This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Config API Reference

Config API reference documentation

1 - Config v1alpha1 API Reference

Config v1alpha1 API reference documentation.

Packages:

config.flomesh.io/v1alpha1

Package v1alpha1 is the v1alpha1 version of the API.

Resource Types:

    CertificateSpec

    (Appears on:MeshConfigSpec)

    CertificateSpec is the type to reperesent FSM’s certificate management configuration.

    FieldDescription
    serviceCertValidityDuration
    string

    ServiceCertValidityDuration defines the service certificate validity duration.

    certKeyBitSize
    int

    CertKeyBitSize defines the certicate key bit size.

    ingressGateway
    IngressGatewayCertSpec
    (Optional)

    IngressGateway defines the certificate specification for an ingress gateway.

    ClusterPropertySpec

    (Appears on:ClusterSetSpec)

    ClusterPropertySpec is the type to represent cluster property.

    FieldDescription
    name
    string

    Name defines the name of cluster property.

    value
    string

    Value defines the name of cluster property.

    ClusterSetSpec

    (Appears on:MeshConfigSpec)

    ClusterSetSpec is the type to represent cluster set.

    FieldDescription
    properties
    []ClusterPropertySpec

    Properties defines properties for cluster.

    ExternalAuthzSpec

    (Appears on:TrafficSpec)

    ExternalAuthzSpec is a type to represent external authorization configuration.

    FieldDescription
    enable
    bool

    Enable defines a boolean indicating if the external authorization policy is to be enabled.

    address
    string

    Address defines the remote address of the external authorization endpoint.

    port
    uint16

    Port defines the destination port of the remote external authorization endpoint.

    statPrefix
    string

    StatPrefix defines a prefix for the stats sink for this external authorization policy.

    timeout
    string

    Timeout defines the timeout in which a response from the external authorization endpoint. is expected to execute.

    failureModeAllow
    bool

    FailureModeAllow defines a boolean indicating if traffic should be allowed on a failure to get a response against the external authorization endpoint.

    FeatureFlags

    (Appears on:MeshConfigSpec)

    FeatureFlags is a type to represent FSM’s feature flags.

    FieldDescription
    enableEgressPolicy
    bool

    EnableEgressPolicy defines if FSM’s Egress policy is enabled.

    enableSnapshotCacheMode
    bool

    EnableSnapshotCacheMode defines if XDS server starts with snapshot cache.

    enableAsyncProxyServiceMapping
    bool

    EnableAsyncProxyServiceMapping defines if FSM will map proxies to services asynchronously.

    enableIngressBackendPolicy
    bool

    EnableIngressBackendPolicy defines if FSM will use the IngressBackend API to allow ingress traffic to service mesh backends.

    enableAccessControlPolicy
    bool

    EnableAccessControlPolicy defines if FSM will use the AccessControl API to allow access control traffic to service mesh backends.

    enableAccessCertPolicy
    bool

    EnableAccessCertPolicy defines if FSM can issue certificates for external services..

    enableSidecarActiveHealthChecks
    bool

    EnableSidecarActiveHealthChecks defines if FSM will sidecar active health checks between services allowed to communicate.

    enableRetryPolicy
    bool

    EnableRetryPolicy defines if retry policy is enabled.

    enablePluginPolicy
    bool

    EnablePluginPolicy defines if plugin policy is enabled.

    enableAutoDefaultRoute
    bool

    EnableAutoDefaultRoute defines if auto default route is enabled.

    IngressGatewayCertSpec

    (Appears on:CertificateSpec)

    IngressGatewayCertSpec is the type to represent the certificate specification for an ingress gateway.

    FieldDescription
    subjectAltNames
    []string

    SubjectAltNames defines the Subject Alternative Names (domain names and IP addresses) secured by the certificate.

    validityDuration
    string

    ValidityDuration defines the validity duration of the certificate.

    secret
    Kubernetes core/v1.SecretReference

    Secret defines the secret in which the certificate is stored.

    MeshConfig

    MeshConfig is the type used to represent the mesh configuration.

    FieldDescription
    metadata
    Kubernetes meta/v1.ObjectMeta
    (Optional)

    Object’s metadata.

    Refer to the Kubernetes API documentation for the fields of the metadata field.
    spec
    MeshConfigSpec
    (Optional)

    Spec is the MeshConfig specification.



    clusterSet
    ClusterSetSpec

    ClusterSetSpec defines the configurations of cluster.

    sidecar
    SidecarSpec

    Sidecar defines the configurations of the proxy sidecar in a mesh.

    repoServer
    RepoServerSpec

    RepoServer defines the configurations of pipy repo server.

    traffic
    TrafficSpec

    Traffic defines the traffic management configurations for a mesh instance.

    observability
    ObservabilitySpec

    Observalility defines the observability configurations for a mesh instance.

    certificate
    CertificateSpec

    Certificate defines the certificate management configurations for a mesh instance.

    featureFlags
    FeatureFlags

    FeatureFlags defines the feature flags for a mesh instance.

    pluginChains
    PluginChainsSpec

    PluginChains defines the default plugin chains.

    MeshConfigSpec

    (Appears on:MeshConfig)

    MeshConfigSpec is the spec for FSM’s configuration.

    FieldDescription
    clusterSet
    ClusterSetSpec

    ClusterSetSpec defines the configurations of cluster.

    sidecar
    SidecarSpec

    Sidecar defines the configurations of the proxy sidecar in a mesh.

    repoServer
    RepoServerSpec

    RepoServer defines the configurations of pipy repo server.

    traffic
    TrafficSpec

    Traffic defines the traffic management configurations for a mesh instance.

    observability
    ObservabilitySpec

    Observalility defines the observability configurations for a mesh instance.

    certificate
    CertificateSpec

    Certificate defines the certificate management configurations for a mesh instance.

    featureFlags
    FeatureFlags

    FeatureFlags defines the feature flags for a mesh instance.

    pluginChains
    PluginChainsSpec

    PluginChains defines the default plugin chains.

    ObservabilitySpec

    (Appears on:MeshConfigSpec)

    ObservabilitySpec is the type to represent FSM’s observability configurations.

    FieldDescription
    fsmLogLevel
    string

    FSMLogLevel defines the log level for FSM control plane logs.

    enableDebugServer
    bool

    EnableDebugServer defines if the debug endpoint on the FSM controller pod is enabled.

    tracing
    TracingSpec

    Tracing defines FSM’s tracing configuration.

    remoteLogging
    RemoteLoggingSpec

    RemoteLogging defines FSM’s remot logging configuration.

    PluginChainSpec

    (Appears on:PluginChainsSpec)

    PluginChainSpec is the type to represent plugin chain.

    FieldDescription
    plugin
    string

    Plugin defines the name of plugin

    priority
    float32

    Priority defines the priority of plugin

    disable
    bool

    Disable defines the visibility of plugin

    PluginChainsSpec

    (Appears on:MeshConfigSpec)

    PluginChainsSpec is the type to represent plugin chains.

    FieldDescription
    inbound-tcp
    []PluginChainSpec

    InboundTCPChains defines inbound tcp chains

    inbound-http
    []PluginChainSpec

    InboundHTTPChains defines inbound http chains

    outbound-tcp
    []PluginChainSpec

    OutboundTCPChains defines outbound tcp chains

    outbound-http
    []PluginChainSpec

    OutboundHTTPChains defines outbound http chains

    RemoteLoggingSpec

    (Appears on:ObservabilitySpec)

    RemoteLoggingSpec is the type to represent FSM’s remote logging configuration.

    FieldDescription
    enable
    bool

    Enable defines a boolean indicating if the sidecars are enabled for remote logging.

    level
    uint16

    Level defines the remote logging’s level.

    port
    uint16

    Port defines the remote loggings port.

    address
    string

    Address defines the remote logging’s hostname.

    endpoint
    string

    Endpoint defines the API endpoint for remote logging requests sent to the collector.

    authorization
    string

    Authorization defines the access entity that allows to authorize someone in remote logging service.

    sampledFraction
    float32

    SampledFraction defines the sampled fraction.

    RepoServerSpec

    (Appears on:MeshConfigSpec)

    RepoServerSpec is the type to represent repo server.

    FieldDescription
    ipaddr
    string

    IPAddr of the pipy repo server

    codebase
    string

    Codebase is the folder used by fsmController

    SidecarDriverSpec

    (Appears on:SidecarSpec)

    SidecarDriverSpec is the type to represent FSM’s sidecar driver define.

    FieldDescription
    sidecarName
    string

    SidecarName defines the name of the sidecar driver.

    sidecarImage
    string

    SidecarImage defines the container image used for the proxy sidecar.

    initContainerImage
    string

    InitContainerImage defines the container image used for the init container injected to meshed pods.

    proxyServerPort
    uint32

    ProxyServerPort is the port on which the Discovery Service listens for new connections from Sidecars

    sidecarDisabledMTLS
    bool

    SidecarDisabledMTLS defines if mTLS are disabled.

    SidecarSpec

    (Appears on:MeshConfigSpec)

    SidecarSpec is the type used to represent the specifications for the proxy sidecar.

    FieldDescription
    enablePrivilegedInitContainer
    bool

    EnablePrivilegedInitContainer defines a boolean indicating whether the init container for a meshed pod should run as privileged.

    logLevel
    string

    LogLevel defines the logging level for the sidecar’s logs. Non developers should generally never set this value. In production environments the LogLevel should be set to error.

    sidecarClass
    string

    SidecarClass defines the container provider used for the proxy sidecar.

    sidecarImage
    string

    SidecarImage defines the container image used for the proxy sidecar.

    sidecarDisabledMTLS
    bool

    SidecarDisabledMTLS defines whether mTLS is disabled.

    initContainerImage
    string

    InitContainerImage defines the container image used for the init container injected to meshed pods.

    sidecarDrivers
    []SidecarDriverSpec

    SidecarDrivers defines the sidecar supported.

    maxDataPlaneConnections
    int

    MaxDataPlaneConnections defines the maximum allowed data plane connections from a proxy sidecar to the FSM controller.

    configResyncInterval
    string

    ConfigResyncInterval defines the resync interval for regular proxy broadcast updates.

    sidecarTimeout
    int

    SidecarTimeout defines the connect/idle/read/write timeout.

    resources
    Kubernetes core/v1.ResourceRequirements

    Resources defines the compute resources for the sidecar.

    TracingSpec

    (Appears on:ObservabilitySpec)

    TracingSpec is the type to represent FSM’s tracing configuration.

    FieldDescription
    enable
    bool

    Enable defines a boolean indicating if the sidecars are enabled for tracing.

    port
    uint16

    Port defines the tracing collector’s port.

    address
    string

    Address defines the tracing collectio’s hostname.

    endpoint
    string

    Endpoint defines the API endpoint for tracing requests sent to the collector.

    sampledFraction
    float32

    SampledFraction defines the sampled fraction.

    TrafficSpec

    (Appears on:MeshConfigSpec)

    TrafficSpec is the type used to represent FSM’s traffic management configuration.

    FieldDescription
    interceptionMode
    string

    InterceptionMode defines a string indicating which traffic interception mode is used.

    enableEgress
    bool

    EnableEgress defines a boolean indicating if mesh-wide Egress is enabled.

    outboundIPRangeExclusionList
    []string

    OutboundIPRangeExclusionList defines a global list of IP address ranges to exclude from outbound traffic interception by the sidecar proxy.

    outboundPortExclusionList
    []int

    OutboundPortExclusionList defines a global list of ports to exclude from outbound traffic interception by the sidecar proxy.

    inboundPortExclusionList
    []int

    InboundPortExclusionList defines a global list of ports to exclude from inbound traffic interception by the sidecar proxy.

    enablePermissiveTrafficPolicyMode
    bool

    EnablePermissiveTrafficPolicyMode defines a boolean indicating if permissive traffic policy mode is enabled mesh-wide.

    serviceAccessMode
    string

    ServiceAccessMode defines a string indicating service access mode.

    inboundExternalAuthorization
    ExternalAuthzSpec

    InboundExternalAuthorization defines a ruleset that, if enabled, will configure a remote external authorization endpoint for all inbound and ingress traffic in the mesh.

    http1PerRequestLoadBalancing
    bool

    HTTP1PerRequestLoadBalancing defines a boolean indicating if load balancing based on request is enabled for http1.

    http2PerRequestLoadBalancing
    bool

    HTTP1PerRequestLoadBalancing defines a boolean indicating if load balancing based on request is enabled for http2.


    Generated with gen-crd-api-reference-docs on git commit 8abe9ab.

    2 - Config v1alpha2 API Reference

    Config v1alpha2 API reference documentation.

    Packages:

    config.flomesh.io/v1alpha2

    Package v1alpha2 is the v1alpha2 version of the API.

    Resource Types:

      CertManagerProviderSpec

      (Appears on:ProviderSpec)

      CertManagerProviderSpec defines the configuration of the cert-manager provider

      FieldDescription
      issuerName
      string

      IssuerName specifies the name of the Issuer resource

      issuerKind
      string

      IssuerKind specifies the kind of Issuer

      issuerGroup
      string

      IssuerGroup specifies the group the Issuer belongs to

      CertificateSpec

      (Appears on:MeshConfigSpec)

      CertificateSpec is the type to reperesent FSM’s certificate management configuration.

      FieldDescription
      serviceCertValidityDuration
      string

      ServiceCertValidityDuration defines the service certificate validity duration.

      certKeyBitSize
      int

      CertKeyBitSize defines the certicate key bit size.

      ingressGateway
      IngressGatewayCertSpec
      (Optional)

      IngressGateway defines the certificate specification for an ingress gateway.

      ClusterPropertySpec

      (Appears on:ClusterSetSpec)

      ClusterPropertySpec is the type to represent cluster property.

      FieldDescription
      name
      string

      Name defines the name of cluster property.

      value
      string

      Value defines the name of cluster property.

      ClusterSetSpec

      (Appears on:MeshConfigSpec)

      ClusterSetSpec is the type to represent cluster set.

      FieldDescription
      properties
      []ClusterPropertySpec

      Properties defines properties for cluster.

      ExternalAuthzSpec

      (Appears on:TrafficSpec)

      ExternalAuthzSpec is a type to represent external authorization configuration.

      FieldDescription
      enable
      bool

      Enable defines a boolean indicating if the external authorization policy is to be enabled.

      address
      string

      Address defines the remote address of the external authorization endpoint.

      port
      uint16

      Port defines the destination port of the remote external authorization endpoint.

      statPrefix
      string

      StatPrefix defines a prefix for the stats sink for this external authorization policy.

      timeout
      string

      Timeout defines the timeout in which a response from the external authorization endpoint. is expected to execute.

      failureModeAllow
      bool

      FailureModeAllow defines a boolean indicating if traffic should be allowed on a failure to get a response against the external authorization endpoint.

      FeatureFlags

      (Appears on:MeshConfigSpec)

      FeatureFlags is a type to represent FSM’s feature flags.

      FieldDescription
      enableEgressPolicy
      bool

      EnableEgressPolicy defines if FSM’s Egress policy is enabled.

      enableSnapshotCacheMode
      bool

      EnableSnapshotCacheMode defines if XDS server starts with snapshot cache.

      enableAsyncProxyServiceMapping
      bool

      EnableAsyncProxyServiceMapping defines if FSM will map proxies to services asynchronously.

      enableIngressBackendPolicy
      bool

      EnableIngressBackendPolicy defines if FSM will use the IngressBackend API to allow ingress traffic to service mesh backends.

      enableAccessControlPolicy
      bool

      EnableAccessControlPolicy defines if FSM will use the AccessControl API to allow access control traffic to service mesh backends.

      enableAccessCertPolicy
      bool

      EnableAccessCertPolicy defines if FSM can issue certificates for external services..

      enableSidecarActiveHealthChecks
      bool

      EnableSidecarActiveHealthChecks defines if FSM will Sidecar active health checks between services allowed to communicate.

      enableRetryPolicy
      bool

      EnableRetryPolicy defines if retry policy is enabled.

      enablePluginPolicy
      bool

      EnablePluginPolicy defines if plugin policy is enabled.

      enableAutoDefaultRoute
      bool

      EnableAutoDefaultRoute defines if auto default route is enabled.

      IngressGatewayCertSpec

      (Appears on:CertificateSpec)

      IngressGatewayCertSpec is the type to represent the certificate specification for an ingress gateway.

      FieldDescription
      subjectAltNames
      []string

      SubjectAltNames defines the Subject Alternative Names (domain names and IP addresses) secured by the certificate.

      validityDuration
      string

      ValidityDuration defines the validity duration of the certificate.

      secret
      Kubernetes core/v1.SecretReference

      Secret defines the secret in which the certificate is stored.

      LocalDNSProxy

      (Appears on:SidecarSpec)

      LocalDNSProxy is the type to represent FSM’s local DNS proxy configuration.

      FieldDescription
      enable
      bool

      Enable defines a boolean indicating if the sidecars are enabled for local DNS Proxy.

      primaryUpstreamDNSServerIPAddr
      string

      PrimaryUpstreamDNSServerIPAddr defines a primary upstream DNS server for local DNS Proxy.

      secondaryUpstreamDNSServerIPAddr
      string

      SecondaryUpstreamDNSServerIPAddr defines a secondary upstream DNS server for local DNS Proxy.

      LocalProxyMode (string alias)

      (Appears on:SidecarSpec)

      LocalProxyMode is a type alias representing the way the sidecar proxies to the main application

      ValueDescription

      "Localhost"

      LocalProxyModeLocalhost indicates the the sidecar should communicate with the main application over localhost

      "PodIP"

      LocalProxyModePodIP indicates that the sidecar should communicate with the main application via the pod ip

      MeshConfig

      MeshConfig is the type used to represent the mesh configuration.

      FieldDescription
      metadata
      Kubernetes meta/v1.ObjectMeta
      (Optional)

      Object’s metadata.

      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      MeshConfigSpec
      (Optional)

      Spec is the MeshConfig specification.



      clusterSet
      ClusterSetSpec

      ClusterSetSpec defines the configurations of cluster.

      sidecar
      SidecarSpec

      Sidecar defines the configurations of the proxy sidecar in a mesh.

      repoServer
      RepoServerSpec

      RepoServer defines the configurations of pipy repo server.

      traffic
      TrafficSpec

      Traffic defines the traffic management configurations for a mesh instance.

      observability
      ObservabilitySpec

      Observalility defines the observability configurations for a mesh instance.

      certificate
      CertificateSpec

      Certificate defines the certificate management configurations for a mesh instance.

      featureFlags
      FeatureFlags

      FeatureFlags defines the feature flags for a mesh instance.

      pluginChains
      PluginChainsSpec

      PluginChains defines the default plugin chains.

      MeshConfigSpec

      (Appears on:MeshConfig)

      MeshConfigSpec is the spec for FSM’s configuration.

      FieldDescription
      clusterSet
      ClusterSetSpec

      ClusterSetSpec defines the configurations of cluster.

      sidecar
      SidecarSpec

      Sidecar defines the configurations of the proxy sidecar in a mesh.

      repoServer
      RepoServerSpec

      RepoServer defines the configurations of pipy repo server.

      traffic
      TrafficSpec

      Traffic defines the traffic management configurations for a mesh instance.

      observability
      ObservabilitySpec

      Observalility defines the observability configurations for a mesh instance.

      certificate
      CertificateSpec

      Certificate defines the certificate management configurations for a mesh instance.

      featureFlags
      FeatureFlags

      FeatureFlags defines the feature flags for a mesh instance.

      pluginChains
      PluginChainsSpec

      PluginChains defines the default plugin chains.

      MeshRootCertificate

      MeshRootCertificate defines the configuration for certificate issuing by the mesh control plane

      FieldDescription
      metadata
      Kubernetes meta/v1.ObjectMeta
      (Optional)

      Object’s metadata

      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      MeshRootCertificateSpec
      (Optional)

      Spec is the MeshRootCertificate config specification



      provider
      ProviderSpec

      Provider specifies the mesh certificate provider

      trustDomain
      string

      TrustDomain is the trust domain to use as a suffix in Common Names for new certificates.

      status
      MeshRootCertificateStatus
      (Optional)

      Status of the MeshRootCertificate resource

      MeshRootCertificateSpec

      (Appears on:MeshRootCertificate)

      MeshRootCertificateSpec defines the mesh root certificate specification

      FieldDescription
      provider
      ProviderSpec

      Provider specifies the mesh certificate provider

      trustDomain
      string

      TrustDomain is the trust domain to use as a suffix in Common Names for new certificates.

      MeshRootCertificateStatus

      (Appears on:MeshRootCertificate)

      MeshRootCertificateStatus defines the status of the MeshRootCertificate resource

      FieldDescription
      state
      string

      State specifies the state of the certificate provider All states are specified in constants.go

      ObservabilitySpec

      (Appears on:MeshConfigSpec)

      ObservabilitySpec is the type to represent FSM’s observability configurations.

      FieldDescription
      fsmLogLevel
      string

      FSMLogLevel defines the log level for FSM control plane logs.

      enableDebugServer
      bool

      EnableDebugServer defines if the debug endpoint on the FSM controller pod is enabled.

      tracing
      TracingSpec

      Tracing defines FSM’s tracing configuration.

      remoteLogging
      RemoteLoggingSpec

      RemoteLogging defines FSM’s remote logging configuration.

      PluginChainSpec

      (Appears on:PluginChainsSpec)

      PluginChainSpec is the type to represent plugin chain.

      FieldDescription
      plugin
      string

      Plugin defines the name of plugin

      priority
      float32

      Priority defines the priority of plugin

      disable
      bool

      Disable defines the visibility of plugin

      PluginChainsSpec

      (Appears on:MeshConfigSpec)

      PluginChainsSpec is the type to represent plugin chains.

      FieldDescription
      inbound-tcp
      []PluginChainSpec

      InboundTCPChains defines inbound tcp chains

      inbound-http
      []PluginChainSpec

      InboundHTTPChains defines inbound http chains

      outbound-tcp
      []PluginChainSpec

      OutboundTCPChains defines outbound tcp chains

      outbound-http
      []PluginChainSpec

      OutboundHTTPChains defines outbound http chains

      ProviderSpec

      (Appears on:MeshRootCertificateSpec)

      ProviderSpec defines the certificate provider used by the mesh control plane

      FieldDescription
      certManager
      CertManagerProviderSpec
      (Optional)

      CertManager specifies the cert-manager provider configuration

      vault
      VaultProviderSpec
      (Optional)

      Vault specifies the vault provider configuration

      tresor
      TresorProviderSpec
      (Optional)

      Tresor specifies the Tresor provider configuration

      RemoteLoggingSpec

      (Appears on:ObservabilitySpec)

      RemoteLoggingSpec is the type to represent FSM’s remote logging configuration.

      FieldDescription
      enable
      bool

      Enable defines a boolean indicating if the sidecars are enabled for remote logging.

      level
      uint16

      Level defines the remote logging’s level.

      port
      int16

      Port defines the remote logging’s port.

      address
      string

      Address defines the remote logging’s hostname.

      endpoint
      string

      Endpoint defines the API endpoint for remote logging requests sent to the collector.

      authorization
      string

      Authorization defines the access entity that allows to authorize someone in remote logging service.

      sampledFraction
      string

      SampledFraction defines the sampled fraction.

      RepoServerSpec

      (Appears on:MeshConfigSpec)

      RepoServerSpec is the type to represent repo server.

      FieldDescription
      ipaddr
      string

      IPAddr of the pipy repo server

      codebase
      string

      Codebase is the folder used by fsmController

      SecretKeyReferenceSpec

      (Appears on:VaultTokenSpec)

      SecretKeyReferenceSpec defines the configuration of the secret reference

      FieldDescription
      name
      string

      Name specifies the name of the secret in which the Vault token is stored

      key
      string

      Key specifies the key whose value is the Vault token

      namespace
      string

      Namespace specifies the namespace of the secret in which the Vault token is stored

      SidecarDriverSpec

      (Appears on:SidecarSpec)

      SidecarDriverSpec is the type to represent FSM’s sidecar driver define.

      FieldDescription
      sidecarName
      string

      SidecarName defines the name of the sidecar driver.

      sidecarImage
      string

      SidecarImage defines the container image used for the proxy sidecar.

      initContainerImage
      string

      InitContainerImage defines the container image used for the init container injected to meshed pods.

      proxyServerPort
      uint32

      ProxyServerPort is the port on which the Discovery Service listens for new connections from Sidecars

      sidecarDisabledMTLS
      bool

      SidecarDisabledMTLS defines whether mTLS is disabled.

      SidecarSpec

      (Appears on:MeshConfigSpec)

      SidecarSpec is the type used to represent the specifications for the proxy sidecar.

      FieldDescription
      enablePrivilegedInitContainer
      bool

      EnablePrivilegedInitContainer defines a boolean indicating whether the init container for a meshed pod should run as privileged.

      logLevel
      string

      LogLevel defines the logging level for the sidecar’s logs. Non developers should generally never set this value. In production environments the LogLevel should be set to error.

      sidecarClass
      string

      SidecarClass defines the class used for the proxy sidecar.

      sidecarImage
      string

      SidecarImage defines the container image used for the proxy sidecar.

      sidecarDisabledMTLS
      bool

      SidecarDisabledMTLS defines whether mTLS is disabled.

      initContainerImage
      string

      InitContainerImage defines the container image used for the init container injected to meshed pods.

      sidecarDrivers
      []SidecarDriverSpec

      SidecarDrivers defines the sidecar supported.

      maxDataPlaneConnections
      int

      MaxDataPlaneConnections defines the maximum allowed data plane connections from a proxy sidecar to the FSM controller.

      configResyncInterval
      string

      ConfigResyncInterval defines the resync interval for regular proxy broadcast updates.

      sidecarTimeout
      int

      SidecarTimeout defines the connect/idle/read/write timeout.

      resources
      Kubernetes core/v1.ResourceRequirements

      Resources defines the compute resources for the sidecar.

      tlsMinProtocolVersion
      string

      TLSMinProtocolVersion defines the minimum TLS protocol version that the sidecar supports. Valid TLS protocol versions are TLS_AUTO, TLSv1_0, TLSv1_1, TLSv1_2 and TLSv1_3.

      tlsMaxProtocolVersion
      string

      TLSMaxProtocolVersion defines the maximum TLS protocol version that the sidecar supports. Valid TLS protocol versions are TLS_AUTO, TLSv1_0, TLSv1_1, TLSv1_2 and TLSv1_3.

      cipherSuites
      []string

      CipherSuites defines a list of ciphers that listener supports when negotiating TLS 1.0-1.2. This setting has no effect when negotiating TLS 1.3. For valid cipher names, see the latest OpenSSL ciphers manual page. E.g. https://www.openssl.org/docs/man1.1.1/apps/ciphers.html.

      ecdhCurves
      []string

      ECDHCurves defines a list of ECDH curves that TLS connection supports. If not specified, the curves are [X25519, P-256] for non-FIPS build and P-256 for builds using BoringSSL FIPS.

      localProxyMode
      LocalProxyMode

      LocalProxyMode defines the network interface the proxy will use to send traffic to the backend service application. Acceptable values are [Localhost, PodIP]. The default is Localhost

      localDNSProxy
      LocalDNSProxy

      LocalDNSProxy improves the performance of your computer by caching the responses coming from your DNS servers

      TracingSpec

      (Appears on:ObservabilitySpec)

      TracingSpec is the type to represent FSM’s tracing configuration.

      FieldDescription
      enable
      bool

      Enable defines a boolean indicating if the sidecars are enabled for tracing.

      port
      int16

      Port defines the tracing collector’s port.

      address
      string

      Address defines the tracing collectio’s hostname.

      endpoint
      string

      Endpoint defines the API endpoint for tracing requests sent to the collector.

      sampledFraction
      string

      SampledFraction defines the sampled fraction.

      TrafficSpec

      (Appears on:MeshConfigSpec)

      TrafficSpec is the type used to represent FSM’s traffic management configuration.

      FieldDescription
      interceptionMode
      string

      InterceptionMode defines a string indicating which traffic interception mode is used.

      enableEgress
      bool

      EnableEgress defines a boolean indicating if mesh-wide Egress is enabled.

      outboundIPRangeExclusionList
      []string

      OutboundIPRangeExclusionList defines a global list of IP address ranges to exclude from outbound traffic interception by the sidecar proxy.

      outboundIPRangeInclusionList
      []string

      OutboundIPRangeInclusionList defines a global list of IP address ranges to include for outbound traffic interception by the sidecar proxy. IP addresses outside this range will be excluded from outbound traffic interception by the sidecar proxy.

      outboundPortExclusionList
      []int

      OutboundPortExclusionList defines a global list of ports to exclude from outbound traffic interception by the sidecar proxy.

      inboundPortExclusionList
      []int

      InboundPortExclusionList defines a global list of ports to exclude from inbound traffic interception by the sidecar proxy.

      enablePermissiveTrafficPolicyMode
      bool

      EnablePermissiveTrafficPolicyMode defines a boolean indicating if permissive traffic policy mode is enabled mesh-wide.

      serviceAccessMode
      string

      ServiceAccessMode defines a string indicating service access mode.

      inboundExternalAuthorization
      ExternalAuthzSpec

      InboundExternalAuthorization defines a ruleset that, if enabled, will configure a remote external authorization endpoint for all inbound and ingress traffic in the mesh.

      networkInterfaceExclusionList
      []string

      NetworkInterfaceExclusionList defines a global list of network interface names to exclude from inbound and outbound traffic interception by the sidecar proxy.

      http1PerRequestLoadBalancing
      bool

      HTTP1PerRequestLoadBalancing defines a boolean indicating if load balancing based on request is enabled for http1.

      http2PerRequestLoadBalancing
      bool

      HTTP1PerRequestLoadBalancing defines a boolean indicating if load balancing based on request is enabled for http2.

      TresorCASpec

      (Appears on:TresorProviderSpec)

      TresorCASpec defines the configuration of Tresor’s root certificate

      FieldDescription
      secretRef
      Kubernetes core/v1.SecretReference

      SecretRef specifies the secret in which the root certificate is stored

      TresorProviderSpec

      (Appears on:ProviderSpec)

      TresorProviderSpec defines the configuration of the Tresor provider

      FieldDescription
      ca
      TresorCASpec

      CA specifies Tresor’s ca configuration

      VaultProviderSpec

      (Appears on:ProviderSpec)

      VaultProviderSpec defines the configuration of the Vault provider

      FieldDescription
      host
      string

      Host specifies the name of the Vault server

      port
      int

      Port specifies the port of the Vault server

      role
      string

      Role specifies the name of the role for use by mesh control plane

      protocol
      string

      Protocol specifies the protocol for connections to Vault

      token
      VaultTokenSpec

      Token specifies the configuration of the token to be used by mesh control plane to connect to Vault

      VaultTokenSpec

      (Appears on:VaultProviderSpec)

      VaultTokenSpec defines the configuration of the Vault token

      FieldDescription
      secretKeyRef
      SecretKeyReferenceSpec

      SecretKeyRef specifies the secret in which the Vault token is stored


      Generated with gen-crd-api-reference-docs on git commit 8abe9ab.

      3 - Config v1alpha3 API Reference

      Config v1alpha3 API reference documentation.

      Packages:

      config.flomesh.io/v1alpha3

      Package v1alpha3 is the v1alpha3 version of the API.

      Resource Types:

        CertManagerProviderSpec

        (Appears on:ProviderSpec)

        CertManagerProviderSpec defines the configuration of the cert-manager provider

        FieldDescription
        issuerName
        string

        IssuerName specifies the name of the Issuer resource

        issuerKind
        string

        IssuerKind specifies the kind of Issuer

        issuerGroup
        string

        IssuerGroup specifies the group the Issuer belongs to

        CertificateSpec

        (Appears on:MeshConfigSpec)

        CertificateSpec is the type to reperesent FSM’s certificate management configuration.

        FieldDescription
        serviceCertValidityDuration
        string

        ServiceCertValidityDuration defines the service certificate validity duration.

        certKeyBitSize
        int

        CertKeyBitSize defines the certicate key bit size.

        ingressGateway
        IngressGatewayCertSpec
        (Optional)

        IngressGateway defines the certificate specification for an ingress gateway.

        ClusterPropertySpec

        (Appears on:ClusterSetSpec)

        ClusterPropertySpec is the type to represent cluster property.

        FieldDescription
        name
        string

        Name defines the name of cluster property.

        value
        string

        Value defines the name of cluster property.

        ClusterSetSpec

        (Appears on:MeshConfigSpec)

        ClusterSetSpec is the type to represent cluster set.

        FieldDescription
        isManaged
        bool

        IsManaged defines if the cluster is managed.

        uid
        string

        UID defines Unique ID of cluster.

        region
        string
        (Optional)

        Region defines Region of cluster.

        zone
        string
        (Optional)

        Zone defines Zone of cluster.

        group
        string
        (Optional)

        Group defines Group of cluster.

        name
        string

        Name defines Name of cluster.

        controlPlaneUID
        string

        ControlPlaneUID defines the unique ID of the control plane cluster, in case it’s managed

        properties
        []ClusterPropertySpec

        Properties defines properties for cluster.

        EgressGatewaySpec

        (Appears on:MeshConfigSpec)

        EgressGatewaySpec is the type to represent egress gateway.

        FieldDescription
        enabled
        bool

        Enabled defines if flb is enabled.

        logLevel
        string

        LogLevel defines the log level of gateway api.

        mode
        string

        Mode defines the mode of egress gateway.

        port
        int32

        Port defines the port of egress gateway.

        adminPort
        int32

        AdminPort defines the admin port of egress gateway.

        replicas
        int32

        Replicas defines the replicas of egress gateway.

        ExternalAuthzSpec

        (Appears on:TrafficSpec)

        ExternalAuthzSpec is a type to represent external authorization configuration.

        FieldDescription
        enable
        bool

        Enable defines a boolean indicating if the external authorization policy is to be enabled.

        address
        string

        Address defines the remote address of the external authorization endpoint.

        port
        uint16

        Port defines the destination port of the remote external authorization endpoint.

        statPrefix
        string

        StatPrefix defines a prefix for the stats sink for this external authorization policy.

        timeout
        string

        Timeout defines the timeout in which a response from the external authorization endpoint. is expected to execute.

        failureModeAllow
        bool

        FailureModeAllow defines a boolean indicating if traffic should be allowed on a failure to get a response against the external authorization endpoint.

        FLBSpec

        (Appears on:MeshConfigSpec)

        FLBSpec is the type to represent flb.

        FieldDescription
        enabled
        bool

        Enabled defines if flb is enabled.

        strictMode
        bool

        StrictMode defines if flb is in strict mode.

        upstreamMode
        FLBUpstreamMode

        UpstreamMode defines the upstream mode of flb.

        secretName
        string

        SecretName defines the secret name of flb.

        FLBUpstreamMode (string alias)

        (Appears on:FLBSpec)

        ValueDescription

        "Endpoint"

        "NodePort"

        FeatureFlags

        (Appears on:MeshConfigSpec)

        FeatureFlags is a type to represent FSM’s feature flags.

        FieldDescription
        enableEgressPolicy
        bool

        EnableEgressPolicy defines if FSM’s Egress policy is enabled.

        enableSnapshotCacheMode
        bool

        EnableSnapshotCacheMode defines if XDS server starts with snapshot cache.

        enableAsyncProxyServiceMapping
        bool

        EnableAsyncProxyServiceMapping defines if FSM will map proxies to services asynchronously.

        enableIngressBackendPolicy
        bool

        EnableIngressBackendPolicy defines if FSM will use the IngressBackend API to allow ingress traffic to service mesh backends.

        enableAccessControlPolicy
        bool

        EnableAccessControlPolicy defines if FSM will use the AccessControl API to allow access control traffic to service mesh backends.

        enableAccessCertPolicy
        bool

        EnableAccessCertPolicy defines if FSM can issue certificates for external services..

        enableSidecarActiveHealthChecks
        bool

        EnableSidecarActiveHealthChecks defines if FSM will Sidecar active health checks between services allowed to communicate.

        enableRetryPolicy
        bool

        EnableRetryPolicy defines if retry policy is enabled.

        enablePluginPolicy
        bool

        EnablePluginPolicy defines if plugin policy is enabled.

        enableAutoDefaultRoute
        bool

        EnableAutoDefaultRoute defines if auto default route is enabled.

        enableValidateGatewayListenerHostname
        bool

        EnableValidateGatewayListenerHostname defines if validate gateway listener hostname is enabled.

        enableValidateHTTPRouteHostnames
        bool

        EnableValidateHTTPRouteHostnames defines if validate http route hostnames is enabled.

        enableValidateGRPCRouteHostnames
        bool

        EnableValidateGRPCRouteHostnames defines if validate grpc route hostnames is enabled.

        enableValidateTLSRouteHostnames
        bool

        EnableValidateTCPRouteHostnames defines if validate tcp route hostnames is enabled.

        enableGatewayAgentService
        bool

        EnableGatewayAgentService defines if agent service is enabled.

        enableGatewayProxyTag
        bool

        EnableGatewayProxyTag defines if gateway proxy-tag header is enabled.

        GatewayAPISpec

        (Appears on:MeshConfigSpec)

        GatewayAPISpec is the type to represent gateway api.

        FieldDescription
        enabled
        bool

        Enabled defines if gateway api is enabled.

        logLevel
        string

        LogLevel defines the log level of gateway api.

        fgwLogLevel
        string

        FGWLogLevel defines the log level of FGW.

        StripAnyHostPort
        bool

        StripAnyHostPort defines if strip any host port is enabled.

        sslPassthroughUpstreamPort
        int32

        SSLPassthroughUpstreamPort defines the default upstream port of SSL passthrough.

        http1PerRequestLoadBalancing
        bool

        HTTP1PerRequestLoadBalancing defines if load balancing based on per-request is enabled for http1.

        http2PerRequestLoadBalancing
        bool

        HTTP2PerRequestLoadBalancing defines if load balancing based on per-request is enabled for http2.

        proxyTag
        ProxyTag

        ProxyTag defines the proxy tag configuration of gateway api.

        HTTP

        (Appears on:IngressSpec)

        HTTP is the type to represent http.

        FieldDescription
        enabled
        bool

        Enabled defines if http is enabled.

        bind
        int32

        Bind defines the bind port of http.

        listen
        int32

        Listen defines the listen port of http.

        nodePort
        int32

        NodePort defines the node port of http.

        ImageSpec

        (Appears on:MeshConfigSpec)

        ImageSpec is the type to represent image.

        FieldDescription
        registry
        string

        Registry defines the registry of docker image.

        tag
        string

        Tag defines the tag of docker image.

        pullPolicy
        Kubernetes core/v1.PullPolicy

        PullPolicy defines the pull policy of docker image.

        IngressGatewayCertSpec

        (Appears on:CertificateSpec)

        IngressGatewayCertSpec is the type to represent the certificate specification for an ingress gateway.

        FieldDescription
        subjectAltNames
        []string

        SubjectAltNames defines the Subject Alternative Names (domain names and IP addresses) secured by the certificate.

        validityDuration
        string

        ValidityDuration defines the validity duration of the certificate.

        secret
        Kubernetes core/v1.SecretReference

        Secret defines the secret in which the certificate is stored.

        IngressSpec

        (Appears on:MeshConfigSpec)

        IngressSpec is the type to represent ingress.

        FieldDescription
        enabled
        bool

        Enabled defines if ingress is enabled.

        namespaced
        bool

        Namespaced defines if ingress is namespaced.

        type
        Kubernetes core/v1.ServiceType

        Type defines the type of ingress service.

        logLevel
        string

        LogLevel defines the log level of ingress.

        http
        HTTP
        (Optional)

        HTTP defines the http configuration of ingress.

        tls
        TLS
        (Optional)

        TLS defines the tls configuration of ingress.

        LocalDNSProxy

        (Appears on:SidecarSpec)

        LocalDNSProxy is the type to represent FSM’s local DNS proxy configuration.

        FieldDescription
        enable
        bool

        Enable defines a boolean indicating if the sidecars are enabled for local DNS Proxy.

        primaryUpstreamDNSServerIPAddr
        string
        (Optional)

        PrimaryUpstreamDNSServerIPAddr defines a primary upstream DNS server for local DNS Proxy.

        secondaryUpstreamDNSServerIPAddr
        string
        (Optional)

        SecondaryUpstreamDNSServerIPAddr defines a secondary upstream DNS server for local DNS Proxy.

        wildcard
        WildcardDN

        Wildcard defines Wildcard DN.

        db
        []ResolveDN

        DB defines Resolve DB.

        LocalProxyMode (string alias)

        (Appears on:SidecarSpec)

        LocalProxyMode is a type alias representing the way the sidecar proxies to the main application

        ValueDescription

        "Localhost"

        LocalProxyModeLocalhost indicates the the sidecar should communicate with the main application over localhost

        "PodIP"

        LocalProxyModePodIP indicates that the sidecar should communicate with the main application via the pod ip

        MeshConfig

        MeshConfig is the type used to represent the mesh configuration.

        FieldDescription
        metadata
        Kubernetes meta/v1.ObjectMeta
        (Optional)

        Object’s metadata.

        Refer to the Kubernetes API documentation for the fields of the metadata field.
        spec
        MeshConfigSpec
        (Optional)

        Spec is the MeshConfig specification.



        clusterSet
        ClusterSetSpec

        ClusterSetSpec defines the configurations of cluster.

        sidecar
        SidecarSpec

        Sidecar defines the configurations of the proxy sidecar in a mesh.

        repoServer
        RepoServerSpec

        RepoServer defines the configurations of pipy repo server.

        traffic
        TrafficSpec

        Traffic defines the traffic management configurations for a mesh instance.

        observability
        ObservabilitySpec

        Observalility defines the observability configurations for a mesh instance.

        certificate
        CertificateSpec

        Certificate defines the certificate management configurations for a mesh instance.

        featureFlags
        FeatureFlags

        FeatureFlags defines the feature flags for a mesh instance.

        pluginChains
        PluginChainsSpec

        PluginChains defines the default plugin chains.

        ingress
        IngressSpec

        Ingress defines the configurations of Ingress features.

        gatewayAPI
        GatewayAPISpec

        GatewayAPI defines the configurations of GatewayAPI features.

        serviceLB
        ServiceLBSpec

        ServiceLB defines the configurations of ServiceLBServiceLB features.

        flb
        FLBSpec

        FLB defines the configurations of FLB features.

        egressGateway
        EgressGatewaySpec

        EgressGateway defines the configurations of EgressGateway features.

        image
        ImageSpec

        Image defines the configurations of Image info

        misc
        MiscSpec

        Misc defines the configurations of misc info

        MeshConfigSpec

        (Appears on:MeshConfig)

        MeshConfigSpec is the spec for FSM’s configuration.

        FieldDescription
        clusterSet
        ClusterSetSpec

        ClusterSetSpec defines the configurations of cluster.

        sidecar
        SidecarSpec

        Sidecar defines the configurations of the proxy sidecar in a mesh.

        repoServer
        RepoServerSpec

        RepoServer defines the configurations of pipy repo server.

        traffic
        TrafficSpec

        Traffic defines the traffic management configurations for a mesh instance.

        observability
        ObservabilitySpec

        Observalility defines the observability configurations for a mesh instance.

        certificate
        CertificateSpec

        Certificate defines the certificate management configurations for a mesh instance.

        featureFlags
        FeatureFlags

        FeatureFlags defines the feature flags for a mesh instance.

        pluginChains
        PluginChainsSpec

        PluginChains defines the default plugin chains.

        ingress
        IngressSpec

        Ingress defines the configurations of Ingress features.

        gatewayAPI
        GatewayAPISpec

        GatewayAPI defines the configurations of GatewayAPI features.

        serviceLB
        ServiceLBSpec

        ServiceLB defines the configurations of ServiceLBServiceLB features.

        flb
        FLBSpec

        FLB defines the configurations of FLB features.

        egressGateway
        EgressGatewaySpec

        EgressGateway defines the configurations of EgressGateway features.

        image
        ImageSpec

        Image defines the configurations of Image info

        misc
        MiscSpec

        Misc defines the configurations of misc info

        MeshRootCertificate

        MeshRootCertificate defines the configuration for certificate issuing by the mesh control plane

        FieldDescription
        metadata
        Kubernetes meta/v1.ObjectMeta
        (Optional)

        Object’s metadata

        Refer to the Kubernetes API documentation for the fields of the metadata field.
        spec
        MeshRootCertificateSpec
        (Optional)

        Spec is the MeshRootCertificate config specification



        provider
        ProviderSpec

        Provider specifies the mesh certificate provider

        trustDomain
        string

        TrustDomain is the trust domain to use as a suffix in Common Names for new certificates.

        status
        MeshRootCertificateStatus
        (Optional)

        Status of the MeshRootCertificate resource

        MeshRootCertificateSpec

        (Appears on:MeshRootCertificate)

        MeshRootCertificateSpec defines the mesh root certificate specification

        FieldDescription
        provider
        ProviderSpec

        Provider specifies the mesh certificate provider

        trustDomain
        string

        TrustDomain is the trust domain to use as a suffix in Common Names for new certificates.

        MeshRootCertificateStatus

        (Appears on:MeshRootCertificate)

        MeshRootCertificateStatus defines the status of the MeshRootCertificate resource

        FieldDescription
        state
        string

        State specifies the state of the certificate provider All states are specified in constants.go

        MiscSpec

        (Appears on:MeshConfigSpec)

        MiscSpec is the type to represent misc configs.

        FieldDescription
        curlImage
        string

        CurlImage defines the image of curl.

        repoServerImage
        string

        RepoServerImage defines the image of repo server.

        ObservabilitySpec

        (Appears on:MeshConfigSpec)

        ObservabilitySpec is the type to represent FSM’s observability configurations.

        FieldDescription
        fsmLogLevel
        string

        FSMLogLevel defines the log level for FSM control plane logs.

        enableDebugServer
        bool

        EnableDebugServer defines if the debug endpoint on the FSM controller pod is enabled.

        tracing
        TracingSpec

        Tracing defines FSM’s tracing configuration.

        remoteLogging
        RemoteLoggingSpec

        RemoteLogging defines FSM’s remote logging configuration.

        PluginChainSpec

        (Appears on:PluginChainsSpec)

        PluginChainSpec is the type to represent plugin chain.

        FieldDescription
        plugin
        string

        Plugin defines the name of plugin

        priority
        float32

        Priority defines the priority of plugin

        disable
        bool

        Disable defines the visibility of plugin

        PluginChainsSpec

        (Appears on:MeshConfigSpec)

        PluginChainsSpec is the type to represent plugin chains.

        FieldDescription
        inbound-tcp
        []PluginChainSpec

        InboundTCPChains defines inbound tcp chains

        inbound-http
        []PluginChainSpec

        InboundHTTPChains defines inbound http chains

        outbound-tcp
        []PluginChainSpec

        OutboundTCPChains defines outbound tcp chains

        outbound-http
        []PluginChainSpec

        OutboundHTTPChains defines outbound http chains

        ProviderSpec

        (Appears on:MeshRootCertificateSpec)

        ProviderSpec defines the certificate provider used by the mesh control plane

        FieldDescription
        certManager
        CertManagerProviderSpec
        (Optional)

        CertManager specifies the cert-manager provider configuration

        vault
        VaultProviderSpec
        (Optional)

        Vault specifies the vault provider configuration

        tresor
        TresorProviderSpec
        (Optional)

        Tresor specifies the Tresor provider configuration

        ProxyTag

        (Appears on:GatewayAPISpec)

        FieldDescription
        srcHostHeader
        string

        SrcHostHeader defines the src host header.

        dstHostHeader
        string

        DstHostHeader defines the dst host header.

        RemoteLoggingSpec

        (Appears on:ObservabilitySpec)

        RemoteLoggingSpec is the type to represent FSM’s remote logging configuration.

        FieldDescription
        enable
        bool

        Enable defines a boolean indicating if the sidecars are enabled for remote logging.

        level
        uint16

        Level defines the remote logging’s level.

        port
        int16

        Port defines the remote logging’s port.

        address
        string

        Address defines the remote logging’s hostname.

        endpoint
        string

        Endpoint defines the API endpoint for remote logging requests sent to the collector.

        authorization
        string

        Authorization defines the access entity that allows to authorize someone in remote logging service.

        sampledFraction
        string

        SampledFraction defines the sampled fraction.

        secretName
        string

        SecretName defines the name of the secret that contains the configuration for remote logging.

        RepoServerSpec

        (Appears on:MeshConfigSpec)

        RepoServerSpec is the type to represent repo server.

        FieldDescription
        ipaddr
        string

        IPAddr of the pipy repo server

        port
        int16

        Port defines the pipy repo server’s port.

        codebase
        string

        Codebase is the folder used by fsmController

        ResolveDN

        (Appears on:LocalDNSProxy)

        ResolveDN is the type to represent FSM’s Resolve DN configuration.

        FieldDescription
        dn
        string

        DN defines resolve DN.

        ipv4
        []string

        IPv4 defines a ipv4 address for resolve DN.

        SSLPassthrough

        (Appears on:TLS)

        SSLPassthrough is the type to represent ssl passthrough.

        FieldDescription
        enabled
        bool

        Enabled defines if ssl passthrough is enabled.

        upstreamPort
        int32

        UpstreamPort defines the upstream port of ssl passthrough.

        SecretKeyReferenceSpec

        (Appears on:VaultTokenSpec)

        SecretKeyReferenceSpec defines the configuration of the secret reference

        FieldDescription
        name
        string

        Name specifies the name of the secret in which the Vault token is stored

        key
        string

        Key specifies the key whose value is the Vault token

        namespace
        string

        Namespace specifies the namespace of the secret in which the Vault token is stored

        ServiceLBSpec

        (Appears on:MeshConfigSpec)

        ServiceLBSpec is the type to represent service lb.

        FieldDescription
        enabled
        bool

        Enabled defines if service lb is enabled.

        image
        string

        Image defines the service lb image.

        SidecarSpec

        (Appears on:MeshConfigSpec)

        SidecarSpec is the type used to represent the specifications for the proxy sidecar.

        FieldDescription
        enablePrivilegedInitContainer
        bool

        EnablePrivilegedInitContainer defines a boolean indicating whether the init container for a meshed pod should run as privileged.

        logLevel
        string

        LogLevel defines the logging level for the sidecar’s logs. Non developers should generally never set this value. In production environments the LogLevel should be set to error.

        sidecarImage
        string

        SidecarImage defines the container image used for the proxy sidecar.

        sidecarDisabledMTLS
        bool

        SidecarDisabledMTLS defines whether mTLS is disabled.

        maxDataPlaneConnections
        int

        MaxDataPlaneConnections defines the maximum allowed data plane connections from a proxy sidecar to the FSM controller.

        configResyncInterval
        string

        ConfigResyncInterval defines the resync interval for regular proxy broadcast updates.

        sidecarTimeout
        int

        SidecarTimeout defines the connect/idle/read/write timeout.

        resources
        Kubernetes core/v1.ResourceRequirements

        Resources defines the compute resources for the sidecar.

        tlsMinProtocolVersion
        string

        TLSMinProtocolVersion defines the minimum TLS protocol version that the sidecar supports. Valid TLS protocol versions are TLS_AUTO, TLSv1_0, TLSv1_1, TLSv1_2 and TLSv1_3.

        tlsMaxProtocolVersion
        string

        TLSMaxProtocolVersion defines the maximum TLS protocol version that the sidecar supports. Valid TLS protocol versions are TLS_AUTO, TLSv1_0, TLSv1_1, TLSv1_2 and TLSv1_3.

        cipherSuites
        []string

        CipherSuites defines a list of ciphers that listener supports when negotiating TLS 1.0-1.2. This setting has no effect when negotiating TLS 1.3. For valid cipher names, see the latest OpenSSL ciphers manual page. E.g. https://www.openssl.org/docs/man1.1.1/apps/ciphers.html.

        ecdhCurves
        []string

        ECDHCurves defines a list of ECDH curves that TLS connection supports. If not specified, the curves are [X25519, P-256] for non-FIPS build and P-256 for builds using BoringSSL FIPS.

        localProxyMode
        LocalProxyMode

        LocalProxyMode defines the network interface the proxy will use to send traffic to the backend service application. Acceptable values are [Localhost, PodIP]. The default is Localhost

        localDNSProxy
        LocalDNSProxy

        LocalDNSProxy improves the performance of your computer by caching the responses coming from your DNS servers

        TLS

        (Appears on:IngressSpec)

        TLS is the type to represent tls.

        FieldDescription
        enabled
        bool

        Enabled defines if tls is enabled.

        bind
        int32

        Bind defines the bind port of tls.

        listen
        int32

        Listen defines the listen port of tls.

        nodePort
        int32

        NodePort defines the node port of tls.

        mTLS
        bool

        MTLS defines if mTLS is enabled.

        sslPassthrough
        SSLPassthrough
        (Optional)

        SSLPassthrough defines the ssl passthrough configuration of tls.

        TracingSpec

        (Appears on:ObservabilitySpec)

        TracingSpec is the type to represent FSM’s tracing configuration.

        FieldDescription
        enable
        bool

        Enable defines a boolean indicating if the sidecars are enabled for tracing.

        port
        int16

        Port defines the tracing collector’s port.

        address
        string

        Address defines the tracing collectio’s hostname.

        endpoint
        string

        Endpoint defines the API endpoint for tracing requests sent to the collector.

        sampledFraction
        string

        SampledFraction defines the sampled fraction.

        TrafficSpec

        (Appears on:MeshConfigSpec)

        TrafficSpec is the type used to represent FSM’s traffic management configuration.

        FieldDescription
        interceptionMode
        string

        InterceptionMode defines a string indicating which traffic interception mode is used.

        enableEgress
        bool

        EnableEgress defines a boolean indicating if mesh-wide Egress is enabled.

        outboundIPRangeExclusionList
        []string

        OutboundIPRangeExclusionList defines a global list of IP address ranges to exclude from outbound traffic interception by the sidecar proxy.

        outboundIPRangeInclusionList
        []string

        OutboundIPRangeInclusionList defines a global list of IP address ranges to include for outbound traffic interception by the sidecar proxy. IP addresses outside this range will be excluded from outbound traffic interception by the sidecar proxy.

        outboundPortExclusionList
        []int

        OutboundPortExclusionList defines a global list of ports to exclude from outbound traffic interception by the sidecar proxy.

        inboundPortExclusionList
        []int

        InboundPortExclusionList defines a global list of ports to exclude from inbound traffic interception by the sidecar proxy.

        enablePermissiveTrafficPolicyMode
        bool

        EnablePermissiveTrafficPolicyMode defines a boolean indicating if permissive traffic policy mode is enabled mesh-wide.

        serviceAccessMode
        string

        ServiceAccessMode defines a string indicating service access mode.

        inboundExternalAuthorization
        ExternalAuthzSpec

        InboundExternalAuthorization defines a ruleset that, if enabled, will configure a remote external authorization endpoint for all inbound and ingress traffic in the mesh.

        networkInterfaceExclusionList
        []string

        NetworkInterfaceExclusionList defines a global list of network interface names to exclude from inbound and outbound traffic interception by the sidecar proxy.

        http1PerRequestLoadBalancing
        bool

        HTTP1PerRequestLoadBalancing defines a boolean indicating if load balancing based on request is enabled for http1.

        http2PerRequestLoadBalancing
        bool

        HTTP1PerRequestLoadBalancing defines a boolean indicating if load balancing based on request is enabled for http2.

        TresorCASpec

        (Appears on:TresorProviderSpec)

        TresorCASpec defines the configuration of Tresor’s root certificate

        FieldDescription
        secretRef
        Kubernetes core/v1.SecretReference

        SecretRef specifies the secret in which the root certificate is stored

        TresorProviderSpec

        (Appears on:ProviderSpec)

        TresorProviderSpec defines the configuration of the Tresor provider

        FieldDescription
        ca
        TresorCASpec

        CA specifies Tresor’s ca configuration

        VaultProviderSpec

        (Appears on:ProviderSpec)

        VaultProviderSpec defines the configuration of the Vault provider

        FieldDescription
        host
        string

        Host specifies the name of the Vault server

        port
        int

        Port specifies the port of the Vault server

        role
        string

        Role specifies the name of the role for use by mesh control plane

        protocol
        string

        Protocol specifies the protocol for connections to Vault

        token
        VaultTokenSpec

        Token specifies the configuration of the token to be used by mesh control plane to connect to Vault

        VaultTokenSpec

        (Appears on:VaultProviderSpec)

        VaultTokenSpec defines the configuration of the Vault token

        FieldDescription
        secretKeyRef
        SecretKeyReferenceSpec

        SecretKeyRef specifies the secret in which the Vault token is stored

        WildcardDN

        (Appears on:LocalDNSProxy)

        WildcardDN is the type to represent FSM’s Wildcard DN configuration.

        FieldDescription
        enable
        bool

        Enable defines a boolean indicating if wildcard are enabled for local DNS Proxy.

        ipv4
        []string

        IPv4 defines a ipv4 address for wildcard DN.


        Generated with gen-crd-api-reference-docs on git commit 8abe9ab.