or more IP addresses are specified, the incoming traffic will be identified as belonging to this service if the destination IP matches the IP/CIDRs specified in the addresses field. If the Addresses field is empty, traffic will be identified solely based on the destination port. In such scenarios, the port on which the service is being accessed must not be shared by any other service in the mesh. In other words, the sidecar will behave as a simple TCP proxy, forwarding incoming traffic on a specified port to the specified destination endpoint IP/host. Unix domain socket addresses are not supported in this field.",
"type": "array",
"items": {
"type": "string",
"format": "string"
}
},
"ports": {
"description": "The ports associated with the external service. If the Endpoints are Unix domain socket addresses, there must be exactly one port.",
"type": "array",
"items": {
"$ref": "#/components/schemas/istio.networking.v1alpha3.Port"
}
},
"location": {
"$ref": "#/components/schemas/istio.networking.v1alpha3.ServiceEntry.Location"
},
"resolution": {
"$ref": "#/components/schemas/istio.networking.v1alpha3.ServiceEntry.Resolution"
},
"endpoints": {
"description": "One or more endpoints associated with the service.",
"type": "array",
"items": {
"$ref": "#/components/schemas/istio.networking.v1alpha3.ServiceEntry.Endpoint"
}
}
}
},
"istio.networking.v1alpha3.ServiceEntry.Location": {
"description": "Location specifies whether the service is part of Istio mesh or outside the mesh. Location determines the behavior of several features, such as service-to-service mTLS authentication, policy enforcement, etc. When communicating with services outside the mesh, Istio's mTLS authentication is disabled, and policy enforcement is performed on the client-side as opposed to server-side.",
"type": "string",
"enum": [
"MESH_EXTERNAL",
"MESH_INTERNAL"
]
},
"istio.networking.v1alpha3.ServiceEntry.Resolution": {
"description": "Resolution determines how the proxy will resolve the IP addresses of the network endpoints associated with the service, so that it can route to one of them. The resolution mode specified here has no impact on how the application resolves the IP address associated with the service. The application may still have to use DNS to resolve the service to an IP so that the outbound traffic can be captured by the Proxy. Alternatively, for HTTP services, the application could directly communicate with the proxy (e.g., by setting HTTP_PROXY) to talk to these services.",
"type": "string",
"enum": [
"NONE",
"STATIC",
"DNS"
]
},
"istio.networking.v1alpha3.ServiceEntry.Endpoint": {
"description": "Endpoint defines a network address (IP or hostname) associated with the mesh service.",
"type": "object",
"properties": {
"labels": {
"description": "One or more labels associated with the endpoint.",
"type": "object",
"additionalProperties": {
"type": "string",
"format": "string"
}
},
"address": {
"description": "Address associated with the network endpoint without the port. Domain names can be used if and only if the resolution is set to DNS, and must be fully-qualified without wildcards. Use the form unix:///absolute/path/to/socket for Unix domain socket endpoints.",
"type": "string",
"format": "string"
},
"ports": {
"description": "Set of ports associated with the endpoint. The ports must be associated with a port name that was declared as part of the service. Do not use for `unix://` addresses.",
"type": "object",
"additionalProperties": {
"type": "integer"
}
},
"network": {
"description": "Network enables Istio to group endpoints resident in the same L3 domain/network. All endpoints in the same network are assumed to be directly reachable from one another. When endpoints in different networks cannot reach each other directly, an Istio Gateway can be used to establish connectivity (usually using the AUTO_PASSTHROUGH mode in a Gateway Server). This is an advanced configuration used typically for spanning an Istio mesh over multiple clusters.",
"type": "string",
"format": "string"
},
"locality": {
"description": "The locality associated with the endpoint. A locality corresponds to a failure domain (e.g., country/region/zone). Arbitrary failure domain hierarchies can be represented by separating each encapsulating failure domain by /. For example, the locality of an an endpoint in US, in US-East-1 region, within availability zone az-1, in data center rack r11 can be represented as us/us-east-1/az-1/r11. Istio will configure the sidecar to route to endpoints within the same locality as the sidecar. If none of the endpoints in the locality are available, endpoints parent locality (but within the same network ID) will be chosen. For example, if there are two endpoints in same network (networkID \"n1\"), say e1 with locality us/us-east-1/az-1/r11 and e2 with locality us/us-east-1/az-2/r12, a sidecar from us/us-east-1/az-1/r11 locality will prefer e1 from the same locality over e2 from a different locality. Endpoint e2 could be the IP associated with a gateway (that bridges networks n1 and n2), or the IP associated with a standard service endpoint.",
"type": "string",
"format": "string"
},
"weight": {
"description": "The load balancing weight associated with the endpoint. Endpoints with higher weights will receive proportionally higher traffic.",
"type": "integer"
}
}
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink