{ "properties": { "spec": { "description": "Configuration affecting load balancing, outlier detection, etc. See more details at: https://istio.io/docs/reference/config/networking/destination-rule.html", "properties": { "exportTo": { "description": "A list of namespaces to which this destination rule is exported.", "items": { "type": "string" }, "type": "array" }, "host": { "description": "The name of a service from the service registry.", "type": "string" }, "subsets": { "description": "One or more named sets that represent individual versions of a service.", "items": { "type": "object", "required": [ "name" ], "properties": { "labels": { "description": "Labels apply a filter over the endpoints of a service in the service registry.", "type": "object", "additionalProperties": { "type": "string" } }, "name": { "description": "Name of the subset.", "type": "string" }, "trafficPolicy": { "description": "Traffic policies that apply to this subset.", "type": "object", "properties": { "connectionPool": { "type": "object", "properties": { "http": { "description": "HTTP connection pool settings.", "type": "object", "properties": { "h2UpgradePolicy": { "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.\n\nValid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE", "type": "string", "enum": [ "DEFAULT", "DO_NOT_UPGRADE", "UPGRADE" ] }, "http1MaxPendingRequests": { "description": "Maximum number of requests that will be queued while waiting for a ready connection pool connection.", "type": "integer", "format": "int32" }, "http2MaxRequests": { "description": "Maximum number of active requests to a destination.", "type": "integer", "format": "int32" }, "idleTimeout": { "description": "The idle timeout for upstream connection pool connections.", "type": "string", "x-kubernetes-validations": [ { "rule": "duration(self) >= duration('1ms')", "message": "must be a valid duration greater than 1ms" } ] }, "maxConcurrentStreams": { "description": "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection.", "type": "integer", "format": "int32" }, "maxRequestsPerConnection": { "description": "Maximum number of requests per connection to a backend.", "type": "integer", "format": "int32" }, "maxRetries": { "description": "Maximum number of retries that can be outstanding to all hosts in a cluster at a given time.", "type": "integer", "format": "int32" }, "useClientProtocol": { "description": "If set to true, client protocol will be preserved while initiating connection to backend.", "type": "boolean" } } }, "tcp": { "description": "Settings common to both HTTP and TCP upstream connections.", "type": "object", "properties": { "connectTimeout": { "description": "TCP connection timeout.", "type": "string", "x-kubernetes-validations": [ { "rule": "duration(self) >= duration('1ms')", "message": "must be a valid duration greater than 1ms" } ] }, "idleTimeout": { "description": "The idle timeout for TCP connections.", "type": "string", "x-kubernetes-validations": [ { "rule": "duration(self) >= duration('1ms')", "message": "must be a valid duration greater than 1ms" } ] }, "maxConnectionDuration": { "description": "The maximum duration of a connection.", "type": "string", "x-kubernetes-validations": [ { "rule": "duration(self) >= duration('1ms')", "message": "must be a valid duration greater than 1ms" } ] }, "maxConnections": { "description": "Maximum number of HTTP1 /TCP connections to a destination host.", "type": "integer", "format": "int32" }, "tcpKeepalive": { "description": "If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives.", "type": "object", "properties": { "interval": { "description": "The time duration between keep-alive probes.", "type": "string", "x-kubernetes-validations": [ { "rule": "duration(self) >= duration('1ms')", "message": "must be a valid duration greater than 1ms" } ] }, "probes": { "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", "type": "integer", "maximum": 4294967295, "minimum": 0 }, "time": { "description": "The time duration a connection needs to be idle before keep-alive probes start being sent.", "type": "string", "x-kubernetes-validations": [ { "rule": "duration(self) >= duration('1ms')", "message": "must be a valid duration greater than 1ms" } ] } } } } } } }, "loadBalancer": { "description": "Settings controlling the load balancer algorithms.", "type": "object", "oneOf": [ { "not": { "anyOf": [ { "required": [ "simple" ] }, { "required": [ "consistentHash" ] } ] } }, { "required": [ "simple" ] }, { "required": [ "consistentHash" ] } ], "properties": { "consistentHash": { "type": "object", "allOf": [ { "oneOf": [ { "not": { "anyOf": [ { "required": [ "httpHeaderName" ] }, { "required": [ "httpCookie" ] }, { "required": [ "useSourceIp" ] }, { "required": [ "httpQueryParameterName" ] } ] } }, { "required": [ "httpHeaderName" ] }, { "required": [ "httpCookie" ] }, { "required": [ "useSourceIp" ] }, { "required": [ "httpQueryParameterName" ] } ] }, { "oneOf": [ { "not": { "anyOf": [ { "required": [ "ringHash" ] }, { "required": [ "maglev" ] } ] } }, { "required": [ "ringHash" ] }, { "required": [ "maglev" ] } ] } ], "properties": { "httpCookie": { "description": "Hash based on HTTP cookie.", "type": "object", "required": [ "name" ], "properties": { "name": { "description": "Name of the cookie.", "type": "string" }, "path": { "description": "Path to set for the cookie.", "type": "string" }, "ttl": { "description": "Lifetime of the cookie.", "type": "string" } } }, "httpHeaderName": { "description": "Hash based on a specific HTTP header.", "type": "string" }, "httpQueryParameterName": { "description": "Hash based on a specific HTTP query parameter.", "type": "string" }, "maglev": { "description": "The Maglev load balancer implements consistent hashing to backend hosts.", "type": "object", "properties": { "tableSize": { "description": "The table size for Maglev hashing.", "type": "integer", "minimum": 0 } } }, "minimumRingSize": { "description": "Deprecated.", "type": "integer", "minimum": 0 }, "ringHash": { "description": "The ring/modulo hash load balancer implements consistent hashing to backend hosts.", "type": "object", "properties": { "minimumRingSize": { "description": "The minimum number of virtual nodes to use for the hash ring.", "type": "integer", "minimum": 0 } } }, "useSourceIp": { "description": "Hash based on the source IP address.", "type": "boolean" } } }, "localityLbSetting": { "type": "object", "properties": { "distribute": { "description": "Optional: only one of distribute, failover or failoverPriority can be set.", "type": "array", "items": { "type": "object", "properties": { "from": { "description": "Originating locality, '/' separated, e.g.", "type": "string" }, "to": { "description": "Map of upstream localities to traffic distribution weights.", "type": "object", "additionalProperties": { "type": "integer", "maximum": 4294967295, "minimum": 0 } } } } }, "enabled": { "description": "Enable locality load balancing.", "type": "boolean", "nullable": true }, "failover": { "description": "Optional: only one of distribute, failover or failoverPriority can be set.", "type": "array", "items": { "type": "object", "properties": { "from": { "description": "Originating region.", "type": "string" }, "to": { "description": "Destination region the traffic will fail over to when endpoints in the 'from' region becomes unhealthy.", "type": "string" } } } }, "failoverPriority": { "description": "failoverPriority is an ordered list of labels used to sort endpoints to do priority based load balancing.", "type": "array", "items": { "type": "string" } } } }, "simple": { "description": "\n\nValid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST", "type": "string", "enum": [ "UNSPECIFIED", "LEAST_CONN", "RANDOM", "PASSTHROUGH", "ROUND_ROBIN", "LEAST_REQUEST" ] }, "warmup": { "description": "Represents the warmup configuration of Service.", "type": "object", "required": [ "duration" ], "properties": { "aggression": { "description": "This parameter controls the speed of traffic increase over the warmup duration.", "type": "number", "format": "double", "minimum": 1, "nullable": true }, "duration": { "type": "string", "x-kubernetes-validations": [ { "rule": "duration(self) >= duration('1ms')", "message": "must be a valid duration greater than 1ms" } ] }, "minimumPercent": { "type": "number", "format": "double", "maximum": 100, "minimum": 0, "nullable": true } } }, "warmupDurationSecs": { "description": "Deprecated: use `warmup` instead.", "type": "string", "x-kubernetes-validations": [ { "rule": "duration(self) >= duration('1ms')", "message": "must be a valid duration greater than 1ms" } ] } } }, "outlierDetection": { "type": "object", "properties": { "baseEjectionTime": { "description": "Minimum ejection duration.", "type": "string", "x-kubernetes-validations": [ { "rule": "duration(self) >= duration('1ms')", "message": "must be a valid duration greater than 1ms" } ] }, "consecutive5xxErrors": { "description": "Number of 5xx errors before a host is ejected from the connection pool.", "type": "integer", "maximum": 4294967295, "minimum": 0, "nullable": true }, "consecutiveErrors": { "type": "integer", "format": "int32" }, "consecutiveGatewayErrors": { "description": "Number of gateway errors before a host is ejected from the connection pool.", "type": "integer", "maximum": 4294967295, "minimum": 0, "nullable": true }, "consecutiveLocalOriginFailures": { "description": "The number of consecutive locally originated failures before ejection occurs.", "type": "integer", "maximum": 4294967295, "minimum": 0, "nullable": true }, "interval": { "description": "Time interval between ejection sweep analysis.", "type": "string", "x-kubernetes-validations": [ { "rule": "duration(self) >= duration('1ms')", "message": "must be a valid duration greater than 1ms" } ] }, "maxEjectionPercent": { "description": "Maximum % of hosts in the load balancing pool for the upstream service that can be ejected.", "type": "integer", "format": "int32" }, "minHealthPercent": { "description": "Outlier detection will be enabled as long as the associated load balancing pool has at least `minHealthPercent` hosts in healthy mode.", "type": "integer", "format": "int32" }, "splitExternalLocalOriginErrors": { "description": "Determines whether to distinguish local origin failures from external errors.", "type": "boolean" } } }, "portLevelSettings": { "description": "Traffic policies specific to individual ports.", "type": "array", "maxItems": 4096, "items": { "type": "object", "properties": { "connectionPool": { "type": "object", "properties": { "http": { "description": "HTTP connection pool settings.", "type": "object", "properties": { "h2UpgradePolicy": { "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.\n\nValid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE", "type": "string", "enum": [ "DEFAULT", "DO_NOT_UPGRADE", "UPGRADE" ] }, "http1MaxPendingRequests": { "description": "Maximum number of requests that will be queued while waiting for a ready connection pool connection.", "type": "integer", "format": "int32" }, "http2MaxRequests": { "description": "Maximum number of active requests to a destination.", "type": "integer", "format": "int32" }, "idleTimeout": { "description": "The idle timeout for upstream connection pool connections.", "type": "string", "x-kubernetes-validations": [ { "rule": "duration(self) >= duration('1ms')", "message": "must be a valid duration greater than 1ms" } ] }, "maxConcurrentStreams": { "description": "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection.", "type": "integer", "format": "int32" }, "maxRequestsPerConnection": { "description": "Maximum number of requests per connection to a backend.", "type": "integer", "format": "int32" }, "maxRetries": { "description": "Maximum number of retries that can be outstanding to all hosts in a cluster at a given time.", "type": "integer", "format": "int32" }, "useClientProtocol": { "description": "If set to true, client protocol will be preserved while initiating connection to backend.", "type": "boolean" } } }, "tcp": { "description": "Settings common to both HTTP and TCP upstream connections.", "type": "object", "properties": { "connectTimeout": { "description": "TCP connection timeout.", "type": "string", "x-kubernetes-validations": [ { "rule": "duration(self) >= duration('1ms')", "message": "must be a valid duration greater than 1ms" } ] }, "idleTimeout": { "description": "The idle timeout for TCP connections.", "type": "string", "x-kubernetes-validations": [ { "rule": "duration(self) >= duration('1ms')", "message": "must be a valid duration greater than 1ms" } ] }, "maxConnectionDuration": { "description": "The maximum duration of a connection.", "type": "string", "x-kubernetes-validations": [ { "rule": "duration(self) >= duration('1ms')", "message": "must be a valid duration greater than 1ms" } ] }, "maxConnections": { "description": "Maximum number of HTTP1 /TCP connections to a destination host.", "type": "integer", "format": "int32" }, "tcpKeepalive": { "description": "If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives.", "type": "object", "properties": { "interval": { "description": "The time duration between keep-alive probes.", "type": "string", "x-kubernetes-validations": [ { "rule": "duration(self) >= duration('1ms')", "message": "must be a valid duration greater than 1ms" } ] }, "probes": { "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", "type": "integer", "maximum": 4294967295, "minimum": 0 }, "time": { "description": "The time duration a connection needs to be idle before keep-alive probes start being sent.", "type": "string", "x-kubernetes-validations": [ { "rule": "duration(self) >= duration('1ms')", "message": "must be a valid duration greater than 1ms" } ] } } } } } } }, "loadBalancer": { "description": "Settings controlling the load balancer algorithms.", "type": "object", "oneOf": [ { "not": { "anyOf": [ { "required": [ "simple" ] }, { "required": [ "consistentHash" ] } ] } }, { "required": [ "simple" ] }, { "required": [ "consistentHash" ] } ], "properties": { "consistentHash": { "type": "object", "allOf": [ { "oneOf": [ { "not": { "anyOf": [ { "required": [ "httpHeaderName" ] }, { "required": [ "httpCookie" ] }, { "required": [ "useSourceIp" ] }, { "required": [ "httpQueryParameterName" ] } ] } }, { "required": [ "httpHeaderName" ] }, { "required": [ "httpCookie" ] }, { "required": [ "useSourceIp" ] }, { "required": [ "httpQueryParameterName" ] } ] }, { "oneOf": [ { "not": { "anyOf": [ { "required": [ "ringHash" ] }, { "required": [ "maglev" ] } ] } }, { "required": [ "ringHash" ] }, { "required": [ "maglev" ] } ] } ], "properties": { "httpCookie": { "description": "Hash based on HTTP cookie.", "type": "object", "required": [ "name" ], "properties": { "name": { "description": "Name of the cookie.", "type": "string" }, "path": { "description": "Path to set for the cookie.", "type": "string" }, "ttl": { "description": "Lifetime of the cookie.", "type": "string" } } }, "httpHeaderName": { "description": "Hash based on a specific HTTP header.", "type": "string" }, "httpQueryParameterName": { "description": "Hash based on a specific HTTP query parameter.", "type": "string" }, "maglev": { "description": "The Maglev load balancer implements consistent hashing to backend hosts.", "type": "object", "properties": { "tableSize": { "description": "The table size for Maglev hashing.", "type": "integer", "minimum": 0 } } }, "minimumRingSize": { "description": "Deprecated.", "type": "integer", "minimum": 0 }, "ringHash": { "description": "The ring/modulo hash load balancer implements consistent hashing to backend hosts.", "type": "object", "properties": { "minimumRingSize": { "description": "The minimum number of virtual nodes to use for the hash ring.", "type": "integer", "minimum": 0 } } }, "useSourceIp": { "description": "Hash based on the source IP address.", "type": "boolean" } } }, "localityLbSetting": { "type": "object", "properties": { "distribute": { "description": "Optional: only one of distribute, failover or failoverPriority can be set.", "type": "array", "items": { "type": "object", "properties": { "from": { "description": "Originating locality, '/' separated, e.g.", "type": "string" }, "to": { "description": "Map of upstream localities to traffic distribution weights.", "type": "object", "additionalProperties": { "type": "integer", "maximum": 4294967295, "minimum": 0 } } } } }, "enabled": { "description": "Enable locality load balancing.", "type": "boolean", "nullable": true }, "failover": { "description": "Optional: only one of distribute, failover or failoverPriority can be set.", "type": "array", "items": { "type": "object", "properties": { "from": { "description": "Originating region.", "type": "string" }, "to": { "description": "Destination region the traffic will fail over to when endpoints in the 'from' region becomes unhealthy.", "type": "string" } } } }, "failoverPriority": { "description": "failoverPriority is an ordered list of labels used to sort endpoints to do priority based load balancing.", "type": "array", "items": { "type": "string" } } } }, "simple": { "description": "\n\nValid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST", "type": "string", "enum": [ "UNSPECIFIED", "LEAST_CONN", "RANDOM", "PASSTHROUGH", "ROUND_ROBIN", "LEAST_REQUEST" ] }, "warmup": { "description": "Represents the warmup configuration of Service.", "type": "object", "required": [ "duration" ], "properties": { "aggression": { "description": "This parameter controls the speed of traffic increase over the warmup duration.", "type": "number", "format": "double", "minimum": 1, "nullable": true }, "duration": { "type": "string", "x-kubernetes-validations": [ { "rule": "duration(self) >= duration('1ms')", "message": "must be a valid duration greater than 1ms" } ] }, "minimumPercent": { "type": "number", "format": "double", "maximum": 100, "minimum": 0, "nullable": true } } }, "warmupDurationSecs": { "description": "Deprecated: use `warmup` instead.", "type": "string", "x-kubernetes-validations": [ { "rule": "duration(self) >= duration('1ms')", "message": "must be a valid duration greater than 1ms" } ] } } }, "outlierDetection": { "type": "object", "properties": { "baseEjectionTime": { "description": "Minimum ejection duration.", "type": "string", "x-kubernetes-validations": [ { "rule": "duration(self) >= duration('1ms')", "message": "must be a valid duration greater than 1ms" } ] }, "consecutive5xxErrors": { "description": "Number of 5xx errors before a host is ejected from the connection pool.", "type": "integer", "maximum": 4294967295, "minimum": 0, "nullable": true }, "consecutiveErrors": { "type": "integer", "format": "int32" }, "consecutiveGatewayErrors": { "description": "Number of gateway errors before a host is ejected from the connection pool.", "type": "integer", "maximum": 4294967295, "minimum": 0, "nullable": true }, "consecutiveLocalOriginFailures": { "description": "The number of consecutive locally originated failures before ejection occurs.", "type": "integer", "maximum": 4294967295, "minimum": 0, "nullable": true }, "interval": { "description": "Time interval between ejection sweep analysis.", "type": "string", "x-kubernetes-validations": [ { "rule": "duration(self) >= duration('1ms')", "message": "must be a valid duration greater than 1ms" } ] }, "maxEjectionPercent": { "description": "Maximum % of hosts in the load balancing pool for the upstream service that can be ejected.", "type": "integer", "format": "int32" }, "minHealthPercent": { "description": "Outlier detection will be enabled as long as the associated load balancing pool has at least `minHealthPercent` hosts in healthy mode.", "type": "integer", "format": "int32" }, "splitExternalLocalOriginErrors": { "description": "Determines whether to distinguish local origin failures from external errors.", "type": "boolean" } } }, "port": { "description": "Specifies the number of a port on the destination service on which this policy is being applied.", "type": "object", "properties": { "number": { "type": "integer", "maximum": 4294967295, "minimum": 0 } } }, "tls": { "description": "TLS related settings for connections to the upstream service.", "type": "object", "properties": { "caCertificates": { "description": "OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate.", "type": "string" }, "caCrl": { "description": "OPTIONAL: The path to the file containing the certificate revocation list (CRL) to use in verifying a presented server certificate.", "type": "string" }, "clientCertificate": { "description": "REQUIRED if mode is `MUTUAL`.", "type": "string" }, "credentialName": { "description": "The name of the secret that holds the TLS certs for the client including the CA certificates.", "type": "string" }, "insecureSkipVerify": { "description": "`insecureSkipVerify` specifies whether the proxy should skip verifying the CA signature and SAN for the server certificate corresponding to the host.", "type": "boolean", "nullable": true }, "mode": { "description": "Indicates whether connections to this port should be secured using TLS.\n\nValid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL", "type": "string", "enum": [ "DISABLE", "SIMPLE", "MUTUAL", "ISTIO_MUTUAL" ] }, "privateKey": { "description": "REQUIRED if mode is `MUTUAL`.", "type": "string" }, "sni": { "description": "SNI string to present to the server during TLS handshake.", "type": "string" }, "subjectAltNames": { "description": "A list of alternate names to verify the subject identity in the certificate.", "type": "array", "items": { "type": "string" } } } } } } }, "proxyProtocol": { "description": "The upstream PROXY protocol settings.", "type": "object", "properties": { "version": { "description": "The PROXY protocol version to use.\n\nValid Options: V1, V2", "type": "string", "enum": [ "V1", "V2" ] } } }, "tls": { "description": "TLS related settings for connections to the upstream service.", "type": "object", "properties": { "caCertificates": { "description": "OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate.", "type": "string" }, "caCrl": { "description": "OPTIONAL: The path to the file containing the certificate revocation list (CRL) to use in verifying a presented server certificate.", "type": "string" }, "clientCertificate": { "description": "REQUIRED if mode is `MUTUAL`.", "type": "string" }, "credentialName": { "description": "The name of the secret that holds the TLS certs for the client including the CA certificates.", "type": "string" }, "insecureSkipVerify": { "description": "`insecureSkipVerify` specifies whether the proxy should skip verifying the CA signature and SAN for the server certificate corresponding to the host.", "type": "boolean", "nullable": true }, "mode": { "description": "Indicates whether connections to this port should be secured using TLS.\n\nValid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL", "type": "string", "enum": [ "DISABLE", "SIMPLE", "MUTUAL", "ISTIO_MUTUAL" ] }, "privateKey": { "description": "REQUIRED if mode is `MUTUAL`.", "type": "string" }, "sni": { "description": "SNI string to present to the server during TLS handshake.", "type": "string" }, "subjectAltNames": { "description": "A list of alternate names to verify the subject identity in the certificate.", "type": "array", "items": { "type": "string" } } } }, "tunnel": { "description": "Configuration of tunneling TCP over other transport or application layers for the host configured in the DestinationRule.", "type": "object", "required": [ "targetHost", "targetPort" ], "properties": { "protocol": { "description": "Specifies which protocol to use for tunneling the downstream connection.", "type": "string" }, "targetHost": { "description": "Specifies a host to which the downstream connection is tunneled.", "type": "string" }, "targetPort": { "description": "Specifies a port to which the downstream connection is tunneled.", "type": "integer", "maximum": 4294967295, "minimum": 0 } } } } } } }, "type": "array" }, "trafficPolicy": { "description": "Traffic policies to apply (load balancing policy, connection pool sizes, outlier detection).", "properties": { "connectionPool": { "properties": { "http": { "description": "HTTP connection pool settings.", "properties": { "h2UpgradePolicy": { "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.\n\nValid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE", "_enum": [ "DEFAULT", "DO_NOT_UPGRADE", "UPGRADE" ], "type": "string" }, "http1MaxPendingRequests": { "description": "Maximum number of requests that will be queued while waiting for a ready connection pool connection.", "format": "int32", "type": "integer" }, "http2MaxRequests": { "description": "Maximum number of active requests to a destination.", "format": "int32", "type": "integer" }, "idleTimeout": { "description": "The idle timeout for upstream connection pool connections.", "type": "string", "x_kubernetes_validations": [ { "message": "must be a valid duration greater than 1ms", "rule": "duration(self) >= duration('1ms')" } ] }, "maxConcurrentStreams": { "description": "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection.", "format": "int32", "type": "integer" }, "maxRequestsPerConnection": { "description": "Maximum number of requests per connection to a backend.", "format": "int32", "type": "integer" }, "maxRetries": { "description": "Maximum number of retries that can be outstanding to all hosts in a cluster at a given time.", "format": "int32", "type": "integer" }, "useClientProtocol": { "description": "If set to true, client protocol will be preserved while initiating connection to backend.", "type": "boolean" } }, "type": "object" }, "tcp": { "description": "Settings common to both HTTP and TCP upstream connections.", "properties": { "connectTimeout": { "description": "TCP connection timeout.", "type": "string", "x_kubernetes_validations": [ { "message": "must be a valid duration greater than 1ms", "rule": "duration(self) >= duration('1ms')" } ] }, "idleTimeout": { "description": "The idle timeout for TCP connections.", "type": "string", "x_kubernetes_validations": [ { "message": "must be a valid duration greater than 1ms", "rule": "duration(self) >= duration('1ms')" } ] }, "maxConnectionDuration": { "description": "The maximum duration of a connection.", "type": "string", "x_kubernetes_validations": [ { "message": "must be a valid duration greater than 1ms", "rule": "duration(self) >= duration('1ms')" } ] }, "maxConnections": { "description": "Maximum number of HTTP1 /TCP connections to a destination host.", "format": "int32", "type": "integer" }, "tcpKeepalive": { "description": "If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives.", "properties": { "interval": { "description": "The time duration between keep-alive probes.", "type": "string", "x_kubernetes_validations": [ { "message": "must be a valid duration greater than 1ms", "rule": "duration(self) >= duration('1ms')" } ] }, "probes": { "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", "maximum": 4294967295, "minimum": 0, "type": "integer" }, "time": { "description": "The time duration a connection needs to be idle before keep-alive probes start being sent.", "type": "string", "x_kubernetes_validations": [ { "message": "must be a valid duration greater than 1ms", "rule": "duration(self) >= duration('1ms')" } ] } }, "type": "object" } }, "type": "object" } }, "type": "object" }, "loadBalancer": { "description": "Settings controlling the load balancer algorithms.", "oneOf": [ { "not": { "anyOf": [ { "required": [ "simple" ] }, { "required": [ "consistentHash" ] } ] } }, { "required": [ "simple" ] }, { "required": [ "consistentHash" ] } ], "properties": { "consistentHash": { "allOf": [ { "oneOf": [ { "not": { "anyOf": [ { "required": [ "httpHeaderName" ] }, { "required": [ "httpCookie" ] }, { "required": [ "useSourceIp" ] }, { "required": [ "httpQueryParameterName" ] } ] } }, { "required": [ "httpHeaderName" ] }, { "required": [ "httpCookie" ] }, { "required": [ "useSourceIp" ] }, { "required": [ "httpQueryParameterName" ] } ] }, { "oneOf": [ { "not": { "anyOf": [ { "required": [ "ringHash" ] }, { "required": [ "maglev" ] } ] } }, { "required": [ "ringHash" ] }, { "required": [ "maglev" ] } ] } ], "properties": { "httpCookie": { "description": "Hash based on HTTP cookie.", "properties": { "name": { "description": "Name of the cookie.", "type": "string" }, "path": { "description": "Path to set for the cookie.", "type": "string" }, "ttl": { "description": "Lifetime of the cookie.", "type": "string" } }, "required": [ "name" ], "type": "object" }, "httpHeaderName": { "description": "Hash based on a specific HTTP header.", "type": "string" }, "httpQueryParameterName": { "description": "Hash based on a specific HTTP query parameter.", "type": "string" }, "maglev": { "description": "The Maglev load balancer implements consistent hashing to backend hosts.", "properties": { "tableSize": { "description": "The table size for Maglev hashing.", "minimum": 0, "type": "integer" } }, "type": "object" }, "minimumRingSize": { "description": "Deprecated.", "minimum": 0, "type": "integer" }, "ringHash": { "description": "The ring/modulo hash load balancer implements consistent hashing to backend hosts.", "properties": { "minimumRingSize": { "description": "The minimum number of virtual nodes to use for the hash ring.", "minimum": 0, "type": "integer" } }, "type": "object" }, "useSourceIp": { "description": "Hash based on the source IP address.", "type": "boolean" } }, "type": "object" }, "localityLbSetting": { "properties": { "distribute": { "description": "Optional: only one of distribute, failover or failoverPriority can be set.", "items": { "type": "object", "properties": { "from": { "description": "Originating locality, '/' separated, e.g.", "type": "string" }, "to": { "description": "Map of upstream localities to traffic distribution weights.", "type": "object", "additionalProperties": { "type": "integer", "maximum": 4294967295, "minimum": 0 } } } }, "type": "array" }, "enabled": { "description": "Enable locality load balancing.", "nullable": true, "type": "boolean" }, "failover": { "description": "Optional: only one of distribute, failover or failoverPriority can be set.", "items": { "type": "object", "properties": { "from": { "description": "Originating region.", "type": "string" }, "to": { "description": "Destination region the traffic will fail over to when endpoints in the 'from' region becomes unhealthy.", "type": "string" } } }, "type": "array" }, "failoverPriority": { "description": "failoverPriority is an ordered list of labels used to sort endpoints to do priority based load balancing.", "items": { "type": "string" }, "type": "array" } }, "type": "object" }, "simple": { "description": "\n\nValid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST", "_enum": [ "UNSPECIFIED", "LEAST_CONN", "RANDOM", "PASSTHROUGH", "ROUND_ROBIN", "LEAST_REQUEST" ], "type": "string" }, "warmup": { "description": "Represents the warmup configuration of Service.", "properties": { "aggression": { "description": "This parameter controls the speed of traffic increase over the warmup duration.", "format": "double", "minimum": 1, "nullable": true, "type": "number" }, "duration": { "type": "string", "x_kubernetes_validations": [ { "message": "must be a valid duration greater than 1ms", "rule": "duration(self) >= duration('1ms')" } ] }, "minimumPercent": { "format": "double", "maximum": 100, "minimum": 0, "nullable": true, "type": "number" } }, "required": [ "duration" ], "type": "object" }, "warmupDurationSecs": { "description": "Deprecated: use `warmup` instead.", "type": "string", "x_kubernetes_validations": [ { "message": "must be a valid duration greater than 1ms", "rule": "duration(self) >= duration('1ms')" } ] } }, "type": "object" }, "outlierDetection": { "properties": { "baseEjectionTime": { "description": "Minimum ejection duration.", "type": "string", "x_kubernetes_validations": [ { "message": "must be a valid duration greater than 1ms", "rule": "duration(self) >= duration('1ms')" } ] }, "consecutive5xxErrors": { "description": "Number of 5xx errors before a host is ejected from the connection pool.", "maximum": 4294967295, "minimum": 0, "nullable": true, "type": "integer" }, "consecutiveErrors": { "format": "int32", "type": "integer" }, "consecutiveGatewayErrors": { "description": "Number of gateway errors before a host is ejected from the connection pool.", "maximum": 4294967295, "minimum": 0, "nullable": true, "type": "integer" }, "consecutiveLocalOriginFailures": { "description": "The number of consecutive locally originated failures before ejection occurs.", "maximum": 4294967295, "minimum": 0, "nullable": true, "type": "integer" }, "interval": { "description": "Time interval between ejection sweep analysis.", "type": "string", "x_kubernetes_validations": [ { "message": "must be a valid duration greater than 1ms", "rule": "duration(self) >= duration('1ms')" } ] }, "maxEjectionPercent": { "description": "Maximum % of hosts in the load balancing pool for the upstream service that can be ejected.", "format": "int32", "type": "integer" }, "minHealthPercent": { "description": "Outlier detection will be enabled as long as the associated load balancing pool has at least `minHealthPercent` hosts in healthy mode.", "format": "int32", "type": "integer" }, "splitExternalLocalOriginErrors": { "description": "Determines whether to distinguish local origin failures from external errors.", "type": "boolean" } }, "type": "object" }, "portLevelSettings": { "description": "Traffic policies specific to individual ports.", "items": { "type": "object", "properties": { "connectionPool": { "type": "object", "properties": { "http": { "description": "HTTP connection pool settings.", "type": "object", "properties": { "h2UpgradePolicy": { "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.\n\nValid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE", "type": "string", "enum": [ "DEFAULT", "DO_NOT_UPGRADE", "UPGRADE" ] }, "http1MaxPendingRequests": { "description": "Maximum number of requests that will be queued while waiting for a ready connection pool connection.", "type": "integer", "format": "int32" }, "http2MaxRequests": { "description": "Maximum number of active requests to a destination.", "type": "integer", "format": "int32" }, "idleTimeout": { "description": "The idle timeout for upstream connection pool connections.", "type": "string", "x-kubernetes-validations": [ { "rule": "duration(self) >= duration('1ms')", "message": "must be a valid duration greater than 1ms" } ] }, "maxConcurrentStreams": { "description": "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection.", "type": "integer", "format": "int32" }, "maxRequestsPerConnection": { "description": "Maximum number of requests per connection to a backend.", "type": "integer", "format": "int32" }, "maxRetries": { "description": "Maximum number of retries that can be outstanding to all hosts in a cluster at a given time.", "type": "integer", "format": "int32" }, "useClientProtocol": { "description": "If set to true, client protocol will be preserved while initiating connection to backend.", "type": "boolean" } } }, "tcp": { "description": "Settings common to both HTTP and TCP upstream connections.", "type": "object", "properties": { "connectTimeout": { "description": "TCP connection timeout.", "type": "string", "x-kubernetes-validations": [ { "rule": "duration(self) >= duration('1ms')", "message": "must be a valid duration greater than 1ms" } ] }, "idleTimeout": { "description": "The idle timeout for TCP connections.", "type": "string", "x-kubernetes-validations": [ { "rule": "duration(self) >= duration('1ms')", "message": "must be a valid duration greater than 1ms" } ] }, "maxConnectionDuration": { "description": "The maximum duration of a connection.", "type": "string", "x-kubernetes-validations": [ { "rule": "duration(self) >= duration('1ms')", "message": "must be a valid duration greater than 1ms" } ] }, "maxConnections": { "description": "Maximum number of HTTP1 /TCP connections to a destination host.", "type": "integer", "format": "int32" }, "tcpKeepalive": { "description": "If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives.", "type": "object", "properties": { "interval": { "description": "The time duration between keep-alive probes.", "type": "string", "x-kubernetes-validations": [ { "rule": "duration(self) >= duration('1ms')", "message": "must be a valid duration greater than 1ms" } ] }, "probes": { "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", "type": "integer", "maximum": 4294967295, "minimum": 0 }, "time": { "description": "The time duration a connection needs to be idle before keep-alive probes start being sent.", "type": "string", "x-kubernetes-validations": [ { "rule": "duration(self) >= duration('1ms')", "message": "must be a valid duration greater than 1ms" } ] } } } } } } }, "loadBalancer": { "description": "Settings controlling the load balancer algorithms.", "type": "object", "oneOf": [ { "not": { "anyOf": [ { "required": [ "simple" ] }, { "required": [ "consistentHash" ] } ] } }, { "required": [ "simple" ] }, { "required": [ "consistentHash" ] } ], "properties": { "consistentHash": { "type": "object", "allOf": [ { "oneOf": [ { "not": { "anyOf": [ { "required": [ "httpHeaderName" ] }, { "required": [ "httpCookie" ] }, { "required": [ "useSourceIp" ] }, { "required": [ "httpQueryParameterName" ] } ] } }, { "required": [ "httpHeaderName" ] }, { "required": [ "httpCookie" ] }, { "required": [ "useSourceIp" ] }, { "required": [ "httpQueryParameterName" ] } ] }, { "oneOf": [ { "not": { "anyOf": [ { "required": [ "ringHash" ] }, { "required": [ "maglev" ] } ] } }, { "required": [ "ringHash" ] }, { "required": [ "maglev" ] } ] } ], "properties": { "httpCookie": { "description": "Hash based on HTTP cookie.", "type": "object", "required": [ "name" ], "properties": { "name": { "description": "Name of the cookie.", "type": "string" }, "path": { "description": "Path to set for the cookie.", "type": "string" }, "ttl": { "description": "Lifetime of the cookie.", "type": "string" } } }, "httpHeaderName": { "description": "Hash based on a specific HTTP header.", "type": "string" }, "httpQueryParameterName": { "description": "Hash based on a specific HTTP query parameter.", "type": "string" }, "maglev": { "description": "The Maglev load balancer implements consistent hashing to backend hosts.", "type": "object", "properties": { "tableSize": { "description": "The table size for Maglev hashing.", "type": "integer", "minimum": 0 } } }, "minimumRingSize": { "description": "Deprecated.", "type": "integer", "minimum": 0 }, "ringHash": { "description": "The ring/modulo hash load balancer implements consistent hashing to backend hosts.", "type": "object", "properties": { "minimumRingSize": { "description": "The minimum number of virtual nodes to use for the hash ring.", "type": "integer", "minimum": 0 } } }, "useSourceIp": { "description": "Hash based on the source IP address.", "type": "boolean" } } }, "localityLbSetting": { "type": "object", "properties": { "distribute": { "description": "Optional: only one of distribute, failover or failoverPriority can be set.", "type": "array", "items": { "type": "object", "properties": { "from": { "description": "Originating locality, '/' separated, e.g.", "type": "string" }, "to": { "description": "Map of upstream localities to traffic distribution weights.", "type": "object", "additionalProperties": { "type": "integer", "maximum": 4294967295, "minimum": 0 } } } } }, "enabled": { "description": "Enable locality load balancing.", "type": "boolean", "nullable": true }, "failover": { "description": "Optional: only one of distribute, failover or failoverPriority can be set.", "type": "array", "items": { "type": "object", "properties": { "from": { "description": "Originating region.", "type": "string" }, "to": { "description": "Destination region the traffic will fail over to when endpoints in the 'from' region becomes unhealthy.", "type": "string" } } } }, "failoverPriority": { "description": "failoverPriority is an ordered list of labels used to sort endpoints to do priority based load balancing.", "type": "array", "items": { "type": "string" } } } }, "simple": { "description": "\n\nValid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST", "type": "string", "enum": [ "UNSPECIFIED", "LEAST_CONN", "RANDOM", "PASSTHROUGH", "ROUND_ROBIN", "LEAST_REQUEST" ] }, "warmup": { "description": "Represents the warmup configuration of Service.", "type": "object", "required": [ "duration" ], "properties": { "aggression": { "description": "This parameter controls the speed of traffic increase over the warmup duration.", "type": "number", "format": "double", "minimum": 1, "nullable": true }, "duration": { "type": "string", "x-kubernetes-validations": [ { "rule": "duration(self) >= duration('1ms')", "message": "must be a valid duration greater than 1ms" } ] }, "minimumPercent": { "type": "number", "format": "double", "maximum": 100, "minimum": 0, "nullable": true } } }, "warmupDurationSecs": { "description": "Deprecated: use `warmup` instead.", "type": "string", "x-kubernetes-validations": [ { "rule": "duration(self) >= duration('1ms')", "message": "must be a valid duration greater than 1ms" } ] } } }, "outlierDetection": { "type": "object", "properties": { "baseEjectionTime": { "description": "Minimum ejection duration.", "type": "string", "x-kubernetes-validations": [ { "rule": "duration(self) >= duration('1ms')", "message": "must be a valid duration greater than 1ms" } ] }, "consecutive5xxErrors": { "description": "Number of 5xx errors before a host is ejected from the connection pool.", "type": "integer", "maximum": 4294967295, "minimum": 0, "nullable": true }, "consecutiveErrors": { "type": "integer", "format": "int32" }, "consecutiveGatewayErrors": { "description": "Number of gateway errors before a host is ejected from the connection pool.", "type": "integer", "maximum": 4294967295, "minimum": 0, "nullable": true }, "consecutiveLocalOriginFailures": { "description": "The number of consecutive locally originated failures before ejection occurs.", "type": "integer", "maximum": 4294967295, "minimum": 0, "nullable": true }, "interval": { "description": "Time interval between ejection sweep analysis.", "type": "string", "x-kubernetes-validations": [ { "rule": "duration(self) >= duration('1ms')", "message": "must be a valid duration greater than 1ms" } ] }, "maxEjectionPercent": { "description": "Maximum % of hosts in the load balancing pool for the upstream service that can be ejected.", "type": "integer", "format": "int32" }, "minHealthPercent": { "description": "Outlier detection will be enabled as long as the associated load balancing pool has at least `minHealthPercent` hosts in healthy mode.", "type": "integer", "format": "int32" }, "splitExternalLocalOriginErrors": { "description": "Determines whether to distinguish local origin failures from external errors.", "type": "boolean" } } }, "port": { "description": "Specifies the number of a port on the destination service on which this policy is being applied.", "type": "object", "properties": { "number": { "type": "integer", "maximum": 4294967295, "minimum": 0 } } }, "tls": { "description": "TLS related settings for connections to the upstream service.", "type": "object", "properties": { "caCertificates": { "description": "OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate.", "type": "string" }, "caCrl": { "description": "OPTIONAL: The path to the file containing the certificate revocation list (CRL) to use in verifying a presented server certificate.", "type": "string" }, "clientCertificate": { "description": "REQUIRED if mode is `MUTUAL`.", "type": "string" }, "credentialName": { "description": "The name of the secret that holds the TLS certs for the client including the CA certificates.", "type": "string" }, "insecureSkipVerify": { "description": "`insecureSkipVerify` specifies whether the proxy should skip verifying the CA signature and SAN for the server certificate corresponding to the host.", "type": "boolean", "nullable": true }, "mode": { "description": "Indicates whether connections to this port should be secured using TLS.\n\nValid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL", "type": "string", "enum": [ "DISABLE", "SIMPLE", "MUTUAL", "ISTIO_MUTUAL" ] }, "privateKey": { "description": "REQUIRED if mode is `MUTUAL`.", "type": "string" }, "sni": { "description": "SNI string to present to the server during TLS handshake.", "type": "string" }, "subjectAltNames": { "description": "A list of alternate names to verify the subject identity in the certificate.", "type": "array", "items": { "type": "string" } } } } } }, "maxItems": 4096, "type": "array" }, "proxyProtocol": { "description": "The upstream PROXY protocol settings.", "properties": { "version": { "description": "The PROXY protocol version to use.\n\nValid Options: V1, V2", "_enum": [ "V1", "V2" ], "type": "string" } }, "type": "object" }, "tls": { "description": "TLS related settings for connections to the upstream service.", "properties": { "caCertificates": { "description": "OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate.", "type": "string" }, "caCrl": { "description": "OPTIONAL: The path to the file containing the certificate revocation list (CRL) to use in verifying a presented server certificate.", "type": "string" }, "clientCertificate": { "description": "REQUIRED if mode is `MUTUAL`.", "type": "string" }, "credentialName": { "description": "The name of the secret that holds the TLS certs for the client including the CA certificates.", "type": "string" }, "insecureSkipVerify": { "description": "`insecureSkipVerify` specifies whether the proxy should skip verifying the CA signature and SAN for the server certificate corresponding to the host.", "nullable": true, "type": "boolean" }, "mode": { "description": "Indicates whether connections to this port should be secured using TLS.\n\nValid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL", "_enum": [ "DISABLE", "SIMPLE", "MUTUAL", "ISTIO_MUTUAL" ], "type": "string" }, "privateKey": { "description": "REQUIRED if mode is `MUTUAL`.", "type": "string" }, "sni": { "description": "SNI string to present to the server during TLS handshake.", "type": "string" }, "subjectAltNames": { "description": "A list of alternate names to verify the subject identity in the certificate.", "items": { "type": "string" }, "type": "array" } }, "type": "object" }, "tunnel": { "description": "Configuration of tunneling TCP over other transport or application layers for the host configured in the DestinationRule.", "properties": { "protocol": { "description": "Specifies which protocol to use for tunneling the downstream connection.", "type": "string" }, "targetHost": { "description": "Specifies a host to which the downstream connection is tunneled.", "type": "string" }, "targetPort": { "description": "Specifies a port to which the downstream connection is tunneled.", "maximum": 4294967295, "minimum": 0, "type": "integer" } }, "required": [ "targetHost", "targetPort" ], "type": "object" } }, "type": "object" }, "workloadSelector": { "description": "Criteria used to select the specific set of pods/VMs on which this `DestinationRule` configuration should be applied.", "properties": { "matchLabels": { "additionalProperties": { "type": "string", "maxLength": 63, "x-kubernetes-validations": [ { "rule": "!self.contains('*')", "message": "wildcard not allowed in label value match" } ] }, "description": "One or more labels that indicate a specific set of pods/VMs on which a policy should be applied.", "maxProperties": 4096, "type": "object", "x_kubernetes_validations": [ { "message": "wildcard not allowed in label key match", "rule": "self.all(key, !key.contains('*'))" }, { "message": "key must not be empty", "rule": "self.all(key, key.size() != 0)" } ] } }, "type": "object" } }, "required": [ "host" ], "type": "object" }, "status": { "properties": { "conditions": { "description": "Current service state of the resource.", "items": { "type": "object", "properties": { "lastProbeTime": { "description": "Last time we probed the condition.", "type": "string", "format": "date-time" }, "lastTransitionTime": { "description": "Last time the condition transitioned from one status to another.", "type": "string", "format": "date-time" }, "message": { "description": "Human-readable message indicating details about last transition.", "type": "string" }, "reason": { "description": "Unique, one-word, CamelCase reason for the condition's last transition.", "type": "string" }, "status": { "description": "Status is the status of the condition.", "type": "string" }, "type": { "description": "Type is the type of the condition.", "type": "string" } } }, "type": "array" }, "observedGeneration": { "anyOf": [ { "type": "integer" }, { "type": "string" } ], "description": "Resource Generation to which the Reconciled Condition refers.", "x_kubernetes_int_or_string": true }, "validationMessages": { "description": "Includes any errors or warnings detected by Istio's analyzers.", "items": { "type": "object", "properties": { "documentationUrl": { "description": "A url pointing to the Istio documentation for this specific error type.", "type": "string" }, "level": { "description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO", "type": "string", "enum": [ "UNKNOWN", "ERROR", "WARNING", "INFO" ] }, "type": { "type": "object", "properties": { "code": { "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.", "type": "string" }, "name": { "description": "A human-readable name for the message type.", "type": "string" } } } } }, "type": "array" } }, "type": "object", "x_kubernetes_preserve_unknown_fields": true } }, "type": "object" }