mirror of
https://github.com/morten-olsen/homelab-operator.git
synced 2026-02-08 01:36:28 +01:00
853 lines
29 KiB
TypeScript
853 lines
29 KiB
TypeScript
/* eslint-disable */
|
|
/**
|
|
* This file was automatically generated by json-schema-to-typescript.
|
|
* DO NOT MODIFY IT BY HAND. Instead, modify the source JSONSchema file,
|
|
* and run json-schema-to-typescript to regenerate this file.
|
|
*/
|
|
|
|
export interface K8SDestinationRuleV1 {
|
|
/**
|
|
* Configuration affecting load balancing, outlier detection, etc. See more details at: https://istio.io/docs/reference/config/networking/destination-rule.html
|
|
*/
|
|
spec?: {
|
|
/**
|
|
* A list of namespaces to which this destination rule is exported.
|
|
*/
|
|
exportTo?: string[];
|
|
/**
|
|
* The name of a service from the service registry.
|
|
*/
|
|
host: string;
|
|
/**
|
|
* One or more named sets that represent individual versions of a service.
|
|
*/
|
|
subsets?: {
|
|
/**
|
|
* Labels apply a filter over the endpoints of a service in the service registry.
|
|
*/
|
|
labels?: {
|
|
[k: string]: string;
|
|
};
|
|
/**
|
|
* Name of the subset.
|
|
*/
|
|
name: string;
|
|
/**
|
|
* Traffic policies that apply to this subset.
|
|
*/
|
|
trafficPolicy?: {
|
|
connectionPool?: {
|
|
/**
|
|
* HTTP connection pool settings.
|
|
*/
|
|
http?: {
|
|
/**
|
|
* Specify if http1.1 connection should be upgraded to http2 for the associated destination.
|
|
*
|
|
* Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE
|
|
*/
|
|
h2UpgradePolicy?: "DEFAULT" | "DO_NOT_UPGRADE" | "UPGRADE";
|
|
/**
|
|
* Maximum number of requests that will be queued while waiting for a ready connection pool connection.
|
|
*/
|
|
http1MaxPendingRequests?: number;
|
|
/**
|
|
* Maximum number of active requests to a destination.
|
|
*/
|
|
http2MaxRequests?: number;
|
|
/**
|
|
* The idle timeout for upstream connection pool connections.
|
|
*/
|
|
idleTimeout?: string;
|
|
/**
|
|
* The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection.
|
|
*/
|
|
maxConcurrentStreams?: number;
|
|
/**
|
|
* Maximum number of requests per connection to a backend.
|
|
*/
|
|
maxRequestsPerConnection?: number;
|
|
/**
|
|
* Maximum number of retries that can be outstanding to all hosts in a cluster at a given time.
|
|
*/
|
|
maxRetries?: number;
|
|
/**
|
|
* If set to true, client protocol will be preserved while initiating connection to backend.
|
|
*/
|
|
useClientProtocol?: boolean;
|
|
};
|
|
/**
|
|
* Settings common to both HTTP and TCP upstream connections.
|
|
*/
|
|
tcp?: {
|
|
/**
|
|
* TCP connection timeout.
|
|
*/
|
|
connectTimeout?: string;
|
|
/**
|
|
* The idle timeout for TCP connections.
|
|
*/
|
|
idleTimeout?: string;
|
|
/**
|
|
* The maximum duration of a connection.
|
|
*/
|
|
maxConnectionDuration?: string;
|
|
/**
|
|
* Maximum number of HTTP1 /TCP connections to a destination host.
|
|
*/
|
|
maxConnections?: number;
|
|
/**
|
|
* If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives.
|
|
*/
|
|
tcpKeepalive?: {
|
|
/**
|
|
* The time duration between keep-alive probes.
|
|
*/
|
|
interval?: string;
|
|
/**
|
|
* Maximum number of keepalive probes to send without response before deciding the connection is dead.
|
|
*/
|
|
probes?: number;
|
|
/**
|
|
* The time duration a connection needs to be idle before keep-alive probes start being sent.
|
|
*/
|
|
time?: string;
|
|
};
|
|
};
|
|
};
|
|
/**
|
|
* Settings controlling the load balancer algorithms.
|
|
*/
|
|
loadBalancer?: {
|
|
[k: string]: unknown;
|
|
};
|
|
outlierDetection?: {
|
|
/**
|
|
* Minimum ejection duration.
|
|
*/
|
|
baseEjectionTime?: string;
|
|
/**
|
|
* Number of 5xx errors before a host is ejected from the connection pool.
|
|
*/
|
|
consecutive5xxErrors?: number;
|
|
consecutiveErrors?: number;
|
|
/**
|
|
* Number of gateway errors before a host is ejected from the connection pool.
|
|
*/
|
|
consecutiveGatewayErrors?: number;
|
|
/**
|
|
* The number of consecutive locally originated failures before ejection occurs.
|
|
*/
|
|
consecutiveLocalOriginFailures?: number;
|
|
/**
|
|
* Time interval between ejection sweep analysis.
|
|
*/
|
|
interval?: string;
|
|
/**
|
|
* Maximum % of hosts in the load balancing pool for the upstream service that can be ejected.
|
|
*/
|
|
maxEjectionPercent?: number;
|
|
/**
|
|
* Outlier detection will be enabled as long as the associated load balancing pool has at least `minHealthPercent` hosts in healthy mode.
|
|
*/
|
|
minHealthPercent?: number;
|
|
/**
|
|
* Determines whether to distinguish local origin failures from external errors.
|
|
*/
|
|
splitExternalLocalOriginErrors?: boolean;
|
|
};
|
|
/**
|
|
* Traffic policies specific to individual ports.
|
|
*
|
|
* @maxItems 4096
|
|
*/
|
|
portLevelSettings?: {
|
|
connectionPool?: {
|
|
/**
|
|
* HTTP connection pool settings.
|
|
*/
|
|
http?: {
|
|
/**
|
|
* Specify if http1.1 connection should be upgraded to http2 for the associated destination.
|
|
*
|
|
* Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE
|
|
*/
|
|
h2UpgradePolicy?: "DEFAULT" | "DO_NOT_UPGRADE" | "UPGRADE";
|
|
/**
|
|
* Maximum number of requests that will be queued while waiting for a ready connection pool connection.
|
|
*/
|
|
http1MaxPendingRequests?: number;
|
|
/**
|
|
* Maximum number of active requests to a destination.
|
|
*/
|
|
http2MaxRequests?: number;
|
|
/**
|
|
* The idle timeout for upstream connection pool connections.
|
|
*/
|
|
idleTimeout?: string;
|
|
/**
|
|
* The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection.
|
|
*/
|
|
maxConcurrentStreams?: number;
|
|
/**
|
|
* Maximum number of requests per connection to a backend.
|
|
*/
|
|
maxRequestsPerConnection?: number;
|
|
/**
|
|
* Maximum number of retries that can be outstanding to all hosts in a cluster at a given time.
|
|
*/
|
|
maxRetries?: number;
|
|
/**
|
|
* If set to true, client protocol will be preserved while initiating connection to backend.
|
|
*/
|
|
useClientProtocol?: boolean;
|
|
};
|
|
/**
|
|
* Settings common to both HTTP and TCP upstream connections.
|
|
*/
|
|
tcp?: {
|
|
/**
|
|
* TCP connection timeout.
|
|
*/
|
|
connectTimeout?: string;
|
|
/**
|
|
* The idle timeout for TCP connections.
|
|
*/
|
|
idleTimeout?: string;
|
|
/**
|
|
* The maximum duration of a connection.
|
|
*/
|
|
maxConnectionDuration?: string;
|
|
/**
|
|
* Maximum number of HTTP1 /TCP connections to a destination host.
|
|
*/
|
|
maxConnections?: number;
|
|
/**
|
|
* If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives.
|
|
*/
|
|
tcpKeepalive?: {
|
|
/**
|
|
* The time duration between keep-alive probes.
|
|
*/
|
|
interval?: string;
|
|
/**
|
|
* Maximum number of keepalive probes to send without response before deciding the connection is dead.
|
|
*/
|
|
probes?: number;
|
|
/**
|
|
* The time duration a connection needs to be idle before keep-alive probes start being sent.
|
|
*/
|
|
time?: string;
|
|
};
|
|
};
|
|
};
|
|
/**
|
|
* Settings controlling the load balancer algorithms.
|
|
*/
|
|
loadBalancer?: {
|
|
[k: string]: unknown;
|
|
};
|
|
outlierDetection?: {
|
|
/**
|
|
* Minimum ejection duration.
|
|
*/
|
|
baseEjectionTime?: string;
|
|
/**
|
|
* Number of 5xx errors before a host is ejected from the connection pool.
|
|
*/
|
|
consecutive5xxErrors?: number;
|
|
consecutiveErrors?: number;
|
|
/**
|
|
* Number of gateway errors before a host is ejected from the connection pool.
|
|
*/
|
|
consecutiveGatewayErrors?: number;
|
|
/**
|
|
* The number of consecutive locally originated failures before ejection occurs.
|
|
*/
|
|
consecutiveLocalOriginFailures?: number;
|
|
/**
|
|
* Time interval between ejection sweep analysis.
|
|
*/
|
|
interval?: string;
|
|
/**
|
|
* Maximum % of hosts in the load balancing pool for the upstream service that can be ejected.
|
|
*/
|
|
maxEjectionPercent?: number;
|
|
/**
|
|
* Outlier detection will be enabled as long as the associated load balancing pool has at least `minHealthPercent` hosts in healthy mode.
|
|
*/
|
|
minHealthPercent?: number;
|
|
/**
|
|
* Determines whether to distinguish local origin failures from external errors.
|
|
*/
|
|
splitExternalLocalOriginErrors?: boolean;
|
|
};
|
|
/**
|
|
* Specifies the number of a port on the destination service on which this policy is being applied.
|
|
*/
|
|
port?: {
|
|
number?: number;
|
|
};
|
|
/**
|
|
* TLS related settings for connections to the upstream service.
|
|
*/
|
|
tls?: {
|
|
/**
|
|
* OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate.
|
|
*/
|
|
caCertificates?: string;
|
|
/**
|
|
* OPTIONAL: The path to the file containing the certificate revocation list (CRL) to use in verifying a presented server certificate.
|
|
*/
|
|
caCrl?: string;
|
|
/**
|
|
* REQUIRED if mode is `MUTUAL`.
|
|
*/
|
|
clientCertificate?: string;
|
|
/**
|
|
* The name of the secret that holds the TLS certs for the client including the CA certificates.
|
|
*/
|
|
credentialName?: string;
|
|
/**
|
|
* `insecureSkipVerify` specifies whether the proxy should skip verifying the CA signature and SAN for the server certificate corresponding to the host.
|
|
*/
|
|
insecureSkipVerify?: boolean;
|
|
/**
|
|
* Indicates whether connections to this port should be secured using TLS.
|
|
*
|
|
* Valid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL
|
|
*/
|
|
mode?: "DISABLE" | "SIMPLE" | "MUTUAL" | "ISTIO_MUTUAL";
|
|
/**
|
|
* REQUIRED if mode is `MUTUAL`.
|
|
*/
|
|
privateKey?: string;
|
|
/**
|
|
* SNI string to present to the server during TLS handshake.
|
|
*/
|
|
sni?: string;
|
|
/**
|
|
* A list of alternate names to verify the subject identity in the certificate.
|
|
*/
|
|
subjectAltNames?: string[];
|
|
};
|
|
}[];
|
|
/**
|
|
* The upstream PROXY protocol settings.
|
|
*/
|
|
proxyProtocol?: {
|
|
/**
|
|
* The PROXY protocol version to use.
|
|
*
|
|
* Valid Options: V1, V2
|
|
*/
|
|
version?: "V1" | "V2";
|
|
};
|
|
/**
|
|
* TLS related settings for connections to the upstream service.
|
|
*/
|
|
tls?: {
|
|
/**
|
|
* OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate.
|
|
*/
|
|
caCertificates?: string;
|
|
/**
|
|
* OPTIONAL: The path to the file containing the certificate revocation list (CRL) to use in verifying a presented server certificate.
|
|
*/
|
|
caCrl?: string;
|
|
/**
|
|
* REQUIRED if mode is `MUTUAL`.
|
|
*/
|
|
clientCertificate?: string;
|
|
/**
|
|
* The name of the secret that holds the TLS certs for the client including the CA certificates.
|
|
*/
|
|
credentialName?: string;
|
|
/**
|
|
* `insecureSkipVerify` specifies whether the proxy should skip verifying the CA signature and SAN for the server certificate corresponding to the host.
|
|
*/
|
|
insecureSkipVerify?: boolean;
|
|
/**
|
|
* Indicates whether connections to this port should be secured using TLS.
|
|
*
|
|
* Valid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL
|
|
*/
|
|
mode?: "DISABLE" | "SIMPLE" | "MUTUAL" | "ISTIO_MUTUAL";
|
|
/**
|
|
* REQUIRED if mode is `MUTUAL`.
|
|
*/
|
|
privateKey?: string;
|
|
/**
|
|
* SNI string to present to the server during TLS handshake.
|
|
*/
|
|
sni?: string;
|
|
/**
|
|
* A list of alternate names to verify the subject identity in the certificate.
|
|
*/
|
|
subjectAltNames?: string[];
|
|
};
|
|
/**
|
|
* Configuration of tunneling TCP over other transport or application layers for the host configured in the DestinationRule.
|
|
*/
|
|
tunnel?: {
|
|
/**
|
|
* Specifies which protocol to use for tunneling the downstream connection.
|
|
*/
|
|
protocol?: string;
|
|
/**
|
|
* Specifies a host to which the downstream connection is tunneled.
|
|
*/
|
|
targetHost: string;
|
|
/**
|
|
* Specifies a port to which the downstream connection is tunneled.
|
|
*/
|
|
targetPort: number;
|
|
};
|
|
};
|
|
}[];
|
|
/**
|
|
* Traffic policies to apply (load balancing policy, connection pool sizes, outlier detection).
|
|
*/
|
|
trafficPolicy?: {
|
|
connectionPool?: {
|
|
/**
|
|
* HTTP connection pool settings.
|
|
*/
|
|
http?: {
|
|
/**
|
|
* Specify if http1.1 connection should be upgraded to http2 for the associated destination.
|
|
*
|
|
* Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE
|
|
*/
|
|
h2UpgradePolicy?: string;
|
|
/**
|
|
* Maximum number of requests that will be queued while waiting for a ready connection pool connection.
|
|
*/
|
|
http1MaxPendingRequests?: number;
|
|
/**
|
|
* Maximum number of active requests to a destination.
|
|
*/
|
|
http2MaxRequests?: number;
|
|
/**
|
|
* The idle timeout for upstream connection pool connections.
|
|
*/
|
|
idleTimeout?: string;
|
|
/**
|
|
* The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection.
|
|
*/
|
|
maxConcurrentStreams?: number;
|
|
/**
|
|
* Maximum number of requests per connection to a backend.
|
|
*/
|
|
maxRequestsPerConnection?: number;
|
|
/**
|
|
* Maximum number of retries that can be outstanding to all hosts in a cluster at a given time.
|
|
*/
|
|
maxRetries?: number;
|
|
/**
|
|
* If set to true, client protocol will be preserved while initiating connection to backend.
|
|
*/
|
|
useClientProtocol?: boolean;
|
|
};
|
|
/**
|
|
* Settings common to both HTTP and TCP upstream connections.
|
|
*/
|
|
tcp?: {
|
|
/**
|
|
* TCP connection timeout.
|
|
*/
|
|
connectTimeout?: string;
|
|
/**
|
|
* The idle timeout for TCP connections.
|
|
*/
|
|
idleTimeout?: string;
|
|
/**
|
|
* The maximum duration of a connection.
|
|
*/
|
|
maxConnectionDuration?: string;
|
|
/**
|
|
* Maximum number of HTTP1 /TCP connections to a destination host.
|
|
*/
|
|
maxConnections?: number;
|
|
/**
|
|
* If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives.
|
|
*/
|
|
tcpKeepalive?: {
|
|
/**
|
|
* The time duration between keep-alive probes.
|
|
*/
|
|
interval?: string;
|
|
/**
|
|
* Maximum number of keepalive probes to send without response before deciding the connection is dead.
|
|
*/
|
|
probes?: number;
|
|
/**
|
|
* The time duration a connection needs to be idle before keep-alive probes start being sent.
|
|
*/
|
|
time?: string;
|
|
};
|
|
};
|
|
};
|
|
/**
|
|
* Settings controlling the load balancer algorithms.
|
|
*/
|
|
loadBalancer?: {
|
|
[k: string]: unknown;
|
|
};
|
|
outlierDetection?: {
|
|
/**
|
|
* Minimum ejection duration.
|
|
*/
|
|
baseEjectionTime?: string;
|
|
/**
|
|
* Number of 5xx errors before a host is ejected from the connection pool.
|
|
*/
|
|
consecutive5xxErrors?: number;
|
|
consecutiveErrors?: number;
|
|
/**
|
|
* Number of gateway errors before a host is ejected from the connection pool.
|
|
*/
|
|
consecutiveGatewayErrors?: number;
|
|
/**
|
|
* The number of consecutive locally originated failures before ejection occurs.
|
|
*/
|
|
consecutiveLocalOriginFailures?: number;
|
|
/**
|
|
* Time interval between ejection sweep analysis.
|
|
*/
|
|
interval?: string;
|
|
/**
|
|
* Maximum % of hosts in the load balancing pool for the upstream service that can be ejected.
|
|
*/
|
|
maxEjectionPercent?: number;
|
|
/**
|
|
* Outlier detection will be enabled as long as the associated load balancing pool has at least `minHealthPercent` hosts in healthy mode.
|
|
*/
|
|
minHealthPercent?: number;
|
|
/**
|
|
* Determines whether to distinguish local origin failures from external errors.
|
|
*/
|
|
splitExternalLocalOriginErrors?: boolean;
|
|
};
|
|
/**
|
|
* Traffic policies specific to individual ports.
|
|
*
|
|
* @maxItems 4096
|
|
*/
|
|
portLevelSettings?: {
|
|
connectionPool?: {
|
|
/**
|
|
* HTTP connection pool settings.
|
|
*/
|
|
http?: {
|
|
/**
|
|
* Specify if http1.1 connection should be upgraded to http2 for the associated destination.
|
|
*
|
|
* Valid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE
|
|
*/
|
|
h2UpgradePolicy?: "DEFAULT" | "DO_NOT_UPGRADE" | "UPGRADE";
|
|
/**
|
|
* Maximum number of requests that will be queued while waiting for a ready connection pool connection.
|
|
*/
|
|
http1MaxPendingRequests?: number;
|
|
/**
|
|
* Maximum number of active requests to a destination.
|
|
*/
|
|
http2MaxRequests?: number;
|
|
/**
|
|
* The idle timeout for upstream connection pool connections.
|
|
*/
|
|
idleTimeout?: string;
|
|
/**
|
|
* The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection.
|
|
*/
|
|
maxConcurrentStreams?: number;
|
|
/**
|
|
* Maximum number of requests per connection to a backend.
|
|
*/
|
|
maxRequestsPerConnection?: number;
|
|
/**
|
|
* Maximum number of retries that can be outstanding to all hosts in a cluster at a given time.
|
|
*/
|
|
maxRetries?: number;
|
|
/**
|
|
* If set to true, client protocol will be preserved while initiating connection to backend.
|
|
*/
|
|
useClientProtocol?: boolean;
|
|
};
|
|
/**
|
|
* Settings common to both HTTP and TCP upstream connections.
|
|
*/
|
|
tcp?: {
|
|
/**
|
|
* TCP connection timeout.
|
|
*/
|
|
connectTimeout?: string;
|
|
/**
|
|
* The idle timeout for TCP connections.
|
|
*/
|
|
idleTimeout?: string;
|
|
/**
|
|
* The maximum duration of a connection.
|
|
*/
|
|
maxConnectionDuration?: string;
|
|
/**
|
|
* Maximum number of HTTP1 /TCP connections to a destination host.
|
|
*/
|
|
maxConnections?: number;
|
|
/**
|
|
* If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives.
|
|
*/
|
|
tcpKeepalive?: {
|
|
/**
|
|
* The time duration between keep-alive probes.
|
|
*/
|
|
interval?: string;
|
|
/**
|
|
* Maximum number of keepalive probes to send without response before deciding the connection is dead.
|
|
*/
|
|
probes?: number;
|
|
/**
|
|
* The time duration a connection needs to be idle before keep-alive probes start being sent.
|
|
*/
|
|
time?: string;
|
|
};
|
|
};
|
|
};
|
|
/**
|
|
* Settings controlling the load balancer algorithms.
|
|
*/
|
|
loadBalancer?: {
|
|
[k: string]: unknown;
|
|
};
|
|
outlierDetection?: {
|
|
/**
|
|
* Minimum ejection duration.
|
|
*/
|
|
baseEjectionTime?: string;
|
|
/**
|
|
* Number of 5xx errors before a host is ejected from the connection pool.
|
|
*/
|
|
consecutive5xxErrors?: number;
|
|
consecutiveErrors?: number;
|
|
/**
|
|
* Number of gateway errors before a host is ejected from the connection pool.
|
|
*/
|
|
consecutiveGatewayErrors?: number;
|
|
/**
|
|
* The number of consecutive locally originated failures before ejection occurs.
|
|
*/
|
|
consecutiveLocalOriginFailures?: number;
|
|
/**
|
|
* Time interval between ejection sweep analysis.
|
|
*/
|
|
interval?: string;
|
|
/**
|
|
* Maximum % of hosts in the load balancing pool for the upstream service that can be ejected.
|
|
*/
|
|
maxEjectionPercent?: number;
|
|
/**
|
|
* Outlier detection will be enabled as long as the associated load balancing pool has at least `minHealthPercent` hosts in healthy mode.
|
|
*/
|
|
minHealthPercent?: number;
|
|
/**
|
|
* Determines whether to distinguish local origin failures from external errors.
|
|
*/
|
|
splitExternalLocalOriginErrors?: boolean;
|
|
};
|
|
/**
|
|
* Specifies the number of a port on the destination service on which this policy is being applied.
|
|
*/
|
|
port?: {
|
|
number?: number;
|
|
};
|
|
/**
|
|
* TLS related settings for connections to the upstream service.
|
|
*/
|
|
tls?: {
|
|
/**
|
|
* OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate.
|
|
*/
|
|
caCertificates?: string;
|
|
/**
|
|
* OPTIONAL: The path to the file containing the certificate revocation list (CRL) to use in verifying a presented server certificate.
|
|
*/
|
|
caCrl?: string;
|
|
/**
|
|
* REQUIRED if mode is `MUTUAL`.
|
|
*/
|
|
clientCertificate?: string;
|
|
/**
|
|
* The name of the secret that holds the TLS certs for the client including the CA certificates.
|
|
*/
|
|
credentialName?: string;
|
|
/**
|
|
* `insecureSkipVerify` specifies whether the proxy should skip verifying the CA signature and SAN for the server certificate corresponding to the host.
|
|
*/
|
|
insecureSkipVerify?: boolean;
|
|
/**
|
|
* Indicates whether connections to this port should be secured using TLS.
|
|
*
|
|
* Valid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL
|
|
*/
|
|
mode?: "DISABLE" | "SIMPLE" | "MUTUAL" | "ISTIO_MUTUAL";
|
|
/**
|
|
* REQUIRED if mode is `MUTUAL`.
|
|
*/
|
|
privateKey?: string;
|
|
/**
|
|
* SNI string to present to the server during TLS handshake.
|
|
*/
|
|
sni?: string;
|
|
/**
|
|
* A list of alternate names to verify the subject identity in the certificate.
|
|
*/
|
|
subjectAltNames?: string[];
|
|
};
|
|
}[];
|
|
/**
|
|
* The upstream PROXY protocol settings.
|
|
*/
|
|
proxyProtocol?: {
|
|
/**
|
|
* The PROXY protocol version to use.
|
|
*
|
|
* Valid Options: V1, V2
|
|
*/
|
|
version?: string;
|
|
};
|
|
/**
|
|
* TLS related settings for connections to the upstream service.
|
|
*/
|
|
tls?: {
|
|
/**
|
|
* OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate.
|
|
*/
|
|
caCertificates?: string;
|
|
/**
|
|
* OPTIONAL: The path to the file containing the certificate revocation list (CRL) to use in verifying a presented server certificate.
|
|
*/
|
|
caCrl?: string;
|
|
/**
|
|
* REQUIRED if mode is `MUTUAL`.
|
|
*/
|
|
clientCertificate?: string;
|
|
/**
|
|
* The name of the secret that holds the TLS certs for the client including the CA certificates.
|
|
*/
|
|
credentialName?: string;
|
|
/**
|
|
* `insecureSkipVerify` specifies whether the proxy should skip verifying the CA signature and SAN for the server certificate corresponding to the host.
|
|
*/
|
|
insecureSkipVerify?: boolean;
|
|
/**
|
|
* Indicates whether connections to this port should be secured using TLS.
|
|
*
|
|
* Valid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL
|
|
*/
|
|
mode?: string;
|
|
/**
|
|
* REQUIRED if mode is `MUTUAL`.
|
|
*/
|
|
privateKey?: string;
|
|
/**
|
|
* SNI string to present to the server during TLS handshake.
|
|
*/
|
|
sni?: string;
|
|
/**
|
|
* A list of alternate names to verify the subject identity in the certificate.
|
|
*/
|
|
subjectAltNames?: string[];
|
|
};
|
|
/**
|
|
* Configuration of tunneling TCP over other transport or application layers for the host configured in the DestinationRule.
|
|
*/
|
|
tunnel?: {
|
|
/**
|
|
* Specifies which protocol to use for tunneling the downstream connection.
|
|
*/
|
|
protocol?: string;
|
|
/**
|
|
* Specifies a host to which the downstream connection is tunneled.
|
|
*/
|
|
targetHost: string;
|
|
/**
|
|
* Specifies a port to which the downstream connection is tunneled.
|
|
*/
|
|
targetPort: number;
|
|
};
|
|
};
|
|
/**
|
|
* Criteria used to select the specific set of pods/VMs on which this `DestinationRule` configuration should be applied.
|
|
*/
|
|
workloadSelector?: {
|
|
/**
|
|
* One or more labels that indicate a specific set of pods/VMs on which a policy should be applied.
|
|
*/
|
|
matchLabels?: {
|
|
[k: string]: string;
|
|
};
|
|
};
|
|
};
|
|
status?: {
|
|
/**
|
|
* Current service state of the resource.
|
|
*/
|
|
conditions?: {
|
|
/**
|
|
* Last time we probed the condition.
|
|
*/
|
|
lastProbeTime?: string;
|
|
/**
|
|
* Last time the condition transitioned from one status to another.
|
|
*/
|
|
lastTransitionTime?: string;
|
|
/**
|
|
* Human-readable message indicating details about last transition.
|
|
*/
|
|
message?: string;
|
|
/**
|
|
* Unique, one-word, CamelCase reason for the condition's last transition.
|
|
*/
|
|
reason?: string;
|
|
/**
|
|
* Status is the status of the condition.
|
|
*/
|
|
status?: string;
|
|
/**
|
|
* Type is the type of the condition.
|
|
*/
|
|
type?: string;
|
|
}[];
|
|
/**
|
|
* Resource Generation to which the Reconciled Condition refers.
|
|
*/
|
|
observedGeneration?: number | string;
|
|
/**
|
|
* Includes any errors or warnings detected by Istio's analyzers.
|
|
*/
|
|
validationMessages?: {
|
|
/**
|
|
* A url pointing to the Istio documentation for this specific error type.
|
|
*/
|
|
documentationUrl?: string;
|
|
/**
|
|
* Represents how severe a message is.
|
|
*
|
|
* Valid Options: UNKNOWN, ERROR, WARNING, INFO
|
|
*/
|
|
level?: "UNKNOWN" | "ERROR" | "WARNING" | "INFO";
|
|
type?: {
|
|
/**
|
|
* A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.
|
|
*/
|
|
code?: string;
|
|
/**
|
|
* A human-readable name for the message type.
|
|
*/
|
|
name?: string;
|
|
};
|
|
}[];
|
|
};
|
|
}
|