This is the multi-page printable view of this section. Click here to print.
Config API Reference
1 - Config v1alpha1 API Reference
Packages:
config.flomesh.io/v1alpha1
Package v1alpha1 is the v1alpha1 version of the API.
CertificateSpec
(Appears on:MeshConfigSpec)
CertificateSpec is the type to reperesent FSM’s certificate management configuration.
Field | Description |
---|---|
serviceCertValidityDuration string | ServiceCertValidityDuration defines the service certificate validity duration. |
certKeyBitSize int | CertKeyBitSize defines the certicate key bit size. |
ingressGateway IngressGatewayCertSpec | (Optional) IngressGateway defines the certificate specification for an ingress gateway. |
ClusterPropertySpec
(Appears on:ClusterSetSpec)
ClusterPropertySpec is the type to represent cluster property.
Field | Description |
---|---|
name string | Name defines the name of cluster property. |
value string | Value defines the name of cluster property. |
ClusterSetSpec
(Appears on:MeshConfigSpec)
ClusterSetSpec is the type to represent cluster set.
Field | Description |
---|---|
properties []ClusterPropertySpec | Properties defines properties for cluster. |
ExternalAuthzSpec
(Appears on:TrafficSpec)
ExternalAuthzSpec is a type to represent external authorization configuration.
Field | Description |
---|---|
enable bool | Enable defines a boolean indicating if the external authorization policy is to be enabled. |
address string | Address defines the remote address of the external authorization endpoint. |
port uint16 | Port defines the destination port of the remote external authorization endpoint. |
statPrefix string | StatPrefix defines a prefix for the stats sink for this external authorization policy. |
timeout string | Timeout defines the timeout in which a response from the external authorization endpoint. is expected to execute. |
failureModeAllow bool | FailureModeAllow defines a boolean indicating if traffic should be allowed on a failure to get a response against the external authorization endpoint. |
FeatureFlags
(Appears on:MeshConfigSpec)
FeatureFlags is a type to represent FSM’s feature flags.
Field | Description |
---|---|
enableEgressPolicy bool | EnableEgressPolicy defines if FSM’s Egress policy is enabled. |
enableSnapshotCacheMode bool | EnableSnapshotCacheMode defines if XDS server starts with snapshot cache. |
enableAsyncProxyServiceMapping bool | EnableAsyncProxyServiceMapping defines if FSM will map proxies to services asynchronously. |
enableIngressBackendPolicy bool | EnableIngressBackendPolicy defines if FSM will use the IngressBackend API to allow ingress traffic to service mesh backends. |
enableAccessControlPolicy bool | EnableAccessControlPolicy defines if FSM will use the AccessControl API to allow access control traffic to service mesh backends. |
enableAccessCertPolicy bool | EnableAccessCertPolicy defines if FSM can issue certificates for external services.. |
enableSidecarActiveHealthChecks bool | EnableSidecarActiveHealthChecks defines if FSM will sidecar active health checks between services allowed to communicate. |
enableRetryPolicy bool | EnableRetryPolicy defines if retry policy is enabled. |
enablePluginPolicy bool | EnablePluginPolicy defines if plugin policy is enabled. |
enableAutoDefaultRoute bool | EnableAutoDefaultRoute defines if auto default route is enabled. |
IngressGatewayCertSpec
(Appears on:CertificateSpec)
IngressGatewayCertSpec is the type to represent the certificate specification for an ingress gateway.
Field | Description |
---|---|
subjectAltNames []string | SubjectAltNames defines the Subject Alternative Names (domain names and IP addresses) secured by the certificate. |
validityDuration string | ValidityDuration defines the validity duration of the certificate. |
secret Kubernetes core/v1.SecretReference | Secret defines the secret in which the certificate is stored. |
MeshConfig
MeshConfig is the type used to represent the mesh configuration.
Field | Description | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta | (Optional) Object’s metadata. Refer to the Kubernetes API documentation for the fields of themetadata field. | ||||||||||||||||
spec MeshConfigSpec | (Optional) Spec is the MeshConfig specification.
|
MeshConfigSpec
(Appears on:MeshConfig)
MeshConfigSpec is the spec for FSM’s configuration.
Field | Description |
---|---|
clusterSet ClusterSetSpec | ClusterSetSpec defines the configurations of cluster. |
sidecar SidecarSpec | Sidecar defines the configurations of the proxy sidecar in a mesh. |
repoServer RepoServerSpec | RepoServer defines the configurations of pipy repo server. |
traffic TrafficSpec | Traffic defines the traffic management configurations for a mesh instance. |
observability ObservabilitySpec | Observalility defines the observability configurations for a mesh instance. |
certificate CertificateSpec | Certificate defines the certificate management configurations for a mesh instance. |
featureFlags FeatureFlags | FeatureFlags defines the feature flags for a mesh instance. |
pluginChains PluginChainsSpec | PluginChains defines the default plugin chains. |
ObservabilitySpec
(Appears on:MeshConfigSpec)
ObservabilitySpec is the type to represent FSM’s observability configurations.
Field | Description |
---|---|
fsmLogLevel string | FSMLogLevel defines the log level for FSM control plane logs. |
enableDebugServer bool | EnableDebugServer defines if the debug endpoint on the FSM controller pod is enabled. |
tracing TracingSpec | Tracing defines FSM’s tracing configuration. |
remoteLogging RemoteLoggingSpec | RemoteLogging defines FSM’s remot logging configuration. |
PluginChainSpec
(Appears on:PluginChainsSpec)
PluginChainSpec is the type to represent plugin chain.
Field | Description |
---|---|
plugin string | Plugin defines the name of plugin |
priority float32 | Priority defines the priority of plugin |
disable bool | Disable defines the visibility of plugin |
PluginChainsSpec
(Appears on:MeshConfigSpec)
PluginChainsSpec is the type to represent plugin chains.
Field | Description |
---|---|
inbound-tcp []PluginChainSpec | InboundTCPChains defines inbound tcp chains |
inbound-http []PluginChainSpec | InboundHTTPChains defines inbound http chains |
outbound-tcp []PluginChainSpec | OutboundTCPChains defines outbound tcp chains |
outbound-http []PluginChainSpec | OutboundHTTPChains defines outbound http chains |
RemoteLoggingSpec
(Appears on:ObservabilitySpec)
RemoteLoggingSpec is the type to represent FSM’s remote logging configuration.
Field | Description |
---|---|
enable bool | Enable defines a boolean indicating if the sidecars are enabled for remote logging. |
level uint16 | Level defines the remote logging’s level. |
port uint16 | Port defines the remote loggings port. |
address string | Address defines the remote logging’s hostname. |
endpoint string | Endpoint defines the API endpoint for remote logging requests sent to the collector. |
authorization string | Authorization defines the access entity that allows to authorize someone in remote logging service. |
sampledFraction float32 | SampledFraction defines the sampled fraction. |
RepoServerSpec
(Appears on:MeshConfigSpec)
RepoServerSpec is the type to represent repo server.
Field | Description |
---|---|
ipaddr string | IPAddr of the pipy repo server |
codebase string | Codebase is the folder used by fsmController |
SidecarDriverSpec
(Appears on:SidecarSpec)
SidecarDriverSpec is the type to represent FSM’s sidecar driver define.
Field | Description |
---|---|
sidecarName string | SidecarName defines the name of the sidecar driver. |
sidecarImage string | SidecarImage defines the container image used for the proxy sidecar. |
initContainerImage string | InitContainerImage defines the container image used for the init container injected to meshed pods. |
proxyServerPort uint32 | ProxyServerPort is the port on which the Discovery Service listens for new connections from Sidecars |
sidecarDisabledMTLS bool | SidecarDisabledMTLS defines if mTLS are disabled. |
SidecarSpec
(Appears on:MeshConfigSpec)
SidecarSpec is the type used to represent the specifications for the proxy sidecar.
Field | Description |
---|---|
enablePrivilegedInitContainer bool | EnablePrivilegedInitContainer defines a boolean indicating whether the init container for a meshed pod should run as privileged. |
logLevel string | LogLevel defines the logging level for the sidecar’s logs. Non developers should generally never set this value. In production environments the LogLevel should be set to error. |
sidecarClass string | SidecarClass defines the container provider used for the proxy sidecar. |
sidecarImage string | SidecarImage defines the container image used for the proxy sidecar. |
sidecarDisabledMTLS bool | SidecarDisabledMTLS defines whether mTLS is disabled. |
initContainerImage string | InitContainerImage defines the container image used for the init container injected to meshed pods. |
sidecarDrivers []SidecarDriverSpec | SidecarDrivers defines the sidecar supported. |
maxDataPlaneConnections int | MaxDataPlaneConnections defines the maximum allowed data plane connections from a proxy sidecar to the FSM controller. |
configResyncInterval string | ConfigResyncInterval defines the resync interval for regular proxy broadcast updates. |
sidecarTimeout int | SidecarTimeout defines the connect/idle/read/write timeout. |
resources Kubernetes core/v1.ResourceRequirements | Resources defines the compute resources for the sidecar. |
TracingSpec
(Appears on:ObservabilitySpec)
TracingSpec is the type to represent FSM’s tracing configuration.
Field | Description |
---|---|
enable bool | Enable defines a boolean indicating if the sidecars are enabled for tracing. |
port uint16 | Port defines the tracing collector’s port. |
address string | Address defines the tracing collectio’s hostname. |
endpoint string | Endpoint defines the API endpoint for tracing requests sent to the collector. |
sampledFraction float32 | SampledFraction defines the sampled fraction. |
TrafficSpec
(Appears on:MeshConfigSpec)
TrafficSpec is the type used to represent FSM’s traffic management configuration.
Field | Description |
---|---|
interceptionMode string | InterceptionMode defines a string indicating which traffic interception mode is used. |
enableEgress bool | EnableEgress defines a boolean indicating if mesh-wide Egress is enabled. |
outboundIPRangeExclusionList []string | OutboundIPRangeExclusionList defines a global list of IP address ranges to exclude from outbound traffic interception by the sidecar proxy. |
outboundPortExclusionList []int | OutboundPortExclusionList defines a global list of ports to exclude from outbound traffic interception by the sidecar proxy. |
inboundPortExclusionList []int | InboundPortExclusionList defines a global list of ports to exclude from inbound traffic interception by the sidecar proxy. |
enablePermissiveTrafficPolicyMode bool | EnablePermissiveTrafficPolicyMode defines a boolean indicating if permissive traffic policy mode is enabled mesh-wide. |
serviceAccessMode string | ServiceAccessMode defines a string indicating service access mode. |
inboundExternalAuthorization ExternalAuthzSpec | InboundExternalAuthorization defines a ruleset that, if enabled, will configure a remote external authorization endpoint for all inbound and ingress traffic in the mesh. |
http1PerRequestLoadBalancing bool | HTTP1PerRequestLoadBalancing defines a boolean indicating if load balancing based on request is enabled for http1. |
http2PerRequestLoadBalancing bool | HTTP1PerRequestLoadBalancing defines a boolean indicating if load balancing based on request is enabled for http2. |
Generated with gen-crd-api-reference-docs
on git commit 8abe9ab
.
2 - Config v1alpha2 API Reference
Packages:
config.flomesh.io/v1alpha2
Package v1alpha2 is the v1alpha2 version of the API.
CertManagerProviderSpec
(Appears on:ProviderSpec)
CertManagerProviderSpec defines the configuration of the cert-manager provider
Field | Description |
---|---|
issuerName string | IssuerName specifies the name of the Issuer resource |
issuerKind string | IssuerKind specifies the kind of Issuer |
issuerGroup string | IssuerGroup specifies the group the Issuer belongs to |
CertificateSpec
(Appears on:MeshConfigSpec)
CertificateSpec is the type to reperesent FSM’s certificate management configuration.
Field | Description |
---|---|
serviceCertValidityDuration string | ServiceCertValidityDuration defines the service certificate validity duration. |
certKeyBitSize int | CertKeyBitSize defines the certicate key bit size. |
ingressGateway IngressGatewayCertSpec | (Optional) IngressGateway defines the certificate specification for an ingress gateway. |
ClusterPropertySpec
(Appears on:ClusterSetSpec)
ClusterPropertySpec is the type to represent cluster property.
Field | Description |
---|---|
name string | Name defines the name of cluster property. |
value string | Value defines the name of cluster property. |
ClusterSetSpec
(Appears on:MeshConfigSpec)
ClusterSetSpec is the type to represent cluster set.
Field | Description |
---|---|
properties []ClusterPropertySpec | Properties defines properties for cluster. |
ExternalAuthzSpec
(Appears on:TrafficSpec)
ExternalAuthzSpec is a type to represent external authorization configuration.
Field | Description |
---|---|
enable bool | Enable defines a boolean indicating if the external authorization policy is to be enabled. |
address string | Address defines the remote address of the external authorization endpoint. |
port uint16 | Port defines the destination port of the remote external authorization endpoint. |
statPrefix string | StatPrefix defines a prefix for the stats sink for this external authorization policy. |
timeout string | Timeout defines the timeout in which a response from the external authorization endpoint. is expected to execute. |
failureModeAllow bool | FailureModeAllow defines a boolean indicating if traffic should be allowed on a failure to get a response against the external authorization endpoint. |
FeatureFlags
(Appears on:MeshConfigSpec)
FeatureFlags is a type to represent FSM’s feature flags.
Field | Description |
---|---|
enableEgressPolicy bool | EnableEgressPolicy defines if FSM’s Egress policy is enabled. |
enableSnapshotCacheMode bool | EnableSnapshotCacheMode defines if XDS server starts with snapshot cache. |
enableAsyncProxyServiceMapping bool | EnableAsyncProxyServiceMapping defines if FSM will map proxies to services asynchronously. |
enableIngressBackendPolicy bool | EnableIngressBackendPolicy defines if FSM will use the IngressBackend API to allow ingress traffic to service mesh backends. |
enableAccessControlPolicy bool | EnableAccessControlPolicy defines if FSM will use the AccessControl API to allow access control traffic to service mesh backends. |
enableAccessCertPolicy bool | EnableAccessCertPolicy defines if FSM can issue certificates for external services.. |
enableSidecarActiveHealthChecks bool | EnableSidecarActiveHealthChecks defines if FSM will Sidecar active health checks between services allowed to communicate. |
enableRetryPolicy bool | EnableRetryPolicy defines if retry policy is enabled. |
enablePluginPolicy bool | EnablePluginPolicy defines if plugin policy is enabled. |
enableAutoDefaultRoute bool | EnableAutoDefaultRoute defines if auto default route is enabled. |
IngressGatewayCertSpec
(Appears on:CertificateSpec)
IngressGatewayCertSpec is the type to represent the certificate specification for an ingress gateway.
Field | Description |
---|---|
subjectAltNames []string | SubjectAltNames defines the Subject Alternative Names (domain names and IP addresses) secured by the certificate. |
validityDuration string | ValidityDuration defines the validity duration of the certificate. |
secret Kubernetes core/v1.SecretReference | Secret defines the secret in which the certificate is stored. |
LocalDNSProxy
(Appears on:SidecarSpec)
LocalDNSProxy is the type to represent FSM’s local DNS proxy configuration.
Field | Description |
---|---|
enable bool | Enable defines a boolean indicating if the sidecars are enabled for local DNS Proxy. |
primaryUpstreamDNSServerIPAddr string | PrimaryUpstreamDNSServerIPAddr defines a primary upstream DNS server for local DNS Proxy. |
secondaryUpstreamDNSServerIPAddr string | SecondaryUpstreamDNSServerIPAddr defines a secondary upstream DNS server for local DNS Proxy. |
LocalProxyMode
(string
alias)
(Appears on:SidecarSpec)
LocalProxyMode is a type alias representing the way the sidecar proxies to the main application
Value | Description |
---|---|
"Localhost" | LocalProxyModeLocalhost indicates the the sidecar should communicate with the main application over localhost |
"PodIP" | LocalProxyModePodIP indicates that the sidecar should communicate with the main application via the pod ip |
MeshConfig
MeshConfig is the type used to represent the mesh configuration.
Field | Description | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta | (Optional) Object’s metadata. Refer to the Kubernetes API documentation for the fields of themetadata field. | ||||||||||||||||
spec MeshConfigSpec | (Optional) Spec is the MeshConfig specification.
|
MeshConfigSpec
(Appears on:MeshConfig)
MeshConfigSpec is the spec for FSM’s configuration.
Field | Description |
---|---|
clusterSet ClusterSetSpec | ClusterSetSpec defines the configurations of cluster. |
sidecar SidecarSpec | Sidecar defines the configurations of the proxy sidecar in a mesh. |
repoServer RepoServerSpec | RepoServer defines the configurations of pipy repo server. |
traffic TrafficSpec | Traffic defines the traffic management configurations for a mesh instance. |
observability ObservabilitySpec | Observalility defines the observability configurations for a mesh instance. |
certificate CertificateSpec | Certificate defines the certificate management configurations for a mesh instance. |
featureFlags FeatureFlags | FeatureFlags defines the feature flags for a mesh instance. |
pluginChains PluginChainsSpec | PluginChains defines the default plugin chains. |
MeshRootCertificate
MeshRootCertificate defines the configuration for certificate issuing by the mesh control plane
Field | Description | ||||
---|---|---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta | (Optional) Object’s metadata Refer to the Kubernetes API documentation for the fields of themetadata field. | ||||
spec MeshRootCertificateSpec | (Optional) Spec is the MeshRootCertificate config specification
| ||||
status MeshRootCertificateStatus | (Optional) Status of the MeshRootCertificate resource |
MeshRootCertificateSpec
(Appears on:MeshRootCertificate)
MeshRootCertificateSpec defines the mesh root certificate specification
Field | Description |
---|---|
provider ProviderSpec | Provider specifies the mesh certificate provider |
trustDomain string | TrustDomain is the trust domain to use as a suffix in Common Names for new certificates. |
MeshRootCertificateStatus
(Appears on:MeshRootCertificate)
MeshRootCertificateStatus defines the status of the MeshRootCertificate resource
Field | Description |
---|---|
state string | State specifies the state of the certificate provider All states are specified in constants.go |
ObservabilitySpec
(Appears on:MeshConfigSpec)
ObservabilitySpec is the type to represent FSM’s observability configurations.
Field | Description |
---|---|
fsmLogLevel string | FSMLogLevel defines the log level for FSM control plane logs. |
enableDebugServer bool | EnableDebugServer defines if the debug endpoint on the FSM controller pod is enabled. |
tracing TracingSpec | Tracing defines FSM’s tracing configuration. |
remoteLogging RemoteLoggingSpec | RemoteLogging defines FSM’s remote logging configuration. |
PluginChainSpec
(Appears on:PluginChainsSpec)
PluginChainSpec is the type to represent plugin chain.
Field | Description |
---|---|
plugin string | Plugin defines the name of plugin |
priority float32 | Priority defines the priority of plugin |
disable bool | Disable defines the visibility of plugin |
PluginChainsSpec
(Appears on:MeshConfigSpec)
PluginChainsSpec is the type to represent plugin chains.
Field | Description |
---|---|
inbound-tcp []PluginChainSpec | InboundTCPChains defines inbound tcp chains |
inbound-http []PluginChainSpec | InboundHTTPChains defines inbound http chains |
outbound-tcp []PluginChainSpec | OutboundTCPChains defines outbound tcp chains |
outbound-http []PluginChainSpec | OutboundHTTPChains defines outbound http chains |
ProviderSpec
(Appears on:MeshRootCertificateSpec)
ProviderSpec defines the certificate provider used by the mesh control plane
Field | Description |
---|---|
certManager CertManagerProviderSpec | (Optional) CertManager specifies the cert-manager provider configuration |
vault VaultProviderSpec | (Optional) Vault specifies the vault provider configuration |
tresor TresorProviderSpec | (Optional) Tresor specifies the Tresor provider configuration |
RemoteLoggingSpec
(Appears on:ObservabilitySpec)
RemoteLoggingSpec is the type to represent FSM’s remote logging configuration.
Field | Description |
---|---|
enable bool | Enable defines a boolean indicating if the sidecars are enabled for remote logging. |
level uint16 | Level defines the remote logging’s level. |
port int16 | Port defines the remote logging’s port. |
address string | Address defines the remote logging’s hostname. |
endpoint string | Endpoint defines the API endpoint for remote logging requests sent to the collector. |
authorization string | Authorization defines the access entity that allows to authorize someone in remote logging service. |
sampledFraction string | SampledFraction defines the sampled fraction. |
RepoServerSpec
(Appears on:MeshConfigSpec)
RepoServerSpec is the type to represent repo server.
Field | Description |
---|---|
ipaddr string | IPAddr of the pipy repo server |
codebase string | Codebase is the folder used by fsmController |
SecretKeyReferenceSpec
(Appears on:VaultTokenSpec)
SecretKeyReferenceSpec defines the configuration of the secret reference
Field | Description |
---|---|
name string | Name specifies the name of the secret in which the Vault token is stored |
key string | Key specifies the key whose value is the Vault token |
namespace string | Namespace specifies the namespace of the secret in which the Vault token is stored |
SidecarDriverSpec
(Appears on:SidecarSpec)
SidecarDriverSpec is the type to represent FSM’s sidecar driver define.
Field | Description |
---|---|
sidecarName string | SidecarName defines the name of the sidecar driver. |
sidecarImage string | SidecarImage defines the container image used for the proxy sidecar. |
initContainerImage string | InitContainerImage defines the container image used for the init container injected to meshed pods. |
proxyServerPort uint32 | ProxyServerPort is the port on which the Discovery Service listens for new connections from Sidecars |
sidecarDisabledMTLS bool | SidecarDisabledMTLS defines whether mTLS is disabled. |
SidecarSpec
(Appears on:MeshConfigSpec)
SidecarSpec is the type used to represent the specifications for the proxy sidecar.
Field | Description |
---|---|
enablePrivilegedInitContainer bool | EnablePrivilegedInitContainer defines a boolean indicating whether the init container for a meshed pod should run as privileged. |
logLevel string | LogLevel defines the logging level for the sidecar’s logs. Non developers should generally never set this value. In production environments the LogLevel should be set to error. |
sidecarClass string | SidecarClass defines the class used for the proxy sidecar. |
sidecarImage string | SidecarImage defines the container image used for the proxy sidecar. |
sidecarDisabledMTLS bool | SidecarDisabledMTLS defines whether mTLS is disabled. |
initContainerImage string | InitContainerImage defines the container image used for the init container injected to meshed pods. |
sidecarDrivers []SidecarDriverSpec | SidecarDrivers defines the sidecar supported. |
maxDataPlaneConnections int | MaxDataPlaneConnections defines the maximum allowed data plane connections from a proxy sidecar to the FSM controller. |
configResyncInterval string | ConfigResyncInterval defines the resync interval for regular proxy broadcast updates. |
sidecarTimeout int | SidecarTimeout defines the connect/idle/read/write timeout. |
resources Kubernetes core/v1.ResourceRequirements | Resources defines the compute resources for the sidecar. |
tlsMinProtocolVersion string | TLSMinProtocolVersion defines the minimum TLS protocol version that the sidecar supports. Valid TLS protocol versions are TLS_AUTO, TLSv1_0, TLSv1_1, TLSv1_2 and TLSv1_3. |
tlsMaxProtocolVersion string | TLSMaxProtocolVersion defines the maximum TLS protocol version that the sidecar supports. Valid TLS protocol versions are TLS_AUTO, TLSv1_0, TLSv1_1, TLSv1_2 and TLSv1_3. |
cipherSuites []string | CipherSuites defines a list of ciphers that listener supports when negotiating TLS 1.0-1.2. This setting has no effect when negotiating TLS 1.3. For valid cipher names, see the latest OpenSSL ciphers manual page. E.g. https://www.openssl.org/docs/man1.1.1/apps/ciphers.html. |
ecdhCurves []string | ECDHCurves defines a list of ECDH curves that TLS connection supports. If not specified, the curves are [X25519, P-256] for non-FIPS build and P-256 for builds using BoringSSL FIPS. |
localProxyMode LocalProxyMode | LocalProxyMode defines the network interface the proxy will use to send traffic to the backend service application. Acceptable values are [ |
localDNSProxy LocalDNSProxy | LocalDNSProxy improves the performance of your computer by caching the responses coming from your DNS servers |
TracingSpec
(Appears on:ObservabilitySpec)
TracingSpec is the type to represent FSM’s tracing configuration.
Field | Description |
---|---|
enable bool | Enable defines a boolean indicating if the sidecars are enabled for tracing. |
port int16 | Port defines the tracing collector’s port. |
address string | Address defines the tracing collectio’s hostname. |
endpoint string | Endpoint defines the API endpoint for tracing requests sent to the collector. |
sampledFraction string | SampledFraction defines the sampled fraction. |
TrafficSpec
(Appears on:MeshConfigSpec)
TrafficSpec is the type used to represent FSM’s traffic management configuration.
Field | Description |
---|---|
interceptionMode string | InterceptionMode defines a string indicating which traffic interception mode is used. |
enableEgress bool | EnableEgress defines a boolean indicating if mesh-wide Egress is enabled. |
outboundIPRangeExclusionList []string | OutboundIPRangeExclusionList defines a global list of IP address ranges to exclude from outbound traffic interception by the sidecar proxy. |
outboundIPRangeInclusionList []string | OutboundIPRangeInclusionList defines a global list of IP address ranges to include for outbound traffic interception by the sidecar proxy. IP addresses outside this range will be excluded from outbound traffic interception by the sidecar proxy. |
outboundPortExclusionList []int | OutboundPortExclusionList defines a global list of ports to exclude from outbound traffic interception by the sidecar proxy. |
inboundPortExclusionList []int | InboundPortExclusionList defines a global list of ports to exclude from inbound traffic interception by the sidecar proxy. |
enablePermissiveTrafficPolicyMode bool | EnablePermissiveTrafficPolicyMode defines a boolean indicating if permissive traffic policy mode is enabled mesh-wide. |
serviceAccessMode string | ServiceAccessMode defines a string indicating service access mode. |
inboundExternalAuthorization ExternalAuthzSpec | InboundExternalAuthorization defines a ruleset that, if enabled, will configure a remote external authorization endpoint for all inbound and ingress traffic in the mesh. |
networkInterfaceExclusionList []string | NetworkInterfaceExclusionList defines a global list of network interface names to exclude from inbound and outbound traffic interception by the sidecar proxy. |
http1PerRequestLoadBalancing bool | HTTP1PerRequestLoadBalancing defines a boolean indicating if load balancing based on request is enabled for http1. |
http2PerRequestLoadBalancing bool | HTTP1PerRequestLoadBalancing defines a boolean indicating if load balancing based on request is enabled for http2. |
TresorCASpec
(Appears on:TresorProviderSpec)
TresorCASpec defines the configuration of Tresor’s root certificate
Field | Description |
---|---|
secretRef Kubernetes core/v1.SecretReference | SecretRef specifies the secret in which the root certificate is stored |
TresorProviderSpec
(Appears on:ProviderSpec)
TresorProviderSpec defines the configuration of the Tresor provider
Field | Description |
---|---|
ca TresorCASpec | CA specifies Tresor’s ca configuration |
VaultProviderSpec
(Appears on:ProviderSpec)
VaultProviderSpec defines the configuration of the Vault provider
Field | Description |
---|---|
host string | Host specifies the name of the Vault server |
port int | Port specifies the port of the Vault server |
role string | Role specifies the name of the role for use by mesh control plane |
protocol string | Protocol specifies the protocol for connections to Vault |
token VaultTokenSpec | Token specifies the configuration of the token to be used by mesh control plane to connect to Vault |
VaultTokenSpec
(Appears on:VaultProviderSpec)
VaultTokenSpec defines the configuration of the Vault token
Field | Description |
---|---|
secretKeyRef SecretKeyReferenceSpec | SecretKeyRef specifies the secret in which the Vault token is stored |
Generated with gen-crd-api-reference-docs
on git commit 8abe9ab
.
3 - Config v1alpha3 API Reference
Packages:
config.flomesh.io/v1alpha3
Package v1alpha3 is the v1alpha3 version of the API.
CertManagerProviderSpec
(Appears on:ProviderSpec)
CertManagerProviderSpec defines the configuration of the cert-manager provider
Field | Description |
---|---|
issuerName string | IssuerName specifies the name of the Issuer resource |
issuerKind string | IssuerKind specifies the kind of Issuer |
issuerGroup string | IssuerGroup specifies the group the Issuer belongs to |
CertificateSpec
(Appears on:MeshConfigSpec)
CertificateSpec is the type to reperesent FSM’s certificate management configuration.
Field | Description |
---|---|
serviceCertValidityDuration string | ServiceCertValidityDuration defines the service certificate validity duration. |
certKeyBitSize int | CertKeyBitSize defines the certicate key bit size. |
ingressGateway IngressGatewayCertSpec | (Optional) IngressGateway defines the certificate specification for an ingress gateway. |
ClusterPropertySpec
(Appears on:ClusterSetSpec)
ClusterPropertySpec is the type to represent cluster property.
Field | Description |
---|---|
name string | Name defines the name of cluster property. |
value string | Value defines the name of cluster property. |
ClusterSetSpec
(Appears on:MeshConfigSpec)
ClusterSetSpec is the type to represent cluster set.
Field | Description |
---|---|
isManaged bool | IsManaged defines if the cluster is managed. |
uid string | UID defines Unique ID of cluster. |
region string | (Optional) Region defines Region of cluster. |
zone string | (Optional) Zone defines Zone of cluster. |
group string | (Optional) Group defines Group of cluster. |
name string | Name defines Name of cluster. |
controlPlaneUID string | ControlPlaneUID defines the unique ID of the control plane cluster, in case it’s managed |
properties []ClusterPropertySpec | Properties defines properties for cluster. |
EgressGatewaySpec
(Appears on:MeshConfigSpec)
EgressGatewaySpec is the type to represent egress gateway.
Field | Description |
---|---|
enabled bool | Enabled defines if flb is enabled. |
logLevel string | LogLevel defines the log level of gateway api. |
mode string | Mode defines the mode of egress gateway. |
port int32 | Port defines the port of egress gateway. |
adminPort int32 | AdminPort defines the admin port of egress gateway. |
replicas int32 | Replicas defines the replicas of egress gateway. |
ExternalAuthzSpec
(Appears on:TrafficSpec)
ExternalAuthzSpec is a type to represent external authorization configuration.
Field | Description |
---|---|
enable bool | Enable defines a boolean indicating if the external authorization policy is to be enabled. |
address string | Address defines the remote address of the external authorization endpoint. |
port uint16 | Port defines the destination port of the remote external authorization endpoint. |
statPrefix string | StatPrefix defines a prefix for the stats sink for this external authorization policy. |
timeout string | Timeout defines the timeout in which a response from the external authorization endpoint. is expected to execute. |
failureModeAllow bool | FailureModeAllow defines a boolean indicating if traffic should be allowed on a failure to get a response against the external authorization endpoint. |
FLBSpec
(Appears on:MeshConfigSpec)
FLBSpec is the type to represent flb.
Field | Description |
---|---|
enabled bool | Enabled defines if flb is enabled. |
strictMode bool | StrictMode defines if flb is in strict mode. |
upstreamMode FLBUpstreamMode | UpstreamMode defines the upstream mode of flb. |
secretName string | SecretName defines the secret name of flb. |
FLBUpstreamMode
(string
alias)
(Appears on:FLBSpec)
Value | Description |
---|---|
"Endpoint" | |
"NodePort" |
FeatureFlags
(Appears on:MeshConfigSpec)
FeatureFlags is a type to represent FSM’s feature flags.
Field | Description |
---|---|
enableEgressPolicy bool | EnableEgressPolicy defines if FSM’s Egress policy is enabled. |
enableSnapshotCacheMode bool | EnableSnapshotCacheMode defines if XDS server starts with snapshot cache. |
enableAsyncProxyServiceMapping bool | EnableAsyncProxyServiceMapping defines if FSM will map proxies to services asynchronously. |
enableIngressBackendPolicy bool | EnableIngressBackendPolicy defines if FSM will use the IngressBackend API to allow ingress traffic to service mesh backends. |
enableAccessControlPolicy bool | EnableAccessControlPolicy defines if FSM will use the AccessControl API to allow access control traffic to service mesh backends. |
enableAccessCertPolicy bool | EnableAccessCertPolicy defines if FSM can issue certificates for external services.. |
enableSidecarActiveHealthChecks bool | EnableSidecarActiveHealthChecks defines if FSM will Sidecar active health checks between services allowed to communicate. |
enableRetryPolicy bool | EnableRetryPolicy defines if retry policy is enabled. |
enablePluginPolicy bool | EnablePluginPolicy defines if plugin policy is enabled. |
enableAutoDefaultRoute bool | EnableAutoDefaultRoute defines if auto default route is enabled. |
enableValidateGatewayListenerHostname bool | EnableValidateGatewayListenerHostname defines if validate gateway listener hostname is enabled. |
enableValidateHTTPRouteHostnames bool | EnableValidateHTTPRouteHostnames defines if validate http route hostnames is enabled. |
enableValidateGRPCRouteHostnames bool | EnableValidateGRPCRouteHostnames defines if validate grpc route hostnames is enabled. |
enableValidateTLSRouteHostnames bool | EnableValidateTCPRouteHostnames defines if validate tcp route hostnames is enabled. |
enableGatewayAgentService bool | EnableGatewayAgentService defines if agent service is enabled. |
enableGatewayProxyTag bool | EnableGatewayProxyTag defines if gateway proxy-tag header is enabled. |
GatewayAPISpec
(Appears on:MeshConfigSpec)
GatewayAPISpec is the type to represent gateway api.
Field | Description |
---|---|
enabled bool | Enabled defines if gateway api is enabled. |
logLevel string | LogLevel defines the log level of gateway api. |
fgwLogLevel string | FGWLogLevel defines the log level of FGW. |
StripAnyHostPort bool | StripAnyHostPort defines if strip any host port is enabled. |
sslPassthroughUpstreamPort int32 | SSLPassthroughUpstreamPort defines the default upstream port of SSL passthrough. |
http1PerRequestLoadBalancing bool | HTTP1PerRequestLoadBalancing defines if load balancing based on per-request is enabled for http1. |
http2PerRequestLoadBalancing bool | HTTP2PerRequestLoadBalancing defines if load balancing based on per-request is enabled for http2. |
proxyTag ProxyTag | ProxyTag defines the proxy tag configuration of gateway api. |
HTTP
(Appears on:IngressSpec)
HTTP is the type to represent http.
Field | Description |
---|---|
enabled bool | Enabled defines if http is enabled. |
bind int32 | Bind defines the bind port of http. |
listen int32 | Listen defines the listen port of http. |
nodePort int32 | NodePort defines the node port of http. |
ImageSpec
(Appears on:MeshConfigSpec)
ImageSpec is the type to represent image.
Field | Description |
---|---|
registry string | Registry defines the registry of docker image. |
tag string | Tag defines the tag of docker image. |
pullPolicy Kubernetes core/v1.PullPolicy | PullPolicy defines the pull policy of docker image. |
IngressGatewayCertSpec
(Appears on:CertificateSpec)
IngressGatewayCertSpec is the type to represent the certificate specification for an ingress gateway.
Field | Description |
---|---|
subjectAltNames []string | SubjectAltNames defines the Subject Alternative Names (domain names and IP addresses) secured by the certificate. |
validityDuration string | ValidityDuration defines the validity duration of the certificate. |
secret Kubernetes core/v1.SecretReference | Secret defines the secret in which the certificate is stored. |
IngressSpec
(Appears on:MeshConfigSpec)
IngressSpec is the type to represent ingress.
Field | Description |
---|---|
enabled bool | Enabled defines if ingress is enabled. |
namespaced bool | Namespaced defines if ingress is namespaced. |
type Kubernetes core/v1.ServiceType | Type defines the type of ingress service. |
logLevel string | LogLevel defines the log level of ingress. |
http HTTP | (Optional) HTTP defines the http configuration of ingress. |
tls TLS | (Optional) TLS defines the tls configuration of ingress. |
LocalDNSProxy
(Appears on:SidecarSpec)
LocalDNSProxy is the type to represent FSM’s local DNS proxy configuration.
Field | Description |
---|---|
enable bool | Enable defines a boolean indicating if the sidecars are enabled for local DNS Proxy. |
primaryUpstreamDNSServerIPAddr string | (Optional) PrimaryUpstreamDNSServerIPAddr defines a primary upstream DNS server for local DNS Proxy. |
secondaryUpstreamDNSServerIPAddr string | (Optional) SecondaryUpstreamDNSServerIPAddr defines a secondary upstream DNS server for local DNS Proxy. |
wildcard WildcardDN | Wildcard defines Wildcard DN. |
db []ResolveDN | DB defines Resolve DB. |
LocalProxyMode
(string
alias)
(Appears on:SidecarSpec)
LocalProxyMode is a type alias representing the way the sidecar proxies to the main application
Value | Description |
---|---|
"Localhost" | LocalProxyModeLocalhost indicates the the sidecar should communicate with the main application over localhost |
"PodIP" | LocalProxyModePodIP indicates that the sidecar should communicate with the main application via the pod ip |
MeshConfig
MeshConfig is the type used to represent the mesh configuration.
Field | Description | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta | (Optional) Object’s metadata. Refer to the Kubernetes API documentation for the fields of themetadata field. | ||||||||||||||||||||||||||||||
spec MeshConfigSpec | (Optional) Spec is the MeshConfig specification.
|
MeshConfigSpec
(Appears on:MeshConfig)
MeshConfigSpec is the spec for FSM’s configuration.
Field | Description |
---|---|
clusterSet ClusterSetSpec | ClusterSetSpec defines the configurations of cluster. |
sidecar SidecarSpec | Sidecar defines the configurations of the proxy sidecar in a mesh. |
repoServer RepoServerSpec | RepoServer defines the configurations of pipy repo server. |
traffic TrafficSpec | Traffic defines the traffic management configurations for a mesh instance. |
observability ObservabilitySpec | Observalility defines the observability configurations for a mesh instance. |
certificate CertificateSpec | Certificate defines the certificate management configurations for a mesh instance. |
featureFlags FeatureFlags | FeatureFlags defines the feature flags for a mesh instance. |
pluginChains PluginChainsSpec | PluginChains defines the default plugin chains. |
ingress IngressSpec | Ingress defines the configurations of Ingress features. |
gatewayAPI GatewayAPISpec | GatewayAPI defines the configurations of GatewayAPI features. |
serviceLB ServiceLBSpec | ServiceLB defines the configurations of ServiceLBServiceLB features. |
flb FLBSpec | FLB defines the configurations of FLB features. |
egressGateway EgressGatewaySpec | EgressGateway defines the configurations of EgressGateway features. |
image ImageSpec | Image defines the configurations of Image info |
misc MiscSpec | Misc defines the configurations of misc info |
MeshRootCertificate
MeshRootCertificate defines the configuration for certificate issuing by the mesh control plane
Field | Description | ||||
---|---|---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta | (Optional) Object’s metadata Refer to the Kubernetes API documentation for the fields of themetadata field. | ||||
spec MeshRootCertificateSpec | (Optional) Spec is the MeshRootCertificate config specification
| ||||
status MeshRootCertificateStatus | (Optional) Status of the MeshRootCertificate resource |
MeshRootCertificateSpec
(Appears on:MeshRootCertificate)
MeshRootCertificateSpec defines the mesh root certificate specification
Field | Description |
---|---|
provider ProviderSpec | Provider specifies the mesh certificate provider |
trustDomain string | TrustDomain is the trust domain to use as a suffix in Common Names for new certificates. |
MeshRootCertificateStatus
(Appears on:MeshRootCertificate)
MeshRootCertificateStatus defines the status of the MeshRootCertificate resource
Field | Description |
---|---|
state string | State specifies the state of the certificate provider All states are specified in constants.go |
MiscSpec
(Appears on:MeshConfigSpec)
MiscSpec is the type to represent misc configs.
Field | Description |
---|---|
curlImage string | CurlImage defines the image of curl. |
repoServerImage string | RepoServerImage defines the image of repo server. |
ObservabilitySpec
(Appears on:MeshConfigSpec)
ObservabilitySpec is the type to represent FSM’s observability configurations.
Field | Description |
---|---|
fsmLogLevel string | FSMLogLevel defines the log level for FSM control plane logs. |
enableDebugServer bool | EnableDebugServer defines if the debug endpoint on the FSM controller pod is enabled. |
tracing TracingSpec | Tracing defines FSM’s tracing configuration. |
remoteLogging RemoteLoggingSpec | RemoteLogging defines FSM’s remote logging configuration. |
PluginChainSpec
(Appears on:PluginChainsSpec)
PluginChainSpec is the type to represent plugin chain.
Field | Description |
---|---|
plugin string | Plugin defines the name of plugin |
priority float32 | Priority defines the priority of plugin |
disable bool | Disable defines the visibility of plugin |
PluginChainsSpec
(Appears on:MeshConfigSpec)
PluginChainsSpec is the type to represent plugin chains.
Field | Description |
---|---|
inbound-tcp []PluginChainSpec | InboundTCPChains defines inbound tcp chains |
inbound-http []PluginChainSpec | InboundHTTPChains defines inbound http chains |
outbound-tcp []PluginChainSpec | OutboundTCPChains defines outbound tcp chains |
outbound-http []PluginChainSpec | OutboundHTTPChains defines outbound http chains |
ProviderSpec
(Appears on:MeshRootCertificateSpec)
ProviderSpec defines the certificate provider used by the mesh control plane
Field | Description |
---|---|
certManager CertManagerProviderSpec | (Optional) CertManager specifies the cert-manager provider configuration |
vault VaultProviderSpec | (Optional) Vault specifies the vault provider configuration |
tresor TresorProviderSpec | (Optional) Tresor specifies the Tresor provider configuration |
ProxyTag
(Appears on:GatewayAPISpec)
Field | Description |
---|---|
srcHostHeader string | SrcHostHeader defines the src host header. |
dstHostHeader string | DstHostHeader defines the dst host header. |
RemoteLoggingSpec
(Appears on:ObservabilitySpec)
RemoteLoggingSpec is the type to represent FSM’s remote logging configuration.
Field | Description |
---|---|
enable bool | Enable defines a boolean indicating if the sidecars are enabled for remote logging. |
level uint16 | Level defines the remote logging’s level. |
port int16 | Port defines the remote logging’s port. |
address string | Address defines the remote logging’s hostname. |
endpoint string | Endpoint defines the API endpoint for remote logging requests sent to the collector. |
authorization string | Authorization defines the access entity that allows to authorize someone in remote logging service. |
sampledFraction string | SampledFraction defines the sampled fraction. |
secretName string | SecretName defines the name of the secret that contains the configuration for remote logging. |
RepoServerSpec
(Appears on:MeshConfigSpec)
RepoServerSpec is the type to represent repo server.
Field | Description |
---|---|
ipaddr string | IPAddr of the pipy repo server |
port int16 | Port defines the pipy repo server’s port. |
codebase string | Codebase is the folder used by fsmController |
ResolveDN
(Appears on:LocalDNSProxy)
ResolveDN is the type to represent FSM’s Resolve DN configuration.
Field | Description |
---|---|
dn string | DN defines resolve DN. |
ipv4 []string | IPv4 defines a ipv4 address for resolve DN. |
SSLPassthrough
(Appears on:TLS)
SSLPassthrough is the type to represent ssl passthrough.
Field | Description |
---|---|
enabled bool | Enabled defines if ssl passthrough is enabled. |
upstreamPort int32 | UpstreamPort defines the upstream port of ssl passthrough. |
SecretKeyReferenceSpec
(Appears on:VaultTokenSpec)
SecretKeyReferenceSpec defines the configuration of the secret reference
Field | Description |
---|---|
name string | Name specifies the name of the secret in which the Vault token is stored |
key string | Key specifies the key whose value is the Vault token |
namespace string | Namespace specifies the namespace of the secret in which the Vault token is stored |
ServiceLBSpec
(Appears on:MeshConfigSpec)
ServiceLBSpec is the type to represent service lb.
Field | Description |
---|---|
enabled bool | Enabled defines if service lb is enabled. |
image string | Image defines the service lb image. |
SidecarSpec
(Appears on:MeshConfigSpec)
SidecarSpec is the type used to represent the specifications for the proxy sidecar.
Field | Description |
---|---|
enablePrivilegedInitContainer bool | EnablePrivilegedInitContainer defines a boolean indicating whether the init container for a meshed pod should run as privileged. |
logLevel string | LogLevel defines the logging level for the sidecar’s logs. Non developers should generally never set this value. In production environments the LogLevel should be set to error. |
sidecarImage string | SidecarImage defines the container image used for the proxy sidecar. |
sidecarDisabledMTLS bool | SidecarDisabledMTLS defines whether mTLS is disabled. |
maxDataPlaneConnections int | MaxDataPlaneConnections defines the maximum allowed data plane connections from a proxy sidecar to the FSM controller. |
configResyncInterval string | ConfigResyncInterval defines the resync interval for regular proxy broadcast updates. |
sidecarTimeout int | SidecarTimeout defines the connect/idle/read/write timeout. |
resources Kubernetes core/v1.ResourceRequirements | Resources defines the compute resources for the sidecar. |
tlsMinProtocolVersion string | TLSMinProtocolVersion defines the minimum TLS protocol version that the sidecar supports. Valid TLS protocol versions are TLS_AUTO, TLSv1_0, TLSv1_1, TLSv1_2 and TLSv1_3. |
tlsMaxProtocolVersion string | TLSMaxProtocolVersion defines the maximum TLS protocol version that the sidecar supports. Valid TLS protocol versions are TLS_AUTO, TLSv1_0, TLSv1_1, TLSv1_2 and TLSv1_3. |
cipherSuites []string | CipherSuites defines a list of ciphers that listener supports when negotiating TLS 1.0-1.2. This setting has no effect when negotiating TLS 1.3. For valid cipher names, see the latest OpenSSL ciphers manual page. E.g. https://www.openssl.org/docs/man1.1.1/apps/ciphers.html. |
ecdhCurves []string | ECDHCurves defines a list of ECDH curves that TLS connection supports. If not specified, the curves are [X25519, P-256] for non-FIPS build and P-256 for builds using BoringSSL FIPS. |
localProxyMode LocalProxyMode | LocalProxyMode defines the network interface the proxy will use to send traffic to the backend service application. Acceptable values are [ |
localDNSProxy LocalDNSProxy | LocalDNSProxy improves the performance of your computer by caching the responses coming from your DNS servers |
TLS
(Appears on:IngressSpec)
TLS is the type to represent tls.
Field | Description |
---|---|
enabled bool | Enabled defines if tls is enabled. |
bind int32 | Bind defines the bind port of tls. |
listen int32 | Listen defines the listen port of tls. |
nodePort int32 | NodePort defines the node port of tls. |
mTLS bool | MTLS defines if mTLS is enabled. |
sslPassthrough SSLPassthrough | (Optional) SSLPassthrough defines the ssl passthrough configuration of tls. |
TracingSpec
(Appears on:ObservabilitySpec)
TracingSpec is the type to represent FSM’s tracing configuration.
Field | Description |
---|---|
enable bool | Enable defines a boolean indicating if the sidecars are enabled for tracing. |
port int16 | Port defines the tracing collector’s port. |
address string | Address defines the tracing collectio’s hostname. |
endpoint string | Endpoint defines the API endpoint for tracing requests sent to the collector. |
sampledFraction string | SampledFraction defines the sampled fraction. |
TrafficSpec
(Appears on:MeshConfigSpec)
TrafficSpec is the type used to represent FSM’s traffic management configuration.
Field | Description |
---|---|
interceptionMode string | InterceptionMode defines a string indicating which traffic interception mode is used. |
enableEgress bool | EnableEgress defines a boolean indicating if mesh-wide Egress is enabled. |
outboundIPRangeExclusionList []string | OutboundIPRangeExclusionList defines a global list of IP address ranges to exclude from outbound traffic interception by the sidecar proxy. |
outboundIPRangeInclusionList []string | OutboundIPRangeInclusionList defines a global list of IP address ranges to include for outbound traffic interception by the sidecar proxy. IP addresses outside this range will be excluded from outbound traffic interception by the sidecar proxy. |
outboundPortExclusionList []int | OutboundPortExclusionList defines a global list of ports to exclude from outbound traffic interception by the sidecar proxy. |
inboundPortExclusionList []int | InboundPortExclusionList defines a global list of ports to exclude from inbound traffic interception by the sidecar proxy. |
enablePermissiveTrafficPolicyMode bool | EnablePermissiveTrafficPolicyMode defines a boolean indicating if permissive traffic policy mode is enabled mesh-wide. |
serviceAccessMode string | ServiceAccessMode defines a string indicating service access mode. |
inboundExternalAuthorization ExternalAuthzSpec | InboundExternalAuthorization defines a ruleset that, if enabled, will configure a remote external authorization endpoint for all inbound and ingress traffic in the mesh. |
networkInterfaceExclusionList []string | NetworkInterfaceExclusionList defines a global list of network interface names to exclude from inbound and outbound traffic interception by the sidecar proxy. |
http1PerRequestLoadBalancing bool | HTTP1PerRequestLoadBalancing defines a boolean indicating if load balancing based on request is enabled for http1. |
http2PerRequestLoadBalancing bool | HTTP1PerRequestLoadBalancing defines a boolean indicating if load balancing based on request is enabled for http2. |
TresorCASpec
(Appears on:TresorProviderSpec)
TresorCASpec defines the configuration of Tresor’s root certificate
Field | Description |
---|---|
secretRef Kubernetes core/v1.SecretReference | SecretRef specifies the secret in which the root certificate is stored |
TresorProviderSpec
(Appears on:ProviderSpec)
TresorProviderSpec defines the configuration of the Tresor provider
Field | Description |
---|---|
ca TresorCASpec | CA specifies Tresor’s ca configuration |
VaultProviderSpec
(Appears on:ProviderSpec)
VaultProviderSpec defines the configuration of the Vault provider
Field | Description |
---|---|
host string | Host specifies the name of the Vault server |
port int | Port specifies the port of the Vault server |
role string | Role specifies the name of the role for use by mesh control plane |
protocol string | Protocol specifies the protocol for connections to Vault |
token VaultTokenSpec | Token specifies the configuration of the token to be used by mesh control plane to connect to Vault |
VaultTokenSpec
(Appears on:VaultProviderSpec)
VaultTokenSpec defines the configuration of the Vault token
Field | Description |
---|---|
secretKeyRef SecretKeyReferenceSpec | SecretKeyRef specifies the secret in which the Vault token is stored |
WildcardDN
(Appears on:LocalDNSProxy)
WildcardDN is the type to represent FSM’s Wildcard DN configuration.
Field | Description |
---|---|
enable bool | Enable defines a boolean indicating if wildcard are enabled for local DNS Proxy. |
ipv4 []string | IPv4 defines a ipv4 address for wildcard DN. |
Generated with gen-crd-api-reference-docs
on git commit 8abe9ab
.