ea88c8803d
use istio client-go library instead of knative bump kubernetes dependency version change code coverage to codecov
143 lines
8.0 KiB
JSON
143 lines
8.0 KiB
JSON
{
|
|
"openapi": "3.0.0",
|
|
"info": {
|
|
"title": "Configuration affecting network reachability of a sidecar.",
|
|
"version": "v1alpha3"
|
|
},
|
|
"components": {
|
|
"schemas": {
|
|
"istio.networking.v1alpha3.WorkloadSelector": {
|
|
"description": "`WorkloadSelector` specifies the criteria used to determine if the `Gateway`, `Sidecar`, or `EnvoyFilter` configuration can be applied to a proxy. The matching criteria includes the metadata associated with a proxy, workload instance info such as labels attached to the pod/VM, or any other info that the proxy provides to Istio during the initial handshake. If multiple conditions are specified, all conditions need to match in order for the workload instance to be selected. Currently, only label based selection mechanism is supported.",
|
|
"type": "object",
|
|
"properties": {
|
|
"labels": {
|
|
"description": "One or more labels that indicate a specific set of pods/VMs on which this `Sidecar` configuration should be applied. The scope of label search is restricted to the configuration namespace in which the the resource is present.",
|
|
"type": "object",
|
|
"additionalProperties": {
|
|
"type": "string",
|
|
"format": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"istio.networking.v1alpha3.Port": {
|
|
"description": "Port describes the properties of a specific port of a service.",
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"description": "Label assigned to the port.",
|
|
"type": "string",
|
|
"format": "string"
|
|
},
|
|
"number": {
|
|
"description": "A valid non-negative integer port number.",
|
|
"type": "integer"
|
|
},
|
|
"protocol": {
|
|
"description": "The protocol exposed on the port. MUST BE one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TLS. TLS implies the connection will be routed based on the SNI header to the destination without terminating the TLS connection.",
|
|
"type": "string",
|
|
"format": "string"
|
|
}
|
|
}
|
|
},
|
|
"istio.networking.v1alpha3.Sidecar": {
|
|
"description": "`Sidecar` describes the configuration of the sidecar proxy that mediates inbound and outbound communication of the workload instance to which it is attached.",
|
|
"type": "object",
|
|
"properties": {
|
|
"workloadSelector": {
|
|
"$ref": "#/components/schemas/istio.networking.v1alpha3.WorkloadSelector"
|
|
},
|
|
"ingress": {
|
|
"description": "Ingress specifies the configuration of the sidecar for processing inbound traffic to the attached workload instance. If omitted, Istio will automatically configure the sidecar based on the information about the workload obtained from the orchestration platform (e.g., exposed ports, services, etc.). If specified, inbound ports are configured if and only if the workload instance is associated with a service.",
|
|
"type": "array",
|
|
"items": {
|
|
"$ref": "#/components/schemas/istio.networking.v1alpha3.IstioIngressListener"
|
|
}
|
|
},
|
|
"egress": {
|
|
"description": "Egress specifies the configuration of the sidecar for processing outbound traffic from the attached workload instance to other services in the mesh.",
|
|
"type": "array",
|
|
"items": {
|
|
"$ref": "#/components/schemas/istio.networking.v1alpha3.IstioEgressListener"
|
|
}
|
|
},
|
|
"outboundTrafficPolicy": {
|
|
"$ref": "#/components/schemas/istio.networking.v1alpha3.OutboundTrafficPolicy"
|
|
}
|
|
}
|
|
},
|
|
"istio.networking.v1alpha3.IstioIngressListener": {
|
|
"description": "`IstioIngressListener` specifies the properties of an inbound traffic listener on the sidecar proxy attached to a workload instance.",
|
|
"type": "object",
|
|
"properties": {
|
|
"port": {
|
|
"$ref": "#/components/schemas/istio.networking.v1alpha3.Port"
|
|
},
|
|
"bind": {
|
|
"description": "The IP to which the listener should be bound. Must be in the format `x.x.x.x`. Unix domain socket addresses are not allowed in the bind field for ingress listeners. If omitted, Istio will automatically configure the defaults based on imported services and the workload instances to which this configuration is applied to.",
|
|
"type": "string",
|
|
"format": "string"
|
|
},
|
|
"defaultEndpoint": {
|
|
"description": "The loopback IP endpoint or Unix domain socket to which traffic should be forwarded to. This configuration can be used to redirect traffic arriving at the bind `IP:Port` on the sidecar to a `localhost:port` or Unix domain socket where the application workload instance is listening for connections. Format should be `127.0.0.1:PORT` or `unix:///path/to/socket`",
|
|
"type": "string",
|
|
"format": "string"
|
|
},
|
|
"captureMode": {
|
|
"$ref": "#/components/schemas/istio.networking.v1alpha3.CaptureMode"
|
|
}
|
|
}
|
|
},
|
|
"istio.networking.v1alpha3.IstioEgressListener": {
|
|
"description": "`IstioEgressListener` specifies the properties of an outbound traffic listener on the sidecar proxy attached to a workload instance.",
|
|
"type": "object",
|
|
"properties": {
|
|
"port": {
|
|
"$ref": "#/components/schemas/istio.networking.v1alpha3.Port"
|
|
},
|
|
"bind": {
|
|
"description": "The IP or the Unix domain socket to which the listener should be bound to. Port MUST be specified if bind is not empty. Format: `x.x.x.x` or `unix:///path/to/uds` or `unix://@foobar` (Linux abstract namespace). If omitted, Istio will automatically configure the defaults based on imported services, the workload instances to which this configuration is applied to and the captureMode. If captureMode is `NONE`, bind will default to 127.0.0.1.",
|
|
"type": "string",
|
|
"format": "string"
|
|
},
|
|
"hosts": {
|
|
"description": "One or more service hosts exposed by the listener in `namespace/dnsName` format. Services in the specified namespace matching `dnsName` will be exposed. The corresponding service can be a service in the service registry (e.g., a Kubernetes or cloud foundry service) or a service specified using a `ServiceEntry` or `VirtualService` configuration. Any associated `DestinationRule` in the same namespace will also be used.",
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "string"
|
|
}
|
|
},
|
|
"captureMode": {
|
|
"$ref": "#/components/schemas/istio.networking.v1alpha3.CaptureMode"
|
|
}
|
|
}
|
|
},
|
|
"istio.networking.v1alpha3.OutboundTrafficPolicy": {
|
|
"description": "`OutboundTrafficPolicy` sets the default behavior of the sidecar for handling outbound traffic from the application. If your application uses one or more external services that are not known apriori, setting the policy to `ALLOW_ANY` will cause the sidecars to route any unknown traffic originating from the application to its requested destination. Users are strongly encouraged to use `ServiceEntry` configurations to explicitly declare any external dependencies, instead of using `ALLOW_ANY`, so that traffic to these services can be monitored.",
|
|
"type": "object",
|
|
"properties": {
|
|
"mode": {
|
|
"$ref": "#/components/schemas/istio.networking.v1alpha3.OutboundTrafficPolicy.Mode"
|
|
}
|
|
}
|
|
},
|
|
"istio.networking.v1alpha3.CaptureMode": {
|
|
"description": "`CaptureMode` describes how traffic to a listener is expected to be captured. Applicable only when the listener is bound to an IP.",
|
|
"type": "string",
|
|
"enum": [
|
|
"DEFAULT",
|
|
"IPTABLES",
|
|
"NONE"
|
|
]
|
|
},
|
|
"istio.networking.v1alpha3.OutboundTrafficPolicy.Mode": {
|
|
"type": "string",
|
|
"enum": [
|
|
"REGISTRY_ONLY",
|
|
"ALLOW_ANY"
|
|
]
|
|
}
|
|
}
|
|
}
|
|
} |