admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fc8a482d1ece9ba6941dc689ce90f96f20c011c3
kubesphere/config/crds/servicemesh.kubesphere.io_strategies.yaml
yuswift 644a08aff3 upgrade controller-tools to v0.4.1 
Signed-off-by: yuswift <yuswift2018@gmail.com>
2021-04-12 16:31:10 +08:00

672 lines
63 KiB
YAML
Generated
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: strategies.servicemesh.kubesphere.io
spec:
group: servicemesh.kubesphere.io
names:
kind: Strategy
listKind: StrategyList
plural: strategies
singular: strategy
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: type of strategy
jsonPath: .spec.type
name: Type
type: string
- description: destination hosts
jsonPath: .spec.template.spec.hosts
name: Hosts
type: string
- description: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha2
schema:
openAPIV3Schema:
description: Strategy is the Schema for the strategies API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: StrategySpec defines the desired state of Strategy
properties:
governor:
description: Governor version, the version takes control of all incoming traffic label version value
type: string
principal:
description: Principal version, the one as reference version label version value
type: string
selector:
description: Label selector for virtual services.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
properties:
key:
description: key is the label key that the selector applies to.
type: string
operator:
description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
strategyPolicy:
description: strategy policy, how the strategy will be applied by the strategy controller
type: string
template:
description: Template describes the virtual service that will be created.
properties:
metadata:
description: Metadata of the virtual services created from this template
type: object
spec:
description: Spec indicates the behavior of a virtual service.
properties:
export_to:
description: "A list of namespaces to which this virtual service is exported. Exporting a virtual service allows it to be used by sidecars and gateways defined in other namespaces. This feature provides a mechanism for service owners and mesh administrators to control the visibility of virtual services across namespace boundaries. \n If no namespaces are specified then the virtual service is exported to all namespaces by default. \n The value \".\" is reserved and defines an export to the same namespace that the virtual service is declared in. Similarly the value \"*\" is reserved and defines an export to all namespaces. \n NOTE: in the current release, the `exportTo` value is restricted to \".\" or \"*\" (i.e., the current namespace or all namespaces)."
items:
type: string
type: array
gateways:
description: The names of gateways and sidecars that should apply these routes. Gateways in other namespaces may be referred to by `<gateway namespace>/<gateway name>`; specifying a gateway with no namespace qualifier is the same as specifying the VirtualService's namespace. A single VirtualService is used for sidecars inside the mesh as well as for one or more gateways. The selection condition imposed by this field can be overridden using the source field in the match conditions of protocol-specific routes. The reserved word `mesh` is used to imply all the sidecars in the mesh. When this field is omitted, the default gateway (`mesh`) will be used, which would apply the rule to all sidecars in the mesh. If a list of gateway names is provided, the rules will apply only to the gateways. To apply the rules to both gateways and sidecars, specify `mesh` as one of the gateway names.
items:
type: string
type: array
hosts:
description: "The destination hosts to which traffic is being sent. Could be a DNS name with wildcard prefix or an IP address. Depending on the platform, short-names can also be used instead of a FQDN (i.e. has no dots in the name). In such a scenario, the FQDN of the host would be derived based on the underlying platform. \n A single VirtualService can be used to describe all the traffic properties of the corresponding hosts, including those for multiple HTTP and TCP ports. Alternatively, the traffic properties of a host can be defined using more than one VirtualService, with certain caveats. Refer to the [Operations Guide](https://istio.io/docs/ops/best-practices/traffic-management/#split-virtual-services) for details. \n *Note for Kubernetes users*: When short names are used (e.g. \"reviews\" instead of \"reviews.default.svc.cluster.local\"), Istio will interpret the short name based on the namespace of the rule, not the service. A rule in the \"default\" namespace containing a host \"reviews\" will be interpreted as \"reviews.default.svc.cluster.local\", irrespective of the actual namespace associated with the reviews service. _To avoid potential misconfigurations, it is recommended to always use fully qualified domain names over short names._ \n The hosts field applies to both HTTP and TCP services. Service inside the mesh, i.e., those found in the service registry, must always be referred to using their alphanumeric names. IP addresses are allowed only for services defined via the Gateway. \n *Note*: It must be empty for a delegate VirtualService."
items:
type: string
type: array
http:
description: An ordered list of route rules for HTTP traffic. HTTP routes will be applied to platform service ports named 'http-*'/'http2-*'/'grpc-*', gateway ports with protocol HTTP/HTTP2/GRPC/ TLS-terminated-HTTPS and service entry ports using HTTP/HTTP2/GRPC protocols. The first rule matching an incoming request is used.
items:
description: Describes match conditions and actions for routing HTTP/1.1, HTTP2, and gRPC traffic. See VirtualService for usage examples.
properties:
cors_policy:
description: Cross-Origin Resource Sharing policy (CORS). Refer to [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) for further details about cross origin resource sharing.
properties:
allow_credentials:
description: Indicates whether the caller is allowed to send the actual request (not the preflight) using credentials. Translates to `Access-Control-Allow-Credentials` header.
properties:
value:
description: The bool value.
type: boolean
type: object
allow_headers:
description: List of HTTP headers that can be used when requesting the resource. Serialized to Access-Control-Allow-Headers header.
items:
type: string
type: array
allow_methods:
description: List of HTTP methods allowed to access the resource. The content will be serialized into the Access-Control-Allow-Methods header.
items:
type: string
type: array
allow_origin:
description: The list of origins that are allowed to perform CORS requests. The content will be serialized into the Access-Control-Allow-Origin header. Wildcard * will allow all origins. $hide_from_docs
items:
type: string
type: array
allow_origins:
description: String patterns that match allowed origins. An origin is allowed if any of the string matchers match. If a match is found, then the outgoing Access-Control-Allow-Origin would be set to the origin as provided by the client.
items:
description: Describes how to match a given string in HTTP headers. Match is case-sensitive.
type: object
type: array
expose_headers:
description: A white list of HTTP headers that the browsers are allowed to access. Serialized into Access-Control-Expose-Headers header.
items:
type: string
type: array
max_age:
description: Specifies how long the results of a preflight request can be cached. Translates to the `Access-Control-Max-Age` header.
properties:
nanos:
description: Signed fractions of a second at nanosecond resolution of the span of time. Durations less than one second are represented with a 0 `seconds` field and a positive or negative `nanos` field. For durations of one second or more, a non-zero value for the `nanos` field must be of the same sign as the `seconds` field. Must be from -999,999,999 to +999,999,999 inclusive.
format: int32
type: integer
seconds:
description: 'Signed seconds of the span of time. Must be from -315,576,000,000 to +315,576,000,000 inclusive. Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years'
format: int64
type: integer
type: object
type: object
delegate:
description: 'Delegate is used to specify the particular VirtualService which can be used to define delegate HTTPRoute. It can be set only when `Route` and `Redirect` are empty, and the route rules of the delegate VirtualService will be merged with that in the current one. **NOTE**: 1. Only one level delegation is supported. 2. The delegate''s HTTPMatchRequest must be a strict subset of the root''s, otherwise there is a conflict and the HTTPRoute will not take effect.'
properties:
name:
description: Name specifies the name of the delegate VirtualService.
type: string
namespace:
description: Namespace specifies the namespace where the delegate VirtualService resides. By default, it is same to the root's.
type: string
type: object
fault:
description: Fault injection policy to apply on HTTP traffic at the client side. Note that timeouts or retries will not be enabled when faults are enabled on the client side.
properties:
abort:
description: Abort Http request attempts and return error codes back to downstream service, giving the impression that the upstream service is faulty.
properties:
percentage:
description: Percentage of requests to be aborted with the error code provided.
properties:
value:
type: number
type: object
type: object
delay:
description: Delay requests before forwarding, emulating various failures such as network issues, overloaded upstream service, etc.
properties:
percent:
description: Percentage of requests on which the delay will be injected (0-100). Use of integer `percent` value is deprecated. Use the double `percentage` field instead.
format: int32
type: integer
percentage:
description: Percentage of requests on which the delay will be injected.
properties:
value:
type: number
type: object
type: object
type: object
headers:
description: Header manipulation rules
properties:
request:
description: Header manipulation rules to apply before forwarding a request to the destination service
properties:
add:
additionalProperties:
type: string
description: Append the given values to the headers specified by keys (will create a comma-separated list of values)
type: object
remove:
description: Remove a the specified headers
items:
type: string
type: array
set:
additionalProperties:
type: string
description: Overwrite the headers specified by key with the given values
type: object
type: object
response:
description: Header manipulation rules to apply before returning a response to the caller
properties:
add:
additionalProperties:
type: string
description: Append the given values to the headers specified by keys (will create a comma-separated list of values)
type: object
remove:
description: Remove a the specified headers
items:
type: string
type: array
set:
additionalProperties:
type: string
description: Overwrite the headers specified by key with the given values
type: object
type: object
type: object
match:
description: Match conditions to be satisfied for the rule to be activated. All conditions inside a single match block have AND semantics, while the list of match blocks have OR semantics. The rule is matched if any one of the match blocks succeed.
items:
description: "HttpMatchRequest specifies a set of criterion to be met in order for the rule to be applied to the HTTP request. For example, the following restricts the rule to match only requests where the URL path starts with /ratings/v2/ and the request contains a custom `end-user` header with value `jason`. \n {{<tabset category-name=\"example\">}} {{<tab name=\"v1alpha3\" category-value=\"v1alpha3\">}} ```yaml apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: ratings-route spec: hosts: - ratings.prod.svc.cluster.local http: - match: - headers: end-user: exact: jason uri: prefix: \"/ratings/v2/\" ignoreUriCase: true route: - destination: host: ratings.prod.svc.cluster.local ``` {{</tab>}} \n {{<tab name=\"v1beta1\" category-value=\"v1beta1\">}} ```yaml apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: ratings-route spec: hosts: - ratings.prod.svc.cluster.local http: - match: - headers: end-user: exact: jason uri: prefix: \"/ratings/v2/\" ignoreUriCase: true route: - destination: host: ratings.prod.svc.cluster.local ``` {{</tab>}} {{</tabset>}} \n HTTPMatchRequest CANNOT be empty. **Note:** No regex string match can be set when delegate VirtualService is specified."
properties:
authority:
description: "HTTP Authority values are case-sensitive and formatted as follows: \n - `exact: \"value\"` for exact string match \n - `prefix: \"value\"` for prefix-based match \n - `regex: \"value\"` for ECMAscript style regex-based match"
type: object
gateways:
description: Names of gateways where the rule should be applied. Gateway names in the top-level `gateways` field of the VirtualService (if any) are overridden. The gateway match is independent of sourceLabels.
items:
type: string
type: array
headers:
additionalProperties:
description: Describes how to match a given string in HTTP headers. Match is case-sensitive.
type: object
description: "The header keys must be lowercase and use hyphen as the separator, e.g. _x-request-id_. \n Header values are case-sensitive and formatted as follows: \n - `exact: \"value\"` for exact string match \n - `prefix: \"value\"` for prefix-based match \n - `regex: \"value\"` for ECMAscript style regex-based match \n If the value is empty and only the name of header is specfied, presence of the header is checked. **Note:** The keys `uri`, `scheme`, `method`, and `authority` will be ignored."
type: object
ignore_uri_case:
description: "Flag to specify whether the URI matching should be case-insensitive. \n **Note:** The case will be ignored only in the case of `exact` and `prefix` URI matches."
type: boolean
method:
description: "HTTP Method values are case-sensitive and formatted as follows: \n - `exact: \"value\"` for exact string match \n - `prefix: \"value\"` for prefix-based match \n - `regex: \"value\"` for ECMAscript style regex-based match"
type: object
name:
description: The name assigned to a match. The match's name will be concatenated with the parent route's name and will be logged in the access logs for requests matching this route.
type: string
port:
description: Specifies the ports on the host that is being addressed. Many services only expose a single port or label ports with the protocols they support, in these cases it is not required to explicitly select the port.
format: int32
type: integer
query_params:
additionalProperties:
description: Describes how to match a given string in HTTP headers. Match is case-sensitive.
type: object
description: "Query parameters for matching. \n Ex: - For a query parameter like \"?key=true\", the map key would be \"key\" and the string match could be defined as `exact: \"true\"`. - For a query parameter like \"?key\", the map key would be \"key\" and the string match could be defined as `exact: \"\"`. - For a query parameter like \"?key=123\", the map key would be \"key\" and the string match could be defined as `regex: \"\\d+$\"`. Note that this configuration will only match values like \"123\" but not \"a123\" or \"123a\". \n **Note:** `prefix` matching is currently not supported."
type: object
scheme:
description: "URI Scheme values are case-sensitive and formatted as follows: \n - `exact: \"value\"` for exact string match \n - `prefix: \"value\"` for prefix-based match \n - `regex: \"value\"` for ECMAscript style regex-based match"
type: object
source_labels:
additionalProperties:
type: string
description: One or more labels that constrain the applicability of a rule to workloads with the given labels. If the VirtualService has a list of gateways specified in the top-level `gateways` field, it must include the reserved gateway `mesh` for this field to be applicable.
type: object
source_namespace:
description: Source namespace constraining the applicability of a rule to workloads in that namespace. If the VirtualService has a list of gateways specified in the top-level `gateways` field, it must include the reserved gateway `mesh` for this field to be applicable.
type: string
uri:
description: "URI to match values are case-sensitive and formatted as follows: \n - `exact: \"value\"` for exact string match \n - `prefix: \"value\"` for prefix-based match \n - `regex: \"value\"` for ECMAscript style regex-based match \n **Note:** Case-insensitive matching could be enabled via the `ignore_uri_case` flag."
type: object
without_headers:
additionalProperties:
description: Describes how to match a given string in HTTP headers. Match is case-sensitive.
type: object
description: withoutHeader has the same syntax with the header, but has opposite meaning. If a header is matched with a matching rule among withoutHeader, the traffic becomes not matched one.
type: object
type: object
type: array
mirror:
description: Mirror HTTP traffic to a another destination in addition to forwarding the requests to the intended destination. Mirrored traffic is on a best effort basis where the sidecar/gateway will not wait for the mirrored cluster to respond before returning the response from the original destination. Statistics will be generated for the mirrored destination.
properties:
host:
description: "The name of a service from the service registry. Service names are looked up from the platform's service registry (e.g., Kubernetes services, Consul services, etc.) and from the hosts declared by [ServiceEntry](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry). Traffic forwarded to destinations that are not found in either of the two, will be dropped. \n *Note for Kubernetes users*: When short names are used (e.g. \"reviews\" instead of \"reviews.default.svc.cluster.local\"), Istio will interpret the short name based on the namespace of the rule, not the service. A rule in the \"default\" namespace containing a host \"reviews will be interpreted as \"reviews.default.svc.cluster.local\", irrespective of the actual namespace associated with the reviews service. To avoid potential misconfiguration, it is recommended to always use fully qualified domain names over short names."
type: string
port:
description: Specifies the port on the host that is being addressed. If a service exposes only a single port it is not required to explicitly select the port.
properties:
number:
description: Valid port number
format: int32
type: integer
type: object
subset:
description: The name of a subset within the service. Applicable only to services within the mesh. The subset must be defined in a corresponding DestinationRule.
type: string
type: object
mirror_percent:
description: Percentage of the traffic to be mirrored by the `mirror` field. Use of integer `mirror_percent` value is deprecated. Use the double `mirror_percentage` field instead
properties:
value:
description: The uint32 value.
format: int32
type: integer
type: object
mirror_percentage:
description: Percentage of the traffic to be mirrored by the `mirror` field. If this field is absent, all the traffic (100%) will be mirrored. Max value is 100.
properties:
value:
type: number
type: object
name:
description: The name assigned to the route for debugging purposes. The route's name will be concatenated with the match's name and will be logged in the access logs for requests matching this route/match.
type: string
redirect:
description: A HTTP rule can either redirect or forward (default) traffic. If traffic passthrough option is specified in the rule, route/redirect will be ignored. The redirect primitive can be used to send a HTTP 301 redirect to a different URI or Authority.
properties:
authority:
description: On a redirect, overwrite the Authority/Host portion of the URL with this value.
type: string
redirect_code:
description: On a redirect, Specifies the HTTP status code to use in the redirect response. The default response code is MOVED_PERMANENTLY (301).
format: int32
type: integer
uri:
description: On a redirect, overwrite the Path portion of the URL with this value. Note that the entire path will be replaced, irrespective of the request URI being matched as an exact path or prefix.
type: string
type: object
retries:
description: Retry policy for HTTP requests.
properties:
attempts:
description: Number of retries for a given request. The interval between retries will be determined automatically (25ms+). Actual number of retries attempted depends on the request `timeout` of the [HTTP route](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPRoute).
format: int32
type: integer
per_try_timeout:
description: 'Timeout per retry attempt for a given request. format: 1h/1m/1s/1ms. MUST BE >=1ms.'
properties:
nanos:
description: Signed fractions of a second at nanosecond resolution of the span of time. Durations less than one second are represented with a 0 `seconds` field and a positive or negative `nanos` field. For durations of one second or more, a non-zero value for the `nanos` field must be of the same sign as the `seconds` field. Must be from -999,999,999 to +999,999,999 inclusive.
format: int32
type: integer
seconds:
description: 'Signed seconds of the span of time. Must be from -315,576,000,000 to +315,576,000,000 inclusive. Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years'
format: int64
type: integer
type: object
retry_on:
description: Specifies the conditions under which retry takes place. One or more policies can be specified using a , delimited list. See the [retry policies](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-on) and [gRPC retry policies](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-grpc-on) for more details.
type: string
retry_remote_localities:
description: Flag to specify whether the retries should retry to other localities. See the [retry plugin configuration](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/http/http_connection_management#retry-plugin-configuration) for more details.
properties:
value:
description: The bool value.
type: boolean
type: object
type: object
rewrite:
description: Rewrite HTTP URIs and Authority headers. Rewrite cannot be used with Redirect primitive. Rewrite will be performed before forwarding.
properties:
authority:
description: rewrite the Authority/Host header with this value.
type: string
uri:
description: rewrite the path (or the prefix) portion of the URI with this value. If the original URI was matched based on prefix, the value provided in this field will replace the corresponding matched prefix.
type: string
type: object
route:
description: A HTTP rule can either redirect or forward (default) traffic. The forwarding target can be one of several versions of a service (see glossary in beginning of document). Weights associated with the service version determine the proportion of traffic it receives.
items:
description: "Each routing rule is associated with one or more service versions (see glossary in beginning of document). Weights associated with the version determine the proportion of traffic it receives. For example, the following rule will route 25% of traffic for the \"reviews\" service to instances with the \"v2\" tag and the remaining traffic (i.e., 75%) to \"v1\". \n {{<tabset category-name=\"example\">}} {{<tab name=\"v1alpha3\" category-value=\"v1alpha3\">}} ```yaml apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: reviews-route spec: hosts: - reviews.prod.svc.cluster.local http: - route: - destination: host: reviews.prod.svc.cluster.local subset: v2 weight: 25 - destination: host: reviews.prod.svc.cluster.local subset: v1 weight: 75 ``` {{</tab>}} \n {{<tab name=\"v1beta1\" category-value=\"v1beta1\">}} ```yaml apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: reviews-route spec: hosts: - reviews.prod.svc.cluster.local http: - route: - destination: host: reviews.prod.svc.cluster.local subset: v2 weight: 25 - destination: host: reviews.prod.svc.cluster.local subset: v1 weight: 75 ``` {{</tab>}} {{</tabset>}} \n And the associated DestinationRule \n {{<tabset category-name=\"example\">}} {{<tab name=\"v1alpha3\" category-value=\"v1alpha3\">}} ```yaml apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: reviews-destination spec: host: reviews.prod.svc.cluster.local subsets: - name: v1 labels: version: v1 - name: v2 labels: version: v2 ``` {{</tab>}} \n {{<tab name=\"v1beta1\" category-value=\"v1beta1\">}} ```yaml apiVersion: networking.istio.io/v1beta1 kind: DestinationRule metadata: name: reviews-destination spec: host: reviews.prod.svc.cluster.local subsets: - name: v1 labels: version: v1 - name: v2 labels: version: v2 ``` {{</tab>}} {{</tabset>}} \n Traffic can also be split across two entirely different services without having to define new subsets. For example, the following rule forwards 25% of traffic to reviews.com to dev.reviews.com \n {{<tabset category-name=\"example\">}} {{<tab name=\"v1alpha3\" category-value=\"v1alpha3\">}} ```yaml apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: reviews-route-two-domains spec: hosts: - reviews.com http: - route: - destination: host: dev.reviews.com weight: 25 - destination: host: reviews.com weight: 75 ``` {{</tab>}} \n {{<tab name=\"v1beta1\" category-value=\"v1beta1\">}} ```yaml apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: reviews-route-two-domains spec: hosts: - reviews.com http: - route: - destination: host: dev.reviews.com weight: 25 - destination: host: reviews.com weight: 75 ``` {{</tab>}} {{</tabset>}}"
properties:
destination:
description: Destination uniquely identifies the instances of a service to which the request/connection should be forwarded to.
properties:
host:
description: "The name of a service from the service registry. Service names are looked up from the platform's service registry (e.g., Kubernetes services, Consul services, etc.) and from the hosts declared by [ServiceEntry](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry). Traffic forwarded to destinations that are not found in either of the two, will be dropped. \n *Note for Kubernetes users*: When short names are used (e.g. \"reviews\" instead of \"reviews.default.svc.cluster.local\"), Istio will interpret the short name based on the namespace of the rule, not the service. A rule in the \"default\" namespace containing a host \"reviews will be interpreted as \"reviews.default.svc.cluster.local\", irrespective of the actual namespace associated with the reviews service. To avoid potential misconfiguration, it is recommended to always use fully qualified domain names over short names."
type: string
port:
description: Specifies the port on the host that is being addressed. If a service exposes only a single port it is not required to explicitly select the port.
properties:
number:
description: Valid port number
format: int32
type: integer
type: object
subset:
description: The name of a subset within the service. Applicable only to services within the mesh. The subset must be defined in a corresponding DestinationRule.
type: string
type: object
headers:
description: Header manipulation rules
properties:
request:
description: Header manipulation rules to apply before forwarding a request to the destination service
properties:
add:
additionalProperties:
type: string
description: Append the given values to the headers specified by keys (will create a comma-separated list of values)
type: object
remove:
description: Remove a the specified headers
items:
type: string
type: array
set:
additionalProperties:
type: string
description: Overwrite the headers specified by key with the given values
type: object
type: object
response:
description: Header manipulation rules to apply before returning a response to the caller
properties:
add:
additionalProperties:
type: string
description: Append the given values to the headers specified by keys (will create a comma-separated list of values)
type: object
remove:
description: Remove a the specified headers
items:
type: string
type: array
set:
additionalProperties:
type: string
description: Overwrite the headers specified by key with the given values
type: object
type: object
type: object
weight:
description: The proportion of traffic to be forwarded to the service version. (0-100). Sum of weights across destinations SHOULD BE == 100. If there is only one destination in a rule, the weight value is assumed to be 100.
format: int32
type: integer
type: object
type: array
timeout:
description: Timeout for HTTP requests.
properties:
nanos:
description: Signed fractions of a second at nanosecond resolution of the span of time. Durations less than one second are represented with a 0 `seconds` field and a positive or negative `nanos` field. For durations of one second or more, a non-zero value for the `nanos` field must be of the same sign as the `seconds` field. Must be from -999,999,999 to +999,999,999 inclusive.
format: int32
type: integer
seconds:
description: 'Signed seconds of the span of time. Must be from -315,576,000,000 to +315,576,000,000 inclusive. Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years'
format: int64
type: integer
type: object
type: object
type: array
tcp:
description: An ordered list of route rules for opaque TCP traffic. TCP routes will be applied to any port that is not a HTTP or TLS port. The first rule matching an incoming request is used.
items:
description: "Describes match conditions and actions for routing TCP traffic. The following routing rule forwards traffic arriving at port 27017 for mongo.prod.svc.cluster.local to another Mongo server on port 5555. \n {{<tabset category-name=\"example\">}} {{<tab name=\"v1alpha3\" category-value=\"v1alpha3\">}} ```yaml apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: bookinfo-Mongo spec: hosts: - mongo.prod.svc.cluster.local tcp: - match: - port: 27017 route: - destination: host: mongo.backup.svc.cluster.local port: number: 5555 ``` {{</tab>}} \n {{<tab name=\"v1beta1\" category-value=\"v1beta1\">}} ```yaml apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: bookinfo-Mongo spec: hosts: - mongo.prod.svc.cluster.local tcp: - match: - port: 27017 route: - destination: host: mongo.backup.svc.cluster.local port: number: 5555 ``` {{</tab>}} {{</tabset>}}"
properties:
match:
description: Match conditions to be satisfied for the rule to be activated. All conditions inside a single match block have AND semantics, while the list of match blocks have OR semantics. The rule is matched if any one of the match blocks succeed.
items:
description: L4 connection match attributes. Note that L4 connection matching support is incomplete.
properties:
destination_subnets:
description: IPv4 or IPv6 ip addresses of destination with optional subnet. E.g., a.b.c.d/xx form or just a.b.c.d.
items:
type: string
type: array
gateways:
description: Names of gateways where the rule should be applied. Gateway names in the top-level `gateways` field of the VirtualService (if any) are overridden. The gateway match is independent of sourceLabels.
items:
type: string
type: array
port:
description: Specifies the port on the host that is being addressed. Many services only expose a single port or label ports with the protocols they support, in these cases it is not required to explicitly select the port.
format: int32
type: integer
source_labels:
additionalProperties:
type: string
description: One or more labels that constrain the applicability of a rule to workloads with the given labels. If the VirtualService has a list of gateways specified in the top-level `gateways` field, it should include the reserved gateway `mesh` in order for this field to be applicable.
type: object
source_namespace:
description: Source namespace constraining the applicability of a rule to workloads in that namespace. If the VirtualService has a list of gateways specified in the top-level `gateways` field, it must include the reserved gateway `mesh` for this field to be applicable.
type: string
source_subnet:
description: IPv4 or IPv6 ip address of source with optional subnet. E.g., a.b.c.d/xx form or just a.b.c.d $hide_from_docs
type: string
type: object
type: array
route:
description: The destination to which the connection should be forwarded to.
items:
description: L4 routing rule weighted destination.
properties:
destination:
description: Destination uniquely identifies the instances of a service to which the request/connection should be forwarded to.
properties:
host:
description: "The name of a service from the service registry. Service names are looked up from the platform's service registry (e.g., Kubernetes services, Consul services, etc.) and from the hosts declared by [ServiceEntry](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry). Traffic forwarded to destinations that are not found in either of the two, will be dropped. \n *Note for Kubernetes users*: When short names are used (e.g. \"reviews\" instead of \"reviews.default.svc.cluster.local\"), Istio will interpret the short name based on the namespace of the rule, not the service. A rule in the \"default\" namespace containing a host \"reviews will be interpreted as \"reviews.default.svc.cluster.local\", irrespective of the actual namespace associated with the reviews service. To avoid potential misconfiguration, it is recommended to always use fully qualified domain names over short names."
type: string
port:
description: Specifies the port on the host that is being addressed. If a service exposes only a single port it is not required to explicitly select the port.
properties:
number:
description: Valid port number
format: int32
type: integer
type: object
subset:
description: The name of a subset within the service. Applicable only to services within the mesh. The subset must be defined in a corresponding DestinationRule.
type: string
type: object
weight:
description: The proportion of traffic to be forwarded to the service version. If there is only one destination in a rule, all traffic will be routed to it irrespective of the weight.
format: int32
type: integer
type: object
type: array
type: object
type: array
tls:
description: 'An ordered list of route rule for non-terminated TLS & HTTPS traffic. Routing is typically performed using the SNI value presented by the ClientHello message. TLS routes will be applied to platform service ports named ''https-*'', ''tls-*'', unterminated gateway ports using HTTPS/TLS protocols (i.e. with "passthrough" TLS mode) and service entry ports using HTTPS/TLS protocols. The first rule matching an incoming request is used. NOTE: Traffic ''https-*'' or ''tls-*'' ports without associated virtual service will be treated as opaque TCP traffic.'
items:
description: "Describes match conditions and actions for routing unterminated TLS traffic (TLS/HTTPS) The following routing rule forwards unterminated TLS traffic arriving at port 443 of gateway called \"mygateway\" to internal services in the mesh based on the SNI value. \n {{<tabset category-name=\"example\">}} {{<tab name=\"v1alpha3\" category-value=\"v1alpha3\">}} ```yaml apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: bookinfo-sni spec: hosts: - \"*.bookinfo.com\" gateways: - mygateway tls: - match: - port: 443 sniHosts: - login.bookinfo.com route: - destination: host: login.prod.svc.cluster.local - match: - port: 443 sniHosts: - reviews.bookinfo.com route: - destination: host: reviews.prod.svc.cluster.local ``` {{</tab>}} \n {{<tab name=\"v1beta1\" category-value=\"v1beta1\">}} ```yaml apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: bookinfo-sni spec: hosts: - \"*.bookinfo.com\" gateways: - mygateway tls: - match: - port: 443 sniHosts: - login.bookinfo.com route: - destination: host: login.prod.svc.cluster.local - match: - port: 443 sniHosts: - reviews.bookinfo.com route: - destination: host: reviews.prod.svc.cluster.local ``` {{</tab>}} {{</tabset>}}"
properties:
match:
description: Match conditions to be satisfied for the rule to be activated. All conditions inside a single match block have AND semantics, while the list of match blocks have OR semantics. The rule is matched if any one of the match blocks succeed.
items:
description: TLS connection match attributes.
properties:
destination_subnets:
description: IPv4 or IPv6 ip addresses of destination with optional subnet. E.g., a.b.c.d/xx form or just a.b.c.d.
items:
type: string
type: array
gateways:
description: Names of gateways where the rule should be applied. Gateway names in the top-level `gateways` field of the VirtualService (if any) are overridden. The gateway match is independent of sourceLabels.
items:
type: string
type: array
port:
description: Specifies the port on the host that is being addressed. Many services only expose a single port or label ports with the protocols they support, in these cases it is not required to explicitly select the port.
format: int32
type: integer
sni_hosts:
description: SNI (server name indicator) to match on. Wildcard prefixes can be used in the SNI value, e.g., *.com will match foo.example.com as well as example.com. An SNI value must be a subset (i.e., fall within the domain) of the corresponding virtual serivce's hosts.
items:
type: string
type: array
source_labels:
additionalProperties:
type: string
description: One or more labels that constrain the applicability of a rule to workloads with the given labels. If the VirtualService has a list of gateways specified in the top-level `gateways` field, it should include the reserved gateway `mesh` in order for this field to be applicable.
type: object
source_namespace:
description: Source namespace constraining the applicability of a rule to workloads in that namespace. If the VirtualService has a list of gateways specified in the top-level `gateways` field, it must include the reserved gateway `mesh` for this field to be applicable.
type: string
type: object
type: array
route:
description: The destination to which the connection should be forwarded to.
items:
description: L4 routing rule weighted destination.
properties:
destination:
description: Destination uniquely identifies the instances of a service to which the request/connection should be forwarded to.
properties:
host:
description: "The name of a service from the service registry. Service names are looked up from the platform's service registry (e.g., Kubernetes services, Consul services, etc.) and from the hosts declared by [ServiceEntry](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry). Traffic forwarded to destinations that are not found in either of the two, will be dropped. \n *Note for Kubernetes users*: When short names are used (e.g. \"reviews\" instead of \"reviews.default.svc.cluster.local\"), Istio will interpret the short name based on the namespace of the rule, not the service. A rule in the \"default\" namespace containing a host \"reviews will be interpreted as \"reviews.default.svc.cluster.local\", irrespective of the actual namespace associated with the reviews service. To avoid potential misconfiguration, it is recommended to always use fully qualified domain names over short names."
type: string
port:
description: Specifies the port on the host that is being addressed. If a service exposes only a single port it is not required to explicitly select the port.
properties:
number:
description: Valid port number
format: int32
type: integer
type: object
subset:
description: The name of a subset within the service. Applicable only to services within the mesh. The subset must be defined in a corresponding DestinationRule.
type: string
type: object
weight:
description: The proportion of traffic to be forwarded to the service version. If there is only one destination in a rule, all traffic will be routed to it irrespective of the weight.
format: int32
type: integer
type: object
type: array
type: object
type: array
type: object
type: object
type:
description: Strategy type
type: string
type: object
status:
description: StrategyStatus defines the observed state of Strategy
properties:
completionTime:
description: Represents time when the strategy was completed. It is represented in RFC3339 form and is in UTC.
format: date-time
type: string
conditions:
description: The latest available observations of an object's current state.
items:
description: StrategyCondition describes current state of a strategy.
properties:
lastProbeTime:
description: Last time the condition was checked.
format: date-time
type: string
lastTransitionTime:
description: Last time the condition transit from one status to another
format: date-time
type: string
message:
description: Human readable message indicating details about last transition.
type: string
reason:
description: reason for the condition's last transition
type: string
status:
description: Status of the condition, one of True, False, Unknown
type: string
type:
description: Type of strategy condition, Complete or Failed.
type: string
type: object
type: array
startTime:
description: Represents time when the strategy was acknowledged by the controller. It is represented in RFC3339 form and is in UTC.
format: date-time
type: string
type: object
type: object
served: true
storage: true
subresources: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
Reference in New Issue View Git Blame Copy Permalink