diff --git a/buf.gen.yaml b/buf.gen.yaml index cb0269d7691..3d6e89d2e33 100644 --- a/buf.gen.yaml +++ b/buf.gen.yaml @@ -18,6 +18,9 @@ plugins: - name: golang-jsonshim out: . opt: paths=source_relative +- name: alias + out: . + opt: paths=source_relative - name: docs out: . opt: warnings=false,dictionary=./dictionaries/en-US,custom_word_list=./dictionaries/custom.txt,per_file=true,mode=html_fragment_with_front_matter diff --git a/gen.sh b/gen.sh index 06350755268..592ae0e519a 100755 --- a/gen.sh +++ b/gen.sh @@ -16,9 +16,6 @@ set -eu -# Sync API versions -scripts/sync.sh - # Generate all protos buf generate \ --path networking \ diff --git a/networking/v1/destination_rule.pb.go b/networking/v1/destination_rule.pb.go deleted file mode 100644 index 9446d21e5c8..00000000000 --- a/networking/v1/destination_rule.pb.go +++ /dev/null @@ -1,3375 +0,0 @@ -// Copyright 2020 Istio Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.33.0 -// protoc (unknown) -// source: networking/v1/destination_rule.proto - -// $schema: istio.networking.v1.DestinationRule -// $title: Destination Rule -// $description: Configuration affecting load balancing, outlier detection, etc. -// $location: https://istio.io/docs/reference/config/networking/destination-rule.html -// $aliases: [/docs/reference/config/networking/v1/destination-rule] -// $mode: none - -// `DestinationRule` defines policies that apply to traffic intended for a -// service after routing has occurred. These rules specify configuration -// for load balancing, connection pool size from the sidecar, and outlier -// detection settings to detect and evict unhealthy hosts from the load -// balancing pool. For example, a simple load balancing policy for the -// ratings service would look as follows: -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: DestinationRule -// metadata: -// name: bookinfo-ratings -// spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// loadBalancer: -// simple: LEAST_REQUEST -// ``` -// -// Version specific policies can be specified by defining a named -// `subset` and overriding the settings specified at the service level. The -// following rule uses a round robin load balancing policy for all traffic -// going to a subset named testversion that is composed of endpoints (e.g., -// pods) with labels (version:v3). -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: DestinationRule -// metadata: -// name: bookinfo-ratings -// spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// loadBalancer: -// simple: LEAST_REQUEST -// subsets: -// - name: testversion -// labels: -// version: v3 -// trafficPolicy: -// loadBalancer: -// simple: ROUND_ROBIN -// ``` -// -// **Note:** Policies specified for subsets will not take effect until -// a route rule explicitly sends traffic to this subset. -// -// Traffic policies can be customized to specific ports as well. The -// following rule uses the least connection load balancing policy for all -// traffic to port 80, while uses a round robin load balancing setting for -// traffic to the port 9080. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: DestinationRule -// metadata: -// name: bookinfo-ratings-port -// spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: # Apply to all ports -// portLevelSettings: -// - port: -// number: 80 -// loadBalancer: -// simple: LEAST_REQUEST -// - port: -// number: 9080 -// loadBalancer: -// simple: ROUND_ROBIN -// ``` - -package v1 - -import ( - duration "github.com/golang/protobuf/ptypes/duration" - wrappers "github.com/golang/protobuf/ptypes/wrappers" - _ "google.golang.org/genproto/googleapis/api/annotations" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - v1beta1 "istio.io/api/type/v1beta1" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type TrafficPolicy_ProxyProtocol_VERSION int32 - -const ( - // ⁣PROXY protocol version 1. Human readable format. - TrafficPolicy_ProxyProtocol_V1 TrafficPolicy_ProxyProtocol_VERSION = 0 - // ⁣PROXY protocol version 2. Binary format. - TrafficPolicy_ProxyProtocol_V2 TrafficPolicy_ProxyProtocol_VERSION = 1 -) - -// Enum value maps for TrafficPolicy_ProxyProtocol_VERSION. -var ( - TrafficPolicy_ProxyProtocol_VERSION_name = map[int32]string{ - 0: "V1", - 1: "V2", - } - TrafficPolicy_ProxyProtocol_VERSION_value = map[string]int32{ - "V1": 0, - "V2": 1, - } -) - -func (x TrafficPolicy_ProxyProtocol_VERSION) Enum() *TrafficPolicy_ProxyProtocol_VERSION { - p := new(TrafficPolicy_ProxyProtocol_VERSION) - *p = x - return p -} - -func (x TrafficPolicy_ProxyProtocol_VERSION) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (TrafficPolicy_ProxyProtocol_VERSION) Descriptor() protoreflect.EnumDescriptor { - return file_networking_v1_destination_rule_proto_enumTypes[0].Descriptor() -} - -func (TrafficPolicy_ProxyProtocol_VERSION) Type() protoreflect.EnumType { - return &file_networking_v1_destination_rule_proto_enumTypes[0] -} - -func (x TrafficPolicy_ProxyProtocol_VERSION) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use TrafficPolicy_ProxyProtocol_VERSION.Descriptor instead. -func (TrafficPolicy_ProxyProtocol_VERSION) EnumDescriptor() ([]byte, []int) { - return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{1, 2, 0} -} - -// Standard load balancing algorithms that require no tuning. -type LoadBalancerSettings_SimpleLB int32 - -const ( - // No load balancing algorithm has been specified by the user. Istio - // will select an appropriate default. - LoadBalancerSettings_UNSPECIFIED LoadBalancerSettings_SimpleLB = 0 - // Deprecated. Use LEAST_REQUEST instead. - // - // Deprecated: Marked as deprecated in networking/v1/destination_rule.proto. - LoadBalancerSettings_LEAST_CONN LoadBalancerSettings_SimpleLB = 1 - // The random load balancer selects a random healthy host. The random - // load balancer generally performs better than round robin if no health - // checking policy is configured. - LoadBalancerSettings_RANDOM LoadBalancerSettings_SimpleLB = 2 - // This option will forward the connection to the original IP address - // requested by the caller without doing any form of load - // balancing. This option must be used with care. It is meant for - // advanced use cases. Refer to Original Destination load balancer in - // Envoy for further details. - LoadBalancerSettings_PASSTHROUGH LoadBalancerSettings_SimpleLB = 3 - // A basic round robin load balancing policy. This is generally unsafe - // for many scenarios (e.g. when endpoint weighting is used) as it can - // overburden endpoints. In general, prefer to use LEAST_REQUEST as a - // drop-in replacement for ROUND_ROBIN. - LoadBalancerSettings_ROUND_ROBIN LoadBalancerSettings_SimpleLB = 4 - // The least request load balancer spreads load across endpoints, favoring - // endpoints with the least outstanding requests. This is generally safer - // and outperforms ROUND_ROBIN in nearly all cases. Prefer to use - // LEAST_REQUEST as a drop-in replacement for ROUND_ROBIN. - LoadBalancerSettings_LEAST_REQUEST LoadBalancerSettings_SimpleLB = 5 -) - -// Enum value maps for LoadBalancerSettings_SimpleLB. -var ( - LoadBalancerSettings_SimpleLB_name = map[int32]string{ - 0: "UNSPECIFIED", - 1: "LEAST_CONN", - 2: "RANDOM", - 3: "PASSTHROUGH", - 4: "ROUND_ROBIN", - 5: "LEAST_REQUEST", - } - LoadBalancerSettings_SimpleLB_value = map[string]int32{ - "UNSPECIFIED": 0, - "LEAST_CONN": 1, - "RANDOM": 2, - "PASSTHROUGH": 3, - "ROUND_ROBIN": 4, - "LEAST_REQUEST": 5, - } -) - -func (x LoadBalancerSettings_SimpleLB) Enum() *LoadBalancerSettings_SimpleLB { - p := new(LoadBalancerSettings_SimpleLB) - *p = x - return p -} - -func (x LoadBalancerSettings_SimpleLB) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (LoadBalancerSettings_SimpleLB) Descriptor() protoreflect.EnumDescriptor { - return file_networking_v1_destination_rule_proto_enumTypes[1].Descriptor() -} - -func (LoadBalancerSettings_SimpleLB) Type() protoreflect.EnumType { - return &file_networking_v1_destination_rule_proto_enumTypes[1] -} - -func (x LoadBalancerSettings_SimpleLB) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use LoadBalancerSettings_SimpleLB.Descriptor instead. -func (LoadBalancerSettings_SimpleLB) EnumDescriptor() ([]byte, []int) { - return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{3, 0} -} - -// Policy for upgrading http1.1 connections to http2. -type ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy int32 - -const ( - // Use the global default. - ConnectionPoolSettings_HTTPSettings_DEFAULT ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy = 0 - // Do not upgrade the connection to http2. - // This opt-out option overrides the default. - ConnectionPoolSettings_HTTPSettings_DO_NOT_UPGRADE ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy = 1 - // Upgrade the connection to http2. - // This opt-in option overrides the default. - ConnectionPoolSettings_HTTPSettings_UPGRADE ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy = 2 -) - -// Enum value maps for ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy. -var ( - ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy_name = map[int32]string{ - 0: "DEFAULT", - 1: "DO_NOT_UPGRADE", - 2: "UPGRADE", - } - ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy_value = map[string]int32{ - "DEFAULT": 0, - "DO_NOT_UPGRADE": 1, - "UPGRADE": 2, - } -) - -func (x ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy) Enum() *ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy { - p := new(ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy) - *p = x - return p -} - -func (x ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy) Descriptor() protoreflect.EnumDescriptor { - return file_networking_v1_destination_rule_proto_enumTypes[2].Descriptor() -} - -func (ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy) Type() protoreflect.EnumType { - return &file_networking_v1_destination_rule_proto_enumTypes[2] -} - -func (x ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy.Descriptor instead. -func (ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy) EnumDescriptor() ([]byte, []int) { - return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{4, 1, 0} -} - -// TLS connection mode -type ClientTLSSettings_TLSmode int32 - -const ( - // Do not setup a TLS connection to the upstream endpoint. - ClientTLSSettings_DISABLE ClientTLSSettings_TLSmode = 0 - // Originate a TLS connection to the upstream endpoint. - ClientTLSSettings_SIMPLE ClientTLSSettings_TLSmode = 1 - // Secure connections to the upstream using mutual TLS by presenting - // client certificates for authentication. - ClientTLSSettings_MUTUAL ClientTLSSettings_TLSmode = 2 - // Secure connections to the upstream using mutual TLS by presenting - // client certificates for authentication. - // Compared to Mutual mode, this mode uses certificates generated - // automatically by Istio for mTLS authentication. When this mode is - // used, all other fields in `ClientTLSSettings` should be empty. - ClientTLSSettings_ISTIO_MUTUAL ClientTLSSettings_TLSmode = 3 -) - -// Enum value maps for ClientTLSSettings_TLSmode. -var ( - ClientTLSSettings_TLSmode_name = map[int32]string{ - 0: "DISABLE", - 1: "SIMPLE", - 2: "MUTUAL", - 3: "ISTIO_MUTUAL", - } - ClientTLSSettings_TLSmode_value = map[string]int32{ - "DISABLE": 0, - "SIMPLE": 1, - "MUTUAL": 2, - "ISTIO_MUTUAL": 3, - } -) - -func (x ClientTLSSettings_TLSmode) Enum() *ClientTLSSettings_TLSmode { - p := new(ClientTLSSettings_TLSmode) - *p = x - return p -} - -func (x ClientTLSSettings_TLSmode) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (ClientTLSSettings_TLSmode) Descriptor() protoreflect.EnumDescriptor { - return file_networking_v1_destination_rule_proto_enumTypes[3].Descriptor() -} - -func (ClientTLSSettings_TLSmode) Type() protoreflect.EnumType { - return &file_networking_v1_destination_rule_proto_enumTypes[3] -} - -func (x ClientTLSSettings_TLSmode) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use ClientTLSSettings_TLSmode.Descriptor instead. -func (ClientTLSSettings_TLSmode) EnumDescriptor() ([]byte, []int) { - return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{6, 0} -} - -// DestinationRule defines policies that apply to traffic intended for a service -// after routing has occurred. -// -// -// -type DestinationRule struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The name of a service from the service registry. Service - // names are looked up from the platform's service registry (e.g., - // Kubernetes services, Consul services, etc.) and from the hosts - // declared by [ServiceEntries](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry). Rules defined for - // services that do not exist in the service registry will be ignored. - // - // *Note for Kubernetes users*: When short names are used (e.g. "reviews" - // instead of "reviews.default.svc.cluster.local"), Istio will interpret - // the short name based on the namespace of the rule, not the service. A - // rule in the "default" namespace containing a host "reviews" will be - // interpreted as "reviews.default.svc.cluster.local", irrespective of - // the actual namespace associated with the reviews service. _To avoid - // potential misconfigurations, it is recommended to always use fully - // qualified domain names over short names._ - // - // Note that the host field applies to both HTTP and TCP services. - Host string `protobuf:"bytes,1,opt,name=host,proto3" json:"host,omitempty"` - // Traffic policies to apply (load balancing policy, connection pool - // sizes, outlier detection). - TrafficPolicy *TrafficPolicy `protobuf:"bytes,2,opt,name=traffic_policy,json=trafficPolicy,proto3" json:"traffic_policy,omitempty"` - // One or more named sets that represent individual versions of a - // service. Traffic policies can be overridden at subset level. - Subsets []*Subset `protobuf:"bytes,3,rep,name=subsets,proto3" json:"subsets,omitempty"` - // A list of namespaces to which this destination rule is exported. - // The resolution of a destination rule to apply to a service occurs in the - // context of a hierarchy of namespaces. Exporting a destination rule allows - // it to be included in the resolution hierarchy for services in - // other namespaces. This feature provides a mechanism for service owners - // and mesh administrators to control the visibility of destination rules - // across namespace boundaries. - // - // If no namespaces are specified then the destination rule is exported to all - // namespaces by default. - // - // The value "." is reserved and defines an export to the same namespace that - // the destination rule is declared in. Similarly, the value "*" is reserved and - // defines an export to all namespaces. - ExportTo []string `protobuf:"bytes,4,rep,name=export_to,json=exportTo,proto3" json:"export_to,omitempty"` - // Criteria used to select the specific set of pods/VMs on which this - // `DestinationRule` configuration should be applied. If specified, the `DestinationRule` - // configuration will be applied only to the workload instances matching the workload selector - // label in the same namespace. Workload selectors do not apply across namespace boundaries. - // If omitted, the `DestinationRule` falls back to its default behavior. - // For example, if specific sidecars need to have egress TLS settings for services outside - // of the mesh, instead of every sidecar in the mesh needing to have the - // configuration (which is the default behaviour), a workload selector can be specified. - WorkloadSelector *v1beta1.WorkloadSelector `protobuf:"bytes,5,opt,name=workload_selector,json=workloadSelector,proto3" json:"workload_selector,omitempty"` -} - -func (x *DestinationRule) Reset() { - *x = DestinationRule{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_destination_rule_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *DestinationRule) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*DestinationRule) ProtoMessage() {} - -func (x *DestinationRule) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_destination_rule_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use DestinationRule.ProtoReflect.Descriptor instead. -func (*DestinationRule) Descriptor() ([]byte, []int) { - return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{0} -} - -func (x *DestinationRule) GetHost() string { - if x != nil { - return x.Host - } - return "" -} - -func (x *DestinationRule) GetTrafficPolicy() *TrafficPolicy { - if x != nil { - return x.TrafficPolicy - } - return nil -} - -func (x *DestinationRule) GetSubsets() []*Subset { - if x != nil { - return x.Subsets - } - return nil -} - -func (x *DestinationRule) GetExportTo() []string { - if x != nil { - return x.ExportTo - } - return nil -} - -func (x *DestinationRule) GetWorkloadSelector() *v1beta1.WorkloadSelector { - if x != nil { - return x.WorkloadSelector - } - return nil -} - -// Traffic policies to apply for a specific destination, across all -// destination ports. See DestinationRule for examples. -type TrafficPolicy struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Settings controlling the load balancer algorithms. - LoadBalancer *LoadBalancerSettings `protobuf:"bytes,1,opt,name=load_balancer,json=loadBalancer,proto3" json:"load_balancer,omitempty"` - // Settings controlling the volume of connections to an upstream service - ConnectionPool *ConnectionPoolSettings `protobuf:"bytes,2,opt,name=connection_pool,json=connectionPool,proto3" json:"connection_pool,omitempty"` - // Settings controlling eviction of unhealthy hosts from the load balancing pool - OutlierDetection *OutlierDetection `protobuf:"bytes,3,opt,name=outlier_detection,json=outlierDetection,proto3" json:"outlier_detection,omitempty"` - // TLS related settings for connections to the upstream service. - Tls *ClientTLSSettings `protobuf:"bytes,4,opt,name=tls,proto3" json:"tls,omitempty"` - // Traffic policies specific to individual ports. Note that port level - // settings will override the destination-level settings. Traffic - // settings specified at the destination-level will not be inherited when - // overridden by port-level settings, i.e. default values will be applied - // to fields omitted in port-level traffic policies. - PortLevelSettings []*TrafficPolicy_PortTrafficPolicy `protobuf:"bytes,5,rep,name=port_level_settings,json=portLevelSettings,proto3" json:"port_level_settings,omitempty"` - // Configuration of tunneling TCP over other transport or application layers - // for the host configured in the DestinationRule. - // Tunnel settings can be applied to TCP or TLS routes and can't be applied to HTTP routes. - Tunnel *TrafficPolicy_TunnelSettings `protobuf:"bytes,6,opt,name=tunnel,proto3" json:"tunnel,omitempty"` - // The upstream PROXY protocol settings. - ProxyProtocol *TrafficPolicy_ProxyProtocol `protobuf:"bytes,7,opt,name=proxy_protocol,json=proxyProtocol,proto3" json:"proxy_protocol,omitempty"` -} - -func (x *TrafficPolicy) Reset() { - *x = TrafficPolicy{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_destination_rule_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *TrafficPolicy) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*TrafficPolicy) ProtoMessage() {} - -func (x *TrafficPolicy) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_destination_rule_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use TrafficPolicy.ProtoReflect.Descriptor instead. -func (*TrafficPolicy) Descriptor() ([]byte, []int) { - return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{1} -} - -func (x *TrafficPolicy) GetLoadBalancer() *LoadBalancerSettings { - if x != nil { - return x.LoadBalancer - } - return nil -} - -func (x *TrafficPolicy) GetConnectionPool() *ConnectionPoolSettings { - if x != nil { - return x.ConnectionPool - } - return nil -} - -func (x *TrafficPolicy) GetOutlierDetection() *OutlierDetection { - if x != nil { - return x.OutlierDetection - } - return nil -} - -func (x *TrafficPolicy) GetTls() *ClientTLSSettings { - if x != nil { - return x.Tls - } - return nil -} - -func (x *TrafficPolicy) GetPortLevelSettings() []*TrafficPolicy_PortTrafficPolicy { - if x != nil { - return x.PortLevelSettings - } - return nil -} - -func (x *TrafficPolicy) GetTunnel() *TrafficPolicy_TunnelSettings { - if x != nil { - return x.Tunnel - } - return nil -} - -func (x *TrafficPolicy) GetProxyProtocol() *TrafficPolicy_ProxyProtocol { - if x != nil { - return x.ProxyProtocol - } - return nil -} - -// A subset of endpoints of a service. Subsets can be used for scenarios -// like A/B testing, or routing to a specific version of a service. Refer -// to [VirtualService](https://istio.io/docs/reference/config/networking/virtual-service/#VirtualService) documentation for examples of using -// subsets in these scenarios. In addition, traffic policies defined at the -// service-level can be overridden at a subset-level. The following rule -// uses a round robin load balancing policy for all traffic going to a -// subset named testversion that is composed of endpoints (e.g., pods) with -// labels (version:v3). -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// -// name: bookinfo-ratings -// -// spec: -// -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// loadBalancer: -// simple: LEAST_REQUEST -// subsets: -// - name: testversion -// labels: -// version: v3 -// trafficPolicy: -// loadBalancer: -// simple: ROUND_ROBIN -// -// ``` -// -// **Note:** Policies specified for subsets will not take effect until -// a route rule explicitly sends traffic to this subset. -// -// One or more labels are typically required to identify the subset destination, -// however, when the corresponding DestinationRule represents a host that -// supports multiple SNI hosts (e.g., an egress gateway), a subset without labels -// may be meaningful. In this case a traffic policy with [ClientTLSSettings](#ClientTLSSettings) -// can be used to identify a specific SNI host corresponding to the named subset. -type Subset struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Name of the subset. The service name and the subset name can - // be used for traffic splitting in a route rule. - Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` - // Labels apply a filter over the endpoints of a service in the - // service registry. See route rules for examples of usage. - Labels map[string]string `protobuf:"bytes,2,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - // Traffic policies that apply to this subset. Subsets inherit the - // traffic policies specified at the DestinationRule level. Settings - // specified at the subset level will override the corresponding settings - // specified at the DestinationRule level. - TrafficPolicy *TrafficPolicy `protobuf:"bytes,3,opt,name=traffic_policy,json=trafficPolicy,proto3" json:"traffic_policy,omitempty"` -} - -func (x *Subset) Reset() { - *x = Subset{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_destination_rule_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Subset) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Subset) ProtoMessage() {} - -func (x *Subset) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_destination_rule_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Subset.ProtoReflect.Descriptor instead. -func (*Subset) Descriptor() ([]byte, []int) { - return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{2} -} - -func (x *Subset) GetName() string { - if x != nil { - return x.Name - } - return "" -} - -func (x *Subset) GetLabels() map[string]string { - if x != nil { - return x.Labels - } - return nil -} - -func (x *Subset) GetTrafficPolicy() *TrafficPolicy { - if x != nil { - return x.TrafficPolicy - } - return nil -} - -// Load balancing policies to apply for a specific destination. See Envoy's -// load balancing -// [documentation](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancing) -// for more details. -// -// For example, the following rule uses a round robin load balancing policy -// for all traffic going to the ratings service. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// -// name: bookinfo-ratings -// -// spec: -// -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// loadBalancer: -// simple: ROUND_ROBIN -// -// ``` -// -// The following example sets up sticky sessions for the ratings service -// hashing-based load balancer for the same ratings service using the -// the User cookie as the hash key. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// -// name: bookinfo-ratings -// -// spec: -// -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// loadBalancer: -// consistentHash: -// httpCookie: -// name: user -// ttl: 0s -// -// ``` -type LoadBalancerSettings struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Upstream load balancing policy. - // - // Types that are assignable to LbPolicy: - // - // *LoadBalancerSettings_Simple - // *LoadBalancerSettings_ConsistentHash - LbPolicy isLoadBalancerSettings_LbPolicy `protobuf_oneof:"lb_policy"` - // Locality load balancer settings, this will override mesh wide settings in entirety, meaning no merging would be performed - // between this object and the object one in MeshConfig - LocalityLbSetting *LocalityLoadBalancerSetting `protobuf:"bytes,3,opt,name=locality_lb_setting,json=localityLbSetting,proto3" json:"locality_lb_setting,omitempty"` - // Represents the warmup duration of Service. If set, the newly created endpoint of service - // remains in warmup mode starting from its creation time for the duration of this window and - // Istio progressively increases amount of traffic for that endpoint instead of sending proportional amount of traffic. - // This should be enabled for services that require warm up time to serve full production load with reasonable latency. - // Please note that this is most effective when few new endpoints come up like scale event in Kubernetes. When all the - // endpoints are relatively new like new deployment, this is not very effective as all endpoints end up getting same - // amount of requests. - // Currently this is only supported for ROUND_ROBIN and LEAST_REQUEST load balancers. - WarmupDurationSecs *duration.Duration `protobuf:"bytes,4,opt,name=warmup_duration_secs,json=warmupDurationSecs,proto3" json:"warmup_duration_secs,omitempty"` -} - -func (x *LoadBalancerSettings) Reset() { - *x = LoadBalancerSettings{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_destination_rule_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *LoadBalancerSettings) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*LoadBalancerSettings) ProtoMessage() {} - -func (x *LoadBalancerSettings) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_destination_rule_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use LoadBalancerSettings.ProtoReflect.Descriptor instead. -func (*LoadBalancerSettings) Descriptor() ([]byte, []int) { - return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{3} -} - -func (m *LoadBalancerSettings) GetLbPolicy() isLoadBalancerSettings_LbPolicy { - if m != nil { - return m.LbPolicy - } - return nil -} - -func (x *LoadBalancerSettings) GetSimple() LoadBalancerSettings_SimpleLB { - if x, ok := x.GetLbPolicy().(*LoadBalancerSettings_Simple); ok { - return x.Simple - } - return LoadBalancerSettings_UNSPECIFIED -} - -func (x *LoadBalancerSettings) GetConsistentHash() *LoadBalancerSettings_ConsistentHashLB { - if x, ok := x.GetLbPolicy().(*LoadBalancerSettings_ConsistentHash); ok { - return x.ConsistentHash - } - return nil -} - -func (x *LoadBalancerSettings) GetLocalityLbSetting() *LocalityLoadBalancerSetting { - if x != nil { - return x.LocalityLbSetting - } - return nil -} - -func (x *LoadBalancerSettings) GetWarmupDurationSecs() *duration.Duration { - if x != nil { - return x.WarmupDurationSecs - } - return nil -} - -type isLoadBalancerSettings_LbPolicy interface { - isLoadBalancerSettings_LbPolicy() -} - -type LoadBalancerSettings_Simple struct { - Simple LoadBalancerSettings_SimpleLB `protobuf:"varint,1,opt,name=simple,proto3,enum=istio.networking.v1.LoadBalancerSettings_SimpleLB,oneof"` -} - -type LoadBalancerSettings_ConsistentHash struct { - ConsistentHash *LoadBalancerSettings_ConsistentHashLB `protobuf:"bytes,2,opt,name=consistent_hash,json=consistentHash,proto3,oneof"` -} - -func (*LoadBalancerSettings_Simple) isLoadBalancerSettings_LbPolicy() {} - -func (*LoadBalancerSettings_ConsistentHash) isLoadBalancerSettings_LbPolicy() {} - -// Connection pool settings for an upstream host. The settings apply to -// each individual host in the upstream service. See Envoy's [circuit -// breaker](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/circuit_breaking) -// for more details. Connection pool settings can be applied at the TCP -// level as well as at HTTP level. -// -// For example, the following rule sets a limit of 100 connections to redis -// service called myredissrv with a connect timeout of 30ms -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// -// name: bookinfo-redis -// -// spec: -// -// host: myredissrv.prod.svc.cluster.local -// trafficPolicy: -// connectionPool: -// tcp: -// maxConnections: 100 -// connectTimeout: 30ms -// tcpKeepalive: -// time: 7200s -// interval: 75s -// -// ``` -type ConnectionPoolSettings struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Settings common to both HTTP and TCP upstream connections. - Tcp *ConnectionPoolSettings_TCPSettings `protobuf:"bytes,1,opt,name=tcp,proto3" json:"tcp,omitempty"` - // HTTP connection pool settings. - Http *ConnectionPoolSettings_HTTPSettings `protobuf:"bytes,2,opt,name=http,proto3" json:"http,omitempty"` -} - -func (x *ConnectionPoolSettings) Reset() { - *x = ConnectionPoolSettings{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_destination_rule_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ConnectionPoolSettings) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ConnectionPoolSettings) ProtoMessage() {} - -func (x *ConnectionPoolSettings) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_destination_rule_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ConnectionPoolSettings.ProtoReflect.Descriptor instead. -func (*ConnectionPoolSettings) Descriptor() ([]byte, []int) { - return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{4} -} - -func (x *ConnectionPoolSettings) GetTcp() *ConnectionPoolSettings_TCPSettings { - if x != nil { - return x.Tcp - } - return nil -} - -func (x *ConnectionPoolSettings) GetHttp() *ConnectionPoolSettings_HTTPSettings { - if x != nil { - return x.Http - } - return nil -} - -// A Circuit breaker implementation that tracks the status of each -// individual host in the upstream service. Applicable to both HTTP and -// TCP services. For HTTP services, hosts that continually return 5xx -// errors for API calls are ejected from the pool for a pre-defined period -// of time. For TCP services, connection timeouts or connection -// failures to a given host counts as an error when measuring the -// consecutive errors metric. See Envoy's [outlier -// detection](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/outlier) -// for more details. -// -// The following rule sets a connection pool size of 100 HTTP1 connections -// with no more than 10 req/connection to the "reviews" service. In addition, -// it sets a limit of 1000 concurrent HTTP2 requests and configures upstream -// hosts to be scanned every 5 mins so that any host that fails 7 consecutive -// times with a 502, 503, or 504 error code will be ejected for 15 minutes. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// -// name: reviews-cb-policy -// -// spec: -// -// host: reviews.prod.svc.cluster.local -// trafficPolicy: -// connectionPool: -// tcp: -// maxConnections: 100 -// http: -// http2MaxRequests: 1000 -// maxRequestsPerConnection: 10 -// outlierDetection: -// consecutive5xxErrors: 7 -// interval: 5m -// baseEjectionTime: 15m -// -// ``` -type OutlierDetection struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Number of errors before a host is ejected from the connection - // pool. Defaults to 5. When the upstream host is accessed over HTTP, a - // 502, 503, or 504 return code qualifies as an error. When the upstream host - // is accessed over an opaque TCP connection, connect timeouts and - // connection error/failure events qualify as an error. - // $hide_from_docs - // - // Deprecated: Marked as deprecated in networking/v1/destination_rule.proto. - ConsecutiveErrors int32 `protobuf:"varint,1,opt,name=consecutive_errors,json=consecutiveErrors,proto3" json:"consecutive_errors,omitempty"` - // Determines whether to distinguish local origin failures from external errors. If set to true - // consecutive_local_origin_failure is taken into account for outlier detection calculations. - // This should be used when you want to derive the outlier detection status based on the errors - // seen locally such as failure to connect, timeout while connecting etc. rather than the status code - // returned by upstream service. This is especially useful when the upstream service explicitly returns - // a 5xx for some requests and you want to ignore those responses from upstream service while determining - // the outlier detection status of a host. - // Defaults to false. - SplitExternalLocalOriginErrors bool `protobuf:"varint,8,opt,name=split_external_local_origin_errors,json=splitExternalLocalOriginErrors,proto3" json:"split_external_local_origin_errors,omitempty"` - // The number of consecutive locally originated failures before ejection - // occurs. Defaults to 5. Parameter takes effect only when split_external_local_origin_errors - // is set to true. - ConsecutiveLocalOriginFailures *wrappers.UInt32Value `protobuf:"bytes,9,opt,name=consecutive_local_origin_failures,json=consecutiveLocalOriginFailures,proto3" json:"consecutive_local_origin_failures,omitempty"` - // Number of gateway errors before a host is ejected from the connection pool. - // When the upstream host is accessed over HTTP, a 502, 503, or 504 return - // code qualifies as a gateway error. When the upstream host is accessed over - // an opaque TCP connection, connect timeouts and connection error/failure - // events qualify as a gateway error. - // This feature is disabled by default or when set to the value 0. - // - // Note that consecutive_gateway_errors and consecutive_5xx_errors can be - // used separately or together. Because the errors counted by - // consecutive_gateway_errors are also included in consecutive_5xx_errors, - // if the value of consecutive_gateway_errors is greater than or equal to - // the value of consecutive_5xx_errors, consecutive_gateway_errors will have - // no effect. - ConsecutiveGatewayErrors *wrappers.UInt32Value `protobuf:"bytes,6,opt,name=consecutive_gateway_errors,json=consecutiveGatewayErrors,proto3" json:"consecutive_gateway_errors,omitempty"` - // Number of 5xx errors before a host is ejected from the connection pool. - // When the upstream host is accessed over an opaque TCP connection, connect - // timeouts, connection error/failure and request failure events qualify as a - // 5xx error. - // This feature defaults to 5 but can be disabled by setting the value to 0. - // - // Note that consecutive_gateway_errors and consecutive_5xx_errors can be - // used separately or together. Because the errors counted by - // consecutive_gateway_errors are also included in consecutive_5xx_errors, - // if the value of consecutive_gateway_errors is greater than or equal to - // the value of consecutive_5xx_errors, consecutive_gateway_errors will have - // no effect. - Consecutive_5XxErrors *wrappers.UInt32Value `protobuf:"bytes,7,opt,name=consecutive_5xx_errors,json=consecutive5xxErrors,proto3" json:"consecutive_5xx_errors,omitempty"` - // Time interval between ejection sweep analysis. format: - // 1h/1m/1s/1ms. MUST BE >=1ms. Default is 10s. - Interval *duration.Duration `protobuf:"bytes,2,opt,name=interval,proto3" json:"interval,omitempty"` - // Minimum ejection duration. A host will remain ejected for a period - // equal to the product of minimum ejection duration and the number of - // times the host has been ejected. This technique allows the system to - // automatically increase the ejection period for unhealthy upstream - // servers. format: 1h/1m/1s/1ms. MUST BE >=1ms. Default is 30s. - BaseEjectionTime *duration.Duration `protobuf:"bytes,3,opt,name=base_ejection_time,json=baseEjectionTime,proto3" json:"base_ejection_time,omitempty"` - // Maximum % of hosts in the load balancing pool for the upstream - // service that can be ejected. Defaults to 10%. - MaxEjectionPercent int32 `protobuf:"varint,4,opt,name=max_ejection_percent,json=maxEjectionPercent,proto3" json:"max_ejection_percent,omitempty"` - // Outlier detection will be enabled as long as the associated load balancing - // pool has at least min_health_percent hosts in healthy mode. When the - // percentage of healthy hosts in the load balancing pool drops below this - // threshold, outlier detection will be disabled and the proxy will load balance - // across all hosts in the pool (healthy and unhealthy). The threshold can be - // disabled by setting it to 0%. The default is 0% as it's not typically - // applicable in k8s environments with few pods per service. - MinHealthPercent int32 `protobuf:"varint,5,opt,name=min_health_percent,json=minHealthPercent,proto3" json:"min_health_percent,omitempty"` -} - -func (x *OutlierDetection) Reset() { - *x = OutlierDetection{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_destination_rule_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *OutlierDetection) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*OutlierDetection) ProtoMessage() {} - -func (x *OutlierDetection) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_destination_rule_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use OutlierDetection.ProtoReflect.Descriptor instead. -func (*OutlierDetection) Descriptor() ([]byte, []int) { - return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{5} -} - -// Deprecated: Marked as deprecated in networking/v1/destination_rule.proto. -func (x *OutlierDetection) GetConsecutiveErrors() int32 { - if x != nil { - return x.ConsecutiveErrors - } - return 0 -} - -func (x *OutlierDetection) GetSplitExternalLocalOriginErrors() bool { - if x != nil { - return x.SplitExternalLocalOriginErrors - } - return false -} - -func (x *OutlierDetection) GetConsecutiveLocalOriginFailures() *wrappers.UInt32Value { - if x != nil { - return x.ConsecutiveLocalOriginFailures - } - return nil -} - -func (x *OutlierDetection) GetConsecutiveGatewayErrors() *wrappers.UInt32Value { - if x != nil { - return x.ConsecutiveGatewayErrors - } - return nil -} - -func (x *OutlierDetection) GetConsecutive_5XxErrors() *wrappers.UInt32Value { - if x != nil { - return x.Consecutive_5XxErrors - } - return nil -} - -func (x *OutlierDetection) GetInterval() *duration.Duration { - if x != nil { - return x.Interval - } - return nil -} - -func (x *OutlierDetection) GetBaseEjectionTime() *duration.Duration { - if x != nil { - return x.BaseEjectionTime - } - return nil -} - -func (x *OutlierDetection) GetMaxEjectionPercent() int32 { - if x != nil { - return x.MaxEjectionPercent - } - return 0 -} - -func (x *OutlierDetection) GetMinHealthPercent() int32 { - if x != nil { - return x.MinHealthPercent - } - return 0 -} - -// SSL/TLS related settings for upstream connections. See Envoy's [TLS -// context](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto.html#common-tls-configuration) -// for more details. These settings are common to both HTTP and TCP upstreams. -// -// For example, the following rule configures a client to use mutual TLS -// for connections to upstream database cluster. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// -// name: db-mtls -// -// spec: -// -// host: mydbserver.prod.svc.cluster.local -// trafficPolicy: -// tls: -// mode: MUTUAL -// clientCertificate: /etc/certs/myclientcert.pem -// privateKey: /etc/certs/client_private_key.pem -// caCertificates: /etc/certs/rootcacerts.pem -// -// ``` -// -// The following rule configures a client to use TLS when talking to a -// foreign service whose domain matches *.foo.com. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// -// name: tls-foo -// -// spec: -// -// host: "*.foo.com" -// trafficPolicy: -// tls: -// mode: SIMPLE -// -// ``` -// -// The following rule configures a client to use Istio mutual TLS when talking -// to rating services. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// -// name: ratings-istio-mtls -// -// spec: -// -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// tls: -// mode: ISTIO_MUTUAL -// -// ``` -type ClientTLSSettings struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Indicates whether connections to this port should be secured - // using TLS. The value of this field determines how TLS is enforced. - Mode ClientTLSSettings_TLSmode `protobuf:"varint,1,opt,name=mode,proto3,enum=istio.networking.v1.ClientTLSSettings_TLSmode" json:"mode,omitempty"` - // REQUIRED if mode is `MUTUAL`. The path to the file holding the - // client-side TLS certificate to use. - // Should be empty if mode is `ISTIO_MUTUAL`. - ClientCertificate string `protobuf:"bytes,2,opt,name=client_certificate,json=clientCertificate,proto3" json:"client_certificate,omitempty"` - // REQUIRED if mode is `MUTUAL`. The path to the file holding the - // client's private key. - // Should be empty if mode is `ISTIO_MUTUAL`. - PrivateKey string `protobuf:"bytes,3,opt,name=private_key,json=privateKey,proto3" json:"private_key,omitempty"` - // OPTIONAL: The path to the file containing certificate authority - // certificates to use in verifying a presented server certificate. If - // omitted, the proxy will verify the server's certificate using - // the OS CA certificates. - // Should be empty if mode is `ISTIO_MUTUAL`. - CaCertificates string `protobuf:"bytes,4,opt,name=ca_certificates,json=caCertificates,proto3" json:"ca_certificates,omitempty"` - // The name of the secret that holds the TLS certs for the - // client including the CA certificates. This secret must exist in - // the namespace of the proxy using the certificates. - // An Opaque secret should contain the following keys and values: - // `key: `, `cert: `, `cacert: `, - // `crl: ` - // Here CACertificate is used to verify the server certificate. - // For mutual TLS, `cacert: ` can be provided in the - // same secret or a separate secret named `-cacert`. - // A TLS secret for client certificates with an additional - // `ca.crt` key for CA certificates and `ca.crl` key for - // certificate revocation list(CRL) is also supported. - // Only one of client certificates and CA certificate - // or credentialName can be specified. - // - // **NOTE:** This field is applicable at sidecars only if - // `DestinationRule` has a `workloadSelector` specified. - // Otherwise the field will be applicable only at gateways, and - // sidecars will continue to use the certificate paths. - CredentialName string `protobuf:"bytes,7,opt,name=credential_name,json=credentialName,proto3" json:"credential_name,omitempty"` - // A list of alternate names to verify the subject identity in the - // certificate. If specified, the proxy will verify that the server - // certificate's subject alt name matches one of the specified values. - // If specified, this list overrides the value of subject_alt_names - // from the ServiceEntry. If unspecified, automatic validation of upstream - // presented certificate for new upstream connections will be done based on the - // downstream HTTP host/authority header. - SubjectAltNames []string `protobuf:"bytes,5,rep,name=subject_alt_names,json=subjectAltNames,proto3" json:"subject_alt_names,omitempty"` - // SNI string to present to the server during TLS handshake. - // If unspecified, SNI will be automatically set based on downstream HTTP - // host/authority header for SIMPLE and MUTUAL TLS modes. - Sni string `protobuf:"bytes,6,opt,name=sni,proto3" json:"sni,omitempty"` - // `insecureSkipVerify` specifies whether the proxy should skip verifying the - // CA signature and SAN for the server certificate corresponding to the host. - // The default value of this field is false. - InsecureSkipVerify *wrappers.BoolValue `protobuf:"bytes,8,opt,name=insecure_skip_verify,json=insecureSkipVerify,proto3" json:"insecure_skip_verify,omitempty"` - // OPTIONAL: The path to the file containing the certificate revocation list (CRL) - // to use in verifying a presented server certificate. `CRL` is a list of certificates - // that have been revoked by the CA (Certificate Authority) before their scheduled expiration date. - // If specified, the proxy will verify if the presented certificate is part of the revoked list of certificates. - // If omitted, the proxy will not verify the certificate against the `crl`. - CaCrl string `protobuf:"bytes,9,opt,name=ca_crl,json=caCrl,proto3" json:"ca_crl,omitempty"` -} - -func (x *ClientTLSSettings) Reset() { - *x = ClientTLSSettings{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_destination_rule_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ClientTLSSettings) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ClientTLSSettings) ProtoMessage() {} - -func (x *ClientTLSSettings) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_destination_rule_proto_msgTypes[6] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ClientTLSSettings.ProtoReflect.Descriptor instead. -func (*ClientTLSSettings) Descriptor() ([]byte, []int) { - return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{6} -} - -func (x *ClientTLSSettings) GetMode() ClientTLSSettings_TLSmode { - if x != nil { - return x.Mode - } - return ClientTLSSettings_DISABLE -} - -func (x *ClientTLSSettings) GetClientCertificate() string { - if x != nil { - return x.ClientCertificate - } - return "" -} - -func (x *ClientTLSSettings) GetPrivateKey() string { - if x != nil { - return x.PrivateKey - } - return "" -} - -func (x *ClientTLSSettings) GetCaCertificates() string { - if x != nil { - return x.CaCertificates - } - return "" -} - -func (x *ClientTLSSettings) GetCredentialName() string { - if x != nil { - return x.CredentialName - } - return "" -} - -func (x *ClientTLSSettings) GetSubjectAltNames() []string { - if x != nil { - return x.SubjectAltNames - } - return nil -} - -func (x *ClientTLSSettings) GetSni() string { - if x != nil { - return x.Sni - } - return "" -} - -func (x *ClientTLSSettings) GetInsecureSkipVerify() *wrappers.BoolValue { - if x != nil { - return x.InsecureSkipVerify - } - return nil -} - -func (x *ClientTLSSettings) GetCaCrl() string { - if x != nil { - return x.CaCrl - } - return "" -} - -// Locality-weighted load balancing allows administrators to control the -// distribution of traffic to endpoints based on the localities of where the -// traffic originates and where it will terminate. These localities are -// specified using arbitrary labels that designate a hierarchy of localities in -// {region}/{zone}/{sub-zone} form. For additional detail refer to -// [Locality Weight](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/locality_weight) -// The following example shows how to setup locality weights mesh-wide. -// -// Given a mesh with workloads and their service deployed to "us-west/zone1/*" -// and "us-west/zone2/*". This example specifies that when traffic accessing a -// service originates from workloads in "us-west/zone1/*", 80% of the traffic -// will be sent to endpoints in "us-west/zone1/*", i.e the same zone, and the -// remaining 20% will go to endpoints in "us-west/zone2/*". This setup is -// intended to favor routing traffic to endpoints in the same locality. -// A similar setting is specified for traffic originating in "us-west/zone2/*". -// -// ```yaml -// -// distribute: -// - from: us-west/zone1/* -// to: -// "us-west/zone1/*": 80 -// "us-west/zone2/*": 20 -// - from: us-west/zone2/* -// to: -// "us-west/zone1/*": 20 -// "us-west/zone2/*": 80 -// -// ``` -// -// If the goal of the operator is not to distribute load across zones and -// regions but rather to restrict the regionality of failover to meet other -// operational requirements an operator can set a 'failover' policy instead of -// a 'distribute' policy. -// -// The following example sets up a locality failover policy for regions. -// Assume a service resides in zones within us-east, us-west & eu-west -// this example specifies that when endpoints within us-east become unhealthy -// traffic should failover to endpoints in any zone or sub-zone within eu-west -// and similarly us-west should failover to us-east. -// -// ```yaml -// -// failover: -// - from: us-east -// to: eu-west -// - from: us-west -// to: us-east -// -// ``` -// Locality load balancing settings. -type LocalityLoadBalancerSetting struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Optional: only one of distribute, failover or failoverPriority can be set. - // Explicitly specify loadbalancing weight across different zones and geographical locations. - // Refer to [Locality weighted load balancing](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/locality_weight) - // If empty, the locality weight is set according to the endpoints number within it. - Distribute []*LocalityLoadBalancerSetting_Distribute `protobuf:"bytes,1,rep,name=distribute,proto3" json:"distribute,omitempty"` - // Optional: only one of distribute, failover or failoverPriority can be set. - // Explicitly specify the region traffic will land on when endpoints in local region becomes unhealthy. - // Should be used together with OutlierDetection to detect unhealthy endpoints. - // Note: if no OutlierDetection specified, this will not take effect. - Failover []*LocalityLoadBalancerSetting_Failover `protobuf:"bytes,2,rep,name=failover,proto3" json:"failover,omitempty"` - // failoverPriority is an ordered list of labels used to sort endpoints to do priority based load balancing. - // This is to support traffic failover across different groups of endpoints. - // Two kinds of labels can be specified: - // - // - Specify only label keys `[key1, key2, key3]`, istio would compare the label values of client with endpoints. - // Suppose there are total N label keys `[key1, key2, key3, ...keyN]` specified: - // - // 1. Endpoints matching all N labels with the client proxy have priority P(0) i.e. the highest priority. - // 2. Endpoints matching the first N-1 labels with the client proxy have priority P(1) i.e. second highest priority. - // 3. By extension of this logic, endpoints matching only the first label with the client proxy has priority P(N-1) i.e. second lowest priority. - // 4. All the other endpoints have priority P(N) i.e. lowest priority. - // - // - Specify labels with key and value `[key1=value1, key2=value2, key3=value3]`, istio would compare the labels with endpoints. - // Suppose there are total N labels `[key1=value1, key2=value2, key3=value3, ...keyN=valueN]` specified: - // - // 1. Endpoints matching all N labels have priority P(0) i.e. the highest priority. - // 2. Endpoints matching the first N-1 labels have priority P(1) i.e. second highest priority. - // 3. By extension of this logic, endpoints matching only the first label has priority P(N-1) i.e. second lowest priority. - // 4. All the other endpoints have priority P(N) i.e. lowest priority. - // - // Note: For a label to be considered for match, the previous labels must match, i.e. nth label would be considered matched only if first n-1 labels match. - // - // It can be any label specified on both client and server workloads. - // The following labels which have special semantic meaning are also supported: - // - // - `topology.istio.io/network` is used to match the network metadata of an endpoint, which can be specified by pod/namespace label `topology.istio.io/network`, sidecar env `ISTIO_META_NETWORK` or MeshNetworks. - // - `topology.istio.io/cluster` is used to match the clusterID of an endpoint, which can be specified by pod label `topology.istio.io/cluster` or pod env `ISTIO_META_CLUSTER_ID`. - // - `topology.kubernetes.io/region` is used to match the region metadata of an endpoint, which maps to Kubernetes node label `topology.kubernetes.io/region` or the deprecated label `failure-domain.beta.kubernetes.io/region`. - // - `topology.kubernetes.io/zone` is used to match the zone metadata of an endpoint, which maps to Kubernetes node label `topology.kubernetes.io/zone` or the deprecated label `failure-domain.beta.kubernetes.io/zone`. - // - `topology.istio.io/subzone` is used to match the subzone metadata of an endpoint, which maps to Istio node label `topology.istio.io/subzone`. - // - `kubernetes.io/hostname` is used to match the current node of an endpoint, which maps to Kubernetes node label `kubernetes.io/hostname`. - // - // The below topology config indicates the following priority levels: - // - // ```yaml - // failoverPriority: - // - "topology.istio.io/network" - // - "topology.kubernetes.io/region" - // - "topology.kubernetes.io/zone" - // - "topology.istio.io/subzone" - // ``` - // - // 1. endpoints match same [network, region, zone, subzone] label with the client proxy have the highest priority. - // 2. endpoints have same [network, region, zone] label but different [subzone] label with the client proxy have the second highest priority. - // 3. endpoints have same [network, region] label but different [zone] label with the client proxy have the third highest priority. - // 4. endpoints have same [network] but different [region] labels with the client proxy have the fourth highest priority. - // 5. all the other endpoints have the same lowest priority. - // - // Suppose a service associated endpoints reside in multi clusters, the below example represents: - // 1. endpoints in `clusterA` and has `version=v1` label have P(0) priority. - // 2. endpoints not in `clusterA` but has `version=v1` label have P(1) priority. - // 2. all the other endpoints have P(2) priority. - // - // ```yaml - // failoverPriority: - // - "version=v1" - // - "topology.istio.io/cluster=clusterA" - // ``` - // - // Optional: only one of distribute, failover or failoverPriority can be set. - // And it should be used together with `OutlierDetection` to detect unhealthy endpoints, otherwise has no effect. - FailoverPriority []string `protobuf:"bytes,4,rep,name=failover_priority,json=failoverPriority,proto3" json:"failover_priority,omitempty"` - // enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety. - // e.g. true means that turn on locality load balancing for this DestinationRule no matter what mesh wide settings is. - Enabled *wrappers.BoolValue `protobuf:"bytes,3,opt,name=enabled,proto3" json:"enabled,omitempty"` -} - -func (x *LocalityLoadBalancerSetting) Reset() { - *x = LocalityLoadBalancerSetting{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_destination_rule_proto_msgTypes[7] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *LocalityLoadBalancerSetting) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*LocalityLoadBalancerSetting) ProtoMessage() {} - -func (x *LocalityLoadBalancerSetting) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_destination_rule_proto_msgTypes[7] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use LocalityLoadBalancerSetting.ProtoReflect.Descriptor instead. -func (*LocalityLoadBalancerSetting) Descriptor() ([]byte, []int) { - return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{7} -} - -func (x *LocalityLoadBalancerSetting) GetDistribute() []*LocalityLoadBalancerSetting_Distribute { - if x != nil { - return x.Distribute - } - return nil -} - -func (x *LocalityLoadBalancerSetting) GetFailover() []*LocalityLoadBalancerSetting_Failover { - if x != nil { - return x.Failover - } - return nil -} - -func (x *LocalityLoadBalancerSetting) GetFailoverPriority() []string { - if x != nil { - return x.FailoverPriority - } - return nil -} - -func (x *LocalityLoadBalancerSetting) GetEnabled() *wrappers.BoolValue { - if x != nil { - return x.Enabled - } - return nil -} - -// Traffic policies that apply to specific ports of the service -type TrafficPolicy_PortTrafficPolicy struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Specifies the number of a port on the destination service - // on which this policy is being applied. - Port *PortSelector `protobuf:"bytes,1,opt,name=port,proto3" json:"port,omitempty"` - // Settings controlling the load balancer algorithms. - LoadBalancer *LoadBalancerSettings `protobuf:"bytes,2,opt,name=load_balancer,json=loadBalancer,proto3" json:"load_balancer,omitempty"` - // Settings controlling the volume of connections to an upstream service - ConnectionPool *ConnectionPoolSettings `protobuf:"bytes,3,opt,name=connection_pool,json=connectionPool,proto3" json:"connection_pool,omitempty"` - // Settings controlling eviction of unhealthy hosts from the load balancing pool - OutlierDetection *OutlierDetection `protobuf:"bytes,4,opt,name=outlier_detection,json=outlierDetection,proto3" json:"outlier_detection,omitempty"` - // TLS related settings for connections to the upstream service. - Tls *ClientTLSSettings `protobuf:"bytes,5,opt,name=tls,proto3" json:"tls,omitempty"` -} - -func (x *TrafficPolicy_PortTrafficPolicy) Reset() { - *x = TrafficPolicy_PortTrafficPolicy{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_destination_rule_proto_msgTypes[8] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *TrafficPolicy_PortTrafficPolicy) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*TrafficPolicy_PortTrafficPolicy) ProtoMessage() {} - -func (x *TrafficPolicy_PortTrafficPolicy) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_destination_rule_proto_msgTypes[8] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use TrafficPolicy_PortTrafficPolicy.ProtoReflect.Descriptor instead. -func (*TrafficPolicy_PortTrafficPolicy) Descriptor() ([]byte, []int) { - return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{1, 0} -} - -func (x *TrafficPolicy_PortTrafficPolicy) GetPort() *PortSelector { - if x != nil { - return x.Port - } - return nil -} - -func (x *TrafficPolicy_PortTrafficPolicy) GetLoadBalancer() *LoadBalancerSettings { - if x != nil { - return x.LoadBalancer - } - return nil -} - -func (x *TrafficPolicy_PortTrafficPolicy) GetConnectionPool() *ConnectionPoolSettings { - if x != nil { - return x.ConnectionPool - } - return nil -} - -func (x *TrafficPolicy_PortTrafficPolicy) GetOutlierDetection() *OutlierDetection { - if x != nil { - return x.OutlierDetection - } - return nil -} - -func (x *TrafficPolicy_PortTrafficPolicy) GetTls() *ClientTLSSettings { - if x != nil { - return x.Tls - } - return nil -} - -type TrafficPolicy_TunnelSettings struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Specifies which protocol to use for tunneling the downstream connection. - // Supported protocols are: - // - // CONNECT - uses HTTP CONNECT; - // POST - uses HTTP POST. - // - // CONNECT is used by default if not specified. - // HTTP version for upstream requests is determined by the service protocol defined for the proxy. - Protocol string `protobuf:"bytes,1,opt,name=protocol,proto3" json:"protocol,omitempty"` - // Specifies a host to which the downstream connection is tunneled. - // Target host must be an FQDN or IP address. - TargetHost string `protobuf:"bytes,2,opt,name=target_host,json=targetHost,proto3" json:"target_host,omitempty"` - // Specifies a port to which the downstream connection is tunneled. - TargetPort uint32 `protobuf:"varint,3,opt,name=target_port,json=targetPort,proto3" json:"target_port,omitempty"` -} - -func (x *TrafficPolicy_TunnelSettings) Reset() { - *x = TrafficPolicy_TunnelSettings{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_destination_rule_proto_msgTypes[9] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *TrafficPolicy_TunnelSettings) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*TrafficPolicy_TunnelSettings) ProtoMessage() {} - -func (x *TrafficPolicy_TunnelSettings) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_destination_rule_proto_msgTypes[9] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use TrafficPolicy_TunnelSettings.ProtoReflect.Descriptor instead. -func (*TrafficPolicy_TunnelSettings) Descriptor() ([]byte, []int) { - return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{1, 1} -} - -func (x *TrafficPolicy_TunnelSettings) GetProtocol() string { - if x != nil { - return x.Protocol - } - return "" -} - -func (x *TrafficPolicy_TunnelSettings) GetTargetHost() string { - if x != nil { - return x.TargetHost - } - return "" -} - -func (x *TrafficPolicy_TunnelSettings) GetTargetPort() uint32 { - if x != nil { - return x.TargetPort - } - return 0 -} - -type TrafficPolicy_ProxyProtocol struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The PROXY protocol version to use. See https://www.haproxy.org/download/2.1/doc/proxy-protocol.txt for details. - // By default it is `V1`. - Version TrafficPolicy_ProxyProtocol_VERSION `protobuf:"varint,1,opt,name=version,proto3,enum=istio.networking.v1.TrafficPolicy_ProxyProtocol_VERSION" json:"version,omitempty"` -} - -func (x *TrafficPolicy_ProxyProtocol) Reset() { - *x = TrafficPolicy_ProxyProtocol{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_destination_rule_proto_msgTypes[10] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *TrafficPolicy_ProxyProtocol) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*TrafficPolicy_ProxyProtocol) ProtoMessage() {} - -func (x *TrafficPolicy_ProxyProtocol) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_destination_rule_proto_msgTypes[10] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use TrafficPolicy_ProxyProtocol.ProtoReflect.Descriptor instead. -func (*TrafficPolicy_ProxyProtocol) Descriptor() ([]byte, []int) { - return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{1, 2} -} - -func (x *TrafficPolicy_ProxyProtocol) GetVersion() TrafficPolicy_ProxyProtocol_VERSION { - if x != nil { - return x.Version - } - return TrafficPolicy_ProxyProtocol_V1 -} - -// Consistent Hash-based load balancing can be used to provide soft -// session affinity based on HTTP headers, cookies or other -// properties. The affinity to a particular destination host may be -// lost when one or more hosts are added/removed from the destination -// service. -// -// Note: consistent hashing is less reliable at maintaining affinity than common -// "sticky sessions" implementations, which often encode a specific destination in -// a cookie, ensuring affinity is maintained as long as the backend remains. -// With consistent hash, the guarantees are weaker; any host addition or removal can -// break affinity for `1/backends` requests. -// -// Warning: consistent hashing depends on each proxy having a consistent view of endpoints. -// This is not the case when locality load balancing is enabled. Locality load balancing -// and consistent hash will only work together when all proxies are in the same locality, -// or a high level load balancer handles locality affinity. -type LoadBalancerSettings_ConsistentHashLB struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The hash key to use. - // - // Types that are assignable to HashKey: - // - // *LoadBalancerSettings_ConsistentHashLB_HttpHeaderName - // *LoadBalancerSettings_ConsistentHashLB_HttpCookie - // *LoadBalancerSettings_ConsistentHashLB_UseSourceIp - // *LoadBalancerSettings_ConsistentHashLB_HttpQueryParameterName - HashKey isLoadBalancerSettings_ConsistentHashLB_HashKey `protobuf_oneof:"hash_key"` - // The hash algorithm to use. - // Please refer to https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#ring-hash - // and https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#maglev for - // considerations on choosing an algorithm. - // Defaults to RingHash if not specified. - // - // Types that are assignable to HashAlgorithm: - // - // *LoadBalancerSettings_ConsistentHashLB_RingHash_ - // *LoadBalancerSettings_ConsistentHashLB_Maglev - HashAlgorithm isLoadBalancerSettings_ConsistentHashLB_HashAlgorithm `protobuf_oneof:"hash_algorithm"` - // Deprecated. Use RingHash instead. - // - // Deprecated: Marked as deprecated in networking/v1/destination_rule.proto. - MinimumRingSize uint64 `protobuf:"varint,4,opt,name=minimum_ring_size,json=minimumRingSize,proto3" json:"minimum_ring_size,omitempty"` -} - -func (x *LoadBalancerSettings_ConsistentHashLB) Reset() { - *x = LoadBalancerSettings_ConsistentHashLB{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_destination_rule_proto_msgTypes[12] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *LoadBalancerSettings_ConsistentHashLB) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*LoadBalancerSettings_ConsistentHashLB) ProtoMessage() {} - -func (x *LoadBalancerSettings_ConsistentHashLB) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_destination_rule_proto_msgTypes[12] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use LoadBalancerSettings_ConsistentHashLB.ProtoReflect.Descriptor instead. -func (*LoadBalancerSettings_ConsistentHashLB) Descriptor() ([]byte, []int) { - return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{3, 0} -} - -func (m *LoadBalancerSettings_ConsistentHashLB) GetHashKey() isLoadBalancerSettings_ConsistentHashLB_HashKey { - if m != nil { - return m.HashKey - } - return nil -} - -func (x *LoadBalancerSettings_ConsistentHashLB) GetHttpHeaderName() string { - if x, ok := x.GetHashKey().(*LoadBalancerSettings_ConsistentHashLB_HttpHeaderName); ok { - return x.HttpHeaderName - } - return "" -} - -func (x *LoadBalancerSettings_ConsistentHashLB) GetHttpCookie() *LoadBalancerSettings_ConsistentHashLB_HTTPCookie { - if x, ok := x.GetHashKey().(*LoadBalancerSettings_ConsistentHashLB_HttpCookie); ok { - return x.HttpCookie - } - return nil -} - -func (x *LoadBalancerSettings_ConsistentHashLB) GetUseSourceIp() bool { - if x, ok := x.GetHashKey().(*LoadBalancerSettings_ConsistentHashLB_UseSourceIp); ok { - return x.UseSourceIp - } - return false -} - -func (x *LoadBalancerSettings_ConsistentHashLB) GetHttpQueryParameterName() string { - if x, ok := x.GetHashKey().(*LoadBalancerSettings_ConsistentHashLB_HttpQueryParameterName); ok { - return x.HttpQueryParameterName - } - return "" -} - -func (m *LoadBalancerSettings_ConsistentHashLB) GetHashAlgorithm() isLoadBalancerSettings_ConsistentHashLB_HashAlgorithm { - if m != nil { - return m.HashAlgorithm - } - return nil -} - -func (x *LoadBalancerSettings_ConsistentHashLB) GetRingHash() *LoadBalancerSettings_ConsistentHashLB_RingHash { - if x, ok := x.GetHashAlgorithm().(*LoadBalancerSettings_ConsistentHashLB_RingHash_); ok { - return x.RingHash - } - return nil -} - -func (x *LoadBalancerSettings_ConsistentHashLB) GetMaglev() *LoadBalancerSettings_ConsistentHashLB_MagLev { - if x, ok := x.GetHashAlgorithm().(*LoadBalancerSettings_ConsistentHashLB_Maglev); ok { - return x.Maglev - } - return nil -} - -// Deprecated: Marked as deprecated in networking/v1/destination_rule.proto. -func (x *LoadBalancerSettings_ConsistentHashLB) GetMinimumRingSize() uint64 { - if x != nil { - return x.MinimumRingSize - } - return 0 -} - -type isLoadBalancerSettings_ConsistentHashLB_HashKey interface { - isLoadBalancerSettings_ConsistentHashLB_HashKey() -} - -type LoadBalancerSettings_ConsistentHashLB_HttpHeaderName struct { - // Hash based on a specific HTTP header. - HttpHeaderName string `protobuf:"bytes,1,opt,name=http_header_name,json=httpHeaderName,proto3,oneof"` -} - -type LoadBalancerSettings_ConsistentHashLB_HttpCookie struct { - // Hash based on HTTP cookie. - HttpCookie *LoadBalancerSettings_ConsistentHashLB_HTTPCookie `protobuf:"bytes,2,opt,name=http_cookie,json=httpCookie,proto3,oneof"` -} - -type LoadBalancerSettings_ConsistentHashLB_UseSourceIp struct { - // Hash based on the source IP address. - // This is applicable for both TCP and HTTP connections. - UseSourceIp bool `protobuf:"varint,3,opt,name=use_source_ip,json=useSourceIp,proto3,oneof"` -} - -type LoadBalancerSettings_ConsistentHashLB_HttpQueryParameterName struct { - // Hash based on a specific HTTP query parameter. - HttpQueryParameterName string `protobuf:"bytes,5,opt,name=http_query_parameter_name,json=httpQueryParameterName,proto3,oneof"` -} - -func (*LoadBalancerSettings_ConsistentHashLB_HttpHeaderName) isLoadBalancerSettings_ConsistentHashLB_HashKey() { -} - -func (*LoadBalancerSettings_ConsistentHashLB_HttpCookie) isLoadBalancerSettings_ConsistentHashLB_HashKey() { -} - -func (*LoadBalancerSettings_ConsistentHashLB_UseSourceIp) isLoadBalancerSettings_ConsistentHashLB_HashKey() { -} - -func (*LoadBalancerSettings_ConsistentHashLB_HttpQueryParameterName) isLoadBalancerSettings_ConsistentHashLB_HashKey() { -} - -type isLoadBalancerSettings_ConsistentHashLB_HashAlgorithm interface { - isLoadBalancerSettings_ConsistentHashLB_HashAlgorithm() -} - -type LoadBalancerSettings_ConsistentHashLB_RingHash_ struct { - // The ring/modulo hash load balancer implements consistent hashing to backend hosts. - RingHash *LoadBalancerSettings_ConsistentHashLB_RingHash `protobuf:"bytes,6,opt,name=ring_hash,json=ringHash,proto3,oneof"` -} - -type LoadBalancerSettings_ConsistentHashLB_Maglev struct { - // The Maglev load balancer implements consistent hashing to backend hosts. - Maglev *LoadBalancerSettings_ConsistentHashLB_MagLev `protobuf:"bytes,7,opt,name=maglev,proto3,oneof"` -} - -func (*LoadBalancerSettings_ConsistentHashLB_RingHash_) isLoadBalancerSettings_ConsistentHashLB_HashAlgorithm() { -} - -func (*LoadBalancerSettings_ConsistentHashLB_Maglev) isLoadBalancerSettings_ConsistentHashLB_HashAlgorithm() { -} - -type LoadBalancerSettings_ConsistentHashLB_RingHash struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The minimum number of virtual nodes to use for the hash - // ring. Defaults to 1024. Larger ring sizes result in more granular - // load distributions. If the number of hosts in the load balancing - // pool is larger than the ring size, each host will be assigned a - // single virtual node. - MinimumRingSize uint64 `protobuf:"varint,1,opt,name=minimum_ring_size,json=minimumRingSize,proto3" json:"minimum_ring_size,omitempty"` -} - -func (x *LoadBalancerSettings_ConsistentHashLB_RingHash) Reset() { - *x = LoadBalancerSettings_ConsistentHashLB_RingHash{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_destination_rule_proto_msgTypes[13] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *LoadBalancerSettings_ConsistentHashLB_RingHash) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*LoadBalancerSettings_ConsistentHashLB_RingHash) ProtoMessage() {} - -func (x *LoadBalancerSettings_ConsistentHashLB_RingHash) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_destination_rule_proto_msgTypes[13] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use LoadBalancerSettings_ConsistentHashLB_RingHash.ProtoReflect.Descriptor instead. -func (*LoadBalancerSettings_ConsistentHashLB_RingHash) Descriptor() ([]byte, []int) { - return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{3, 0, 0} -} - -func (x *LoadBalancerSettings_ConsistentHashLB_RingHash) GetMinimumRingSize() uint64 { - if x != nil { - return x.MinimumRingSize - } - return 0 -} - -type LoadBalancerSettings_ConsistentHashLB_MagLev struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The table size for Maglev hashing. This helps in controlling the - // disruption when the backend hosts change. - // Increasing the table size reduces the amount of disruption. - // The table size must be prime number less than 5000011. - // If it is not specified, the default is 65537. - TableSize uint64 `protobuf:"varint,1,opt,name=table_size,json=tableSize,proto3" json:"table_size,omitempty"` -} - -func (x *LoadBalancerSettings_ConsistentHashLB_MagLev) Reset() { - *x = LoadBalancerSettings_ConsistentHashLB_MagLev{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_destination_rule_proto_msgTypes[14] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *LoadBalancerSettings_ConsistentHashLB_MagLev) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*LoadBalancerSettings_ConsistentHashLB_MagLev) ProtoMessage() {} - -func (x *LoadBalancerSettings_ConsistentHashLB_MagLev) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_destination_rule_proto_msgTypes[14] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use LoadBalancerSettings_ConsistentHashLB_MagLev.ProtoReflect.Descriptor instead. -func (*LoadBalancerSettings_ConsistentHashLB_MagLev) Descriptor() ([]byte, []int) { - return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{3, 0, 1} -} - -func (x *LoadBalancerSettings_ConsistentHashLB_MagLev) GetTableSize() uint64 { - if x != nil { - return x.TableSize - } - return 0 -} - -// Describes a HTTP cookie that will be used as the hash key for the -// Consistent Hash load balancer. -type LoadBalancerSettings_ConsistentHashLB_HTTPCookie struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Name of the cookie. - Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` - // Path to set for the cookie. - Path string `protobuf:"bytes,2,opt,name=path,proto3" json:"path,omitempty"` - // Lifetime of the cookie. If specified, a cookie with the TTL will be - // generated if the cookie is not present. If the TTL is present and zero, - // the generated cookie will be a session cookie. - Ttl *duration.Duration `protobuf:"bytes,3,opt,name=ttl,proto3" json:"ttl,omitempty"` -} - -func (x *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) Reset() { - *x = LoadBalancerSettings_ConsistentHashLB_HTTPCookie{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_destination_rule_proto_msgTypes[15] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*LoadBalancerSettings_ConsistentHashLB_HTTPCookie) ProtoMessage() {} - -func (x *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_destination_rule_proto_msgTypes[15] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use LoadBalancerSettings_ConsistentHashLB_HTTPCookie.ProtoReflect.Descriptor instead. -func (*LoadBalancerSettings_ConsistentHashLB_HTTPCookie) Descriptor() ([]byte, []int) { - return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{3, 0, 2} -} - -func (x *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) GetName() string { - if x != nil { - return x.Name - } - return "" -} - -func (x *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) GetPath() string { - if x != nil { - return x.Path - } - return "" -} - -func (x *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) GetTtl() *duration.Duration { - if x != nil { - return x.Ttl - } - return nil -} - -// Settings common to both HTTP and TCP upstream connections. -type ConnectionPoolSettings_TCPSettings struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Maximum number of HTTP1 /TCP connections to a destination host. Default 2^32-1. - MaxConnections int32 `protobuf:"varint,1,opt,name=max_connections,json=maxConnections,proto3" json:"max_connections,omitempty"` - // TCP connection timeout. format: - // 1h/1m/1s/1ms. MUST BE >=1ms. Default is 10s. - ConnectTimeout *duration.Duration `protobuf:"bytes,2,opt,name=connect_timeout,json=connectTimeout,proto3" json:"connect_timeout,omitempty"` - // If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. - TcpKeepalive *ConnectionPoolSettings_TCPSettings_TcpKeepalive `protobuf:"bytes,3,opt,name=tcp_keepalive,json=tcpKeepalive,proto3" json:"tcp_keepalive,omitempty"` - // The maximum duration of a connection. The duration is defined as the period since a connection - // was established. If not set, there is no max duration. When max_connection_duration - // is reached the connection will be closed. Duration must be at least 1ms. - MaxConnectionDuration *duration.Duration `protobuf:"bytes,4,opt,name=max_connection_duration,json=maxConnectionDuration,proto3" json:"max_connection_duration,omitempty"` - // The idle timeout for TCP connections. - // The idle timeout is defined as the period in which there are no bytes sent or received on either - // the upstream or downstream connection. - // If not set, the default idle timeout is 1 hour. If set to 0s, the timeout will be disabled. - // Idle timeout is not configured per each cluster individually when weighted destinations are used, - // because idleTimeout is a property of a listener, not a cluster. In that case, idleTimeout - // specified in a destination rule for the first weighted route is configured in the listener, - // which means also for all weighted routes. - IdleTimeout *duration.Duration `protobuf:"bytes,5,opt,name=idle_timeout,json=idleTimeout,proto3" json:"idle_timeout,omitempty"` -} - -func (x *ConnectionPoolSettings_TCPSettings) Reset() { - *x = ConnectionPoolSettings_TCPSettings{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_destination_rule_proto_msgTypes[16] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ConnectionPoolSettings_TCPSettings) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ConnectionPoolSettings_TCPSettings) ProtoMessage() {} - -func (x *ConnectionPoolSettings_TCPSettings) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_destination_rule_proto_msgTypes[16] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ConnectionPoolSettings_TCPSettings.ProtoReflect.Descriptor instead. -func (*ConnectionPoolSettings_TCPSettings) Descriptor() ([]byte, []int) { - return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{4, 0} -} - -func (x *ConnectionPoolSettings_TCPSettings) GetMaxConnections() int32 { - if x != nil { - return x.MaxConnections - } - return 0 -} - -func (x *ConnectionPoolSettings_TCPSettings) GetConnectTimeout() *duration.Duration { - if x != nil { - return x.ConnectTimeout - } - return nil -} - -func (x *ConnectionPoolSettings_TCPSettings) GetTcpKeepalive() *ConnectionPoolSettings_TCPSettings_TcpKeepalive { - if x != nil { - return x.TcpKeepalive - } - return nil -} - -func (x *ConnectionPoolSettings_TCPSettings) GetMaxConnectionDuration() *duration.Duration { - if x != nil { - return x.MaxConnectionDuration - } - return nil -} - -func (x *ConnectionPoolSettings_TCPSettings) GetIdleTimeout() *duration.Duration { - if x != nil { - return x.IdleTimeout - } - return nil -} - -// Settings applicable to HTTP1.1/HTTP2/GRPC connections. -type ConnectionPoolSettings_HTTPSettings struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Maximum number of requests that will be queued while waiting for - // a ready connection pool connection. Default 2^32-1. - // Refer to https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/circuit_breaking - // under which conditions a new connection is created for HTTP2. - // Please note that this is applicable to both HTTP/1.1 and HTTP2. - Http1MaxPendingRequests int32 `protobuf:"varint,1,opt,name=http1_max_pending_requests,json=http1MaxPendingRequests,proto3" json:"http1_max_pending_requests,omitempty"` - // Maximum number of active requests to a destination. Default 2^32-1. - // Please note that this is applicable to both HTTP/1.1 and HTTP2. - Http2MaxRequests int32 `protobuf:"varint,2,opt,name=http2_max_requests,json=http2MaxRequests,proto3" json:"http2_max_requests,omitempty"` - // Maximum number of requests per connection to a backend. Setting this - // parameter to 1 disables keep alive. Default 0, meaning "unlimited", - // up to 2^29. - MaxRequestsPerConnection int32 `protobuf:"varint,3,opt,name=max_requests_per_connection,json=maxRequestsPerConnection,proto3" json:"max_requests_per_connection,omitempty"` - // Maximum number of retries that can be outstanding to all hosts in a - // cluster at a given time. Defaults to 2^32-1. - MaxRetries int32 `protobuf:"varint,4,opt,name=max_retries,json=maxRetries,proto3" json:"max_retries,omitempty"` - // The idle timeout for upstream connection pool connections. The idle timeout - // is defined as the period in which there are no active requests. - // If not set, the default is 1 hour. When the idle timeout is reached, - // the connection will be closed. If the connection is an HTTP/2 - // connection a drain sequence will occur prior to closing the connection. - // Note that request based timeouts mean that HTTP/2 PINGs will not - // keep the connection alive. Applies to both HTTP1.1 and HTTP2 connections. - IdleTimeout *duration.Duration `protobuf:"bytes,5,opt,name=idle_timeout,json=idleTimeout,proto3" json:"idle_timeout,omitempty"` - // Specify if http1.1 connection should be upgraded to http2 for the associated destination. - H2UpgradePolicy ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy `protobuf:"varint,6,opt,name=h2_upgrade_policy,json=h2UpgradePolicy,proto3,enum=istio.networking.v1.ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy" json:"h2_upgrade_policy,omitempty"` - // If set to true, client protocol will be preserved while initiating connection to backend. - // Note that when this is set to true, h2_upgrade_policy will be ineffective i.e. the client - // connections will not be upgraded to http2. - UseClientProtocol bool `protobuf:"varint,7,opt,name=use_client_protocol,json=useClientProtocol,proto3" json:"use_client_protocol,omitempty"` - // The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection. - // Defaults to 2^31-1. - MaxConcurrentStreams int32 `protobuf:"varint,8,opt,name=max_concurrent_streams,json=maxConcurrentStreams,proto3" json:"max_concurrent_streams,omitempty"` -} - -func (x *ConnectionPoolSettings_HTTPSettings) Reset() { - *x = ConnectionPoolSettings_HTTPSettings{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_destination_rule_proto_msgTypes[17] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ConnectionPoolSettings_HTTPSettings) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ConnectionPoolSettings_HTTPSettings) ProtoMessage() {} - -func (x *ConnectionPoolSettings_HTTPSettings) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_destination_rule_proto_msgTypes[17] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ConnectionPoolSettings_HTTPSettings.ProtoReflect.Descriptor instead. -func (*ConnectionPoolSettings_HTTPSettings) Descriptor() ([]byte, []int) { - return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{4, 1} -} - -func (x *ConnectionPoolSettings_HTTPSettings) GetHttp1MaxPendingRequests() int32 { - if x != nil { - return x.Http1MaxPendingRequests - } - return 0 -} - -func (x *ConnectionPoolSettings_HTTPSettings) GetHttp2MaxRequests() int32 { - if x != nil { - return x.Http2MaxRequests - } - return 0 -} - -func (x *ConnectionPoolSettings_HTTPSettings) GetMaxRequestsPerConnection() int32 { - if x != nil { - return x.MaxRequestsPerConnection - } - return 0 -} - -func (x *ConnectionPoolSettings_HTTPSettings) GetMaxRetries() int32 { - if x != nil { - return x.MaxRetries - } - return 0 -} - -func (x *ConnectionPoolSettings_HTTPSettings) GetIdleTimeout() *duration.Duration { - if x != nil { - return x.IdleTimeout - } - return nil -} - -func (x *ConnectionPoolSettings_HTTPSettings) GetH2UpgradePolicy() ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy { - if x != nil { - return x.H2UpgradePolicy - } - return ConnectionPoolSettings_HTTPSettings_DEFAULT -} - -func (x *ConnectionPoolSettings_HTTPSettings) GetUseClientProtocol() bool { - if x != nil { - return x.UseClientProtocol - } - return false -} - -func (x *ConnectionPoolSettings_HTTPSettings) GetMaxConcurrentStreams() int32 { - if x != nil { - return x.MaxConcurrentStreams - } - return 0 -} - -// TCP keepalive. -type ConnectionPoolSettings_TCPSettings_TcpKeepalive struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Maximum number of keepalive probes to send without response before - // deciding the connection is dead. Default is to use the OS level configuration - // (unless overridden, Linux defaults to 9.) - Probes uint32 `protobuf:"varint,1,opt,name=probes,proto3" json:"probes,omitempty"` - // The time duration a connection needs to be idle before keep-alive - // probes start being sent. Default is to use the OS level configuration - // (unless overridden, Linux defaults to 7200s (ie 2 hours.) - Time *duration.Duration `protobuf:"bytes,2,opt,name=time,proto3" json:"time,omitempty"` - // The time duration between keep-alive probes. - // Default is to use the OS level configuration - // (unless overridden, Linux defaults to 75s.) - Interval *duration.Duration `protobuf:"bytes,3,opt,name=interval,proto3" json:"interval,omitempty"` -} - -func (x *ConnectionPoolSettings_TCPSettings_TcpKeepalive) Reset() { - *x = ConnectionPoolSettings_TCPSettings_TcpKeepalive{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_destination_rule_proto_msgTypes[18] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ConnectionPoolSettings_TCPSettings_TcpKeepalive) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ConnectionPoolSettings_TCPSettings_TcpKeepalive) ProtoMessage() {} - -func (x *ConnectionPoolSettings_TCPSettings_TcpKeepalive) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_destination_rule_proto_msgTypes[18] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ConnectionPoolSettings_TCPSettings_TcpKeepalive.ProtoReflect.Descriptor instead. -func (*ConnectionPoolSettings_TCPSettings_TcpKeepalive) Descriptor() ([]byte, []int) { - return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{4, 0, 0} -} - -func (x *ConnectionPoolSettings_TCPSettings_TcpKeepalive) GetProbes() uint32 { - if x != nil { - return x.Probes - } - return 0 -} - -func (x *ConnectionPoolSettings_TCPSettings_TcpKeepalive) GetTime() *duration.Duration { - if x != nil { - return x.Time - } - return nil -} - -func (x *ConnectionPoolSettings_TCPSettings_TcpKeepalive) GetInterval() *duration.Duration { - if x != nil { - return x.Interval - } - return nil -} - -// Describes how traffic originating in the 'from' zone or sub-zone is -// distributed over a set of 'to' zones. Syntax for specifying a zone is -// {region}/{zone}/{sub-zone} and terminal wildcards are allowed on any -// segment of the specification. Examples: -// -// `*` - matches all localities -// -// `us-west/*` - all zones and sub-zones within the us-west region -// -// `us-west/zone-1/*` - all sub-zones within us-west/zone-1 -type LocalityLoadBalancerSetting_Distribute struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Originating locality, '/' separated, e.g. 'region/zone/sub_zone'. - From string `protobuf:"bytes,1,opt,name=from,proto3" json:"from,omitempty"` - // Map of upstream localities to traffic distribution weights. The sum of - // all weights should be 100. Any locality not present will - // receive no traffic. - To map[string]uint32 `protobuf:"bytes,2,rep,name=to,proto3" json:"to,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"varint,2,opt,name=value,proto3"` -} - -func (x *LocalityLoadBalancerSetting_Distribute) Reset() { - *x = LocalityLoadBalancerSetting_Distribute{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_destination_rule_proto_msgTypes[19] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *LocalityLoadBalancerSetting_Distribute) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*LocalityLoadBalancerSetting_Distribute) ProtoMessage() {} - -func (x *LocalityLoadBalancerSetting_Distribute) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_destination_rule_proto_msgTypes[19] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use LocalityLoadBalancerSetting_Distribute.ProtoReflect.Descriptor instead. -func (*LocalityLoadBalancerSetting_Distribute) Descriptor() ([]byte, []int) { - return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{7, 0} -} - -func (x *LocalityLoadBalancerSetting_Distribute) GetFrom() string { - if x != nil { - return x.From - } - return "" -} - -func (x *LocalityLoadBalancerSetting_Distribute) GetTo() map[string]uint32 { - if x != nil { - return x.To - } - return nil -} - -// Specify the traffic failover policy across regions. Since zone and sub-zone -// failover is supported by default this only needs to be specified for -// regions when the operator needs to constrain traffic failover so that -// the default behavior of failing over to any endpoint globally does not -// apply. This is useful when failing over traffic across regions would not -// improve service health or may need to be restricted for other reasons -// like regulatory controls. -type LocalityLoadBalancerSetting_Failover struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Originating region. - From string `protobuf:"bytes,1,opt,name=from,proto3" json:"from,omitempty"` - // Destination region the traffic will fail over to when endpoints in - // the 'from' region becomes unhealthy. - To string `protobuf:"bytes,2,opt,name=to,proto3" json:"to,omitempty"` -} - -func (x *LocalityLoadBalancerSetting_Failover) Reset() { - *x = LocalityLoadBalancerSetting_Failover{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_destination_rule_proto_msgTypes[20] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *LocalityLoadBalancerSetting_Failover) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*LocalityLoadBalancerSetting_Failover) ProtoMessage() {} - -func (x *LocalityLoadBalancerSetting_Failover) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_destination_rule_proto_msgTypes[20] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use LocalityLoadBalancerSetting_Failover.ProtoReflect.Descriptor instead. -func (*LocalityLoadBalancerSetting_Failover) Descriptor() ([]byte, []int) { - return file_networking_v1_destination_rule_proto_rawDescGZIP(), []int{7, 1} -} - -func (x *LocalityLoadBalancerSetting_Failover) GetFrom() string { - if x != nil { - return x.From - } - return "" -} - -func (x *LocalityLoadBalancerSetting_Failover) GetTo() string { - if x != nil { - return x.To - } - return "" -} - -var File_networking_v1_destination_rule_proto protoreflect.FileDescriptor - -var file_networking_v1_destination_rule_proto_rawDesc = []byte{ - 0x0a, 0x24, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x2f, - 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x75, 0x6c, 0x65, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x13, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, - 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, - 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x75, - 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x77, 0x72, - 0x61, 0x70, 0x70, 0x65, 0x72, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x23, 0x6e, 0x65, - 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x2f, 0x76, 0x69, 0x72, 0x74, - 0x75, 0x61, 0x6c, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x1a, 0x1b, 0x74, 0x79, 0x70, 0x65, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, - 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x9c, - 0x02, 0x0a, 0x0f, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x75, - 0x6c, 0x65, 0x12, 0x17, 0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x12, 0x49, 0x0a, 0x0e, 0x74, - 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, - 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, - 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x0d, 0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, - 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x35, 0x0a, 0x07, 0x73, 0x75, 0x62, 0x73, 0x65, 0x74, - 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, - 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x75, - 0x62, 0x73, 0x65, 0x74, 0x52, 0x07, 0x73, 0x75, 0x62, 0x73, 0x65, 0x74, 0x73, 0x12, 0x1b, 0x0a, - 0x09, 0x65, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x74, 0x6f, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, - 0x52, 0x08, 0x65, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x54, 0x6f, 0x12, 0x51, 0x0a, 0x11, 0x77, 0x6f, - 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, - 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x74, 0x79, - 0x70, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, - 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x52, 0x10, 0x77, 0x6f, 0x72, - 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x22, 0xc8, 0x09, - 0x0a, 0x0d, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, - 0x4e, 0x0a, 0x0d, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x62, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, - 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x6f, 0x61, - 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, - 0x73, 0x52, 0x0c, 0x6c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x12, - 0x54, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x6f, - 0x6f, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x43, - 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x53, 0x65, 0x74, - 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, - 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x12, 0x52, 0x0a, 0x11, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, - 0x5f, 0x64, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x25, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x4f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x44, 0x65, - 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, - 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x38, 0x0a, 0x03, 0x74, 0x6c, 0x73, - 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, - 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x6c, 0x69, - 0x65, 0x6e, 0x74, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x03, - 0x74, 0x6c, 0x73, 0x12, 0x64, 0x0a, 0x13, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x6c, 0x65, 0x76, 0x65, - 0x6c, 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x34, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, - 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x50, 0x6f, 0x72, 0x74, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, - 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x11, 0x70, 0x6f, 0x72, 0x74, 0x4c, 0x65, 0x76, 0x65, - 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x49, 0x0a, 0x06, 0x74, 0x75, 0x6e, - 0x6e, 0x65, 0x6c, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x69, 0x73, 0x74, 0x69, - 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, - 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x54, 0x75, - 0x6e, 0x6e, 0x65, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x74, 0x75, - 0x6e, 0x6e, 0x65, 0x6c, 0x12, 0x57, 0x0a, 0x0e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x5f, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x69, - 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, - 0x76, 0x31, 0x2e, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, - 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x52, 0x0d, - 0x70, 0x72, 0x6f, 0x78, 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x1a, 0xfe, 0x02, - 0x0a, 0x11, 0x50, 0x6f, 0x72, 0x74, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, - 0x69, 0x63, 0x79, 0x12, 0x35, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x21, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, - 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x6f, 0x72, 0x74, 0x53, 0x65, 0x6c, 0x65, - 0x63, 0x74, 0x6f, 0x72, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x4e, 0x0a, 0x0d, 0x6c, 0x6f, - 0x61, 0x64, 0x5f, 0x62, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x29, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, - 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, - 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0c, 0x6c, 0x6f, - 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x12, 0x54, 0x0a, 0x0f, 0x63, 0x6f, - 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x6f, 0x6f, 0x6c, 0x18, 0x03, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, - 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, - 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, - 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, - 0x12, 0x52, 0x0a, 0x11, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x5f, 0x64, 0x65, 0x74, 0x65, - 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x73, - 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, - 0x31, 0x2e, 0x4f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, - 0x6f, 0x6e, 0x52, 0x10, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x44, 0x65, 0x74, 0x65, 0x63, - 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x38, 0x0a, 0x03, 0x74, 0x6c, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, - 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x54, 0x4c, - 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x03, 0x74, 0x6c, 0x73, 0x1a, 0x78, - 0x0a, 0x0e, 0x54, 0x75, 0x6e, 0x6e, 0x65, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, - 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x24, 0x0a, 0x0b, - 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0a, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x48, 0x6f, - 0x73, 0x74, 0x12, 0x24, 0x0a, 0x0b, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x70, 0x6f, 0x72, - 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0a, 0x74, 0x61, - 0x72, 0x67, 0x65, 0x74, 0x50, 0x6f, 0x72, 0x74, 0x1a, 0x7e, 0x0a, 0x0d, 0x50, 0x72, 0x6f, 0x78, - 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x52, 0x0a, 0x07, 0x76, 0x65, 0x72, - 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x38, 0x2e, 0x69, 0x73, 0x74, - 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, - 0x2e, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x50, - 0x72, 0x6f, 0x78, 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2e, 0x56, 0x45, 0x52, - 0x53, 0x49, 0x4f, 0x4e, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x19, 0x0a, - 0x07, 0x56, 0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x12, 0x06, 0x0a, 0x02, 0x56, 0x31, 0x10, 0x00, - 0x12, 0x06, 0x0a, 0x02, 0x56, 0x32, 0x10, 0x01, 0x22, 0xe8, 0x01, 0x0a, 0x06, 0x53, 0x75, 0x62, - 0x73, 0x65, 0x74, 0x12, 0x17, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x3f, 0x0a, 0x06, - 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x69, - 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, - 0x76, 0x31, 0x2e, 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x12, 0x49, 0x0a, - 0x0e, 0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, - 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x72, 0x61, 0x66, - 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x0d, 0x74, 0x72, 0x61, 0x66, 0x66, - 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x1a, 0x39, 0x0a, 0x0b, 0x4c, 0x61, 0x62, 0x65, - 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, - 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, - 0x02, 0x38, 0x01, 0x22, 0xdf, 0x09, 0x0a, 0x14, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, - 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x4c, 0x0a, 0x06, - 0x73, 0x69, 0x6d, 0x70, 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x32, 0x2e, 0x69, - 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, - 0x76, 0x31, 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, - 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x53, 0x69, 0x6d, 0x70, 0x6c, 0x65, 0x4c, 0x42, - 0x48, 0x00, 0x52, 0x06, 0x73, 0x69, 0x6d, 0x70, 0x6c, 0x65, 0x12, 0x65, 0x0a, 0x0f, 0x63, 0x6f, - 0x6e, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x74, 0x5f, 0x68, 0x61, 0x73, 0x68, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, - 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, - 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x43, - 0x6f, 0x6e, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x74, 0x48, 0x61, 0x73, 0x68, 0x4c, 0x42, 0x48, - 0x00, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x74, 0x48, 0x61, 0x73, - 0x68, 0x12, 0x60, 0x0a, 0x13, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x5f, 0x6c, 0x62, - 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, - 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, - 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x4c, 0x6f, 0x61, - 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, - 0x52, 0x11, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x4c, 0x62, 0x53, 0x65, 0x74, 0x74, - 0x69, 0x6e, 0x67, 0x12, 0x4b, 0x0a, 0x14, 0x77, 0x61, 0x72, 0x6d, 0x75, 0x70, 0x5f, 0x64, 0x75, - 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x65, 0x63, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x12, 0x77, 0x61, - 0x72, 0x6d, 0x75, 0x70, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x63, 0x73, - 0x1a, 0xe3, 0x05, 0x0a, 0x10, 0x43, 0x6f, 0x6e, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x74, 0x48, - 0x61, 0x73, 0x68, 0x4c, 0x42, 0x12, 0x2a, 0x0a, 0x10, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x68, 0x65, - 0x61, 0x64, 0x65, 0x72, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x48, - 0x00, 0x52, 0x0e, 0x68, 0x74, 0x74, 0x70, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4e, 0x61, 0x6d, - 0x65, 0x12, 0x68, 0x0a, 0x0b, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x63, 0x6f, 0x6f, 0x6b, 0x69, 0x65, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x45, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, - 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x6f, 0x61, - 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, - 0x73, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x74, 0x48, 0x61, 0x73, 0x68, - 0x4c, 0x42, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x48, 0x00, 0x52, - 0x0a, 0x68, 0x74, 0x74, 0x70, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x75, - 0x73, 0x65, 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x70, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x08, 0x48, 0x00, 0x52, 0x0b, 0x75, 0x73, 0x65, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, - 0x70, 0x12, 0x3b, 0x0a, 0x19, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x71, 0x75, 0x65, 0x72, 0x79, 0x5f, - 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x05, - 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x16, 0x68, 0x74, 0x74, 0x70, 0x51, 0x75, 0x65, 0x72, - 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x62, - 0x0a, 0x09, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x68, 0x61, 0x73, 0x68, 0x18, 0x06, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x43, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, - 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, - 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x43, 0x6f, 0x6e, - 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x74, 0x48, 0x61, 0x73, 0x68, 0x4c, 0x42, 0x2e, 0x52, 0x69, - 0x6e, 0x67, 0x48, 0x61, 0x73, 0x68, 0x48, 0x01, 0x52, 0x08, 0x72, 0x69, 0x6e, 0x67, 0x48, 0x61, - 0x73, 0x68, 0x12, 0x5b, 0x0a, 0x06, 0x6d, 0x61, 0x67, 0x6c, 0x65, 0x76, 0x18, 0x07, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x41, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, - 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, - 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x43, 0x6f, - 0x6e, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x74, 0x48, 0x61, 0x73, 0x68, 0x4c, 0x42, 0x2e, 0x4d, - 0x61, 0x67, 0x4c, 0x65, 0x76, 0x48, 0x01, 0x52, 0x06, 0x6d, 0x61, 0x67, 0x6c, 0x65, 0x76, 0x12, - 0x2e, 0x0a, 0x11, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x5f, - 0x73, 0x69, 0x7a, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, 0x42, 0x02, 0x18, 0x01, 0x52, 0x0f, - 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x52, 0x69, 0x6e, 0x67, 0x53, 0x69, 0x7a, 0x65, 0x1a, - 0x36, 0x0a, 0x08, 0x52, 0x69, 0x6e, 0x67, 0x48, 0x61, 0x73, 0x68, 0x12, 0x2a, 0x0a, 0x11, 0x6d, - 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x73, 0x69, 0x7a, 0x65, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0f, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x52, - 0x69, 0x6e, 0x67, 0x53, 0x69, 0x7a, 0x65, 0x1a, 0x27, 0x0a, 0x06, 0x4d, 0x61, 0x67, 0x4c, 0x65, - 0x76, 0x12, 0x1d, 0x0a, 0x0a, 0x74, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x09, 0x74, 0x61, 0x62, 0x6c, 0x65, 0x53, 0x69, 0x7a, 0x65, - 0x1a, 0x66, 0x0a, 0x0a, 0x48, 0x54, 0x54, 0x50, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x12, 0x17, - 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, - 0x02, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x2b, 0x0a, 0x03, 0x74, - 0x74, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x52, 0x03, 0x74, 0x74, 0x6c, 0x42, 0x0a, 0x0a, 0x08, 0x68, 0x61, 0x73, 0x68, - 0x5f, 0x6b, 0x65, 0x79, 0x42, 0x10, 0x0a, 0x0e, 0x68, 0x61, 0x73, 0x68, 0x5f, 0x61, 0x6c, 0x67, - 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x22, 0x70, 0x0a, 0x08, 0x53, 0x69, 0x6d, 0x70, 0x6c, 0x65, - 0x4c, 0x42, 0x12, 0x0f, 0x0a, 0x0b, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, - 0x44, 0x10, 0x00, 0x12, 0x12, 0x0a, 0x0a, 0x4c, 0x45, 0x41, 0x53, 0x54, 0x5f, 0x43, 0x4f, 0x4e, - 0x4e, 0x10, 0x01, 0x1a, 0x02, 0x08, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x52, 0x41, 0x4e, 0x44, 0x4f, - 0x4d, 0x10, 0x02, 0x12, 0x0f, 0x0a, 0x0b, 0x50, 0x41, 0x53, 0x53, 0x54, 0x48, 0x52, 0x4f, 0x55, - 0x47, 0x48, 0x10, 0x03, 0x12, 0x0f, 0x0a, 0x0b, 0x52, 0x4f, 0x55, 0x4e, 0x44, 0x5f, 0x52, 0x4f, - 0x42, 0x49, 0x4e, 0x10, 0x04, 0x12, 0x11, 0x0a, 0x0d, 0x4c, 0x45, 0x41, 0x53, 0x54, 0x5f, 0x52, - 0x45, 0x51, 0x55, 0x45, 0x53, 0x54, 0x10, 0x05, 0x42, 0x0b, 0x0a, 0x09, 0x6c, 0x62, 0x5f, 0x70, - 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x22, 0xf0, 0x09, 0x0a, 0x16, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, - 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, - 0x12, 0x49, 0x0a, 0x03, 0x74, 0x63, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x37, 0x2e, - 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, - 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, - 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x54, 0x43, 0x50, 0x53, 0x65, - 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x03, 0x74, 0x63, 0x70, 0x12, 0x4c, 0x0a, 0x04, 0x68, - 0x74, 0x74, 0x70, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x69, 0x73, 0x74, 0x69, - 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, - 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x53, 0x65, - 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x53, 0x65, 0x74, 0x74, 0x69, - 0x6e, 0x67, 0x73, 0x52, 0x04, 0x68, 0x74, 0x74, 0x70, 0x1a, 0x85, 0x04, 0x0a, 0x0b, 0x54, 0x43, - 0x50, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x6d, 0x61, 0x78, - 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x05, 0x52, 0x0e, 0x6d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, - 0x6e, 0x73, 0x12, 0x42, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x5f, 0x74, 0x69, - 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, - 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, - 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x69, 0x0a, 0x0d, 0x74, 0x63, 0x70, 0x5f, 0x6b, 0x65, - 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x44, 0x2e, - 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, - 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, - 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x54, 0x43, 0x50, 0x53, 0x65, - 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x54, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x61, 0x6c, - 0x69, 0x76, 0x65, 0x52, 0x0c, 0x74, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, - 0x65, 0x12, 0x51, 0x0a, 0x17, 0x6d, 0x61, 0x78, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, - 0x69, 0x6f, 0x6e, 0x5f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x15, 0x6d, - 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x75, 0x72, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x3c, 0x0a, 0x0c, 0x69, 0x64, 0x6c, 0x65, 0x5f, 0x74, 0x69, 0x6d, - 0x65, 0x6f, 0x75, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0b, 0x69, 0x64, 0x6c, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x6f, - 0x75, 0x74, 0x1a, 0x8c, 0x01, 0x0a, 0x0c, 0x54, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x61, 0x6c, - 0x69, 0x76, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x73, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0d, 0x52, 0x06, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x73, 0x12, 0x2d, 0x0a, 0x04, 0x74, - 0x69, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, - 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x04, 0x74, 0x69, 0x6d, 0x65, 0x12, 0x35, 0x0a, 0x08, 0x69, 0x6e, - 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, - 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, - 0x6c, 0x1a, 0xb4, 0x04, 0x0a, 0x0c, 0x48, 0x54, 0x54, 0x50, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, - 0x67, 0x73, 0x12, 0x3b, 0x0a, 0x1a, 0x68, 0x74, 0x74, 0x70, 0x31, 0x5f, 0x6d, 0x61, 0x78, 0x5f, - 0x70, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x17, 0x68, 0x74, 0x74, 0x70, 0x31, 0x4d, 0x61, 0x78, - 0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x12, - 0x2c, 0x0a, 0x12, 0x68, 0x74, 0x74, 0x70, 0x32, 0x5f, 0x6d, 0x61, 0x78, 0x5f, 0x72, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x10, 0x68, 0x74, 0x74, - 0x70, 0x32, 0x4d, 0x61, 0x78, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x12, 0x3d, 0x0a, - 0x1b, 0x6d, 0x61, 0x78, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x5f, 0x70, 0x65, - 0x72, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x05, 0x52, 0x18, 0x6d, 0x61, 0x78, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x50, - 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1f, 0x0a, 0x0b, - 0x6d, 0x61, 0x78, 0x5f, 0x72, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, - 0x05, 0x52, 0x0a, 0x6d, 0x61, 0x78, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x12, 0x3c, 0x0a, - 0x0c, 0x69, 0x64, 0x6c, 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x05, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0b, - 0x69, 0x64, 0x6c, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x74, 0x0a, 0x11, 0x68, - 0x32, 0x5f, 0x75, 0x70, 0x67, 0x72, 0x61, 0x64, 0x65, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, - 0x18, 0x06, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x48, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, - 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x6f, 0x6e, - 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, - 0x6e, 0x67, 0x73, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, - 0x2e, 0x48, 0x32, 0x55, 0x70, 0x67, 0x72, 0x61, 0x64, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, - 0x52, 0x0f, 0x68, 0x32, 0x55, 0x70, 0x67, 0x72, 0x61, 0x64, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, - 0x79, 0x12, 0x2e, 0x0a, 0x13, 0x75, 0x73, 0x65, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x11, - 0x75, 0x73, 0x65, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, - 0x6c, 0x12, 0x34, 0x0a, 0x16, 0x6d, 0x61, 0x78, 0x5f, 0x63, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, - 0x65, 0x6e, 0x74, 0x5f, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, - 0x05, 0x52, 0x14, 0x6d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, - 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x22, 0x3f, 0x0a, 0x0f, 0x48, 0x32, 0x55, 0x70, 0x67, - 0x72, 0x61, 0x64, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x0b, 0x0a, 0x07, 0x44, 0x45, - 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x00, 0x12, 0x12, 0x0a, 0x0e, 0x44, 0x4f, 0x5f, 0x4e, 0x4f, - 0x54, 0x5f, 0x55, 0x50, 0x47, 0x52, 0x41, 0x44, 0x45, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x55, - 0x50, 0x47, 0x52, 0x41, 0x44, 0x45, 0x10, 0x02, 0x22, 0x8a, 0x05, 0x0a, 0x10, 0x4f, 0x75, 0x74, - 0x6c, 0x69, 0x65, 0x72, 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x31, 0x0a, - 0x12, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x65, 0x72, 0x72, - 0x6f, 0x72, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x42, 0x02, 0x18, 0x01, 0x52, 0x11, 0x63, - 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x73, - 0x12, 0x4a, 0x0a, 0x22, 0x73, 0x70, 0x6c, 0x69, 0x74, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, - 0x61, 0x6c, 0x5f, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x5f, - 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x08, 0x52, 0x1e, 0x73, 0x70, - 0x6c, 0x69, 0x74, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x4c, 0x6f, 0x63, 0x61, 0x6c, - 0x4f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x12, 0x67, 0x0a, 0x21, - 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x6c, 0x6f, 0x63, 0x61, - 0x6c, 0x5f, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x5f, 0x66, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, - 0x73, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, - 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x1e, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, - 0x76, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x4f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x46, 0x61, 0x69, - 0x6c, 0x75, 0x72, 0x65, 0x73, 0x12, 0x5a, 0x0a, 0x1a, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, - 0x74, 0x69, 0x76, 0x65, 0x5f, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x5f, 0x65, 0x72, 0x72, - 0x6f, 0x72, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, - 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, - 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x18, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, - 0x74, 0x69, 0x76, 0x65, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x45, 0x72, 0x72, 0x6f, 0x72, - 0x73, 0x12, 0x52, 0x0a, 0x16, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, - 0x5f, 0x35, 0x78, 0x78, 0x5f, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, - 0x14, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x35, 0x78, 0x78, 0x45, - 0x72, 0x72, 0x6f, 0x72, 0x73, 0x12, 0x35, 0x0a, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, - 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x52, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x47, 0x0a, 0x12, - 0x62, 0x61, 0x73, 0x65, 0x5f, 0x65, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x69, - 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x62, 0x61, 0x73, 0x65, 0x45, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, - 0x6e, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x30, 0x0a, 0x14, 0x6d, 0x61, 0x78, 0x5f, 0x65, 0x6a, 0x65, - 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x18, 0x04, 0x20, - 0x01, 0x28, 0x05, 0x52, 0x12, 0x6d, 0x61, 0x78, 0x45, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, - 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x12, 0x2c, 0x0a, 0x12, 0x6d, 0x69, 0x6e, 0x5f, 0x68, - 0x65, 0x61, 0x6c, 0x74, 0x68, 0x5f, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x18, 0x05, 0x20, - 0x01, 0x28, 0x05, 0x52, 0x10, 0x6d, 0x69, 0x6e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x50, 0x65, - 0x72, 0x63, 0x65, 0x6e, 0x74, 0x22, 0xde, 0x03, 0x0a, 0x11, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, - 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x42, 0x0a, 0x04, 0x6d, - 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2e, 0x2e, 0x69, 0x73, 0x74, 0x69, - 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, - 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, - 0x73, 0x2e, 0x54, 0x4c, 0x53, 0x6d, 0x6f, 0x64, 0x65, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, - 0x2d, 0x0a, 0x12, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, - 0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x63, 0x6c, 0x69, - 0x65, 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x1f, - 0x0a, 0x0b, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x03, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x0a, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x12, - 0x27, 0x0a, 0x0f, 0x63, 0x61, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, - 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x63, 0x61, 0x43, 0x65, 0x72, 0x74, - 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x63, 0x72, 0x65, 0x64, - 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0e, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x4e, 0x61, 0x6d, - 0x65, 0x12, 0x2a, 0x0a, 0x11, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x61, 0x6c, 0x74, - 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0f, 0x73, 0x75, - 0x62, 0x6a, 0x65, 0x63, 0x74, 0x41, 0x6c, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x10, 0x0a, - 0x03, 0x73, 0x6e, 0x69, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x73, 0x6e, 0x69, 0x12, - 0x4c, 0x0a, 0x14, 0x69, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x5f, 0x73, 0x6b, 0x69, 0x70, - 0x5f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, - 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, - 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x12, 0x69, 0x6e, 0x73, 0x65, 0x63, - 0x75, 0x72, 0x65, 0x53, 0x6b, 0x69, 0x70, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x12, 0x15, 0x0a, - 0x06, 0x63, 0x61, 0x5f, 0x63, 0x72, 0x6c, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x63, - 0x61, 0x43, 0x72, 0x6c, 0x22, 0x40, 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x6d, 0x6f, 0x64, 0x65, 0x12, - 0x0b, 0x0a, 0x07, 0x44, 0x49, 0x53, 0x41, 0x42, 0x4c, 0x45, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, - 0x53, 0x49, 0x4d, 0x50, 0x4c, 0x45, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x4d, 0x55, 0x54, 0x55, - 0x41, 0x4c, 0x10, 0x02, 0x12, 0x10, 0x0a, 0x0c, 0x49, 0x53, 0x54, 0x49, 0x4f, 0x5f, 0x4d, 0x55, - 0x54, 0x55, 0x41, 0x4c, 0x10, 0x03, 0x22, 0x93, 0x04, 0x0a, 0x1b, 0x4c, 0x6f, 0x63, 0x61, 0x6c, - 0x69, 0x74, 0x79, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, - 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x12, 0x5b, 0x0a, 0x0a, 0x64, 0x69, 0x73, 0x74, 0x72, 0x69, - 0x62, 0x75, 0x74, 0x65, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x69, 0x73, 0x74, - 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, - 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, - 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x2e, 0x44, 0x69, 0x73, - 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x52, 0x0a, 0x64, 0x69, 0x73, 0x74, 0x72, 0x69, 0x62, - 0x75, 0x74, 0x65, 0x12, 0x55, 0x0a, 0x08, 0x66, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x18, - 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, - 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x6f, 0x63, 0x61, - 0x6c, 0x69, 0x74, 0x79, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, - 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x2e, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, - 0x52, 0x08, 0x66, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x12, 0x2b, 0x0a, 0x11, 0x66, 0x61, - 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x5f, 0x70, 0x72, 0x69, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, - 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x10, 0x66, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x50, - 0x72, 0x69, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x34, 0x0a, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, - 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, - 0x61, 0x6c, 0x75, 0x65, 0x52, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x1a, 0xac, 0x01, - 0x0a, 0x0a, 0x44, 0x69, 0x73, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x12, 0x12, 0x0a, 0x04, - 0x66, 0x72, 0x6f, 0x6d, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66, 0x72, 0x6f, 0x6d, - 0x12, 0x53, 0x0a, 0x02, 0x74, 0x6f, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x43, 0x2e, 0x69, - 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, - 0x76, 0x31, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x4c, 0x6f, 0x61, 0x64, 0x42, - 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x2e, 0x44, - 0x69, 0x73, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x2e, 0x54, 0x6f, 0x45, 0x6e, 0x74, 0x72, - 0x79, 0x52, 0x02, 0x74, 0x6f, 0x1a, 0x35, 0x0a, 0x07, 0x54, 0x6f, 0x45, 0x6e, 0x74, 0x72, 0x79, - 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, - 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x0d, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x2e, 0x0a, 0x08, - 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x72, 0x6f, 0x6d, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66, 0x72, 0x6f, 0x6d, 0x12, 0x0e, 0x0a, 0x02, - 0x74, 0x6f, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x74, 0x6f, 0x42, 0x1c, 0x5a, 0x1a, - 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6e, 0x65, 0x74, - 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x33, -} - -var ( - file_networking_v1_destination_rule_proto_rawDescOnce sync.Once - file_networking_v1_destination_rule_proto_rawDescData = file_networking_v1_destination_rule_proto_rawDesc -) - -func file_networking_v1_destination_rule_proto_rawDescGZIP() []byte { - file_networking_v1_destination_rule_proto_rawDescOnce.Do(func() { - file_networking_v1_destination_rule_proto_rawDescData = protoimpl.X.CompressGZIP(file_networking_v1_destination_rule_proto_rawDescData) - }) - return file_networking_v1_destination_rule_proto_rawDescData -} - -var file_networking_v1_destination_rule_proto_enumTypes = make([]protoimpl.EnumInfo, 4) -var file_networking_v1_destination_rule_proto_msgTypes = make([]protoimpl.MessageInfo, 22) -var file_networking_v1_destination_rule_proto_goTypes = []interface{}{ - (TrafficPolicy_ProxyProtocol_VERSION)(0), // 0: istio.networking.v1.TrafficPolicy.ProxyProtocol.VERSION - (LoadBalancerSettings_SimpleLB)(0), // 1: istio.networking.v1.LoadBalancerSettings.SimpleLB - (ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy)(0), // 2: istio.networking.v1.ConnectionPoolSettings.HTTPSettings.H2UpgradePolicy - (ClientTLSSettings_TLSmode)(0), // 3: istio.networking.v1.ClientTLSSettings.TLSmode - (*DestinationRule)(nil), // 4: istio.networking.v1.DestinationRule - (*TrafficPolicy)(nil), // 5: istio.networking.v1.TrafficPolicy - (*Subset)(nil), // 6: istio.networking.v1.Subset - (*LoadBalancerSettings)(nil), // 7: istio.networking.v1.LoadBalancerSettings - (*ConnectionPoolSettings)(nil), // 8: istio.networking.v1.ConnectionPoolSettings - (*OutlierDetection)(nil), // 9: istio.networking.v1.OutlierDetection - (*ClientTLSSettings)(nil), // 10: istio.networking.v1.ClientTLSSettings - (*LocalityLoadBalancerSetting)(nil), // 11: istio.networking.v1.LocalityLoadBalancerSetting - (*TrafficPolicy_PortTrafficPolicy)(nil), // 12: istio.networking.v1.TrafficPolicy.PortTrafficPolicy - (*TrafficPolicy_TunnelSettings)(nil), // 13: istio.networking.v1.TrafficPolicy.TunnelSettings - (*TrafficPolicy_ProxyProtocol)(nil), // 14: istio.networking.v1.TrafficPolicy.ProxyProtocol - nil, // 15: istio.networking.v1.Subset.LabelsEntry - (*LoadBalancerSettings_ConsistentHashLB)(nil), // 16: istio.networking.v1.LoadBalancerSettings.ConsistentHashLB - (*LoadBalancerSettings_ConsistentHashLB_RingHash)(nil), // 17: istio.networking.v1.LoadBalancerSettings.ConsistentHashLB.RingHash - (*LoadBalancerSettings_ConsistentHashLB_MagLev)(nil), // 18: istio.networking.v1.LoadBalancerSettings.ConsistentHashLB.MagLev - (*LoadBalancerSettings_ConsistentHashLB_HTTPCookie)(nil), // 19: istio.networking.v1.LoadBalancerSettings.ConsistentHashLB.HTTPCookie - (*ConnectionPoolSettings_TCPSettings)(nil), // 20: istio.networking.v1.ConnectionPoolSettings.TCPSettings - (*ConnectionPoolSettings_HTTPSettings)(nil), // 21: istio.networking.v1.ConnectionPoolSettings.HTTPSettings - (*ConnectionPoolSettings_TCPSettings_TcpKeepalive)(nil), // 22: istio.networking.v1.ConnectionPoolSettings.TCPSettings.TcpKeepalive - (*LocalityLoadBalancerSetting_Distribute)(nil), // 23: istio.networking.v1.LocalityLoadBalancerSetting.Distribute - (*LocalityLoadBalancerSetting_Failover)(nil), // 24: istio.networking.v1.LocalityLoadBalancerSetting.Failover - nil, // 25: istio.networking.v1.LocalityLoadBalancerSetting.Distribute.ToEntry - (*v1beta1.WorkloadSelector)(nil), // 26: istio.type.v1beta1.WorkloadSelector - (*duration.Duration)(nil), // 27: google.protobuf.Duration - (*wrappers.UInt32Value)(nil), // 28: google.protobuf.UInt32Value - (*wrappers.BoolValue)(nil), // 29: google.protobuf.BoolValue - (*PortSelector)(nil), // 30: istio.networking.v1.PortSelector -} -var file_networking_v1_destination_rule_proto_depIdxs = []int32{ - 5, // 0: istio.networking.v1.DestinationRule.traffic_policy:type_name -> istio.networking.v1.TrafficPolicy - 6, // 1: istio.networking.v1.DestinationRule.subsets:type_name -> istio.networking.v1.Subset - 26, // 2: istio.networking.v1.DestinationRule.workload_selector:type_name -> istio.type.v1beta1.WorkloadSelector - 7, // 3: istio.networking.v1.TrafficPolicy.load_balancer:type_name -> istio.networking.v1.LoadBalancerSettings - 8, // 4: istio.networking.v1.TrafficPolicy.connection_pool:type_name -> istio.networking.v1.ConnectionPoolSettings - 9, // 5: istio.networking.v1.TrafficPolicy.outlier_detection:type_name -> istio.networking.v1.OutlierDetection - 10, // 6: istio.networking.v1.TrafficPolicy.tls:type_name -> istio.networking.v1.ClientTLSSettings - 12, // 7: istio.networking.v1.TrafficPolicy.port_level_settings:type_name -> istio.networking.v1.TrafficPolicy.PortTrafficPolicy - 13, // 8: istio.networking.v1.TrafficPolicy.tunnel:type_name -> istio.networking.v1.TrafficPolicy.TunnelSettings - 14, // 9: istio.networking.v1.TrafficPolicy.proxy_protocol:type_name -> istio.networking.v1.TrafficPolicy.ProxyProtocol - 15, // 10: istio.networking.v1.Subset.labels:type_name -> istio.networking.v1.Subset.LabelsEntry - 5, // 11: istio.networking.v1.Subset.traffic_policy:type_name -> istio.networking.v1.TrafficPolicy - 1, // 12: istio.networking.v1.LoadBalancerSettings.simple:type_name -> istio.networking.v1.LoadBalancerSettings.SimpleLB - 16, // 13: istio.networking.v1.LoadBalancerSettings.consistent_hash:type_name -> istio.networking.v1.LoadBalancerSettings.ConsistentHashLB - 11, // 14: istio.networking.v1.LoadBalancerSettings.locality_lb_setting:type_name -> istio.networking.v1.LocalityLoadBalancerSetting - 27, // 15: istio.networking.v1.LoadBalancerSettings.warmup_duration_secs:type_name -> google.protobuf.Duration - 20, // 16: istio.networking.v1.ConnectionPoolSettings.tcp:type_name -> istio.networking.v1.ConnectionPoolSettings.TCPSettings - 21, // 17: istio.networking.v1.ConnectionPoolSettings.http:type_name -> istio.networking.v1.ConnectionPoolSettings.HTTPSettings - 28, // 18: istio.networking.v1.OutlierDetection.consecutive_local_origin_failures:type_name -> google.protobuf.UInt32Value - 28, // 19: istio.networking.v1.OutlierDetection.consecutive_gateway_errors:type_name -> google.protobuf.UInt32Value - 28, // 20: istio.networking.v1.OutlierDetection.consecutive_5xx_errors:type_name -> google.protobuf.UInt32Value - 27, // 21: istio.networking.v1.OutlierDetection.interval:type_name -> google.protobuf.Duration - 27, // 22: istio.networking.v1.OutlierDetection.base_ejection_time:type_name -> google.protobuf.Duration - 3, // 23: istio.networking.v1.ClientTLSSettings.mode:type_name -> istio.networking.v1.ClientTLSSettings.TLSmode - 29, // 24: istio.networking.v1.ClientTLSSettings.insecure_skip_verify:type_name -> google.protobuf.BoolValue - 23, // 25: istio.networking.v1.LocalityLoadBalancerSetting.distribute:type_name -> istio.networking.v1.LocalityLoadBalancerSetting.Distribute - 24, // 26: istio.networking.v1.LocalityLoadBalancerSetting.failover:type_name -> istio.networking.v1.LocalityLoadBalancerSetting.Failover - 29, // 27: istio.networking.v1.LocalityLoadBalancerSetting.enabled:type_name -> google.protobuf.BoolValue - 30, // 28: istio.networking.v1.TrafficPolicy.PortTrafficPolicy.port:type_name -> istio.networking.v1.PortSelector - 7, // 29: istio.networking.v1.TrafficPolicy.PortTrafficPolicy.load_balancer:type_name -> istio.networking.v1.LoadBalancerSettings - 8, // 30: istio.networking.v1.TrafficPolicy.PortTrafficPolicy.connection_pool:type_name -> istio.networking.v1.ConnectionPoolSettings - 9, // 31: istio.networking.v1.TrafficPolicy.PortTrafficPolicy.outlier_detection:type_name -> istio.networking.v1.OutlierDetection - 10, // 32: istio.networking.v1.TrafficPolicy.PortTrafficPolicy.tls:type_name -> istio.networking.v1.ClientTLSSettings - 0, // 33: istio.networking.v1.TrafficPolicy.ProxyProtocol.version:type_name -> istio.networking.v1.TrafficPolicy.ProxyProtocol.VERSION - 19, // 34: istio.networking.v1.LoadBalancerSettings.ConsistentHashLB.http_cookie:type_name -> istio.networking.v1.LoadBalancerSettings.ConsistentHashLB.HTTPCookie - 17, // 35: istio.networking.v1.LoadBalancerSettings.ConsistentHashLB.ring_hash:type_name -> istio.networking.v1.LoadBalancerSettings.ConsistentHashLB.RingHash - 18, // 36: istio.networking.v1.LoadBalancerSettings.ConsistentHashLB.maglev:type_name -> istio.networking.v1.LoadBalancerSettings.ConsistentHashLB.MagLev - 27, // 37: istio.networking.v1.LoadBalancerSettings.ConsistentHashLB.HTTPCookie.ttl:type_name -> google.protobuf.Duration - 27, // 38: istio.networking.v1.ConnectionPoolSettings.TCPSettings.connect_timeout:type_name -> google.protobuf.Duration - 22, // 39: istio.networking.v1.ConnectionPoolSettings.TCPSettings.tcp_keepalive:type_name -> istio.networking.v1.ConnectionPoolSettings.TCPSettings.TcpKeepalive - 27, // 40: istio.networking.v1.ConnectionPoolSettings.TCPSettings.max_connection_duration:type_name -> google.protobuf.Duration - 27, // 41: istio.networking.v1.ConnectionPoolSettings.TCPSettings.idle_timeout:type_name -> google.protobuf.Duration - 27, // 42: istio.networking.v1.ConnectionPoolSettings.HTTPSettings.idle_timeout:type_name -> google.protobuf.Duration - 2, // 43: istio.networking.v1.ConnectionPoolSettings.HTTPSettings.h2_upgrade_policy:type_name -> istio.networking.v1.ConnectionPoolSettings.HTTPSettings.H2UpgradePolicy - 27, // 44: istio.networking.v1.ConnectionPoolSettings.TCPSettings.TcpKeepalive.time:type_name -> google.protobuf.Duration - 27, // 45: istio.networking.v1.ConnectionPoolSettings.TCPSettings.TcpKeepalive.interval:type_name -> google.protobuf.Duration - 25, // 46: istio.networking.v1.LocalityLoadBalancerSetting.Distribute.to:type_name -> istio.networking.v1.LocalityLoadBalancerSetting.Distribute.ToEntry - 47, // [47:47] is the sub-list for method output_type - 47, // [47:47] is the sub-list for method input_type - 47, // [47:47] is the sub-list for extension type_name - 47, // [47:47] is the sub-list for extension extendee - 0, // [0:47] is the sub-list for field type_name -} - -func init() { file_networking_v1_destination_rule_proto_init() } -func file_networking_v1_destination_rule_proto_init() { - if File_networking_v1_destination_rule_proto != nil { - return - } - file_networking_v1_virtual_service_proto_init() - if !protoimpl.UnsafeEnabled { - file_networking_v1_destination_rule_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*DestinationRule); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_destination_rule_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TrafficPolicy); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_destination_rule_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Subset); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_destination_rule_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*LoadBalancerSettings); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_destination_rule_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ConnectionPoolSettings); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_destination_rule_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*OutlierDetection); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_destination_rule_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ClientTLSSettings); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_destination_rule_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*LocalityLoadBalancerSetting); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_destination_rule_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TrafficPolicy_PortTrafficPolicy); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_destination_rule_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TrafficPolicy_TunnelSettings); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_destination_rule_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TrafficPolicy_ProxyProtocol); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_destination_rule_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*LoadBalancerSettings_ConsistentHashLB); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_destination_rule_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*LoadBalancerSettings_ConsistentHashLB_RingHash); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_destination_rule_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*LoadBalancerSettings_ConsistentHashLB_MagLev); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_destination_rule_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*LoadBalancerSettings_ConsistentHashLB_HTTPCookie); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_destination_rule_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ConnectionPoolSettings_TCPSettings); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_destination_rule_proto_msgTypes[17].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ConnectionPoolSettings_HTTPSettings); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_destination_rule_proto_msgTypes[18].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ConnectionPoolSettings_TCPSettings_TcpKeepalive); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_destination_rule_proto_msgTypes[19].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*LocalityLoadBalancerSetting_Distribute); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_destination_rule_proto_msgTypes[20].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*LocalityLoadBalancerSetting_Failover); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - file_networking_v1_destination_rule_proto_msgTypes[3].OneofWrappers = []interface{}{ - (*LoadBalancerSettings_Simple)(nil), - (*LoadBalancerSettings_ConsistentHash)(nil), - } - file_networking_v1_destination_rule_proto_msgTypes[12].OneofWrappers = []interface{}{ - (*LoadBalancerSettings_ConsistentHashLB_HttpHeaderName)(nil), - (*LoadBalancerSettings_ConsistentHashLB_HttpCookie)(nil), - (*LoadBalancerSettings_ConsistentHashLB_UseSourceIp)(nil), - (*LoadBalancerSettings_ConsistentHashLB_HttpQueryParameterName)(nil), - (*LoadBalancerSettings_ConsistentHashLB_RingHash_)(nil), - (*LoadBalancerSettings_ConsistentHashLB_Maglev)(nil), - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_networking_v1_destination_rule_proto_rawDesc, - NumEnums: 4, - NumMessages: 22, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_networking_v1_destination_rule_proto_goTypes, - DependencyIndexes: file_networking_v1_destination_rule_proto_depIdxs, - EnumInfos: file_networking_v1_destination_rule_proto_enumTypes, - MessageInfos: file_networking_v1_destination_rule_proto_msgTypes, - }.Build() - File_networking_v1_destination_rule_proto = out.File - file_networking_v1_destination_rule_proto_rawDesc = nil - file_networking_v1_destination_rule_proto_goTypes = nil - file_networking_v1_destination_rule_proto_depIdxs = nil -} diff --git a/networking/v1/destination_rule.proto b/networking/v1/destination_rule.proto deleted file mode 100644 index b6c33310ec3..00000000000 --- a/networking/v1/destination_rule.proto +++ /dev/null @@ -1,1033 +0,0 @@ -// Copyright 2020 Istio Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -syntax = "proto3"; - -import "google/api/field_behavior.proto"; -import "google/protobuf/duration.proto"; -import "google/protobuf/wrappers.proto"; -import "networking/v1/virtual_service.proto"; -import "type/v1beta1/selector.proto"; - -// $schema: istio.networking.v1.DestinationRule -// $title: Destination Rule -// $description: Configuration affecting load balancing, outlier detection, etc. -// $location: https://istio.io/docs/reference/config/networking/destination-rule.html -// $aliases: [/docs/reference/config/networking/v1/destination-rule] -// $mode: none - -// `DestinationRule` defines policies that apply to traffic intended for a -// service after routing has occurred. These rules specify configuration -// for load balancing, connection pool size from the sidecar, and outlier -// detection settings to detect and evict unhealthy hosts from the load -// balancing pool. For example, a simple load balancing policy for the -// ratings service would look as follows: -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: DestinationRule -// metadata: -// name: bookinfo-ratings -// spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// loadBalancer: -// simple: LEAST_REQUEST -// ``` -// -// Version specific policies can be specified by defining a named -// `subset` and overriding the settings specified at the service level. The -// following rule uses a round robin load balancing policy for all traffic -// going to a subset named testversion that is composed of endpoints (e.g., -// pods) with labels (version:v3). -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: DestinationRule -// metadata: -// name: bookinfo-ratings -// spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// loadBalancer: -// simple: LEAST_REQUEST -// subsets: -// - name: testversion -// labels: -// version: v3 -// trafficPolicy: -// loadBalancer: -// simple: ROUND_ROBIN -// ``` -// -// **Note:** Policies specified for subsets will not take effect until -// a route rule explicitly sends traffic to this subset. -// -// Traffic policies can be customized to specific ports as well. The -// following rule uses the least connection load balancing policy for all -// traffic to port 80, while uses a round robin load balancing setting for -// traffic to the port 9080. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: DestinationRule -// metadata: -// name: bookinfo-ratings-port -// spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: # Apply to all ports -// portLevelSettings: -// - port: -// number: 80 -// loadBalancer: -// simple: LEAST_REQUEST -// - port: -// number: 9080 -// loadBalancer: -// simple: ROUND_ROBIN -// ``` -package istio.networking.v1; - -option go_package = "istio.io/api/networking/v1"; - -// DestinationRule defines policies that apply to traffic intended for a service -// after routing has occurred. -// -// -// -// -message DestinationRule { - // The name of a service from the service registry. Service - // names are looked up from the platform's service registry (e.g., - // Kubernetes services, Consul services, etc.) and from the hosts - // declared by [ServiceEntries](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry). Rules defined for - // services that do not exist in the service registry will be ignored. - // - // *Note for Kubernetes users*: When short names are used (e.g. "reviews" - // instead of "reviews.default.svc.cluster.local"), Istio will interpret - // the short name based on the namespace of the rule, not the service. A - // rule in the "default" namespace containing a host "reviews" will be - // interpreted as "reviews.default.svc.cluster.local", irrespective of - // the actual namespace associated with the reviews service. _To avoid - // potential misconfigurations, it is recommended to always use fully - // qualified domain names over short names._ - // - // Note that the host field applies to both HTTP and TCP services. - string host = 1 [(google.api.field_behavior) = REQUIRED]; - - // Traffic policies to apply (load balancing policy, connection pool - // sizes, outlier detection). - TrafficPolicy traffic_policy = 2; - - // One or more named sets that represent individual versions of a - // service. Traffic policies can be overridden at subset level. - repeated Subset subsets = 3; - - // A list of namespaces to which this destination rule is exported. - // The resolution of a destination rule to apply to a service occurs in the - // context of a hierarchy of namespaces. Exporting a destination rule allows - // it to be included in the resolution hierarchy for services in - // other namespaces. This feature provides a mechanism for service owners - // and mesh administrators to control the visibility of destination rules - // across namespace boundaries. - // - // If no namespaces are specified then the destination rule is exported to all - // namespaces by default. - // - // The value "." is reserved and defines an export to the same namespace that - // the destination rule is declared in. Similarly, the value "*" is reserved and - // defines an export to all namespaces. - repeated string export_to = 4; - // - // Criteria used to select the specific set of pods/VMs on which this - // `DestinationRule` configuration should be applied. If specified, the `DestinationRule` - // configuration will be applied only to the workload instances matching the workload selector - // label in the same namespace. Workload selectors do not apply across namespace boundaries. - // If omitted, the `DestinationRule` falls back to its default behavior. - // For example, if specific sidecars need to have egress TLS settings for services outside - // of the mesh, instead of every sidecar in the mesh needing to have the - // configuration (which is the default behaviour), a workload selector can be specified. - istio.type.v1beta1.WorkloadSelector workload_selector = 5; -} - -// Traffic policies to apply for a specific destination, across all -// destination ports. See DestinationRule for examples. -message TrafficPolicy { - // Settings controlling the load balancer algorithms. - LoadBalancerSettings load_balancer = 1; - - // Settings controlling the volume of connections to an upstream service - ConnectionPoolSettings connection_pool = 2; - - // Settings controlling eviction of unhealthy hosts from the load balancing pool - OutlierDetection outlier_detection = 3; - - // TLS related settings for connections to the upstream service. - ClientTLSSettings tls = 4; - - // Traffic policies that apply to specific ports of the service - message PortTrafficPolicy { - // Specifies the number of a port on the destination service - // on which this policy is being applied. - // - PortSelector port = 1; - - // Settings controlling the load balancer algorithms. - LoadBalancerSettings load_balancer = 2; - - // Settings controlling the volume of connections to an upstream service - ConnectionPoolSettings connection_pool = 3; - - // Settings controlling eviction of unhealthy hosts from the load balancing pool - OutlierDetection outlier_detection = 4; - - // TLS related settings for connections to the upstream service. - ClientTLSSettings tls = 5; - } - - // Traffic policies specific to individual ports. Note that port level - // settings will override the destination-level settings. Traffic - // settings specified at the destination-level will not be inherited when - // overridden by port-level settings, i.e. default values will be applied - // to fields omitted in port-level traffic policies. - repeated PortTrafficPolicy port_level_settings = 5; - - message TunnelSettings { - // Specifies which protocol to use for tunneling the downstream connection. - // Supported protocols are: - // CONNECT - uses HTTP CONNECT; - // POST - uses HTTP POST. - // CONNECT is used by default if not specified. - // HTTP version for upstream requests is determined by the service protocol defined for the proxy. - string protocol = 1; - - // Specifies a host to which the downstream connection is tunneled. - // Target host must be an FQDN or IP address. - string target_host = 2 [(google.api.field_behavior) = REQUIRED]; - - // Specifies a port to which the downstream connection is tunneled. - uint32 target_port = 3 [(google.api.field_behavior) = REQUIRED]; - } - - // Configuration of tunneling TCP over other transport or application layers - // for the host configured in the DestinationRule. - // Tunnel settings can be applied to TCP or TLS routes and can't be applied to HTTP routes. - TunnelSettings tunnel = 6; - - message ProxyProtocol { - enum VERSION { - // ⁣PROXY protocol version 1. Human readable format. - V1 = 0; - - // ⁣PROXY protocol version 2. Binary format. - V2 = 1; - }; - // The PROXY protocol version to use. See https://www.haproxy.org/download/2.1/doc/proxy-protocol.txt for details. - // By default it is `V1`. - VERSION version = 1; - } - - // The upstream PROXY protocol settings. - ProxyProtocol proxy_protocol = 7; -} - -// A subset of endpoints of a service. Subsets can be used for scenarios -// like A/B testing, or routing to a specific version of a service. Refer -// to [VirtualService](https://istio.io/docs/reference/config/networking/virtual-service/#VirtualService) documentation for examples of using -// subsets in these scenarios. In addition, traffic policies defined at the -// service-level can be overridden at a subset-level. The following rule -// uses a round robin load balancing policy for all traffic going to a -// subset named testversion that is composed of endpoints (e.g., pods) with -// labels (version:v3). -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: bookinfo-ratings -// spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// loadBalancer: -// simple: LEAST_REQUEST -// subsets: -// - name: testversion -// labels: -// version: v3 -// trafficPolicy: -// loadBalancer: -// simple: ROUND_ROBIN -// ``` -// -// **Note:** Policies specified for subsets will not take effect until -// a route rule explicitly sends traffic to this subset. -// -// One or more labels are typically required to identify the subset destination, -// however, when the corresponding DestinationRule represents a host that -// supports multiple SNI hosts (e.g., an egress gateway), a subset without labels -// may be meaningful. In this case a traffic policy with [ClientTLSSettings](#ClientTLSSettings) -// can be used to identify a specific SNI host corresponding to the named subset. -message Subset { - // Name of the subset. The service name and the subset name can - // be used for traffic splitting in a route rule. - string name = 1 [(google.api.field_behavior) = REQUIRED]; - - // Labels apply a filter over the endpoints of a service in the - // service registry. See route rules for examples of usage. - map labels = 2; - - // Traffic policies that apply to this subset. Subsets inherit the - // traffic policies specified at the DestinationRule level. Settings - // specified at the subset level will override the corresponding settings - // specified at the DestinationRule level. - TrafficPolicy traffic_policy = 3; -} - -// Load balancing policies to apply for a specific destination. See Envoy's -// load balancing -// [documentation](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancing) -// for more details. -// -// For example, the following rule uses a round robin load balancing policy -// for all traffic going to the ratings service. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: bookinfo-ratings -// spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// loadBalancer: -// simple: ROUND_ROBIN -// ``` -// -// The following example sets up sticky sessions for the ratings service -// hashing-based load balancer for the same ratings service using the -// the User cookie as the hash key. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: bookinfo-ratings -// spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// loadBalancer: -// consistentHash: -// httpCookie: -// name: user -// ttl: 0s -// ``` -// -message LoadBalancerSettings { - // Standard load balancing algorithms that require no tuning. - enum SimpleLB { - // No load balancing algorithm has been specified by the user. Istio - // will select an appropriate default. - UNSPECIFIED = 0; - - // Deprecated. Use LEAST_REQUEST instead. - LEAST_CONN = 1 [deprecated=true]; - - // The random load balancer selects a random healthy host. The random - // load balancer generally performs better than round robin if no health - // checking policy is configured. - RANDOM = 2; - - // This option will forward the connection to the original IP address - // requested by the caller without doing any form of load - // balancing. This option must be used with care. It is meant for - // advanced use cases. Refer to Original Destination load balancer in - // Envoy for further details. - PASSTHROUGH = 3; - - // A basic round robin load balancing policy. This is generally unsafe - // for many scenarios (e.g. when endpoint weighting is used) as it can - // overburden endpoints. In general, prefer to use LEAST_REQUEST as a - // drop-in replacement for ROUND_ROBIN. - ROUND_ROBIN = 4; - - // The least request load balancer spreads load across endpoints, favoring - // endpoints with the least outstanding requests. This is generally safer - // and outperforms ROUND_ROBIN in nearly all cases. Prefer to use - // LEAST_REQUEST as a drop-in replacement for ROUND_ROBIN. - LEAST_REQUEST = 5; - }; - - // Consistent Hash-based load balancing can be used to provide soft - // session affinity based on HTTP headers, cookies or other - // properties. The affinity to a particular destination host may be - // lost when one or more hosts are added/removed from the destination - // service. - // - // Note: consistent hashing is less reliable at maintaining affinity than common - // "sticky sessions" implementations, which often encode a specific destination in - // a cookie, ensuring affinity is maintained as long as the backend remains. - // With consistent hash, the guarantees are weaker; any host addition or removal can - // break affinity for `1/backends` requests. - // - // Warning: consistent hashing depends on each proxy having a consistent view of endpoints. - // This is not the case when locality load balancing is enabled. Locality load balancing - // and consistent hash will only work together when all proxies are in the same locality, - // or a high level load balancer handles locality affinity. - message ConsistentHashLB { - - message RingHash { - // The minimum number of virtual nodes to use for the hash - // ring. Defaults to 1024. Larger ring sizes result in more granular - // load distributions. If the number of hosts in the load balancing - // pool is larger than the ring size, each host will be assigned a - // single virtual node. - uint64 minimum_ring_size = 1; - }; - - message MagLev { - // The table size for Maglev hashing. This helps in controlling the - // disruption when the backend hosts change. - // Increasing the table size reduces the amount of disruption. - // The table size must be prime number less than 5000011. - // If it is not specified, the default is 65537. - uint64 table_size = 1; - }; - // Describes a HTTP cookie that will be used as the hash key for the - // Consistent Hash load balancer. - message HTTPCookie { - // Name of the cookie. - string name = 1 [(google.api.field_behavior) = REQUIRED]; - // Path to set for the cookie. - string path = 2; - // Lifetime of the cookie. If specified, a cookie with the TTL will be - // generated if the cookie is not present. If the TTL is present and zero, - // the generated cookie will be a session cookie. - google.protobuf.Duration ttl = 3; - }; - - // The hash key to use. - oneof hash_key { - // Hash based on a specific HTTP header. - string http_header_name = 1; - - // Hash based on HTTP cookie. - HTTPCookie http_cookie = 2; - - // Hash based on the source IP address. - // This is applicable for both TCP and HTTP connections. - bool use_source_ip = 3; - - // Hash based on a specific HTTP query parameter. - string http_query_parameter_name = 5; - }; - - // The hash algorithm to use. - // Please refer to https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#ring-hash - // and https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#maglev for - // considerations on choosing an algorithm. - // Defaults to RingHash if not specified. - oneof hash_algorithm { - // The ring/modulo hash load balancer implements consistent hashing to backend hosts. - RingHash ring_hash = 6; - // The Maglev load balancer implements consistent hashing to backend hosts. - MagLev maglev = 7; - }; - - // Deprecated. Use RingHash instead. - uint64 minimum_ring_size = 4 [deprecated=true]; - }; - - // (-- TODO: Enable Subset load balancing after moving to v2 API Also - // look into enabling Priotity based load balancing for spilling over - // from one priority pool to another. --) - - // Upstream load balancing policy. - oneof lb_policy { - SimpleLB simple = 1; - ConsistentHashLB consistent_hash = 2; - } - - // Locality load balancer settings, this will override mesh wide settings in entirety, meaning no merging would be performed - // between this object and the object one in MeshConfig - LocalityLoadBalancerSetting locality_lb_setting = 3; - - // Represents the warmup duration of Service. If set, the newly created endpoint of service - // remains in warmup mode starting from its creation time for the duration of this window and - // Istio progressively increases amount of traffic for that endpoint instead of sending proportional amount of traffic. - // This should be enabled for services that require warm up time to serve full production load with reasonable latency. - // Please note that this is most effective when few new endpoints come up like scale event in Kubernetes. When all the - // endpoints are relatively new like new deployment, this is not very effective as all endpoints end up getting same - // amount of requests. - // Currently this is only supported for ROUND_ROBIN and LEAST_REQUEST load balancers. - google.protobuf.Duration warmup_duration_secs = 4; -} - -// Connection pool settings for an upstream host. The settings apply to -// each individual host in the upstream service. See Envoy's [circuit -// breaker](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/circuit_breaking) -// for more details. Connection pool settings can be applied at the TCP -// level as well as at HTTP level. -// -// For example, the following rule sets a limit of 100 connections to redis -// service called myredissrv with a connect timeout of 30ms -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: bookinfo-redis -// spec: -// host: myredissrv.prod.svc.cluster.local -// trafficPolicy: -// connectionPool: -// tcp: -// maxConnections: 100 -// connectTimeout: 30ms -// tcpKeepalive: -// time: 7200s -// interval: 75s -// ``` -// -message ConnectionPoolSettings { - // Settings common to both HTTP and TCP upstream connections. - message TCPSettings { - // TCP keepalive. - message TcpKeepalive { - // Maximum number of keepalive probes to send without response before - // deciding the connection is dead. Default is to use the OS level configuration - // (unless overridden, Linux defaults to 9.) - uint32 probes = 1; - - // The time duration a connection needs to be idle before keep-alive - // probes start being sent. Default is to use the OS level configuration - // (unless overridden, Linux defaults to 7200s (ie 2 hours.) - google.protobuf.Duration time = 2; - - // The time duration between keep-alive probes. - // Default is to use the OS level configuration - // (unless overridden, Linux defaults to 75s.) - google.protobuf.Duration interval = 3; - }; - - // Maximum number of HTTP1 /TCP connections to a destination host. Default 2^32-1. - int32 max_connections = 1; - - // TCP connection timeout. format: - // 1h/1m/1s/1ms. MUST BE >=1ms. Default is 10s. - google.protobuf.Duration connect_timeout = 2; - - // If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. - TcpKeepalive tcp_keepalive = 3; - - // The maximum duration of a connection. The duration is defined as the period since a connection - // was established. If not set, there is no max duration. When max_connection_duration - // is reached the connection will be closed. Duration must be at least 1ms. - google.protobuf.Duration max_connection_duration = 4; - - // The idle timeout for TCP connections. - // The idle timeout is defined as the period in which there are no bytes sent or received on either - // the upstream or downstream connection. - // If not set, the default idle timeout is 1 hour. If set to 0s, the timeout will be disabled. - // Idle timeout is not configured per each cluster individually when weighted destinations are used, - // because idleTimeout is a property of a listener, not a cluster. In that case, idleTimeout - // specified in a destination rule for the first weighted route is configured in the listener, - // which means also for all weighted routes. - google.protobuf.Duration idle_timeout = 5; - }; - - // Settings applicable to HTTP1.1/HTTP2/GRPC connections. - message HTTPSettings { - // Maximum number of requests that will be queued while waiting for - // a ready connection pool connection. Default 2^32-1. - // Refer to https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/circuit_breaking - // under which conditions a new connection is created for HTTP2. - // Please note that this is applicable to both HTTP/1.1 and HTTP2. - int32 http1_max_pending_requests = 1; - - // Maximum number of active requests to a destination. Default 2^32-1. - // Please note that this is applicable to both HTTP/1.1 and HTTP2. - int32 http2_max_requests = 2; - - // Maximum number of requests per connection to a backend. Setting this - // parameter to 1 disables keep alive. Default 0, meaning "unlimited", - // up to 2^29. - int32 max_requests_per_connection = 3; - - // Maximum number of retries that can be outstanding to all hosts in a - // cluster at a given time. Defaults to 2^32-1. - int32 max_retries = 4; - - // The idle timeout for upstream connection pool connections. The idle timeout - // is defined as the period in which there are no active requests. - // If not set, the default is 1 hour. When the idle timeout is reached, - // the connection will be closed. If the connection is an HTTP/2 - // connection a drain sequence will occur prior to closing the connection. - // Note that request based timeouts mean that HTTP/2 PINGs will not - // keep the connection alive. Applies to both HTTP1.1 and HTTP2 connections. - google.protobuf.Duration idle_timeout = 5; - - // Policy for upgrading http1.1 connections to http2. - enum H2UpgradePolicy { - // Use the global default. - DEFAULT = 0; - // Do not upgrade the connection to http2. - // This opt-out option overrides the default. - DO_NOT_UPGRADE = 1; - // Upgrade the connection to http2. - // This opt-in option overrides the default. - UPGRADE = 2; - }; - // Specify if http1.1 connection should be upgraded to http2 for the associated destination. - H2UpgradePolicy h2_upgrade_policy = 6; - - // If set to true, client protocol will be preserved while initiating connection to backend. - // Note that when this is set to true, h2_upgrade_policy will be ineffective i.e. the client - // connections will not be upgraded to http2. - bool use_client_protocol = 7; - - // The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection. - // Defaults to 2^31-1. - int32 max_concurrent_streams = 8; - }; - - // Settings common to both HTTP and TCP upstream connections. - TCPSettings tcp = 1; - // HTTP connection pool settings. - HTTPSettings http = 2; -} - -// A Circuit breaker implementation that tracks the status of each -// individual host in the upstream service. Applicable to both HTTP and -// TCP services. For HTTP services, hosts that continually return 5xx -// errors for API calls are ejected from the pool for a pre-defined period -// of time. For TCP services, connection timeouts or connection -// failures to a given host counts as an error when measuring the -// consecutive errors metric. See Envoy's [outlier -// detection](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/outlier) -// for more details. -// -// The following rule sets a connection pool size of 100 HTTP1 connections -// with no more than 10 req/connection to the "reviews" service. In addition, -// it sets a limit of 1000 concurrent HTTP2 requests and configures upstream -// hosts to be scanned every 5 mins so that any host that fails 7 consecutive -// times with a 502, 503, or 504 error code will be ejected for 15 minutes. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: reviews-cb-policy -// spec: -// host: reviews.prod.svc.cluster.local -// trafficPolicy: -// connectionPool: -// tcp: -// maxConnections: 100 -// http: -// http2MaxRequests: 1000 -// maxRequestsPerConnection: 10 -// outlierDetection: -// consecutive5xxErrors: 7 -// interval: 5m -// baseEjectionTime: 15m -// ``` -// -message OutlierDetection { - // Number of errors before a host is ejected from the connection - // pool. Defaults to 5. When the upstream host is accessed over HTTP, a - // 502, 503, or 504 return code qualifies as an error. When the upstream host - // is accessed over an opaque TCP connection, connect timeouts and - // connection error/failure events qualify as an error. - // $hide_from_docs - int32 consecutive_errors = 1 [deprecated=true]; - - // Determines whether to distinguish local origin failures from external errors. If set to true - // consecutive_local_origin_failure is taken into account for outlier detection calculations. - // This should be used when you want to derive the outlier detection status based on the errors - // seen locally such as failure to connect, timeout while connecting etc. rather than the status code - // returned by upstream service. This is especially useful when the upstream service explicitly returns - // a 5xx for some requests and you want to ignore those responses from upstream service while determining - // the outlier detection status of a host. - // Defaults to false. - bool split_external_local_origin_errors = 8; - - // The number of consecutive locally originated failures before ejection - // occurs. Defaults to 5. Parameter takes effect only when split_external_local_origin_errors - // is set to true. - google.protobuf.UInt32Value consecutive_local_origin_failures = 9; - - // Number of gateway errors before a host is ejected from the connection pool. - // When the upstream host is accessed over HTTP, a 502, 503, or 504 return - // code qualifies as a gateway error. When the upstream host is accessed over - // an opaque TCP connection, connect timeouts and connection error/failure - // events qualify as a gateway error. - // This feature is disabled by default or when set to the value 0. - // - // Note that consecutive_gateway_errors and consecutive_5xx_errors can be - // used separately or together. Because the errors counted by - // consecutive_gateway_errors are also included in consecutive_5xx_errors, - // if the value of consecutive_gateway_errors is greater than or equal to - // the value of consecutive_5xx_errors, consecutive_gateway_errors will have - // no effect. - google.protobuf.UInt32Value consecutive_gateway_errors = 6; - - // Number of 5xx errors before a host is ejected from the connection pool. - // When the upstream host is accessed over an opaque TCP connection, connect - // timeouts, connection error/failure and request failure events qualify as a - // 5xx error. - // This feature defaults to 5 but can be disabled by setting the value to 0. - // - // Note that consecutive_gateway_errors and consecutive_5xx_errors can be - // used separately or together. Because the errors counted by - // consecutive_gateway_errors are also included in consecutive_5xx_errors, - // if the value of consecutive_gateway_errors is greater than or equal to - // the value of consecutive_5xx_errors, consecutive_gateway_errors will have - // no effect. - google.protobuf.UInt32Value consecutive_5xx_errors = 7; - - // Time interval between ejection sweep analysis. format: - // 1h/1m/1s/1ms. MUST BE >=1ms. Default is 10s. - google.protobuf.Duration interval = 2; - - // Minimum ejection duration. A host will remain ejected for a period - // equal to the product of minimum ejection duration and the number of - // times the host has been ejected. This technique allows the system to - // automatically increase the ejection period for unhealthy upstream - // servers. format: 1h/1m/1s/1ms. MUST BE >=1ms. Default is 30s. - google.protobuf.Duration base_ejection_time = 3; - - // Maximum % of hosts in the load balancing pool for the upstream - // service that can be ejected. Defaults to 10%. - int32 max_ejection_percent = 4; - - // Outlier detection will be enabled as long as the associated load balancing - // pool has at least min_health_percent hosts in healthy mode. When the - // percentage of healthy hosts in the load balancing pool drops below this - // threshold, outlier detection will be disabled and the proxy will load balance - // across all hosts in the pool (healthy and unhealthy). The threshold can be - // disabled by setting it to 0%. The default is 0% as it's not typically - // applicable in k8s environments with few pods per service. - int32 min_health_percent = 5; -} - -// SSL/TLS related settings for upstream connections. See Envoy's [TLS -// context](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto.html#common-tls-configuration) -// for more details. These settings are common to both HTTP and TCP upstreams. -// -// For example, the following rule configures a client to use mutual TLS -// for connections to upstream database cluster. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: db-mtls -// spec: -// host: mydbserver.prod.svc.cluster.local -// trafficPolicy: -// tls: -// mode: MUTUAL -// clientCertificate: /etc/certs/myclientcert.pem -// privateKey: /etc/certs/client_private_key.pem -// caCertificates: /etc/certs/rootcacerts.pem -// ``` -// -// The following rule configures a client to use TLS when talking to a -// foreign service whose domain matches *.foo.com. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: tls-foo -// spec: -// host: "*.foo.com" -// trafficPolicy: -// tls: -// mode: SIMPLE -// ``` -// -// The following rule configures a client to use Istio mutual TLS when talking -// to rating services. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: ratings-istio-mtls -// spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// tls: -// mode: ISTIO_MUTUAL -// ``` -// -message ClientTLSSettings { - // TLS connection mode - enum TLSmode { - // Do not setup a TLS connection to the upstream endpoint. - DISABLE = 0; - - // Originate a TLS connection to the upstream endpoint. - SIMPLE = 1; - - // Secure connections to the upstream using mutual TLS by presenting - // client certificates for authentication. - MUTUAL = 2; - - // Secure connections to the upstream using mutual TLS by presenting - // client certificates for authentication. - // Compared to Mutual mode, this mode uses certificates generated - // automatically by Istio for mTLS authentication. When this mode is - // used, all other fields in `ClientTLSSettings` should be empty. - ISTIO_MUTUAL = 3; - }; - - // Indicates whether connections to this port should be secured - // using TLS. The value of this field determines how TLS is enforced. - TLSmode mode = 1; - - // REQUIRED if mode is `MUTUAL`. The path to the file holding the - // client-side TLS certificate to use. - // Should be empty if mode is `ISTIO_MUTUAL`. - string client_certificate = 2; - - // REQUIRED if mode is `MUTUAL`. The path to the file holding the - // client's private key. - // Should be empty if mode is `ISTIO_MUTUAL`. - string private_key = 3; - - // OPTIONAL: The path to the file containing certificate authority - // certificates to use in verifying a presented server certificate. If - // omitted, the proxy will verify the server's certificate using - // the OS CA certificates. - // Should be empty if mode is `ISTIO_MUTUAL`. - string ca_certificates = 4; - - // The name of the secret that holds the TLS certs for the - // client including the CA certificates. This secret must exist in - // the namespace of the proxy using the certificates. - // An Opaque secret should contain the following keys and values: - // `key: `, `cert: `, `cacert: `, - // `crl: ` - // Here CACertificate is used to verify the server certificate. - // For mutual TLS, `cacert: ` can be provided in the - // same secret or a separate secret named `-cacert`. - // A TLS secret for client certificates with an additional - // `ca.crt` key for CA certificates and `ca.crl` key for - // certificate revocation list(CRL) is also supported. - // Only one of client certificates and CA certificate - // or credentialName can be specified. - // - // **NOTE:** This field is applicable at sidecars only if - // `DestinationRule` has a `workloadSelector` specified. - // Otherwise the field will be applicable only at gateways, and - // sidecars will continue to use the certificate paths. - string credential_name = 7; - - // A list of alternate names to verify the subject identity in the - // certificate. If specified, the proxy will verify that the server - // certificate's subject alt name matches one of the specified values. - // If specified, this list overrides the value of subject_alt_names - // from the ServiceEntry. If unspecified, automatic validation of upstream - // presented certificate for new upstream connections will be done based on the - // downstream HTTP host/authority header. - repeated string subject_alt_names = 5; - - // SNI string to present to the server during TLS handshake. - // If unspecified, SNI will be automatically set based on downstream HTTP - // host/authority header for SIMPLE and MUTUAL TLS modes. - string sni = 6; - - // `insecureSkipVerify` specifies whether the proxy should skip verifying the - // CA signature and SAN for the server certificate corresponding to the host. - // The default value of this field is false. - google.protobuf.BoolValue insecure_skip_verify = 8; - - // OPTIONAL: The path to the file containing the certificate revocation list (CRL) - // to use in verifying a presented server certificate. `CRL` is a list of certificates - // that have been revoked by the CA (Certificate Authority) before their scheduled expiration date. - // If specified, the proxy will verify if the presented certificate is part of the revoked list of certificates. - // If omitted, the proxy will not verify the certificate against the `crl`. - string ca_crl = 9; -} - -// Locality-weighted load balancing allows administrators to control the -// distribution of traffic to endpoints based on the localities of where the -// traffic originates and where it will terminate. These localities are -// specified using arbitrary labels that designate a hierarchy of localities in -// {region}/{zone}/{sub-zone} form. For additional detail refer to -// [Locality Weight](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/locality_weight) -// The following example shows how to setup locality weights mesh-wide. -// -// Given a mesh with workloads and their service deployed to "us-west/zone1/*" -// and "us-west/zone2/*". This example specifies that when traffic accessing a -// service originates from workloads in "us-west/zone1/*", 80% of the traffic -// will be sent to endpoints in "us-west/zone1/*", i.e the same zone, and the -// remaining 20% will go to endpoints in "us-west/zone2/*". This setup is -// intended to favor routing traffic to endpoints in the same locality. -// A similar setting is specified for traffic originating in "us-west/zone2/*". -// -// ```yaml -// distribute: -// - from: us-west/zone1/* -// to: -// "us-west/zone1/*": 80 -// "us-west/zone2/*": 20 -// - from: us-west/zone2/* -// to: -// "us-west/zone1/*": 20 -// "us-west/zone2/*": 80 -// ``` -// -// If the goal of the operator is not to distribute load across zones and -// regions but rather to restrict the regionality of failover to meet other -// operational requirements an operator can set a 'failover' policy instead of -// a 'distribute' policy. -// -// The following example sets up a locality failover policy for regions. -// Assume a service resides in zones within us-east, us-west & eu-west -// this example specifies that when endpoints within us-east become unhealthy -// traffic should failover to endpoints in any zone or sub-zone within eu-west -// and similarly us-west should failover to us-east. -// -// ```yaml -// failover: -// - from: us-east -// to: eu-west -// - from: us-west -// to: us-east -// ``` -// Locality load balancing settings. -message LocalityLoadBalancerSetting{ - // Describes how traffic originating in the 'from' zone or sub-zone is - // distributed over a set of 'to' zones. Syntax for specifying a zone is - // {region}/{zone}/{sub-zone} and terminal wildcards are allowed on any - // segment of the specification. Examples: - // - // `*` - matches all localities - // - // `us-west/*` - all zones and sub-zones within the us-west region - // - // `us-west/zone-1/*` - all sub-zones within us-west/zone-1 - message Distribute{ - // Originating locality, '/' separated, e.g. 'region/zone/sub_zone'. - string from = 1; - - // Map of upstream localities to traffic distribution weights. The sum of - // all weights should be 100. Any locality not present will - // receive no traffic. - map to = 2; - }; - - // Specify the traffic failover policy across regions. Since zone and sub-zone - // failover is supported by default this only needs to be specified for - // regions when the operator needs to constrain traffic failover so that - // the default behavior of failing over to any endpoint globally does not - // apply. This is useful when failing over traffic across regions would not - // improve service health or may need to be restricted for other reasons - // like regulatory controls. - message Failover{ - // Originating region. - string from = 1; - - // Destination region the traffic will fail over to when endpoints in - // the 'from' region becomes unhealthy. - string to = 2; - }; - - // Optional: only one of distribute, failover or failoverPriority can be set. - // Explicitly specify loadbalancing weight across different zones and geographical locations. - // Refer to [Locality weighted load balancing](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/locality_weight) - // If empty, the locality weight is set according to the endpoints number within it. - repeated Distribute distribute = 1; - - // Optional: only one of distribute, failover or failoverPriority can be set. - // Explicitly specify the region traffic will land on when endpoints in local region becomes unhealthy. - // Should be used together with OutlierDetection to detect unhealthy endpoints. - // Note: if no OutlierDetection specified, this will not take effect. - repeated Failover failover = 2; - - // failoverPriority is an ordered list of labels used to sort endpoints to do priority based load balancing. - // This is to support traffic failover across different groups of endpoints. - // Two kinds of labels can be specified: - // - Specify only label keys `[key1, key2, key3]`, istio would compare the label values of client with endpoints. - // Suppose there are total N label keys `[key1, key2, key3, ...keyN]` specified: - // - // 1. Endpoints matching all N labels with the client proxy have priority P(0) i.e. the highest priority. - // 2. Endpoints matching the first N-1 labels with the client proxy have priority P(1) i.e. second highest priority. - // 3. By extension of this logic, endpoints matching only the first label with the client proxy has priority P(N-1) i.e. second lowest priority. - // 4. All the other endpoints have priority P(N) i.e. lowest priority. - // - // - Specify labels with key and value `[key1=value1, key2=value2, key3=value3]`, istio would compare the labels with endpoints. - // Suppose there are total N labels `[key1=value1, key2=value2, key3=value3, ...keyN=valueN]` specified: - // - // 1. Endpoints matching all N labels have priority P(0) i.e. the highest priority. - // 2. Endpoints matching the first N-1 labels have priority P(1) i.e. second highest priority. - // 3. By extension of this logic, endpoints matching only the first label has priority P(N-1) i.e. second lowest priority. - // 4. All the other endpoints have priority P(N) i.e. lowest priority. - // - // Note: For a label to be considered for match, the previous labels must match, i.e. nth label would be considered matched only if first n-1 labels match. - // - // It can be any label specified on both client and server workloads. - // The following labels which have special semantic meaning are also supported: - // - // - `topology.istio.io/network` is used to match the network metadata of an endpoint, which can be specified by pod/namespace label `topology.istio.io/network`, sidecar env `ISTIO_META_NETWORK` or MeshNetworks. - // - `topology.istio.io/cluster` is used to match the clusterID of an endpoint, which can be specified by pod label `topology.istio.io/cluster` or pod env `ISTIO_META_CLUSTER_ID`. - // - `topology.kubernetes.io/region` is used to match the region metadata of an endpoint, which maps to Kubernetes node label `topology.kubernetes.io/region` or the deprecated label `failure-domain.beta.kubernetes.io/region`. - // - `topology.kubernetes.io/zone` is used to match the zone metadata of an endpoint, which maps to Kubernetes node label `topology.kubernetes.io/zone` or the deprecated label `failure-domain.beta.kubernetes.io/zone`. - // - `topology.istio.io/subzone` is used to match the subzone metadata of an endpoint, which maps to Istio node label `topology.istio.io/subzone`. - // - `kubernetes.io/hostname` is used to match the current node of an endpoint, which maps to Kubernetes node label `kubernetes.io/hostname`. - // - // The below topology config indicates the following priority levels: - // - // ```yaml - // failoverPriority: - // - "topology.istio.io/network" - // - "topology.kubernetes.io/region" - // - "topology.kubernetes.io/zone" - // - "topology.istio.io/subzone" - // ``` - // - // 1. endpoints match same [network, region, zone, subzone] label with the client proxy have the highest priority. - // 2. endpoints have same [network, region, zone] label but different [subzone] label with the client proxy have the second highest priority. - // 3. endpoints have same [network, region] label but different [zone] label with the client proxy have the third highest priority. - // 4. endpoints have same [network] but different [region] labels with the client proxy have the fourth highest priority. - // 5. all the other endpoints have the same lowest priority. - // - // Suppose a service associated endpoints reside in multi clusters, the below example represents: - // 1. endpoints in `clusterA` and has `version=v1` label have P(0) priority. - // 2. endpoints not in `clusterA` but has `version=v1` label have P(1) priority. - // 2. all the other endpoints have P(2) priority. - // - // ```yaml - // failoverPriority: - // - "version=v1" - // - "topology.istio.io/cluster=clusterA" - // ``` - // - // Optional: only one of distribute, failover or failoverPriority can be set. - // And it should be used together with `OutlierDetection` to detect unhealthy endpoints, otherwise has no effect. - repeated string failover_priority = 4; - - // enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety. - // e.g. true means that turn on locality load balancing for this DestinationRule no matter what mesh wide settings is. - google.protobuf.BoolValue enabled = 3; -} diff --git a/networking/v1/destination_rule_alias.gen.go b/networking/v1/destination_rule_alias.gen.go new file mode 100644 index 00000000000..b7eb8c7f38a --- /dev/null +++ b/networking/v1/destination_rule_alias.gen.go @@ -0,0 +1,60 @@ +// Code generated by protoc-gen-alias. DO NOT EDIT. +package v1 + +import "istio.io/api/networking/v1alpha3" + +type DestinationRule = v1alpha3.DestinationRule +type TrafficPolicy = v1alpha3.TrafficPolicy +type TrafficPolicy_PortTrafficPolicy = v1alpha3.TrafficPolicy_PortTrafficPolicy +type TrafficPolicy_TunnelSettings = v1alpha3.TrafficPolicy_TunnelSettings +type TrafficPolicy_ProxyProtocol = v1alpha3.TrafficPolicy_ProxyProtocol +type TrafficPolicy_ProxyProtocol_VERSION = v1alpha3.TrafficPolicy_ProxyProtocol_VERSION + +const TrafficPolicy_ProxyProtocol_V1 TrafficPolicy_ProxyProtocol_VERSION = v1alpha3.TrafficPolicy_ProxyProtocol_V1 +const TrafficPolicy_ProxyProtocol_V2 TrafficPolicy_ProxyProtocol_VERSION = v1alpha3.TrafficPolicy_ProxyProtocol_V2 + +type Subset = v1alpha3.Subset +type LoadBalancerSettings = v1alpha3.LoadBalancerSettings +type LoadBalancerSettings_ConsistentHashLB = v1alpha3.LoadBalancerSettings_ConsistentHashLB +type LoadBalancerSettings_ConsistentHashLB_RingHash = v1alpha3.LoadBalancerSettings_ConsistentHashLB_RingHash +type LoadBalancerSettings_ConsistentHashLB_MagLev = v1alpha3.LoadBalancerSettings_ConsistentHashLB_MagLev +type LoadBalancerSettings_ConsistentHashLB_HTTPCookie = v1alpha3.LoadBalancerSettings_ConsistentHashLB_HTTPCookie +type LoadBalancerSettings_ConsistentHashLB_HttpHeaderName = v1alpha3.LoadBalancerSettings_ConsistentHashLB_HttpHeaderName +type LoadBalancerSettings_ConsistentHashLB_HttpCookie = v1alpha3.LoadBalancerSettings_ConsistentHashLB_HttpCookie +type LoadBalancerSettings_ConsistentHashLB_UseSourceIp = v1alpha3.LoadBalancerSettings_ConsistentHashLB_UseSourceIp +type LoadBalancerSettings_ConsistentHashLB_HttpQueryParameterName = v1alpha3.LoadBalancerSettings_ConsistentHashLB_HttpQueryParameterName +type LoadBalancerSettings_ConsistentHashLB_RingHash_ = v1alpha3.LoadBalancerSettings_ConsistentHashLB_RingHash_ +type LoadBalancerSettings_ConsistentHashLB_Maglev = v1alpha3.LoadBalancerSettings_ConsistentHashLB_Maglev +type LoadBalancerSettings_SimpleLB = v1alpha3.LoadBalancerSettings_SimpleLB + +const LoadBalancerSettings_UNSPECIFIED LoadBalancerSettings_SimpleLB = v1alpha3.LoadBalancerSettings_UNSPECIFIED +const LoadBalancerSettings_LEAST_CONN LoadBalancerSettings_SimpleLB = v1alpha3.LoadBalancerSettings_LEAST_CONN +const LoadBalancerSettings_RANDOM LoadBalancerSettings_SimpleLB = v1alpha3.LoadBalancerSettings_RANDOM +const LoadBalancerSettings_PASSTHROUGH LoadBalancerSettings_SimpleLB = v1alpha3.LoadBalancerSettings_PASSTHROUGH +const LoadBalancerSettings_ROUND_ROBIN LoadBalancerSettings_SimpleLB = v1alpha3.LoadBalancerSettings_ROUND_ROBIN +const LoadBalancerSettings_LEAST_REQUEST LoadBalancerSettings_SimpleLB = v1alpha3.LoadBalancerSettings_LEAST_REQUEST + +type LoadBalancerSettings_Simple = v1alpha3.LoadBalancerSettings_Simple +type LoadBalancerSettings_ConsistentHash = v1alpha3.LoadBalancerSettings_ConsistentHash +type ConnectionPoolSettings = v1alpha3.ConnectionPoolSettings +type ConnectionPoolSettings_TCPSettings = v1alpha3.ConnectionPoolSettings_TCPSettings +type ConnectionPoolSettings_TCPSettings_TcpKeepalive = v1alpha3.ConnectionPoolSettings_TCPSettings_TcpKeepalive +type ConnectionPoolSettings_HTTPSettings = v1alpha3.ConnectionPoolSettings_HTTPSettings +type ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy = v1alpha3.ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy + +const ConnectionPoolSettings_HTTPSettings_DEFAULT ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy = v1alpha3.ConnectionPoolSettings_HTTPSettings_DEFAULT +const ConnectionPoolSettings_HTTPSettings_DO_NOT_UPGRADE ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy = v1alpha3.ConnectionPoolSettings_HTTPSettings_DO_NOT_UPGRADE +const ConnectionPoolSettings_HTTPSettings_UPGRADE ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy = v1alpha3.ConnectionPoolSettings_HTTPSettings_UPGRADE + +type OutlierDetection = v1alpha3.OutlierDetection +type ClientTLSSettings = v1alpha3.ClientTLSSettings +type ClientTLSSettings_TLSmode = v1alpha3.ClientTLSSettings_TLSmode + +const ClientTLSSettings_DISABLE ClientTLSSettings_TLSmode = v1alpha3.ClientTLSSettings_DISABLE +const ClientTLSSettings_SIMPLE ClientTLSSettings_TLSmode = v1alpha3.ClientTLSSettings_SIMPLE +const ClientTLSSettings_MUTUAL ClientTLSSettings_TLSmode = v1alpha3.ClientTLSSettings_MUTUAL +const ClientTLSSettings_ISTIO_MUTUAL ClientTLSSettings_TLSmode = v1alpha3.ClientTLSSettings_ISTIO_MUTUAL + +type LocalityLoadBalancerSetting = v1alpha3.LocalityLoadBalancerSetting +type LocalityLoadBalancerSetting_Distribute = v1alpha3.LocalityLoadBalancerSetting_Distribute +type LocalityLoadBalancerSetting_Failover = v1alpha3.LocalityLoadBalancerSetting_Failover diff --git a/networking/v1/destination_rule_deepcopy.gen.go b/networking/v1/destination_rule_deepcopy.gen.go deleted file mode 100644 index 766aa0142ff..00000000000 --- a/networking/v1/destination_rule_deepcopy.gen.go +++ /dev/null @@ -1,426 +0,0 @@ -// Code generated by protoc-gen-deepcopy. DO NOT EDIT. -package v1 - -import ( - proto "google.golang.org/protobuf/proto" -) - -// DeepCopyInto supports using DestinationRule within kubernetes types, where deepcopy-gen is used. -func (in *DestinationRule) DeepCopyInto(out *DestinationRule) { - p := proto.Clone(in).(*DestinationRule) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DestinationRule. Required by controller-gen. -func (in *DestinationRule) DeepCopy() *DestinationRule { - if in == nil { - return nil - } - out := new(DestinationRule) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new DestinationRule. Required by controller-gen. -func (in *DestinationRule) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using TrafficPolicy within kubernetes types, where deepcopy-gen is used. -func (in *TrafficPolicy) DeepCopyInto(out *TrafficPolicy) { - p := proto.Clone(in).(*TrafficPolicy) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrafficPolicy. Required by controller-gen. -func (in *TrafficPolicy) DeepCopy() *TrafficPolicy { - if in == nil { - return nil - } - out := new(TrafficPolicy) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new TrafficPolicy. Required by controller-gen. -func (in *TrafficPolicy) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using TrafficPolicy_PortTrafficPolicy within kubernetes types, where deepcopy-gen is used. -func (in *TrafficPolicy_PortTrafficPolicy) DeepCopyInto(out *TrafficPolicy_PortTrafficPolicy) { - p := proto.Clone(in).(*TrafficPolicy_PortTrafficPolicy) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrafficPolicy_PortTrafficPolicy. Required by controller-gen. -func (in *TrafficPolicy_PortTrafficPolicy) DeepCopy() *TrafficPolicy_PortTrafficPolicy { - if in == nil { - return nil - } - out := new(TrafficPolicy_PortTrafficPolicy) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new TrafficPolicy_PortTrafficPolicy. Required by controller-gen. -func (in *TrafficPolicy_PortTrafficPolicy) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using TrafficPolicy_TunnelSettings within kubernetes types, where deepcopy-gen is used. -func (in *TrafficPolicy_TunnelSettings) DeepCopyInto(out *TrafficPolicy_TunnelSettings) { - p := proto.Clone(in).(*TrafficPolicy_TunnelSettings) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrafficPolicy_TunnelSettings. Required by controller-gen. -func (in *TrafficPolicy_TunnelSettings) DeepCopy() *TrafficPolicy_TunnelSettings { - if in == nil { - return nil - } - out := new(TrafficPolicy_TunnelSettings) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new TrafficPolicy_TunnelSettings. Required by controller-gen. -func (in *TrafficPolicy_TunnelSettings) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using TrafficPolicy_ProxyProtocol within kubernetes types, where deepcopy-gen is used. -func (in *TrafficPolicy_ProxyProtocol) DeepCopyInto(out *TrafficPolicy_ProxyProtocol) { - p := proto.Clone(in).(*TrafficPolicy_ProxyProtocol) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrafficPolicy_ProxyProtocol. Required by controller-gen. -func (in *TrafficPolicy_ProxyProtocol) DeepCopy() *TrafficPolicy_ProxyProtocol { - if in == nil { - return nil - } - out := new(TrafficPolicy_ProxyProtocol) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new TrafficPolicy_ProxyProtocol. Required by controller-gen. -func (in *TrafficPolicy_ProxyProtocol) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using Subset within kubernetes types, where deepcopy-gen is used. -func (in *Subset) DeepCopyInto(out *Subset) { - p := proto.Clone(in).(*Subset) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Subset. Required by controller-gen. -func (in *Subset) DeepCopy() *Subset { - if in == nil { - return nil - } - out := new(Subset) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Subset. Required by controller-gen. -func (in *Subset) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using LoadBalancerSettings within kubernetes types, where deepcopy-gen is used. -func (in *LoadBalancerSettings) DeepCopyInto(out *LoadBalancerSettings) { - p := proto.Clone(in).(*LoadBalancerSettings) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerSettings. Required by controller-gen. -func (in *LoadBalancerSettings) DeepCopy() *LoadBalancerSettings { - if in == nil { - return nil - } - out := new(LoadBalancerSettings) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerSettings. Required by controller-gen. -func (in *LoadBalancerSettings) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using LoadBalancerSettings_ConsistentHashLB within kubernetes types, where deepcopy-gen is used. -func (in *LoadBalancerSettings_ConsistentHashLB) DeepCopyInto(out *LoadBalancerSettings_ConsistentHashLB) { - p := proto.Clone(in).(*LoadBalancerSettings_ConsistentHashLB) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerSettings_ConsistentHashLB. Required by controller-gen. -func (in *LoadBalancerSettings_ConsistentHashLB) DeepCopy() *LoadBalancerSettings_ConsistentHashLB { - if in == nil { - return nil - } - out := new(LoadBalancerSettings_ConsistentHashLB) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerSettings_ConsistentHashLB. Required by controller-gen. -func (in *LoadBalancerSettings_ConsistentHashLB) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using LoadBalancerSettings_ConsistentHashLB_RingHash within kubernetes types, where deepcopy-gen is used. -func (in *LoadBalancerSettings_ConsistentHashLB_RingHash) DeepCopyInto(out *LoadBalancerSettings_ConsistentHashLB_RingHash) { - p := proto.Clone(in).(*LoadBalancerSettings_ConsistentHashLB_RingHash) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerSettings_ConsistentHashLB_RingHash. Required by controller-gen. -func (in *LoadBalancerSettings_ConsistentHashLB_RingHash) DeepCopy() *LoadBalancerSettings_ConsistentHashLB_RingHash { - if in == nil { - return nil - } - out := new(LoadBalancerSettings_ConsistentHashLB_RingHash) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerSettings_ConsistentHashLB_RingHash. Required by controller-gen. -func (in *LoadBalancerSettings_ConsistentHashLB_RingHash) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using LoadBalancerSettings_ConsistentHashLB_MagLev within kubernetes types, where deepcopy-gen is used. -func (in *LoadBalancerSettings_ConsistentHashLB_MagLev) DeepCopyInto(out *LoadBalancerSettings_ConsistentHashLB_MagLev) { - p := proto.Clone(in).(*LoadBalancerSettings_ConsistentHashLB_MagLev) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerSettings_ConsistentHashLB_MagLev. Required by controller-gen. -func (in *LoadBalancerSettings_ConsistentHashLB_MagLev) DeepCopy() *LoadBalancerSettings_ConsistentHashLB_MagLev { - if in == nil { - return nil - } - out := new(LoadBalancerSettings_ConsistentHashLB_MagLev) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerSettings_ConsistentHashLB_MagLev. Required by controller-gen. -func (in *LoadBalancerSettings_ConsistentHashLB_MagLev) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using LoadBalancerSettings_ConsistentHashLB_HTTPCookie within kubernetes types, where deepcopy-gen is used. -func (in *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) DeepCopyInto(out *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) { - p := proto.Clone(in).(*LoadBalancerSettings_ConsistentHashLB_HTTPCookie) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerSettings_ConsistentHashLB_HTTPCookie. Required by controller-gen. -func (in *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) DeepCopy() *LoadBalancerSettings_ConsistentHashLB_HTTPCookie { - if in == nil { - return nil - } - out := new(LoadBalancerSettings_ConsistentHashLB_HTTPCookie) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerSettings_ConsistentHashLB_HTTPCookie. Required by controller-gen. -func (in *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using ConnectionPoolSettings within kubernetes types, where deepcopy-gen is used. -func (in *ConnectionPoolSettings) DeepCopyInto(out *ConnectionPoolSettings) { - p := proto.Clone(in).(*ConnectionPoolSettings) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionPoolSettings. Required by controller-gen. -func (in *ConnectionPoolSettings) DeepCopy() *ConnectionPoolSettings { - if in == nil { - return nil - } - out := new(ConnectionPoolSettings) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionPoolSettings. Required by controller-gen. -func (in *ConnectionPoolSettings) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using ConnectionPoolSettings_TCPSettings within kubernetes types, where deepcopy-gen is used. -func (in *ConnectionPoolSettings_TCPSettings) DeepCopyInto(out *ConnectionPoolSettings_TCPSettings) { - p := proto.Clone(in).(*ConnectionPoolSettings_TCPSettings) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionPoolSettings_TCPSettings. Required by controller-gen. -func (in *ConnectionPoolSettings_TCPSettings) DeepCopy() *ConnectionPoolSettings_TCPSettings { - if in == nil { - return nil - } - out := new(ConnectionPoolSettings_TCPSettings) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionPoolSettings_TCPSettings. Required by controller-gen. -func (in *ConnectionPoolSettings_TCPSettings) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using ConnectionPoolSettings_TCPSettings_TcpKeepalive within kubernetes types, where deepcopy-gen is used. -func (in *ConnectionPoolSettings_TCPSettings_TcpKeepalive) DeepCopyInto(out *ConnectionPoolSettings_TCPSettings_TcpKeepalive) { - p := proto.Clone(in).(*ConnectionPoolSettings_TCPSettings_TcpKeepalive) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionPoolSettings_TCPSettings_TcpKeepalive. Required by controller-gen. -func (in *ConnectionPoolSettings_TCPSettings_TcpKeepalive) DeepCopy() *ConnectionPoolSettings_TCPSettings_TcpKeepalive { - if in == nil { - return nil - } - out := new(ConnectionPoolSettings_TCPSettings_TcpKeepalive) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionPoolSettings_TCPSettings_TcpKeepalive. Required by controller-gen. -func (in *ConnectionPoolSettings_TCPSettings_TcpKeepalive) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using ConnectionPoolSettings_HTTPSettings within kubernetes types, where deepcopy-gen is used. -func (in *ConnectionPoolSettings_HTTPSettings) DeepCopyInto(out *ConnectionPoolSettings_HTTPSettings) { - p := proto.Clone(in).(*ConnectionPoolSettings_HTTPSettings) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionPoolSettings_HTTPSettings. Required by controller-gen. -func (in *ConnectionPoolSettings_HTTPSettings) DeepCopy() *ConnectionPoolSettings_HTTPSettings { - if in == nil { - return nil - } - out := new(ConnectionPoolSettings_HTTPSettings) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionPoolSettings_HTTPSettings. Required by controller-gen. -func (in *ConnectionPoolSettings_HTTPSettings) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using OutlierDetection within kubernetes types, where deepcopy-gen is used. -func (in *OutlierDetection) DeepCopyInto(out *OutlierDetection) { - p := proto.Clone(in).(*OutlierDetection) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OutlierDetection. Required by controller-gen. -func (in *OutlierDetection) DeepCopy() *OutlierDetection { - if in == nil { - return nil - } - out := new(OutlierDetection) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new OutlierDetection. Required by controller-gen. -func (in *OutlierDetection) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using ClientTLSSettings within kubernetes types, where deepcopy-gen is used. -func (in *ClientTLSSettings) DeepCopyInto(out *ClientTLSSettings) { - p := proto.Clone(in).(*ClientTLSSettings) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientTLSSettings. Required by controller-gen. -func (in *ClientTLSSettings) DeepCopy() *ClientTLSSettings { - if in == nil { - return nil - } - out := new(ClientTLSSettings) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ClientTLSSettings. Required by controller-gen. -func (in *ClientTLSSettings) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using LocalityLoadBalancerSetting within kubernetes types, where deepcopy-gen is used. -func (in *LocalityLoadBalancerSetting) DeepCopyInto(out *LocalityLoadBalancerSetting) { - p := proto.Clone(in).(*LocalityLoadBalancerSetting) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalityLoadBalancerSetting. Required by controller-gen. -func (in *LocalityLoadBalancerSetting) DeepCopy() *LocalityLoadBalancerSetting { - if in == nil { - return nil - } - out := new(LocalityLoadBalancerSetting) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new LocalityLoadBalancerSetting. Required by controller-gen. -func (in *LocalityLoadBalancerSetting) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using LocalityLoadBalancerSetting_Distribute within kubernetes types, where deepcopy-gen is used. -func (in *LocalityLoadBalancerSetting_Distribute) DeepCopyInto(out *LocalityLoadBalancerSetting_Distribute) { - p := proto.Clone(in).(*LocalityLoadBalancerSetting_Distribute) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalityLoadBalancerSetting_Distribute. Required by controller-gen. -func (in *LocalityLoadBalancerSetting_Distribute) DeepCopy() *LocalityLoadBalancerSetting_Distribute { - if in == nil { - return nil - } - out := new(LocalityLoadBalancerSetting_Distribute) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new LocalityLoadBalancerSetting_Distribute. Required by controller-gen. -func (in *LocalityLoadBalancerSetting_Distribute) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using LocalityLoadBalancerSetting_Failover within kubernetes types, where deepcopy-gen is used. -func (in *LocalityLoadBalancerSetting_Failover) DeepCopyInto(out *LocalityLoadBalancerSetting_Failover) { - p := proto.Clone(in).(*LocalityLoadBalancerSetting_Failover) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalityLoadBalancerSetting_Failover. Required by controller-gen. -func (in *LocalityLoadBalancerSetting_Failover) DeepCopy() *LocalityLoadBalancerSetting_Failover { - if in == nil { - return nil - } - out := new(LocalityLoadBalancerSetting_Failover) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new LocalityLoadBalancerSetting_Failover. Required by controller-gen. -func (in *LocalityLoadBalancerSetting_Failover) DeepCopyInterface() interface{} { - return in.DeepCopy() -} diff --git a/networking/v1/destination_rule_json.gen.go b/networking/v1/destination_rule_json.gen.go deleted file mode 100644 index 1938d7e42cc..00000000000 --- a/networking/v1/destination_rule_json.gen.go +++ /dev/null @@ -1,232 +0,0 @@ -// Code generated by protoc-gen-jsonshim. DO NOT EDIT. -package v1 - -import ( - bytes "bytes" - jsonpb "github.com/golang/protobuf/jsonpb" -) - -// MarshalJSON is a custom marshaler for DestinationRule -func (this *DestinationRule) MarshalJSON() ([]byte, error) { - str, err := DestinationRuleMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for DestinationRule -func (this *DestinationRule) UnmarshalJSON(b []byte) error { - return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for TrafficPolicy -func (this *TrafficPolicy) MarshalJSON() ([]byte, error) { - str, err := DestinationRuleMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for TrafficPolicy -func (this *TrafficPolicy) UnmarshalJSON(b []byte) error { - return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for TrafficPolicy_PortTrafficPolicy -func (this *TrafficPolicy_PortTrafficPolicy) MarshalJSON() ([]byte, error) { - str, err := DestinationRuleMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for TrafficPolicy_PortTrafficPolicy -func (this *TrafficPolicy_PortTrafficPolicy) UnmarshalJSON(b []byte) error { - return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for TrafficPolicy_TunnelSettings -func (this *TrafficPolicy_TunnelSettings) MarshalJSON() ([]byte, error) { - str, err := DestinationRuleMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for TrafficPolicy_TunnelSettings -func (this *TrafficPolicy_TunnelSettings) UnmarshalJSON(b []byte) error { - return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for TrafficPolicy_ProxyProtocol -func (this *TrafficPolicy_ProxyProtocol) MarshalJSON() ([]byte, error) { - str, err := DestinationRuleMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for TrafficPolicy_ProxyProtocol -func (this *TrafficPolicy_ProxyProtocol) UnmarshalJSON(b []byte) error { - return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for Subset -func (this *Subset) MarshalJSON() ([]byte, error) { - str, err := DestinationRuleMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for Subset -func (this *Subset) UnmarshalJSON(b []byte) error { - return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for LoadBalancerSettings -func (this *LoadBalancerSettings) MarshalJSON() ([]byte, error) { - str, err := DestinationRuleMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for LoadBalancerSettings -func (this *LoadBalancerSettings) UnmarshalJSON(b []byte) error { - return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for LoadBalancerSettings_ConsistentHashLB -func (this *LoadBalancerSettings_ConsistentHashLB) MarshalJSON() ([]byte, error) { - str, err := DestinationRuleMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for LoadBalancerSettings_ConsistentHashLB -func (this *LoadBalancerSettings_ConsistentHashLB) UnmarshalJSON(b []byte) error { - return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for LoadBalancerSettings_ConsistentHashLB_RingHash -func (this *LoadBalancerSettings_ConsistentHashLB_RingHash) MarshalJSON() ([]byte, error) { - str, err := DestinationRuleMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for LoadBalancerSettings_ConsistentHashLB_RingHash -func (this *LoadBalancerSettings_ConsistentHashLB_RingHash) UnmarshalJSON(b []byte) error { - return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for LoadBalancerSettings_ConsistentHashLB_MagLev -func (this *LoadBalancerSettings_ConsistentHashLB_MagLev) MarshalJSON() ([]byte, error) { - str, err := DestinationRuleMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for LoadBalancerSettings_ConsistentHashLB_MagLev -func (this *LoadBalancerSettings_ConsistentHashLB_MagLev) UnmarshalJSON(b []byte) error { - return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for LoadBalancerSettings_ConsistentHashLB_HTTPCookie -func (this *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) MarshalJSON() ([]byte, error) { - str, err := DestinationRuleMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for LoadBalancerSettings_ConsistentHashLB_HTTPCookie -func (this *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) UnmarshalJSON(b []byte) error { - return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for ConnectionPoolSettings -func (this *ConnectionPoolSettings) MarshalJSON() ([]byte, error) { - str, err := DestinationRuleMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for ConnectionPoolSettings -func (this *ConnectionPoolSettings) UnmarshalJSON(b []byte) error { - return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for ConnectionPoolSettings_TCPSettings -func (this *ConnectionPoolSettings_TCPSettings) MarshalJSON() ([]byte, error) { - str, err := DestinationRuleMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for ConnectionPoolSettings_TCPSettings -func (this *ConnectionPoolSettings_TCPSettings) UnmarshalJSON(b []byte) error { - return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for ConnectionPoolSettings_TCPSettings_TcpKeepalive -func (this *ConnectionPoolSettings_TCPSettings_TcpKeepalive) MarshalJSON() ([]byte, error) { - str, err := DestinationRuleMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for ConnectionPoolSettings_TCPSettings_TcpKeepalive -func (this *ConnectionPoolSettings_TCPSettings_TcpKeepalive) UnmarshalJSON(b []byte) error { - return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for ConnectionPoolSettings_HTTPSettings -func (this *ConnectionPoolSettings_HTTPSettings) MarshalJSON() ([]byte, error) { - str, err := DestinationRuleMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for ConnectionPoolSettings_HTTPSettings -func (this *ConnectionPoolSettings_HTTPSettings) UnmarshalJSON(b []byte) error { - return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for OutlierDetection -func (this *OutlierDetection) MarshalJSON() ([]byte, error) { - str, err := DestinationRuleMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for OutlierDetection -func (this *OutlierDetection) UnmarshalJSON(b []byte) error { - return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for ClientTLSSettings -func (this *ClientTLSSettings) MarshalJSON() ([]byte, error) { - str, err := DestinationRuleMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for ClientTLSSettings -func (this *ClientTLSSettings) UnmarshalJSON(b []byte) error { - return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for LocalityLoadBalancerSetting -func (this *LocalityLoadBalancerSetting) MarshalJSON() ([]byte, error) { - str, err := DestinationRuleMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for LocalityLoadBalancerSetting -func (this *LocalityLoadBalancerSetting) UnmarshalJSON(b []byte) error { - return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for LocalityLoadBalancerSetting_Distribute -func (this *LocalityLoadBalancerSetting_Distribute) MarshalJSON() ([]byte, error) { - str, err := DestinationRuleMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for LocalityLoadBalancerSetting_Distribute -func (this *LocalityLoadBalancerSetting_Distribute) UnmarshalJSON(b []byte) error { - return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for LocalityLoadBalancerSetting_Failover -func (this *LocalityLoadBalancerSetting_Failover) MarshalJSON() ([]byte, error) { - str, err := DestinationRuleMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for LocalityLoadBalancerSetting_Failover -func (this *LocalityLoadBalancerSetting_Failover) UnmarshalJSON(b []byte) error { - return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -var ( - DestinationRuleMarshaler = &jsonpb.Marshaler{} - DestinationRuleUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} -) diff --git a/networking/v1/gateway.pb.go b/networking/v1/gateway.pb.go deleted file mode 100644 index 2a3a2b288d1..00000000000 --- a/networking/v1/gateway.pb.go +++ /dev/null @@ -1,1167 +0,0 @@ -// Copyright 2020 Istio Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.33.0 -// protoc (unknown) -// source: networking/v1/gateway.proto - -// $schema: istio.networking.v1.Gateway -// $title: Gateway -// $description: Configuration affecting edge load balancer. -// $location: https://istio.io/docs/reference/config/networking/gateway.html -// $aliases: [/docs/reference/config/networking/v1/gateway] -// $mode: none - -// `Gateway` describes a load balancer operating at the edge of the mesh -// receiving incoming or outgoing HTTP/TCP connections. The specification -// describes a set of ports that should be exposed, the type of protocol to -// use, SNI configuration for the load balancer, etc. -// -// For example, the following Gateway configuration sets up a proxy to act -// as a load balancer exposing port 80 and 9080 (http), 443 (https), -// 9443(https) and port 2379 (TCP) for ingress. The gateway will be -// applied to the proxy running on a pod with labels `app: -// my-gateway-controller`. While Istio will configure the proxy to listen -// on these ports, it is the responsibility of the user to ensure that -// external traffic to these ports are allowed into the mesh. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: Gateway -// metadata: -// name: my-gateway -// namespace: some-config-namespace -// spec: -// selector: -// app: my-gateway-controller -// servers: -// - port: -// number: 80 -// name: http -// protocol: HTTP -// hosts: -// - uk.bookinfo.com -// - eu.bookinfo.com -// tls: -// httpsRedirect: true # sends 301 redirect for http requests -// - port: -// number: 443 -// name: https-443 -// protocol: HTTPS -// hosts: -// - uk.bookinfo.com -// - eu.bookinfo.com -// tls: -// mode: SIMPLE # enables HTTPS on this port -// serverCertificate: /etc/certs/servercert.pem -// privateKey: /etc/certs/privatekey.pem -// - port: -// number: 9443 -// name: https-9443 -// protocol: HTTPS -// hosts: -// - "bookinfo-namespace/*.bookinfo.com" -// tls: -// mode: SIMPLE # enables HTTPS on this port -// credentialName: bookinfo-secret # fetches certs from Kubernetes secret -// - port: -// number: 9080 -// name: http-wildcard -// protocol: HTTP -// hosts: -// - "*" -// - port: -// number: 2379 # to expose internal service via external port 2379 -// name: mongo -// protocol: MONGO -// hosts: -// - "*" -// ``` -// -// The Gateway specification above describes the L4-L6 properties of a load -// balancer. A `VirtualService` can then be bound to a gateway to control -// the forwarding of traffic arriving at a particular host or gateway port. -// -// For example, the following VirtualService splits traffic for -// `https://uk.bookinfo.com/reviews`, `https://eu.bookinfo.com/reviews`, -// `http://uk.bookinfo.com:9080/reviews`, -// `http://eu.bookinfo.com:9080/reviews` into two versions (prod and qa) of -// an internal reviews service on port 9080. In addition, requests -// containing the cookie "user: dev-123" will be sent to special port 7777 -// in the qa version. The same rule is also applicable inside the mesh for -// requests to the "reviews.prod.svc.cluster.local" service. This rule is -// applicable across ports 443, 9080. Note that `http://uk.bookinfo.com` -// gets redirected to `https://uk.bookinfo.com` (i.e. 80 redirects to 443). -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: VirtualService -// metadata: -// name: bookinfo-rule -// namespace: bookinfo-namespace -// spec: -// hosts: -// - reviews.prod.svc.cluster.local -// - uk.bookinfo.com -// - eu.bookinfo.com -// gateways: -// - some-config-namespace/my-gateway -// - mesh # applies to all the sidecars in the mesh -// http: -// - match: -// - headers: -// cookie: -// exact: "user=dev-123" -// route: -// - destination: -// port: -// number: 7777 -// host: reviews.qa.svc.cluster.local -// - match: -// - uri: -// prefix: /reviews/ -// route: -// - destination: -// port: -// number: 9080 # can be omitted if it's the only port for reviews -// host: reviews.prod.svc.cluster.local -// weight: 80 -// - destination: -// host: reviews.qa.svc.cluster.local -// weight: 20 -// ``` -// -// The following VirtualService forwards traffic arriving at (external) -// port 27017 to internal Mongo server on port 5555. This rule is not -// applicable internally in the mesh as the gateway list omits the -// reserved name `mesh`. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: VirtualService -// metadata: -// name: bookinfo-mongo -// namespace: bookinfo-namespace -// spec: -// hosts: -// - mongosvr.prod.svc.cluster.local # name of internal Mongo service -// gateways: -// - some-config-namespace/my-gateway # can omit the namespace if gateway is in same namespace as virtual service. -// tcp: -// - match: -// - port: 27017 -// route: -// - destination: -// host: mongo.prod.svc.cluster.local -// port: -// number: 5555 -// ``` -// -// It is possible to restrict the set of virtual services that can bind to -// a gateway server using the namespace/hostname syntax in the hosts field. -// For example, the following Gateway allows any virtual service in the ns1 -// namespace to bind to it, while restricting only the virtual service with -// foo.bar.com host in the ns2 namespace to bind to it. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: Gateway -// metadata: -// name: my-gateway -// namespace: some-config-namespace -// spec: -// selector: -// app: my-gateway-controller -// servers: -// - port: -// number: 80 -// name: http -// protocol: HTTP -// hosts: -// - "ns1/*" -// - "ns2/foo.bar.com" -// ``` - -package v1 - -import ( - _ "google.golang.org/genproto/googleapis/api/annotations" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// TLS modes enforced by the proxy -type ServerTLSSettings_TLSmode int32 - -const ( - // The SNI string presented by the client will be used as the - // match criterion in a VirtualService TLS route to determine - // the destination service from the service registry. - ServerTLSSettings_PASSTHROUGH ServerTLSSettings_TLSmode = 0 - // Secure connections with standard TLS semantics. In this mode - // client certificate is not requested during handshake. - ServerTLSSettings_SIMPLE ServerTLSSettings_TLSmode = 1 - // Secure connections to the downstream using mutual TLS by - // presenting server certificates for authentication. - // A client certificate will also be requested during the handshake and - // at least one valid certificate is required to be sent by the client. - ServerTLSSettings_MUTUAL ServerTLSSettings_TLSmode = 2 - // Similar to the passthrough mode, except servers with this TLS - // mode do not require an associated VirtualService to map from - // the SNI value to service in the registry. The destination - // details such as the service/subset/port are encoded in the - // SNI value. The proxy will forward to the upstream (Envoy) - // cluster (a group of endpoints) specified by the SNI - // value. This server is typically used to provide connectivity - // between services in disparate L3 networks that otherwise do - // not have direct connectivity between their respective - // endpoints. Use of this mode assumes that both the source and - // the destination are using Istio mTLS to secure traffic. - ServerTLSSettings_AUTO_PASSTHROUGH ServerTLSSettings_TLSmode = 3 - // Secure connections from the downstream using mutual TLS by - // presenting server certificates for authentication. Compared - // to Mutual mode, this mode uses certificates, representing - // gateway workload identity, generated automatically by Istio - // for mTLS authentication. When this mode is used, all other - // fields in `TLSOptions` should be empty. - ServerTLSSettings_ISTIO_MUTUAL ServerTLSSettings_TLSmode = 4 - // Similar to MUTUAL mode, except that the client certificate - // is optional. Unlike SIMPLE mode, A client certificate will - // still be explicitly requested during handshake, but the client - // is not required to send a certificate. If a client certificate - // is presented, it will be validated. ca_certificates should - // be specified for validating client certificates. - ServerTLSSettings_OPTIONAL_MUTUAL ServerTLSSettings_TLSmode = 5 -) - -// Enum value maps for ServerTLSSettings_TLSmode. -var ( - ServerTLSSettings_TLSmode_name = map[int32]string{ - 0: "PASSTHROUGH", - 1: "SIMPLE", - 2: "MUTUAL", - 3: "AUTO_PASSTHROUGH", - 4: "ISTIO_MUTUAL", - 5: "OPTIONAL_MUTUAL", - } - ServerTLSSettings_TLSmode_value = map[string]int32{ - "PASSTHROUGH": 0, - "SIMPLE": 1, - "MUTUAL": 2, - "AUTO_PASSTHROUGH": 3, - "ISTIO_MUTUAL": 4, - "OPTIONAL_MUTUAL": 5, - } -) - -func (x ServerTLSSettings_TLSmode) Enum() *ServerTLSSettings_TLSmode { - p := new(ServerTLSSettings_TLSmode) - *p = x - return p -} - -func (x ServerTLSSettings_TLSmode) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (ServerTLSSettings_TLSmode) Descriptor() protoreflect.EnumDescriptor { - return file_networking_v1_gateway_proto_enumTypes[0].Descriptor() -} - -func (ServerTLSSettings_TLSmode) Type() protoreflect.EnumType { - return &file_networking_v1_gateway_proto_enumTypes[0] -} - -func (x ServerTLSSettings_TLSmode) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use ServerTLSSettings_TLSmode.Descriptor instead. -func (ServerTLSSettings_TLSmode) EnumDescriptor() ([]byte, []int) { - return file_networking_v1_gateway_proto_rawDescGZIP(), []int{3, 0} -} - -// TLS protocol versions. -type ServerTLSSettings_TLSProtocol int32 - -const ( - // Automatically choose the optimal TLS version. - ServerTLSSettings_TLS_AUTO ServerTLSSettings_TLSProtocol = 0 - // TLS version 1.0 - ServerTLSSettings_TLSV1_0 ServerTLSSettings_TLSProtocol = 1 - // TLS version 1.1 - ServerTLSSettings_TLSV1_1 ServerTLSSettings_TLSProtocol = 2 - // TLS version 1.2 - ServerTLSSettings_TLSV1_2 ServerTLSSettings_TLSProtocol = 3 - // TLS version 1.3 - ServerTLSSettings_TLSV1_3 ServerTLSSettings_TLSProtocol = 4 -) - -// Enum value maps for ServerTLSSettings_TLSProtocol. -var ( - ServerTLSSettings_TLSProtocol_name = map[int32]string{ - 0: "TLS_AUTO", - 1: "TLSV1_0", - 2: "TLSV1_1", - 3: "TLSV1_2", - 4: "TLSV1_3", - } - ServerTLSSettings_TLSProtocol_value = map[string]int32{ - "TLS_AUTO": 0, - "TLSV1_0": 1, - "TLSV1_1": 2, - "TLSV1_2": 3, - "TLSV1_3": 4, - } -) - -func (x ServerTLSSettings_TLSProtocol) Enum() *ServerTLSSettings_TLSProtocol { - p := new(ServerTLSSettings_TLSProtocol) - *p = x - return p -} - -func (x ServerTLSSettings_TLSProtocol) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (ServerTLSSettings_TLSProtocol) Descriptor() protoreflect.EnumDescriptor { - return file_networking_v1_gateway_proto_enumTypes[1].Descriptor() -} - -func (ServerTLSSettings_TLSProtocol) Type() protoreflect.EnumType { - return &file_networking_v1_gateway_proto_enumTypes[1] -} - -func (x ServerTLSSettings_TLSProtocol) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use ServerTLSSettings_TLSProtocol.Descriptor instead. -func (ServerTLSSettings_TLSProtocol) EnumDescriptor() ([]byte, []int) { - return file_networking_v1_gateway_proto_rawDescGZIP(), []int{3, 1} -} - -// Gateway describes a load balancer operating at the edge of the mesh -// receiving incoming or outgoing HTTP/TCP connections. -// -// -// -type Gateway struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // A list of server specifications. - Servers []*Server `protobuf:"bytes,1,rep,name=servers,proto3" json:"servers,omitempty"` - // One or more labels that indicate a specific set of pods/VMs - // on which this gateway configuration should be applied. - // By default workloads are searched across all namespaces based on label selectors. - // This implies that a gateway resource in the namespace "foo" can select pods in - // the namespace "bar" based on labels. - // This behavior can be controlled via the `PILOT_SCOPE_GATEWAY_TO_NAMESPACE` - // environment variable in istiod. If this variable is set - // to true, the scope of label search is restricted to the configuration - // namespace in which the the resource is present. In other words, the Gateway - // resource must reside in the same namespace as the gateway workload - // instance. - // If selector is nil, the Gateway will be applied to all workloads. - Selector map[string]string `protobuf:"bytes,2,rep,name=selector,proto3" json:"selector,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` -} - -func (x *Gateway) Reset() { - *x = Gateway{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_gateway_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Gateway) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Gateway) ProtoMessage() {} - -func (x *Gateway) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_gateway_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Gateway.ProtoReflect.Descriptor instead. -func (*Gateway) Descriptor() ([]byte, []int) { - return file_networking_v1_gateway_proto_rawDescGZIP(), []int{0} -} - -func (x *Gateway) GetServers() []*Server { - if x != nil { - return x.Servers - } - return nil -} - -func (x *Gateway) GetSelector() map[string]string { - if x != nil { - return x.Selector - } - return nil -} - -// `Server` describes the properties of the proxy on a given load balancer -// port. For example, -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Gateway -// metadata: -// -// name: my-ingress -// -// spec: -// -// selector: -// app: my-ingressgateway -// servers: -// - port: -// number: 80 -// name: http2 -// protocol: HTTP2 -// hosts: -// - "*" -// -// ``` -// -// # Another example -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Gateway -// metadata: -// -// name: my-tcp-ingress -// -// spec: -// -// selector: -// app: my-tcp-ingressgateway -// servers: -// - port: -// number: 27018 -// name: mongo -// protocol: MONGO -// hosts: -// - "*" -// -// ``` -// -// # The following is an example of TLS configuration for port 443 -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Gateway -// metadata: -// -// name: my-tls-ingress -// -// spec: -// -// selector: -// app: my-tls-ingressgateway -// servers: -// - port: -// number: 443 -// name: https -// protocol: HTTPS -// hosts: -// - "*" -// tls: -// mode: SIMPLE -// credentialName: tls-cert -// -// ``` -type Server struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The Port on which the proxy should listen for incoming - // connections. - Port *Port `protobuf:"bytes,1,opt,name=port,proto3" json:"port,omitempty"` - // The ip or the Unix domain socket to which the listener should be bound - // to. Format: `x.x.x.x` or `unix:///path/to/uds` or `unix://@foobar` - // (Linux abstract namespace). When using Unix domain sockets, the port - // number should be 0. - // This can be used to restrict the reachability of this server to be gateway internal only. - // This is typically used when a gateway needs to communicate to another mesh service - // e.g. publishing metrics. In such case, the server created with the - // specified bind will not be available to external gateway clients. - Bind string `protobuf:"bytes,4,opt,name=bind,proto3" json:"bind,omitempty"` - // One or more hosts exposed by this gateway. - // While typically applicable to - // HTTP services, it can also be used for TCP services using TLS with SNI. - // A host is specified as a `dnsName` with an optional `namespace/` prefix. - // The `dnsName` should be specified using FQDN format, optionally including - // a wildcard character in the left-most component (e.g., `prod/*.example.com`). - // Set the `dnsName` to `*` to select all `VirtualService` hosts from the - // specified namespace (e.g.,`prod/*`). - // - // The `namespace` can be set to `*` or `.`, representing any or the current - // namespace, respectively. For example, `*/foo.example.com` selects the - // service from any available namespace while `./foo.example.com` only selects - // the service from the namespace of the sidecar. The default, if no `namespace/` - // is specified, is `*/`, that is, select services from any namespace. - // Any associated `DestinationRule` in the selected namespace will also be used. - // - // A `VirtualService` must be bound to the gateway and must have one or - // more hosts that match the hosts specified in a server. The match - // could be an exact match or a suffix match with the server's hosts. For - // example, if the server's hosts specifies `*.example.com`, a - // `VirtualService` with hosts `dev.example.com` or `prod.example.com` will - // match. However, a `VirtualService` with host `example.com` or - // `newexample.com` will not match. - // - // NOTE: Only virtual services exported to the gateway's namespace - // (e.g., `exportTo` value of `*`) can be referenced. - // Private configurations (e.g., `exportTo` set to `.`) will not be - // available. Refer to the `exportTo` setting in `VirtualService`, - // `DestinationRule`, and `ServiceEntry` configurations for details. - Hosts []string `protobuf:"bytes,2,rep,name=hosts,proto3" json:"hosts,omitempty"` - // Set of TLS related options that govern the server's behavior. Use - // these options to control if all http requests should be redirected to - // https, and the TLS modes to use. - Tls *ServerTLSSettings `protobuf:"bytes,3,opt,name=tls,proto3" json:"tls,omitempty"` - // The loopback IP endpoint or Unix domain socket to which traffic should - // be forwarded to by default. Format should be `127.0.0.1:PORT` or - // `unix:///path/to/socket` or `unix://@foobar` (Linux abstract namespace). - // NOT IMPLEMENTED. - // $hide_from_docs - DefaultEndpoint string `protobuf:"bytes,5,opt,name=default_endpoint,json=defaultEndpoint,proto3" json:"default_endpoint,omitempty"` - // An optional name of the server, when set must be unique across all servers. - // This will be used for variety of purposes like prefixing stats generated with - // this name etc. - Name string `protobuf:"bytes,6,opt,name=name,proto3" json:"name,omitempty"` -} - -func (x *Server) Reset() { - *x = Server{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_gateway_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Server) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Server) ProtoMessage() {} - -func (x *Server) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_gateway_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Server.ProtoReflect.Descriptor instead. -func (*Server) Descriptor() ([]byte, []int) { - return file_networking_v1_gateway_proto_rawDescGZIP(), []int{1} -} - -func (x *Server) GetPort() *Port { - if x != nil { - return x.Port - } - return nil -} - -func (x *Server) GetBind() string { - if x != nil { - return x.Bind - } - return "" -} - -func (x *Server) GetHosts() []string { - if x != nil { - return x.Hosts - } - return nil -} - -func (x *Server) GetTls() *ServerTLSSettings { - if x != nil { - return x.Tls - } - return nil -} - -func (x *Server) GetDefaultEndpoint() string { - if x != nil { - return x.DefaultEndpoint - } - return "" -} - -func (x *Server) GetName() string { - if x != nil { - return x.Name - } - return "" -} - -// Port describes the properties of a specific port of a service. -type Port struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // A valid non-negative integer port number. - Number uint32 `protobuf:"varint,1,opt,name=number,proto3" json:"number,omitempty"` - // The protocol exposed on the port. - // MUST BE one of HTTP|HTTPS|GRPC|GRPC-WEB|HTTP2|MONGO|TCP|TLS. - // TLS can be either used to terminate non-HTTP based connections on a specific port - // or to route traffic based on SNI header to the destination without terminating the TLS connection. - Protocol string `protobuf:"bytes,2,opt,name=protocol,proto3" json:"protocol,omitempty"` - // Label assigned to the port. - Name string `protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"` - // The port number on the endpoint where the traffic will be - // received. Applicable only when used with ServiceEntries. - // $hide_from_docs - // - // Deprecated: Marked as deprecated in networking/v1/gateway.proto. - TargetPort uint32 `protobuf:"varint,4,opt,name=target_port,json=targetPort,proto3" json:"target_port,omitempty"` -} - -func (x *Port) Reset() { - *x = Port{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_gateway_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Port) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Port) ProtoMessage() {} - -func (x *Port) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_gateway_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Port.ProtoReflect.Descriptor instead. -func (*Port) Descriptor() ([]byte, []int) { - return file_networking_v1_gateway_proto_rawDescGZIP(), []int{2} -} - -func (x *Port) GetNumber() uint32 { - if x != nil { - return x.Number - } - return 0 -} - -func (x *Port) GetProtocol() string { - if x != nil { - return x.Protocol - } - return "" -} - -func (x *Port) GetName() string { - if x != nil { - return x.Name - } - return "" -} - -// Deprecated: Marked as deprecated in networking/v1/gateway.proto. -func (x *Port) GetTargetPort() uint32 { - if x != nil { - return x.TargetPort - } - return 0 -} - -type ServerTLSSettings struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // If set to true, the load balancer will send a 301 redirect for - // all http connections, asking the clients to use HTTPS. - HttpsRedirect bool `protobuf:"varint,1,opt,name=https_redirect,json=httpsRedirect,proto3" json:"https_redirect,omitempty"` - // Optional: Indicates whether connections to this port should be - // secured using TLS. The value of this field determines how TLS is - // enforced. - Mode ServerTLSSettings_TLSmode `protobuf:"varint,2,opt,name=mode,proto3,enum=istio.networking.v1.ServerTLSSettings_TLSmode" json:"mode,omitempty"` - // REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file - // holding the server-side TLS certificate to use. - ServerCertificate string `protobuf:"bytes,3,opt,name=server_certificate,json=serverCertificate,proto3" json:"server_certificate,omitempty"` - // REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file - // holding the server's private key. - PrivateKey string `protobuf:"bytes,4,opt,name=private_key,json=privateKey,proto3" json:"private_key,omitempty"` - // REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`. The path to a file - // containing certificate authority certificates to use in verifying a presented - // client side certificate. - CaCertificates string `protobuf:"bytes,5,opt,name=ca_certificates,json=caCertificates,proto3" json:"ca_certificates,omitempty"` - // OPTIONAL: The path to the file containing the certificate revocation list (CRL) - // to use in verifying a presented client side certificate. `CRL` is a list of certificates - // that have been revoked by the CA (Certificate Authority) before their scheduled expiration date. - // If specified, the proxy will verify if the presented certificate is part of the revoked list of certificates. - // If omitted, the proxy will not verify the certificate against the `crl`. - CaCrl string `protobuf:"bytes,13,opt,name=ca_crl,json=caCrl,proto3" json:"ca_crl,omitempty"` - // For gateways running on Kubernetes, the name of the secret that - // holds the TLS certs including the CA certificates. Applicable - // only on Kubernetes. An Opaque secret should contain the following - // keys and values: `tls.key: ` and `tls.crt: ` or - // `key: ` and `cert: `. - // For mutual TLS, `cacert: ` and `crl: ` - // can be provided in the same secret or a separate secret named `-cacert`. - // A TLS secret for server certificates with an additional `tls.ocsp-staple` key - // for specifying OCSP staple information, `ca.crt` key for CA certificates - // and `ca.crl` for certificate revocation list is also supported. - // Only one of server certificates and CA certificate - // or credentialName can be specified. - CredentialName string `protobuf:"bytes,10,opt,name=credential_name,json=credentialName,proto3" json:"credential_name,omitempty"` - // A list of alternate names to verify the subject identity in the - // certificate presented by the client. - SubjectAltNames []string `protobuf:"bytes,6,rep,name=subject_alt_names,json=subjectAltNames,proto3" json:"subject_alt_names,omitempty"` - // An optional list of base64-encoded SHA-256 hashes of the SPKIs of - // authorized client certificates. - // Note: When both verify_certificate_hash and verify_certificate_spki - // are specified, a hash matching either value will result in the - // certificate being accepted. - VerifyCertificateSpki []string `protobuf:"bytes,11,rep,name=verify_certificate_spki,json=verifyCertificateSpki,proto3" json:"verify_certificate_spki,omitempty"` - // An optional list of hex-encoded SHA-256 hashes of the - // authorized client certificates. Both simple and colon separated - // formats are acceptable. - // Note: When both verify_certificate_hash and verify_certificate_spki - // are specified, a hash matching either value will result in the - // certificate being accepted. - VerifyCertificateHash []string `protobuf:"bytes,12,rep,name=verify_certificate_hash,json=verifyCertificateHash,proto3" json:"verify_certificate_hash,omitempty"` - // Optional: Minimum TLS protocol version. By default, it is `TLSV1_2`. - // TLS protocol versions below TLSV1_2 require setting compatible ciphers with the - // `cipherSuites` setting as they no longer include compatible ciphers. - // - // Note: Using TLS protocol versions below TLSV1_2 has serious security risks. - MinProtocolVersion ServerTLSSettings_TLSProtocol `protobuf:"varint,7,opt,name=min_protocol_version,json=minProtocolVersion,proto3,enum=istio.networking.v1.ServerTLSSettings_TLSProtocol" json:"min_protocol_version,omitempty"` - // Optional: Maximum TLS protocol version. - MaxProtocolVersion ServerTLSSettings_TLSProtocol `protobuf:"varint,8,opt,name=max_protocol_version,json=maxProtocolVersion,proto3,enum=istio.networking.v1.ServerTLSSettings_TLSProtocol" json:"max_protocol_version,omitempty"` - // Optional: If specified, only support the specified cipher list. - // Otherwise default to the default cipher list supported by Envoy - // as specified [here](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto). - // The supported list of ciphers are: - // * `ECDHE-ECDSA-AES128-GCM-SHA256` - // * `ECDHE-RSA-AES128-GCM-SHA256` - // * `ECDHE-ECDSA-AES256-GCM-SHA384` - // * `ECDHE-RSA-AES256-GCM-SHA384` - // * `ECDHE-ECDSA-CHACHA20-POLY1305` - // * `ECDHE-RSA-CHACHA20-POLY1305` - // * `ECDHE-ECDSA-AES128-SHA` - // * `ECDHE-RSA-AES128-SHA` - // * `ECDHE-ECDSA-AES256-SHA` - // * `ECDHE-RSA-AES256-SHA` - // * `AES128-GCM-SHA256` - // * `AES256-GCM-SHA384` - // * `AES128-SHA` - // * `AES256-SHA` - // * `DES-CBC3-SHA` - CipherSuites []string `protobuf:"bytes,9,rep,name=cipher_suites,json=cipherSuites,proto3" json:"cipher_suites,omitempty"` -} - -func (x *ServerTLSSettings) Reset() { - *x = ServerTLSSettings{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_gateway_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ServerTLSSettings) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ServerTLSSettings) ProtoMessage() {} - -func (x *ServerTLSSettings) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_gateway_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ServerTLSSettings.ProtoReflect.Descriptor instead. -func (*ServerTLSSettings) Descriptor() ([]byte, []int) { - return file_networking_v1_gateway_proto_rawDescGZIP(), []int{3} -} - -func (x *ServerTLSSettings) GetHttpsRedirect() bool { - if x != nil { - return x.HttpsRedirect - } - return false -} - -func (x *ServerTLSSettings) GetMode() ServerTLSSettings_TLSmode { - if x != nil { - return x.Mode - } - return ServerTLSSettings_PASSTHROUGH -} - -func (x *ServerTLSSettings) GetServerCertificate() string { - if x != nil { - return x.ServerCertificate - } - return "" -} - -func (x *ServerTLSSettings) GetPrivateKey() string { - if x != nil { - return x.PrivateKey - } - return "" -} - -func (x *ServerTLSSettings) GetCaCertificates() string { - if x != nil { - return x.CaCertificates - } - return "" -} - -func (x *ServerTLSSettings) GetCaCrl() string { - if x != nil { - return x.CaCrl - } - return "" -} - -func (x *ServerTLSSettings) GetCredentialName() string { - if x != nil { - return x.CredentialName - } - return "" -} - -func (x *ServerTLSSettings) GetSubjectAltNames() []string { - if x != nil { - return x.SubjectAltNames - } - return nil -} - -func (x *ServerTLSSettings) GetVerifyCertificateSpki() []string { - if x != nil { - return x.VerifyCertificateSpki - } - return nil -} - -func (x *ServerTLSSettings) GetVerifyCertificateHash() []string { - if x != nil { - return x.VerifyCertificateHash - } - return nil -} - -func (x *ServerTLSSettings) GetMinProtocolVersion() ServerTLSSettings_TLSProtocol { - if x != nil { - return x.MinProtocolVersion - } - return ServerTLSSettings_TLS_AUTO -} - -func (x *ServerTLSSettings) GetMaxProtocolVersion() ServerTLSSettings_TLSProtocol { - if x != nil { - return x.MaxProtocolVersion - } - return ServerTLSSettings_TLS_AUTO -} - -func (x *ServerTLSSettings) GetCipherSuites() []string { - if x != nil { - return x.CipherSuites - } - return nil -} - -var File_networking_v1_gateway_proto protoreflect.FileDescriptor - -var file_networking_v1_gateway_proto_rawDesc = []byte{ - 0x0a, 0x1b, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x2f, - 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x13, 0x69, - 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, - 0x76, 0x31, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, - 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x22, 0xc5, 0x01, 0x0a, 0x07, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x12, - 0x35, 0x0a, 0x07, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x1b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x07, 0x73, - 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x12, 0x46, 0x0a, 0x08, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, - 0x6f, 0x72, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x47, - 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x2e, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x45, - 0x6e, 0x74, 0x72, 0x79, 0x52, 0x08, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x1a, 0x3b, - 0x0a, 0x0d, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, - 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, - 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xe4, 0x01, 0x0a, 0x06, - 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x32, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, - 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x6f, 0x72, 0x74, 0x42, - 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x62, 0x69, - 0x6e, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x62, 0x69, 0x6e, 0x64, 0x12, 0x19, - 0x0a, 0x05, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x42, 0x03, 0xe0, - 0x41, 0x02, 0x52, 0x05, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x12, 0x38, 0x0a, 0x03, 0x74, 0x6c, 0x73, - 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, - 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x72, - 0x76, 0x65, 0x72, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x03, - 0x74, 0x6c, 0x73, 0x12, 0x29, 0x0a, 0x10, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x65, - 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x64, - 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x12, - 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, - 0x6d, 0x65, 0x22, 0x82, 0x01, 0x0a, 0x04, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x1b, 0x0a, 0x06, 0x6e, - 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x03, 0xe0, 0x41, 0x02, - 0x52, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x1f, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, - 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x17, 0x0a, 0x04, 0x6e, 0x61, 0x6d, - 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x6e, 0x61, - 0x6d, 0x65, 0x12, 0x23, 0x0a, 0x0b, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x70, 0x6f, 0x72, - 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x02, 0x18, 0x01, 0x52, 0x0a, 0x74, 0x61, 0x72, - 0x67, 0x65, 0x74, 0x50, 0x6f, 0x72, 0x74, 0x22, 0x86, 0x07, 0x0a, 0x11, 0x53, 0x65, 0x72, 0x76, - 0x65, 0x72, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x25, 0x0a, - 0x0e, 0x68, 0x74, 0x74, 0x70, 0x73, 0x5f, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x68, 0x74, 0x74, 0x70, 0x73, 0x52, 0x65, 0x64, 0x69, - 0x72, 0x65, 0x63, 0x74, 0x12, 0x42, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x0e, 0x32, 0x2e, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, - 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, - 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x54, 0x4c, 0x53, 0x6d, 0x6f, - 0x64, 0x65, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x2d, 0x0a, 0x12, 0x73, 0x65, 0x72, 0x76, - 0x65, 0x72, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x03, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, - 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x72, 0x69, 0x76, 0x61, - 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x70, 0x72, - 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x12, 0x27, 0x0a, 0x0f, 0x63, 0x61, 0x5f, 0x63, - 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0e, 0x63, 0x61, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, - 0x73, 0x12, 0x15, 0x0a, 0x06, 0x63, 0x61, 0x5f, 0x63, 0x72, 0x6c, 0x18, 0x0d, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x05, 0x63, 0x61, 0x43, 0x72, 0x6c, 0x12, 0x27, 0x0a, 0x0f, 0x63, 0x72, 0x65, 0x64, - 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0e, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x4e, 0x61, 0x6d, - 0x65, 0x12, 0x2a, 0x0a, 0x11, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x61, 0x6c, 0x74, - 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0f, 0x73, 0x75, - 0x62, 0x6a, 0x65, 0x63, 0x74, 0x41, 0x6c, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x36, 0x0a, - 0x17, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, - 0x61, 0x74, 0x65, 0x5f, 0x73, 0x70, 0x6b, 0x69, 0x18, 0x0b, 0x20, 0x03, 0x28, 0x09, 0x52, 0x15, - 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, - 0x65, 0x53, 0x70, 0x6b, 0x69, 0x12, 0x36, 0x0a, 0x17, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x5f, - 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x68, 0x61, 0x73, 0x68, - 0x18, 0x0c, 0x20, 0x03, 0x28, 0x09, 0x52, 0x15, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x43, 0x65, - 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x48, 0x61, 0x73, 0x68, 0x12, 0x64, 0x0a, - 0x14, 0x6d, 0x69, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x5f, 0x76, 0x65, - 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x32, 0x2e, 0x69, 0x73, - 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, - 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, - 0x6e, 0x67, 0x73, 0x2e, 0x54, 0x4c, 0x53, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x52, - 0x12, 0x6d, 0x69, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x56, 0x65, 0x72, 0x73, - 0x69, 0x6f, 0x6e, 0x12, 0x64, 0x0a, 0x14, 0x6d, 0x61, 0x78, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x63, 0x6f, 0x6c, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x08, 0x20, 0x01, 0x28, - 0x0e, 0x32, 0x32, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, - 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x4c, - 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x54, 0x4c, 0x53, 0x50, 0x72, 0x6f, - 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x52, 0x12, 0x6d, 0x61, 0x78, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, - 0x6f, 0x6c, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x23, 0x0a, 0x0d, 0x63, 0x69, 0x70, - 0x68, 0x65, 0x72, 0x5f, 0x73, 0x75, 0x69, 0x74, 0x65, 0x73, 0x18, 0x09, 0x20, 0x03, 0x28, 0x09, - 0x52, 0x0c, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, 0x73, 0x22, 0x6f, - 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x0f, 0x0a, 0x0b, 0x50, 0x41, 0x53, - 0x53, 0x54, 0x48, 0x52, 0x4f, 0x55, 0x47, 0x48, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x49, - 0x4d, 0x50, 0x4c, 0x45, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x4d, 0x55, 0x54, 0x55, 0x41, 0x4c, - 0x10, 0x02, 0x12, 0x14, 0x0a, 0x10, 0x41, 0x55, 0x54, 0x4f, 0x5f, 0x50, 0x41, 0x53, 0x53, 0x54, - 0x48, 0x52, 0x4f, 0x55, 0x47, 0x48, 0x10, 0x03, 0x12, 0x10, 0x0a, 0x0c, 0x49, 0x53, 0x54, 0x49, - 0x4f, 0x5f, 0x4d, 0x55, 0x54, 0x55, 0x41, 0x4c, 0x10, 0x04, 0x12, 0x13, 0x0a, 0x0f, 0x4f, 0x50, - 0x54, 0x49, 0x4f, 0x4e, 0x41, 0x4c, 0x5f, 0x4d, 0x55, 0x54, 0x55, 0x41, 0x4c, 0x10, 0x05, 0x22, - 0x4f, 0x0a, 0x0b, 0x54, 0x4c, 0x53, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x0c, - 0x0a, 0x08, 0x54, 0x4c, 0x53, 0x5f, 0x41, 0x55, 0x54, 0x4f, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, - 0x54, 0x4c, 0x53, 0x56, 0x31, 0x5f, 0x30, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x54, 0x4c, 0x53, - 0x56, 0x31, 0x5f, 0x31, 0x10, 0x02, 0x12, 0x0b, 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x56, 0x31, 0x5f, - 0x32, 0x10, 0x03, 0x12, 0x0b, 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x56, 0x31, 0x5f, 0x33, 0x10, 0x04, - 0x42, 0x1c, 0x5a, 0x1a, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, - 0x2f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, 0x06, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} - -var ( - file_networking_v1_gateway_proto_rawDescOnce sync.Once - file_networking_v1_gateway_proto_rawDescData = file_networking_v1_gateway_proto_rawDesc -) - -func file_networking_v1_gateway_proto_rawDescGZIP() []byte { - file_networking_v1_gateway_proto_rawDescOnce.Do(func() { - file_networking_v1_gateway_proto_rawDescData = protoimpl.X.CompressGZIP(file_networking_v1_gateway_proto_rawDescData) - }) - return file_networking_v1_gateway_proto_rawDescData -} - -var file_networking_v1_gateway_proto_enumTypes = make([]protoimpl.EnumInfo, 2) -var file_networking_v1_gateway_proto_msgTypes = make([]protoimpl.MessageInfo, 5) -var file_networking_v1_gateway_proto_goTypes = []interface{}{ - (ServerTLSSettings_TLSmode)(0), // 0: istio.networking.v1.ServerTLSSettings.TLSmode - (ServerTLSSettings_TLSProtocol)(0), // 1: istio.networking.v1.ServerTLSSettings.TLSProtocol - (*Gateway)(nil), // 2: istio.networking.v1.Gateway - (*Server)(nil), // 3: istio.networking.v1.Server - (*Port)(nil), // 4: istio.networking.v1.Port - (*ServerTLSSettings)(nil), // 5: istio.networking.v1.ServerTLSSettings - nil, // 6: istio.networking.v1.Gateway.SelectorEntry -} -var file_networking_v1_gateway_proto_depIdxs = []int32{ - 3, // 0: istio.networking.v1.Gateway.servers:type_name -> istio.networking.v1.Server - 6, // 1: istio.networking.v1.Gateway.selector:type_name -> istio.networking.v1.Gateway.SelectorEntry - 4, // 2: istio.networking.v1.Server.port:type_name -> istio.networking.v1.Port - 5, // 3: istio.networking.v1.Server.tls:type_name -> istio.networking.v1.ServerTLSSettings - 0, // 4: istio.networking.v1.ServerTLSSettings.mode:type_name -> istio.networking.v1.ServerTLSSettings.TLSmode - 1, // 5: istio.networking.v1.ServerTLSSettings.min_protocol_version:type_name -> istio.networking.v1.ServerTLSSettings.TLSProtocol - 1, // 6: istio.networking.v1.ServerTLSSettings.max_protocol_version:type_name -> istio.networking.v1.ServerTLSSettings.TLSProtocol - 7, // [7:7] is the sub-list for method output_type - 7, // [7:7] is the sub-list for method input_type - 7, // [7:7] is the sub-list for extension type_name - 7, // [7:7] is the sub-list for extension extendee - 0, // [0:7] is the sub-list for field type_name -} - -func init() { file_networking_v1_gateway_proto_init() } -func file_networking_v1_gateway_proto_init() { - if File_networking_v1_gateway_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_networking_v1_gateway_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Gateway); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_gateway_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Server); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_gateway_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Port); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_gateway_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ServerTLSSettings); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_networking_v1_gateway_proto_rawDesc, - NumEnums: 2, - NumMessages: 5, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_networking_v1_gateway_proto_goTypes, - DependencyIndexes: file_networking_v1_gateway_proto_depIdxs, - EnumInfos: file_networking_v1_gateway_proto_enumTypes, - MessageInfos: file_networking_v1_gateway_proto_msgTypes, - }.Build() - File_networking_v1_gateway_proto = out.File - file_networking_v1_gateway_proto_rawDesc = nil - file_networking_v1_gateway_proto_goTypes = nil - file_networking_v1_gateway_proto_depIdxs = nil -} diff --git a/networking/v1/gateway.proto b/networking/v1/gateway.proto deleted file mode 100644 index 769c0ccd0db..00000000000 --- a/networking/v1/gateway.proto +++ /dev/null @@ -1,533 +0,0 @@ -// Copyright 2020 Istio Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -import "google/api/field_behavior.proto"; - -// $schema: istio.networking.v1.Gateway -// $title: Gateway -// $description: Configuration affecting edge load balancer. -// $location: https://istio.io/docs/reference/config/networking/gateway.html -// $aliases: [/docs/reference/config/networking/v1/gateway] -// $mode: none - -// `Gateway` describes a load balancer operating at the edge of the mesh -// receiving incoming or outgoing HTTP/TCP connections. The specification -// describes a set of ports that should be exposed, the type of protocol to -// use, SNI configuration for the load balancer, etc. -// -// For example, the following Gateway configuration sets up a proxy to act -// as a load balancer exposing port 80 and 9080 (http), 443 (https), -// 9443(https) and port 2379 (TCP) for ingress. The gateway will be -// applied to the proxy running on a pod with labels `app: -// my-gateway-controller`. While Istio will configure the proxy to listen -// on these ports, it is the responsibility of the user to ensure that -// external traffic to these ports are allowed into the mesh. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: Gateway -// metadata: -// name: my-gateway -// namespace: some-config-namespace -// spec: -// selector: -// app: my-gateway-controller -// servers: -// - port: -// number: 80 -// name: http -// protocol: HTTP -// hosts: -// - uk.bookinfo.com -// - eu.bookinfo.com -// tls: -// httpsRedirect: true # sends 301 redirect for http requests -// - port: -// number: 443 -// name: https-443 -// protocol: HTTPS -// hosts: -// - uk.bookinfo.com -// - eu.bookinfo.com -// tls: -// mode: SIMPLE # enables HTTPS on this port -// serverCertificate: /etc/certs/servercert.pem -// privateKey: /etc/certs/privatekey.pem -// - port: -// number: 9443 -// name: https-9443 -// protocol: HTTPS -// hosts: -// - "bookinfo-namespace/*.bookinfo.com" -// tls: -// mode: SIMPLE # enables HTTPS on this port -// credentialName: bookinfo-secret # fetches certs from Kubernetes secret -// - port: -// number: 9080 -// name: http-wildcard -// protocol: HTTP -// hosts: -// - "*" -// - port: -// number: 2379 # to expose internal service via external port 2379 -// name: mongo -// protocol: MONGO -// hosts: -// - "*" -// ``` -// -// The Gateway specification above describes the L4-L6 properties of a load -// balancer. A `VirtualService` can then be bound to a gateway to control -// the forwarding of traffic arriving at a particular host or gateway port. -// -// For example, the following VirtualService splits traffic for -// `https://uk.bookinfo.com/reviews`, `https://eu.bookinfo.com/reviews`, -// `http://uk.bookinfo.com:9080/reviews`, -// `http://eu.bookinfo.com:9080/reviews` into two versions (prod and qa) of -// an internal reviews service on port 9080. In addition, requests -// containing the cookie "user: dev-123" will be sent to special port 7777 -// in the qa version. The same rule is also applicable inside the mesh for -// requests to the "reviews.prod.svc.cluster.local" service. This rule is -// applicable across ports 443, 9080. Note that `http://uk.bookinfo.com` -// gets redirected to `https://uk.bookinfo.com` (i.e. 80 redirects to 443). -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: VirtualService -// metadata: -// name: bookinfo-rule -// namespace: bookinfo-namespace -// spec: -// hosts: -// - reviews.prod.svc.cluster.local -// - uk.bookinfo.com -// - eu.bookinfo.com -// gateways: -// - some-config-namespace/my-gateway -// - mesh # applies to all the sidecars in the mesh -// http: -// - match: -// - headers: -// cookie: -// exact: "user=dev-123" -// route: -// - destination: -// port: -// number: 7777 -// host: reviews.qa.svc.cluster.local -// - match: -// - uri: -// prefix: /reviews/ -// route: -// - destination: -// port: -// number: 9080 # can be omitted if it's the only port for reviews -// host: reviews.prod.svc.cluster.local -// weight: 80 -// - destination: -// host: reviews.qa.svc.cluster.local -// weight: 20 -// ``` -// -// The following VirtualService forwards traffic arriving at (external) -// port 27017 to internal Mongo server on port 5555. This rule is not -// applicable internally in the mesh as the gateway list omits the -// reserved name `mesh`. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: VirtualService -// metadata: -// name: bookinfo-mongo -// namespace: bookinfo-namespace -// spec: -// hosts: -// - mongosvr.prod.svc.cluster.local # name of internal Mongo service -// gateways: -// - some-config-namespace/my-gateway # can omit the namespace if gateway is in same namespace as virtual service. -// tcp: -// - match: -// - port: 27017 -// route: -// - destination: -// host: mongo.prod.svc.cluster.local -// port: -// number: 5555 -// ``` -// -// It is possible to restrict the set of virtual services that can bind to -// a gateway server using the namespace/hostname syntax in the hosts field. -// For example, the following Gateway allows any virtual service in the ns1 -// namespace to bind to it, while restricting only the virtual service with -// foo.bar.com host in the ns2 namespace to bind to it. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: Gateway -// metadata: -// name: my-gateway -// namespace: some-config-namespace -// spec: -// selector: -// app: my-gateway-controller -// servers: -// - port: -// number: 80 -// name: http -// protocol: HTTP -// hosts: -// - "ns1/*" -// - "ns2/foo.bar.com" -// ``` -package istio.networking.v1; - -option go_package = "istio.io/api/networking/v1"; - -// Gateway describes a load balancer operating at the edge of the mesh -// receiving incoming or outgoing HTTP/TCP connections. -// -// -// -message Gateway { - // A list of server specifications. - repeated Server servers = 1; - - // One or more labels that indicate a specific set of pods/VMs - // on which this gateway configuration should be applied. - // By default workloads are searched across all namespaces based on label selectors. - // This implies that a gateway resource in the namespace "foo" can select pods in - // the namespace "bar" based on labels. - // This behavior can be controlled via the `PILOT_SCOPE_GATEWAY_TO_NAMESPACE` - // environment variable in istiod. If this variable is set - // to true, the scope of label search is restricted to the configuration - // namespace in which the the resource is present. In other words, the Gateway - // resource must reside in the same namespace as the gateway workload - // instance. - // If selector is nil, the Gateway will be applied to all workloads. - map selector = 2; -} - -// `Server` describes the properties of the proxy on a given load balancer -// port. For example, -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Gateway -// metadata: -// name: my-ingress -// spec: -// selector: -// app: my-ingressgateway -// servers: -// - port: -// number: 80 -// name: http2 -// protocol: HTTP2 -// hosts: -// - "*" -// ``` -// -// Another example -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Gateway -// metadata: -// name: my-tcp-ingress -// spec: -// selector: -// app: my-tcp-ingressgateway -// servers: -// - port: -// number: 27018 -// name: mongo -// protocol: MONGO -// hosts: -// - "*" -// ``` -// -// The following is an example of TLS configuration for port 443 -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Gateway -// metadata: -// name: my-tls-ingress -// spec: -// selector: -// app: my-tls-ingressgateway -// servers: -// - port: -// number: 443 -// name: https -// protocol: HTTPS -// hosts: -// - "*" -// tls: -// mode: SIMPLE -// credentialName: tls-cert -// ``` -// -message Server { - // The Port on which the proxy should listen for incoming - // connections. - Port port = 1 [(google.api.field_behavior) = REQUIRED]; - - // The ip or the Unix domain socket to which the listener should be bound - // to. Format: `x.x.x.x` or `unix:///path/to/uds` or `unix://@foobar` - // (Linux abstract namespace). When using Unix domain sockets, the port - // number should be 0. - // This can be used to restrict the reachability of this server to be gateway internal only. - // This is typically used when a gateway needs to communicate to another mesh service - // e.g. publishing metrics. In such case, the server created with the - // specified bind will not be available to external gateway clients. - string bind = 4; - - // One or more hosts exposed by this gateway. - // While typically applicable to - // HTTP services, it can also be used for TCP services using TLS with SNI. - // A host is specified as a `dnsName` with an optional `namespace/` prefix. - // The `dnsName` should be specified using FQDN format, optionally including - // a wildcard character in the left-most component (e.g., `prod/*.example.com`). - // Set the `dnsName` to `*` to select all `VirtualService` hosts from the - // specified namespace (e.g.,`prod/*`). - // - // The `namespace` can be set to `*` or `.`, representing any or the current - // namespace, respectively. For example, `*/foo.example.com` selects the - // service from any available namespace while `./foo.example.com` only selects - // the service from the namespace of the sidecar. The default, if no `namespace/` - // is specified, is `*/`, that is, select services from any namespace. - // Any associated `DestinationRule` in the selected namespace will also be used. - // - // A `VirtualService` must be bound to the gateway and must have one or - // more hosts that match the hosts specified in a server. The match - // could be an exact match or a suffix match with the server's hosts. For - // example, if the server's hosts specifies `*.example.com`, a - // `VirtualService` with hosts `dev.example.com` or `prod.example.com` will - // match. However, a `VirtualService` with host `example.com` or - // `newexample.com` will not match. - // - // NOTE: Only virtual services exported to the gateway's namespace - // (e.g., `exportTo` value of `*`) can be referenced. - // Private configurations (e.g., `exportTo` set to `.`) will not be - // available. Refer to the `exportTo` setting in `VirtualService`, - // `DestinationRule`, and `ServiceEntry` configurations for details. - repeated string hosts = 2 [(google.api.field_behavior) = REQUIRED]; - - // Set of TLS related options that govern the server's behavior. Use - // these options to control if all http requests should be redirected to - // https, and the TLS modes to use. - ServerTLSSettings tls = 3; - - // The loopback IP endpoint or Unix domain socket to which traffic should - // be forwarded to by default. Format should be `127.0.0.1:PORT` or - // `unix:///path/to/socket` or `unix://@foobar` (Linux abstract namespace). - // NOT IMPLEMENTED. - // $hide_from_docs - string default_endpoint = 5; - - // An optional name of the server, when set must be unique across all servers. - // This will be used for variety of purposes like prefixing stats generated with - // this name etc. - string name = 6; -} - -// Port describes the properties of a specific port of a service. -message Port { - // A valid non-negative integer port number. - uint32 number = 1 [(google.api.field_behavior) = REQUIRED]; - - // The protocol exposed on the port. - // MUST BE one of HTTP|HTTPS|GRPC|GRPC-WEB|HTTP2|MONGO|TCP|TLS. - // TLS can be either used to terminate non-HTTP based connections on a specific port - // or to route traffic based on SNI header to the destination without terminating the TLS connection. - string protocol = 2 [(google.api.field_behavior) = REQUIRED]; - - // Label assigned to the port. - string name = 3 [(google.api.field_behavior) = REQUIRED]; - - // The port number on the endpoint where the traffic will be - // received. Applicable only when used with ServiceEntries. - // $hide_from_docs - uint32 target_port = 4 [deprecated=true]; -} - -message ServerTLSSettings { - // If set to true, the load balancer will send a 301 redirect for - // all http connections, asking the clients to use HTTPS. - bool https_redirect = 1; - - // TLS modes enforced by the proxy - enum TLSmode { - // The SNI string presented by the client will be used as the - // match criterion in a VirtualService TLS route to determine - // the destination service from the service registry. - PASSTHROUGH = 0; - - // Secure connections with standard TLS semantics. In this mode - // client certificate is not requested during handshake. - SIMPLE = 1; - - // Secure connections to the downstream using mutual TLS by - // presenting server certificates for authentication. - // A client certificate will also be requested during the handshake and - // at least one valid certificate is required to be sent by the client. - MUTUAL = 2; - - // Similar to the passthrough mode, except servers with this TLS - // mode do not require an associated VirtualService to map from - // the SNI value to service in the registry. The destination - // details such as the service/subset/port are encoded in the - // SNI value. The proxy will forward to the upstream (Envoy) - // cluster (a group of endpoints) specified by the SNI - // value. This server is typically used to provide connectivity - // between services in disparate L3 networks that otherwise do - // not have direct connectivity between their respective - // endpoints. Use of this mode assumes that both the source and - // the destination are using Istio mTLS to secure traffic. - AUTO_PASSTHROUGH = 3; - - // Secure connections from the downstream using mutual TLS by - // presenting server certificates for authentication. Compared - // to Mutual mode, this mode uses certificates, representing - // gateway workload identity, generated automatically by Istio - // for mTLS authentication. When this mode is used, all other - // fields in `TLSOptions` should be empty. - ISTIO_MUTUAL = 4; - - // Similar to MUTUAL mode, except that the client certificate - // is optional. Unlike SIMPLE mode, A client certificate will - // still be explicitly requested during handshake, but the client - // is not required to send a certificate. If a client certificate - // is presented, it will be validated. ca_certificates should - // be specified for validating client certificates. - OPTIONAL_MUTUAL = 5; - }; - - // Optional: Indicates whether connections to this port should be - // secured using TLS. The value of this field determines how TLS is - // enforced. - TLSmode mode = 2; - - // REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file - // holding the server-side TLS certificate to use. - string server_certificate = 3; - - // REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file - // holding the server's private key. - string private_key = 4; - - // REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`. The path to a file - // containing certificate authority certificates to use in verifying a presented - // client side certificate. - string ca_certificates = 5; - - // OPTIONAL: The path to the file containing the certificate revocation list (CRL) - // to use in verifying a presented client side certificate. `CRL` is a list of certificates - // that have been revoked by the CA (Certificate Authority) before their scheduled expiration date. - // If specified, the proxy will verify if the presented certificate is part of the revoked list of certificates. - // If omitted, the proxy will not verify the certificate against the `crl`. - string ca_crl = 13; - - // For gateways running on Kubernetes, the name of the secret that - // holds the TLS certs including the CA certificates. Applicable - // only on Kubernetes. An Opaque secret should contain the following - // keys and values: `tls.key: ` and `tls.crt: ` or - // `key: ` and `cert: `. - // For mutual TLS, `cacert: ` and `crl: ` - // can be provided in the same secret or a separate secret named `-cacert`. - // A TLS secret for server certificates with an additional `tls.ocsp-staple` key - // for specifying OCSP staple information, `ca.crt` key for CA certificates - // and `ca.crl` for certificate revocation list is also supported. - // Only one of server certificates and CA certificate - // or credentialName can be specified. - string credential_name = 10; - - // A list of alternate names to verify the subject identity in the - // certificate presented by the client. - repeated string subject_alt_names = 6; - - // An optional list of base64-encoded SHA-256 hashes of the SPKIs of - // authorized client certificates. - // Note: When both verify_certificate_hash and verify_certificate_spki - // are specified, a hash matching either value will result in the - // certificate being accepted. - repeated string verify_certificate_spki = 11; - - // An optional list of hex-encoded SHA-256 hashes of the - // authorized client certificates. Both simple and colon separated - // formats are acceptable. - // Note: When both verify_certificate_hash and verify_certificate_spki - // are specified, a hash matching either value will result in the - // certificate being accepted. - repeated string verify_certificate_hash = 12; - - // TLS protocol versions. - enum TLSProtocol { - // Automatically choose the optimal TLS version. - TLS_AUTO = 0; - - // TLS version 1.0 - TLSV1_0 = 1; - - // TLS version 1.1 - TLSV1_1 = 2; - - // TLS version 1.2 - TLSV1_2 = 3; - - // TLS version 1.3 - TLSV1_3 = 4; - } - - // Optional: Minimum TLS protocol version. By default, it is `TLSV1_2`. - // TLS protocol versions below TLSV1_2 require setting compatible ciphers with the - // `cipherSuites` setting as they no longer include compatible ciphers. - // - // Note: Using TLS protocol versions below TLSV1_2 has serious security risks. - TLSProtocol min_protocol_version = 7; - - // Optional: Maximum TLS protocol version. - TLSProtocol max_protocol_version = 8; - - // Optional: If specified, only support the specified cipher list. - // Otherwise default to the default cipher list supported by Envoy - // as specified [here](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto). - // The supported list of ciphers are: - // * `ECDHE-ECDSA-AES128-GCM-SHA256` - // * `ECDHE-RSA-AES128-GCM-SHA256` - // * `ECDHE-ECDSA-AES256-GCM-SHA384` - // * `ECDHE-RSA-AES256-GCM-SHA384` - // * `ECDHE-ECDSA-CHACHA20-POLY1305` - // * `ECDHE-RSA-CHACHA20-POLY1305` - // * `ECDHE-ECDSA-AES128-SHA` - // * `ECDHE-RSA-AES128-SHA` - // * `ECDHE-ECDSA-AES256-SHA` - // * `ECDHE-RSA-AES256-SHA` - // * `AES128-GCM-SHA256` - // * `AES256-GCM-SHA384` - // * `AES128-SHA` - // * `AES256-SHA` - // * `DES-CBC3-SHA` - repeated string cipher_suites = 9; -} diff --git a/networking/v1/gateway_alias.gen.go b/networking/v1/gateway_alias.gen.go new file mode 100644 index 00000000000..81f062b45fa --- /dev/null +++ b/networking/v1/gateway_alias.gen.go @@ -0,0 +1,25 @@ +// Code generated by protoc-gen-alias. DO NOT EDIT. +package v1 + +import "istio.io/api/networking/v1alpha3" + +type Gateway = v1alpha3.Gateway +type Server = v1alpha3.Server +type Port = v1alpha3.Port +type ServerTLSSettings = v1alpha3.ServerTLSSettings +type ServerTLSSettings_TLSmode = v1alpha3.ServerTLSSettings_TLSmode + +const ServerTLSSettings_PASSTHROUGH ServerTLSSettings_TLSmode = v1alpha3.ServerTLSSettings_PASSTHROUGH +const ServerTLSSettings_SIMPLE ServerTLSSettings_TLSmode = v1alpha3.ServerTLSSettings_SIMPLE +const ServerTLSSettings_MUTUAL ServerTLSSettings_TLSmode = v1alpha3.ServerTLSSettings_MUTUAL +const ServerTLSSettings_AUTO_PASSTHROUGH ServerTLSSettings_TLSmode = v1alpha3.ServerTLSSettings_AUTO_PASSTHROUGH +const ServerTLSSettings_ISTIO_MUTUAL ServerTLSSettings_TLSmode = v1alpha3.ServerTLSSettings_ISTIO_MUTUAL +const ServerTLSSettings_OPTIONAL_MUTUAL ServerTLSSettings_TLSmode = v1alpha3.ServerTLSSettings_OPTIONAL_MUTUAL + +type ServerTLSSettings_TLSProtocol = v1alpha3.ServerTLSSettings_TLSProtocol + +const ServerTLSSettings_TLS_AUTO ServerTLSSettings_TLSProtocol = v1alpha3.ServerTLSSettings_TLS_AUTO +const ServerTLSSettings_TLSV1_0 ServerTLSSettings_TLSProtocol = v1alpha3.ServerTLSSettings_TLSV1_0 +const ServerTLSSettings_TLSV1_1 ServerTLSSettings_TLSProtocol = v1alpha3.ServerTLSSettings_TLSV1_1 +const ServerTLSSettings_TLSV1_2 ServerTLSSettings_TLSProtocol = v1alpha3.ServerTLSSettings_TLSV1_2 +const ServerTLSSettings_TLSV1_3 ServerTLSSettings_TLSProtocol = v1alpha3.ServerTLSSettings_TLSV1_3 diff --git a/networking/v1/gateway_deepcopy.gen.go b/networking/v1/gateway_deepcopy.gen.go deleted file mode 100644 index 2df35052f2a..00000000000 --- a/networking/v1/gateway_deepcopy.gen.go +++ /dev/null @@ -1,90 +0,0 @@ -// Code generated by protoc-gen-deepcopy. DO NOT EDIT. -package v1 - -import ( - proto "google.golang.org/protobuf/proto" -) - -// DeepCopyInto supports using Gateway within kubernetes types, where deepcopy-gen is used. -func (in *Gateway) DeepCopyInto(out *Gateway) { - p := proto.Clone(in).(*Gateway) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Gateway. Required by controller-gen. -func (in *Gateway) DeepCopy() *Gateway { - if in == nil { - return nil - } - out := new(Gateway) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Gateway. Required by controller-gen. -func (in *Gateway) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using Server within kubernetes types, where deepcopy-gen is used. -func (in *Server) DeepCopyInto(out *Server) { - p := proto.Clone(in).(*Server) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Server. Required by controller-gen. -func (in *Server) DeepCopy() *Server { - if in == nil { - return nil - } - out := new(Server) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Server. Required by controller-gen. -func (in *Server) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using Port within kubernetes types, where deepcopy-gen is used. -func (in *Port) DeepCopyInto(out *Port) { - p := proto.Clone(in).(*Port) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Port. Required by controller-gen. -func (in *Port) DeepCopy() *Port { - if in == nil { - return nil - } - out := new(Port) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Port. Required by controller-gen. -func (in *Port) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using ServerTLSSettings within kubernetes types, where deepcopy-gen is used. -func (in *ServerTLSSettings) DeepCopyInto(out *ServerTLSSettings) { - p := proto.Clone(in).(*ServerTLSSettings) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServerTLSSettings. Required by controller-gen. -func (in *ServerTLSSettings) DeepCopy() *ServerTLSSettings { - if in == nil { - return nil - } - out := new(ServerTLSSettings) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ServerTLSSettings. Required by controller-gen. -func (in *ServerTLSSettings) DeepCopyInterface() interface{} { - return in.DeepCopy() -} diff --git a/networking/v1/gateway_json.gen.go b/networking/v1/gateway_json.gen.go deleted file mode 100644 index 1df6ea0539b..00000000000 --- a/networking/v1/gateway_json.gen.go +++ /dev/null @@ -1,56 +0,0 @@ -// Code generated by protoc-gen-jsonshim. DO NOT EDIT. -package v1 - -import ( - bytes "bytes" - jsonpb "github.com/golang/protobuf/jsonpb" -) - -// MarshalJSON is a custom marshaler for Gateway -func (this *Gateway) MarshalJSON() ([]byte, error) { - str, err := GatewayMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for Gateway -func (this *Gateway) UnmarshalJSON(b []byte) error { - return GatewayUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for Server -func (this *Server) MarshalJSON() ([]byte, error) { - str, err := GatewayMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for Server -func (this *Server) UnmarshalJSON(b []byte) error { - return GatewayUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for Port -func (this *Port) MarshalJSON() ([]byte, error) { - str, err := GatewayMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for Port -func (this *Port) UnmarshalJSON(b []byte) error { - return GatewayUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for ServerTLSSettings -func (this *ServerTLSSettings) MarshalJSON() ([]byte, error) { - str, err := GatewayMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for ServerTLSSettings -func (this *ServerTLSSettings) UnmarshalJSON(b []byte) error { - return GatewayUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -var ( - GatewayMarshaler = &jsonpb.Marshaler{} - GatewayUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} -) diff --git a/networking/v1/service_entry.pb.go b/networking/v1/service_entry.pb.go deleted file mode 100644 index a8b06ecd667..00000000000 --- a/networking/v1/service_entry.pb.go +++ /dev/null @@ -1,996 +0,0 @@ -// Copyright 2020 Istio Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.33.0 -// protoc (unknown) -// source: networking/v1/service_entry.proto - -// $schema: istio.networking.v1.ServiceEntry -// $title: Service Entry -// $description: Configuration affecting service registry. -// $location: https://istio.io/docs/reference/config/networking/service-entry.html -// $aliases: [/docs/reference/config/networking/v1/service-entry] -// $mode: none - -// `ServiceEntry` enables adding additional entries into Istio's -// internal service registry, so that auto-discovered services in the -// mesh can access/route to these manually specified services. A -// service entry describes the properties of a service (DNS name, -// VIPs, ports, protocols, endpoints). These services could be -// external to the mesh (e.g., web APIs) or mesh-internal services -// that are not part of the platform's service registry (e.g., a set -// of VMs talking to services in Kubernetes). In addition, the -// endpoints of a service entry can also be dynamically selected by -// using the `workloadSelector` field. These endpoints can be VM -// workloads declared using the `WorkloadEntry` object or Kubernetes -// pods. The ability to select both pods and VMs under a single -// service allows for migration of services from VMs to Kubernetes -// without having to change the existing DNS names associated with the -// services. -// -// The following example declares a few external APIs accessed by internal -// applications over HTTPS. The sidecar inspects the SNI value in the -// ClientHello message to route to the appropriate external service. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: ServiceEntry -// metadata: -// name: external-svc-https -// spec: -// hosts: -// - api.dropboxapi.com -// - www.googleapis.com -// - api.facebook.com -// location: MESH_EXTERNAL -// ports: -// - number: 443 -// name: https -// protocol: TLS -// resolution: DNS -// ``` -// -// The following configuration adds a set of MongoDB instances running on -// unmanaged VMs to Istio's registry, so that these services can be treated -// as any other service in the mesh. The associated DestinationRule is used -// to initiate mTLS connections to the database instances. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: ServiceEntry -// metadata: -// name: external-svc-mongocluster -// spec: -// hosts: -// - mymongodb.somedomain # not used -// addresses: -// - 192.192.192.192/24 # VIPs -// ports: -// - number: 27018 -// name: mongodb -// protocol: MONGO -// location: MESH_INTERNAL -// resolution: STATIC -// endpoints: -// - address: 2.2.2.2 -// - address: 3.3.3.3 -// ``` -// -// and the associated DestinationRule -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: DestinationRule -// metadata: -// name: mtls-mongocluster -// spec: -// host: mymongodb.somedomain -// trafficPolicy: -// tls: -// mode: MUTUAL -// clientCertificate: /etc/certs/myclientcert.pem -// privateKey: /etc/certs/client_private_key.pem -// caCertificates: /etc/certs/rootcacerts.pem -// ``` -// -// The following example uses a combination of service entry and TLS -// routing in a virtual service to steer traffic based on the SNI value to -// an internal egress firewall. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: ServiceEntry -// metadata: -// name: external-svc-redirect -// spec: -// hosts: -// - wikipedia.org -// - "*.wikipedia.org" -// location: MESH_EXTERNAL -// ports: -// - number: 443 -// name: https -// protocol: TLS -// resolution: NONE -// ``` -// -// And the associated VirtualService to route based on the SNI value. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: VirtualService -// metadata: -// name: tls-routing -// spec: -// hosts: -// - wikipedia.org -// - "*.wikipedia.org" -// tls: -// - match: -// - sniHosts: -// - wikipedia.org -// - "*.wikipedia.org" -// route: -// - destination: -// host: internal-egress-firewall.ns1.svc.cluster.local -// ``` -// -// The virtual service with TLS match serves to override the default SNI -// match. In the absence of a virtual service, traffic will be forwarded to -// the wikipedia domains. -// -// The following example demonstrates the use of a dedicated egress gateway -// through which all external service traffic is forwarded. -// The 'exportTo' field allows for control over the visibility of a service -// declaration to other namespaces in the mesh. By default, a service is exported -// to all namespaces. The following example restricts the visibility to the -// current namespace, represented by ".", so that it cannot be used by other -// namespaces. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: ServiceEntry -// metadata: -// name: external-svc-httpbin -// namespace : egress -// spec: -// hosts: -// - example.com -// exportTo: -// - "." -// location: MESH_EXTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: DNS -// ``` -// -// Define a gateway to handle all egress traffic. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: Gateway -// metadata: -// name: istio-egressgateway -// namespace: istio-system -// spec: -// selector: -// istio: egressgateway -// servers: -// - port: -// number: 80 -// name: http -// protocol: HTTP -// hosts: -// - "*" -// ``` -// -// And the associated `VirtualService` to route from the sidecar to the -// gateway service (`istio-egressgateway.istio-system.svc.cluster.local`), as -// well as route from the gateway to the external service. Note that the -// virtual service is exported to all namespaces enabling them to route traffic -// through the gateway to the external service. Forcing traffic to go through -// a managed middle proxy like this is a common practice. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: VirtualService -// metadata: -// name: gateway-routing -// namespace: egress -// spec: -// hosts: -// - example.com -// exportTo: -// - "*" -// gateways: -// - mesh -// - istio-egressgateway -// http: -// - match: -// - port: 80 -// gateways: -// - mesh -// route: -// - destination: -// host: istio-egressgateway.istio-system.svc.cluster.local -// - match: -// - port: 80 -// gateways: -// - istio-egressgateway -// route: -// - destination: -// host: example.com -// ``` -// -// The following example demonstrates the use of wildcards in the hosts for -// external services. If the connection has to be routed to the IP address -// requested by the application (i.e. application resolves DNS and attempts -// to connect to a specific IP), the resolution mode must be set to `NONE`. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: ServiceEntry -// metadata: -// name: external-svc-wildcard-example -// spec: -// hosts: -// - "*.bar.com" -// location: MESH_EXTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: NONE -// ``` -// -// The following example demonstrates a service that is available via a -// Unix Domain Socket on the host of the client. The resolution must be -// set to STATIC to use Unix address endpoints. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: ServiceEntry -// metadata: -// name: unix-domain-socket-example -// spec: -// hosts: -// - "example.unix.local" -// location: MESH_EXTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: STATIC -// endpoints: -// - address: unix:///var/run/example/socket -// ``` -// -// For HTTP-based services, it is possible to create a `VirtualService` -// backed by multiple DNS addressable endpoints. In such a scenario, the -// application can use the `HTTP_PROXY` environment variable to transparently -// reroute API calls for the `VirtualService` to a chosen backend. For -// example, the following configuration creates a non-existent external -// service called foo.bar.com backed by three domains: us.foo.bar.com:8080, -// uk.foo.bar.com:9080, and in.foo.bar.com:7080 -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: ServiceEntry -// metadata: -// name: external-svc-dns -// spec: -// hosts: -// - foo.bar.com -// location: MESH_EXTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: DNS -// endpoints: -// - address: us.foo.bar.com -// ports: -// http: 8080 -// - address: uk.foo.bar.com -// ports: -// http: 9080 -// - address: in.foo.bar.com -// ports: -// http: 7080 -// ``` -// -// With `HTTP_PROXY=http://localhost/`, calls from the application to -// `http://foo.bar.com` will be load balanced across the three domains -// specified above. In other words, a call to `http://foo.bar.com/baz` would -// be translated to `http://uk.foo.bar.com/baz`. -// -// The following example illustrates the usage of a `ServiceEntry` -// containing a subject alternate name -// whose format conforms to the [SPIFFE standard](https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md): -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: ServiceEntry -// metadata: -// name: httpbin -// namespace : httpbin-ns -// spec: -// hosts: -// - example.com -// location: MESH_INTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: STATIC -// endpoints: -// - address: 2.2.2.2 -// - address: 3.3.3.3 -// subjectAltNames: -// - "spiffe://cluster.local/ns/httpbin-ns/sa/httpbin-service-account" -// ``` -// -// The following example demonstrates the use of `ServiceEntry` with a -// `workloadSelector` to handle the migration of a service -// `details.bookinfo.com` from VMs to Kubernetes. The service has two -// VM-based instances with sidecars as well as a set of Kubernetes -// pods managed by a standard deployment object. Consumers of this -// service in the mesh will be automatically load balanced across the -// VMs and Kubernetes. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: WorkloadEntry -// metadata: -// name: details-vm-1 -// spec: -// serviceAccount: details -// address: 2.2.2.2 -// labels: -// app: details -// instance-id: vm1 -// --- -// apiVersion: networking.istio.io/v1 -// kind: WorkloadEntry -// metadata: -// name: details-vm-2 -// spec: -// serviceAccount: details -// address: 3.3.3.3 -// labels: -// app: details -// instance-id: vm2 -// ``` -// -// Assuming there is also a Kubernetes deployment with pod labels -// `app: details` using the same service account `details`, the -// following service entry declares a service spanning both VMs and -// Kubernetes: -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: ServiceEntry -// metadata: -// name: details-svc -// spec: -// hosts: -// - details.bookinfo.com -// location: MESH_INTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: STATIC -// workloadSelector: -// labels: -// app: details -// ``` - -package v1 - -import ( - _ "google.golang.org/genproto/googleapis/api/annotations" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// Location specifies whether the service is part of Istio mesh or -// outside the mesh. Location determines the behavior of several -// features, such as service-to-service mTLS authentication, policy -// enforcement, etc. When communicating with services outside the mesh, -// Istio's mTLS authentication is disabled, and policy enforcement is -// performed on the client-side as opposed to server-side. -type ServiceEntry_Location int32 - -const ( - // Signifies that the service is external to the mesh. Typically used - // to indicate external services consumed through APIs. - ServiceEntry_MESH_EXTERNAL ServiceEntry_Location = 0 - // Signifies that the service is part of the mesh. Typically used to - // indicate services added explicitly as part of expanding the service - // mesh to include unmanaged infrastructure (e.g., VMs added to a - // Kubernetes based service mesh). - ServiceEntry_MESH_INTERNAL ServiceEntry_Location = 1 -) - -// Enum value maps for ServiceEntry_Location. -var ( - ServiceEntry_Location_name = map[int32]string{ - 0: "MESH_EXTERNAL", - 1: "MESH_INTERNAL", - } - ServiceEntry_Location_value = map[string]int32{ - "MESH_EXTERNAL": 0, - "MESH_INTERNAL": 1, - } -) - -func (x ServiceEntry_Location) Enum() *ServiceEntry_Location { - p := new(ServiceEntry_Location) - *p = x - return p -} - -func (x ServiceEntry_Location) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (ServiceEntry_Location) Descriptor() protoreflect.EnumDescriptor { - return file_networking_v1_service_entry_proto_enumTypes[0].Descriptor() -} - -func (ServiceEntry_Location) Type() protoreflect.EnumType { - return &file_networking_v1_service_entry_proto_enumTypes[0] -} - -func (x ServiceEntry_Location) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use ServiceEntry_Location.Descriptor instead. -func (ServiceEntry_Location) EnumDescriptor() ([]byte, []int) { - return file_networking_v1_service_entry_proto_rawDescGZIP(), []int{0, 0} -} - -// Resolution determines how the proxy will resolve the IP addresses of -// the network endpoints associated with the service, so that it can -// route to one of them. The resolution mode specified here has no impact -// on how the application resolves the IP address associated with the -// service. The application may still have to use DNS to resolve the -// service to an IP so that the outbound traffic can be captured by the -// Proxy. Alternatively, for HTTP services, the application could -// directly communicate with the proxy (e.g., by setting HTTP_PROXY) to -// talk to these services. -type ServiceEntry_Resolution int32 - -const ( - // Assume that incoming connections have already been resolved (to a - // specific destination IP address). Such connections are typically - // routed via the proxy using mechanisms such as IP table REDIRECT/ - // eBPF. After performing any routing related transformations, the - // proxy will forward the connection to the IP address to which the - // connection was bound. - ServiceEntry_NONE ServiceEntry_Resolution = 0 - // Use the static IP addresses specified in endpoints (see below) as the - // backing instances associated with the service. - ServiceEntry_STATIC ServiceEntry_Resolution = 1 - // Attempt to resolve the IP address by querying the ambient DNS, - // asynchronously. If no endpoints are specified, the proxy - // will resolve the DNS address specified in the hosts field, if - // wildcards are not used. If endpoints are specified, the DNS - // addresses specified in the endpoints will be resolved to determine - // the destination IP address. DNS resolution cannot be used with Unix - // domain socket endpoints. - ServiceEntry_DNS ServiceEntry_Resolution = 2 - // Attempt to resolve the IP address by querying the ambient DNS, - // asynchronously. Unlike `DNS`, `DNS_ROUND_ROBIN` only uses the - // first IP address returned when a new connection needs to be initiated - // without relying on complete results of DNS resolution, and connections - // made to hosts will be retained even if DNS records change frequently - // eliminating draining connection pools and connection cycling. - // This is best suited for large web scale services that - // must be accessed via DNS. The proxy will resolve the DNS address - // specified in the hosts field, if wildcards are not used. DNS resolution - // cannot be used with Unix domain socket endpoints. - ServiceEntry_DNS_ROUND_ROBIN ServiceEntry_Resolution = 3 -) - -// Enum value maps for ServiceEntry_Resolution. -var ( - ServiceEntry_Resolution_name = map[int32]string{ - 0: "NONE", - 1: "STATIC", - 2: "DNS", - 3: "DNS_ROUND_ROBIN", - } - ServiceEntry_Resolution_value = map[string]int32{ - "NONE": 0, - "STATIC": 1, - "DNS": 2, - "DNS_ROUND_ROBIN": 3, - } -) - -func (x ServiceEntry_Resolution) Enum() *ServiceEntry_Resolution { - p := new(ServiceEntry_Resolution) - *p = x - return p -} - -func (x ServiceEntry_Resolution) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (ServiceEntry_Resolution) Descriptor() protoreflect.EnumDescriptor { - return file_networking_v1_service_entry_proto_enumTypes[1].Descriptor() -} - -func (ServiceEntry_Resolution) Type() protoreflect.EnumType { - return &file_networking_v1_service_entry_proto_enumTypes[1] -} - -func (x ServiceEntry_Resolution) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use ServiceEntry_Resolution.Descriptor instead. -func (ServiceEntry_Resolution) EnumDescriptor() ([]byte, []int) { - return file_networking_v1_service_entry_proto_rawDescGZIP(), []int{0, 1} -} - -// ServiceEntry enables adding additional entries into Istio's internal -// service registry. -// -// -// -type ServiceEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The hosts associated with the ServiceEntry. Could be a DNS - // name with wildcard prefix. - // - // 1. The hosts field is used to select matching hosts in VirtualServices and DestinationRules. - // 2. For HTTP traffic the HTTP Host/Authority header will be matched against the hosts field. - // 3. For HTTPs or TLS traffic containing Server Name Indication (SNI), the SNI value - // will be matched against the hosts field. - // - // **NOTE 1:** When resolution is set to type DNS and no endpoints - // are specified, the host field will be used as the DNS name of the - // endpoint to route traffic to. - // - // **NOTE 2:** If the hostname matches with the name of a service - // from another service registry such as Kubernetes that also - // supplies its own set of endpoints, the ServiceEntry will be - // treated as a decorator of the existing Kubernetes - // service. Properties in the service entry will be added to the - // Kubernetes service if applicable. Currently, only the following - // additional properties will be considered by `istiod`: - // - // 1. subjectAltNames: In addition to verifying the SANs of the - // service accounts associated with the pods of the service, the - // SANs specified here will also be verified. - Hosts []string `protobuf:"bytes,1,rep,name=hosts,proto3" json:"hosts,omitempty"` - // The virtual IP addresses associated with the service. Could be CIDR - // prefix. For HTTP traffic, generated route configurations will include http route - // domains for both the `addresses` and `hosts` field values and the destination will - // be identified based on the HTTP Host/Authority header. - // If one or more IP addresses are specified, - // the incoming traffic will be identified as belonging to this service - // if the destination IP matches the IP/CIDRs specified in the addresses - // field. If the Addresses field is empty, traffic will be identified - // solely based on the destination port. In such scenarios, the port on - // which the service is being accessed must not be shared by any other - // service in the mesh. In other words, the sidecar will behave as a - // simple TCP proxy, forwarding incoming traffic on a specified port to - // the specified destination endpoint IP/host. Unix domain socket - // addresses are not supported in this field. - Addresses []string `protobuf:"bytes,2,rep,name=addresses,proto3" json:"addresses,omitempty"` - // The ports associated with the external service. If the - // Endpoints are Unix domain socket addresses, there must be exactly one - // port. - Ports []*ServicePort `protobuf:"bytes,3,rep,name=ports,proto3" json:"ports,omitempty"` - // Specify whether the service should be considered external to the mesh - // or part of the mesh. - Location ServiceEntry_Location `protobuf:"varint,4,opt,name=location,proto3,enum=istio.networking.v1.ServiceEntry_Location" json:"location,omitempty"` - // Service resolution mode for the hosts. Care must be taken - // when setting the resolution mode to NONE for a TCP port without - // accompanying IP addresses. In such cases, traffic to any IP on - // said port will be allowed (i.e. `0.0.0.0:`). - Resolution ServiceEntry_Resolution `protobuf:"varint,5,opt,name=resolution,proto3,enum=istio.networking.v1.ServiceEntry_Resolution" json:"resolution,omitempty"` - // One or more endpoints associated with the service. Only one of - // `endpoints` or `workloadSelector` can be specified. - Endpoints []*WorkloadEntry `protobuf:"bytes,6,rep,name=endpoints,proto3" json:"endpoints,omitempty"` - // Applicable only for MESH_INTERNAL services. Only one of - // `endpoints` or `workloadSelector` can be specified. Selects one - // or more Kubernetes pods or VM workloads (specified using - // `WorkloadEntry`) based on their labels. The `WorkloadEntry` object - // representing the VMs should be defined in the same namespace as - // the ServiceEntry. - WorkloadSelector *WorkloadSelector `protobuf:"bytes,9,opt,name=workload_selector,json=workloadSelector,proto3" json:"workload_selector,omitempty"` - // A list of namespaces to which this service is exported. Exporting a service - // allows it to be used by sidecars, gateways and virtual services defined in - // other namespaces. This feature provides a mechanism for service owners - // and mesh administrators to control the visibility of services across - // namespace boundaries. - // - // If no namespaces are specified then the service is exported to all - // namespaces by default. - // - // The value "." is reserved and defines an export to the same namespace that - // the service is declared in. Similarly the value "*" is reserved and - // defines an export to all namespaces. - // - // For a Kubernetes Service, the equivalent effect can be achieved by setting - // the annotation "networking.istio.io/exportTo" to a comma-separated list - // of namespace names. - ExportTo []string `protobuf:"bytes,7,rep,name=export_to,json=exportTo,proto3" json:"export_to,omitempty"` - // If specified, the proxy will verify that the server certificate's - // subject alternate name matches one of the specified values. - // - // NOTE: When using the workloadEntry with workloadSelectors, the - // service account specified in the workloadEntry will also be used - // to derive the additional subject alternate names that should be - // verified. - SubjectAltNames []string `protobuf:"bytes,8,rep,name=subject_alt_names,json=subjectAltNames,proto3" json:"subject_alt_names,omitempty"` -} - -func (x *ServiceEntry) Reset() { - *x = ServiceEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_service_entry_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ServiceEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ServiceEntry) ProtoMessage() {} - -func (x *ServiceEntry) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_service_entry_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ServiceEntry.ProtoReflect.Descriptor instead. -func (*ServiceEntry) Descriptor() ([]byte, []int) { - return file_networking_v1_service_entry_proto_rawDescGZIP(), []int{0} -} - -func (x *ServiceEntry) GetHosts() []string { - if x != nil { - return x.Hosts - } - return nil -} - -func (x *ServiceEntry) GetAddresses() []string { - if x != nil { - return x.Addresses - } - return nil -} - -func (x *ServiceEntry) GetPorts() []*ServicePort { - if x != nil { - return x.Ports - } - return nil -} - -func (x *ServiceEntry) GetLocation() ServiceEntry_Location { - if x != nil { - return x.Location - } - return ServiceEntry_MESH_EXTERNAL -} - -func (x *ServiceEntry) GetResolution() ServiceEntry_Resolution { - if x != nil { - return x.Resolution - } - return ServiceEntry_NONE -} - -func (x *ServiceEntry) GetEndpoints() []*WorkloadEntry { - if x != nil { - return x.Endpoints - } - return nil -} - -func (x *ServiceEntry) GetWorkloadSelector() *WorkloadSelector { - if x != nil { - return x.WorkloadSelector - } - return nil -} - -func (x *ServiceEntry) GetExportTo() []string { - if x != nil { - return x.ExportTo - } - return nil -} - -func (x *ServiceEntry) GetSubjectAltNames() []string { - if x != nil { - return x.SubjectAltNames - } - return nil -} - -// ServicePort describes the properties of a specific port of a service. -type ServicePort struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // A valid non-negative integer port number. - Number uint32 `protobuf:"varint,1,opt,name=number,proto3" json:"number,omitempty"` - // The protocol exposed on the port. - // MUST BE one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TLS. - // TLS implies the connection will be routed based on the SNI header to - // the destination without terminating the TLS connection. - Protocol string `protobuf:"bytes,2,opt,name=protocol,proto3" json:"protocol,omitempty"` - // Label assigned to the port. - Name string `protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"` - // The port number on the endpoint where the traffic will be - // received. If unset, default to `number`. - TargetPort uint32 `protobuf:"varint,4,opt,name=target_port,json=targetPort,proto3" json:"target_port,omitempty"` -} - -func (x *ServicePort) Reset() { - *x = ServicePort{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_service_entry_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ServicePort) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ServicePort) ProtoMessage() {} - -func (x *ServicePort) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_service_entry_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ServicePort.ProtoReflect.Descriptor instead. -func (*ServicePort) Descriptor() ([]byte, []int) { - return file_networking_v1_service_entry_proto_rawDescGZIP(), []int{1} -} - -func (x *ServicePort) GetNumber() uint32 { - if x != nil { - return x.Number - } - return 0 -} - -func (x *ServicePort) GetProtocol() string { - if x != nil { - return x.Protocol - } - return "" -} - -func (x *ServicePort) GetName() string { - if x != nil { - return x.Name - } - return "" -} - -func (x *ServicePort) GetTargetPort() uint32 { - if x != nil { - return x.TargetPort - } - return 0 -} - -var File_networking_v1_service_entry_proto protoreflect.FileDescriptor - -var file_networking_v1_service_entry_proto_rawDesc = []byte{ - 0x0a, 0x21, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x2f, - 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x12, 0x13, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, - 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, - 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x6e, 0x65, 0x74, 0x77, 0x6f, - 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x2f, 0x73, 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x22, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, - 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x2f, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x65, - 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xe8, 0x04, 0x0a, 0x0c, 0x53, - 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x19, 0x0a, 0x05, 0x68, - 0x6f, 0x73, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, - 0x05, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, - 0x73, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x09, 0x61, 0x64, 0x64, 0x72, 0x65, - 0x73, 0x73, 0x65, 0x73, 0x12, 0x36, 0x0a, 0x05, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, 0x03, 0x20, - 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, - 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x50, 0x6f, 0x72, 0x74, 0x52, 0x05, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x12, 0x46, 0x0a, 0x08, - 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2a, - 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, - 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x45, 0x6e, 0x74, 0x72, - 0x79, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x6c, 0x6f, 0x63, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x4c, 0x0a, 0x0a, 0x72, 0x65, 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x69, - 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x53, - 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x73, 0x6f, - 0x6c, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x72, 0x65, 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x69, - 0x6f, 0x6e, 0x12, 0x40, 0x0a, 0x09, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x18, - 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, - 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, - 0x6c, 0x6f, 0x61, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x09, 0x65, 0x6e, 0x64, 0x70, 0x6f, - 0x69, 0x6e, 0x74, 0x73, 0x12, 0x52, 0x0a, 0x11, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, - 0x5f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x25, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, - 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, - 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x52, 0x10, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, - 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x1b, 0x0a, 0x09, 0x65, 0x78, 0x70, 0x6f, - 0x72, 0x74, 0x5f, 0x74, 0x6f, 0x18, 0x07, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x65, 0x78, 0x70, - 0x6f, 0x72, 0x74, 0x54, 0x6f, 0x12, 0x2a, 0x0a, 0x11, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, - 0x5f, 0x61, 0x6c, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x09, - 0x52, 0x0f, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x41, 0x6c, 0x74, 0x4e, 0x61, 0x6d, 0x65, - 0x73, 0x22, 0x30, 0x0a, 0x08, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x11, 0x0a, - 0x0d, 0x4d, 0x45, 0x53, 0x48, 0x5f, 0x45, 0x58, 0x54, 0x45, 0x52, 0x4e, 0x41, 0x4c, 0x10, 0x00, - 0x12, 0x11, 0x0a, 0x0d, 0x4d, 0x45, 0x53, 0x48, 0x5f, 0x49, 0x4e, 0x54, 0x45, 0x52, 0x4e, 0x41, - 0x4c, 0x10, 0x01, 0x22, 0x40, 0x0a, 0x0a, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x69, 0x6f, - 0x6e, 0x12, 0x08, 0x0a, 0x04, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x53, - 0x54, 0x41, 0x54, 0x49, 0x43, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x44, 0x4e, 0x53, 0x10, 0x02, - 0x12, 0x13, 0x0a, 0x0f, 0x44, 0x4e, 0x53, 0x5f, 0x52, 0x4f, 0x55, 0x4e, 0x44, 0x5f, 0x52, 0x4f, - 0x42, 0x49, 0x4e, 0x10, 0x03, 0x22, 0x80, 0x01, 0x0a, 0x0b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x1b, 0x0a, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x06, 0x6e, 0x75, 0x6d, 0x62, - 0x65, 0x72, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x17, - 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, - 0x02, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x74, 0x61, 0x72, 0x67, 0x65, - 0x74, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x74, 0x61, - 0x72, 0x67, 0x65, 0x74, 0x50, 0x6f, 0x72, 0x74, 0x42, 0x1c, 0x5a, 0x1a, 0x69, 0x73, 0x74, 0x69, - 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} - -var ( - file_networking_v1_service_entry_proto_rawDescOnce sync.Once - file_networking_v1_service_entry_proto_rawDescData = file_networking_v1_service_entry_proto_rawDesc -) - -func file_networking_v1_service_entry_proto_rawDescGZIP() []byte { - file_networking_v1_service_entry_proto_rawDescOnce.Do(func() { - file_networking_v1_service_entry_proto_rawDescData = protoimpl.X.CompressGZIP(file_networking_v1_service_entry_proto_rawDescData) - }) - return file_networking_v1_service_entry_proto_rawDescData -} - -var file_networking_v1_service_entry_proto_enumTypes = make([]protoimpl.EnumInfo, 2) -var file_networking_v1_service_entry_proto_msgTypes = make([]protoimpl.MessageInfo, 2) -var file_networking_v1_service_entry_proto_goTypes = []interface{}{ - (ServiceEntry_Location)(0), // 0: istio.networking.v1.ServiceEntry.Location - (ServiceEntry_Resolution)(0), // 1: istio.networking.v1.ServiceEntry.Resolution - (*ServiceEntry)(nil), // 2: istio.networking.v1.ServiceEntry - (*ServicePort)(nil), // 3: istio.networking.v1.ServicePort - (*WorkloadEntry)(nil), // 4: istio.networking.v1.WorkloadEntry - (*WorkloadSelector)(nil), // 5: istio.networking.v1.WorkloadSelector -} -var file_networking_v1_service_entry_proto_depIdxs = []int32{ - 3, // 0: istio.networking.v1.ServiceEntry.ports:type_name -> istio.networking.v1.ServicePort - 0, // 1: istio.networking.v1.ServiceEntry.location:type_name -> istio.networking.v1.ServiceEntry.Location - 1, // 2: istio.networking.v1.ServiceEntry.resolution:type_name -> istio.networking.v1.ServiceEntry.Resolution - 4, // 3: istio.networking.v1.ServiceEntry.endpoints:type_name -> istio.networking.v1.WorkloadEntry - 5, // 4: istio.networking.v1.ServiceEntry.workload_selector:type_name -> istio.networking.v1.WorkloadSelector - 5, // [5:5] is the sub-list for method output_type - 5, // [5:5] is the sub-list for method input_type - 5, // [5:5] is the sub-list for extension type_name - 5, // [5:5] is the sub-list for extension extendee - 0, // [0:5] is the sub-list for field type_name -} - -func init() { file_networking_v1_service_entry_proto_init() } -func file_networking_v1_service_entry_proto_init() { - if File_networking_v1_service_entry_proto != nil { - return - } - file_networking_v1_sidecar_proto_init() - file_networking_v1_workload_entry_proto_init() - if !protoimpl.UnsafeEnabled { - file_networking_v1_service_entry_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ServiceEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_service_entry_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ServicePort); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_networking_v1_service_entry_proto_rawDesc, - NumEnums: 2, - NumMessages: 2, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_networking_v1_service_entry_proto_goTypes, - DependencyIndexes: file_networking_v1_service_entry_proto_depIdxs, - EnumInfos: file_networking_v1_service_entry_proto_enumTypes, - MessageInfos: file_networking_v1_service_entry_proto_msgTypes, - }.Build() - File_networking_v1_service_entry_proto = out.File - file_networking_v1_service_entry_proto_rawDesc = nil - file_networking_v1_service_entry_proto_goTypes = nil - file_networking_v1_service_entry_proto_depIdxs = nil -} diff --git a/networking/v1/service_entry.proto b/networking/v1/service_entry.proto deleted file mode 100644 index c9bfe1fe7c6..00000000000 --- a/networking/v1/service_entry.proto +++ /dev/null @@ -1,596 +0,0 @@ -// Copyright 2020 Istio Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -import "google/api/field_behavior.proto"; -import "networking/v1/sidecar.proto"; -import "networking/v1/workload_entry.proto"; - -// $schema: istio.networking.v1.ServiceEntry -// $title: Service Entry -// $description: Configuration affecting service registry. -// $location: https://istio.io/docs/reference/config/networking/service-entry.html -// $aliases: [/docs/reference/config/networking/v1/service-entry] -// $mode: none - -// `ServiceEntry` enables adding additional entries into Istio's -// internal service registry, so that auto-discovered services in the -// mesh can access/route to these manually specified services. A -// service entry describes the properties of a service (DNS name, -// VIPs, ports, protocols, endpoints). These services could be -// external to the mesh (e.g., web APIs) or mesh-internal services -// that are not part of the platform's service registry (e.g., a set -// of VMs talking to services in Kubernetes). In addition, the -// endpoints of a service entry can also be dynamically selected by -// using the `workloadSelector` field. These endpoints can be VM -// workloads declared using the `WorkloadEntry` object or Kubernetes -// pods. The ability to select both pods and VMs under a single -// service allows for migration of services from VMs to Kubernetes -// without having to change the existing DNS names associated with the -// services. -// -// The following example declares a few external APIs accessed by internal -// applications over HTTPS. The sidecar inspects the SNI value in the -// ClientHello message to route to the appropriate external service. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: ServiceEntry -// metadata: -// name: external-svc-https -// spec: -// hosts: -// - api.dropboxapi.com -// - www.googleapis.com -// - api.facebook.com -// location: MESH_EXTERNAL -// ports: -// - number: 443 -// name: https -// protocol: TLS -// resolution: DNS -// ``` -// -// The following configuration adds a set of MongoDB instances running on -// unmanaged VMs to Istio's registry, so that these services can be treated -// as any other service in the mesh. The associated DestinationRule is used -// to initiate mTLS connections to the database instances. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: ServiceEntry -// metadata: -// name: external-svc-mongocluster -// spec: -// hosts: -// - mymongodb.somedomain # not used -// addresses: -// - 192.192.192.192/24 # VIPs -// ports: -// - number: 27018 -// name: mongodb -// protocol: MONGO -// location: MESH_INTERNAL -// resolution: STATIC -// endpoints: -// - address: 2.2.2.2 -// - address: 3.3.3.3 -// ``` -// -// and the associated DestinationRule -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: DestinationRule -// metadata: -// name: mtls-mongocluster -// spec: -// host: mymongodb.somedomain -// trafficPolicy: -// tls: -// mode: MUTUAL -// clientCertificate: /etc/certs/myclientcert.pem -// privateKey: /etc/certs/client_private_key.pem -// caCertificates: /etc/certs/rootcacerts.pem -// ``` -// -// The following example uses a combination of service entry and TLS -// routing in a virtual service to steer traffic based on the SNI value to -// an internal egress firewall. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: ServiceEntry -// metadata: -// name: external-svc-redirect -// spec: -// hosts: -// - wikipedia.org -// - "*.wikipedia.org" -// location: MESH_EXTERNAL -// ports: -// - number: 443 -// name: https -// protocol: TLS -// resolution: NONE -// ``` -// -// And the associated VirtualService to route based on the SNI value. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: VirtualService -// metadata: -// name: tls-routing -// spec: -// hosts: -// - wikipedia.org -// - "*.wikipedia.org" -// tls: -// - match: -// - sniHosts: -// - wikipedia.org -// - "*.wikipedia.org" -// route: -// - destination: -// host: internal-egress-firewall.ns1.svc.cluster.local -// ``` -// -// The virtual service with TLS match serves to override the default SNI -// match. In the absence of a virtual service, traffic will be forwarded to -// the wikipedia domains. -// -// The following example demonstrates the use of a dedicated egress gateway -// through which all external service traffic is forwarded. -// The 'exportTo' field allows for control over the visibility of a service -// declaration to other namespaces in the mesh. By default, a service is exported -// to all namespaces. The following example restricts the visibility to the -// current namespace, represented by ".", so that it cannot be used by other -// namespaces. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: ServiceEntry -// metadata: -// name: external-svc-httpbin -// namespace : egress -// spec: -// hosts: -// - example.com -// exportTo: -// - "." -// location: MESH_EXTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: DNS -// ``` -// -// Define a gateway to handle all egress traffic. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: Gateway -// metadata: -// name: istio-egressgateway -// namespace: istio-system -// spec: -// selector: -// istio: egressgateway -// servers: -// - port: -// number: 80 -// name: http -// protocol: HTTP -// hosts: -// - "*" -// ``` -// -// And the associated `VirtualService` to route from the sidecar to the -// gateway service (`istio-egressgateway.istio-system.svc.cluster.local`), as -// well as route from the gateway to the external service. Note that the -// virtual service is exported to all namespaces enabling them to route traffic -// through the gateway to the external service. Forcing traffic to go through -// a managed middle proxy like this is a common practice. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: VirtualService -// metadata: -// name: gateway-routing -// namespace: egress -// spec: -// hosts: -// - example.com -// exportTo: -// - "*" -// gateways: -// - mesh -// - istio-egressgateway -// http: -// - match: -// - port: 80 -// gateways: -// - mesh -// route: -// - destination: -// host: istio-egressgateway.istio-system.svc.cluster.local -// - match: -// - port: 80 -// gateways: -// - istio-egressgateway -// route: -// - destination: -// host: example.com -// ``` -// -// The following example demonstrates the use of wildcards in the hosts for -// external services. If the connection has to be routed to the IP address -// requested by the application (i.e. application resolves DNS and attempts -// to connect to a specific IP), the resolution mode must be set to `NONE`. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: ServiceEntry -// metadata: -// name: external-svc-wildcard-example -// spec: -// hosts: -// - "*.bar.com" -// location: MESH_EXTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: NONE -// ``` -// -// The following example demonstrates a service that is available via a -// Unix Domain Socket on the host of the client. The resolution must be -// set to STATIC to use Unix address endpoints. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: ServiceEntry -// metadata: -// name: unix-domain-socket-example -// spec: -// hosts: -// - "example.unix.local" -// location: MESH_EXTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: STATIC -// endpoints: -// - address: unix:///var/run/example/socket -// ``` -// -// For HTTP-based services, it is possible to create a `VirtualService` -// backed by multiple DNS addressable endpoints. In such a scenario, the -// application can use the `HTTP_PROXY` environment variable to transparently -// reroute API calls for the `VirtualService` to a chosen backend. For -// example, the following configuration creates a non-existent external -// service called foo.bar.com backed by three domains: us.foo.bar.com:8080, -// uk.foo.bar.com:9080, and in.foo.bar.com:7080 -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: ServiceEntry -// metadata: -// name: external-svc-dns -// spec: -// hosts: -// - foo.bar.com -// location: MESH_EXTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: DNS -// endpoints: -// - address: us.foo.bar.com -// ports: -// http: 8080 -// - address: uk.foo.bar.com -// ports: -// http: 9080 -// - address: in.foo.bar.com -// ports: -// http: 7080 -// ``` -// -// With `HTTP_PROXY=http://localhost/`, calls from the application to -// `http://foo.bar.com` will be load balanced across the three domains -// specified above. In other words, a call to `http://foo.bar.com/baz` would -// be translated to `http://uk.foo.bar.com/baz`. -// -// The following example illustrates the usage of a `ServiceEntry` -// containing a subject alternate name -// whose format conforms to the [SPIFFE standard](https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md): -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: ServiceEntry -// metadata: -// name: httpbin -// namespace : httpbin-ns -// spec: -// hosts: -// - example.com -// location: MESH_INTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: STATIC -// endpoints: -// - address: 2.2.2.2 -// - address: 3.3.3.3 -// subjectAltNames: -// - "spiffe://cluster.local/ns/httpbin-ns/sa/httpbin-service-account" -// ``` -// -// The following example demonstrates the use of `ServiceEntry` with a -// `workloadSelector` to handle the migration of a service -// `details.bookinfo.com` from VMs to Kubernetes. The service has two -// VM-based instances with sidecars as well as a set of Kubernetes -// pods managed by a standard deployment object. Consumers of this -// service in the mesh will be automatically load balanced across the -// VMs and Kubernetes. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: WorkloadEntry -// metadata: -// name: details-vm-1 -// spec: -// serviceAccount: details -// address: 2.2.2.2 -// labels: -// app: details -// instance-id: vm1 -// --- -// apiVersion: networking.istio.io/v1 -// kind: WorkloadEntry -// metadata: -// name: details-vm-2 -// spec: -// serviceAccount: details -// address: 3.3.3.3 -// labels: -// app: details -// instance-id: vm2 -// ``` -// -// Assuming there is also a Kubernetes deployment with pod labels -// `app: details` using the same service account `details`, the -// following service entry declares a service spanning both VMs and -// Kubernetes: -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: ServiceEntry -// metadata: -// name: details-svc -// spec: -// hosts: -// - details.bookinfo.com -// location: MESH_INTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: STATIC -// workloadSelector: -// labels: -// app: details -// ``` -package istio.networking.v1; - -option go_package = "istio.io/api/networking/v1"; - -// ServiceEntry enables adding additional entries into Istio's internal -// service registry. -// -// -// -message ServiceEntry { - // The hosts associated with the ServiceEntry. Could be a DNS - // name with wildcard prefix. - // - // 1. The hosts field is used to select matching hosts in VirtualServices and DestinationRules. - // 2. For HTTP traffic the HTTP Host/Authority header will be matched against the hosts field. - // 3. For HTTPs or TLS traffic containing Server Name Indication (SNI), the SNI value - // will be matched against the hosts field. - // - // **NOTE 1:** When resolution is set to type DNS and no endpoints - // are specified, the host field will be used as the DNS name of the - // endpoint to route traffic to. - // - // **NOTE 2:** If the hostname matches with the name of a service - // from another service registry such as Kubernetes that also - // supplies its own set of endpoints, the ServiceEntry will be - // treated as a decorator of the existing Kubernetes - // service. Properties in the service entry will be added to the - // Kubernetes service if applicable. Currently, only the following - // additional properties will be considered by `istiod`: - // - // 1. subjectAltNames: In addition to verifying the SANs of the - // service accounts associated with the pods of the service, the - // SANs specified here will also be verified. - // - repeated string hosts = 1 [(google.api.field_behavior) = REQUIRED]; - - // The virtual IP addresses associated with the service. Could be CIDR - // prefix. For HTTP traffic, generated route configurations will include http route - // domains for both the `addresses` and `hosts` field values and the destination will - // be identified based on the HTTP Host/Authority header. - // If one or more IP addresses are specified, - // the incoming traffic will be identified as belonging to this service - // if the destination IP matches the IP/CIDRs specified in the addresses - // field. If the Addresses field is empty, traffic will be identified - // solely based on the destination port. In such scenarios, the port on - // which the service is being accessed must not be shared by any other - // service in the mesh. In other words, the sidecar will behave as a - // simple TCP proxy, forwarding incoming traffic on a specified port to - // the specified destination endpoint IP/host. Unix domain socket - // addresses are not supported in this field. - repeated string addresses = 2; - - // The ports associated with the external service. If the - // Endpoints are Unix domain socket addresses, there must be exactly one - // port. - repeated ServicePort ports = 3; - - // Location specifies whether the service is part of Istio mesh or - // outside the mesh. Location determines the behavior of several - // features, such as service-to-service mTLS authentication, policy - // enforcement, etc. When communicating with services outside the mesh, - // Istio's mTLS authentication is disabled, and policy enforcement is - // performed on the client-side as opposed to server-side. - enum Location { - // Signifies that the service is external to the mesh. Typically used - // to indicate external services consumed through APIs. - MESH_EXTERNAL = 0; - - // Signifies that the service is part of the mesh. Typically used to - // indicate services added explicitly as part of expanding the service - // mesh to include unmanaged infrastructure (e.g., VMs added to a - // Kubernetes based service mesh). - MESH_INTERNAL = 1; - }; - - // Specify whether the service should be considered external to the mesh - // or part of the mesh. - Location location = 4; - - // Resolution determines how the proxy will resolve the IP addresses of - // the network endpoints associated with the service, so that it can - // route to one of them. The resolution mode specified here has no impact - // on how the application resolves the IP address associated with the - // service. The application may still have to use DNS to resolve the - // service to an IP so that the outbound traffic can be captured by the - // Proxy. Alternatively, for HTTP services, the application could - // directly communicate with the proxy (e.g., by setting HTTP_PROXY) to - // talk to these services. - enum Resolution { - // Assume that incoming connections have already been resolved (to a - // specific destination IP address). Such connections are typically - // routed via the proxy using mechanisms such as IP table REDIRECT/ - // eBPF. After performing any routing related transformations, the - // proxy will forward the connection to the IP address to which the - // connection was bound. - NONE = 0; - - // Use the static IP addresses specified in endpoints (see below) as the - // backing instances associated with the service. - STATIC = 1; - - // Attempt to resolve the IP address by querying the ambient DNS, - // asynchronously. If no endpoints are specified, the proxy - // will resolve the DNS address specified in the hosts field, if - // wildcards are not used. If endpoints are specified, the DNS - // addresses specified in the endpoints will be resolved to determine - // the destination IP address. DNS resolution cannot be used with Unix - // domain socket endpoints. - DNS = 2; - - // Attempt to resolve the IP address by querying the ambient DNS, - // asynchronously. Unlike `DNS`, `DNS_ROUND_ROBIN` only uses the - // first IP address returned when a new connection needs to be initiated - // without relying on complete results of DNS resolution, and connections - // made to hosts will be retained even if DNS records change frequently - // eliminating draining connection pools and connection cycling. - // This is best suited for large web scale services that - // must be accessed via DNS. The proxy will resolve the DNS address - // specified in the hosts field, if wildcards are not used. DNS resolution - // cannot be used with Unix domain socket endpoints. - DNS_ROUND_ROBIN = 3; - }; - - // Service resolution mode for the hosts. Care must be taken - // when setting the resolution mode to NONE for a TCP port without - // accompanying IP addresses. In such cases, traffic to any IP on - // said port will be allowed (i.e. `0.0.0.0:`). - Resolution resolution = 5; - - // One or more endpoints associated with the service. Only one of - // `endpoints` or `workloadSelector` can be specified. - repeated WorkloadEntry endpoints = 6; - - // Applicable only for MESH_INTERNAL services. Only one of - // `endpoints` or `workloadSelector` can be specified. Selects one - // or more Kubernetes pods or VM workloads (specified using - // `WorkloadEntry`) based on their labels. The `WorkloadEntry` object - // representing the VMs should be defined in the same namespace as - // the ServiceEntry. - WorkloadSelector workload_selector = 9; - - // A list of namespaces to which this service is exported. Exporting a service - // allows it to be used by sidecars, gateways and virtual services defined in - // other namespaces. This feature provides a mechanism for service owners - // and mesh administrators to control the visibility of services across - // namespace boundaries. - // - // If no namespaces are specified then the service is exported to all - // namespaces by default. - // - // The value "." is reserved and defines an export to the same namespace that - // the service is declared in. Similarly the value "*" is reserved and - // defines an export to all namespaces. - // - // For a Kubernetes Service, the equivalent effect can be achieved by setting - // the annotation "networking.istio.io/exportTo" to a comma-separated list - // of namespace names. - repeated string export_to = 7; - - // If specified, the proxy will verify that the server certificate's - // subject alternate name matches one of the specified values. - // - // NOTE: When using the workloadEntry with workloadSelectors, the - // service account specified in the workloadEntry will also be used - // to derive the additional subject alternate names that should be - // verified. - repeated string subject_alt_names = 8; -} - -// ServicePort describes the properties of a specific port of a service. -message ServicePort { - // A valid non-negative integer port number. - uint32 number = 1 [(google.api.field_behavior) = REQUIRED]; - - // The protocol exposed on the port. - // MUST BE one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TLS. - // TLS implies the connection will be routed based on the SNI header to - // the destination without terminating the TLS connection. - string protocol = 2; - - // Label assigned to the port. - string name = 3 [(google.api.field_behavior) = REQUIRED]; - - // The port number on the endpoint where the traffic will be - // received. If unset, default to `number`. - uint32 target_port = 4; -} diff --git a/networking/v1/service_entry_alias.gen.go b/networking/v1/service_entry_alias.gen.go new file mode 100644 index 00000000000..a676e3806f5 --- /dev/null +++ b/networking/v1/service_entry_alias.gen.go @@ -0,0 +1,19 @@ +// Code generated by protoc-gen-alias. DO NOT EDIT. +package v1 + +import "istio.io/api/networking/v1alpha3" + +type ServiceEntry = v1alpha3.ServiceEntry +type ServiceEntry_Location = v1alpha3.ServiceEntry_Location + +const ServiceEntry_MESH_EXTERNAL ServiceEntry_Location = v1alpha3.ServiceEntry_MESH_EXTERNAL +const ServiceEntry_MESH_INTERNAL ServiceEntry_Location = v1alpha3.ServiceEntry_MESH_INTERNAL + +type ServiceEntry_Resolution = v1alpha3.ServiceEntry_Resolution + +const ServiceEntry_NONE ServiceEntry_Resolution = v1alpha3.ServiceEntry_NONE +const ServiceEntry_STATIC ServiceEntry_Resolution = v1alpha3.ServiceEntry_STATIC +const ServiceEntry_DNS ServiceEntry_Resolution = v1alpha3.ServiceEntry_DNS +const ServiceEntry_DNS_ROUND_ROBIN ServiceEntry_Resolution = v1alpha3.ServiceEntry_DNS_ROUND_ROBIN + +type ServicePort = v1alpha3.ServicePort diff --git a/networking/v1/service_entry_deepcopy.gen.go b/networking/v1/service_entry_deepcopy.gen.go deleted file mode 100644 index a0819057d0d..00000000000 --- a/networking/v1/service_entry_deepcopy.gen.go +++ /dev/null @@ -1,48 +0,0 @@ -// Code generated by protoc-gen-deepcopy. DO NOT EDIT. -package v1 - -import ( - proto "google.golang.org/protobuf/proto" -) - -// DeepCopyInto supports using ServiceEntry within kubernetes types, where deepcopy-gen is used. -func (in *ServiceEntry) DeepCopyInto(out *ServiceEntry) { - p := proto.Clone(in).(*ServiceEntry) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceEntry. Required by controller-gen. -func (in *ServiceEntry) DeepCopy() *ServiceEntry { - if in == nil { - return nil - } - out := new(ServiceEntry) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ServiceEntry. Required by controller-gen. -func (in *ServiceEntry) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using ServicePort within kubernetes types, where deepcopy-gen is used. -func (in *ServicePort) DeepCopyInto(out *ServicePort) { - p := proto.Clone(in).(*ServicePort) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServicePort. Required by controller-gen. -func (in *ServicePort) DeepCopy() *ServicePort { - if in == nil { - return nil - } - out := new(ServicePort) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ServicePort. Required by controller-gen. -func (in *ServicePort) DeepCopyInterface() interface{} { - return in.DeepCopy() -} diff --git a/networking/v1/service_entry_json.gen.go b/networking/v1/service_entry_json.gen.go deleted file mode 100644 index 08f52c5baed..00000000000 --- a/networking/v1/service_entry_json.gen.go +++ /dev/null @@ -1,34 +0,0 @@ -// Code generated by protoc-gen-jsonshim. DO NOT EDIT. -package v1 - -import ( - bytes "bytes" - jsonpb "github.com/golang/protobuf/jsonpb" -) - -// MarshalJSON is a custom marshaler for ServiceEntry -func (this *ServiceEntry) MarshalJSON() ([]byte, error) { - str, err := ServiceEntryMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for ServiceEntry -func (this *ServiceEntry) UnmarshalJSON(b []byte) error { - return ServiceEntryUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for ServicePort -func (this *ServicePort) MarshalJSON() ([]byte, error) { - str, err := ServiceEntryMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for ServicePort -func (this *ServicePort) UnmarshalJSON(b []byte) error { - return ServiceEntryUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -var ( - ServiceEntryMarshaler = &jsonpb.Marshaler{} - ServiceEntryUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} -) diff --git a/networking/v1/sidecar.pb.go b/networking/v1/sidecar.pb.go deleted file mode 100644 index 15c1abdd7b7..00000000000 --- a/networking/v1/sidecar.pb.go +++ /dev/null @@ -1,1272 +0,0 @@ -// Copyright 2020 Istio Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.33.0 -// protoc (unknown) -// source: networking/v1/sidecar.proto - -// $schema: istio.networking.v1.Sidecar -// $title: Sidecar -// $description: Configuration affecting network reachability of a sidecar. -// $location: https://istio.io/docs/reference/config/networking/sidecar.html -// $aliases: [/docs/reference/config/networking/v1/sidecar] -// $mode: none - -// `Sidecar` describes the configuration of the sidecar proxy that mediates -// inbound and outbound communication to the workload instance it is attached to. By -// default, Istio will program all sidecar proxies in the mesh with the -// necessary configuration required to reach every workload instance in the mesh, as -// well as accept traffic on all the ports associated with the -// workload. The `Sidecar` configuration provides a way to fine tune the set of -// ports, protocols that the proxy will accept when forwarding traffic to -// and from the workload. In addition, it is possible to restrict the set -// of services that the proxy can reach when forwarding outbound traffic -// from workload instances. -// -// Services and configuration in a mesh are organized into one or more -// namespaces (e.g., a Kubernetes namespace or a CF org/space). A `Sidecar` -// configuration in a namespace will apply to one or more workload instances in the same -// namespace, selected using the `workloadSelector` field. In the absence of a -// `workloadSelector`, it will apply to all workload instances in the same -// namespace. When determining the `Sidecar` configuration to be applied to a -// workload instance, preference will be given to the resource with a -// `workloadSelector` that selects this workload instance, over a `Sidecar` configuration -// without any `workloadSelector`. -// -// **NOTE 1**: *_Each namespace can have only one `Sidecar` -// configuration without any `workloadSelector`_ that specifies the -// default for all pods in that namespace*. It is recommended to use -// the name `default` for the namespace-wide sidecar. The behavior of -// the system is undefined if more than one selector-less `Sidecar` -// configurations exist in a given namespace. The behavior of the -// system is undefined if two or more `Sidecar` configurations with a -// `workloadSelector` select the same workload instance. -// -// **NOTE 2**: *_A `Sidecar` configuration in the `MeshConfig` -// [root namespace](https://istio.io/docs/reference/config/istio.mesh.v1alpha1/#MeshConfig) -// will be applied by default to all namespaces without a `Sidecar` -// configuration_*. This global default `Sidecar` configuration should not have -// any `workloadSelector`. -// -// **NOTE 3**: *_A `Sidecar` is not applicable to gateways, even though gateways are istio-proxies_*. -// -// The example below declares a global default `Sidecar` configuration -// in the root namespace called `istio-config`, that configures -// sidecars in all namespaces to allow egress traffic only to other -// workloads in the same namespace as well as to services in the -// `istio-system` namespace. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: Sidecar -// metadata: -// name: default -// namespace: istio-config -// spec: -// egress: -// - hosts: -// - "./*" -// - "istio-system/*" -// ``` -// -// The example below declares a `Sidecar` configuration in the -// `prod-us1` namespace that overrides the global default defined -// above, and configures the sidecars in the namespace to allow egress -// traffic to public services in the `prod-us1`, `prod-apis`, and the -// `istio-system` namespaces. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: Sidecar -// metadata: -// name: default -// namespace: prod-us1 -// spec: -// egress: -// - hosts: -// - "prod-us1/*" -// - "prod-apis/*" -// - "istio-system/*" -// ``` -// -// The following example declares a `Sidecar` configuration in the -// `prod-us1` namespace for all pods with labels `app: ratings` -// belonging to the `ratings.prod-us1` service. The workload accepts -// inbound HTTP traffic on port 9080. The traffic is then forwarded to -// the attached workload instance listening on a Unix domain -// socket. In the egress direction, in addition to the `istio-system` -// namespace, the sidecar proxies only HTTP traffic bound for port -// 9080 for services in the `prod-us1` namespace. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: Sidecar -// metadata: -// name: ratings -// namespace: prod-us1 -// spec: -// workloadSelector: -// labels: -// app: ratings -// ingress: -// - port: -// number: 9080 -// protocol: HTTP -// name: somename -// defaultEndpoint: unix:///var/run/someuds.sock -// egress: -// - port: -// number: 9080 -// protocol: HTTP -// name: egresshttp -// hosts: -// - "prod-us1/*" -// - hosts: -// - "istio-system/*" -// ``` -// -// If the workload is deployed without IPTables-based traffic capture, -// the `Sidecar` configuration is the only way to configure the ports -// on the proxy attached to the workload instance. The following -// example declares a `Sidecar` configuration in the `prod-us1` -// namespace for all pods with labels `app: productpage` belonging to -// the `productpage.prod-us1` service. Assuming that these pods are -// deployed without IPtable rules (i.e. the `istio-init` container) -// and the proxy metadata `ISTIO_META_INTERCEPTION_MODE` is set to -// `NONE`, the specification, below, allows such pods to receive HTTP -// traffic on port 9080 (wrapped inside Istio mutual TLS) and forward -// it to the application listening on `127.0.0.1:8080`. It also allows -// the application to communicate with a backing MySQL database on -// `127.0.0.1:3306`, that then gets proxied to the externally hosted -// MySQL service at `mysql.foo.com:3306`. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: Sidecar -// metadata: -// name: no-ip-tables -// namespace: prod-us1 -// spec: -// workloadSelector: -// labels: -// app: productpage -// ingress: -// - port: -// number: 9080 # binds to proxy_instance_ip:9080 (0.0.0.0:9080, if no unicast IP is available for the instance) -// protocol: HTTP -// name: somename -// defaultEndpoint: 127.0.0.1:8080 -// captureMode: NONE # not needed if metadata is set for entire proxy -// egress: -// - port: -// number: 3306 -// protocol: MYSQL -// name: egressmysql -// captureMode: NONE # not needed if metadata is set for entire proxy -// bind: 127.0.0.1 -// hosts: -// - "*/mysql.foo.com" -// ``` -// -// And the associated service entry for routing to `mysql.foo.com:3306` -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: ServiceEntry -// metadata: -// name: external-svc-mysql -// namespace: ns1 -// spec: -// hosts: -// - mysql.foo.com -// ports: -// - number: 3306 -// name: mysql -// protocol: MYSQL -// location: MESH_EXTERNAL -// resolution: DNS -// ``` -// -// It is also possible to mix and match traffic capture modes in a single -// proxy. For example, consider a setup where internal services are on the -// `192.168.0.0/16` subnet. So, IP tables are setup on the VM to capture all -// outbound traffic on `192.168.0.0/16` subnet. Assume that the VM has an -// additional network interface on `172.16.0.0/16` subnet for inbound -// traffic. The following `Sidecar` configuration allows the VM to expose a -// listener on `172.16.1.32:80` (the VM's IP) for traffic arriving from the -// `172.16.0.0/16` subnet. -// -// **NOTE**: The `ISTIO_META_INTERCEPTION_MODE` metadata on the -// proxy in the VM should contain `REDIRECT` or `TPROXY` as its value, -// implying that IP tables based traffic capture is active. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: Sidecar -// metadata: -// name: partial-ip-tables -// namespace: prod-us1 -// spec: -// workloadSelector: -// labels: -// app: productpage -// ingress: -// - bind: 172.16.1.32 -// port: -// number: 80 # binds to 172.16.1.32:80 -// protocol: HTTP -// name: somename -// defaultEndpoint: 127.0.0.1:8080 -// captureMode: NONE -// egress: -// # use the system detected defaults -// # sets up configuration to handle outbound traffic to services -// # in 192.168.0.0/16 subnet, based on information provided by the -// # service registry -// - captureMode: IPTABLES -// hosts: -// - "*/*" -// ``` -// -// In addition to configuring traffic capture and how traffic is forwarded to the app, -// it's possible to control inbound connection pool settings. By default, Istio pushes -// connection pool settings from `DestinationRules` to both clients (for outbound -// connections to the service) as well as servers (for inbound connections to a service -// instance). Using the `InboundConnectionPool` and per-port `ConnectionPool` settings -// in a `Sidecar` allow you to control those connection pools for the server separately -// from the settings pushed to all clients. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: Sidecar -// metadata: -// name: connection-pool-settings -// namespace: prod-us1 -// spec: -// workloadSelector: -// labels: -// app: productpage -// inboundConnectionPool: -// http: -// http1MaxPendingRequests: 1024 -// http2MaxRequests: 1024 -// maxRequestsPerConnection: 1024 -// maxRetries: 100 -// ingress: -// - port: -// number: 80 -// protocol: HTTP -// name: somename -// connectionPool: -// http: -// http1MaxPendingRequests: 1024 -// http2MaxRequests: 1024 -// maxRequestsPerConnection: 1024 -// maxRetries: 100 -// tcp: -// maxConnections: 100 -// ``` - -package v1 - -import ( - _ "google.golang.org/genproto/googleapis/api/annotations" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// `CaptureMode` describes how traffic to a listener is expected to be -// captured. Applicable only when the listener is bound to an IP. -type CaptureMode int32 - -const ( - // The default capture mode defined by the environment. - CaptureMode_DEFAULT CaptureMode = 0 - // Capture traffic using IPtables redirection. - CaptureMode_IPTABLES CaptureMode = 1 - // No traffic capture. When used in an egress listener, the application is - // expected to explicitly communicate with the listener port or Unix - // domain socket. When used in an ingress listener, care needs to be taken - // to ensure that the listener port is not in use by other processes on - // the host. - CaptureMode_NONE CaptureMode = 2 -) - -// Enum value maps for CaptureMode. -var ( - CaptureMode_name = map[int32]string{ - 0: "DEFAULT", - 1: "IPTABLES", - 2: "NONE", - } - CaptureMode_value = map[string]int32{ - "DEFAULT": 0, - "IPTABLES": 1, - "NONE": 2, - } -) - -func (x CaptureMode) Enum() *CaptureMode { - p := new(CaptureMode) - *p = x - return p -} - -func (x CaptureMode) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (CaptureMode) Descriptor() protoreflect.EnumDescriptor { - return file_networking_v1_sidecar_proto_enumTypes[0].Descriptor() -} - -func (CaptureMode) Type() protoreflect.EnumType { - return &file_networking_v1_sidecar_proto_enumTypes[0] -} - -func (x CaptureMode) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use CaptureMode.Descriptor instead. -func (CaptureMode) EnumDescriptor() ([]byte, []int) { - return file_networking_v1_sidecar_proto_rawDescGZIP(), []int{0} -} - -type OutboundTrafficPolicy_Mode int32 - -const ( - // Outbound traffic will be restricted to services defined in the - // service registry as well as those defined through `ServiceEntry` configurations. - OutboundTrafficPolicy_REGISTRY_ONLY OutboundTrafficPolicy_Mode = 0 - // Outbound traffic to unknown destinations will be allowed, in case - // there are no services or `ServiceEntry` configurations for the destination port. - OutboundTrafficPolicy_ALLOW_ANY OutboundTrafficPolicy_Mode = 1 -) - -// Enum value maps for OutboundTrafficPolicy_Mode. -var ( - OutboundTrafficPolicy_Mode_name = map[int32]string{ - 0: "REGISTRY_ONLY", - 1: "ALLOW_ANY", - } - OutboundTrafficPolicy_Mode_value = map[string]int32{ - "REGISTRY_ONLY": 0, - "ALLOW_ANY": 1, - } -) - -func (x OutboundTrafficPolicy_Mode) Enum() *OutboundTrafficPolicy_Mode { - p := new(OutboundTrafficPolicy_Mode) - *p = x - return p -} - -func (x OutboundTrafficPolicy_Mode) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (OutboundTrafficPolicy_Mode) Descriptor() protoreflect.EnumDescriptor { - return file_networking_v1_sidecar_proto_enumTypes[1].Descriptor() -} - -func (OutboundTrafficPolicy_Mode) Type() protoreflect.EnumType { - return &file_networking_v1_sidecar_proto_enumTypes[1] -} - -func (x OutboundTrafficPolicy_Mode) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use OutboundTrafficPolicy_Mode.Descriptor instead. -func (OutboundTrafficPolicy_Mode) EnumDescriptor() ([]byte, []int) { - return file_networking_v1_sidecar_proto_rawDescGZIP(), []int{4, 0} -} - -// `Sidecar` describes the configuration of the sidecar proxy that mediates -// inbound and outbound communication of the workload instance to which it is -// attached. -// -// -// -type Sidecar struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Criteria used to select the specific set of pods/VMs on which this - // `Sidecar` configuration should be applied. If omitted, the `Sidecar` - // configuration will be applied to all workload instances in the same namespace. - WorkloadSelector *WorkloadSelector `protobuf:"bytes,1,opt,name=workload_selector,json=workloadSelector,proto3" json:"workload_selector,omitempty"` - // Ingress specifies the configuration of the sidecar for processing - // inbound traffic to the attached workload instance. If omitted, Istio will - // automatically configure the sidecar based on the information about the workload - // obtained from the orchestration platform (e.g., exposed ports, services, - // etc.). If specified, inbound ports are configured if and only if the - // workload instance is associated with a service. - Ingress []*IstioIngressListener `protobuf:"bytes,2,rep,name=ingress,proto3" json:"ingress,omitempty"` - // Egress specifies the configuration of the sidecar for processing - // outbound traffic from the attached workload instance to other - // services in the mesh. If not specified, inherits the system - // detected defaults from the namespace-wide or the global default Sidecar. - Egress []*IstioEgressListener `protobuf:"bytes,3,rep,name=egress,proto3" json:"egress,omitempty"` - // Settings controlling the volume of connections Envoy will accept from the network. - // This default will apply for all inbound listeners and can be overridden per-port - // in the `Ingress` field. This configuration mirrors the `DestinationRule`'s - // [`connectionPool`](https://istio.io/latest/docs/reference/config/networking/destination-rule/#ConnectionPoolSettings) field. - // - // By default, Istio applies a service's `DestinationRule` to client sidecars - // for outbound traffic directed at the service -- the usual case folks think - // of when configuring a `DestinationRule` -- but also to the server's inbound - // sidecar. The `Sidecar`'s connection pool configures the server's inbound - // sidecar directly, so its settings can be different than clients'. This is - // valuable, for example, when you have many clients calling few servers: a - // `DestinationRule` can limit the concurrency of any single client, while - // the `Sidecar` allows you to configure much higher concurrency on the server - // side. - // - // Connection pool settings for a server's inbound sidecar are configured in the - // following precedence, highest to lowest: - // - per-port `ConnectionPool` from the `Sidecar` - // - top level `InboundConnectionPool` from the `Sidecar` - // - per-port `TrafficPolicy.ConnectionPool` from the `DestinationRule` - // - top level `TrafficPolicy.ConnectionPool` from the `DestinationRule` - // - default connection pool settings (essentially unlimited) - // - // In every case, the connection pool settings are overriden, not merged. - InboundConnectionPool *ConnectionPoolSettings `protobuf:"bytes,7,opt,name=inbound_connection_pool,json=inboundConnectionPool,proto3" json:"inbound_connection_pool,omitempty"` - // Configuration for the outbound traffic policy. If your - // application uses one or more external services that are not known - // apriori, setting the policy to `ALLOW_ANY` will cause the - // sidecars to route any unknown traffic originating from the - // application to its requested destination. If not specified, - // inherits the system detected defaults from the namespace-wide or - // the global default Sidecar. - OutboundTrafficPolicy *OutboundTrafficPolicy `protobuf:"bytes,4,opt,name=outbound_traffic_policy,json=outboundTrafficPolicy,proto3" json:"outbound_traffic_policy,omitempty"` -} - -func (x *Sidecar) Reset() { - *x = Sidecar{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_sidecar_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Sidecar) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Sidecar) ProtoMessage() {} - -func (x *Sidecar) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_sidecar_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Sidecar.ProtoReflect.Descriptor instead. -func (*Sidecar) Descriptor() ([]byte, []int) { - return file_networking_v1_sidecar_proto_rawDescGZIP(), []int{0} -} - -func (x *Sidecar) GetWorkloadSelector() *WorkloadSelector { - if x != nil { - return x.WorkloadSelector - } - return nil -} - -func (x *Sidecar) GetIngress() []*IstioIngressListener { - if x != nil { - return x.Ingress - } - return nil -} - -func (x *Sidecar) GetEgress() []*IstioEgressListener { - if x != nil { - return x.Egress - } - return nil -} - -func (x *Sidecar) GetInboundConnectionPool() *ConnectionPoolSettings { - if x != nil { - return x.InboundConnectionPool - } - return nil -} - -func (x *Sidecar) GetOutboundTrafficPolicy() *OutboundTrafficPolicy { - if x != nil { - return x.OutboundTrafficPolicy - } - return nil -} - -// `IstioIngressListener` specifies the properties of an inbound -// traffic listener on the sidecar proxy attached to a workload instance. -type IstioIngressListener struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The port associated with the listener. - Port *SidecarPort `protobuf:"bytes,1,opt,name=port,proto3" json:"port,omitempty"` - // The IP(IPv4 or IPv6) to which the listener should be bound. - // Unix domain socket addresses are not allowed in - // the bind field for ingress listeners. If omitted, Istio will - // automatically configure the defaults based on imported services - // and the workload instances to which this configuration is applied - // to. - Bind string `protobuf:"bytes,2,opt,name=bind,proto3" json:"bind,omitempty"` - // The captureMode option dictates how traffic to the listener is - // expected to be captured (or not). - CaptureMode CaptureMode `protobuf:"varint,3,opt,name=capture_mode,json=captureMode,proto3,enum=istio.networking.v1.CaptureMode" json:"capture_mode,omitempty"` - // The IP endpoint or Unix domain socket to which - // traffic should be forwarded to. This configuration can be used to - // redirect traffic arriving at the bind `IP:Port` on the sidecar to a `localhost:port` - // or Unix domain socket where the application workload instance is listening for - // connections. Arbitrary IPs are not supported. Format should be one of - // `127.0.0.1:PORT`, `[::1]:PORT` (forward to localhost), - // `0.0.0.0:PORT`, `[::]:PORT` (forward to the instance IP), - // or `unix:///path/to/socket` (forward to Unix domain socket). - DefaultEndpoint string `protobuf:"bytes,4,opt,name=default_endpoint,json=defaultEndpoint,proto3" json:"default_endpoint,omitempty"` - // Set of TLS related options that will enable TLS termination on the - // sidecar for requests originating from outside the mesh. - // Currently supports only SIMPLE and MUTUAL TLS modes. - Tls *ServerTLSSettings `protobuf:"bytes,7,opt,name=tls,proto3" json:"tls,omitempty"` - // Settings controlling the volume of connections Envoy will accept from the network. - // This setting overrides the top-level default `inboundConnectionPool` to configure - // specific settings for this port. This configuration mirrors the `DestinationRule`'s - // [`PortTrafficPolicy.connectionPool`](https://istio.io/latest/docs/reference/config/networking/destination-rule/#TrafficPolicy-PortTrafficPolicy) field. - // This port level connection pool has the highest precedence in configuration, - // overriding both the `Sidecar`'s top level `InboundConnectionPool` as well as any - // connection pooling settings from the `DestinationRule`. - ConnectionPool *ConnectionPoolSettings `protobuf:"bytes,8,opt,name=connection_pool,json=connectionPool,proto3" json:"connection_pool,omitempty"` -} - -func (x *IstioIngressListener) Reset() { - *x = IstioIngressListener{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_sidecar_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *IstioIngressListener) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*IstioIngressListener) ProtoMessage() {} - -func (x *IstioIngressListener) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_sidecar_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use IstioIngressListener.ProtoReflect.Descriptor instead. -func (*IstioIngressListener) Descriptor() ([]byte, []int) { - return file_networking_v1_sidecar_proto_rawDescGZIP(), []int{1} -} - -func (x *IstioIngressListener) GetPort() *SidecarPort { - if x != nil { - return x.Port - } - return nil -} - -func (x *IstioIngressListener) GetBind() string { - if x != nil { - return x.Bind - } - return "" -} - -func (x *IstioIngressListener) GetCaptureMode() CaptureMode { - if x != nil { - return x.CaptureMode - } - return CaptureMode_DEFAULT -} - -func (x *IstioIngressListener) GetDefaultEndpoint() string { - if x != nil { - return x.DefaultEndpoint - } - return "" -} - -func (x *IstioIngressListener) GetTls() *ServerTLSSettings { - if x != nil { - return x.Tls - } - return nil -} - -func (x *IstioIngressListener) GetConnectionPool() *ConnectionPoolSettings { - if x != nil { - return x.ConnectionPool - } - return nil -} - -// `IstioEgressListener` specifies the properties of an outbound traffic -// listener on the sidecar proxy attached to a workload instance. -type IstioEgressListener struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The port associated with the listener. If using Unix domain socket, - // use 0 as the port number, with a valid protocol. The port if - // specified, will be used as the default destination port associated - // with the imported hosts. If the port is omitted, Istio will infer the - // listener ports based on the imported hosts. Note that when multiple - // egress listeners are specified, where one or more listeners have - // specific ports while others have no port, the hosts exposed on a - // listener port will be based on the listener with the most specific - // port. - Port *SidecarPort `protobuf:"bytes,1,opt,name=port,proto3" json:"port,omitempty"` - // The IP(IPv4 or IPv6) or the Unix domain socket to which the listener should be bound - // to. Port MUST be specified if bind is not empty. Format: IPv4 or IPv6 address formats or - // `unix:///path/to/uds` or `unix://@foobar` (Linux abstract namespace). If - // omitted, Istio will automatically configure the defaults based on imported - // services, the workload instances to which this configuration is applied to and - // the captureMode. If captureMode is `NONE`, bind will default to - // 127.0.0.1. - Bind string `protobuf:"bytes,2,opt,name=bind,proto3" json:"bind,omitempty"` - // When the bind address is an IP, the captureMode option dictates - // how traffic to the listener is expected to be captured (or not). - // captureMode must be DEFAULT or `NONE` for Unix domain socket binds. - CaptureMode CaptureMode `protobuf:"varint,3,opt,name=capture_mode,json=captureMode,proto3,enum=istio.networking.v1.CaptureMode" json:"capture_mode,omitempty"` - // One or more service hosts exposed by the listener - // in `namespace/dnsName` format. Services in the specified namespace - // matching `dnsName` will be exposed. - // The corresponding service can be a service in the service registry - // (e.g., a Kubernetes or cloud foundry service) or a service specified - // using a `ServiceEntry` or `VirtualService` configuration. Any - // associated `DestinationRule` in the same namespace will also be used. - // - // The `dnsName` should be specified using FQDN format, optionally including - // a wildcard character in the left-most component (e.g., `prod/*.example.com`). - // Set the `dnsName` to `*` to select all services from the specified namespace - // (e.g., `prod/*`). - // - // The `namespace` can be set to `*`, `.`, or `~`, representing any, the current, - // or no namespace, respectively. For example, `*/foo.example.com` selects the - // service from any available namespace while `./foo.example.com` only selects - // the service from the namespace of the sidecar. If a host is set to `*/*`, - // Istio will configure the sidecar to be able to reach every service in the - // mesh that is exported to the sidecar's namespace. The value `~/*` can be used - // to completely trim the configuration for sidecars that simply receive traffic - // and respond, but make no outbound connections of their own. - // - // NOTE: Only services and configuration artifacts exported to the sidecar's - // namespace (e.g., `exportTo` value of `*`) can be referenced. - // Private configurations (e.g., `exportTo` set to `.`) will - // not be available. Refer to the `exportTo` setting in `VirtualService`, - // `DestinationRule`, and `ServiceEntry` configurations for details. - Hosts []string `protobuf:"bytes,4,rep,name=hosts,proto3" json:"hosts,omitempty"` -} - -func (x *IstioEgressListener) Reset() { - *x = IstioEgressListener{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_sidecar_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *IstioEgressListener) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*IstioEgressListener) ProtoMessage() {} - -func (x *IstioEgressListener) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_sidecar_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use IstioEgressListener.ProtoReflect.Descriptor instead. -func (*IstioEgressListener) Descriptor() ([]byte, []int) { - return file_networking_v1_sidecar_proto_rawDescGZIP(), []int{2} -} - -func (x *IstioEgressListener) GetPort() *SidecarPort { - if x != nil { - return x.Port - } - return nil -} - -func (x *IstioEgressListener) GetBind() string { - if x != nil { - return x.Bind - } - return "" -} - -func (x *IstioEgressListener) GetCaptureMode() CaptureMode { - if x != nil { - return x.CaptureMode - } - return CaptureMode_DEFAULT -} - -func (x *IstioEgressListener) GetHosts() []string { - if x != nil { - return x.Hosts - } - return nil -} - -// `WorkloadSelector` specifies the criteria used to determine if the -// `Gateway`, `Sidecar`, `EnvoyFilter`, `ServiceEntry`, or `DestinationRule` -// configuration can be applied to a proxy. The matching criteria -// includes the metadata associated with a proxy, workload instance -// info such as labels attached to the pod/VM, or any other info that -// the proxy provides to Istio during the initial handshake. If -// multiple conditions are specified, all conditions need to match in -// order for the workload instance to be selected. Currently, only -// label based selection mechanism is supported. -type WorkloadSelector struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // One or more labels that indicate a specific set of pods/VMs - // on which the configuration should be applied. The scope of - // label search is restricted to the configuration namespace in which the - // the resource is present. - Labels map[string]string `protobuf:"bytes,1,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` -} - -func (x *WorkloadSelector) Reset() { - *x = WorkloadSelector{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_sidecar_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *WorkloadSelector) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*WorkloadSelector) ProtoMessage() {} - -func (x *WorkloadSelector) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_sidecar_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use WorkloadSelector.ProtoReflect.Descriptor instead. -func (*WorkloadSelector) Descriptor() ([]byte, []int) { - return file_networking_v1_sidecar_proto_rawDescGZIP(), []int{3} -} - -func (x *WorkloadSelector) GetLabels() map[string]string { - if x != nil { - return x.Labels - } - return nil -} - -// `OutboundTrafficPolicy` sets the default behavior of the sidecar for -// handling outbound traffic from the application. -// If your application uses one or more external -// services that are not known apriori, setting the policy to `ALLOW_ANY` -// will cause the sidecars to route any unknown traffic originating from -// the application to its requested destination. Users are strongly -// encouraged to use `ServiceEntry` configurations to explicitly declare any external -// dependencies, instead of using `ALLOW_ANY`, so that traffic to these -// services can be monitored. -type OutboundTrafficPolicy struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Mode OutboundTrafficPolicy_Mode `protobuf:"varint,1,opt,name=mode,proto3,enum=istio.networking.v1.OutboundTrafficPolicy_Mode" json:"mode,omitempty"` - // Specifies the details of the egress proxy to which unknown - // traffic should be forwarded to from the sidecar. Valid only if - // the mode is set to ALLOW_ANY. If not specified when the mode is - // ALLOW_ANY, the sidecar will send the unknown traffic directly to - // the IP requested by the application. - // - // ** NOTE 1**: The specified egress host must be imported in the - // egress section for the traffic forwarding to work. - // - // ** NOTE 2**: An Envoy based egress gateway is unlikely to be able - // to handle plain text TCP connections forwarded from the sidecar. - // Envoy's dynamic forward proxy can handle only HTTP and TLS - // connections. - // $hide_from_docs - EgressProxy *Destination `protobuf:"bytes,2,opt,name=egress_proxy,json=egressProxy,proto3" json:"egress_proxy,omitempty"` -} - -func (x *OutboundTrafficPolicy) Reset() { - *x = OutboundTrafficPolicy{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_sidecar_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *OutboundTrafficPolicy) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*OutboundTrafficPolicy) ProtoMessage() {} - -func (x *OutboundTrafficPolicy) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_sidecar_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use OutboundTrafficPolicy.ProtoReflect.Descriptor instead. -func (*OutboundTrafficPolicy) Descriptor() ([]byte, []int) { - return file_networking_v1_sidecar_proto_rawDescGZIP(), []int{4} -} - -func (x *OutboundTrafficPolicy) GetMode() OutboundTrafficPolicy_Mode { - if x != nil { - return x.Mode - } - return OutboundTrafficPolicy_REGISTRY_ONLY -} - -func (x *OutboundTrafficPolicy) GetEgressProxy() *Destination { - if x != nil { - return x.EgressProxy - } - return nil -} - -// Port describes the properties of a specific port of a service. -type SidecarPort struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // A valid non-negative integer port number. - Number uint32 `protobuf:"varint,1,opt,name=number,proto3" json:"number,omitempty"` - // The protocol exposed on the port. - // MUST BE one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TLS. - // TLS can be either used to terminate non-HTTP based connections on a specific port - // or to route traffic based on SNI header to the destination without terminating the TLS connection. - Protocol string `protobuf:"bytes,2,opt,name=protocol,proto3" json:"protocol,omitempty"` - // Label assigned to the port. - Name string `protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"` - // Has no effect, only for backwards compatibility - // received. Applicable only when used with ServiceEntries. - // $hide_from_docs - // - // Deprecated: Marked as deprecated in networking/v1/sidecar.proto. - TargetPort uint32 `protobuf:"varint,4,opt,name=target_port,json=targetPort,proto3" json:"target_port,omitempty"` -} - -func (x *SidecarPort) Reset() { - *x = SidecarPort{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_sidecar_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *SidecarPort) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*SidecarPort) ProtoMessage() {} - -func (x *SidecarPort) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_sidecar_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use SidecarPort.ProtoReflect.Descriptor instead. -func (*SidecarPort) Descriptor() ([]byte, []int) { - return file_networking_v1_sidecar_proto_rawDescGZIP(), []int{5} -} - -func (x *SidecarPort) GetNumber() uint32 { - if x != nil { - return x.Number - } - return 0 -} - -func (x *SidecarPort) GetProtocol() string { - if x != nil { - return x.Protocol - } - return "" -} - -func (x *SidecarPort) GetName() string { - if x != nil { - return x.Name - } - return "" -} - -// Deprecated: Marked as deprecated in networking/v1/sidecar.proto. -func (x *SidecarPort) GetTargetPort() uint32 { - if x != nil { - return x.TargetPort - } - return 0 -} - -var File_networking_v1_sidecar_proto protoreflect.FileDescriptor - -var file_networking_v1_sidecar_proto_rawDesc = []byte{ - 0x0a, 0x1b, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x2f, - 0x73, 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x13, 0x69, - 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, - 0x76, 0x31, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, - 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x1a, 0x24, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, - 0x76, 0x31, 0x2f, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, - 0x75, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x6e, 0x65, 0x74, 0x77, 0x6f, - 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x2f, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x23, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, - 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x2f, 0x76, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x5f, 0x73, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xc4, 0x03, 0x0a, 0x07, - 0x53, 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, 0x12, 0x52, 0x0a, 0x11, 0x77, 0x6f, 0x72, 0x6b, 0x6c, - 0x6f, 0x61, 0x64, 0x5f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, - 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, - 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x52, 0x10, 0x77, 0x6f, 0x72, 0x6b, 0x6c, - 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x43, 0x0a, 0x07, 0x69, - 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x69, - 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, - 0x76, 0x31, 0x2e, 0x49, 0x73, 0x74, 0x69, 0x6f, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x4c, - 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x07, 0x69, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, - 0x12, 0x40, 0x0a, 0x06, 0x65, 0x67, 0x72, 0x65, 0x73, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x28, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x49, 0x73, 0x74, 0x69, 0x6f, 0x45, 0x67, 0x72, 0x65, - 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x06, 0x65, 0x67, 0x72, 0x65, - 0x73, 0x73, 0x12, 0x63, 0x0a, 0x17, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x63, 0x6f, - 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x6f, 0x6f, 0x6c, 0x18, 0x07, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, - 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, - 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, - 0x52, 0x15, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, - 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x12, 0x62, 0x0a, 0x17, 0x6f, 0x75, 0x74, 0x62, 0x6f, - 0x75, 0x6e, 0x64, 0x5f, 0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x5f, 0x70, 0x6f, 0x6c, 0x69, - 0x63, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x4f, - 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, - 0x6c, 0x69, 0x63, 0x79, 0x52, 0x15, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54, 0x72, - 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4a, 0x04, 0x08, 0x05, 0x10, - 0x06, 0x4a, 0x04, 0x08, 0x06, 0x10, 0x07, 0x52, 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, - 0x73, 0x74, 0x22, 0x87, 0x03, 0x0a, 0x14, 0x49, 0x73, 0x74, 0x69, 0x6f, 0x49, 0x6e, 0x67, 0x72, - 0x65, 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x12, 0x39, 0x0a, 0x04, 0x70, - 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, 0x73, 0x74, 0x69, - 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, - 0x53, 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x42, 0x03, 0xe0, 0x41, 0x02, - 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x62, 0x69, 0x6e, 0x64, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x62, 0x69, 0x6e, 0x64, 0x12, 0x43, 0x0a, 0x0c, 0x63, 0x61, - 0x70, 0x74, 0x75, 0x72, 0x65, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, - 0x32, 0x20, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x61, 0x70, 0x74, 0x75, 0x72, 0x65, 0x4d, 0x6f, - 0x64, 0x65, 0x52, 0x0b, 0x63, 0x61, 0x70, 0x74, 0x75, 0x72, 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x12, - 0x29, 0x0a, 0x10, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x65, 0x6e, 0x64, 0x70, 0x6f, - 0x69, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x64, 0x65, 0x66, 0x61, 0x75, - 0x6c, 0x74, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x38, 0x0a, 0x03, 0x74, 0x6c, - 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, - 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, - 0x72, 0x76, 0x65, 0x72, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, - 0x03, 0x74, 0x6c, 0x73, 0x12, 0x54, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, - 0x6f, 0x6e, 0x5f, 0x70, 0x6f, 0x6f, 0x6c, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, - 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, - 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, - 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, - 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x4a, 0x04, 0x08, 0x05, 0x10, 0x06, - 0x4a, 0x04, 0x08, 0x06, 0x10, 0x07, 0x52, 0x14, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, - 0x74, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x74, 0x6c, 0x73, 0x22, 0xe1, 0x01, 0x0a, - 0x13, 0x49, 0x73, 0x74, 0x69, 0x6f, 0x45, 0x67, 0x72, 0x65, 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, - 0x65, 0x6e, 0x65, 0x72, 0x12, 0x34, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, - 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, - 0x50, 0x6f, 0x72, 0x74, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x62, 0x69, - 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x62, 0x69, 0x6e, 0x64, 0x12, 0x43, - 0x0a, 0x0c, 0x63, 0x61, 0x70, 0x74, 0x75, 0x72, 0x65, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x03, - 0x20, 0x01, 0x28, 0x0e, 0x32, 0x20, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, - 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x61, 0x70, 0x74, 0x75, - 0x72, 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x0b, 0x63, 0x61, 0x70, 0x74, 0x75, 0x72, 0x65, 0x4d, - 0x6f, 0x64, 0x65, 0x12, 0x19, 0x0a, 0x05, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x18, 0x04, 0x20, 0x03, - 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x05, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x4a, 0x04, - 0x08, 0x05, 0x10, 0x06, 0x4a, 0x04, 0x08, 0x06, 0x10, 0x07, 0x52, 0x14, 0x6c, 0x6f, 0x63, 0x61, - 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x74, 0x6c, 0x73, - 0x22, 0x98, 0x01, 0x0a, 0x10, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, - 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x49, 0x0a, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, - 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, - 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, - 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x2e, 0x4c, 0x61, 0x62, - 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, - 0x1a, 0x39, 0x0a, 0x0b, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, - 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, - 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xcb, 0x01, 0x0a, 0x15, - 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, - 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x43, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0e, 0x32, 0x2f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, - 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, - 0x6e, 0x64, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, - 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x43, 0x0a, 0x0c, 0x65, 0x67, - 0x72, 0x65, 0x73, 0x73, 0x5f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x20, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x52, 0x0b, 0x65, 0x67, 0x72, 0x65, 0x73, 0x73, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x22, - 0x28, 0x0a, 0x04, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x11, 0x0a, 0x0d, 0x52, 0x45, 0x47, 0x49, 0x53, - 0x54, 0x52, 0x59, 0x5f, 0x4f, 0x4e, 0x4c, 0x59, 0x10, 0x00, 0x12, 0x0d, 0x0a, 0x09, 0x41, 0x4c, - 0x4c, 0x4f, 0x57, 0x5f, 0x41, 0x4e, 0x59, 0x10, 0x01, 0x22, 0x7a, 0x0a, 0x0b, 0x53, 0x69, 0x64, - 0x65, 0x63, 0x61, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x6e, 0x75, 0x6d, 0x62, - 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, - 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x12, 0x0a, 0x04, - 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, - 0x12, 0x23, 0x0a, 0x0b, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, - 0x04, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x02, 0x18, 0x01, 0x52, 0x0a, 0x74, 0x61, 0x72, 0x67, 0x65, - 0x74, 0x50, 0x6f, 0x72, 0x74, 0x2a, 0x32, 0x0a, 0x0b, 0x43, 0x61, 0x70, 0x74, 0x75, 0x72, 0x65, - 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, - 0x00, 0x12, 0x0c, 0x0a, 0x08, 0x49, 0x50, 0x54, 0x41, 0x42, 0x4c, 0x45, 0x53, 0x10, 0x01, 0x12, - 0x08, 0x0a, 0x04, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x02, 0x42, 0x1c, 0x5a, 0x1a, 0x69, 0x73, 0x74, - 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, - 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} - -var ( - file_networking_v1_sidecar_proto_rawDescOnce sync.Once - file_networking_v1_sidecar_proto_rawDescData = file_networking_v1_sidecar_proto_rawDesc -) - -func file_networking_v1_sidecar_proto_rawDescGZIP() []byte { - file_networking_v1_sidecar_proto_rawDescOnce.Do(func() { - file_networking_v1_sidecar_proto_rawDescData = protoimpl.X.CompressGZIP(file_networking_v1_sidecar_proto_rawDescData) - }) - return file_networking_v1_sidecar_proto_rawDescData -} - -var file_networking_v1_sidecar_proto_enumTypes = make([]protoimpl.EnumInfo, 2) -var file_networking_v1_sidecar_proto_msgTypes = make([]protoimpl.MessageInfo, 7) -var file_networking_v1_sidecar_proto_goTypes = []interface{}{ - (CaptureMode)(0), // 0: istio.networking.v1.CaptureMode - (OutboundTrafficPolicy_Mode)(0), // 1: istio.networking.v1.OutboundTrafficPolicy.Mode - (*Sidecar)(nil), // 2: istio.networking.v1.Sidecar - (*IstioIngressListener)(nil), // 3: istio.networking.v1.IstioIngressListener - (*IstioEgressListener)(nil), // 4: istio.networking.v1.IstioEgressListener - (*WorkloadSelector)(nil), // 5: istio.networking.v1.WorkloadSelector - (*OutboundTrafficPolicy)(nil), // 6: istio.networking.v1.OutboundTrafficPolicy - (*SidecarPort)(nil), // 7: istio.networking.v1.SidecarPort - nil, // 8: istio.networking.v1.WorkloadSelector.LabelsEntry - (*ConnectionPoolSettings)(nil), // 9: istio.networking.v1.ConnectionPoolSettings - (*ServerTLSSettings)(nil), // 10: istio.networking.v1.ServerTLSSettings - (*Destination)(nil), // 11: istio.networking.v1.Destination -} -var file_networking_v1_sidecar_proto_depIdxs = []int32{ - 5, // 0: istio.networking.v1.Sidecar.workload_selector:type_name -> istio.networking.v1.WorkloadSelector - 3, // 1: istio.networking.v1.Sidecar.ingress:type_name -> istio.networking.v1.IstioIngressListener - 4, // 2: istio.networking.v1.Sidecar.egress:type_name -> istio.networking.v1.IstioEgressListener - 9, // 3: istio.networking.v1.Sidecar.inbound_connection_pool:type_name -> istio.networking.v1.ConnectionPoolSettings - 6, // 4: istio.networking.v1.Sidecar.outbound_traffic_policy:type_name -> istio.networking.v1.OutboundTrafficPolicy - 7, // 5: istio.networking.v1.IstioIngressListener.port:type_name -> istio.networking.v1.SidecarPort - 0, // 6: istio.networking.v1.IstioIngressListener.capture_mode:type_name -> istio.networking.v1.CaptureMode - 10, // 7: istio.networking.v1.IstioIngressListener.tls:type_name -> istio.networking.v1.ServerTLSSettings - 9, // 8: istio.networking.v1.IstioIngressListener.connection_pool:type_name -> istio.networking.v1.ConnectionPoolSettings - 7, // 9: istio.networking.v1.IstioEgressListener.port:type_name -> istio.networking.v1.SidecarPort - 0, // 10: istio.networking.v1.IstioEgressListener.capture_mode:type_name -> istio.networking.v1.CaptureMode - 8, // 11: istio.networking.v1.WorkloadSelector.labels:type_name -> istio.networking.v1.WorkloadSelector.LabelsEntry - 1, // 12: istio.networking.v1.OutboundTrafficPolicy.mode:type_name -> istio.networking.v1.OutboundTrafficPolicy.Mode - 11, // 13: istio.networking.v1.OutboundTrafficPolicy.egress_proxy:type_name -> istio.networking.v1.Destination - 14, // [14:14] is the sub-list for method output_type - 14, // [14:14] is the sub-list for method input_type - 14, // [14:14] is the sub-list for extension type_name - 14, // [14:14] is the sub-list for extension extendee - 0, // [0:14] is the sub-list for field type_name -} - -func init() { file_networking_v1_sidecar_proto_init() } -func file_networking_v1_sidecar_proto_init() { - if File_networking_v1_sidecar_proto != nil { - return - } - file_networking_v1_destination_rule_proto_init() - file_networking_v1_gateway_proto_init() - file_networking_v1_virtual_service_proto_init() - if !protoimpl.UnsafeEnabled { - file_networking_v1_sidecar_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Sidecar); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_sidecar_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*IstioIngressListener); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_sidecar_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*IstioEgressListener); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_sidecar_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*WorkloadSelector); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_sidecar_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*OutboundTrafficPolicy); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_sidecar_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SidecarPort); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_networking_v1_sidecar_proto_rawDesc, - NumEnums: 2, - NumMessages: 7, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_networking_v1_sidecar_proto_goTypes, - DependencyIndexes: file_networking_v1_sidecar_proto_depIdxs, - EnumInfos: file_networking_v1_sidecar_proto_enumTypes, - MessageInfos: file_networking_v1_sidecar_proto_msgTypes, - }.Build() - File_networking_v1_sidecar_proto = out.File - file_networking_v1_sidecar_proto_rawDesc = nil - file_networking_v1_sidecar_proto_goTypes = nil - file_networking_v1_sidecar_proto_depIdxs = nil -} diff --git a/networking/v1/sidecar.proto b/networking/v1/sidecar.proto deleted file mode 100644 index ff8848ea4f7..00000000000 --- a/networking/v1/sidecar.proto +++ /dev/null @@ -1,561 +0,0 @@ -// Copyright 2020 Istio Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -import "google/api/field_behavior.proto"; -import "networking/v1/destination_rule.proto"; -import "networking/v1/gateway.proto"; -import "networking/v1/virtual_service.proto"; - -// $schema: istio.networking.v1.Sidecar -// $title: Sidecar -// $description: Configuration affecting network reachability of a sidecar. -// $location: https://istio.io/docs/reference/config/networking/sidecar.html -// $aliases: [/docs/reference/config/networking/v1/sidecar] -// $mode: none - -// `Sidecar` describes the configuration of the sidecar proxy that mediates -// inbound and outbound communication to the workload instance it is attached to. By -// default, Istio will program all sidecar proxies in the mesh with the -// necessary configuration required to reach every workload instance in the mesh, as -// well as accept traffic on all the ports associated with the -// workload. The `Sidecar` configuration provides a way to fine tune the set of -// ports, protocols that the proxy will accept when forwarding traffic to -// and from the workload. In addition, it is possible to restrict the set -// of services that the proxy can reach when forwarding outbound traffic -// from workload instances. -// -// Services and configuration in a mesh are organized into one or more -// namespaces (e.g., a Kubernetes namespace or a CF org/space). A `Sidecar` -// configuration in a namespace will apply to one or more workload instances in the same -// namespace, selected using the `workloadSelector` field. In the absence of a -// `workloadSelector`, it will apply to all workload instances in the same -// namespace. When determining the `Sidecar` configuration to be applied to a -// workload instance, preference will be given to the resource with a -// `workloadSelector` that selects this workload instance, over a `Sidecar` configuration -// without any `workloadSelector`. -// -// **NOTE 1**: *_Each namespace can have only one `Sidecar` -// configuration without any `workloadSelector`_ that specifies the -// default for all pods in that namespace*. It is recommended to use -// the name `default` for the namespace-wide sidecar. The behavior of -// the system is undefined if more than one selector-less `Sidecar` -// configurations exist in a given namespace. The behavior of the -// system is undefined if two or more `Sidecar` configurations with a -// `workloadSelector` select the same workload instance. -// -// **NOTE 2**: *_A `Sidecar` configuration in the `MeshConfig` -// [root namespace](https://istio.io/docs/reference/config/istio.mesh.v1alpha1/#MeshConfig) -// will be applied by default to all namespaces without a `Sidecar` -// configuration_*. This global default `Sidecar` configuration should not have -// any `workloadSelector`. -// -// **NOTE 3**: *_A `Sidecar` is not applicable to gateways, even though gateways are istio-proxies_*. -// -// The example below declares a global default `Sidecar` configuration -// in the root namespace called `istio-config`, that configures -// sidecars in all namespaces to allow egress traffic only to other -// workloads in the same namespace as well as to services in the -// `istio-system` namespace. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: Sidecar -// metadata: -// name: default -// namespace: istio-config -// spec: -// egress: -// - hosts: -// - "./*" -// - "istio-system/*" -// ``` -// -// The example below declares a `Sidecar` configuration in the -// `prod-us1` namespace that overrides the global default defined -// above, and configures the sidecars in the namespace to allow egress -// traffic to public services in the `prod-us1`, `prod-apis`, and the -// `istio-system` namespaces. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: Sidecar -// metadata: -// name: default -// namespace: prod-us1 -// spec: -// egress: -// - hosts: -// - "prod-us1/*" -// - "prod-apis/*" -// - "istio-system/*" -// ``` -// -// The following example declares a `Sidecar` configuration in the -// `prod-us1` namespace for all pods with labels `app: ratings` -// belonging to the `ratings.prod-us1` service. The workload accepts -// inbound HTTP traffic on port 9080. The traffic is then forwarded to -// the attached workload instance listening on a Unix domain -// socket. In the egress direction, in addition to the `istio-system` -// namespace, the sidecar proxies only HTTP traffic bound for port -// 9080 for services in the `prod-us1` namespace. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: Sidecar -// metadata: -// name: ratings -// namespace: prod-us1 -// spec: -// workloadSelector: -// labels: -// app: ratings -// ingress: -// - port: -// number: 9080 -// protocol: HTTP -// name: somename -// defaultEndpoint: unix:///var/run/someuds.sock -// egress: -// - port: -// number: 9080 -// protocol: HTTP -// name: egresshttp -// hosts: -// - "prod-us1/*" -// - hosts: -// - "istio-system/*" -// ``` -// -// If the workload is deployed without IPTables-based traffic capture, -// the `Sidecar` configuration is the only way to configure the ports -// on the proxy attached to the workload instance. The following -// example declares a `Sidecar` configuration in the `prod-us1` -// namespace for all pods with labels `app: productpage` belonging to -// the `productpage.prod-us1` service. Assuming that these pods are -// deployed without IPtable rules (i.e. the `istio-init` container) -// and the proxy metadata `ISTIO_META_INTERCEPTION_MODE` is set to -// `NONE`, the specification, below, allows such pods to receive HTTP -// traffic on port 9080 (wrapped inside Istio mutual TLS) and forward -// it to the application listening on `127.0.0.1:8080`. It also allows -// the application to communicate with a backing MySQL database on -// `127.0.0.1:3306`, that then gets proxied to the externally hosted -// MySQL service at `mysql.foo.com:3306`. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: Sidecar -// metadata: -// name: no-ip-tables -// namespace: prod-us1 -// spec: -// workloadSelector: -// labels: -// app: productpage -// ingress: -// - port: -// number: 9080 # binds to proxy_instance_ip:9080 (0.0.0.0:9080, if no unicast IP is available for the instance) -// protocol: HTTP -// name: somename -// defaultEndpoint: 127.0.0.1:8080 -// captureMode: NONE # not needed if metadata is set for entire proxy -// egress: -// - port: -// number: 3306 -// protocol: MYSQL -// name: egressmysql -// captureMode: NONE # not needed if metadata is set for entire proxy -// bind: 127.0.0.1 -// hosts: -// - "*/mysql.foo.com" -// ``` -// -// And the associated service entry for routing to `mysql.foo.com:3306` -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: ServiceEntry -// metadata: -// name: external-svc-mysql -// namespace: ns1 -// spec: -// hosts: -// - mysql.foo.com -// ports: -// - number: 3306 -// name: mysql -// protocol: MYSQL -// location: MESH_EXTERNAL -// resolution: DNS -// ``` -// -// It is also possible to mix and match traffic capture modes in a single -// proxy. For example, consider a setup where internal services are on the -// `192.168.0.0/16` subnet. So, IP tables are setup on the VM to capture all -// outbound traffic on `192.168.0.0/16` subnet. Assume that the VM has an -// additional network interface on `172.16.0.0/16` subnet for inbound -// traffic. The following `Sidecar` configuration allows the VM to expose a -// listener on `172.16.1.32:80` (the VM's IP) for traffic arriving from the -// `172.16.0.0/16` subnet. -// -// **NOTE**: The `ISTIO_META_INTERCEPTION_MODE` metadata on the -// proxy in the VM should contain `REDIRECT` or `TPROXY` as its value, -// implying that IP tables based traffic capture is active. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: Sidecar -// metadata: -// name: partial-ip-tables -// namespace: prod-us1 -// spec: -// workloadSelector: -// labels: -// app: productpage -// ingress: -// - bind: 172.16.1.32 -// port: -// number: 80 # binds to 172.16.1.32:80 -// protocol: HTTP -// name: somename -// defaultEndpoint: 127.0.0.1:8080 -// captureMode: NONE -// egress: -// # use the system detected defaults -// # sets up configuration to handle outbound traffic to services -// # in 192.168.0.0/16 subnet, based on information provided by the -// # service registry -// - captureMode: IPTABLES -// hosts: -// - "*/*" -// ``` -// -// In addition to configuring traffic capture and how traffic is forwarded to the app, -// it's possible to control inbound connection pool settings. By default, Istio pushes -// connection pool settings from `DestinationRules` to both clients (for outbound -// connections to the service) as well as servers (for inbound connections to a service -// instance). Using the `InboundConnectionPool` and per-port `ConnectionPool` settings -// in a `Sidecar` allow you to control those connection pools for the server separately -// from the settings pushed to all clients. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: Sidecar -// metadata: -// name: connection-pool-settings -// namespace: prod-us1 -// spec: -// workloadSelector: -// labels: -// app: productpage -// inboundConnectionPool: -// http: -// http1MaxPendingRequests: 1024 -// http2MaxRequests: 1024 -// maxRequestsPerConnection: 1024 -// maxRetries: 100 -// ingress: -// - port: -// number: 80 -// protocol: HTTP -// name: somename -// connectionPool: -// http: -// http1MaxPendingRequests: 1024 -// http2MaxRequests: 1024 -// maxRequestsPerConnection: 1024 -// maxRetries: 100 -// tcp: -// maxConnections: 100 -// ``` -package istio.networking.v1; - -option go_package = "istio.io/api/networking/v1"; - -// `Sidecar` describes the configuration of the sidecar proxy that mediates -// inbound and outbound communication of the workload instance to which it is -// attached. -// -// -// -message Sidecar { - // Criteria used to select the specific set of pods/VMs on which this - // `Sidecar` configuration should be applied. If omitted, the `Sidecar` - // configuration will be applied to all workload instances in the same namespace. - WorkloadSelector workload_selector = 1; - - // Ingress specifies the configuration of the sidecar for processing - // inbound traffic to the attached workload instance. If omitted, Istio will - // automatically configure the sidecar based on the information about the workload - // obtained from the orchestration platform (e.g., exposed ports, services, - // etc.). If specified, inbound ports are configured if and only if the - // workload instance is associated with a service. - repeated IstioIngressListener ingress = 2; - - // Egress specifies the configuration of the sidecar for processing - // outbound traffic from the attached workload instance to other - // services in the mesh. If not specified, inherits the system - // detected defaults from the namespace-wide or the global default Sidecar. - repeated IstioEgressListener egress = 3; - - // Settings controlling the volume of connections Envoy will accept from the network. - // This default will apply for all inbound listeners and can be overridden per-port - // in the `Ingress` field. This configuration mirrors the `DestinationRule`'s - // [`connectionPool`](https://istio.io/latest/docs/reference/config/networking/destination-rule/#ConnectionPoolSettings) field. - // - // By default, Istio applies a service's `DestinationRule` to client sidecars - // for outbound traffic directed at the service -- the usual case folks think - // of when configuring a `DestinationRule` -- but also to the server's inbound - // sidecar. The `Sidecar`'s connection pool configures the server's inbound - // sidecar directly, so its settings can be different than clients'. This is - // valuable, for example, when you have many clients calling few servers: a - // `DestinationRule` can limit the concurrency of any single client, while - // the `Sidecar` allows you to configure much higher concurrency on the server - // side. - // - // Connection pool settings for a server's inbound sidecar are configured in the - // following precedence, highest to lowest: - // - per-port `ConnectionPool` from the `Sidecar` - // - top level `InboundConnectionPool` from the `Sidecar` - // - per-port `TrafficPolicy.ConnectionPool` from the `DestinationRule` - // - top level `TrafficPolicy.ConnectionPool` from the `DestinationRule` - // - default connection pool settings (essentially unlimited) - // - // In every case, the connection pool settings are overriden, not merged. - ConnectionPoolSettings inbound_connection_pool = 7; - - // Configuration for the outbound traffic policy. If your - // application uses one or more external services that are not known - // apriori, setting the policy to `ALLOW_ANY` will cause the - // sidecars to route any unknown traffic originating from the - // application to its requested destination. If not specified, - // inherits the system detected defaults from the namespace-wide or - // the global default Sidecar. - OutboundTrafficPolicy outbound_traffic_policy = 4; - - reserved "localhost"; - reserved 5, 6; -} - -// `IstioIngressListener` specifies the properties of an inbound -// traffic listener on the sidecar proxy attached to a workload instance. -message IstioIngressListener { - // The port associated with the listener. - SidecarPort port = 1 [(google.api.field_behavior) = REQUIRED]; - - // The IP(IPv4 or IPv6) to which the listener should be bound. - // Unix domain socket addresses are not allowed in - // the bind field for ingress listeners. If omitted, Istio will - // automatically configure the defaults based on imported services - // and the workload instances to which this configuration is applied - // to. - string bind = 2; - - // The captureMode option dictates how traffic to the listener is - // expected to be captured (or not). - CaptureMode capture_mode = 3; - - // The IP endpoint or Unix domain socket to which - // traffic should be forwarded to. This configuration can be used to - // redirect traffic arriving at the bind `IP:Port` on the sidecar to a `localhost:port` - // or Unix domain socket where the application workload instance is listening for - // connections. Arbitrary IPs are not supported. Format should be one of - // `127.0.0.1:PORT`, `[::1]:PORT` (forward to localhost), - // `0.0.0.0:PORT`, `[::]:PORT` (forward to the instance IP), - // or `unix:///path/to/socket` (forward to Unix domain socket). - string default_endpoint = 4; - - reserved "localhost_client_tls"; - reserved 5, 6; - - // Set of TLS related options that will enable TLS termination on the - // sidecar for requests originating from outside the mesh. - // Currently supports only SIMPLE and MUTUAL TLS modes. - ServerTLSSettings tls = 7; - - // Settings controlling the volume of connections Envoy will accept from the network. - // This setting overrides the top-level default `inboundConnectionPool` to configure - // specific settings for this port. This configuration mirrors the `DestinationRule`'s - // [`PortTrafficPolicy.connectionPool`](https://istio.io/latest/docs/reference/config/networking/destination-rule/#TrafficPolicy-PortTrafficPolicy) field. - // This port level connection pool has the highest precedence in configuration, - // overriding both the `Sidecar`'s top level `InboundConnectionPool` as well as any - // connection pooling settings from the `DestinationRule`. - ConnectionPoolSettings connection_pool = 8; -} - -// `IstioEgressListener` specifies the properties of an outbound traffic -// listener on the sidecar proxy attached to a workload instance. -message IstioEgressListener { - // The port associated with the listener. If using Unix domain socket, - // use 0 as the port number, with a valid protocol. The port if - // specified, will be used as the default destination port associated - // with the imported hosts. If the port is omitted, Istio will infer the - // listener ports based on the imported hosts. Note that when multiple - // egress listeners are specified, where one or more listeners have - // specific ports while others have no port, the hosts exposed on a - // listener port will be based on the listener with the most specific - // port. - SidecarPort port = 1; - - // The IP(IPv4 or IPv6) or the Unix domain socket to which the listener should be bound - // to. Port MUST be specified if bind is not empty. Format: IPv4 or IPv6 address formats or - // `unix:///path/to/uds` or `unix://@foobar` (Linux abstract namespace). If - // omitted, Istio will automatically configure the defaults based on imported - // services, the workload instances to which this configuration is applied to and - // the captureMode. If captureMode is `NONE`, bind will default to - // 127.0.0.1. - string bind = 2; - - // When the bind address is an IP, the captureMode option dictates - // how traffic to the listener is expected to be captured (or not). - // captureMode must be DEFAULT or `NONE` for Unix domain socket binds. - CaptureMode capture_mode = 3; - - // One or more service hosts exposed by the listener - // in `namespace/dnsName` format. Services in the specified namespace - // matching `dnsName` will be exposed. - // The corresponding service can be a service in the service registry - // (e.g., a Kubernetes or cloud foundry service) or a service specified - // using a `ServiceEntry` or `VirtualService` configuration. Any - // associated `DestinationRule` in the same namespace will also be used. - // - // The `dnsName` should be specified using FQDN format, optionally including - // a wildcard character in the left-most component (e.g., `prod/*.example.com`). - // Set the `dnsName` to `*` to select all services from the specified namespace - // (e.g., `prod/*`). - // - // The `namespace` can be set to `*`, `.`, or `~`, representing any, the current, - // or no namespace, respectively. For example, `*/foo.example.com` selects the - // service from any available namespace while `./foo.example.com` only selects - // the service from the namespace of the sidecar. If a host is set to `*/*`, - // Istio will configure the sidecar to be able to reach every service in the - // mesh that is exported to the sidecar's namespace. The value `~/*` can be used - // to completely trim the configuration for sidecars that simply receive traffic - // and respond, but make no outbound connections of their own. - // - // NOTE: Only services and configuration artifacts exported to the sidecar's - // namespace (e.g., `exportTo` value of `*`) can be referenced. - // Private configurations (e.g., `exportTo` set to `.`) will - // not be available. Refer to the `exportTo` setting in `VirtualService`, - // `DestinationRule`, and `ServiceEntry` configurations for details. - repeated string hosts = 4 [(google.api.field_behavior) = REQUIRED]; - - reserved "localhost_server_tls"; - reserved 5, 6; -} - -// `WorkloadSelector` specifies the criteria used to determine if the -// `Gateway`, `Sidecar`, `EnvoyFilter`, `ServiceEntry`, or `DestinationRule` -// configuration can be applied to a proxy. The matching criteria -// includes the metadata associated with a proxy, workload instance -// info such as labels attached to the pod/VM, or any other info that -// the proxy provides to Istio during the initial handshake. If -// multiple conditions are specified, all conditions need to match in -// order for the workload instance to be selected. Currently, only -// label based selection mechanism is supported. -message WorkloadSelector { - // One or more labels that indicate a specific set of pods/VMs - // on which the configuration should be applied. The scope of - // label search is restricted to the configuration namespace in which the - // the resource is present. - map labels = 1; - - // $hide_from_docs - // other forms of identification supplied by the proxy - // when connecting to Pilot, such as X509 fields, tenant IDs, JWT, - // etc. This has nothing to do with the request level authN etc. -} - -// `OutboundTrafficPolicy` sets the default behavior of the sidecar for -// handling outbound traffic from the application. -// If your application uses one or more external -// services that are not known apriori, setting the policy to `ALLOW_ANY` -// will cause the sidecars to route any unknown traffic originating from -// the application to its requested destination. Users are strongly -// encouraged to use `ServiceEntry` configurations to explicitly declare any external -// dependencies, instead of using `ALLOW_ANY`, so that traffic to these -// services can be monitored. -message OutboundTrafficPolicy { - enum Mode { - // Outbound traffic will be restricted to services defined in the - // service registry as well as those defined through `ServiceEntry` configurations. - REGISTRY_ONLY = 0; - // Outbound traffic to unknown destinations will be allowed, in case - // there are no services or `ServiceEntry` configurations for the destination port. - ALLOW_ANY = 1; - } - Mode mode = 1; - - // Specifies the details of the egress proxy to which unknown - // traffic should be forwarded to from the sidecar. Valid only if - // the mode is set to ALLOW_ANY. If not specified when the mode is - // ALLOW_ANY, the sidecar will send the unknown traffic directly to - // the IP requested by the application. - // - // ** NOTE 1**: The specified egress host must be imported in the - // egress section for the traffic forwarding to work. - // - // ** NOTE 2**: An Envoy based egress gateway is unlikely to be able - // to handle plain text TCP connections forwarded from the sidecar. - // Envoy's dynamic forward proxy can handle only HTTP and TLS - // connections. - // $hide_from_docs - Destination egress_proxy = 2; -} - - -// `CaptureMode` describes how traffic to a listener is expected to be -// captured. Applicable only when the listener is bound to an IP. -enum CaptureMode { - // The default capture mode defined by the environment. - DEFAULT = 0; - - // Capture traffic using IPtables redirection. - IPTABLES = 1; - - // No traffic capture. When used in an egress listener, the application is - // expected to explicitly communicate with the listener port or Unix - // domain socket. When used in an ingress listener, care needs to be taken - // to ensure that the listener port is not in use by other processes on - // the host. - NONE = 2; -} - -// Port describes the properties of a specific port of a service. -message SidecarPort { - // A valid non-negative integer port number. - uint32 number = 1; - - // The protocol exposed on the port. - // MUST BE one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TLS. - // TLS can be either used to terminate non-HTTP based connections on a specific port - // or to route traffic based on SNI header to the destination without terminating the TLS connection. - string protocol = 2; - - // Label assigned to the port. - string name = 3; - - // Has no effect, only for backwards compatibility - // received. Applicable only when used with ServiceEntries. - // $hide_from_docs - uint32 target_port = 4 [deprecated=true]; -} diff --git a/networking/v1/sidecar_alias.gen.go b/networking/v1/sidecar_alias.gen.go new file mode 100644 index 00000000000..7d6a712acee --- /dev/null +++ b/networking/v1/sidecar_alias.gen.go @@ -0,0 +1,21 @@ +// Code generated by protoc-gen-alias. DO NOT EDIT. +package v1 + +import "istio.io/api/networking/v1alpha3" + +type Sidecar = v1alpha3.Sidecar +type IstioIngressListener = v1alpha3.IstioIngressListener +type IstioEgressListener = v1alpha3.IstioEgressListener +type WorkloadSelector = v1alpha3.WorkloadSelector +type OutboundTrafficPolicy = v1alpha3.OutboundTrafficPolicy +type OutboundTrafficPolicy_Mode = v1alpha3.OutboundTrafficPolicy_Mode + +const OutboundTrafficPolicy_REGISTRY_ONLY OutboundTrafficPolicy_Mode = v1alpha3.OutboundTrafficPolicy_REGISTRY_ONLY +const OutboundTrafficPolicy_ALLOW_ANY OutboundTrafficPolicy_Mode = v1alpha3.OutboundTrafficPolicy_ALLOW_ANY + +type SidecarPort = v1alpha3.SidecarPort +type CaptureMode = v1alpha3.CaptureMode + +const CaptureMode_DEFAULT CaptureMode = v1alpha3.CaptureMode_DEFAULT +const CaptureMode_IPTABLES CaptureMode = v1alpha3.CaptureMode_IPTABLES +const CaptureMode_NONE CaptureMode = v1alpha3.CaptureMode_NONE diff --git a/networking/v1/sidecar_deepcopy.gen.go b/networking/v1/sidecar_deepcopy.gen.go deleted file mode 100644 index be9368ec16f..00000000000 --- a/networking/v1/sidecar_deepcopy.gen.go +++ /dev/null @@ -1,132 +0,0 @@ -// Code generated by protoc-gen-deepcopy. DO NOT EDIT. -package v1 - -import ( - proto "google.golang.org/protobuf/proto" -) - -// DeepCopyInto supports using Sidecar within kubernetes types, where deepcopy-gen is used. -func (in *Sidecar) DeepCopyInto(out *Sidecar) { - p := proto.Clone(in).(*Sidecar) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Sidecar. Required by controller-gen. -func (in *Sidecar) DeepCopy() *Sidecar { - if in == nil { - return nil - } - out := new(Sidecar) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Sidecar. Required by controller-gen. -func (in *Sidecar) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using IstioIngressListener within kubernetes types, where deepcopy-gen is used. -func (in *IstioIngressListener) DeepCopyInto(out *IstioIngressListener) { - p := proto.Clone(in).(*IstioIngressListener) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IstioIngressListener. Required by controller-gen. -func (in *IstioIngressListener) DeepCopy() *IstioIngressListener { - if in == nil { - return nil - } - out := new(IstioIngressListener) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new IstioIngressListener. Required by controller-gen. -func (in *IstioIngressListener) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using IstioEgressListener within kubernetes types, where deepcopy-gen is used. -func (in *IstioEgressListener) DeepCopyInto(out *IstioEgressListener) { - p := proto.Clone(in).(*IstioEgressListener) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IstioEgressListener. Required by controller-gen. -func (in *IstioEgressListener) DeepCopy() *IstioEgressListener { - if in == nil { - return nil - } - out := new(IstioEgressListener) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new IstioEgressListener. Required by controller-gen. -func (in *IstioEgressListener) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using WorkloadSelector within kubernetes types, where deepcopy-gen is used. -func (in *WorkloadSelector) DeepCopyInto(out *WorkloadSelector) { - p := proto.Clone(in).(*WorkloadSelector) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadSelector. Required by controller-gen. -func (in *WorkloadSelector) DeepCopy() *WorkloadSelector { - if in == nil { - return nil - } - out := new(WorkloadSelector) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadSelector. Required by controller-gen. -func (in *WorkloadSelector) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using OutboundTrafficPolicy within kubernetes types, where deepcopy-gen is used. -func (in *OutboundTrafficPolicy) DeepCopyInto(out *OutboundTrafficPolicy) { - p := proto.Clone(in).(*OutboundTrafficPolicy) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OutboundTrafficPolicy. Required by controller-gen. -func (in *OutboundTrafficPolicy) DeepCopy() *OutboundTrafficPolicy { - if in == nil { - return nil - } - out := new(OutboundTrafficPolicy) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new OutboundTrafficPolicy. Required by controller-gen. -func (in *OutboundTrafficPolicy) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using SidecarPort within kubernetes types, where deepcopy-gen is used. -func (in *SidecarPort) DeepCopyInto(out *SidecarPort) { - p := proto.Clone(in).(*SidecarPort) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SidecarPort. Required by controller-gen. -func (in *SidecarPort) DeepCopy() *SidecarPort { - if in == nil { - return nil - } - out := new(SidecarPort) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new SidecarPort. Required by controller-gen. -func (in *SidecarPort) DeepCopyInterface() interface{} { - return in.DeepCopy() -} diff --git a/networking/v1/sidecar_json.gen.go b/networking/v1/sidecar_json.gen.go deleted file mode 100644 index adc91304a4c..00000000000 --- a/networking/v1/sidecar_json.gen.go +++ /dev/null @@ -1,78 +0,0 @@ -// Code generated by protoc-gen-jsonshim. DO NOT EDIT. -package v1 - -import ( - bytes "bytes" - jsonpb "github.com/golang/protobuf/jsonpb" -) - -// MarshalJSON is a custom marshaler for Sidecar -func (this *Sidecar) MarshalJSON() ([]byte, error) { - str, err := SidecarMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for Sidecar -func (this *Sidecar) UnmarshalJSON(b []byte) error { - return SidecarUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for IstioIngressListener -func (this *IstioIngressListener) MarshalJSON() ([]byte, error) { - str, err := SidecarMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for IstioIngressListener -func (this *IstioIngressListener) UnmarshalJSON(b []byte) error { - return SidecarUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for IstioEgressListener -func (this *IstioEgressListener) MarshalJSON() ([]byte, error) { - str, err := SidecarMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for IstioEgressListener -func (this *IstioEgressListener) UnmarshalJSON(b []byte) error { - return SidecarUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for WorkloadSelector -func (this *WorkloadSelector) MarshalJSON() ([]byte, error) { - str, err := SidecarMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for WorkloadSelector -func (this *WorkloadSelector) UnmarshalJSON(b []byte) error { - return SidecarUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for OutboundTrafficPolicy -func (this *OutboundTrafficPolicy) MarshalJSON() ([]byte, error) { - str, err := SidecarMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for OutboundTrafficPolicy -func (this *OutboundTrafficPolicy) UnmarshalJSON(b []byte) error { - return SidecarUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for SidecarPort -func (this *SidecarPort) MarshalJSON() ([]byte, error) { - str, err := SidecarMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for SidecarPort -func (this *SidecarPort) UnmarshalJSON(b []byte) error { - return SidecarUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -var ( - SidecarMarshaler = &jsonpb.Marshaler{} - SidecarUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} -) diff --git a/networking/v1/virtual_service.pb.go b/networking/v1/virtual_service.pb.go deleted file mode 100644 index 9897a9c22b8..00000000000 --- a/networking/v1/virtual_service.pb.go +++ /dev/null @@ -1,4448 +0,0 @@ -// Copyright 2020 Istio Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.33.0 -// protoc (unknown) -// source: networking/v1/virtual_service.proto - -// $schema: istio.networking.v1.VirtualService -// $title: Virtual Service -// $description: Configuration affecting label/content routing, sni routing, etc. -// $location: https://istio.io/docs/reference/config/networking/virtual-service.html -// $aliases: [/docs/reference/config/networking/v1/virtual-service] -// $mode: none - -// Configuration affecting traffic routing. Here are a few terms useful to define -// in the context of traffic routing. -// -// `Service` a unit of application behavior bound to a unique name in a -// service registry. Services consist of multiple network *endpoints* -// implemented by workload instances running on pods, containers, VMs etc. -// -// `Service versions (a.k.a. subsets)` - In a continuous deployment -// scenario, for a given service, there can be distinct subsets of -// instances running different variants of the application binary. These -// variants are not necessarily different API versions. They could be -// iterative changes to the same service, deployed in different -// environments (prod, staging, dev, etc.). Common scenarios where this -// occurs include A/B testing, canary rollouts, etc. The choice of a -// particular version can be decided based on various criterion (headers, -// url, etc.) and/or by weights assigned to each version. Each service has -// a default version consisting of all its instances. -// -// `Source` - A downstream client calling a service. -// -// `Host` - The address used by a client when attempting to connect to a -// service. -// -// `Access model` - Applications address only the destination service -// (Host) without knowledge of individual service versions (subsets). The -// actual choice of the version is determined by the proxy/sidecar, enabling the -// application code to decouple itself from the evolution of dependent -// services. -// -// A `VirtualService` defines a set of traffic routing rules to apply when a host is -// addressed. Each routing rule defines matching criteria for traffic of a specific -// protocol. If the traffic is matched, then it is sent to a named destination service -// (or subset/version of it) defined in the registry. -// -// The source of traffic can also be matched in a routing rule. This allows routing -// to be customized for specific client contexts. -// -// The following example on Kubernetes, routes all HTTP traffic by default to -// pods of the reviews service with label "version: v1". In addition, -// HTTP requests with path starting with /wpcatalog/ or /consumercatalog/ will -// be rewritten to /newcatalog and sent to pods with label "version: v2". -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: VirtualService -// metadata: -// name: reviews-route -// spec: -// hosts: -// - reviews.prod.svc.cluster.local -// http: -// - name: "reviews-v2-routes" -// match: -// - uri: -// prefix: "/wpcatalog" -// - uri: -// prefix: "/consumercatalog" -// rewrite: -// uri: "/newcatalog" -// route: -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v2 -// - name: "reviews-v1-route" -// route: -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v1 -// ``` -// -// A subset/version of a route destination is identified with a reference -// to a named service subset which must be declared in a corresponding -// `DestinationRule`. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: DestinationRule -// metadata: -// name: reviews-destination -// spec: -// host: reviews.prod.svc.cluster.local -// subsets: -// - name: v1 -// labels: -// version: v1 -// - name: v2 -// labels: -// version: v2 -// ``` - -package v1 - -import ( - duration "github.com/golang/protobuf/ptypes/duration" - wrappers "github.com/golang/protobuf/ptypes/wrappers" - _ "google.golang.org/genproto/googleapis/api/annotations" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type HTTPRedirect_RedirectPortSelection int32 - -const ( - HTTPRedirect_FROM_PROTOCOL_DEFAULT HTTPRedirect_RedirectPortSelection = 0 - HTTPRedirect_FROM_REQUEST_PORT HTTPRedirect_RedirectPortSelection = 1 -) - -// Enum value maps for HTTPRedirect_RedirectPortSelection. -var ( - HTTPRedirect_RedirectPortSelection_name = map[int32]string{ - 0: "FROM_PROTOCOL_DEFAULT", - 1: "FROM_REQUEST_PORT", - } - HTTPRedirect_RedirectPortSelection_value = map[string]int32{ - "FROM_PROTOCOL_DEFAULT": 0, - "FROM_REQUEST_PORT": 1, - } -) - -func (x HTTPRedirect_RedirectPortSelection) Enum() *HTTPRedirect_RedirectPortSelection { - p := new(HTTPRedirect_RedirectPortSelection) - *p = x - return p -} - -func (x HTTPRedirect_RedirectPortSelection) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (HTTPRedirect_RedirectPortSelection) Descriptor() protoreflect.EnumDescriptor { - return file_networking_v1_virtual_service_proto_enumTypes[0].Descriptor() -} - -func (HTTPRedirect_RedirectPortSelection) Type() protoreflect.EnumType { - return &file_networking_v1_virtual_service_proto_enumTypes[0] -} - -func (x HTTPRedirect_RedirectPortSelection) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use HTTPRedirect_RedirectPortSelection.Descriptor instead. -func (HTTPRedirect_RedirectPortSelection) EnumDescriptor() ([]byte, []int) { - return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{12, 0} -} - -type CorsPolicy_UnmatchedPreflights int32 - -const ( - // Default to FORWARD - CorsPolicy_UNSPECIFIED CorsPolicy_UnmatchedPreflights = 0 - // Preflight requests not matching the configured allowed origin - // will be forwarded to the upstream. - CorsPolicy_FORWARD CorsPolicy_UnmatchedPreflights = 1 - // Preflight requests not matching the configured allowed origin - // will not be forwarded to the upstream. - CorsPolicy_IGNORE CorsPolicy_UnmatchedPreflights = 2 -) - -// Enum value maps for CorsPolicy_UnmatchedPreflights. -var ( - CorsPolicy_UnmatchedPreflights_name = map[int32]string{ - 0: "UNSPECIFIED", - 1: "FORWARD", - 2: "IGNORE", - } - CorsPolicy_UnmatchedPreflights_value = map[string]int32{ - "UNSPECIFIED": 0, - "FORWARD": 1, - "IGNORE": 2, - } -) - -func (x CorsPolicy_UnmatchedPreflights) Enum() *CorsPolicy_UnmatchedPreflights { - p := new(CorsPolicy_UnmatchedPreflights) - *p = x - return p -} - -func (x CorsPolicy_UnmatchedPreflights) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (CorsPolicy_UnmatchedPreflights) Descriptor() protoreflect.EnumDescriptor { - return file_networking_v1_virtual_service_proto_enumTypes[1].Descriptor() -} - -func (CorsPolicy_UnmatchedPreflights) Type() protoreflect.EnumType { - return &file_networking_v1_virtual_service_proto_enumTypes[1] -} - -func (x CorsPolicy_UnmatchedPreflights) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use CorsPolicy_UnmatchedPreflights.Descriptor instead. -func (CorsPolicy_UnmatchedPreflights) EnumDescriptor() ([]byte, []int) { - return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{19, 0} -} - -// Configuration affecting traffic routing. -// -// -// -type VirtualService struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The destination hosts to which traffic is being sent. Could - // be a DNS name with wildcard prefix or an IP address. Depending on the - // platform, short-names can also be used instead of a FQDN (i.e. has no - // dots in the name). In such a scenario, the FQDN of the host would be - // derived based on the underlying platform. - // - // A single VirtualService can be used to describe all the traffic - // properties of the corresponding hosts, including those for multiple - // HTTP and TCP ports. Alternatively, the traffic properties of a host - // can be defined using more than one VirtualService, with certain - // caveats. Refer to the - // [Operations Guide](https://istio.io/docs/ops/best-practices/traffic-management/#split-virtual-services) - // for details. - // - // *Note for Kubernetes users*: When short names are used (e.g. "reviews" - // instead of "reviews.default.svc.cluster.local"), Istio will interpret - // the short name based on the namespace of the rule, not the service. A - // rule in the "default" namespace containing a host "reviews" will be - // interpreted as "reviews.default.svc.cluster.local", irrespective of - // the actual namespace associated with the reviews service. _To avoid - // potential misconfigurations, it is recommended to always use fully - // qualified domain names over short names._ - // - // The hosts field applies to both HTTP and TCP services. Service inside - // the mesh, i.e., those found in the service registry, must always be - // referred to using their alphanumeric names. IP addresses are allowed - // only for services defined via the Gateway. - // - // *Note*: It must be empty for a delegate VirtualService. - Hosts []string `protobuf:"bytes,1,rep,name=hosts,proto3" json:"hosts,omitempty"` - // The names of gateways and sidecars that should apply these routes. - // Gateways in other namespaces may be referred to by - // `/`; specifying a gateway with no - // namespace qualifier is the same as specifying the VirtualService's - // namespace. A single VirtualService is used for sidecars inside the mesh as - // well as for one or more gateways. The selection condition imposed by this - // field can be overridden using the source field in the match conditions - // of protocol-specific routes. The reserved word `mesh` is used to imply - // all the sidecars in the mesh. When this field is omitted, the default - // gateway (`mesh`) will be used, which would apply the rule to all - // sidecars in the mesh. If a list of gateway names is provided, the - // rules will apply only to the gateways. To apply the rules to both - // gateways and sidecars, specify `mesh` as one of the gateway names. - Gateways []string `protobuf:"bytes,2,rep,name=gateways,proto3" json:"gateways,omitempty"` - // An ordered list of route rules for HTTP traffic. HTTP routes will be - // applied to platform service ports using HTTP/HTTP2/GRPC protocols, gateway - // ports with protocol HTTP/HTTP2/GRPC/TLS-terminated-HTTPS and service - // entry ports using HTTP/HTTP2/GRPC protocols. The first rule matching - // an incoming request is used. - Http []*HTTPRoute `protobuf:"bytes,3,rep,name=http,proto3" json:"http,omitempty"` - // An ordered list of route rule for non-terminated TLS & HTTPS - // traffic. Routing is typically performed using the SNI value presented - // by the ClientHello message. TLS routes will be applied to platform - // service ports named 'https-*', 'tls-*', unterminated gateway ports using - // HTTPS/TLS protocols (i.e. with "passthrough" TLS mode) and service - // entry ports using HTTPS/TLS protocols. The first rule matching an - // incoming request is used. NOTE: Traffic 'https-*' or 'tls-*' ports - // without associated virtual service will be treated as opaque TCP - // traffic. - Tls []*TLSRoute `protobuf:"bytes,5,rep,name=tls,proto3" json:"tls,omitempty"` - // An ordered list of route rules for opaque TCP traffic. TCP routes will - // be applied to any port that is not a HTTP or TLS port. The first rule - // matching an incoming request is used. - Tcp []*TCPRoute `protobuf:"bytes,4,rep,name=tcp,proto3" json:"tcp,omitempty"` - // A list of namespaces to which this virtual service is exported. Exporting a - // virtual service allows it to be used by sidecars and gateways defined in - // other namespaces. This feature provides a mechanism for service owners - // and mesh administrators to control the visibility of virtual services - // across namespace boundaries. - // - // If no namespaces are specified then the virtual service is exported to all - // namespaces by default. - // - // The value "." is reserved and defines an export to the same namespace that - // the virtual service is declared in. Similarly the value "*" is reserved and - // defines an export to all namespaces. - ExportTo []string `protobuf:"bytes,6,rep,name=export_to,json=exportTo,proto3" json:"export_to,omitempty"` -} - -func (x *VirtualService) Reset() { - *x = VirtualService{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_virtual_service_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *VirtualService) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*VirtualService) ProtoMessage() {} - -func (x *VirtualService) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_virtual_service_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use VirtualService.ProtoReflect.Descriptor instead. -func (*VirtualService) Descriptor() ([]byte, []int) { - return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{0} -} - -func (x *VirtualService) GetHosts() []string { - if x != nil { - return x.Hosts - } - return nil -} - -func (x *VirtualService) GetGateways() []string { - if x != nil { - return x.Gateways - } - return nil -} - -func (x *VirtualService) GetHttp() []*HTTPRoute { - if x != nil { - return x.Http - } - return nil -} - -func (x *VirtualService) GetTls() []*TLSRoute { - if x != nil { - return x.Tls - } - return nil -} - -func (x *VirtualService) GetTcp() []*TCPRoute { - if x != nil { - return x.Tcp - } - return nil -} - -func (x *VirtualService) GetExportTo() []string { - if x != nil { - return x.ExportTo - } - return nil -} - -// Destination indicates the network addressable service to which the -// request/connection will be sent after processing a routing rule. The -// destination.host should unambiguously refer to a service in the service -// registry. Istio's service registry is composed of all the services found -// in the platform's service registry (e.g., Kubernetes services, Consul -// services), as well as services declared through the -// [ServiceEntry](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry) resource. -// -// *Note for Kubernetes users*: When short names are used (e.g. "reviews" -// instead of "reviews.default.svc.cluster.local"), Istio will interpret -// the short name based on the namespace of the rule, not the service. A -// rule in the "default" namespace containing a host "reviews" will be -// interpreted as "reviews.default.svc.cluster.local", irrespective of the -// actual namespace associated with the reviews service. _To avoid potential -// misconfigurations, it is recommended to always use fully qualified -// domain names over short names._ -// -// The following Kubernetes example routes all traffic by default to pods -// of the reviews service with label "version: v1" (i.e., subset v1), and -// some to subset v2, in a Kubernetes environment. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// -// name: reviews-route -// namespace: foo -// -// spec: -// -// hosts: -// - reviews # interpreted as reviews.foo.svc.cluster.local -// http: -// - match: -// - uri: -// prefix: "/wpcatalog" -// - uri: -// prefix: "/consumercatalog" -// rewrite: -// uri: "/newcatalog" -// route: -// - destination: -// host: reviews # interpreted as reviews.foo.svc.cluster.local -// subset: v2 -// - route: -// - destination: -// host: reviews # interpreted as reviews.foo.svc.cluster.local -// subset: v1 -// -// ``` -// -// # And the associated DestinationRule -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// -// name: reviews-destination -// namespace: foo -// -// spec: -// -// host: reviews # interpreted as reviews.foo.svc.cluster.local -// subsets: -// - name: v1 -// labels: -// version: v1 -// - name: v2 -// labels: -// version: v2 -// -// ``` -// -// The following VirtualService sets a timeout of 5s for all calls to -// productpage.prod.svc.cluster.local service in Kubernetes. Notice that -// there are no subsets defined in this rule. Istio will fetch all -// instances of productpage.prod.svc.cluster.local service from the service -// registry and populate the sidecar's load balancing pool. Also, notice -// that this rule is set in the istio-system namespace but uses the fully -// qualified domain name of the productpage service, -// productpage.prod.svc.cluster.local. Therefore the rule's namespace does -// not have an impact in resolving the name of the productpage service. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// -// name: my-productpage-rule -// namespace: istio-system -// -// spec: -// -// hosts: -// - productpage.prod.svc.cluster.local # ignores rule namespace -// http: -// - timeout: 5s -// route: -// - destination: -// host: productpage.prod.svc.cluster.local -// -// ``` -// -// To control routing for traffic bound to services outside the mesh, external -// services must first be added to Istio's internal service registry using the -// ServiceEntry resource. VirtualServices can then be defined to control traffic -// bound to these external services. For example, the following rules define a -// Service for wikipedia.org and set a timeout of 5s for HTTP requests. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// -// name: external-svc-wikipedia -// -// spec: -// -// hosts: -// - wikipedia.org -// location: MESH_EXTERNAL -// ports: -// - number: 80 -// name: example-http -// protocol: HTTP -// resolution: DNS -// -// --- -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// -// name: my-wiki-rule -// -// spec: -// -// hosts: -// - wikipedia.org -// http: -// - timeout: 5s -// route: -// - destination: -// host: wikipedia.org -// -// ``` -type Destination struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The name of a service from the service registry. Service - // names are looked up from the platform's service registry (e.g., - // Kubernetes services, Consul services, etc.) and from the hosts - // declared by [ServiceEntry](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry). Traffic forwarded to - // destinations that are not found in either of the two, will be dropped. - // - // *Note for Kubernetes users*: When short names are used (e.g. "reviews" - // instead of "reviews.default.svc.cluster.local"), Istio will interpret - // the short name based on the namespace of the rule, not the service. A - // rule in the "default" namespace containing a host "reviews" will be - // interpreted as "reviews.default.svc.cluster.local", irrespective of - // the actual namespace associated with the reviews service. To avoid - // potential misconfiguration, it is recommended to always use fully - // qualified domain names over short names. - Host string `protobuf:"bytes,1,opt,name=host,proto3" json:"host,omitempty"` - // The name of a subset within the service. Applicable only to services - // within the mesh. The subset must be defined in a corresponding - // DestinationRule. - Subset string `protobuf:"bytes,2,opt,name=subset,proto3" json:"subset,omitempty"` - // Specifies the port on the host that is being addressed. If a service - // exposes only a single port it is not required to explicitly select the - // port. - Port *PortSelector `protobuf:"bytes,3,opt,name=port,proto3" json:"port,omitempty"` -} - -func (x *Destination) Reset() { - *x = Destination{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_virtual_service_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Destination) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Destination) ProtoMessage() {} - -func (x *Destination) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_virtual_service_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Destination.ProtoReflect.Descriptor instead. -func (*Destination) Descriptor() ([]byte, []int) { - return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{1} -} - -func (x *Destination) GetHost() string { - if x != nil { - return x.Host - } - return "" -} - -func (x *Destination) GetSubset() string { - if x != nil { - return x.Subset - } - return "" -} - -func (x *Destination) GetPort() *PortSelector { - if x != nil { - return x.Port - } - return nil -} - -// Describes match conditions and actions for routing HTTP/1.1, HTTP2, and -// gRPC traffic. See VirtualService for usage examples. -type HTTPRoute struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The name assigned to the route for debugging purposes. The - // route's name will be concatenated with the match's name and will - // be logged in the access logs for requests matching this - // route/match. - Name string `protobuf:"bytes,17,opt,name=name,proto3" json:"name,omitempty"` - // Match conditions to be satisfied for the rule to be - // activated. All conditions inside a single match block have AND - // semantics, while the list of match blocks have OR semantics. The rule - // is matched if any one of the match blocks succeed. - Match []*HTTPMatchRequest `protobuf:"bytes,1,rep,name=match,proto3" json:"match,omitempty"` - // A HTTP rule can either return a direct_response, redirect or forward (default) traffic. - // The forwarding target can be one of several versions of a service (see - // glossary in beginning of document). Weights associated with the - // service version determine the proportion of traffic it receives. - Route []*HTTPRouteDestination `protobuf:"bytes,2,rep,name=route,proto3" json:"route,omitempty"` - // A HTTP rule can either return a direct_response, redirect or forward (default) traffic. - // If traffic passthrough option is specified in the rule, - // route/redirect will be ignored. The redirect primitive can be used to - // send a HTTP 301 redirect to a different URI or Authority. - Redirect *HTTPRedirect `protobuf:"bytes,3,opt,name=redirect,proto3" json:"redirect,omitempty"` - // A HTTP rule can either return a direct_response, redirect or forward (default) traffic. - // Direct Response is used to specify a fixed response that should - // be sent to clients. - // - // It can be set only when `Route` and `Redirect` are empty. - DirectResponse *HTTPDirectResponse `protobuf:"bytes,21,opt,name=direct_response,json=directResponse,proto3" json:"direct_response,omitempty"` - // Delegate is used to specify the particular VirtualService which - // can be used to define delegate HTTPRoute. - // - // It can be set only when `Route` and `Redirect` are empty, and the route - // rules of the delegate VirtualService will be merged with that in the - // current one. - // - // **NOTE**: - // - // 1. Only one level delegation is supported. - // 2. The delegate's HTTPMatchRequest must be a strict subset of the root's, - // otherwise there is a conflict and the HTTPRoute will not take effect. - Delegate *Delegate `protobuf:"bytes,20,opt,name=delegate,proto3" json:"delegate,omitempty"` - // Rewrite HTTP URIs and Authority headers. Rewrite cannot be used with - // Redirect primitive. Rewrite will be performed before forwarding. - Rewrite *HTTPRewrite `protobuf:"bytes,4,opt,name=rewrite,proto3" json:"rewrite,omitempty"` - // Timeout for HTTP requests, default is disabled. - Timeout *duration.Duration `protobuf:"bytes,6,opt,name=timeout,proto3" json:"timeout,omitempty"` - // Retry policy for HTTP requests. - Retries *HTTPRetry `protobuf:"bytes,7,opt,name=retries,proto3" json:"retries,omitempty"` - // Fault injection policy to apply on HTTP traffic at the client side. - // Note that timeouts or retries will not be enabled when faults are - // enabled on the client side. - Fault *HTTPFaultInjection `protobuf:"bytes,8,opt,name=fault,proto3" json:"fault,omitempty"` - // Mirror HTTP traffic to a another destination in addition to forwarding - // the requests to the intended destination. Mirrored traffic is on a - // best effort basis where the sidecar/gateway will not wait for the - // mirrored cluster to respond before returning the response from the - // original destination. Statistics will be generated for the mirrored - // destination. - Mirror *Destination `protobuf:"bytes,9,opt,name=mirror,proto3" json:"mirror,omitempty"` - // Specifies the destinations to mirror HTTP traffic in addition - // to the original destination. Mirrored traffic is on a - // best effort basis where the sidecar/gateway will not wait for the - // mirrored destinations to respond before returning the response from the - // original destination. Statistics will be generated for the mirrored - // destination. - Mirrors []*HTTPMirrorPolicy `protobuf:"bytes,22,rep,name=mirrors,proto3" json:"mirrors,omitempty"` - // Percentage of the traffic to be mirrored by the `mirror` field. - // Use of integer `mirror_percent` value is deprecated. Use the - // double `mirror_percentage` field instead - // $hide_from_docs - // +kubebuilder:altName=mirror_percent - // - // Deprecated: Marked as deprecated in networking/v1/virtual_service.proto. - MirrorPercent *wrappers.UInt32Value `protobuf:"bytes,18,opt,name=mirror_percent,json=mirrorPercent,proto3" json:"mirror_percent,omitempty"` - // Percentage of the traffic to be mirrored by the `mirror` field. - // If this field is absent, all the traffic (100%) will be mirrored. - // Max value is 100. - MirrorPercentage *Percent `protobuf:"bytes,19,opt,name=mirror_percentage,json=mirrorPercentage,proto3" json:"mirror_percentage,omitempty"` - // Cross-Origin Resource Sharing policy (CORS). Refer to - // [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) - // for further details about cross origin resource sharing. - CorsPolicy *CorsPolicy `protobuf:"bytes,10,opt,name=cors_policy,json=corsPolicy,proto3" json:"cors_policy,omitempty"` - // Header manipulation rules - Headers *Headers `protobuf:"bytes,16,opt,name=headers,proto3" json:"headers,omitempty"` -} - -func (x *HTTPRoute) Reset() { - *x = HTTPRoute{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_virtual_service_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *HTTPRoute) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*HTTPRoute) ProtoMessage() {} - -func (x *HTTPRoute) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_virtual_service_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use HTTPRoute.ProtoReflect.Descriptor instead. -func (*HTTPRoute) Descriptor() ([]byte, []int) { - return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{2} -} - -func (x *HTTPRoute) GetName() string { - if x != nil { - return x.Name - } - return "" -} - -func (x *HTTPRoute) GetMatch() []*HTTPMatchRequest { - if x != nil { - return x.Match - } - return nil -} - -func (x *HTTPRoute) GetRoute() []*HTTPRouteDestination { - if x != nil { - return x.Route - } - return nil -} - -func (x *HTTPRoute) GetRedirect() *HTTPRedirect { - if x != nil { - return x.Redirect - } - return nil -} - -func (x *HTTPRoute) GetDirectResponse() *HTTPDirectResponse { - if x != nil { - return x.DirectResponse - } - return nil -} - -func (x *HTTPRoute) GetDelegate() *Delegate { - if x != nil { - return x.Delegate - } - return nil -} - -func (x *HTTPRoute) GetRewrite() *HTTPRewrite { - if x != nil { - return x.Rewrite - } - return nil -} - -func (x *HTTPRoute) GetTimeout() *duration.Duration { - if x != nil { - return x.Timeout - } - return nil -} - -func (x *HTTPRoute) GetRetries() *HTTPRetry { - if x != nil { - return x.Retries - } - return nil -} - -func (x *HTTPRoute) GetFault() *HTTPFaultInjection { - if x != nil { - return x.Fault - } - return nil -} - -func (x *HTTPRoute) GetMirror() *Destination { - if x != nil { - return x.Mirror - } - return nil -} - -func (x *HTTPRoute) GetMirrors() []*HTTPMirrorPolicy { - if x != nil { - return x.Mirrors - } - return nil -} - -// Deprecated: Marked as deprecated in networking/v1/virtual_service.proto. -func (x *HTTPRoute) GetMirrorPercent() *wrappers.UInt32Value { - if x != nil { - return x.MirrorPercent - } - return nil -} - -func (x *HTTPRoute) GetMirrorPercentage() *Percent { - if x != nil { - return x.MirrorPercentage - } - return nil -} - -func (x *HTTPRoute) GetCorsPolicy() *CorsPolicy { - if x != nil { - return x.CorsPolicy - } - return nil -} - -func (x *HTTPRoute) GetHeaders() *Headers { - if x != nil { - return x.Headers - } - return nil -} - -// Describes the delegate VirtualService. -// The following routing rules forward the traffic to `/productpage` by a delegate VirtualService named `productpage`, -// forward the traffic to `/reviews` by a delegate VirtualService named `reviews`. -// -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// -// name: bookinfo -// -// spec: -// -// hosts: -// - "bookinfo.com" -// gateways: -// - mygateway -// http: -// - match: -// - uri: -// prefix: "/productpage" -// delegate: -// name: productpage -// namespace: nsA -// - match: -// - uri: -// prefix: "/reviews" -// delegate: -// name: reviews -// namespace: nsB -// -// ``` -// -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// -// name: productpage -// namespace: nsA -// -// spec: -// -// http: -// - match: -// - uri: -// prefix: "/productpage/v1/" -// route: -// - destination: -// host: productpage-v1.nsA.svc.cluster.local -// - route: -// - destination: -// host: productpage.nsA.svc.cluster.local -// -// ``` -// -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// -// name: reviews -// namespace: nsB -// -// spec: -// -// http: -// - route: -// - destination: -// host: reviews.nsB.svc.cluster.local -// -// ``` -type Delegate struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Name specifies the name of the delegate VirtualService. - Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` - // Namespace specifies the namespace where the delegate VirtualService resides. - // By default, it is same to the root's. - Namespace string `protobuf:"bytes,2,opt,name=namespace,proto3" json:"namespace,omitempty"` -} - -func (x *Delegate) Reset() { - *x = Delegate{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_virtual_service_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Delegate) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Delegate) ProtoMessage() {} - -func (x *Delegate) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_virtual_service_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Delegate.ProtoReflect.Descriptor instead. -func (*Delegate) Descriptor() ([]byte, []int) { - return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{3} -} - -func (x *Delegate) GetName() string { - if x != nil { - return x.Name - } - return "" -} - -func (x *Delegate) GetNamespace() string { - if x != nil { - return x.Namespace - } - return "" -} - -// Message headers can be manipulated when Envoy forwards requests to, -// or responses from, a destination service. Header manipulation rules can -// be specified for a specific route destination or for all destinations. -// The following VirtualService adds a `test` header with the value `true` -// to requests that are routed to any `reviews` service destination. -// It also removes the `foo` response header, but only from responses -// coming from the `v1` subset (version) of the `reviews` service. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// -// name: reviews-route -// -// spec: -// -// hosts: -// - reviews.prod.svc.cluster.local -// http: -// - headers: -// request: -// set: -// test: "true" -// route: -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v2 -// weight: 25 -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v1 -// headers: -// response: -// remove: -// - foo -// weight: 75 -// -// ``` -type Headers struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Header manipulation rules to apply before forwarding a request - // to the destination service - Request *Headers_HeaderOperations `protobuf:"bytes,1,opt,name=request,proto3" json:"request,omitempty"` - // Header manipulation rules to apply before returning a response - // to the caller - Response *Headers_HeaderOperations `protobuf:"bytes,2,opt,name=response,proto3" json:"response,omitempty"` -} - -func (x *Headers) Reset() { - *x = Headers{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_virtual_service_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Headers) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Headers) ProtoMessage() {} - -func (x *Headers) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_virtual_service_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Headers.ProtoReflect.Descriptor instead. -func (*Headers) Descriptor() ([]byte, []int) { - return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{4} -} - -func (x *Headers) GetRequest() *Headers_HeaderOperations { - if x != nil { - return x.Request - } - return nil -} - -func (x *Headers) GetResponse() *Headers_HeaderOperations { - if x != nil { - return x.Response - } - return nil -} - -// Describes match conditions and actions for routing unterminated TLS -// traffic (TLS/HTTPS) The following routing rule forwards unterminated TLS -// traffic arriving at port 443 of gateway called "mygateway" to internal -// services in the mesh based on the SNI value. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// -// name: bookinfo-sni -// -// spec: -// -// hosts: -// - "*.bookinfo.com" -// gateways: -// - mygateway -// tls: -// - match: -// - port: 443 -// sniHosts: -// - login.bookinfo.com -// route: -// - destination: -// host: login.prod.svc.cluster.local -// - match: -// - port: 443 -// sniHosts: -// - reviews.bookinfo.com -// route: -// - destination: -// host: reviews.prod.svc.cluster.local -// -// ``` -type TLSRoute struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Match conditions to be satisfied for the rule to be - // activated. All conditions inside a single match block have AND - // semantics, while the list of match blocks have OR semantics. The rule - // is matched if any one of the match blocks succeed. - Match []*TLSMatchAttributes `protobuf:"bytes,1,rep,name=match,proto3" json:"match,omitempty"` - // The destination to which the connection should be forwarded to. - Route []*RouteDestination `protobuf:"bytes,2,rep,name=route,proto3" json:"route,omitempty"` -} - -func (x *TLSRoute) Reset() { - *x = TLSRoute{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_virtual_service_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *TLSRoute) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*TLSRoute) ProtoMessage() {} - -func (x *TLSRoute) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_virtual_service_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use TLSRoute.ProtoReflect.Descriptor instead. -func (*TLSRoute) Descriptor() ([]byte, []int) { - return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{5} -} - -func (x *TLSRoute) GetMatch() []*TLSMatchAttributes { - if x != nil { - return x.Match - } - return nil -} - -func (x *TLSRoute) GetRoute() []*RouteDestination { - if x != nil { - return x.Route - } - return nil -} - -// Describes match conditions and actions for routing TCP traffic. The -// following routing rule forwards traffic arriving at port 27017 for -// mongo.prod.svc.cluster.local to another Mongo server on port 5555. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// -// name: bookinfo-mongo -// -// spec: -// -// hosts: -// - mongo.prod.svc.cluster.local -// tcp: -// - match: -// - port: 27017 -// route: -// - destination: -// host: mongo.backup.svc.cluster.local -// port: -// number: 5555 -// -// ``` -type TCPRoute struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Match conditions to be satisfied for the rule to be - // activated. All conditions inside a single match block have AND - // semantics, while the list of match blocks have OR semantics. The rule - // is matched if any one of the match blocks succeed. - Match []*L4MatchAttributes `protobuf:"bytes,1,rep,name=match,proto3" json:"match,omitempty"` - // The destination to which the connection should be forwarded to. - Route []*RouteDestination `protobuf:"bytes,2,rep,name=route,proto3" json:"route,omitempty"` -} - -func (x *TCPRoute) Reset() { - *x = TCPRoute{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_virtual_service_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *TCPRoute) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*TCPRoute) ProtoMessage() {} - -func (x *TCPRoute) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_virtual_service_proto_msgTypes[6] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use TCPRoute.ProtoReflect.Descriptor instead. -func (*TCPRoute) Descriptor() ([]byte, []int) { - return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{6} -} - -func (x *TCPRoute) GetMatch() []*L4MatchAttributes { - if x != nil { - return x.Match - } - return nil -} - -func (x *TCPRoute) GetRoute() []*RouteDestination { - if x != nil { - return x.Route - } - return nil -} - -// HttpMatchRequest specifies a set of criteria to be met in order for the -// rule to be applied to the HTTP request. For example, the following -// restricts the rule to match only requests where the URL path -// starts with /ratings/v2/ and the request contains a custom `end-user` header -// with value `jason`. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// -// name: ratings-route -// -// spec: -// -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - headers: -// end-user: -// exact: jason -// uri: -// prefix: "/ratings/v2/" -// ignoreUriCase: true -// route: -// - destination: -// host: ratings.prod.svc.cluster.local -// -// ``` -// -// HTTPMatchRequest CANNOT be empty. -// **Note:** -// 1. If a root VirtualService have matched any property (path, header etc.) by regex, delegate VirtualServices should not have any other matches on the same property. -// 2. If a delegate VirtualService have matched any property (path, header etc.) by regex, root VirtualServices should not have any other matches on the same property. -type HTTPMatchRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The name assigned to a match. The match's name will be - // concatenated with the parent route's name and will be logged in - // the access logs for requests matching this route. - Name string `protobuf:"bytes,11,opt,name=name,proto3" json:"name,omitempty"` - // URI to match - // values are case-sensitive and formatted as follows: - // - // - `exact: "value"` for exact string match - // - // - `prefix: "value"` for prefix-based match - // - // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - // - // **Note:** Case-insensitive matching could be enabled via the - // `ignoreUriCase` flag. - Uri *StringMatch `protobuf:"bytes,1,opt,name=uri,proto3" json:"uri,omitempty"` - // URI Scheme - // values are case-sensitive and formatted as follows: - // - // - `exact: "value"` for exact string match - // - // - `prefix: "value"` for prefix-based match - // - // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - Scheme *StringMatch `protobuf:"bytes,2,opt,name=scheme,proto3" json:"scheme,omitempty"` - // HTTP Method - // values are case-sensitive and formatted as follows: - // - // - `exact: "value"` for exact string match - // - // - `prefix: "value"` for prefix-based match - // - // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - Method *StringMatch `protobuf:"bytes,3,opt,name=method,proto3" json:"method,omitempty"` - // HTTP Authority - // values are case-sensitive and formatted as follows: - // - // - `exact: "value"` for exact string match - // - // - `prefix: "value"` for prefix-based match - // - // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - Authority *StringMatch `protobuf:"bytes,4,opt,name=authority,proto3" json:"authority,omitempty"` - // The header keys must be lowercase and use hyphen as the separator, - // e.g. _x-request-id_. - // - // Header values are case-sensitive and formatted as follows: - // - // - `exact: "value"` for exact string match - // - // - `prefix: "value"` for prefix-based match - // - // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - // - // If the value is empty and only the name of header is specified, presence of the header is checked. - // To provide an empty value, use `{}`, for example: - // - // ``` - // - match: - // - headers: - // myheader: {} - // - // ``` - // **Note:** The keys `uri`, `scheme`, `method`, and `authority` will be ignored. - Headers map[string]*StringMatch `protobuf:"bytes,5,rep,name=headers,proto3" json:"headers,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - // Specifies the ports on the host that is being addressed. Many services - // only expose a single port or label ports with the protocols they support, - // in these cases it is not required to explicitly select the port. - Port uint32 `protobuf:"varint,6,opt,name=port,proto3" json:"port,omitempty"` - // One or more labels that constrain the applicability of a rule to source (client) workloads - // with the given labels. If the VirtualService has a list of gateways specified - // in the top-level `gateways` field, it must include the reserved gateway - // `mesh` for this field to be applicable. - SourceLabels map[string]string `protobuf:"bytes,7,rep,name=source_labels,json=sourceLabels,proto3" json:"source_labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - // Names of gateways where the rule should be applied. Gateway names - // in the top-level `gateways` field of the VirtualService (if any) are overridden. The gateway - // match is independent of sourceLabels. - Gateways []string `protobuf:"bytes,8,rep,name=gateways,proto3" json:"gateways,omitempty"` - // Query parameters for matching. - // - // Ex: - // - // - For a query parameter like "?key=true", the map key would be "key" and - // the string match could be defined as `exact: "true"`. - // - // - For a query parameter like "?key", the map key would be "key" and the - // string match could be defined as `exact: ""`. - // - // - For a query parameter like "?key=abc" or "?key=abx", the map key would be "key" and the - // string match could be defined as `prefix: "ab"`. - // - // - For a query parameter like "?key=123", the map key would be "key" and the - // string match could be defined as `regex: "\d+$"`. Note that this - // configuration will only match values like "123" but not "a123" or "123a". - QueryParams map[string]*StringMatch `protobuf:"bytes,9,rep,name=query_params,json=queryParams,proto3" json:"query_params,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - // Flag to specify whether the URI matching should be case-insensitive. - // - // **Note:** The case will be ignored only in the case of `exact` and `prefix` - // URI matches. - IgnoreUriCase bool `protobuf:"varint,10,opt,name=ignore_uri_case,json=ignoreUriCase,proto3" json:"ignore_uri_case,omitempty"` - // withoutHeader has the same syntax with the header, but has opposite meaning. - // If a header is matched with a matching rule among withoutHeader, the traffic becomes not matched one. - WithoutHeaders map[string]*StringMatch `protobuf:"bytes,12,rep,name=without_headers,json=withoutHeaders,proto3" json:"without_headers,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - // Source namespace constraining the applicability of a rule to workloads in that namespace. - // If the VirtualService has a list of gateways specified in the top-level `gateways` field, - // it must include the reserved gateway `mesh` for this field to be applicable. - SourceNamespace string `protobuf:"bytes,13,opt,name=source_namespace,json=sourceNamespace,proto3" json:"source_namespace,omitempty"` - // The human readable prefix to use when emitting statistics for this route. - // The statistics are generated with prefix route.. - // This should be set for highly critical routes that one wishes to get "per-route" statistics on. - // This prefix is only for proxy-level statistics (envoy_*) and not service-level (istio_*) statistics. - // Refer to https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-route-stat-prefix - // for statistics that are generated when this is configured. - StatPrefix string `protobuf:"bytes,14,opt,name=stat_prefix,json=statPrefix,proto3" json:"stat_prefix,omitempty"` -} - -func (x *HTTPMatchRequest) Reset() { - *x = HTTPMatchRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_virtual_service_proto_msgTypes[7] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *HTTPMatchRequest) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*HTTPMatchRequest) ProtoMessage() {} - -func (x *HTTPMatchRequest) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_virtual_service_proto_msgTypes[7] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use HTTPMatchRequest.ProtoReflect.Descriptor instead. -func (*HTTPMatchRequest) Descriptor() ([]byte, []int) { - return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{7} -} - -func (x *HTTPMatchRequest) GetName() string { - if x != nil { - return x.Name - } - return "" -} - -func (x *HTTPMatchRequest) GetUri() *StringMatch { - if x != nil { - return x.Uri - } - return nil -} - -func (x *HTTPMatchRequest) GetScheme() *StringMatch { - if x != nil { - return x.Scheme - } - return nil -} - -func (x *HTTPMatchRequest) GetMethod() *StringMatch { - if x != nil { - return x.Method - } - return nil -} - -func (x *HTTPMatchRequest) GetAuthority() *StringMatch { - if x != nil { - return x.Authority - } - return nil -} - -func (x *HTTPMatchRequest) GetHeaders() map[string]*StringMatch { - if x != nil { - return x.Headers - } - return nil -} - -func (x *HTTPMatchRequest) GetPort() uint32 { - if x != nil { - return x.Port - } - return 0 -} - -func (x *HTTPMatchRequest) GetSourceLabels() map[string]string { - if x != nil { - return x.SourceLabels - } - return nil -} - -func (x *HTTPMatchRequest) GetGateways() []string { - if x != nil { - return x.Gateways - } - return nil -} - -func (x *HTTPMatchRequest) GetQueryParams() map[string]*StringMatch { - if x != nil { - return x.QueryParams - } - return nil -} - -func (x *HTTPMatchRequest) GetIgnoreUriCase() bool { - if x != nil { - return x.IgnoreUriCase - } - return false -} - -func (x *HTTPMatchRequest) GetWithoutHeaders() map[string]*StringMatch { - if x != nil { - return x.WithoutHeaders - } - return nil -} - -func (x *HTTPMatchRequest) GetSourceNamespace() string { - if x != nil { - return x.SourceNamespace - } - return "" -} - -func (x *HTTPMatchRequest) GetStatPrefix() string { - if x != nil { - return x.StatPrefix - } - return "" -} - -// Each routing rule is associated with one or more service versions (see -// glossary in beginning of document). Weights associated with the version -// determine the proportion of traffic it receives. For example, the -// following rule will route 25% of traffic for the "reviews" service to -// instances with the "v2" tag and the remaining traffic (i.e., 75%) to -// "v1". -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// -// name: reviews-route -// -// spec: -// -// hosts: -// - reviews.prod.svc.cluster.local -// http: -// - route: -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v2 -// weight: 25 -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v1 -// weight: 75 -// -// ``` -// -// # And the associated DestinationRule -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// -// name: reviews-destination -// -// spec: -// -// host: reviews.prod.svc.cluster.local -// subsets: -// - name: v1 -// labels: -// version: v1 -// - name: v2 -// labels: -// version: v2 -// -// ``` -// -// Traffic can also be split across two entirely different services without -// having to define new subsets. For example, the following rule forwards 25% of -// traffic to reviews.com to dev.reviews.com -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// -// name: reviews-route-two-domains -// -// spec: -// -// hosts: -// - reviews.com -// http: -// - route: -// - destination: -// host: dev.reviews.com -// weight: 25 -// - destination: -// host: reviews.com -// weight: 75 -// -// ``` -type HTTPRouteDestination struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Destination uniquely identifies the instances of a service - // to which the request/connection should be forwarded to. - Destination *Destination `protobuf:"bytes,1,opt,name=destination,proto3" json:"destination,omitempty"` - // Weight specifies the relative proportion of traffic to be forwarded to the destination. A destination will receive `weight/(sum of all weights)` requests. - // If there is only one destination in a rule, it will receive all traffic. - // Otherwise, if weight is `0`, the destination will not receive any traffic. - Weight int32 `protobuf:"varint,2,opt,name=weight,proto3" json:"weight,omitempty"` - // Header manipulation rules - Headers *Headers `protobuf:"bytes,7,opt,name=headers,proto3" json:"headers,omitempty"` -} - -func (x *HTTPRouteDestination) Reset() { - *x = HTTPRouteDestination{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_virtual_service_proto_msgTypes[8] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *HTTPRouteDestination) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*HTTPRouteDestination) ProtoMessage() {} - -func (x *HTTPRouteDestination) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_virtual_service_proto_msgTypes[8] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use HTTPRouteDestination.ProtoReflect.Descriptor instead. -func (*HTTPRouteDestination) Descriptor() ([]byte, []int) { - return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{8} -} - -func (x *HTTPRouteDestination) GetDestination() *Destination { - if x != nil { - return x.Destination - } - return nil -} - -func (x *HTTPRouteDestination) GetWeight() int32 { - if x != nil { - return x.Weight - } - return 0 -} - -func (x *HTTPRouteDestination) GetHeaders() *Headers { - if x != nil { - return x.Headers - } - return nil -} - -// L4 routing rule weighted destination. -type RouteDestination struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Destination uniquely identifies the instances of a service - // to which the request/connection should be forwarded to. - Destination *Destination `protobuf:"bytes,1,opt,name=destination,proto3" json:"destination,omitempty"` - // Weight specifies the relative proportion of traffic to be forwarded to the destination. A destination will receive `weight/(sum of all weights)` requests. - // If there is only one destination in a rule, it will receive all traffic. - // Otherwise, if weight is `0`, the destination will not receive any traffic. - Weight int32 `protobuf:"varint,2,opt,name=weight,proto3" json:"weight,omitempty"` -} - -func (x *RouteDestination) Reset() { - *x = RouteDestination{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_virtual_service_proto_msgTypes[9] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *RouteDestination) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*RouteDestination) ProtoMessage() {} - -func (x *RouteDestination) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_virtual_service_proto_msgTypes[9] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use RouteDestination.ProtoReflect.Descriptor instead. -func (*RouteDestination) Descriptor() ([]byte, []int) { - return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{9} -} - -func (x *RouteDestination) GetDestination() *Destination { - if x != nil { - return x.Destination - } - return nil -} - -func (x *RouteDestination) GetWeight() int32 { - if x != nil { - return x.Weight - } - return 0 -} - -// L4 connection match attributes. Note that L4 connection matching support -// is incomplete. -type L4MatchAttributes struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // IPv4 or IPv6 ip addresses of destination with optional subnet. E.g., - // a.b.c.d/xx form or just a.b.c.d. - DestinationSubnets []string `protobuf:"bytes,1,rep,name=destination_subnets,json=destinationSubnets,proto3" json:"destination_subnets,omitempty"` - // Specifies the port on the host that is being addressed. Many services - // only expose a single port or label ports with the protocols they support, - // in these cases it is not required to explicitly select the port. - Port uint32 `protobuf:"varint,2,opt,name=port,proto3" json:"port,omitempty"` - // IPv4 or IPv6 ip address of source with optional subnet. E.g., a.b.c.d/xx - // form or just a.b.c.d - // $hide_from_docs - SourceSubnet string `protobuf:"bytes,3,opt,name=source_subnet,json=sourceSubnet,proto3" json:"source_subnet,omitempty"` - // One or more labels that constrain the applicability of a rule to - // workloads with the given labels. If the VirtualService has a list of - // gateways specified in the top-level `gateways` field, it should include the reserved gateway - // `mesh` in order for this field to be applicable. - SourceLabels map[string]string `protobuf:"bytes,4,rep,name=source_labels,json=sourceLabels,proto3" json:"source_labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - // Names of gateways where the rule should be applied. Gateway names - // in the top-level `gateways` field of the VirtualService (if any) are overridden. The gateway - // match is independent of sourceLabels. - Gateways []string `protobuf:"bytes,5,rep,name=gateways,proto3" json:"gateways,omitempty"` - // Source namespace constraining the applicability of a rule to workloads in that namespace. - // If the VirtualService has a list of gateways specified in the top-level `gateways` field, - // it must include the reserved gateway `mesh` for this field to be applicable. - SourceNamespace string `protobuf:"bytes,6,opt,name=source_namespace,json=sourceNamespace,proto3" json:"source_namespace,omitempty"` -} - -func (x *L4MatchAttributes) Reset() { - *x = L4MatchAttributes{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_virtual_service_proto_msgTypes[10] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *L4MatchAttributes) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*L4MatchAttributes) ProtoMessage() {} - -func (x *L4MatchAttributes) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_virtual_service_proto_msgTypes[10] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use L4MatchAttributes.ProtoReflect.Descriptor instead. -func (*L4MatchAttributes) Descriptor() ([]byte, []int) { - return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{10} -} - -func (x *L4MatchAttributes) GetDestinationSubnets() []string { - if x != nil { - return x.DestinationSubnets - } - return nil -} - -func (x *L4MatchAttributes) GetPort() uint32 { - if x != nil { - return x.Port - } - return 0 -} - -func (x *L4MatchAttributes) GetSourceSubnet() string { - if x != nil { - return x.SourceSubnet - } - return "" -} - -func (x *L4MatchAttributes) GetSourceLabels() map[string]string { - if x != nil { - return x.SourceLabels - } - return nil -} - -func (x *L4MatchAttributes) GetGateways() []string { - if x != nil { - return x.Gateways - } - return nil -} - -func (x *L4MatchAttributes) GetSourceNamespace() string { - if x != nil { - return x.SourceNamespace - } - return "" -} - -// TLS connection match attributes. -type TLSMatchAttributes struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // SNI (server name indicator) to match on. Wildcard prefixes - // can be used in the SNI value, e.g., *.com will match foo.example.com - // as well as example.com. An SNI value must be a subset (i.e., fall - // within the domain) of the corresponding virtual service's hosts. - SniHosts []string `protobuf:"bytes,1,rep,name=sni_hosts,json=sniHosts,proto3" json:"sni_hosts,omitempty"` - // IPv4 or IPv6 ip addresses of destination with optional subnet. E.g., - // a.b.c.d/xx form or just a.b.c.d. - DestinationSubnets []string `protobuf:"bytes,2,rep,name=destination_subnets,json=destinationSubnets,proto3" json:"destination_subnets,omitempty"` - // Specifies the port on the host that is being addressed. Many services - // only expose a single port or label ports with the protocols they - // support, in these cases it is not required to explicitly select the - // port. - Port uint32 `protobuf:"varint,3,opt,name=port,proto3" json:"port,omitempty"` - // One or more labels that constrain the applicability of a rule to - // workloads with the given labels. If the VirtualService has a list of - // gateways specified in the top-level `gateways` field, it should include the reserved gateway - // `mesh` in order for this field to be applicable. - SourceLabels map[string]string `protobuf:"bytes,5,rep,name=source_labels,json=sourceLabels,proto3" json:"source_labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - // Names of gateways where the rule should be applied. Gateway names - // in the top-level `gateways` field of the VirtualService (if any) are overridden. The gateway - // match is independent of sourceLabels. - Gateways []string `protobuf:"bytes,6,rep,name=gateways,proto3" json:"gateways,omitempty"` - // Source namespace constraining the applicability of a rule to workloads in that namespace. - // If the VirtualService has a list of gateways specified in the top-level `gateways` field, - // it must include the reserved gateway `mesh` for this field to be applicable. - SourceNamespace string `protobuf:"bytes,7,opt,name=source_namespace,json=sourceNamespace,proto3" json:"source_namespace,omitempty"` -} - -func (x *TLSMatchAttributes) Reset() { - *x = TLSMatchAttributes{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_virtual_service_proto_msgTypes[11] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *TLSMatchAttributes) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*TLSMatchAttributes) ProtoMessage() {} - -func (x *TLSMatchAttributes) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_virtual_service_proto_msgTypes[11] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use TLSMatchAttributes.ProtoReflect.Descriptor instead. -func (*TLSMatchAttributes) Descriptor() ([]byte, []int) { - return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{11} -} - -func (x *TLSMatchAttributes) GetSniHosts() []string { - if x != nil { - return x.SniHosts - } - return nil -} - -func (x *TLSMatchAttributes) GetDestinationSubnets() []string { - if x != nil { - return x.DestinationSubnets - } - return nil -} - -func (x *TLSMatchAttributes) GetPort() uint32 { - if x != nil { - return x.Port - } - return 0 -} - -func (x *TLSMatchAttributes) GetSourceLabels() map[string]string { - if x != nil { - return x.SourceLabels - } - return nil -} - -func (x *TLSMatchAttributes) GetGateways() []string { - if x != nil { - return x.Gateways - } - return nil -} - -func (x *TLSMatchAttributes) GetSourceNamespace() string { - if x != nil { - return x.SourceNamespace - } - return "" -} - -// HTTPRedirect can be used to send a 301 redirect response to the caller, -// where the Authority/Host and the URI in the response can be swapped with -// the specified values. For example, the following rule redirects -// requests for /v1/getProductRatings API on the ratings service to -// /v1/bookRatings provided by the bookratings service. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// -// name: ratings-route -// -// spec: -// -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - uri: -// exact: /v1/getProductRatings -// redirect: -// uri: /v1/bookRatings -// authority: newratings.default.svc.cluster.local -// ... -// -// ``` -type HTTPRedirect struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // On a redirect, overwrite the Path portion of the URL with this - // value. Note that the entire path will be replaced, irrespective of the - // request URI being matched as an exact path or prefix. - Uri string `protobuf:"bytes,1,opt,name=uri,proto3" json:"uri,omitempty"` - // On a redirect, overwrite the Authority/Host portion of the URL with - // this value. - Authority string `protobuf:"bytes,2,opt,name=authority,proto3" json:"authority,omitempty"` - // Types that are assignable to RedirectPort: - // - // *HTTPRedirect_Port - // *HTTPRedirect_DerivePort - RedirectPort isHTTPRedirect_RedirectPort `protobuf_oneof:"redirect_port"` - // On a redirect, overwrite the scheme portion of the URL with this value. - // For example, `http` or `https`. - // If unset, the original scheme will be used. - // If `derivePort` is set to `FROM_PROTOCOL_DEFAULT`, this will impact the port used as well - Scheme string `protobuf:"bytes,6,opt,name=scheme,proto3" json:"scheme,omitempty"` - // On a redirect, Specifies the HTTP status code to use in the redirect - // response. The default response code is MOVED_PERMANENTLY (301). - RedirectCode uint32 `protobuf:"varint,3,opt,name=redirect_code,json=redirectCode,proto3" json:"redirect_code,omitempty"` -} - -func (x *HTTPRedirect) Reset() { - *x = HTTPRedirect{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_virtual_service_proto_msgTypes[12] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *HTTPRedirect) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*HTTPRedirect) ProtoMessage() {} - -func (x *HTTPRedirect) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_virtual_service_proto_msgTypes[12] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use HTTPRedirect.ProtoReflect.Descriptor instead. -func (*HTTPRedirect) Descriptor() ([]byte, []int) { - return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{12} -} - -func (x *HTTPRedirect) GetUri() string { - if x != nil { - return x.Uri - } - return "" -} - -func (x *HTTPRedirect) GetAuthority() string { - if x != nil { - return x.Authority - } - return "" -} - -func (m *HTTPRedirect) GetRedirectPort() isHTTPRedirect_RedirectPort { - if m != nil { - return m.RedirectPort - } - return nil -} - -func (x *HTTPRedirect) GetPort() uint32 { - if x, ok := x.GetRedirectPort().(*HTTPRedirect_Port); ok { - return x.Port - } - return 0 -} - -func (x *HTTPRedirect) GetDerivePort() HTTPRedirect_RedirectPortSelection { - if x, ok := x.GetRedirectPort().(*HTTPRedirect_DerivePort); ok { - return x.DerivePort - } - return HTTPRedirect_FROM_PROTOCOL_DEFAULT -} - -func (x *HTTPRedirect) GetScheme() string { - if x != nil { - return x.Scheme - } - return "" -} - -func (x *HTTPRedirect) GetRedirectCode() uint32 { - if x != nil { - return x.RedirectCode - } - return 0 -} - -type isHTTPRedirect_RedirectPort interface { - isHTTPRedirect_RedirectPort() -} - -type HTTPRedirect_Port struct { - // On a redirect, overwrite the port portion of the URL with this value. - Port uint32 `protobuf:"varint,4,opt,name=port,proto3,oneof"` -} - -type HTTPRedirect_DerivePort struct { - // On a redirect, dynamically set the port: - // * FROM_PROTOCOL_DEFAULT: automatically set to 80 for HTTP and 443 for HTTPS. - // * FROM_REQUEST_PORT: automatically use the port of the request. - DerivePort HTTPRedirect_RedirectPortSelection `protobuf:"varint,5,opt,name=derive_port,json=derivePort,proto3,enum=istio.networking.v1.HTTPRedirect_RedirectPortSelection,oneof"` -} - -func (*HTTPRedirect_Port) isHTTPRedirect_RedirectPort() {} - -func (*HTTPRedirect_DerivePort) isHTTPRedirect_RedirectPort() {} - -// HTTPDirectResponse can be used to send a fixed response to clients. -// For example, the following rule returns a fixed 503 status with a body -// to requests for /v1/getProductRatings API. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// -// name: ratings-route -// -// spec: -// -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - uri: -// exact: /v1/getProductRatings -// directResponse: -// status: 503 -// body: -// string: "unknown error" -// ... -// -// ``` -// -// It is also possible to specify a binary response body. -// This is mostly useful for non text-based protocols such as gRPC. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// -// name: ratings-route -// -// spec: -// -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - uri: -// exact: /v1/getProductRatings -// directResponse: -// status: 503 -// body: -// bytes: "dW5rbm93biBlcnJvcg==" # "unknown error" in base64 -// ... -// -// ``` -// -// It is good practice to add headers in the HTTPRoute -// as well as the direct_response, for example to specify -// the returned Content-Type. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// -// name: ratings-route -// -// spec: -// -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - uri: -// exact: /v1/getProductRatings -// directResponse: -// status: 503 -// body: -// string: "{\"error\": \"unknown error\"}" -// headers: -// response: -// set: -// content-type: "text/plain" -// ... -// -// ``` -type HTTPDirectResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Specifies the HTTP response status to be returned. - Status uint32 `protobuf:"varint,1,opt,name=status,proto3" json:"status,omitempty"` - // Specifies the content of the response body. If this setting is omitted, - // no body is included in the generated response. - Body *HTTPBody `protobuf:"bytes,2,opt,name=body,proto3" json:"body,omitempty"` -} - -func (x *HTTPDirectResponse) Reset() { - *x = HTTPDirectResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_virtual_service_proto_msgTypes[13] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *HTTPDirectResponse) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*HTTPDirectResponse) ProtoMessage() {} - -func (x *HTTPDirectResponse) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_virtual_service_proto_msgTypes[13] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use HTTPDirectResponse.ProtoReflect.Descriptor instead. -func (*HTTPDirectResponse) Descriptor() ([]byte, []int) { - return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{13} -} - -func (x *HTTPDirectResponse) GetStatus() uint32 { - if x != nil { - return x.Status - } - return 0 -} - -func (x *HTTPDirectResponse) GetBody() *HTTPBody { - if x != nil { - return x.Body - } - return nil -} - -type HTTPBody struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Types that are assignable to Specifier: - // - // *HTTPBody_String_ - // *HTTPBody_Bytes - Specifier isHTTPBody_Specifier `protobuf_oneof:"specifier"` -} - -func (x *HTTPBody) Reset() { - *x = HTTPBody{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_virtual_service_proto_msgTypes[14] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *HTTPBody) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*HTTPBody) ProtoMessage() {} - -func (x *HTTPBody) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_virtual_service_proto_msgTypes[14] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use HTTPBody.ProtoReflect.Descriptor instead. -func (*HTTPBody) Descriptor() ([]byte, []int) { - return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{14} -} - -func (m *HTTPBody) GetSpecifier() isHTTPBody_Specifier { - if m != nil { - return m.Specifier - } - return nil -} - -func (x *HTTPBody) GetString_() string { - if x, ok := x.GetSpecifier().(*HTTPBody_String_); ok { - return x.String_ - } - return "" -} - -func (x *HTTPBody) GetBytes() []byte { - if x, ok := x.GetSpecifier().(*HTTPBody_Bytes); ok { - return x.Bytes - } - return nil -} - -type isHTTPBody_Specifier interface { - isHTTPBody_Specifier() -} - -type HTTPBody_String_ struct { - // response body as a string - String_ string `protobuf:"bytes,1,opt,name=string,proto3,oneof"` -} - -type HTTPBody_Bytes struct { - // response body as base64 encoded bytes. - Bytes []byte `protobuf:"bytes,2,opt,name=bytes,proto3,oneof"` -} - -func (*HTTPBody_String_) isHTTPBody_Specifier() {} - -func (*HTTPBody_Bytes) isHTTPBody_Specifier() {} - -// HTTPRewrite can be used to rewrite specific parts of a HTTP request -// before forwarding the request to the destination. Rewrite primitive can -// be used only with HTTPRouteDestination. The following example -// demonstrates how to rewrite the URL prefix for api call (/ratings) to -// ratings service before making the actual API call. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// -// name: ratings-route -// -// spec: -// -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - uri: -// prefix: /ratings -// rewrite: -// uri: /v1/bookRatings -// route: -// - destination: -// host: ratings.prod.svc.cluster.local -// subset: v1 -// -// ``` -type HTTPRewrite struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // rewrite the path (or the prefix) portion of the URI with this - // value. If the original URI was matched based on prefix, the value - // provided in this field will replace the corresponding matched prefix. - Uri string `protobuf:"bytes,1,opt,name=uri,proto3" json:"uri,omitempty"` - // rewrite the Authority/Host header with this value. - Authority string `protobuf:"bytes,2,opt,name=authority,proto3" json:"authority,omitempty"` - // rewrite the path portion of the URI with the specified regex. - UriRegexRewrite *RegexRewrite `protobuf:"bytes,3,opt,name=uri_regex_rewrite,json=uriRegexRewrite,proto3" json:"uri_regex_rewrite,omitempty"` -} - -func (x *HTTPRewrite) Reset() { - *x = HTTPRewrite{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_virtual_service_proto_msgTypes[15] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *HTTPRewrite) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*HTTPRewrite) ProtoMessage() {} - -func (x *HTTPRewrite) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_virtual_service_proto_msgTypes[15] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use HTTPRewrite.ProtoReflect.Descriptor instead. -func (*HTTPRewrite) Descriptor() ([]byte, []int) { - return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{15} -} - -func (x *HTTPRewrite) GetUri() string { - if x != nil { - return x.Uri - } - return "" -} - -func (x *HTTPRewrite) GetAuthority() string { - if x != nil { - return x.Authority - } - return "" -} - -func (x *HTTPRewrite) GetUriRegexRewrite() *RegexRewrite { - if x != nil { - return x.UriRegexRewrite - } - return nil -} - -type RegexRewrite struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - Match string `protobuf:"bytes,1,opt,name=match,proto3" json:"match,omitempty"` - // The string that should replace into matching portions of original URI. - // Capture groups in the pattern can be referenced in the new URI. - // Examples: - // - // Example 1: rewrite with capture groups - // Path pattern "/service/update/v1/api" with match "^/service/([^/]+)(/.*)$" and - // rewrite string of "/customprefix/\2/\1" would transform into "/customprefix/v1/api/update". - // - // Example 2: case insensitive rewrite - // Path pattern "/aaa/XxX/bbb" with match "(?i)/xxx/" and a rewrite string of /yyy/ would do a - // case-insensitive match and transform the path to "/aaa/yyy/bbb". - Rewrite string `protobuf:"bytes,2,opt,name=rewrite,proto3" json:"rewrite,omitempty"` -} - -func (x *RegexRewrite) Reset() { - *x = RegexRewrite{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_virtual_service_proto_msgTypes[16] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *RegexRewrite) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*RegexRewrite) ProtoMessage() {} - -func (x *RegexRewrite) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_virtual_service_proto_msgTypes[16] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use RegexRewrite.ProtoReflect.Descriptor instead. -func (*RegexRewrite) Descriptor() ([]byte, []int) { - return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{16} -} - -func (x *RegexRewrite) GetMatch() string { - if x != nil { - return x.Match - } - return "" -} - -func (x *RegexRewrite) GetRewrite() string { - if x != nil { - return x.Rewrite - } - return "" -} - -// Describes how to match a given string in HTTP headers. Match is -// case-sensitive. -type StringMatch struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Types that are assignable to MatchType: - // - // *StringMatch_Exact - // *StringMatch_Prefix - // *StringMatch_Regex - MatchType isStringMatch_MatchType `protobuf_oneof:"match_type"` -} - -func (x *StringMatch) Reset() { - *x = StringMatch{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_virtual_service_proto_msgTypes[17] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *StringMatch) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*StringMatch) ProtoMessage() {} - -func (x *StringMatch) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_virtual_service_proto_msgTypes[17] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use StringMatch.ProtoReflect.Descriptor instead. -func (*StringMatch) Descriptor() ([]byte, []int) { - return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{17} -} - -func (m *StringMatch) GetMatchType() isStringMatch_MatchType { - if m != nil { - return m.MatchType - } - return nil -} - -func (x *StringMatch) GetExact() string { - if x, ok := x.GetMatchType().(*StringMatch_Exact); ok { - return x.Exact - } - return "" -} - -func (x *StringMatch) GetPrefix() string { - if x, ok := x.GetMatchType().(*StringMatch_Prefix); ok { - return x.Prefix - } - return "" -} - -func (x *StringMatch) GetRegex() string { - if x, ok := x.GetMatchType().(*StringMatch_Regex); ok { - return x.Regex - } - return "" -} - -type isStringMatch_MatchType interface { - isStringMatch_MatchType() -} - -type StringMatch_Exact struct { - // exact string match - Exact string `protobuf:"bytes,1,opt,name=exact,proto3,oneof"` -} - -type StringMatch_Prefix struct { - // prefix-based match - Prefix string `protobuf:"bytes,2,opt,name=prefix,proto3,oneof"` -} - -type StringMatch_Regex struct { - // RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - Regex string `protobuf:"bytes,3,opt,name=regex,proto3,oneof"` -} - -func (*StringMatch_Exact) isStringMatch_MatchType() {} - -func (*StringMatch_Prefix) isStringMatch_MatchType() {} - -func (*StringMatch_Regex) isStringMatch_MatchType() {} - -// Describes the retry policy to use when a HTTP request fails. For -// example, the following rule sets the maximum number of retries to 3 when -// calling ratings:v1 service, with a 2s timeout per retry attempt. -// A retry will be attempted if there is a connect-failure, refused_stream -// or when the upstream server responds with Service Unavailable(503). -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// -// name: ratings-route -// -// spec: -// -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - route: -// - destination: -// host: ratings.prod.svc.cluster.local -// subset: v1 -// retries: -// attempts: 3 -// perTryTimeout: 2s -// retryOn: gateway-error,connect-failure,refused-stream -// -// ``` -type HTTPRetry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Number of retries to be allowed for a given request. The interval - // between retries will be determined automatically (25ms+). When request - // `timeout` of the [HTTP route](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPRoute) - // or `per_try_timeout` is configured, the actual number of retries attempted also depends on - // the specified request `timeout` and `per_try_timeout` values. MUST BE >= 0. If `0`, retries will be disabled. - // The maximum possible number of requests made will be 1 + `attempts`. - Attempts int32 `protobuf:"varint,1,opt,name=attempts,proto3" json:"attempts,omitempty"` - // Timeout per attempt for a given request, including the initial call and any retries. Format: 1h/1m/1s/1ms. MUST BE >=1ms. - // Default is same value as request - // `timeout` of the [HTTP route](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPRoute), - // which means no timeout. - PerTryTimeout *duration.Duration `protobuf:"bytes,2,opt,name=per_try_timeout,json=perTryTimeout,proto3" json:"per_try_timeout,omitempty"` - // Specifies the conditions under which retry takes place. - // One or more policies can be specified using a ‘,’ delimited list. - // If `retry_on` specifies a valid HTTP status, it will be added to retriable_status_codes retry policy. - // See the [retry policies](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-on) - // and [gRPC retry policies](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-grpc-on) for more details. - RetryOn string `protobuf:"bytes,3,opt,name=retry_on,json=retryOn,proto3" json:"retry_on,omitempty"` - // Flag to specify whether the retries should retry to other localities. - // See the [retry plugin configuration](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/http/http_connection_management#retry-plugin-configuration) for more details. - RetryRemoteLocalities *wrappers.BoolValue `protobuf:"bytes,4,opt,name=retry_remote_localities,json=retryRemoteLocalities,proto3" json:"retry_remote_localities,omitempty"` -} - -func (x *HTTPRetry) Reset() { - *x = HTTPRetry{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_virtual_service_proto_msgTypes[18] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *HTTPRetry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*HTTPRetry) ProtoMessage() {} - -func (x *HTTPRetry) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_virtual_service_proto_msgTypes[18] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use HTTPRetry.ProtoReflect.Descriptor instead. -func (*HTTPRetry) Descriptor() ([]byte, []int) { - return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{18} -} - -func (x *HTTPRetry) GetAttempts() int32 { - if x != nil { - return x.Attempts - } - return 0 -} - -func (x *HTTPRetry) GetPerTryTimeout() *duration.Duration { - if x != nil { - return x.PerTryTimeout - } - return nil -} - -func (x *HTTPRetry) GetRetryOn() string { - if x != nil { - return x.RetryOn - } - return "" -} - -func (x *HTTPRetry) GetRetryRemoteLocalities() *wrappers.BoolValue { - if x != nil { - return x.RetryRemoteLocalities - } - return nil -} - -// Describes the Cross-Origin Resource Sharing (CORS) policy, for a given -// service. Refer to [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS) -// for further details about cross origin resource sharing. For example, -// the following rule restricts cross origin requests to those originating -// from example.com domain using HTTP POST/GET, and sets the -// `Access-Control-Allow-Credentials` header to false. In addition, it only -// exposes `X-Foo-bar` header and sets an expiry period of 1 day. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// -// name: ratings-route -// -// spec: -// -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - route: -// - destination: -// host: ratings.prod.svc.cluster.local -// subset: v1 -// corsPolicy: -// allowOrigins: -// - exact: https://example.com -// allowMethods: -// - POST -// - GET -// allowCredentials: false -// allowHeaders: -// - X-Foo-Bar -// maxAge: "24h" -// -// ``` -type CorsPolicy struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The list of origins that are allowed to perform CORS requests. The - // content will be serialized into the Access-Control-Allow-Origin - // header. Wildcard * will allow all origins. - // $hide_from_docs - // - // Deprecated: Marked as deprecated in networking/v1/virtual_service.proto. - AllowOrigin []string `protobuf:"bytes,1,rep,name=allow_origin,json=allowOrigin,proto3" json:"allow_origin,omitempty"` - // String patterns that match allowed origins. - // An origin is allowed if any of the string matchers match. - // If a match is found, then the outgoing Access-Control-Allow-Origin would be set to the origin as provided by the client. - AllowOrigins []*StringMatch `protobuf:"bytes,7,rep,name=allow_origins,json=allowOrigins,proto3" json:"allow_origins,omitempty"` - // List of HTTP methods allowed to access the resource. The content will - // be serialized into the Access-Control-Allow-Methods header. - AllowMethods []string `protobuf:"bytes,2,rep,name=allow_methods,json=allowMethods,proto3" json:"allow_methods,omitempty"` - // List of HTTP headers that can be used when requesting the - // resource. Serialized to Access-Control-Allow-Headers header. - AllowHeaders []string `protobuf:"bytes,3,rep,name=allow_headers,json=allowHeaders,proto3" json:"allow_headers,omitempty"` - // A list of HTTP headers that the browsers are allowed to - // access. Serialized into Access-Control-Expose-Headers header. - ExposeHeaders []string `protobuf:"bytes,4,rep,name=expose_headers,json=exposeHeaders,proto3" json:"expose_headers,omitempty"` - // Specifies how long the results of a preflight request can be - // cached. Translates to the `Access-Control-Max-Age` header. - MaxAge *duration.Duration `protobuf:"bytes,5,opt,name=max_age,json=maxAge,proto3" json:"max_age,omitempty"` - // Indicates whether the caller is allowed to send the actual request - // (not the preflight) using credentials. Translates to - // `Access-Control-Allow-Credentials` header. - AllowCredentials *wrappers.BoolValue `protobuf:"bytes,6,opt,name=allow_credentials,json=allowCredentials,proto3" json:"allow_credentials,omitempty"` - // Indicates whether preflight requests not matching the configured - // allowed origin shouldn't be forwarded to the upstream. - // Default is forward to upstream. - UnmatchedPreflights CorsPolicy_UnmatchedPreflights `protobuf:"varint,8,opt,name=unmatched_preflights,json=unmatchedPreflights,proto3,enum=istio.networking.v1.CorsPolicy_UnmatchedPreflights" json:"unmatched_preflights,omitempty"` -} - -func (x *CorsPolicy) Reset() { - *x = CorsPolicy{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_virtual_service_proto_msgTypes[19] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CorsPolicy) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CorsPolicy) ProtoMessage() {} - -func (x *CorsPolicy) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_virtual_service_proto_msgTypes[19] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CorsPolicy.ProtoReflect.Descriptor instead. -func (*CorsPolicy) Descriptor() ([]byte, []int) { - return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{19} -} - -// Deprecated: Marked as deprecated in networking/v1/virtual_service.proto. -func (x *CorsPolicy) GetAllowOrigin() []string { - if x != nil { - return x.AllowOrigin - } - return nil -} - -func (x *CorsPolicy) GetAllowOrigins() []*StringMatch { - if x != nil { - return x.AllowOrigins - } - return nil -} - -func (x *CorsPolicy) GetAllowMethods() []string { - if x != nil { - return x.AllowMethods - } - return nil -} - -func (x *CorsPolicy) GetAllowHeaders() []string { - if x != nil { - return x.AllowHeaders - } - return nil -} - -func (x *CorsPolicy) GetExposeHeaders() []string { - if x != nil { - return x.ExposeHeaders - } - return nil -} - -func (x *CorsPolicy) GetMaxAge() *duration.Duration { - if x != nil { - return x.MaxAge - } - return nil -} - -func (x *CorsPolicy) GetAllowCredentials() *wrappers.BoolValue { - if x != nil { - return x.AllowCredentials - } - return nil -} - -func (x *CorsPolicy) GetUnmatchedPreflights() CorsPolicy_UnmatchedPreflights { - if x != nil { - return x.UnmatchedPreflights - } - return CorsPolicy_UNSPECIFIED -} - -// HTTPFaultInjection can be used to specify one or more faults to inject -// while forwarding HTTP requests to the destination specified in a route. -// Fault specification is part of a VirtualService rule. Faults include -// aborting the Http request from downstream service, and/or delaying -// proxying of requests. A fault rule MUST HAVE delay or abort or both. -// -// *Note:* Delay and abort faults are independent of one another, even if -// both are specified simultaneously. -type HTTPFaultInjection struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Delay requests before forwarding, emulating various failures such as - // network issues, overloaded upstream service, etc. - Delay *HTTPFaultInjection_Delay `protobuf:"bytes,1,opt,name=delay,proto3" json:"delay,omitempty"` - // Abort Http request attempts and return error codes back to downstream - // service, giving the impression that the upstream service is faulty. - Abort *HTTPFaultInjection_Abort `protobuf:"bytes,2,opt,name=abort,proto3" json:"abort,omitempty"` -} - -func (x *HTTPFaultInjection) Reset() { - *x = HTTPFaultInjection{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_virtual_service_proto_msgTypes[20] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *HTTPFaultInjection) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*HTTPFaultInjection) ProtoMessage() {} - -func (x *HTTPFaultInjection) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_virtual_service_proto_msgTypes[20] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use HTTPFaultInjection.ProtoReflect.Descriptor instead. -func (*HTTPFaultInjection) Descriptor() ([]byte, []int) { - return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{20} -} - -func (x *HTTPFaultInjection) GetDelay() *HTTPFaultInjection_Delay { - if x != nil { - return x.Delay - } - return nil -} - -func (x *HTTPFaultInjection) GetAbort() *HTTPFaultInjection_Abort { - if x != nil { - return x.Abort - } - return nil -} - -// HTTPMirrorPolicy can be used to specify the destinations to mirror HTTP traffic in addition -// to the original destination. Mirrored traffic is on a -// best effort basis where the sidecar/gateway will not wait for the -// mirrored destinations to respond before returning the response from the -// original destination. Statistics will be generated for the mirrored -// destination. -type HTTPMirrorPolicy struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Destination specifies the target of the mirror operation. - Destination *Destination `protobuf:"bytes,1,opt,name=destination,proto3" json:"destination,omitempty"` - // Percentage of the traffic to be mirrored by the `destination` field. - // If this field is absent, all the traffic (100%) will be mirrored. - // Max value is 100. - Percentage *Percent `protobuf:"bytes,2,opt,name=percentage,proto3" json:"percentage,omitempty"` -} - -func (x *HTTPMirrorPolicy) Reset() { - *x = HTTPMirrorPolicy{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_virtual_service_proto_msgTypes[21] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *HTTPMirrorPolicy) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*HTTPMirrorPolicy) ProtoMessage() {} - -func (x *HTTPMirrorPolicy) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_virtual_service_proto_msgTypes[21] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use HTTPMirrorPolicy.ProtoReflect.Descriptor instead. -func (*HTTPMirrorPolicy) Descriptor() ([]byte, []int) { - return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{21} -} - -func (x *HTTPMirrorPolicy) GetDestination() *Destination { - if x != nil { - return x.Destination - } - return nil -} - -func (x *HTTPMirrorPolicy) GetPercentage() *Percent { - if x != nil { - return x.Percentage - } - return nil -} - -// PortSelector specifies the number of a port to be used for -// matching or selection for final routing. -type PortSelector struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Valid port number - Number uint32 `protobuf:"varint,1,opt,name=number,proto3" json:"number,omitempty"` -} - -func (x *PortSelector) Reset() { - *x = PortSelector{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_virtual_service_proto_msgTypes[22] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *PortSelector) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*PortSelector) ProtoMessage() {} - -func (x *PortSelector) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_virtual_service_proto_msgTypes[22] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use PortSelector.ProtoReflect.Descriptor instead. -func (*PortSelector) Descriptor() ([]byte, []int) { - return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{22} -} - -func (x *PortSelector) GetNumber() uint32 { - if x != nil { - return x.Number - } - return 0 -} - -// Percent specifies a percentage in the range of [0.0, 100.0]. -type Percent struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Value float64 `protobuf:"fixed64,1,opt,name=value,proto3" json:"value,omitempty"` -} - -func (x *Percent) Reset() { - *x = Percent{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_virtual_service_proto_msgTypes[23] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Percent) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Percent) ProtoMessage() {} - -func (x *Percent) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_virtual_service_proto_msgTypes[23] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Percent.ProtoReflect.Descriptor instead. -func (*Percent) Descriptor() ([]byte, []int) { - return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{23} -} - -func (x *Percent) GetValue() float64 { - if x != nil { - return x.Value - } - return 0 -} - -// HeaderOperations Describes the header manipulations to apply -type Headers_HeaderOperations struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Overwrite the headers specified by key with the given values - Set map[string]string `protobuf:"bytes,1,rep,name=set,proto3" json:"set,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - // Append the given values to the headers specified by keys - // (will create a comma-separated list of values) - Add map[string]string `protobuf:"bytes,2,rep,name=add,proto3" json:"add,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - // Remove the specified headers - Remove []string `protobuf:"bytes,3,rep,name=remove,proto3" json:"remove,omitempty"` -} - -func (x *Headers_HeaderOperations) Reset() { - *x = Headers_HeaderOperations{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_virtual_service_proto_msgTypes[24] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Headers_HeaderOperations) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Headers_HeaderOperations) ProtoMessage() {} - -func (x *Headers_HeaderOperations) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_virtual_service_proto_msgTypes[24] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Headers_HeaderOperations.ProtoReflect.Descriptor instead. -func (*Headers_HeaderOperations) Descriptor() ([]byte, []int) { - return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{4, 0} -} - -func (x *Headers_HeaderOperations) GetSet() map[string]string { - if x != nil { - return x.Set - } - return nil -} - -func (x *Headers_HeaderOperations) GetAdd() map[string]string { - if x != nil { - return x.Add - } - return nil -} - -func (x *Headers_HeaderOperations) GetRemove() []string { - if x != nil { - return x.Remove - } - return nil -} - -// Delay specification is used to inject latency into the request -// forwarding path. The following example will introduce a 5 second delay -// in 1 out of every 1000 requests to the "v1" version of the "reviews" -// service from all pods with label env: prod -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// -// name: reviews-route -// -// spec: -// -// hosts: -// - reviews.prod.svc.cluster.local -// http: -// - match: -// - sourceLabels: -// env: prod -// route: -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v1 -// fault: -// delay: -// percentage: -// value: 0.1 -// fixedDelay: 5s -// -// ``` -// -// The _fixedDelay_ field is used to indicate the amount of delay in seconds. -// The optional _percentage_ field can be used to only delay a certain -// percentage of requests. If left unspecified, no request will be delayed. -type HTTPFaultInjection_Delay struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Percentage of requests on which the delay will be injected (0-100). - // Use of integer `percent` value is deprecated. Use the double `percentage` - // field instead. - // - // Deprecated: Marked as deprecated in networking/v1/virtual_service.proto. - Percent int32 `protobuf:"varint,1,opt,name=percent,proto3" json:"percent,omitempty"` - // Types that are assignable to HttpDelayType: - // - // *HTTPFaultInjection_Delay_FixedDelay - // *HTTPFaultInjection_Delay_ExponentialDelay - HttpDelayType isHTTPFaultInjection_Delay_HttpDelayType `protobuf_oneof:"http_delay_type"` - // Percentage of requests on which the delay will be injected. - // If left unspecified, no request will be delayed. - Percentage *Percent `protobuf:"bytes,5,opt,name=percentage,proto3" json:"percentage,omitempty"` -} - -func (x *HTTPFaultInjection_Delay) Reset() { - *x = HTTPFaultInjection_Delay{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_virtual_service_proto_msgTypes[33] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *HTTPFaultInjection_Delay) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*HTTPFaultInjection_Delay) ProtoMessage() {} - -func (x *HTTPFaultInjection_Delay) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_virtual_service_proto_msgTypes[33] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use HTTPFaultInjection_Delay.ProtoReflect.Descriptor instead. -func (*HTTPFaultInjection_Delay) Descriptor() ([]byte, []int) { - return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{20, 0} -} - -// Deprecated: Marked as deprecated in networking/v1/virtual_service.proto. -func (x *HTTPFaultInjection_Delay) GetPercent() int32 { - if x != nil { - return x.Percent - } - return 0 -} - -func (m *HTTPFaultInjection_Delay) GetHttpDelayType() isHTTPFaultInjection_Delay_HttpDelayType { - if m != nil { - return m.HttpDelayType - } - return nil -} - -func (x *HTTPFaultInjection_Delay) GetFixedDelay() *duration.Duration { - if x, ok := x.GetHttpDelayType().(*HTTPFaultInjection_Delay_FixedDelay); ok { - return x.FixedDelay - } - return nil -} - -func (x *HTTPFaultInjection_Delay) GetExponentialDelay() *duration.Duration { - if x, ok := x.GetHttpDelayType().(*HTTPFaultInjection_Delay_ExponentialDelay); ok { - return x.ExponentialDelay - } - return nil -} - -func (x *HTTPFaultInjection_Delay) GetPercentage() *Percent { - if x != nil { - return x.Percentage - } - return nil -} - -type isHTTPFaultInjection_Delay_HttpDelayType interface { - isHTTPFaultInjection_Delay_HttpDelayType() -} - -type HTTPFaultInjection_Delay_FixedDelay struct { - // Add a fixed delay before forwarding the request. Format: - // 1h/1m/1s/1ms. MUST be >=1ms. - FixedDelay *duration.Duration `protobuf:"bytes,2,opt,name=fixed_delay,json=fixedDelay,proto3,oneof"` -} - -type HTTPFaultInjection_Delay_ExponentialDelay struct { - // $hide_from_docs - ExponentialDelay *duration.Duration `protobuf:"bytes,3,opt,name=exponential_delay,json=exponentialDelay,proto3,oneof"` -} - -func (*HTTPFaultInjection_Delay_FixedDelay) isHTTPFaultInjection_Delay_HttpDelayType() {} - -func (*HTTPFaultInjection_Delay_ExponentialDelay) isHTTPFaultInjection_Delay_HttpDelayType() {} - -// Abort specification is used to prematurely abort a request with a -// pre-specified error code. The following example will return an HTTP 400 -// error code for 1 out of every 1000 requests to the "ratings" service "v1". -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// -// name: ratings-route -// -// spec: -// -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - route: -// - destination: -// host: ratings.prod.svc.cluster.local -// subset: v1 -// fault: -// abort: -// percentage: -// value: 0.1 -// httpStatus: 400 -// -// ``` -// -// The _httpStatus_ field is used to indicate the HTTP status code to -// return to the caller. The optional _percentage_ field can be used to only -// abort a certain percentage of requests. If not specified, no request will be -// aborted. -type HTTPFaultInjection_Abort struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Types that are assignable to ErrorType: - // - // *HTTPFaultInjection_Abort_HttpStatus - // *HTTPFaultInjection_Abort_GrpcStatus - // *HTTPFaultInjection_Abort_Http2Error - ErrorType isHTTPFaultInjection_Abort_ErrorType `protobuf_oneof:"error_type"` - // Percentage of requests to be aborted with the error code provided. - // If not specified, no request will be aborted. - Percentage *Percent `protobuf:"bytes,5,opt,name=percentage,proto3" json:"percentage,omitempty"` -} - -func (x *HTTPFaultInjection_Abort) Reset() { - *x = HTTPFaultInjection_Abort{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_virtual_service_proto_msgTypes[34] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *HTTPFaultInjection_Abort) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*HTTPFaultInjection_Abort) ProtoMessage() {} - -func (x *HTTPFaultInjection_Abort) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_virtual_service_proto_msgTypes[34] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use HTTPFaultInjection_Abort.ProtoReflect.Descriptor instead. -func (*HTTPFaultInjection_Abort) Descriptor() ([]byte, []int) { - return file_networking_v1_virtual_service_proto_rawDescGZIP(), []int{20, 1} -} - -func (m *HTTPFaultInjection_Abort) GetErrorType() isHTTPFaultInjection_Abort_ErrorType { - if m != nil { - return m.ErrorType - } - return nil -} - -func (x *HTTPFaultInjection_Abort) GetHttpStatus() int32 { - if x, ok := x.GetErrorType().(*HTTPFaultInjection_Abort_HttpStatus); ok { - return x.HttpStatus - } - return 0 -} - -func (x *HTTPFaultInjection_Abort) GetGrpcStatus() string { - if x, ok := x.GetErrorType().(*HTTPFaultInjection_Abort_GrpcStatus); ok { - return x.GrpcStatus - } - return "" -} - -func (x *HTTPFaultInjection_Abort) GetHttp2Error() string { - if x, ok := x.GetErrorType().(*HTTPFaultInjection_Abort_Http2Error); ok { - return x.Http2Error - } - return "" -} - -func (x *HTTPFaultInjection_Abort) GetPercentage() *Percent { - if x != nil { - return x.Percentage - } - return nil -} - -type isHTTPFaultInjection_Abort_ErrorType interface { - isHTTPFaultInjection_Abort_ErrorType() -} - -type HTTPFaultInjection_Abort_HttpStatus struct { - // HTTP status code to use to abort the Http request. - HttpStatus int32 `protobuf:"varint,2,opt,name=http_status,json=httpStatus,proto3,oneof"` -} - -type HTTPFaultInjection_Abort_GrpcStatus struct { - // GRPC status code to use to abort the request. The supported - // codes are documented in https://github.com/grpc/grpc/blob/master/doc/statuscodes.md - // Note: If you want to return the status "Unavailable", then you should - // specify the code as `UNAVAILABLE`(all caps), but not `14`. - GrpcStatus string `protobuf:"bytes,3,opt,name=grpc_status,json=grpcStatus,proto3,oneof"` -} - -type HTTPFaultInjection_Abort_Http2Error struct { - // $hide_from_docs - Http2Error string `protobuf:"bytes,4,opt,name=http2_error,json=http2Error,proto3,oneof"` -} - -func (*HTTPFaultInjection_Abort_HttpStatus) isHTTPFaultInjection_Abort_ErrorType() {} - -func (*HTTPFaultInjection_Abort_GrpcStatus) isHTTPFaultInjection_Abort_ErrorType() {} - -func (*HTTPFaultInjection_Abort_Http2Error) isHTTPFaultInjection_Abort_ErrorType() {} - -var File_networking_v1_virtual_service_proto protoreflect.FileDescriptor - -var file_networking_v1_virtual_service_proto_rawDesc = []byte{ - 0x0a, 0x23, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x2f, - 0x76, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x13, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, - 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, - 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, - 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x75, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x77, 0x72, 0x61, - 0x70, 0x70, 0x65, 0x72, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xf5, 0x01, 0x0a, 0x0e, - 0x56, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x14, - 0x0a, 0x05, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x68, - 0x6f, 0x73, 0x74, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x73, - 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x73, - 0x12, 0x32, 0x0a, 0x04, 0x68, 0x74, 0x74, 0x70, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1e, - 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, - 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x04, - 0x68, 0x74, 0x74, 0x70, 0x12, 0x2f, 0x0a, 0x03, 0x74, 0x6c, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, - 0x0b, 0x32, 0x1d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, - 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x4c, 0x53, 0x52, 0x6f, 0x75, 0x74, 0x65, - 0x52, 0x03, 0x74, 0x6c, 0x73, 0x12, 0x2f, 0x0a, 0x03, 0x74, 0x63, 0x70, 0x18, 0x04, 0x20, 0x03, - 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, - 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x43, 0x50, 0x52, 0x6f, 0x75, 0x74, - 0x65, 0x52, 0x03, 0x74, 0x63, 0x70, 0x12, 0x1b, 0x0a, 0x09, 0x65, 0x78, 0x70, 0x6f, 0x72, 0x74, - 0x5f, 0x74, 0x6f, 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x65, 0x78, 0x70, 0x6f, 0x72, - 0x74, 0x54, 0x6f, 0x22, 0x75, 0x0a, 0x0b, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x12, 0x17, 0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, - 0x75, 0x62, 0x73, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x75, 0x62, - 0x73, 0x65, 0x74, 0x12, 0x35, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x21, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, - 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x6f, 0x72, 0x74, 0x53, 0x65, 0x6c, 0x65, - 0x63, 0x74, 0x6f, 0x72, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x22, 0xed, 0x08, 0x0a, 0x09, 0x48, - 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, - 0x18, 0x11, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x3b, 0x0a, 0x05, - 0x6d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x73, - 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, - 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x52, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x3f, 0x0a, 0x05, 0x72, 0x6f, 0x75, - 0x74, 0x65, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x48, - 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x52, 0x05, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x3d, 0x0a, 0x08, 0x72, 0x65, - 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x69, - 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, - 0x76, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x52, - 0x08, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x12, 0x50, 0x0a, 0x0f, 0x64, 0x69, 0x72, - 0x65, 0x63, 0x74, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x18, 0x15, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, - 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x44, 0x69, 0x72, - 0x65, 0x63, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x52, 0x0e, 0x64, 0x69, 0x72, - 0x65, 0x63, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x39, 0x0a, 0x08, 0x64, - 0x65, 0x6c, 0x65, 0x67, 0x61, 0x74, 0x65, 0x18, 0x14, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, - 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, - 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x67, 0x61, 0x74, 0x65, 0x52, 0x08, 0x64, 0x65, - 0x6c, 0x65, 0x67, 0x61, 0x74, 0x65, 0x12, 0x3a, 0x0a, 0x07, 0x72, 0x65, 0x77, 0x72, 0x69, 0x74, - 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, - 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x54, - 0x54, 0x50, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x52, 0x07, 0x72, 0x65, 0x77, 0x72, 0x69, - 0x74, 0x65, 0x12, 0x33, 0x0a, 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x06, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07, - 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x38, 0x0a, 0x07, 0x72, 0x65, 0x74, 0x72, 0x69, - 0x65, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x48, - 0x54, 0x54, 0x50, 0x52, 0x65, 0x74, 0x72, 0x79, 0x52, 0x07, 0x72, 0x65, 0x74, 0x72, 0x69, 0x65, - 0x73, 0x12, 0x3d, 0x0a, 0x05, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x27, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x46, 0x61, 0x75, 0x6c, 0x74, - 0x49, 0x6e, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x05, 0x66, 0x61, 0x75, 0x6c, 0x74, - 0x12, 0x38, 0x0a, 0x06, 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x20, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x52, 0x06, 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x3f, 0x0a, 0x07, 0x6d, 0x69, - 0x72, 0x72, 0x6f, 0x72, 0x73, 0x18, 0x16, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x73, - 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, - 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x50, 0x6f, 0x6c, 0x69, - 0x63, 0x79, 0x52, 0x07, 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x12, 0x47, 0x0a, 0x0e, 0x6d, - 0x69, 0x72, 0x72, 0x6f, 0x72, 0x5f, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x18, 0x12, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, - 0x65, 0x42, 0x02, 0x18, 0x01, 0x52, 0x0d, 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x50, 0x65, 0x72, - 0x63, 0x65, 0x6e, 0x74, 0x12, 0x49, 0x0a, 0x11, 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x5f, 0x70, - 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x61, 0x67, 0x65, 0x18, 0x13, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x1c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, - 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x52, 0x10, 0x6d, - 0x69, 0x72, 0x72, 0x6f, 0x72, 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x61, 0x67, 0x65, 0x12, - 0x40, 0x0a, 0x0b, 0x63, 0x6f, 0x72, 0x73, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x0a, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, - 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x6f, 0x72, 0x73, 0x50, - 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x0a, 0x63, 0x6f, 0x72, 0x73, 0x50, 0x6f, 0x6c, 0x69, 0x63, - 0x79, 0x12, 0x36, 0x0a, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x10, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, - 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, - 0x52, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x4a, 0x04, 0x08, 0x05, 0x10, 0x06, 0x4a, - 0x04, 0x08, 0x0b, 0x10, 0x10, 0x52, 0x11, 0x77, 0x65, 0x62, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, - 0x5f, 0x75, 0x70, 0x67, 0x72, 0x61, 0x64, 0x65, 0x52, 0x0e, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, - 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x52, 0x17, 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, - 0x5f, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, - 0x73, 0x52, 0x17, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, - 0x73, 0x65, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x52, 0x16, 0x72, 0x65, 0x6d, 0x6f, - 0x76, 0x65, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, - 0x72, 0x73, 0x52, 0x16, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x22, 0x3c, 0x0a, 0x08, 0x44, 0x65, - 0x6c, 0x65, 0x67, 0x61, 0x74, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x61, - 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, - 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x22, 0xce, 0x03, 0x0a, 0x07, 0x48, 0x65, 0x61, - 0x64, 0x65, 0x72, 0x73, 0x12, 0x47, 0x0a, 0x07, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, - 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x64, - 0x65, 0x72, 0x73, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x49, 0x0a, - 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x2d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, - 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x2e, 0x48, 0x65, - 0x61, 0x64, 0x65, 0x72, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x08, - 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x1a, 0xae, 0x02, 0x0a, 0x10, 0x48, 0x65, 0x61, - 0x64, 0x65, 0x72, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x48, 0x0a, - 0x03, 0x73, 0x65, 0x74, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x69, 0x73, 0x74, - 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, - 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4f, - 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x53, 0x65, 0x74, 0x45, 0x6e, 0x74, - 0x72, 0x79, 0x52, 0x03, 0x73, 0x65, 0x74, 0x12, 0x48, 0x0a, 0x03, 0x61, 0x64, 0x64, 0x18, 0x02, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, - 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, - 0x72, 0x73, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x73, 0x2e, 0x41, 0x64, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x61, 0x64, - 0x64, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x18, 0x03, 0x20, 0x03, 0x28, - 0x09, 0x52, 0x06, 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x1a, 0x36, 0x0a, 0x08, 0x53, 0x65, 0x74, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, - 0x01, 0x1a, 0x36, 0x0a, 0x08, 0x41, 0x64, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, - 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, - 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x8b, 0x01, 0x0a, 0x08, 0x54, 0x4c, - 0x53, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x42, 0x0a, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x18, - 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, - 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x4c, 0x53, 0x4d, - 0x61, 0x74, 0x63, 0x68, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x42, 0x03, - 0xe0, 0x41, 0x02, 0x52, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x3b, 0x0a, 0x05, 0x72, 0x6f, - 0x75, 0x74, 0x65, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x73, 0x74, 0x69, - 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, - 0x52, 0x6f, 0x75, 0x74, 0x65, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x52, 0x05, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x22, 0x85, 0x01, 0x0a, 0x08, 0x54, 0x43, 0x50, 0x52, - 0x6f, 0x75, 0x74, 0x65, 0x12, 0x3c, 0x0a, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x01, 0x20, - 0x03, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, - 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x34, 0x4d, 0x61, 0x74, 0x63, - 0x68, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x52, 0x05, 0x6d, 0x61, 0x74, - 0x63, 0x68, 0x12, 0x3b, 0x0a, 0x05, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x18, 0x02, 0x20, 0x03, 0x28, - 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, - 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x44, 0x65, 0x73, - 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x05, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x22, - 0x83, 0x09, 0x0a, 0x10, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0b, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x32, 0x0a, 0x03, 0x75, 0x72, 0x69, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, - 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x74, 0x72, 0x69, - 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x03, 0x75, 0x72, 0x69, 0x12, 0x38, 0x0a, 0x06, - 0x73, 0x63, 0x68, 0x65, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, - 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, - 0x76, 0x31, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x06, - 0x73, 0x63, 0x68, 0x65, 0x6d, 0x65, 0x12, 0x38, 0x0a, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, - 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, - 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x74, 0x72, - 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, - 0x12, 0x3e, 0x0a, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, 0x04, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, - 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, - 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, - 0x12, 0x4c, 0x0a, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, - 0x0b, 0x32, 0x32, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, - 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, - 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x12, - 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x70, 0x6f, - 0x72, 0x74, 0x12, 0x5c, 0x0a, 0x0d, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x6c, 0x61, 0x62, - 0x65, 0x6c, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x37, 0x2e, 0x69, 0x73, 0x74, 0x69, - 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, - 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x2e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, - 0x72, 0x79, 0x52, 0x0c, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, - 0x12, 0x1a, 0x0a, 0x08, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x73, 0x18, 0x08, 0x20, 0x03, - 0x28, 0x09, 0x52, 0x08, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x73, 0x12, 0x59, 0x0a, 0x0c, - 0x71, 0x75, 0x65, 0x72, 0x79, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x18, 0x09, 0x20, 0x03, - 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, - 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, - 0x63, 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, - 0x61, 0x72, 0x61, 0x6d, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0b, 0x71, 0x75, 0x65, 0x72, - 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x12, 0x26, 0x0a, 0x0f, 0x69, 0x67, 0x6e, 0x6f, 0x72, - 0x65, 0x5f, 0x75, 0x72, 0x69, 0x5f, 0x63, 0x61, 0x73, 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08, - 0x52, 0x0d, 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65, 0x55, 0x72, 0x69, 0x43, 0x61, 0x73, 0x65, 0x12, - 0x62, 0x0a, 0x0f, 0x77, 0x69, 0x74, 0x68, 0x6f, 0x75, 0x74, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, - 0x72, 0x73, 0x18, 0x0c, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x48, - 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, - 0x57, 0x69, 0x74, 0x68, 0x6f, 0x75, 0x74, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x45, 0x6e, - 0x74, 0x72, 0x79, 0x52, 0x0e, 0x77, 0x69, 0x74, 0x68, 0x6f, 0x75, 0x74, 0x48, 0x65, 0x61, 0x64, - 0x65, 0x72, 0x73, 0x12, 0x29, 0x0a, 0x10, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x6e, 0x61, - 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x73, - 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x1f, - 0x0a, 0x0b, 0x73, 0x74, 0x61, 0x74, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x0e, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x0a, 0x73, 0x74, 0x61, 0x74, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x1a, - 0x5c, 0x0a, 0x0c, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, - 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, - 0x79, 0x12, 0x36, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x20, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, - 0x63, 0x68, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x3f, 0x0a, - 0x11, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, - 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x60, - 0x0a, 0x10, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x45, 0x6e, 0x74, - 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x03, 0x6b, 0x65, 0x79, 0x12, 0x36, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, - 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, - 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, - 0x1a, 0x63, 0x0a, 0x13, 0x57, 0x69, 0x74, 0x68, 0x6f, 0x75, 0x74, 0x48, 0x65, 0x61, 0x64, 0x65, - 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x36, 0x0a, 0x05, 0x76, 0x61, 0x6c, - 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x53, - 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, - 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x97, 0x02, 0x0a, 0x14, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, - 0x75, 0x74, 0x65, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x47, - 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, - 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x74, - 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, - 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x12, - 0x36, 0x0a, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x1c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x52, 0x07, - 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x4a, 0x04, 0x08, 0x03, 0x10, 0x07, 0x52, 0x17, 0x72, - 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x5f, 0x68, - 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x52, 0x17, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x5f, 0x72, - 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x52, - 0x16, 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, - 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x52, 0x16, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x5f, - 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x22, - 0x73, 0x0a, 0x10, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x12, 0x47, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x44, - 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, - 0x0b, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x06, - 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x77, 0x65, - 0x69, 0x67, 0x68, 0x74, 0x22, 0xe4, 0x02, 0x0a, 0x11, 0x4c, 0x34, 0x4d, 0x61, 0x74, 0x63, 0x68, - 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x12, 0x2f, 0x0a, 0x13, 0x64, 0x65, - 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x75, 0x62, 0x6e, 0x65, 0x74, - 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x12, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x75, 0x62, 0x6e, 0x65, 0x74, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x70, - 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, - 0x23, 0x0a, 0x0d, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x73, 0x75, 0x62, 0x6e, 0x65, 0x74, - 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x53, 0x75, - 0x62, 0x6e, 0x65, 0x74, 0x12, 0x5d, 0x0a, 0x0d, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x6c, - 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x69, 0x73, - 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, - 0x31, 0x2e, 0x4c, 0x34, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, - 0x74, 0x65, 0x73, 0x2e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0c, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4c, 0x61, 0x62, - 0x65, 0x6c, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x73, 0x18, - 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x73, 0x12, - 0x29, 0x0a, 0x10, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, - 0x61, 0x63, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x73, 0x6f, 0x75, 0x72, 0x63, - 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x1a, 0x3f, 0x0a, 0x11, 0x53, 0x6f, - 0x75, 0x72, 0x63, 0x65, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, - 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, - 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xf8, 0x02, 0x0a, 0x12, - 0x54, 0x4c, 0x53, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, - 0x65, 0x73, 0x12, 0x20, 0x0a, 0x09, 0x73, 0x6e, 0x69, 0x5f, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x18, - 0x01, 0x20, 0x03, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x08, 0x73, 0x6e, 0x69, 0x48, - 0x6f, 0x73, 0x74, 0x73, 0x12, 0x2f, 0x0a, 0x13, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x75, 0x62, 0x6e, 0x65, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, - 0x09, 0x52, 0x12, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x75, - 0x62, 0x6e, 0x65, 0x74, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x03, 0x20, - 0x01, 0x28, 0x0d, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x5e, 0x0a, 0x0d, 0x73, 0x6f, 0x75, - 0x72, 0x63, 0x65, 0x5f, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x39, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x4c, 0x53, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x41, - 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, - 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0c, 0x73, 0x6f, 0x75, - 0x72, 0x63, 0x65, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x67, 0x61, 0x74, - 0x65, 0x77, 0x61, 0x79, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x67, 0x61, 0x74, - 0x65, 0x77, 0x61, 0x79, 0x73, 0x12, 0x29, 0x0a, 0x10, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, - 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x0f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, - 0x1a, 0x3f, 0x0a, 0x11, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, - 0x01, 0x4a, 0x04, 0x08, 0x04, 0x10, 0x05, 0x52, 0x0d, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, - 0x73, 0x75, 0x62, 0x6e, 0x65, 0x74, 0x22, 0xc9, 0x02, 0x0a, 0x0c, 0x48, 0x54, 0x54, 0x50, 0x52, - 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x69, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x69, 0x12, 0x1c, 0x0a, 0x09, 0x61, 0x75, 0x74, - 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x61, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x14, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, - 0x04, 0x20, 0x01, 0x28, 0x0d, 0x48, 0x00, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x5a, 0x0a, - 0x0b, 0x64, 0x65, 0x72, 0x69, 0x76, 0x65, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x05, 0x20, 0x01, - 0x28, 0x0e, 0x32, 0x37, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, - 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x65, 0x64, - 0x69, 0x72, 0x65, 0x63, 0x74, 0x2e, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x50, 0x6f, - 0x72, 0x74, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x00, 0x52, 0x0a, 0x64, - 0x65, 0x72, 0x69, 0x76, 0x65, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x63, 0x68, - 0x65, 0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, - 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x5f, 0x63, 0x6f, - 0x64, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0c, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, - 0x63, 0x74, 0x43, 0x6f, 0x64, 0x65, 0x22, 0x49, 0x0a, 0x15, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, - 0x63, 0x74, 0x50, 0x6f, 0x72, 0x74, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, - 0x19, 0x0a, 0x15, 0x46, 0x52, 0x4f, 0x4d, 0x5f, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c, - 0x5f, 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x00, 0x12, 0x15, 0x0a, 0x11, 0x46, 0x52, - 0x4f, 0x4d, 0x5f, 0x52, 0x45, 0x51, 0x55, 0x45, 0x53, 0x54, 0x5f, 0x50, 0x4f, 0x52, 0x54, 0x10, - 0x01, 0x42, 0x0f, 0x0a, 0x0d, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x5f, 0x70, 0x6f, - 0x72, 0x74, 0x22, 0x64, 0x0a, 0x12, 0x48, 0x54, 0x54, 0x50, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, - 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1b, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, - 0x75, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x06, 0x73, - 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x31, 0x0a, 0x04, 0x62, 0x6f, 0x64, 0x79, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, - 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x42, 0x6f, - 0x64, 0x79, 0x52, 0x04, 0x62, 0x6f, 0x64, 0x79, 0x22, 0x49, 0x0a, 0x08, 0x48, 0x54, 0x54, 0x50, - 0x42, 0x6f, 0x64, 0x79, 0x12, 0x18, 0x0a, 0x06, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x06, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x12, 0x16, - 0x0a, 0x05, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x48, 0x00, 0x52, - 0x05, 0x62, 0x79, 0x74, 0x65, 0x73, 0x42, 0x0b, 0x0a, 0x09, 0x73, 0x70, 0x65, 0x63, 0x69, 0x66, - 0x69, 0x65, 0x72, 0x22, 0x8c, 0x01, 0x0a, 0x0b, 0x48, 0x54, 0x54, 0x50, 0x52, 0x65, 0x77, 0x72, - 0x69, 0x74, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x69, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x03, 0x75, 0x72, 0x69, 0x12, 0x1c, 0x0a, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, - 0x74, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, - 0x69, 0x74, 0x79, 0x12, 0x4d, 0x0a, 0x11, 0x75, 0x72, 0x69, 0x5f, 0x72, 0x65, 0x67, 0x65, 0x78, - 0x5f, 0x72, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, - 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, - 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x67, 0x65, 0x78, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, - 0x65, 0x52, 0x0f, 0x75, 0x72, 0x69, 0x52, 0x65, 0x67, 0x65, 0x78, 0x52, 0x65, 0x77, 0x72, 0x69, - 0x74, 0x65, 0x22, 0x3e, 0x0a, 0x0c, 0x52, 0x65, 0x67, 0x65, 0x78, 0x52, 0x65, 0x77, 0x72, 0x69, - 0x74, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x18, 0x0a, 0x07, 0x72, 0x65, 0x77, 0x72, - 0x69, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x72, 0x65, 0x77, 0x72, 0x69, - 0x74, 0x65, 0x22, 0x65, 0x0a, 0x0b, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, - 0x68, 0x12, 0x16, 0x0a, 0x05, 0x65, 0x78, 0x61, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x48, 0x00, 0x52, 0x05, 0x65, 0x78, 0x61, 0x63, 0x74, 0x12, 0x18, 0x0a, 0x06, 0x70, 0x72, 0x65, - 0x66, 0x69, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x06, 0x70, 0x72, 0x65, - 0x66, 0x69, 0x78, 0x12, 0x16, 0x0a, 0x05, 0x72, 0x65, 0x67, 0x65, 0x78, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x09, 0x48, 0x00, 0x52, 0x05, 0x72, 0x65, 0x67, 0x65, 0x78, 0x42, 0x0c, 0x0a, 0x0a, 0x6d, - 0x61, 0x74, 0x63, 0x68, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x22, 0xd9, 0x01, 0x0a, 0x09, 0x48, 0x54, - 0x54, 0x50, 0x52, 0x65, 0x74, 0x72, 0x79, 0x12, 0x1a, 0x0a, 0x08, 0x61, 0x74, 0x74, 0x65, 0x6d, - 0x70, 0x74, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x08, 0x61, 0x74, 0x74, 0x65, 0x6d, - 0x70, 0x74, 0x73, 0x12, 0x41, 0x0a, 0x0f, 0x70, 0x65, 0x72, 0x5f, 0x74, 0x72, 0x79, 0x5f, 0x74, - 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, - 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0d, 0x70, 0x65, 0x72, 0x54, 0x72, 0x79, 0x54, - 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x19, 0x0a, 0x08, 0x72, 0x65, 0x74, 0x72, 0x79, 0x5f, - 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x72, 0x65, 0x74, 0x72, 0x79, 0x4f, - 0x6e, 0x12, 0x52, 0x0a, 0x17, 0x72, 0x65, 0x74, 0x72, 0x79, 0x5f, 0x72, 0x65, 0x6d, 0x6f, 0x74, - 0x65, 0x5f, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x69, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x15, - 0x72, 0x65, 0x74, 0x72, 0x79, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, - 0x69, 0x74, 0x69, 0x65, 0x73, 0x22, 0x91, 0x04, 0x0a, 0x0a, 0x43, 0x6f, 0x72, 0x73, 0x50, 0x6f, - 0x6c, 0x69, 0x63, 0x79, 0x12, 0x25, 0x0a, 0x0c, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x6f, 0x72, - 0x69, 0x67, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x42, 0x02, 0x18, 0x01, 0x52, 0x0b, - 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x4f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x12, 0x45, 0x0a, 0x0d, 0x61, - 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x73, 0x18, 0x07, 0x20, 0x03, - 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, - 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, - 0x61, 0x74, 0x63, 0x68, 0x52, 0x0c, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x4f, 0x72, 0x69, 0x67, 0x69, - 0x6e, 0x73, 0x12, 0x23, 0x0a, 0x0d, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x6d, 0x65, 0x74, 0x68, - 0x6f, 0x64, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x61, 0x6c, 0x6c, 0x6f, 0x77, - 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x73, 0x12, 0x23, 0x0a, 0x0d, 0x61, 0x6c, 0x6c, 0x6f, 0x77, - 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, - 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x25, 0x0a, 0x0e, - 0x65, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x04, - 0x20, 0x03, 0x28, 0x09, 0x52, 0x0d, 0x65, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x48, 0x65, 0x61, 0x64, - 0x65, 0x72, 0x73, 0x12, 0x32, 0x0a, 0x07, 0x6d, 0x61, 0x78, 0x5f, 0x61, 0x67, 0x65, 0x18, 0x05, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, - 0x06, 0x6d, 0x61, 0x78, 0x41, 0x67, 0x65, 0x12, 0x47, 0x0a, 0x11, 0x61, 0x6c, 0x6c, 0x6f, 0x77, - 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x18, 0x06, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x10, - 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, - 0x12, 0x66, 0x0a, 0x14, 0x75, 0x6e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x64, 0x5f, 0x70, 0x72, - 0x65, 0x66, 0x6c, 0x69, 0x67, 0x68, 0x74, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x33, - 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, - 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x6f, 0x72, 0x73, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, - 0x55, 0x6e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x64, 0x50, 0x72, 0x65, 0x66, 0x6c, 0x69, 0x67, - 0x68, 0x74, 0x73, 0x52, 0x13, 0x75, 0x6e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x64, 0x50, 0x72, - 0x65, 0x66, 0x6c, 0x69, 0x67, 0x68, 0x74, 0x73, 0x22, 0x3f, 0x0a, 0x13, 0x55, 0x6e, 0x6d, 0x61, - 0x74, 0x63, 0x68, 0x65, 0x64, 0x50, 0x72, 0x65, 0x66, 0x6c, 0x69, 0x67, 0x68, 0x74, 0x73, 0x12, - 0x0f, 0x0a, 0x0b, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, - 0x12, 0x0b, 0x0a, 0x07, 0x46, 0x4f, 0x52, 0x57, 0x41, 0x52, 0x44, 0x10, 0x01, 0x12, 0x0a, 0x0a, - 0x06, 0x49, 0x47, 0x4e, 0x4f, 0x52, 0x45, 0x10, 0x02, 0x22, 0xed, 0x04, 0x0a, 0x12, 0x48, 0x54, - 0x54, 0x50, 0x46, 0x61, 0x75, 0x6c, 0x74, 0x49, 0x6e, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, - 0x12, 0x43, 0x0a, 0x05, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x2d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, - 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x46, 0x61, 0x75, 0x6c, 0x74, 0x49, - 0x6e, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x44, 0x65, 0x6c, 0x61, 0x79, 0x52, 0x05, - 0x64, 0x65, 0x6c, 0x61, 0x79, 0x12, 0x43, 0x0a, 0x05, 0x61, 0x62, 0x6f, 0x72, 0x74, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, - 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x46, - 0x61, 0x75, 0x6c, 0x74, 0x49, 0x6e, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x41, 0x62, - 0x6f, 0x72, 0x74, 0x52, 0x05, 0x61, 0x62, 0x6f, 0x72, 0x74, 0x1a, 0xfe, 0x01, 0x0a, 0x05, 0x44, - 0x65, 0x6c, 0x61, 0x79, 0x12, 0x1c, 0x0a, 0x07, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x05, 0x42, 0x02, 0x18, 0x01, 0x52, 0x07, 0x70, 0x65, 0x72, 0x63, 0x65, - 0x6e, 0x74, 0x12, 0x3c, 0x0a, 0x0b, 0x66, 0x69, 0x78, 0x65, 0x64, 0x5f, 0x64, 0x65, 0x6c, 0x61, - 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x48, 0x00, 0x52, 0x0a, 0x66, 0x69, 0x78, 0x65, 0x64, 0x44, 0x65, 0x6c, 0x61, 0x79, - 0x12, 0x48, 0x0a, 0x11, 0x65, 0x78, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, - 0x64, 0x65, 0x6c, 0x61, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, - 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x00, 0x52, 0x10, 0x65, 0x78, 0x70, 0x6f, 0x6e, 0x65, - 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x44, 0x65, 0x6c, 0x61, 0x79, 0x12, 0x3c, 0x0a, 0x0a, 0x70, 0x65, - 0x72, 0x63, 0x65, 0x6e, 0x74, 0x61, 0x67, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, - 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, - 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x52, 0x0a, 0x70, 0x65, - 0x72, 0x63, 0x65, 0x6e, 0x74, 0x61, 0x67, 0x65, 0x42, 0x11, 0x0a, 0x0f, 0x68, 0x74, 0x74, 0x70, - 0x5f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x1a, 0xcb, 0x01, 0x0a, 0x05, - 0x41, 0x62, 0x6f, 0x72, 0x74, 0x12, 0x21, 0x0a, 0x0b, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x73, 0x74, - 0x61, 0x74, 0x75, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x48, 0x00, 0x52, 0x0a, 0x68, 0x74, - 0x74, 0x70, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x21, 0x0a, 0x0b, 0x67, 0x72, 0x70, 0x63, - 0x5f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, - 0x0a, 0x67, 0x72, 0x70, 0x63, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x21, 0x0a, 0x0b, 0x68, - 0x74, 0x74, 0x70, 0x32, 0x5f, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, - 0x48, 0x00, 0x52, 0x0a, 0x68, 0x74, 0x74, 0x70, 0x32, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x3c, - 0x0a, 0x0a, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x61, 0x67, 0x65, 0x18, 0x05, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, - 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, - 0x52, 0x0a, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x61, 0x67, 0x65, 0x42, 0x0c, 0x0a, 0x0a, - 0x65, 0x72, 0x72, 0x6f, 0x72, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x4a, 0x04, 0x08, 0x01, 0x10, 0x02, - 0x52, 0x07, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x22, 0x99, 0x01, 0x0a, 0x10, 0x48, 0x54, - 0x54, 0x50, 0x4d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x47, - 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, - 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x74, - 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x3c, 0x0a, 0x0a, 0x70, 0x65, 0x72, 0x63, 0x65, - 0x6e, 0x74, 0x61, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x69, 0x73, - 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, - 0x31, 0x2e, 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x52, 0x0a, 0x70, 0x65, 0x72, 0x63, 0x65, - 0x6e, 0x74, 0x61, 0x67, 0x65, 0x22, 0x32, 0x0a, 0x0c, 0x50, 0x6f, 0x72, 0x74, 0x53, 0x65, 0x6c, - 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x16, 0x0a, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x4a, 0x04, 0x08, - 0x02, 0x10, 0x03, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x1f, 0x0a, 0x07, 0x50, 0x65, 0x72, - 0x63, 0x65, 0x6e, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x01, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x42, 0x1c, 0x5a, 0x1a, 0x69, 0x73, - 0x74, 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6e, 0x65, 0x74, 0x77, 0x6f, - 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} - -var ( - file_networking_v1_virtual_service_proto_rawDescOnce sync.Once - file_networking_v1_virtual_service_proto_rawDescData = file_networking_v1_virtual_service_proto_rawDesc -) - -func file_networking_v1_virtual_service_proto_rawDescGZIP() []byte { - file_networking_v1_virtual_service_proto_rawDescOnce.Do(func() { - file_networking_v1_virtual_service_proto_rawDescData = protoimpl.X.CompressGZIP(file_networking_v1_virtual_service_proto_rawDescData) - }) - return file_networking_v1_virtual_service_proto_rawDescData -} - -var file_networking_v1_virtual_service_proto_enumTypes = make([]protoimpl.EnumInfo, 2) -var file_networking_v1_virtual_service_proto_msgTypes = make([]protoimpl.MessageInfo, 35) -var file_networking_v1_virtual_service_proto_goTypes = []interface{}{ - (HTTPRedirect_RedirectPortSelection)(0), // 0: istio.networking.v1.HTTPRedirect.RedirectPortSelection - (CorsPolicy_UnmatchedPreflights)(0), // 1: istio.networking.v1.CorsPolicy.UnmatchedPreflights - (*VirtualService)(nil), // 2: istio.networking.v1.VirtualService - (*Destination)(nil), // 3: istio.networking.v1.Destination - (*HTTPRoute)(nil), // 4: istio.networking.v1.HTTPRoute - (*Delegate)(nil), // 5: istio.networking.v1.Delegate - (*Headers)(nil), // 6: istio.networking.v1.Headers - (*TLSRoute)(nil), // 7: istio.networking.v1.TLSRoute - (*TCPRoute)(nil), // 8: istio.networking.v1.TCPRoute - (*HTTPMatchRequest)(nil), // 9: istio.networking.v1.HTTPMatchRequest - (*HTTPRouteDestination)(nil), // 10: istio.networking.v1.HTTPRouteDestination - (*RouteDestination)(nil), // 11: istio.networking.v1.RouteDestination - (*L4MatchAttributes)(nil), // 12: istio.networking.v1.L4MatchAttributes - (*TLSMatchAttributes)(nil), // 13: istio.networking.v1.TLSMatchAttributes - (*HTTPRedirect)(nil), // 14: istio.networking.v1.HTTPRedirect - (*HTTPDirectResponse)(nil), // 15: istio.networking.v1.HTTPDirectResponse - (*HTTPBody)(nil), // 16: istio.networking.v1.HTTPBody - (*HTTPRewrite)(nil), // 17: istio.networking.v1.HTTPRewrite - (*RegexRewrite)(nil), // 18: istio.networking.v1.RegexRewrite - (*StringMatch)(nil), // 19: istio.networking.v1.StringMatch - (*HTTPRetry)(nil), // 20: istio.networking.v1.HTTPRetry - (*CorsPolicy)(nil), // 21: istio.networking.v1.CorsPolicy - (*HTTPFaultInjection)(nil), // 22: istio.networking.v1.HTTPFaultInjection - (*HTTPMirrorPolicy)(nil), // 23: istio.networking.v1.HTTPMirrorPolicy - (*PortSelector)(nil), // 24: istio.networking.v1.PortSelector - (*Percent)(nil), // 25: istio.networking.v1.Percent - (*Headers_HeaderOperations)(nil), // 26: istio.networking.v1.Headers.HeaderOperations - nil, // 27: istio.networking.v1.Headers.HeaderOperations.SetEntry - nil, // 28: istio.networking.v1.Headers.HeaderOperations.AddEntry - nil, // 29: istio.networking.v1.HTTPMatchRequest.HeadersEntry - nil, // 30: istio.networking.v1.HTTPMatchRequest.SourceLabelsEntry - nil, // 31: istio.networking.v1.HTTPMatchRequest.QueryParamsEntry - nil, // 32: istio.networking.v1.HTTPMatchRequest.WithoutHeadersEntry - nil, // 33: istio.networking.v1.L4MatchAttributes.SourceLabelsEntry - nil, // 34: istio.networking.v1.TLSMatchAttributes.SourceLabelsEntry - (*HTTPFaultInjection_Delay)(nil), // 35: istio.networking.v1.HTTPFaultInjection.Delay - (*HTTPFaultInjection_Abort)(nil), // 36: istio.networking.v1.HTTPFaultInjection.Abort - (*duration.Duration)(nil), // 37: google.protobuf.Duration - (*wrappers.UInt32Value)(nil), // 38: google.protobuf.UInt32Value - (*wrappers.BoolValue)(nil), // 39: google.protobuf.BoolValue -} -var file_networking_v1_virtual_service_proto_depIdxs = []int32{ - 4, // 0: istio.networking.v1.VirtualService.http:type_name -> istio.networking.v1.HTTPRoute - 7, // 1: istio.networking.v1.VirtualService.tls:type_name -> istio.networking.v1.TLSRoute - 8, // 2: istio.networking.v1.VirtualService.tcp:type_name -> istio.networking.v1.TCPRoute - 24, // 3: istio.networking.v1.Destination.port:type_name -> istio.networking.v1.PortSelector - 9, // 4: istio.networking.v1.HTTPRoute.match:type_name -> istio.networking.v1.HTTPMatchRequest - 10, // 5: istio.networking.v1.HTTPRoute.route:type_name -> istio.networking.v1.HTTPRouteDestination - 14, // 6: istio.networking.v1.HTTPRoute.redirect:type_name -> istio.networking.v1.HTTPRedirect - 15, // 7: istio.networking.v1.HTTPRoute.direct_response:type_name -> istio.networking.v1.HTTPDirectResponse - 5, // 8: istio.networking.v1.HTTPRoute.delegate:type_name -> istio.networking.v1.Delegate - 17, // 9: istio.networking.v1.HTTPRoute.rewrite:type_name -> istio.networking.v1.HTTPRewrite - 37, // 10: istio.networking.v1.HTTPRoute.timeout:type_name -> google.protobuf.Duration - 20, // 11: istio.networking.v1.HTTPRoute.retries:type_name -> istio.networking.v1.HTTPRetry - 22, // 12: istio.networking.v1.HTTPRoute.fault:type_name -> istio.networking.v1.HTTPFaultInjection - 3, // 13: istio.networking.v1.HTTPRoute.mirror:type_name -> istio.networking.v1.Destination - 23, // 14: istio.networking.v1.HTTPRoute.mirrors:type_name -> istio.networking.v1.HTTPMirrorPolicy - 38, // 15: istio.networking.v1.HTTPRoute.mirror_percent:type_name -> google.protobuf.UInt32Value - 25, // 16: istio.networking.v1.HTTPRoute.mirror_percentage:type_name -> istio.networking.v1.Percent - 21, // 17: istio.networking.v1.HTTPRoute.cors_policy:type_name -> istio.networking.v1.CorsPolicy - 6, // 18: istio.networking.v1.HTTPRoute.headers:type_name -> istio.networking.v1.Headers - 26, // 19: istio.networking.v1.Headers.request:type_name -> istio.networking.v1.Headers.HeaderOperations - 26, // 20: istio.networking.v1.Headers.response:type_name -> istio.networking.v1.Headers.HeaderOperations - 13, // 21: istio.networking.v1.TLSRoute.match:type_name -> istio.networking.v1.TLSMatchAttributes - 11, // 22: istio.networking.v1.TLSRoute.route:type_name -> istio.networking.v1.RouteDestination - 12, // 23: istio.networking.v1.TCPRoute.match:type_name -> istio.networking.v1.L4MatchAttributes - 11, // 24: istio.networking.v1.TCPRoute.route:type_name -> istio.networking.v1.RouteDestination - 19, // 25: istio.networking.v1.HTTPMatchRequest.uri:type_name -> istio.networking.v1.StringMatch - 19, // 26: istio.networking.v1.HTTPMatchRequest.scheme:type_name -> istio.networking.v1.StringMatch - 19, // 27: istio.networking.v1.HTTPMatchRequest.method:type_name -> istio.networking.v1.StringMatch - 19, // 28: istio.networking.v1.HTTPMatchRequest.authority:type_name -> istio.networking.v1.StringMatch - 29, // 29: istio.networking.v1.HTTPMatchRequest.headers:type_name -> istio.networking.v1.HTTPMatchRequest.HeadersEntry - 30, // 30: istio.networking.v1.HTTPMatchRequest.source_labels:type_name -> istio.networking.v1.HTTPMatchRequest.SourceLabelsEntry - 31, // 31: istio.networking.v1.HTTPMatchRequest.query_params:type_name -> istio.networking.v1.HTTPMatchRequest.QueryParamsEntry - 32, // 32: istio.networking.v1.HTTPMatchRequest.without_headers:type_name -> istio.networking.v1.HTTPMatchRequest.WithoutHeadersEntry - 3, // 33: istio.networking.v1.HTTPRouteDestination.destination:type_name -> istio.networking.v1.Destination - 6, // 34: istio.networking.v1.HTTPRouteDestination.headers:type_name -> istio.networking.v1.Headers - 3, // 35: istio.networking.v1.RouteDestination.destination:type_name -> istio.networking.v1.Destination - 33, // 36: istio.networking.v1.L4MatchAttributes.source_labels:type_name -> istio.networking.v1.L4MatchAttributes.SourceLabelsEntry - 34, // 37: istio.networking.v1.TLSMatchAttributes.source_labels:type_name -> istio.networking.v1.TLSMatchAttributes.SourceLabelsEntry - 0, // 38: istio.networking.v1.HTTPRedirect.derive_port:type_name -> istio.networking.v1.HTTPRedirect.RedirectPortSelection - 16, // 39: istio.networking.v1.HTTPDirectResponse.body:type_name -> istio.networking.v1.HTTPBody - 18, // 40: istio.networking.v1.HTTPRewrite.uri_regex_rewrite:type_name -> istio.networking.v1.RegexRewrite - 37, // 41: istio.networking.v1.HTTPRetry.per_try_timeout:type_name -> google.protobuf.Duration - 39, // 42: istio.networking.v1.HTTPRetry.retry_remote_localities:type_name -> google.protobuf.BoolValue - 19, // 43: istio.networking.v1.CorsPolicy.allow_origins:type_name -> istio.networking.v1.StringMatch - 37, // 44: istio.networking.v1.CorsPolicy.max_age:type_name -> google.protobuf.Duration - 39, // 45: istio.networking.v1.CorsPolicy.allow_credentials:type_name -> google.protobuf.BoolValue - 1, // 46: istio.networking.v1.CorsPolicy.unmatched_preflights:type_name -> istio.networking.v1.CorsPolicy.UnmatchedPreflights - 35, // 47: istio.networking.v1.HTTPFaultInjection.delay:type_name -> istio.networking.v1.HTTPFaultInjection.Delay - 36, // 48: istio.networking.v1.HTTPFaultInjection.abort:type_name -> istio.networking.v1.HTTPFaultInjection.Abort - 3, // 49: istio.networking.v1.HTTPMirrorPolicy.destination:type_name -> istio.networking.v1.Destination - 25, // 50: istio.networking.v1.HTTPMirrorPolicy.percentage:type_name -> istio.networking.v1.Percent - 27, // 51: istio.networking.v1.Headers.HeaderOperations.set:type_name -> istio.networking.v1.Headers.HeaderOperations.SetEntry - 28, // 52: istio.networking.v1.Headers.HeaderOperations.add:type_name -> istio.networking.v1.Headers.HeaderOperations.AddEntry - 19, // 53: istio.networking.v1.HTTPMatchRequest.HeadersEntry.value:type_name -> istio.networking.v1.StringMatch - 19, // 54: istio.networking.v1.HTTPMatchRequest.QueryParamsEntry.value:type_name -> istio.networking.v1.StringMatch - 19, // 55: istio.networking.v1.HTTPMatchRequest.WithoutHeadersEntry.value:type_name -> istio.networking.v1.StringMatch - 37, // 56: istio.networking.v1.HTTPFaultInjection.Delay.fixed_delay:type_name -> google.protobuf.Duration - 37, // 57: istio.networking.v1.HTTPFaultInjection.Delay.exponential_delay:type_name -> google.protobuf.Duration - 25, // 58: istio.networking.v1.HTTPFaultInjection.Delay.percentage:type_name -> istio.networking.v1.Percent - 25, // 59: istio.networking.v1.HTTPFaultInjection.Abort.percentage:type_name -> istio.networking.v1.Percent - 60, // [60:60] is the sub-list for method output_type - 60, // [60:60] is the sub-list for method input_type - 60, // [60:60] is the sub-list for extension type_name - 60, // [60:60] is the sub-list for extension extendee - 0, // [0:60] is the sub-list for field type_name -} - -func init() { file_networking_v1_virtual_service_proto_init() } -func file_networking_v1_virtual_service_proto_init() { - if File_networking_v1_virtual_service_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_networking_v1_virtual_service_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*VirtualService); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_virtual_service_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Destination); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_virtual_service_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPRoute); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_virtual_service_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Delegate); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_virtual_service_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Headers); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_virtual_service_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TLSRoute); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_virtual_service_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TCPRoute); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_virtual_service_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPMatchRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_virtual_service_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPRouteDestination); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_virtual_service_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*RouteDestination); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_virtual_service_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*L4MatchAttributes); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_virtual_service_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TLSMatchAttributes); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_virtual_service_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPRedirect); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_virtual_service_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPDirectResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_virtual_service_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPBody); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_virtual_service_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPRewrite); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_virtual_service_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*RegexRewrite); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_virtual_service_proto_msgTypes[17].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*StringMatch); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_virtual_service_proto_msgTypes[18].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPRetry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_virtual_service_proto_msgTypes[19].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CorsPolicy); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_virtual_service_proto_msgTypes[20].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPFaultInjection); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_virtual_service_proto_msgTypes[21].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPMirrorPolicy); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_virtual_service_proto_msgTypes[22].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PortSelector); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_virtual_service_proto_msgTypes[23].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Percent); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_virtual_service_proto_msgTypes[24].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Headers_HeaderOperations); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_virtual_service_proto_msgTypes[33].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPFaultInjection_Delay); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_virtual_service_proto_msgTypes[34].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPFaultInjection_Abort); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - file_networking_v1_virtual_service_proto_msgTypes[12].OneofWrappers = []interface{}{ - (*HTTPRedirect_Port)(nil), - (*HTTPRedirect_DerivePort)(nil), - } - file_networking_v1_virtual_service_proto_msgTypes[14].OneofWrappers = []interface{}{ - (*HTTPBody_String_)(nil), - (*HTTPBody_Bytes)(nil), - } - file_networking_v1_virtual_service_proto_msgTypes[17].OneofWrappers = []interface{}{ - (*StringMatch_Exact)(nil), - (*StringMatch_Prefix)(nil), - (*StringMatch_Regex)(nil), - } - file_networking_v1_virtual_service_proto_msgTypes[33].OneofWrappers = []interface{}{ - (*HTTPFaultInjection_Delay_FixedDelay)(nil), - (*HTTPFaultInjection_Delay_ExponentialDelay)(nil), - } - file_networking_v1_virtual_service_proto_msgTypes[34].OneofWrappers = []interface{}{ - (*HTTPFaultInjection_Abort_HttpStatus)(nil), - (*HTTPFaultInjection_Abort_GrpcStatus)(nil), - (*HTTPFaultInjection_Abort_Http2Error)(nil), - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_networking_v1_virtual_service_proto_rawDesc, - NumEnums: 2, - NumMessages: 35, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_networking_v1_virtual_service_proto_goTypes, - DependencyIndexes: file_networking_v1_virtual_service_proto_depIdxs, - EnumInfos: file_networking_v1_virtual_service_proto_enumTypes, - MessageInfos: file_networking_v1_virtual_service_proto_msgTypes, - }.Build() - File_networking_v1_virtual_service_proto = out.File - file_networking_v1_virtual_service_proto_rawDesc = nil - file_networking_v1_virtual_service_proto_goTypes = nil - file_networking_v1_virtual_service_proto_depIdxs = nil -} diff --git a/networking/v1/virtual_service.proto b/networking/v1/virtual_service.proto deleted file mode 100644 index 27a47951540..00000000000 --- a/networking/v1/virtual_service.proto +++ /dev/null @@ -1,1518 +0,0 @@ -// Copyright 2020 Istio Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -import "google/api/field_behavior.proto"; -import "google/protobuf/duration.proto"; -import "google/protobuf/wrappers.proto"; - -// $schema: istio.networking.v1.VirtualService -// $title: Virtual Service -// $description: Configuration affecting label/content routing, sni routing, etc. -// $location: https://istio.io/docs/reference/config/networking/virtual-service.html -// $aliases: [/docs/reference/config/networking/v1/virtual-service] -// $mode: none - -// Configuration affecting traffic routing. Here are a few terms useful to define -// in the context of traffic routing. -// -// `Service` a unit of application behavior bound to a unique name in a -// service registry. Services consist of multiple network *endpoints* -// implemented by workload instances running on pods, containers, VMs etc. -// -// `Service versions (a.k.a. subsets)` - In a continuous deployment -// scenario, for a given service, there can be distinct subsets of -// instances running different variants of the application binary. These -// variants are not necessarily different API versions. They could be -// iterative changes to the same service, deployed in different -// environments (prod, staging, dev, etc.). Common scenarios where this -// occurs include A/B testing, canary rollouts, etc. The choice of a -// particular version can be decided based on various criterion (headers, -// url, etc.) and/or by weights assigned to each version. Each service has -// a default version consisting of all its instances. -// -// `Source` - A downstream client calling a service. -// -// `Host` - The address used by a client when attempting to connect to a -// service. -// -// `Access model` - Applications address only the destination service -// (Host) without knowledge of individual service versions (subsets). The -// actual choice of the version is determined by the proxy/sidecar, enabling the -// application code to decouple itself from the evolution of dependent -// services. -// -// A `VirtualService` defines a set of traffic routing rules to apply when a host is -// addressed. Each routing rule defines matching criteria for traffic of a specific -// protocol. If the traffic is matched, then it is sent to a named destination service -// (or subset/version of it) defined in the registry. -// -// The source of traffic can also be matched in a routing rule. This allows routing -// to be customized for specific client contexts. -// -// The following example on Kubernetes, routes all HTTP traffic by default to -// pods of the reviews service with label "version: v1". In addition, -// HTTP requests with path starting with /wpcatalog/ or /consumercatalog/ will -// be rewritten to /newcatalog and sent to pods with label "version: v2". -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: VirtualService -// metadata: -// name: reviews-route -// spec: -// hosts: -// - reviews.prod.svc.cluster.local -// http: -// - name: "reviews-v2-routes" -// match: -// - uri: -// prefix: "/wpcatalog" -// - uri: -// prefix: "/consumercatalog" -// rewrite: -// uri: "/newcatalog" -// route: -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v2 -// - name: "reviews-v1-route" -// route: -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v1 -// ``` -// -// A subset/version of a route destination is identified with a reference -// to a named service subset which must be declared in a corresponding -// `DestinationRule`. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: DestinationRule -// metadata: -// name: reviews-destination -// spec: -// host: reviews.prod.svc.cluster.local -// subsets: -// - name: v1 -// labels: -// version: v1 -// - name: v2 -// labels: -// version: v2 -// ``` -package istio.networking.v1; - -option go_package = "istio.io/api/networking/v1"; - -// Configuration affecting traffic routing. -// -// -// -message VirtualService { - // The destination hosts to which traffic is being sent. Could - // be a DNS name with wildcard prefix or an IP address. Depending on the - // platform, short-names can also be used instead of a FQDN (i.e. has no - // dots in the name). In such a scenario, the FQDN of the host would be - // derived based on the underlying platform. - // - // A single VirtualService can be used to describe all the traffic - // properties of the corresponding hosts, including those for multiple - // HTTP and TCP ports. Alternatively, the traffic properties of a host - // can be defined using more than one VirtualService, with certain - // caveats. Refer to the - // [Operations Guide](https://istio.io/docs/ops/best-practices/traffic-management/#split-virtual-services) - // for details. - // - // *Note for Kubernetes users*: When short names are used (e.g. "reviews" - // instead of "reviews.default.svc.cluster.local"), Istio will interpret - // the short name based on the namespace of the rule, not the service. A - // rule in the "default" namespace containing a host "reviews" will be - // interpreted as "reviews.default.svc.cluster.local", irrespective of - // the actual namespace associated with the reviews service. _To avoid - // potential misconfigurations, it is recommended to always use fully - // qualified domain names over short names._ - // - // The hosts field applies to both HTTP and TCP services. Service inside - // the mesh, i.e., those found in the service registry, must always be - // referred to using their alphanumeric names. IP addresses are allowed - // only for services defined via the Gateway. - // - // *Note*: It must be empty for a delegate VirtualService. - repeated string hosts = 1; - - // The names of gateways and sidecars that should apply these routes. - // Gateways in other namespaces may be referred to by - // `/`; specifying a gateway with no - // namespace qualifier is the same as specifying the VirtualService's - // namespace. A single VirtualService is used for sidecars inside the mesh as - // well as for one or more gateways. The selection condition imposed by this - // field can be overridden using the source field in the match conditions - // of protocol-specific routes. The reserved word `mesh` is used to imply - // all the sidecars in the mesh. When this field is omitted, the default - // gateway (`mesh`) will be used, which would apply the rule to all - // sidecars in the mesh. If a list of gateway names is provided, the - // rules will apply only to the gateways. To apply the rules to both - // gateways and sidecars, specify `mesh` as one of the gateway names. - repeated string gateways = 2; - - // An ordered list of route rules for HTTP traffic. HTTP routes will be - // applied to platform service ports using HTTP/HTTP2/GRPC protocols, gateway - // ports with protocol HTTP/HTTP2/GRPC/TLS-terminated-HTTPS and service - // entry ports using HTTP/HTTP2/GRPC protocols. The first rule matching - // an incoming request is used. - repeated HTTPRoute http = 3; - - // An ordered list of route rule for non-terminated TLS & HTTPS - // traffic. Routing is typically performed using the SNI value presented - // by the ClientHello message. TLS routes will be applied to platform - // service ports named 'https-*', 'tls-*', unterminated gateway ports using - // HTTPS/TLS protocols (i.e. with "passthrough" TLS mode) and service - // entry ports using HTTPS/TLS protocols. The first rule matching an - // incoming request is used. NOTE: Traffic 'https-*' or 'tls-*' ports - // without associated virtual service will be treated as opaque TCP - // traffic. - repeated TLSRoute tls = 5; - - // An ordered list of route rules for opaque TCP traffic. TCP routes will - // be applied to any port that is not a HTTP or TLS port. The first rule - // matching an incoming request is used. - repeated TCPRoute tcp = 4; - - // A list of namespaces to which this virtual service is exported. Exporting a - // virtual service allows it to be used by sidecars and gateways defined in - // other namespaces. This feature provides a mechanism for service owners - // and mesh administrators to control the visibility of virtual services - // across namespace boundaries. - // - // If no namespaces are specified then the virtual service is exported to all - // namespaces by default. - // - // The value "." is reserved and defines an export to the same namespace that - // the virtual service is declared in. Similarly the value "*" is reserved and - // defines an export to all namespaces. - repeated string export_to = 6; -} - -// Destination indicates the network addressable service to which the -// request/connection will be sent after processing a routing rule. The -// destination.host should unambiguously refer to a service in the service -// registry. Istio's service registry is composed of all the services found -// in the platform's service registry (e.g., Kubernetes services, Consul -// services), as well as services declared through the -// [ServiceEntry](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry) resource. -// -// *Note for Kubernetes users*: When short names are used (e.g. "reviews" -// instead of "reviews.default.svc.cluster.local"), Istio will interpret -// the short name based on the namespace of the rule, not the service. A -// rule in the "default" namespace containing a host "reviews" will be -// interpreted as "reviews.default.svc.cluster.local", irrespective of the -// actual namespace associated with the reviews service. _To avoid potential -// misconfigurations, it is recommended to always use fully qualified -// domain names over short names._ -// -// The following Kubernetes example routes all traffic by default to pods -// of the reviews service with label "version: v1" (i.e., subset v1), and -// some to subset v2, in a Kubernetes environment. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: reviews-route -// namespace: foo -// spec: -// hosts: -// - reviews # interpreted as reviews.foo.svc.cluster.local -// http: -// - match: -// - uri: -// prefix: "/wpcatalog" -// - uri: -// prefix: "/consumercatalog" -// rewrite: -// uri: "/newcatalog" -// route: -// - destination: -// host: reviews # interpreted as reviews.foo.svc.cluster.local -// subset: v2 -// - route: -// - destination: -// host: reviews # interpreted as reviews.foo.svc.cluster.local -// subset: v1 -// ``` -// -// And the associated DestinationRule -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: reviews-destination -// namespace: foo -// spec: -// host: reviews # interpreted as reviews.foo.svc.cluster.local -// subsets: -// - name: v1 -// labels: -// version: v1 -// - name: v2 -// labels: -// version: v2 -// ``` -// -// The following VirtualService sets a timeout of 5s for all calls to -// productpage.prod.svc.cluster.local service in Kubernetes. Notice that -// there are no subsets defined in this rule. Istio will fetch all -// instances of productpage.prod.svc.cluster.local service from the service -// registry and populate the sidecar's load balancing pool. Also, notice -// that this rule is set in the istio-system namespace but uses the fully -// qualified domain name of the productpage service, -// productpage.prod.svc.cluster.local. Therefore the rule's namespace does -// not have an impact in resolving the name of the productpage service. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: my-productpage-rule -// namespace: istio-system -// spec: -// hosts: -// - productpage.prod.svc.cluster.local # ignores rule namespace -// http: -// - timeout: 5s -// route: -// - destination: -// host: productpage.prod.svc.cluster.local -// ``` -// -// To control routing for traffic bound to services outside the mesh, external -// services must first be added to Istio's internal service registry using the -// ServiceEntry resource. VirtualServices can then be defined to control traffic -// bound to these external services. For example, the following rules define a -// Service for wikipedia.org and set a timeout of 5s for HTTP requests. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-wikipedia -// spec: -// hosts: -// - wikipedia.org -// location: MESH_EXTERNAL -// ports: -// - number: 80 -// name: example-http -// protocol: HTTP -// resolution: DNS -// --- -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: my-wiki-rule -// spec: -// hosts: -// - wikipedia.org -// http: -// - timeout: 5s -// route: -// - destination: -// host: wikipedia.org -// ``` -// -message Destination { - // The name of a service from the service registry. Service - // names are looked up from the platform's service registry (e.g., - // Kubernetes services, Consul services, etc.) and from the hosts - // declared by [ServiceEntry](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry). Traffic forwarded to - // destinations that are not found in either of the two, will be dropped. - // - // *Note for Kubernetes users*: When short names are used (e.g. "reviews" - // instead of "reviews.default.svc.cluster.local"), Istio will interpret - // the short name based on the namespace of the rule, not the service. A - // rule in the "default" namespace containing a host "reviews" will be - // interpreted as "reviews.default.svc.cluster.local", irrespective of - // the actual namespace associated with the reviews service. To avoid - // potential misconfiguration, it is recommended to always use fully - // qualified domain names over short names. - string host = 1 [(google.api.field_behavior) = REQUIRED]; - - // The name of a subset within the service. Applicable only to services - // within the mesh. The subset must be defined in a corresponding - // DestinationRule. - string subset = 2; - - // Specifies the port on the host that is being addressed. If a service - // exposes only a single port it is not required to explicitly select the - // port. - PortSelector port = 3; -} - -// Describes match conditions and actions for routing HTTP/1.1, HTTP2, and -// gRPC traffic. See VirtualService for usage examples. -message HTTPRoute { - // The name assigned to the route for debugging purposes. The - // route's name will be concatenated with the match's name and will - // be logged in the access logs for requests matching this - // route/match. - string name = 17; - - // Match conditions to be satisfied for the rule to be - // activated. All conditions inside a single match block have AND - // semantics, while the list of match blocks have OR semantics. The rule - // is matched if any one of the match blocks succeed. - repeated HTTPMatchRequest match = 1; - - // A HTTP rule can either return a direct_response, redirect or forward (default) traffic. - // The forwarding target can be one of several versions of a service (see - // glossary in beginning of document). Weights associated with the - // service version determine the proportion of traffic it receives. - repeated HTTPRouteDestination route = 2; - - // A HTTP rule can either return a direct_response, redirect or forward (default) traffic. - // If traffic passthrough option is specified in the rule, - // route/redirect will be ignored. The redirect primitive can be used to - // send a HTTP 301 redirect to a different URI or Authority. - HTTPRedirect redirect = 3; - - // A HTTP rule can either return a direct_response, redirect or forward (default) traffic. - // Direct Response is used to specify a fixed response that should - // be sent to clients. - // - // It can be set only when `Route` and `Redirect` are empty. - HTTPDirectResponse direct_response = 21; - - // Delegate is used to specify the particular VirtualService which - // can be used to define delegate HTTPRoute. - // - // It can be set only when `Route` and `Redirect` are empty, and the route - // rules of the delegate VirtualService will be merged with that in the - // current one. - // - // **NOTE**: - // - // 1. Only one level delegation is supported. - // 2. The delegate's HTTPMatchRequest must be a strict subset of the root's, - // otherwise there is a conflict and the HTTPRoute will not take effect. - Delegate delegate = 20; - - // Rewrite HTTP URIs and Authority headers. Rewrite cannot be used with - // Redirect primitive. Rewrite will be performed before forwarding. - HTTPRewrite rewrite = 4; - - reserved 5; - reserved "websocket_upgrade"; - - // Timeout for HTTP requests, default is disabled. - google.protobuf.Duration timeout = 6; - - // Retry policy for HTTP requests. - HTTPRetry retries = 7; - - // Fault injection policy to apply on HTTP traffic at the client side. - // Note that timeouts or retries will not be enabled when faults are - // enabled on the client side. - HTTPFaultInjection fault = 8; - - // Mirror HTTP traffic to a another destination in addition to forwarding - // the requests to the intended destination. Mirrored traffic is on a - // best effort basis where the sidecar/gateway will not wait for the - // mirrored cluster to respond before returning the response from the - // original destination. Statistics will be generated for the mirrored - // destination. - Destination mirror = 9; - - // Specifies the destinations to mirror HTTP traffic in addition - // to the original destination. Mirrored traffic is on a - // best effort basis where the sidecar/gateway will not wait for the - // mirrored destinations to respond before returning the response from the - // original destination. Statistics will be generated for the mirrored - // destination. - repeated HTTPMirrorPolicy mirrors = 22; - - // Percentage of the traffic to be mirrored by the `mirror` field. - // Use of integer `mirror_percent` value is deprecated. Use the - // double `mirror_percentage` field instead - // $hide_from_docs - // +kubebuilder:altName=mirror_percent - google.protobuf.UInt32Value mirror_percent = 18 [deprecated=true]; - - // Percentage of the traffic to be mirrored by the `mirror` field. - // If this field is absent, all the traffic (100%) will be mirrored. - // Max value is 100. - Percent mirror_percentage = 19; - - // Cross-Origin Resource Sharing policy (CORS). Refer to - // [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) - // for further details about cross origin resource sharing. - CorsPolicy cors_policy = 10; - - reserved 11 to 15; - reserved "append_headers", "remove_response_headers", "append_response_headers","remove_request_headers", "append_request_headers"; - - // Header manipulation rules - Headers headers = 16; - - // $hide_from_docs - // Next available field number: 23 -} - - -// Describes the delegate VirtualService. -// The following routing rules forward the traffic to `/productpage` by a delegate VirtualService named `productpage`, -// forward the traffic to `/reviews` by a delegate VirtualService named `reviews`. -// -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// name: bookinfo -// spec: -// hosts: -// - "bookinfo.com" -// gateways: -// - mygateway -// http: -// - match: -// - uri: -// prefix: "/productpage" -// delegate: -// name: productpage -// namespace: nsA -// - match: -// - uri: -// prefix: "/reviews" -// delegate: -// name: reviews -// namespace: nsB -// ``` -// -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// name: productpage -// namespace: nsA -// spec: -// http: -// - match: -// - uri: -// prefix: "/productpage/v1/" -// route: -// - destination: -// host: productpage-v1.nsA.svc.cluster.local -// - route: -// - destination: -// host: productpage.nsA.svc.cluster.local -// ``` -// -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// name: reviews -// namespace: nsB -// spec: -// http: -// - route: -// - destination: -// host: reviews.nsB.svc.cluster.local -// ``` -message Delegate { - // Name specifies the name of the delegate VirtualService. - string name = 1; - // Namespace specifies the namespace where the delegate VirtualService resides. - // By default, it is same to the root's. - string namespace = 2; -} - - -// Message headers can be manipulated when Envoy forwards requests to, -// or responses from, a destination service. Header manipulation rules can -// be specified for a specific route destination or for all destinations. -// The following VirtualService adds a `test` header with the value `true` -// to requests that are routed to any `reviews` service destination. -// It also removes the `foo` response header, but only from responses -// coming from the `v1` subset (version) of the `reviews` service. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: reviews-route -// spec: -// hosts: -// - reviews.prod.svc.cluster.local -// http: -// - headers: -// request: -// set: -// test: "true" -// route: -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v2 -// weight: 25 -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v1 -// headers: -// response: -// remove: -// - foo -// weight: 75 -// ``` -message Headers { - // Header manipulation rules to apply before forwarding a request - // to the destination service - HeaderOperations request = 1; - // Header manipulation rules to apply before returning a response - // to the caller - HeaderOperations response = 2; - - // HeaderOperations Describes the header manipulations to apply - message HeaderOperations { - // Overwrite the headers specified by key with the given values - map set = 1; - // Append the given values to the headers specified by keys - // (will create a comma-separated list of values) - map add = 2; - // Remove the specified headers - repeated string remove = 3; - } -} - -// Describes match conditions and actions for routing unterminated TLS -// traffic (TLS/HTTPS) The following routing rule forwards unterminated TLS -// traffic arriving at port 443 of gateway called "mygateway" to internal -// services in the mesh based on the SNI value. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: bookinfo-sni -// spec: -// hosts: -// - "*.bookinfo.com" -// gateways: -// - mygateway -// tls: -// - match: -// - port: 443 -// sniHosts: -// - login.bookinfo.com -// route: -// - destination: -// host: login.prod.svc.cluster.local -// - match: -// - port: 443 -// sniHosts: -// - reviews.bookinfo.com -// route: -// - destination: -// host: reviews.prod.svc.cluster.local -// ``` -message TLSRoute { - // Match conditions to be satisfied for the rule to be - // activated. All conditions inside a single match block have AND - // semantics, while the list of match blocks have OR semantics. The rule - // is matched if any one of the match blocks succeed. - repeated TLSMatchAttributes match = 1 [(google.api.field_behavior) = REQUIRED]; - - // The destination to which the connection should be forwarded to. - repeated RouteDestination route = 2; -} - -// Describes match conditions and actions for routing TCP traffic. The -// following routing rule forwards traffic arriving at port 27017 for -// mongo.prod.svc.cluster.local to another Mongo server on port 5555. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: bookinfo-mongo -// spec: -// hosts: -// - mongo.prod.svc.cluster.local -// tcp: -// - match: -// - port: 27017 -// route: -// - destination: -// host: mongo.backup.svc.cluster.local -// port: -// number: 5555 -// ``` -message TCPRoute { - // Match conditions to be satisfied for the rule to be - // activated. All conditions inside a single match block have AND - // semantics, while the list of match blocks have OR semantics. The rule - // is matched if any one of the match blocks succeed. - repeated L4MatchAttributes match = 1; - - // The destination to which the connection should be forwarded to. - repeated RouteDestination route = 2; -} - -// HttpMatchRequest specifies a set of criteria to be met in order for the -// rule to be applied to the HTTP request. For example, the following -// restricts the rule to match only requests where the URL path -// starts with /ratings/v2/ and the request contains a custom `end-user` header -// with value `jason`. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: ratings-route -// spec: -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - headers: -// end-user: -// exact: jason -// uri: -// prefix: "/ratings/v2/" -// ignoreUriCase: true -// route: -// - destination: -// host: ratings.prod.svc.cluster.local -// ``` -// -// HTTPMatchRequest CANNOT be empty. -// **Note:** -// 1. If a root VirtualService have matched any property (path, header etc.) by regex, delegate VirtualServices should not have any other matches on the same property. -// 2. If a delegate VirtualService have matched any property (path, header etc.) by regex, root VirtualServices should not have any other matches on the same property. -message HTTPMatchRequest { - // The name assigned to a match. The match's name will be - // concatenated with the parent route's name and will be logged in - // the access logs for requests matching this route. - string name = 11; - - // URI to match - // values are case-sensitive and formatted as follows: - // - // - `exact: "value"` for exact string match - // - // - `prefix: "value"` for prefix-based match - // - // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - // - // **Note:** Case-insensitive matching could be enabled via the - // `ignoreUriCase` flag. - StringMatch uri = 1; - - // URI Scheme - // values are case-sensitive and formatted as follows: - // - // - `exact: "value"` for exact string match - // - // - `prefix: "value"` for prefix-based match - // - // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - // - StringMatch scheme = 2; - - // HTTP Method - // values are case-sensitive and formatted as follows: - // - // - `exact: "value"` for exact string match - // - // - `prefix: "value"` for prefix-based match - // - // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - // - StringMatch method = 3; - - // HTTP Authority - // values are case-sensitive and formatted as follows: - // - // - `exact: "value"` for exact string match - // - // - `prefix: "value"` for prefix-based match - // - // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - // - StringMatch authority = 4; - - // The header keys must be lowercase and use hyphen as the separator, - // e.g. _x-request-id_. - // - // Header values are case-sensitive and formatted as follows: - // - // - `exact: "value"` for exact string match - // - // - `prefix: "value"` for prefix-based match - // - // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - // - // If the value is empty and only the name of header is specified, presence of the header is checked. - // To provide an empty value, use `{}`, for example: - // - // ``` - // - match: - // - headers: - // myheader: {} - // ``` - // **Note:** The keys `uri`, `scheme`, `method`, and `authority` will be ignored. - map headers = 5; - - // Specifies the ports on the host that is being addressed. Many services - // only expose a single port or label ports with the protocols they support, - // in these cases it is not required to explicitly select the port. - uint32 port = 6; - - // One or more labels that constrain the applicability of a rule to source (client) workloads - // with the given labels. If the VirtualService has a list of gateways specified - // in the top-level `gateways` field, it must include the reserved gateway - // `mesh` for this field to be applicable. - map source_labels = 7; - - // Names of gateways where the rule should be applied. Gateway names - // in the top-level `gateways` field of the VirtualService (if any) are overridden. The gateway - // match is independent of sourceLabels. - repeated string gateways = 8; - - // Query parameters for matching. - // - // Ex: - // - // - For a query parameter like "?key=true", the map key would be "key" and - // the string match could be defined as `exact: "true"`. - // - // - For a query parameter like "?key", the map key would be "key" and the - // string match could be defined as `exact: ""`. - // - // - For a query parameter like "?key=abc" or "?key=abx", the map key would be "key" and the - // string match could be defined as `prefix: "ab"`. - // - // - For a query parameter like "?key=123", the map key would be "key" and the - // string match could be defined as `regex: "\d+$"`. Note that this - // configuration will only match values like "123" but not "a123" or "123a". - map query_params = 9; - - // Flag to specify whether the URI matching should be case-insensitive. - // - // **Note:** The case will be ignored only in the case of `exact` and `prefix` - // URI matches. - bool ignore_uri_case = 10; - - // withoutHeader has the same syntax with the header, but has opposite meaning. - // If a header is matched with a matching rule among withoutHeader, the traffic becomes not matched one. - map without_headers = 12; - - // Source namespace constraining the applicability of a rule to workloads in that namespace. - // If the VirtualService has a list of gateways specified in the top-level `gateways` field, - // it must include the reserved gateway `mesh` for this field to be applicable. - string source_namespace = 13; - - // The human readable prefix to use when emitting statistics for this route. - // The statistics are generated with prefix route.. - // This should be set for highly critical routes that one wishes to get "per-route" statistics on. - // This prefix is only for proxy-level statistics (envoy_*) and not service-level (istio_*) statistics. - // Refer to https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-route-stat-prefix - // for statistics that are generated when this is configured. - string stat_prefix = 14; -} - -// Each routing rule is associated with one or more service versions (see -// glossary in beginning of document). Weights associated with the version -// determine the proportion of traffic it receives. For example, the -// following rule will route 25% of traffic for the "reviews" service to -// instances with the "v2" tag and the remaining traffic (i.e., 75%) to -// "v1". -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: reviews-route -// spec: -// hosts: -// - reviews.prod.svc.cluster.local -// http: -// - route: -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v2 -// weight: 25 -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v1 -// weight: 75 -// ``` -// -// And the associated DestinationRule -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: reviews-destination -// spec: -// host: reviews.prod.svc.cluster.local -// subsets: -// - name: v1 -// labels: -// version: v1 -// - name: v2 -// labels: -// version: v2 -// ``` -// -// Traffic can also be split across two entirely different services without -// having to define new subsets. For example, the following rule forwards 25% of -// traffic to reviews.com to dev.reviews.com -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: reviews-route-two-domains -// spec: -// hosts: -// - reviews.com -// http: -// - route: -// - destination: -// host: dev.reviews.com -// weight: 25 -// - destination: -// host: reviews.com -// weight: 75 -// ``` -// -message HTTPRouteDestination { - // Destination uniquely identifies the instances of a service - // to which the request/connection should be forwarded to. - Destination destination = 1 [(google.api.field_behavior) = REQUIRED]; - - // Weight specifies the relative proportion of traffic to be forwarded to the destination. A destination will receive `weight/(sum of all weights)` requests. - // If there is only one destination in a rule, it will receive all traffic. - // Otherwise, if weight is `0`, the destination will not receive any traffic. - int32 weight = 2; - - reserved 3 to 6; - reserved "remove_response_headers", "append_response_headers", "remove_request_headers", "append_request_headers"; - - // Header manipulation rules - Headers headers = 7; -} - -// L4 routing rule weighted destination. -message RouteDestination { - // Destination uniquely identifies the instances of a service - // to which the request/connection should be forwarded to. - Destination destination = 1 [(google.api.field_behavior) = REQUIRED]; - - // Weight specifies the relative proportion of traffic to be forwarded to the destination. A destination will receive `weight/(sum of all weights)` requests. - // If there is only one destination in a rule, it will receive all traffic. - // Otherwise, if weight is `0`, the destination will not receive any traffic. - int32 weight = 2; -} - -// L4 connection match attributes. Note that L4 connection matching support -// is incomplete. -message L4MatchAttributes { - // IPv4 or IPv6 ip addresses of destination with optional subnet. E.g., - // a.b.c.d/xx form or just a.b.c.d. - repeated string destination_subnets = 1; - - // Specifies the port on the host that is being addressed. Many services - // only expose a single port or label ports with the protocols they support, - // in these cases it is not required to explicitly select the port. - uint32 port = 2; - - // IPv4 or IPv6 ip address of source with optional subnet. E.g., a.b.c.d/xx - // form or just a.b.c.d - // $hide_from_docs - string source_subnet = 3; - - // One or more labels that constrain the applicability of a rule to - // workloads with the given labels. If the VirtualService has a list of - // gateways specified in the top-level `gateways` field, it should include the reserved gateway - // `mesh` in order for this field to be applicable. - map source_labels = 4; - - // Names of gateways where the rule should be applied. Gateway names - // in the top-level `gateways` field of the VirtualService (if any) are overridden. The gateway - // match is independent of sourceLabels. - repeated string gateways = 5; - - // Source namespace constraining the applicability of a rule to workloads in that namespace. - // If the VirtualService has a list of gateways specified in the top-level `gateways` field, - // it must include the reserved gateway `mesh` for this field to be applicable. - string source_namespace = 6; -} - -// TLS connection match attributes. -message TLSMatchAttributes { - // SNI (server name indicator) to match on. Wildcard prefixes - // can be used in the SNI value, e.g., *.com will match foo.example.com - // as well as example.com. An SNI value must be a subset (i.e., fall - // within the domain) of the corresponding virtual service's hosts. - repeated string sni_hosts = 1 [(google.api.field_behavior) = REQUIRED]; - - // IPv4 or IPv6 ip addresses of destination with optional subnet. E.g., - // a.b.c.d/xx form or just a.b.c.d. - repeated string destination_subnets = 2; - - // Specifies the port on the host that is being addressed. Many services - // only expose a single port or label ports with the protocols they - // support, in these cases it is not required to explicitly select the - // port. - uint32 port = 3; - - reserved 4; - reserved "source_subnet"; - - // One or more labels that constrain the applicability of a rule to - // workloads with the given labels. If the VirtualService has a list of - // gateways specified in the top-level `gateways` field, it should include the reserved gateway - // `mesh` in order for this field to be applicable. - map source_labels = 5; - - // Names of gateways where the rule should be applied. Gateway names - // in the top-level `gateways` field of the VirtualService (if any) are overridden. The gateway - // match is independent of sourceLabels. - repeated string gateways = 6; - - // Source namespace constraining the applicability of a rule to workloads in that namespace. - // If the VirtualService has a list of gateways specified in the top-level `gateways` field, - // it must include the reserved gateway `mesh` for this field to be applicable. - string source_namespace = 7; -} - -// HTTPRedirect can be used to send a 301 redirect response to the caller, -// where the Authority/Host and the URI in the response can be swapped with -// the specified values. For example, the following rule redirects -// requests for /v1/getProductRatings API on the ratings service to -// /v1/bookRatings provided by the bookratings service. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: ratings-route -// spec: -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - uri: -// exact: /v1/getProductRatings -// redirect: -// uri: /v1/bookRatings -// authority: newratings.default.svc.cluster.local -// ... -// ``` -// -message HTTPRedirect { - // On a redirect, overwrite the Path portion of the URL with this - // value. Note that the entire path will be replaced, irrespective of the - // request URI being matched as an exact path or prefix. - string uri = 1; - - // On a redirect, overwrite the Authority/Host portion of the URL with - // this value. - string authority = 2; - - enum RedirectPortSelection { - FROM_PROTOCOL_DEFAULT = 0; - FROM_REQUEST_PORT = 1; - } - oneof redirect_port { - // On a redirect, overwrite the port portion of the URL with this value. - uint32 port = 4; - // On a redirect, dynamically set the port: - // * FROM_PROTOCOL_DEFAULT: automatically set to 80 for HTTP and 443 for HTTPS. - // * FROM_REQUEST_PORT: automatically use the port of the request. - RedirectPortSelection derive_port = 5; - } - - // On a redirect, overwrite the scheme portion of the URL with this value. - // For example, `http` or `https`. - // If unset, the original scheme will be used. - // If `derivePort` is set to `FROM_PROTOCOL_DEFAULT`, this will impact the port used as well - string scheme = 6; - - // On a redirect, Specifies the HTTP status code to use in the redirect - // response. The default response code is MOVED_PERMANENTLY (301). - uint32 redirect_code = 3; -} - -// HTTPDirectResponse can be used to send a fixed response to clients. -// For example, the following rule returns a fixed 503 status with a body -// to requests for /v1/getProductRatings API. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: ratings-route -// spec: -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - uri: -// exact: /v1/getProductRatings -// directResponse: -// status: 503 -// body: -// string: "unknown error" -// ... -// ``` -// -// It is also possible to specify a binary response body. -// This is mostly useful for non text-based protocols such as gRPC. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: ratings-route -// spec: -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - uri: -// exact: /v1/getProductRatings -// directResponse: -// status: 503 -// body: -// bytes: "dW5rbm93biBlcnJvcg==" # "unknown error" in base64 -// ... -// ``` -// -// It is good practice to add headers in the HTTPRoute -// as well as the direct_response, for example to specify -// the returned Content-Type. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: ratings-route -// spec: -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - uri: -// exact: /v1/getProductRatings -// directResponse: -// status: 503 -// body: -// string: "{\"error\": \"unknown error\"}" -// headers: -// response: -// set: -// content-type: "text/plain" -// ... -// ``` -// -message HTTPDirectResponse { - // Specifies the HTTP response status to be returned. - uint32 status = 1 [(google.api.field_behavior) = REQUIRED]; - - // Specifies the content of the response body. If this setting is omitted, - // no body is included in the generated response. - HTTPBody body = 2; -} - -message HTTPBody { - oneof specifier { - // response body as a string - string string = 1; - - // response body as base64 encoded bytes. - bytes bytes = 2; - } -} - -// HTTPRewrite can be used to rewrite specific parts of a HTTP request -// before forwarding the request to the destination. Rewrite primitive can -// be used only with HTTPRouteDestination. The following example -// demonstrates how to rewrite the URL prefix for api call (/ratings) to -// ratings service before making the actual API call. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: ratings-route -// spec: -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - uri: -// prefix: /ratings -// rewrite: -// uri: /v1/bookRatings -// route: -// - destination: -// host: ratings.prod.svc.cluster.local -// subset: v1 -// ``` -// -message HTTPRewrite { - // rewrite the path (or the prefix) portion of the URI with this - // value. If the original URI was matched based on prefix, the value - // provided in this field will replace the corresponding matched prefix. - string uri = 1; - - // rewrite the Authority/Host header with this value. - string authority = 2; - - // rewrite the path portion of the URI with the specified regex. - RegexRewrite uri_regex_rewrite = 3; -} - -message RegexRewrite { - // RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - string match = 1; - - // The string that should replace into matching portions of original URI. - // Capture groups in the pattern can be referenced in the new URI. - // Examples: - // - // Example 1: rewrite with capture groups - // Path pattern "/service/update/v1/api" with match "^/service/([^/]+)(/.*)$" and - // rewrite string of "/customprefix/\2/\1" would transform into "/customprefix/v1/api/update". - // - // Example 2: case insensitive rewrite - // Path pattern "/aaa/XxX/bbb" with match "(?i)/xxx/" and a rewrite string of /yyy/ would do a - // case-insensitive match and transform the path to "/aaa/yyy/bbb". - string rewrite = 2; -} - -// Describes how to match a given string in HTTP headers. Match is -// case-sensitive. -message StringMatch { - oneof match_type { - - // exact string match - string exact = 1; - - // prefix-based match - string prefix = 2; - - // RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - string regex = 3; - } -} - -// Describes the retry policy to use when a HTTP request fails. For -// example, the following rule sets the maximum number of retries to 3 when -// calling ratings:v1 service, with a 2s timeout per retry attempt. -// A retry will be attempted if there is a connect-failure, refused_stream -// or when the upstream server responds with Service Unavailable(503). -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: ratings-route -// spec: -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - route: -// - destination: -// host: ratings.prod.svc.cluster.local -// subset: v1 -// retries: -// attempts: 3 -// perTryTimeout: 2s -// retryOn: gateway-error,connect-failure,refused-stream -// ``` -// -message HTTPRetry { - // Number of retries to be allowed for a given request. The interval - // between retries will be determined automatically (25ms+). When request - // `timeout` of the [HTTP route](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPRoute) - // or `per_try_timeout` is configured, the actual number of retries attempted also depends on - // the specified request `timeout` and `per_try_timeout` values. MUST BE >= 0. If `0`, retries will be disabled. - // The maximum possible number of requests made will be 1 + `attempts`. - int32 attempts = 1; - - // Timeout per attempt for a given request, including the initial call and any retries. Format: 1h/1m/1s/1ms. MUST BE >=1ms. - // Default is same value as request - // `timeout` of the [HTTP route](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPRoute), - // which means no timeout. - google.protobuf.Duration per_try_timeout = 2; - - // Specifies the conditions under which retry takes place. - // One or more policies can be specified using a ‘,’ delimited list. - // If `retry_on` specifies a valid HTTP status, it will be added to retriable_status_codes retry policy. - // See the [retry policies](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-on) - // and [gRPC retry policies](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-grpc-on) for more details. - string retry_on = 3; - - // Flag to specify whether the retries should retry to other localities. - // See the [retry plugin configuration](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/http/http_connection_management#retry-plugin-configuration) for more details. - google.protobuf.BoolValue retry_remote_localities = 4; -} - -// Describes the Cross-Origin Resource Sharing (CORS) policy, for a given -// service. Refer to [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS) -// for further details about cross origin resource sharing. For example, -// the following rule restricts cross origin requests to those originating -// from example.com domain using HTTP POST/GET, and sets the -// `Access-Control-Allow-Credentials` header to false. In addition, it only -// exposes `X-Foo-bar` header and sets an expiry period of 1 day. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: ratings-route -// spec: -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - route: -// - destination: -// host: ratings.prod.svc.cluster.local -// subset: v1 -// corsPolicy: -// allowOrigins: -// - exact: https://example.com -// allowMethods: -// - POST -// - GET -// allowCredentials: false -// allowHeaders: -// - X-Foo-Bar -// maxAge: "24h" -// ``` -// -message CorsPolicy { - // The list of origins that are allowed to perform CORS requests. The - // content will be serialized into the Access-Control-Allow-Origin - // header. Wildcard * will allow all origins. - // $hide_from_docs - repeated string allow_origin = 1 [deprecated=true]; - - // String patterns that match allowed origins. - // An origin is allowed if any of the string matchers match. - // If a match is found, then the outgoing Access-Control-Allow-Origin would be set to the origin as provided by the client. - repeated StringMatch allow_origins = 7; - - // List of HTTP methods allowed to access the resource. The content will - // be serialized into the Access-Control-Allow-Methods header. - repeated string allow_methods = 2; - - // List of HTTP headers that can be used when requesting the - // resource. Serialized to Access-Control-Allow-Headers header. - repeated string allow_headers = 3; - - // A list of HTTP headers that the browsers are allowed to - // access. Serialized into Access-Control-Expose-Headers header. - repeated string expose_headers = 4; - - // Specifies how long the results of a preflight request can be - // cached. Translates to the `Access-Control-Max-Age` header. - google.protobuf.Duration max_age = 5; - - // Indicates whether the caller is allowed to send the actual request - // (not the preflight) using credentials. Translates to - // `Access-Control-Allow-Credentials` header. - google.protobuf.BoolValue allow_credentials = 6; - - // Indicates whether preflight requests not matching the configured - // allowed origin shouldn't be forwarded to the upstream. - // Default is forward to upstream. - UnmatchedPreflights unmatched_preflights = 8; - - enum UnmatchedPreflights { - // Default to FORWARD - UNSPECIFIED = 0; - // Preflight requests not matching the configured allowed origin - // will be forwarded to the upstream. - FORWARD = 1; - // Preflight requests not matching the configured allowed origin - // will not be forwarded to the upstream. - IGNORE = 2; - } -} - -// HTTPFaultInjection can be used to specify one or more faults to inject -// while forwarding HTTP requests to the destination specified in a route. -// Fault specification is part of a VirtualService rule. Faults include -// aborting the Http request from downstream service, and/or delaying -// proxying of requests. A fault rule MUST HAVE delay or abort or both. -// -// *Note:* Delay and abort faults are independent of one another, even if -// both are specified simultaneously. -message HTTPFaultInjection { - // Delay requests before forwarding, emulating various failures such as - // network issues, overloaded upstream service, etc. - Delay delay = 1; - - // Abort Http request attempts and return error codes back to downstream - // service, giving the impression that the upstream service is faulty. - Abort abort = 2; - - // Delay specification is used to inject latency into the request - // forwarding path. The following example will introduce a 5 second delay - // in 1 out of every 1000 requests to the "v1" version of the "reviews" - // service from all pods with label env: prod - // - // ```yaml - // apiVersion: networking.istio.io/v1beta1 - // kind: VirtualService - // metadata: - // name: reviews-route - // spec: - // hosts: - // - reviews.prod.svc.cluster.local - // http: - // - match: - // - sourceLabels: - // env: prod - // route: - // - destination: - // host: reviews.prod.svc.cluster.local - // subset: v1 - // fault: - // delay: - // percentage: - // value: 0.1 - // fixedDelay: 5s - // ``` - // - // The _fixedDelay_ field is used to indicate the amount of delay in seconds. - // The optional _percentage_ field can be used to only delay a certain - // percentage of requests. If left unspecified, no request will be delayed. - message Delay { - // Percentage of requests on which the delay will be injected (0-100). - // Use of integer `percent` value is deprecated. Use the double `percentage` - // field instead. - int32 percent = 1 [deprecated=true]; - - oneof http_delay_type { - // Add a fixed delay before forwarding the request. Format: - // 1h/1m/1s/1ms. MUST be >=1ms. - google.protobuf.Duration fixed_delay = 2; - - // $hide_from_docs - google.protobuf.Duration exponential_delay = 3 ; - } - - // Percentage of requests on which the delay will be injected. - // If left unspecified, no request will be delayed. - Percent percentage = 5; - } - - // Abort specification is used to prematurely abort a request with a - // pre-specified error code. The following example will return an HTTP 400 - // error code for 1 out of every 1000 requests to the "ratings" service "v1". - // - // ```yaml - // apiVersion: networking.istio.io/v1beta1 - // kind: VirtualService - // metadata: - // name: ratings-route - // spec: - // hosts: - // - ratings.prod.svc.cluster.local - // http: - // - route: - // - destination: - // host: ratings.prod.svc.cluster.local - // subset: v1 - // fault: - // abort: - // percentage: - // value: 0.1 - // httpStatus: 400 - // ``` - // - // The _httpStatus_ field is used to indicate the HTTP status code to - // return to the caller. The optional _percentage_ field can be used to only - // abort a certain percentage of requests. If not specified, no request will be - // aborted. - message Abort { - reserved 1; - reserved "percent"; - - oneof error_type { - // HTTP status code to use to abort the Http request. - int32 http_status = 2; - - // GRPC status code to use to abort the request. The supported - // codes are documented in https://github.com/grpc/grpc/blob/master/doc/statuscodes.md - // Note: If you want to return the status "Unavailable", then you should - // specify the code as `UNAVAILABLE`(all caps), but not `14`. - string grpc_status = 3; - - // $hide_from_docs - string http2_error = 4; - } - - // Percentage of requests to be aborted with the error code provided. - // If not specified, no request will be aborted. - Percent percentage = 5; - } -} - -// HTTPMirrorPolicy can be used to specify the destinations to mirror HTTP traffic in addition -// to the original destination. Mirrored traffic is on a -// best effort basis where the sidecar/gateway will not wait for the -// mirrored destinations to respond before returning the response from the -// original destination. Statistics will be generated for the mirrored -// destination. -message HTTPMirrorPolicy { - // Destination specifies the target of the mirror operation. - Destination destination = 1 [(google.api.field_behavior) = REQUIRED]; - - // Percentage of the traffic to be mirrored by the `destination` field. - // If this field is absent, all the traffic (100%) will be mirrored. - // Max value is 100. - Percent percentage = 2; -} - -// PortSelector specifies the number of a port to be used for -// matching or selection for final routing. -message PortSelector { - // Valid port number - uint32 number = 1; - - reserved 2; - reserved "name"; -} - -// Percent specifies a percentage in the range of [0.0, 100.0]. -message Percent { - double value = 1; -} diff --git a/networking/v1/virtual_service_alias.gen.go b/networking/v1/virtual_service_alias.gen.go new file mode 100644 index 00000000000..561e0d8aed6 --- /dev/null +++ b/networking/v1/virtual_service_alias.gen.go @@ -0,0 +1,55 @@ +// Code generated by protoc-gen-alias. DO NOT EDIT. +package v1 + +import "istio.io/api/networking/v1alpha3" + +type VirtualService = v1alpha3.VirtualService +type Destination = v1alpha3.Destination +type HTTPRoute = v1alpha3.HTTPRoute +type Delegate = v1alpha3.Delegate +type Headers = v1alpha3.Headers +type Headers_HeaderOperations = v1alpha3.Headers_HeaderOperations +type TLSRoute = v1alpha3.TLSRoute +type TCPRoute = v1alpha3.TCPRoute +type HTTPMatchRequest = v1alpha3.HTTPMatchRequest +type HTTPRouteDestination = v1alpha3.HTTPRouteDestination +type RouteDestination = v1alpha3.RouteDestination +type L4MatchAttributes = v1alpha3.L4MatchAttributes +type TLSMatchAttributes = v1alpha3.TLSMatchAttributes +type HTTPRedirect = v1alpha3.HTTPRedirect +type HTTPRedirect_RedirectPortSelection = v1alpha3.HTTPRedirect_RedirectPortSelection + +const HTTPRedirect_FROM_PROTOCOL_DEFAULT HTTPRedirect_RedirectPortSelection = v1alpha3.HTTPRedirect_FROM_PROTOCOL_DEFAULT +const HTTPRedirect_FROM_REQUEST_PORT HTTPRedirect_RedirectPortSelection = v1alpha3.HTTPRedirect_FROM_REQUEST_PORT + +type HTTPRedirect_Port = v1alpha3.HTTPRedirect_Port +type HTTPRedirect_DerivePort = v1alpha3.HTTPRedirect_DerivePort +type HTTPDirectResponse = v1alpha3.HTTPDirectResponse +type HTTPBody = v1alpha3.HTTPBody +type HTTPBody_String_ = v1alpha3.HTTPBody_String_ +type HTTPBody_Bytes = v1alpha3.HTTPBody_Bytes +type HTTPRewrite = v1alpha3.HTTPRewrite +type RegexRewrite = v1alpha3.RegexRewrite +type StringMatch = v1alpha3.StringMatch +type StringMatch_Exact = v1alpha3.StringMatch_Exact +type StringMatch_Prefix = v1alpha3.StringMatch_Prefix +type StringMatch_Regex = v1alpha3.StringMatch_Regex +type HTTPRetry = v1alpha3.HTTPRetry +type CorsPolicy = v1alpha3.CorsPolicy +type CorsPolicy_UnmatchedPreflights = v1alpha3.CorsPolicy_UnmatchedPreflights + +const CorsPolicy_UNSPECIFIED CorsPolicy_UnmatchedPreflights = v1alpha3.CorsPolicy_UNSPECIFIED +const CorsPolicy_FORWARD CorsPolicy_UnmatchedPreflights = v1alpha3.CorsPolicy_FORWARD +const CorsPolicy_IGNORE CorsPolicy_UnmatchedPreflights = v1alpha3.CorsPolicy_IGNORE + +type HTTPFaultInjection = v1alpha3.HTTPFaultInjection +type HTTPFaultInjection_Delay = v1alpha3.HTTPFaultInjection_Delay +type HTTPFaultInjection_Delay_FixedDelay = v1alpha3.HTTPFaultInjection_Delay_FixedDelay +type HTTPFaultInjection_Delay_ExponentialDelay = v1alpha3.HTTPFaultInjection_Delay_ExponentialDelay +type HTTPFaultInjection_Abort = v1alpha3.HTTPFaultInjection_Abort +type HTTPFaultInjection_Abort_HttpStatus = v1alpha3.HTTPFaultInjection_Abort_HttpStatus +type HTTPFaultInjection_Abort_GrpcStatus = v1alpha3.HTTPFaultInjection_Abort_GrpcStatus +type HTTPFaultInjection_Abort_Http2Error = v1alpha3.HTTPFaultInjection_Abort_Http2Error +type HTTPMirrorPolicy = v1alpha3.HTTPMirrorPolicy +type PortSelector = v1alpha3.PortSelector +type Percent = v1alpha3.Percent diff --git a/networking/v1/virtual_service_deepcopy.gen.go b/networking/v1/virtual_service_deepcopy.gen.go deleted file mode 100644 index 470c80f552a..00000000000 --- a/networking/v1/virtual_service_deepcopy.gen.go +++ /dev/null @@ -1,573 +0,0 @@ -// Code generated by protoc-gen-deepcopy. DO NOT EDIT. -package v1 - -import ( - proto "google.golang.org/protobuf/proto" -) - -// DeepCopyInto supports using VirtualService within kubernetes types, where deepcopy-gen is used. -func (in *VirtualService) DeepCopyInto(out *VirtualService) { - p := proto.Clone(in).(*VirtualService) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VirtualService. Required by controller-gen. -func (in *VirtualService) DeepCopy() *VirtualService { - if in == nil { - return nil - } - out := new(VirtualService) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new VirtualService. Required by controller-gen. -func (in *VirtualService) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using Destination within kubernetes types, where deepcopy-gen is used. -func (in *Destination) DeepCopyInto(out *Destination) { - p := proto.Clone(in).(*Destination) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Destination. Required by controller-gen. -func (in *Destination) DeepCopy() *Destination { - if in == nil { - return nil - } - out := new(Destination) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Destination. Required by controller-gen. -func (in *Destination) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using HTTPRoute within kubernetes types, where deepcopy-gen is used. -func (in *HTTPRoute) DeepCopyInto(out *HTTPRoute) { - p := proto.Clone(in).(*HTTPRoute) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRoute. Required by controller-gen. -func (in *HTTPRoute) DeepCopy() *HTTPRoute { - if in == nil { - return nil - } - out := new(HTTPRoute) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRoute. Required by controller-gen. -func (in *HTTPRoute) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using Delegate within kubernetes types, where deepcopy-gen is used. -func (in *Delegate) DeepCopyInto(out *Delegate) { - p := proto.Clone(in).(*Delegate) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Delegate. Required by controller-gen. -func (in *Delegate) DeepCopy() *Delegate { - if in == nil { - return nil - } - out := new(Delegate) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Delegate. Required by controller-gen. -func (in *Delegate) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using Headers within kubernetes types, where deepcopy-gen is used. -func (in *Headers) DeepCopyInto(out *Headers) { - p := proto.Clone(in).(*Headers) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Headers. Required by controller-gen. -func (in *Headers) DeepCopy() *Headers { - if in == nil { - return nil - } - out := new(Headers) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Headers. Required by controller-gen. -func (in *Headers) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using Headers_HeaderOperations within kubernetes types, where deepcopy-gen is used. -func (in *Headers_HeaderOperations) DeepCopyInto(out *Headers_HeaderOperations) { - p := proto.Clone(in).(*Headers_HeaderOperations) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Headers_HeaderOperations. Required by controller-gen. -func (in *Headers_HeaderOperations) DeepCopy() *Headers_HeaderOperations { - if in == nil { - return nil - } - out := new(Headers_HeaderOperations) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Headers_HeaderOperations. Required by controller-gen. -func (in *Headers_HeaderOperations) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using TLSRoute within kubernetes types, where deepcopy-gen is used. -func (in *TLSRoute) DeepCopyInto(out *TLSRoute) { - p := proto.Clone(in).(*TLSRoute) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSRoute. Required by controller-gen. -func (in *TLSRoute) DeepCopy() *TLSRoute { - if in == nil { - return nil - } - out := new(TLSRoute) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new TLSRoute. Required by controller-gen. -func (in *TLSRoute) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using TCPRoute within kubernetes types, where deepcopy-gen is used. -func (in *TCPRoute) DeepCopyInto(out *TCPRoute) { - p := proto.Clone(in).(*TCPRoute) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPRoute. Required by controller-gen. -func (in *TCPRoute) DeepCopy() *TCPRoute { - if in == nil { - return nil - } - out := new(TCPRoute) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new TCPRoute. Required by controller-gen. -func (in *TCPRoute) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using HTTPMatchRequest within kubernetes types, where deepcopy-gen is used. -func (in *HTTPMatchRequest) DeepCopyInto(out *HTTPMatchRequest) { - p := proto.Clone(in).(*HTTPMatchRequest) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPMatchRequest. Required by controller-gen. -func (in *HTTPMatchRequest) DeepCopy() *HTTPMatchRequest { - if in == nil { - return nil - } - out := new(HTTPMatchRequest) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPMatchRequest. Required by controller-gen. -func (in *HTTPMatchRequest) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using HTTPRouteDestination within kubernetes types, where deepcopy-gen is used. -func (in *HTTPRouteDestination) DeepCopyInto(out *HTTPRouteDestination) { - p := proto.Clone(in).(*HTTPRouteDestination) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRouteDestination. Required by controller-gen. -func (in *HTTPRouteDestination) DeepCopy() *HTTPRouteDestination { - if in == nil { - return nil - } - out := new(HTTPRouteDestination) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRouteDestination. Required by controller-gen. -func (in *HTTPRouteDestination) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using RouteDestination within kubernetes types, where deepcopy-gen is used. -func (in *RouteDestination) DeepCopyInto(out *RouteDestination) { - p := proto.Clone(in).(*RouteDestination) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteDestination. Required by controller-gen. -func (in *RouteDestination) DeepCopy() *RouteDestination { - if in == nil { - return nil - } - out := new(RouteDestination) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new RouteDestination. Required by controller-gen. -func (in *RouteDestination) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using L4MatchAttributes within kubernetes types, where deepcopy-gen is used. -func (in *L4MatchAttributes) DeepCopyInto(out *L4MatchAttributes) { - p := proto.Clone(in).(*L4MatchAttributes) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new L4MatchAttributes. Required by controller-gen. -func (in *L4MatchAttributes) DeepCopy() *L4MatchAttributes { - if in == nil { - return nil - } - out := new(L4MatchAttributes) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new L4MatchAttributes. Required by controller-gen. -func (in *L4MatchAttributes) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using TLSMatchAttributes within kubernetes types, where deepcopy-gen is used. -func (in *TLSMatchAttributes) DeepCopyInto(out *TLSMatchAttributes) { - p := proto.Clone(in).(*TLSMatchAttributes) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSMatchAttributes. Required by controller-gen. -func (in *TLSMatchAttributes) DeepCopy() *TLSMatchAttributes { - if in == nil { - return nil - } - out := new(TLSMatchAttributes) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new TLSMatchAttributes. Required by controller-gen. -func (in *TLSMatchAttributes) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using HTTPRedirect within kubernetes types, where deepcopy-gen is used. -func (in *HTTPRedirect) DeepCopyInto(out *HTTPRedirect) { - p := proto.Clone(in).(*HTTPRedirect) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRedirect. Required by controller-gen. -func (in *HTTPRedirect) DeepCopy() *HTTPRedirect { - if in == nil { - return nil - } - out := new(HTTPRedirect) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRedirect. Required by controller-gen. -func (in *HTTPRedirect) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using HTTPDirectResponse within kubernetes types, where deepcopy-gen is used. -func (in *HTTPDirectResponse) DeepCopyInto(out *HTTPDirectResponse) { - p := proto.Clone(in).(*HTTPDirectResponse) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPDirectResponse. Required by controller-gen. -func (in *HTTPDirectResponse) DeepCopy() *HTTPDirectResponse { - if in == nil { - return nil - } - out := new(HTTPDirectResponse) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPDirectResponse. Required by controller-gen. -func (in *HTTPDirectResponse) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using HTTPBody within kubernetes types, where deepcopy-gen is used. -func (in *HTTPBody) DeepCopyInto(out *HTTPBody) { - p := proto.Clone(in).(*HTTPBody) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPBody. Required by controller-gen. -func (in *HTTPBody) DeepCopy() *HTTPBody { - if in == nil { - return nil - } - out := new(HTTPBody) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPBody. Required by controller-gen. -func (in *HTTPBody) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using HTTPRewrite within kubernetes types, where deepcopy-gen is used. -func (in *HTTPRewrite) DeepCopyInto(out *HTTPRewrite) { - p := proto.Clone(in).(*HTTPRewrite) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRewrite. Required by controller-gen. -func (in *HTTPRewrite) DeepCopy() *HTTPRewrite { - if in == nil { - return nil - } - out := new(HTTPRewrite) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRewrite. Required by controller-gen. -func (in *HTTPRewrite) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using RegexRewrite within kubernetes types, where deepcopy-gen is used. -func (in *RegexRewrite) DeepCopyInto(out *RegexRewrite) { - p := proto.Clone(in).(*RegexRewrite) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegexRewrite. Required by controller-gen. -func (in *RegexRewrite) DeepCopy() *RegexRewrite { - if in == nil { - return nil - } - out := new(RegexRewrite) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new RegexRewrite. Required by controller-gen. -func (in *RegexRewrite) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using StringMatch within kubernetes types, where deepcopy-gen is used. -func (in *StringMatch) DeepCopyInto(out *StringMatch) { - p := proto.Clone(in).(*StringMatch) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StringMatch. Required by controller-gen. -func (in *StringMatch) DeepCopy() *StringMatch { - if in == nil { - return nil - } - out := new(StringMatch) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new StringMatch. Required by controller-gen. -func (in *StringMatch) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using HTTPRetry within kubernetes types, where deepcopy-gen is used. -func (in *HTTPRetry) DeepCopyInto(out *HTTPRetry) { - p := proto.Clone(in).(*HTTPRetry) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRetry. Required by controller-gen. -func (in *HTTPRetry) DeepCopy() *HTTPRetry { - if in == nil { - return nil - } - out := new(HTTPRetry) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRetry. Required by controller-gen. -func (in *HTTPRetry) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using CorsPolicy within kubernetes types, where deepcopy-gen is used. -func (in *CorsPolicy) DeepCopyInto(out *CorsPolicy) { - p := proto.Clone(in).(*CorsPolicy) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CorsPolicy. Required by controller-gen. -func (in *CorsPolicy) DeepCopy() *CorsPolicy { - if in == nil { - return nil - } - out := new(CorsPolicy) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new CorsPolicy. Required by controller-gen. -func (in *CorsPolicy) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using HTTPFaultInjection within kubernetes types, where deepcopy-gen is used. -func (in *HTTPFaultInjection) DeepCopyInto(out *HTTPFaultInjection) { - p := proto.Clone(in).(*HTTPFaultInjection) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPFaultInjection. Required by controller-gen. -func (in *HTTPFaultInjection) DeepCopy() *HTTPFaultInjection { - if in == nil { - return nil - } - out := new(HTTPFaultInjection) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPFaultInjection. Required by controller-gen. -func (in *HTTPFaultInjection) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using HTTPFaultInjection_Delay within kubernetes types, where deepcopy-gen is used. -func (in *HTTPFaultInjection_Delay) DeepCopyInto(out *HTTPFaultInjection_Delay) { - p := proto.Clone(in).(*HTTPFaultInjection_Delay) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPFaultInjection_Delay. Required by controller-gen. -func (in *HTTPFaultInjection_Delay) DeepCopy() *HTTPFaultInjection_Delay { - if in == nil { - return nil - } - out := new(HTTPFaultInjection_Delay) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPFaultInjection_Delay. Required by controller-gen. -func (in *HTTPFaultInjection_Delay) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using HTTPFaultInjection_Abort within kubernetes types, where deepcopy-gen is used. -func (in *HTTPFaultInjection_Abort) DeepCopyInto(out *HTTPFaultInjection_Abort) { - p := proto.Clone(in).(*HTTPFaultInjection_Abort) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPFaultInjection_Abort. Required by controller-gen. -func (in *HTTPFaultInjection_Abort) DeepCopy() *HTTPFaultInjection_Abort { - if in == nil { - return nil - } - out := new(HTTPFaultInjection_Abort) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPFaultInjection_Abort. Required by controller-gen. -func (in *HTTPFaultInjection_Abort) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using HTTPMirrorPolicy within kubernetes types, where deepcopy-gen is used. -func (in *HTTPMirrorPolicy) DeepCopyInto(out *HTTPMirrorPolicy) { - p := proto.Clone(in).(*HTTPMirrorPolicy) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPMirrorPolicy. Required by controller-gen. -func (in *HTTPMirrorPolicy) DeepCopy() *HTTPMirrorPolicy { - if in == nil { - return nil - } - out := new(HTTPMirrorPolicy) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPMirrorPolicy. Required by controller-gen. -func (in *HTTPMirrorPolicy) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using PortSelector within kubernetes types, where deepcopy-gen is used. -func (in *PortSelector) DeepCopyInto(out *PortSelector) { - p := proto.Clone(in).(*PortSelector) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PortSelector. Required by controller-gen. -func (in *PortSelector) DeepCopy() *PortSelector { - if in == nil { - return nil - } - out := new(PortSelector) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new PortSelector. Required by controller-gen. -func (in *PortSelector) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using Percent within kubernetes types, where deepcopy-gen is used. -func (in *Percent) DeepCopyInto(out *Percent) { - p := proto.Clone(in).(*Percent) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Percent. Required by controller-gen. -func (in *Percent) DeepCopy() *Percent { - if in == nil { - return nil - } - out := new(Percent) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Percent. Required by controller-gen. -func (in *Percent) DeepCopyInterface() interface{} { - return in.DeepCopy() -} diff --git a/networking/v1/virtual_service_json.gen.go b/networking/v1/virtual_service_json.gen.go deleted file mode 100644 index 35c8f0efd09..00000000000 --- a/networking/v1/virtual_service_json.gen.go +++ /dev/null @@ -1,309 +0,0 @@ -// Code generated by protoc-gen-jsonshim. DO NOT EDIT. -package v1 - -import ( - bytes "bytes" - jsonpb "github.com/golang/protobuf/jsonpb" -) - -// MarshalJSON is a custom marshaler for VirtualService -func (this *VirtualService) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for VirtualService -func (this *VirtualService) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for Destination -func (this *Destination) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for Destination -func (this *Destination) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for HTTPRoute -func (this *HTTPRoute) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for HTTPRoute -func (this *HTTPRoute) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for Delegate -func (this *Delegate) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for Delegate -func (this *Delegate) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for Headers -func (this *Headers) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for Headers -func (this *Headers) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for Headers_HeaderOperations -func (this *Headers_HeaderOperations) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for Headers_HeaderOperations -func (this *Headers_HeaderOperations) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for TLSRoute -func (this *TLSRoute) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for TLSRoute -func (this *TLSRoute) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for TCPRoute -func (this *TCPRoute) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for TCPRoute -func (this *TCPRoute) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for HTTPMatchRequest -func (this *HTTPMatchRequest) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for HTTPMatchRequest -func (this *HTTPMatchRequest) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for HTTPRouteDestination -func (this *HTTPRouteDestination) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for HTTPRouteDestination -func (this *HTTPRouteDestination) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for RouteDestination -func (this *RouteDestination) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for RouteDestination -func (this *RouteDestination) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for L4MatchAttributes -func (this *L4MatchAttributes) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for L4MatchAttributes -func (this *L4MatchAttributes) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for TLSMatchAttributes -func (this *TLSMatchAttributes) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for TLSMatchAttributes -func (this *TLSMatchAttributes) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for HTTPRedirect -func (this *HTTPRedirect) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for HTTPRedirect -func (this *HTTPRedirect) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for HTTPDirectResponse -func (this *HTTPDirectResponse) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for HTTPDirectResponse -func (this *HTTPDirectResponse) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for HTTPBody -func (this *HTTPBody) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for HTTPBody -func (this *HTTPBody) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for HTTPRewrite -func (this *HTTPRewrite) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for HTTPRewrite -func (this *HTTPRewrite) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for RegexRewrite -func (this *RegexRewrite) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for RegexRewrite -func (this *RegexRewrite) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for StringMatch -func (this *StringMatch) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for StringMatch -func (this *StringMatch) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for HTTPRetry -func (this *HTTPRetry) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for HTTPRetry -func (this *HTTPRetry) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for CorsPolicy -func (this *CorsPolicy) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for CorsPolicy -func (this *CorsPolicy) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for HTTPFaultInjection -func (this *HTTPFaultInjection) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for HTTPFaultInjection -func (this *HTTPFaultInjection) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for HTTPFaultInjection_Delay -func (this *HTTPFaultInjection_Delay) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for HTTPFaultInjection_Delay -func (this *HTTPFaultInjection_Delay) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for HTTPFaultInjection_Abort -func (this *HTTPFaultInjection_Abort) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for HTTPFaultInjection_Abort -func (this *HTTPFaultInjection_Abort) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for HTTPMirrorPolicy -func (this *HTTPMirrorPolicy) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for HTTPMirrorPolicy -func (this *HTTPMirrorPolicy) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for PortSelector -func (this *PortSelector) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for PortSelector -func (this *PortSelector) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for Percent -func (this *Percent) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for Percent -func (this *Percent) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -var ( - VirtualServiceMarshaler = &jsonpb.Marshaler{} - VirtualServiceUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} -) diff --git a/networking/v1/workload_entry.pb.go b/networking/v1/workload_entry.pb.go deleted file mode 100644 index e91544e3c41..00000000000 --- a/networking/v1/workload_entry.pb.go +++ /dev/null @@ -1,431 +0,0 @@ -// Copyright 2020 Istio Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.33.0 -// protoc (unknown) -// source: networking/v1/workload_entry.proto - -// $schema: istio.networking.v1.WorkloadEntry -// $title: Workload Entry -// $description: Configuration affecting VMs onboarded into the mesh. -// $location: https://istio.io/docs/reference/config/networking/workload-entry.html -// $aliases: [/docs/reference/config/networking/v1/workload-entry] -// $mode: none - -// `WorkloadEntry` enables operators to describe the properties of a -// single non-Kubernetes workload such as a VM or a bare metal server -// as it is onboarded into the mesh. A `WorkloadEntry` must be -// accompanied by an Istio `ServiceEntry` that selects the workload -// through the appropriate labels and provides the service definition -// for a `MESH_INTERNAL` service (hostnames, port properties, etc.). A -// `ServiceEntry` object can select multiple workload entries as well -// as Kubernetes pods based on the label selector specified in the -// service entry. -// -// When a workload connects to `istiod`, the status field in the -// custom resource will be updated to indicate the health of the -// workload along with other details, similar to how Kubernetes -// updates the status of a pod. -// -// The following example declares a workload entry representing a VM -// for the `details.bookinfo.com` service. This VM has sidecar -// installed and bootstrapped using the `details-legacy` service -// account. The service is exposed on port 80 to applications in the -// mesh. The HTTP traffic to this service is wrapped in Istio mutual -// TLS and sent to sidecars on VMs on target port 8080, that in turn -// forward it to the application on localhost on the same port. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: WorkloadEntry -// metadata: -// name: details-svc -// spec: -// # use of the service account indicates that the workload has a -// # sidecar proxy bootstrapped with this service account. Pods with -// # sidecars will automatically communicate with the workload using -// # istio mutual TLS. -// serviceAccount: details-legacy -// address: 2.2.2.2 -// labels: -// app: details-legacy -// instance-id: vm1 -// ``` -// -// and the associated service entry -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: ServiceEntry -// metadata: -// name: details-svc -// spec: -// hosts: -// - details.bookinfo.com -// location: MESH_INTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// targetPort: 8080 -// resolution: STATIC -// workloadSelector: -// labels: -// app: details-legacy -// ``` -// -// -// The following example declares the same VM workload using -// its fully qualified DNS name. The service entry's resolution -// mode should be changed to DNS to indicate that the client-side -// sidecars should dynamically resolve the DNS name at runtime before -// forwarding the request. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: WorkloadEntry -// metadata: -// name: details-svc -// spec: -// # use of the service account indicates that the workload has a -// # sidecar proxy bootstrapped with this service account. Pods with -// # sidecars will automatically communicate with the workload using -// # istio mutual TLS. -// serviceAccount: details-legacy -// address: vm1.vpc01.corp.net -// labels: -// app: details-legacy -// instance-id: vm1 -// ``` -// -// and the associated service entry -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: ServiceEntry -// metadata: -// name: details-svc -// spec: -// hosts: -// - details.bookinfo.com -// location: MESH_INTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// targetPort: 8080 -// resolution: DNS -// workloadSelector: -// labels: -// app: details-legacy -// ``` -// -// The following example declares a VM workload without an address. -// An alternative to having istiod read from remote API servers is -// to write a `WorkloadEntry` in the local cluster that represents -// the Workload(s) in the remote network with the given labels. A -// single `WorkloadEntry` with weights represent the aggregate of all -// the actual workloads in a given remote network. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: WorkloadEntry -// metadata: -// name: foo-workloads-cluster-2 -// spec: -// serviceAccount: foo -// network: cluster-2-network -// labels: -// app: foo -// ``` - -package v1 - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// WorkloadEntry enables specifying the properties of a single non-Kubernetes workload such a VM or a bare metal services that can be referred to by service entries. -// -// -// -type WorkloadEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Address associated with the network endpoint without the - // port. Domain names can be used if and only if the resolution is set - // to DNS, and must be fully-qualified without wildcards. Use the form - // unix:///absolute/path/to/socket for Unix domain socket endpoints. - // If address is empty, network must be specified. - Address string `protobuf:"bytes,1,opt,name=address,proto3" json:"address,omitempty"` - // Set of ports associated with the endpoint. If the port map is - // specified, it must be a map of servicePortName to this endpoint's - // port, such that traffic to the service port will be forwarded to - // the endpoint port that maps to the service's portName. If - // omitted, and the targetPort is specified as part of the service's - // port specification, traffic to the service port will be forwarded - // to one of the endpoints on the specified `targetPort`. If both - // the targetPort and endpoint's port map are not specified, traffic - // to a service port will be forwarded to one of the endpoints on - // the same port. - // - // **NOTE 1:** Do not use for `unix://` addresses. - // - // **NOTE 2:** endpoint port map takes precedence over targetPort. - Ports map[string]uint32 `protobuf:"bytes,2,rep,name=ports,proto3" json:"ports,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"varint,2,opt,name=value,proto3"` - // One or more labels associated with the endpoint. - Labels map[string]string `protobuf:"bytes,3,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - // Network enables Istio to group endpoints resident in the same L3 - // domain/network. All endpoints in the same network are assumed to be - // directly reachable from one another. When endpoints in different - // networks cannot reach each other directly, an Istio Gateway can be - // used to establish connectivity (usually using the - // `AUTO_PASSTHROUGH` mode in a Gateway Server). This is - // an advanced configuration used typically for spanning an Istio mesh - // over multiple clusters. Required if address is not provided. - Network string `protobuf:"bytes,4,opt,name=network,proto3" json:"network,omitempty"` - // The locality associated with the endpoint. A locality corresponds - // to a failure domain (e.g., country/region/zone). Arbitrary failure - // domain hierarchies can be represented by separating each - // encapsulating failure domain by /. For example, the locality of an - // an endpoint in US, in US-East-1 region, within availability zone - // az-1, in data center rack r11 can be represented as - // us/us-east-1/az-1/r11. Istio will configure the sidecar to route to - // endpoints within the same locality as the sidecar. If none of the - // endpoints in the locality are available, endpoints parent locality - // (but within the same network ID) will be chosen. For example, if - // there are two endpoints in same network (networkID "n1"), say e1 - // with locality us/us-east-1/az-1/r11 and e2 with locality - // us/us-east-1/az-2/r12, a sidecar from us/us-east-1/az-1/r11 locality - // will prefer e1 from the same locality over e2 from a different - // locality. Endpoint e2 could be the IP associated with a gateway - // (that bridges networks n1 and n2), or the IP associated with a - // standard service endpoint. - Locality string `protobuf:"bytes,5,opt,name=locality,proto3" json:"locality,omitempty"` - // The load balancing weight associated with the endpoint. Endpoints - // with higher weights will receive proportionally higher traffic. - Weight uint32 `protobuf:"varint,6,opt,name=weight,proto3" json:"weight,omitempty"` - // The service account associated with the workload if a sidecar - // is present in the workload. The service account must be present - // in the same namespace as the configuration ( WorkloadEntry or a - // ServiceEntry) - ServiceAccount string `protobuf:"bytes,7,opt,name=service_account,json=serviceAccount,proto3" json:"service_account,omitempty"` -} - -func (x *WorkloadEntry) Reset() { - *x = WorkloadEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_workload_entry_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *WorkloadEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*WorkloadEntry) ProtoMessage() {} - -func (x *WorkloadEntry) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_workload_entry_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use WorkloadEntry.ProtoReflect.Descriptor instead. -func (*WorkloadEntry) Descriptor() ([]byte, []int) { - return file_networking_v1_workload_entry_proto_rawDescGZIP(), []int{0} -} - -func (x *WorkloadEntry) GetAddress() string { - if x != nil { - return x.Address - } - return "" -} - -func (x *WorkloadEntry) GetPorts() map[string]uint32 { - if x != nil { - return x.Ports - } - return nil -} - -func (x *WorkloadEntry) GetLabels() map[string]string { - if x != nil { - return x.Labels - } - return nil -} - -func (x *WorkloadEntry) GetNetwork() string { - if x != nil { - return x.Network - } - return "" -} - -func (x *WorkloadEntry) GetLocality() string { - if x != nil { - return x.Locality - } - return "" -} - -func (x *WorkloadEntry) GetWeight() uint32 { - if x != nil { - return x.Weight - } - return 0 -} - -func (x *WorkloadEntry) GetServiceAccount() string { - if x != nil { - return x.ServiceAccount - } - return "" -} - -var File_networking_v1_workload_entry_proto protoreflect.FileDescriptor - -var file_networking_v1_workload_entry_proto_rawDesc = []byte{ - 0x0a, 0x22, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x2f, - 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x13, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, - 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x22, 0xa2, 0x03, 0x0a, 0x0d, 0x57, 0x6f, - 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x18, 0x0a, 0x07, 0x61, - 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x61, 0x64, - 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x43, 0x0a, 0x05, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, 0x02, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, - 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, - 0x6f, 0x61, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x50, 0x6f, 0x72, 0x74, 0x73, 0x45, 0x6e, - 0x74, 0x72, 0x79, 0x52, 0x05, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x12, 0x46, 0x0a, 0x06, 0x6c, 0x61, - 0x62, 0x65, 0x6c, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x69, 0x73, 0x74, - 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, - 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4c, - 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x6c, 0x61, 0x62, 0x65, - 0x6c, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x18, 0x04, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x07, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x12, 0x1a, 0x0a, 0x08, - 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, - 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x12, 0x16, 0x0a, 0x06, 0x77, 0x65, 0x69, 0x67, - 0x68, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, - 0x12, 0x27, 0x0a, 0x0f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x61, 0x63, 0x63, 0x6f, - 0x75, 0x6e, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x73, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x1a, 0x38, 0x0a, 0x0a, 0x50, 0x6f, 0x72, - 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, - 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, - 0x02, 0x38, 0x01, 0x1a, 0x39, 0x0a, 0x0b, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, - 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x42, 0x1c, - 0x5a, 0x1a, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6e, - 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x33, -} - -var ( - file_networking_v1_workload_entry_proto_rawDescOnce sync.Once - file_networking_v1_workload_entry_proto_rawDescData = file_networking_v1_workload_entry_proto_rawDesc -) - -func file_networking_v1_workload_entry_proto_rawDescGZIP() []byte { - file_networking_v1_workload_entry_proto_rawDescOnce.Do(func() { - file_networking_v1_workload_entry_proto_rawDescData = protoimpl.X.CompressGZIP(file_networking_v1_workload_entry_proto_rawDescData) - }) - return file_networking_v1_workload_entry_proto_rawDescData -} - -var file_networking_v1_workload_entry_proto_msgTypes = make([]protoimpl.MessageInfo, 3) -var file_networking_v1_workload_entry_proto_goTypes = []interface{}{ - (*WorkloadEntry)(nil), // 0: istio.networking.v1.WorkloadEntry - nil, // 1: istio.networking.v1.WorkloadEntry.PortsEntry - nil, // 2: istio.networking.v1.WorkloadEntry.LabelsEntry -} -var file_networking_v1_workload_entry_proto_depIdxs = []int32{ - 1, // 0: istio.networking.v1.WorkloadEntry.ports:type_name -> istio.networking.v1.WorkloadEntry.PortsEntry - 2, // 1: istio.networking.v1.WorkloadEntry.labels:type_name -> istio.networking.v1.WorkloadEntry.LabelsEntry - 2, // [2:2] is the sub-list for method output_type - 2, // [2:2] is the sub-list for method input_type - 2, // [2:2] is the sub-list for extension type_name - 2, // [2:2] is the sub-list for extension extendee - 0, // [0:2] is the sub-list for field type_name -} - -func init() { file_networking_v1_workload_entry_proto_init() } -func file_networking_v1_workload_entry_proto_init() { - if File_networking_v1_workload_entry_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_networking_v1_workload_entry_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*WorkloadEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_networking_v1_workload_entry_proto_rawDesc, - NumEnums: 0, - NumMessages: 3, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_networking_v1_workload_entry_proto_goTypes, - DependencyIndexes: file_networking_v1_workload_entry_proto_depIdxs, - MessageInfos: file_networking_v1_workload_entry_proto_msgTypes, - }.Build() - File_networking_v1_workload_entry_proto = out.File - file_networking_v1_workload_entry_proto_rawDesc = nil - file_networking_v1_workload_entry_proto_goTypes = nil - file_networking_v1_workload_entry_proto_depIdxs = nil -} diff --git a/networking/v1/workload_entry.proto b/networking/v1/workload_entry.proto deleted file mode 100644 index d9ef30d1296..00000000000 --- a/networking/v1/workload_entry.proto +++ /dev/null @@ -1,230 +0,0 @@ -// Copyright 2020 Istio Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -// $schema: istio.networking.v1.WorkloadEntry -// $title: Workload Entry -// $description: Configuration affecting VMs onboarded into the mesh. -// $location: https://istio.io/docs/reference/config/networking/workload-entry.html -// $aliases: [/docs/reference/config/networking/v1/workload-entry] -// $mode: none - -// `WorkloadEntry` enables operators to describe the properties of a -// single non-Kubernetes workload such as a VM or a bare metal server -// as it is onboarded into the mesh. A `WorkloadEntry` must be -// accompanied by an Istio `ServiceEntry` that selects the workload -// through the appropriate labels and provides the service definition -// for a `MESH_INTERNAL` service (hostnames, port properties, etc.). A -// `ServiceEntry` object can select multiple workload entries as well -// as Kubernetes pods based on the label selector specified in the -// service entry. -// -// When a workload connects to `istiod`, the status field in the -// custom resource will be updated to indicate the health of the -// workload along with other details, similar to how Kubernetes -// updates the status of a pod. -// -// The following example declares a workload entry representing a VM -// for the `details.bookinfo.com` service. This VM has sidecar -// installed and bootstrapped using the `details-legacy` service -// account. The service is exposed on port 80 to applications in the -// mesh. The HTTP traffic to this service is wrapped in Istio mutual -// TLS and sent to sidecars on VMs on target port 8080, that in turn -// forward it to the application on localhost on the same port. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: WorkloadEntry -// metadata: -// name: details-svc -// spec: -// # use of the service account indicates that the workload has a -// # sidecar proxy bootstrapped with this service account. Pods with -// # sidecars will automatically communicate with the workload using -// # istio mutual TLS. -// serviceAccount: details-legacy -// address: 2.2.2.2 -// labels: -// app: details-legacy -// instance-id: vm1 -// ``` -// -// and the associated service entry -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: ServiceEntry -// metadata: -// name: details-svc -// spec: -// hosts: -// - details.bookinfo.com -// location: MESH_INTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// targetPort: 8080 -// resolution: STATIC -// workloadSelector: -// labels: -// app: details-legacy -// ``` -// -// -// The following example declares the same VM workload using -// its fully qualified DNS name. The service entry's resolution -// mode should be changed to DNS to indicate that the client-side -// sidecars should dynamically resolve the DNS name at runtime before -// forwarding the request. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: WorkloadEntry -// metadata: -// name: details-svc -// spec: -// # use of the service account indicates that the workload has a -// # sidecar proxy bootstrapped with this service account. Pods with -// # sidecars will automatically communicate with the workload using -// # istio mutual TLS. -// serviceAccount: details-legacy -// address: vm1.vpc01.corp.net -// labels: -// app: details-legacy -// instance-id: vm1 -// ``` -// -// and the associated service entry -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: ServiceEntry -// metadata: -// name: details-svc -// spec: -// hosts: -// - details.bookinfo.com -// location: MESH_INTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// targetPort: 8080 -// resolution: DNS -// workloadSelector: -// labels: -// app: details-legacy -// ``` -// -// The following example declares a VM workload without an address. -// An alternative to having istiod read from remote API servers is -// to write a `WorkloadEntry` in the local cluster that represents -// the Workload(s) in the remote network with the given labels. A -// single `WorkloadEntry` with weights represent the aggregate of all -// the actual workloads in a given remote network. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: WorkloadEntry -// metadata: -// name: foo-workloads-cluster-2 -// spec: -// serviceAccount: foo -// network: cluster-2-network -// labels: -// app: foo -// ``` -package istio.networking.v1; - -option go_package = "istio.io/api/networking/v1"; - -// WorkloadEntry enables specifying the properties of a single non-Kubernetes workload such a VM or a bare metal services that can be referred to by service entries. -// -// -// -message WorkloadEntry { - // Address associated with the network endpoint without the - // port. Domain names can be used if and only if the resolution is set - // to DNS, and must be fully-qualified without wildcards. Use the form - // unix:///absolute/path/to/socket for Unix domain socket endpoints. - // If address is empty, network must be specified. - string address = 1; - - // Set of ports associated with the endpoint. If the port map is - // specified, it must be a map of servicePortName to this endpoint's - // port, such that traffic to the service port will be forwarded to - // the endpoint port that maps to the service's portName. If - // omitted, and the targetPort is specified as part of the service's - // port specification, traffic to the service port will be forwarded - // to one of the endpoints on the specified `targetPort`. If both - // the targetPort and endpoint's port map are not specified, traffic - // to a service port will be forwarded to one of the endpoints on - // the same port. - // - // **NOTE 1:** Do not use for `unix://` addresses. - // - // **NOTE 2:** endpoint port map takes precedence over targetPort. - map ports = 2; - - // One or more labels associated with the endpoint. - map labels = 3; - - // Network enables Istio to group endpoints resident in the same L3 - // domain/network. All endpoints in the same network are assumed to be - // directly reachable from one another. When endpoints in different - // networks cannot reach each other directly, an Istio Gateway can be - // used to establish connectivity (usually using the - // `AUTO_PASSTHROUGH` mode in a Gateway Server). This is - // an advanced configuration used typically for spanning an Istio mesh - // over multiple clusters. Required if address is not provided. - string network = 4; - - // The locality associated with the endpoint. A locality corresponds - // to a failure domain (e.g., country/region/zone). Arbitrary failure - // domain hierarchies can be represented by separating each - // encapsulating failure domain by /. For example, the locality of an - // an endpoint in US, in US-East-1 region, within availability zone - // az-1, in data center rack r11 can be represented as - // us/us-east-1/az-1/r11. Istio will configure the sidecar to route to - // endpoints within the same locality as the sidecar. If none of the - // endpoints in the locality are available, endpoints parent locality - // (but within the same network ID) will be chosen. For example, if - // there are two endpoints in same network (networkID "n1"), say e1 - // with locality us/us-east-1/az-1/r11 and e2 with locality - // us/us-east-1/az-2/r12, a sidecar from us/us-east-1/az-1/r11 locality - // will prefer e1 from the same locality over e2 from a different - // locality. Endpoint e2 could be the IP associated with a gateway - // (that bridges networks n1 and n2), or the IP associated with a - // standard service endpoint. - string locality = 5; - - // The load balancing weight associated with the endpoint. Endpoints - // with higher weights will receive proportionally higher traffic. - uint32 weight = 6; - - // The service account associated with the workload if a sidecar - // is present in the workload. The service account must be present - // in the same namespace as the configuration ( WorkloadEntry or a - // ServiceEntry) - string service_account = 7; -}; diff --git a/networking/v1/workload_entry_alias.gen.go b/networking/v1/workload_entry_alias.gen.go new file mode 100644 index 00000000000..87f95e8d569 --- /dev/null +++ b/networking/v1/workload_entry_alias.gen.go @@ -0,0 +1,6 @@ +// Code generated by protoc-gen-alias. DO NOT EDIT. +package v1 + +import "istio.io/api/networking/v1alpha3" + +type WorkloadEntry = v1alpha3.WorkloadEntry diff --git a/networking/v1/workload_entry_deepcopy.gen.go b/networking/v1/workload_entry_deepcopy.gen.go deleted file mode 100644 index 802c5072900..00000000000 --- a/networking/v1/workload_entry_deepcopy.gen.go +++ /dev/null @@ -1,27 +0,0 @@ -// Code generated by protoc-gen-deepcopy. DO NOT EDIT. -package v1 - -import ( - proto "google.golang.org/protobuf/proto" -) - -// DeepCopyInto supports using WorkloadEntry within kubernetes types, where deepcopy-gen is used. -func (in *WorkloadEntry) DeepCopyInto(out *WorkloadEntry) { - p := proto.Clone(in).(*WorkloadEntry) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadEntry. Required by controller-gen. -func (in *WorkloadEntry) DeepCopy() *WorkloadEntry { - if in == nil { - return nil - } - out := new(WorkloadEntry) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadEntry. Required by controller-gen. -func (in *WorkloadEntry) DeepCopyInterface() interface{} { - return in.DeepCopy() -} diff --git a/networking/v1/workload_entry_json.gen.go b/networking/v1/workload_entry_json.gen.go deleted file mode 100644 index c0a4afb5361..00000000000 --- a/networking/v1/workload_entry_json.gen.go +++ /dev/null @@ -1,23 +0,0 @@ -// Code generated by protoc-gen-jsonshim. DO NOT EDIT. -package v1 - -import ( - bytes "bytes" - jsonpb "github.com/golang/protobuf/jsonpb" -) - -// MarshalJSON is a custom marshaler for WorkloadEntry -func (this *WorkloadEntry) MarshalJSON() ([]byte, error) { - str, err := WorkloadEntryMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for WorkloadEntry -func (this *WorkloadEntry) UnmarshalJSON(b []byte) error { - return WorkloadEntryUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -var ( - WorkloadEntryMarshaler = &jsonpb.Marshaler{} - WorkloadEntryUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} -) diff --git a/networking/v1/workload_group.pb.go b/networking/v1/workload_group.pb.go deleted file mode 100644 index 55056c485a6..00000000000 --- a/networking/v1/workload_group.pb.go +++ /dev/null @@ -1,896 +0,0 @@ -// Copyright 2020 Istio Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.33.0 -// protoc (unknown) -// source: networking/v1/workload_group.proto - -// $schema: istio.networking.v1alpha3.WorkloadGroup -// $title: Workload Group -// $description: Describes a collection of workload instances. -// $location: https://istio.io/docs/reference/config/networking/workload-group.html -// $aliases: [/docs/reference/config/networking/v1alpha3/workload-group] -// $mode: none - -// `WorkloadGroup` describes a collection of workload instances. -// It provides a specification that the workload instances can use to bootstrap -// their proxies, including the metadata and identity. It is only intended to -// be used with non-k8s workloads like Virtual Machines, and is meant to mimic -// the existing sidecar injection and deployment specification model used for -// Kubernetes workloads to bootstrap Istio proxies. -// -// The following example declares a workload group representing a collection -// of workloads that will be registered under `reviews` in namespace -// `bookinfo`. The set of labels will be associated with each workload -// instance during the bootstrap process, and the ports 3550 and 8080 -// will be associated with the workload group and use service account `default`. -// `app.kubernetes.io/version` is just an arbitrary example of a label. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: WorkloadGroup -// metadata: -// name: reviews -// namespace: bookinfo -// spec: -// metadata: -// labels: -// app.kubernetes.io/name: reviews -// app.kubernetes.io/version: "1.3.4" -// template: -// ports: -// grpc: 3550 -// http: 8080 -// serviceAccount: default -// probe: -// initialDelaySeconds: 5 -// timeoutSeconds: 3 -// periodSeconds: 4 -// successThreshold: 3 -// failureThreshold: 3 -// httpGet: -// path: /foo/bar -// host: 127.0.0.1 -// port: 3100 -// scheme: HTTPS -// httpHeaders: -// - name: Lit-Header -// value: Im-The-Best -// ``` - -package v1 - -import ( - _ "google.golang.org/genproto/googleapis/api/annotations" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// `WorkloadGroup` enables specifying the properties of a single workload for bootstrap and -// provides a template for `WorkloadEntry`, similar to how `Deployment` specifies properties -// of workloads via `Pod` templates. A `WorkloadGroup` can have more than one `WorkloadEntry`. -// `WorkloadGroup` has no relationship to resources which control service registry like `ServiceEntry` -// and as such doesn't configure host name for these workloads. -// -// -// -type WorkloadGroup struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Metadata that will be used for all corresponding `WorkloadEntries`. - // User labels for a workload group should be set here in `metadata` rather than in `template`. - Metadata *WorkloadGroup_ObjectMeta `protobuf:"bytes,1,opt,name=metadata,proto3" json:"metadata,omitempty"` - // Template to be used for the generation of `WorkloadEntry` resources that belong to this `WorkloadGroup`. - // Please note that `address` and `labels` fields should not be set in the template, and an empty `serviceAccount` - // should default to `default`. The workload identities (mTLS certificates) will be bootstrapped using the - // specified service account's token. Workload entries in this group will be in the same namespace as the - // workload group, and inherit the labels and annotations from the above `metadata` field. - Template *WorkloadEntry `protobuf:"bytes,2,opt,name=template,proto3" json:"template,omitempty"` - // `ReadinessProbe` describes the configuration the user must provide for healthchecking on their workload. - // This configuration mirrors K8S in both syntax and logic for the most part. - Probe *ReadinessProbe `protobuf:"bytes,3,opt,name=probe,proto3" json:"probe,omitempty"` -} - -func (x *WorkloadGroup) Reset() { - *x = WorkloadGroup{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_workload_group_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *WorkloadGroup) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*WorkloadGroup) ProtoMessage() {} - -func (x *WorkloadGroup) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_workload_group_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use WorkloadGroup.ProtoReflect.Descriptor instead. -func (*WorkloadGroup) Descriptor() ([]byte, []int) { - return file_networking_v1_workload_group_proto_rawDescGZIP(), []int{0} -} - -func (x *WorkloadGroup) GetMetadata() *WorkloadGroup_ObjectMeta { - if x != nil { - return x.Metadata - } - return nil -} - -func (x *WorkloadGroup) GetTemplate() *WorkloadEntry { - if x != nil { - return x.Template - } - return nil -} - -func (x *WorkloadGroup) GetProbe() *ReadinessProbe { - if x != nil { - return x.Probe - } - return nil -} - -type ReadinessProbe struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Number of seconds after the container has started before readiness probes are initiated. - InitialDelaySeconds int32 `protobuf:"varint,2,opt,name=initial_delay_seconds,json=initialDelaySeconds,proto3" json:"initial_delay_seconds,omitempty"` - // Number of seconds after which the probe times out. - // Defaults to 1 second. Minimum value is 1 second. - TimeoutSeconds int32 `protobuf:"varint,3,opt,name=timeout_seconds,json=timeoutSeconds,proto3" json:"timeout_seconds,omitempty"` - // How often (in seconds) to perform the probe. - // Default to 10 seconds. Minimum value is 1 second. - PeriodSeconds int32 `protobuf:"varint,4,opt,name=period_seconds,json=periodSeconds,proto3" json:"period_seconds,omitempty"` - // Minimum consecutive successes for the probe to be considered successful after having failed. - // Defaults to 1 second. - SuccessThreshold int32 `protobuf:"varint,5,opt,name=success_threshold,json=successThreshold,proto3" json:"success_threshold,omitempty"` - // Minimum consecutive failures for the probe to be considered failed after having succeeded. - // Defaults to 3 seconds. - FailureThreshold int32 `protobuf:"varint,6,opt,name=failure_threshold,json=failureThreshold,proto3" json:"failure_threshold,omitempty"` - // Users can only provide one configuration for healthchecks (tcp, http, exec), - // and this is expressed as a oneof. All of the other configuration values - // hold true for any of the healthcheck methods. - // - // Types that are assignable to HealthCheckMethod: - // - // *ReadinessProbe_HttpGet - // *ReadinessProbe_TcpSocket - // *ReadinessProbe_Exec - HealthCheckMethod isReadinessProbe_HealthCheckMethod `protobuf_oneof:"health_check_method"` -} - -func (x *ReadinessProbe) Reset() { - *x = ReadinessProbe{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_workload_group_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ReadinessProbe) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ReadinessProbe) ProtoMessage() {} - -func (x *ReadinessProbe) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_workload_group_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ReadinessProbe.ProtoReflect.Descriptor instead. -func (*ReadinessProbe) Descriptor() ([]byte, []int) { - return file_networking_v1_workload_group_proto_rawDescGZIP(), []int{1} -} - -func (x *ReadinessProbe) GetInitialDelaySeconds() int32 { - if x != nil { - return x.InitialDelaySeconds - } - return 0 -} - -func (x *ReadinessProbe) GetTimeoutSeconds() int32 { - if x != nil { - return x.TimeoutSeconds - } - return 0 -} - -func (x *ReadinessProbe) GetPeriodSeconds() int32 { - if x != nil { - return x.PeriodSeconds - } - return 0 -} - -func (x *ReadinessProbe) GetSuccessThreshold() int32 { - if x != nil { - return x.SuccessThreshold - } - return 0 -} - -func (x *ReadinessProbe) GetFailureThreshold() int32 { - if x != nil { - return x.FailureThreshold - } - return 0 -} - -func (m *ReadinessProbe) GetHealthCheckMethod() isReadinessProbe_HealthCheckMethod { - if m != nil { - return m.HealthCheckMethod - } - return nil -} - -func (x *ReadinessProbe) GetHttpGet() *HTTPHealthCheckConfig { - if x, ok := x.GetHealthCheckMethod().(*ReadinessProbe_HttpGet); ok { - return x.HttpGet - } - return nil -} - -func (x *ReadinessProbe) GetTcpSocket() *TCPHealthCheckConfig { - if x, ok := x.GetHealthCheckMethod().(*ReadinessProbe_TcpSocket); ok { - return x.TcpSocket - } - return nil -} - -func (x *ReadinessProbe) GetExec() *ExecHealthCheckConfig { - if x, ok := x.GetHealthCheckMethod().(*ReadinessProbe_Exec); ok { - return x.Exec - } - return nil -} - -type isReadinessProbe_HealthCheckMethod interface { - isReadinessProbe_HealthCheckMethod() -} - -type ReadinessProbe_HttpGet struct { - // `httpGet` is performed to a given endpoint - // and the status/able to connect determines health. - HttpGet *HTTPHealthCheckConfig `protobuf:"bytes,7,opt,name=http_get,json=httpGet,proto3,oneof"` -} - -type ReadinessProbe_TcpSocket struct { - // Health is determined by if the proxy is able to connect. - TcpSocket *TCPHealthCheckConfig `protobuf:"bytes,8,opt,name=tcp_socket,json=tcpSocket,proto3,oneof"` -} - -type ReadinessProbe_Exec struct { - // Health is determined by how the command that is executed exited. - Exec *ExecHealthCheckConfig `protobuf:"bytes,9,opt,name=exec,proto3,oneof"` -} - -func (*ReadinessProbe_HttpGet) isReadinessProbe_HealthCheckMethod() {} - -func (*ReadinessProbe_TcpSocket) isReadinessProbe_HealthCheckMethod() {} - -func (*ReadinessProbe_Exec) isReadinessProbe_HealthCheckMethod() {} - -type HTTPHealthCheckConfig struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Path to access on the HTTP server. - Path string `protobuf:"bytes,1,opt,name=path,proto3" json:"path,omitempty"` - // Port on which the endpoint lives. - Port uint32 `protobuf:"varint,2,opt,name=port,proto3" json:"port,omitempty"` - // Host name to connect to, defaults to the pod IP. You probably want to set - // "Host" in httpHeaders instead. - Host string `protobuf:"bytes,3,opt,name=host,proto3" json:"host,omitempty"` - // HTTP or HTTPS, defaults to HTTP - Scheme string `protobuf:"bytes,4,opt,name=scheme,proto3" json:"scheme,omitempty"` - // Headers the proxy will pass on to make the request. - // Allows repeated headers. - HttpHeaders []*HTTPHeader `protobuf:"bytes,5,rep,name=http_headers,json=httpHeaders,proto3" json:"http_headers,omitempty"` -} - -func (x *HTTPHealthCheckConfig) Reset() { - *x = HTTPHealthCheckConfig{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_workload_group_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *HTTPHealthCheckConfig) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*HTTPHealthCheckConfig) ProtoMessage() {} - -func (x *HTTPHealthCheckConfig) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_workload_group_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use HTTPHealthCheckConfig.ProtoReflect.Descriptor instead. -func (*HTTPHealthCheckConfig) Descriptor() ([]byte, []int) { - return file_networking_v1_workload_group_proto_rawDescGZIP(), []int{2} -} - -func (x *HTTPHealthCheckConfig) GetPath() string { - if x != nil { - return x.Path - } - return "" -} - -func (x *HTTPHealthCheckConfig) GetPort() uint32 { - if x != nil { - return x.Port - } - return 0 -} - -func (x *HTTPHealthCheckConfig) GetHost() string { - if x != nil { - return x.Host - } - return "" -} - -func (x *HTTPHealthCheckConfig) GetScheme() string { - if x != nil { - return x.Scheme - } - return "" -} - -func (x *HTTPHealthCheckConfig) GetHttpHeaders() []*HTTPHeader { - if x != nil { - return x.HttpHeaders - } - return nil -} - -type HTTPHeader struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The header field name - Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` - // The header field value - Value string `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"` -} - -func (x *HTTPHeader) Reset() { - *x = HTTPHeader{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_workload_group_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *HTTPHeader) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*HTTPHeader) ProtoMessage() {} - -func (x *HTTPHeader) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_workload_group_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use HTTPHeader.ProtoReflect.Descriptor instead. -func (*HTTPHeader) Descriptor() ([]byte, []int) { - return file_networking_v1_workload_group_proto_rawDescGZIP(), []int{3} -} - -func (x *HTTPHeader) GetName() string { - if x != nil { - return x.Name - } - return "" -} - -func (x *HTTPHeader) GetValue() string { - if x != nil { - return x.Value - } - return "" -} - -type TCPHealthCheckConfig struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Host to connect to, defaults to localhost - Host string `protobuf:"bytes,1,opt,name=host,proto3" json:"host,omitempty"` - // Port of host - Port uint32 `protobuf:"varint,2,opt,name=port,proto3" json:"port,omitempty"` -} - -func (x *TCPHealthCheckConfig) Reset() { - *x = TCPHealthCheckConfig{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_workload_group_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *TCPHealthCheckConfig) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*TCPHealthCheckConfig) ProtoMessage() {} - -func (x *TCPHealthCheckConfig) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_workload_group_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use TCPHealthCheckConfig.ProtoReflect.Descriptor instead. -func (*TCPHealthCheckConfig) Descriptor() ([]byte, []int) { - return file_networking_v1_workload_group_proto_rawDescGZIP(), []int{4} -} - -func (x *TCPHealthCheckConfig) GetHost() string { - if x != nil { - return x.Host - } - return "" -} - -func (x *TCPHealthCheckConfig) GetPort() uint32 { - if x != nil { - return x.Port - } - return 0 -} - -type ExecHealthCheckConfig struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Command to run. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - Command []string `protobuf:"bytes,1,rep,name=command,proto3" json:"command,omitempty"` -} - -func (x *ExecHealthCheckConfig) Reset() { - *x = ExecHealthCheckConfig{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_workload_group_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ExecHealthCheckConfig) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ExecHealthCheckConfig) ProtoMessage() {} - -func (x *ExecHealthCheckConfig) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_workload_group_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ExecHealthCheckConfig.ProtoReflect.Descriptor instead. -func (*ExecHealthCheckConfig) Descriptor() ([]byte, []int) { - return file_networking_v1_workload_group_proto_rawDescGZIP(), []int{5} -} - -func (x *ExecHealthCheckConfig) GetCommand() []string { - if x != nil { - return x.Command - } - return nil -} - -// `ObjectMeta` describes metadata that will be attached to a `WorkloadEntry`. -// It is a subset of the supported Kubernetes metadata. -type WorkloadGroup_ObjectMeta struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Labels to attach - Labels map[string]string `protobuf:"bytes,1,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - // Annotations to attach - Annotations map[string]string `protobuf:"bytes,2,rep,name=annotations,proto3" json:"annotations,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` -} - -func (x *WorkloadGroup_ObjectMeta) Reset() { - *x = WorkloadGroup_ObjectMeta{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1_workload_group_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *WorkloadGroup_ObjectMeta) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*WorkloadGroup_ObjectMeta) ProtoMessage() {} - -func (x *WorkloadGroup_ObjectMeta) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1_workload_group_proto_msgTypes[6] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use WorkloadGroup_ObjectMeta.ProtoReflect.Descriptor instead. -func (*WorkloadGroup_ObjectMeta) Descriptor() ([]byte, []int) { - return file_networking_v1_workload_group_proto_rawDescGZIP(), []int{0, 0} -} - -func (x *WorkloadGroup_ObjectMeta) GetLabels() map[string]string { - if x != nil { - return x.Labels - } - return nil -} - -func (x *WorkloadGroup_ObjectMeta) GetAnnotations() map[string]string { - if x != nil { - return x.Annotations - } - return nil -} - -var File_networking_v1_workload_group_proto protoreflect.FileDescriptor - -var file_networking_v1_workload_group_proto_rawDesc = []byte{ - 0x0a, 0x22, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x2f, - 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x13, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, - 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, - 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x22, 0x6e, 0x65, 0x74, 0x77, - 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x2f, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, - 0x61, 0x64, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x99, - 0x04, 0x0a, 0x0d, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x47, 0x72, 0x6f, 0x75, 0x70, - 0x12, 0x49, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, - 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, - 0x64, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x4d, 0x65, 0x74, - 0x61, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x43, 0x0a, 0x08, 0x74, - 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, - 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, - 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x45, 0x6e, 0x74, 0x72, - 0x79, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x08, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, - 0x12, 0x39, 0x0a, 0x05, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x23, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, - 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x61, 0x64, 0x69, 0x6e, 0x65, 0x73, 0x73, 0x50, - 0x72, 0x6f, 0x62, 0x65, 0x52, 0x05, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x1a, 0xbc, 0x02, 0x0a, 0x0a, - 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x51, 0x0a, 0x06, 0x6c, 0x61, - 0x62, 0x65, 0x6c, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x69, 0x73, 0x74, - 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, - 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x2e, 0x4f, - 0x62, 0x6a, 0x65, 0x63, 0x74, 0x4d, 0x65, 0x74, 0x61, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x12, 0x60, 0x0a, - 0x0b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x02, 0x20, 0x03, - 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, - 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, - 0x64, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x4d, 0x65, 0x74, - 0x61, 0x2e, 0x41, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x45, 0x6e, 0x74, - 0x72, 0x79, 0x52, 0x0b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x1a, - 0x39, 0x0a, 0x0b, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, - 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, - 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x3e, 0x0a, 0x10, 0x41, 0x6e, - 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, - 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, - 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xdc, 0x03, 0x0a, 0x0e, 0x52, - 0x65, 0x61, 0x64, 0x69, 0x6e, 0x65, 0x73, 0x73, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x12, 0x32, 0x0a, - 0x15, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x5f, 0x73, - 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x13, 0x69, 0x6e, - 0x69, 0x74, 0x69, 0x61, 0x6c, 0x44, 0x65, 0x6c, 0x61, 0x79, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, - 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x5f, 0x73, 0x65, 0x63, - 0x6f, 0x6e, 0x64, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0e, 0x74, 0x69, 0x6d, 0x65, - 0x6f, 0x75, 0x74, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x70, 0x65, - 0x72, 0x69, 0x6f, 0x64, 0x5f, 0x73, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x18, 0x04, 0x20, 0x01, - 0x28, 0x05, 0x52, 0x0d, 0x70, 0x65, 0x72, 0x69, 0x6f, 0x64, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, - 0x73, 0x12, 0x2b, 0x0a, 0x11, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x74, 0x68, 0x72, - 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x05, 0x52, 0x10, 0x73, 0x75, - 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x2b, - 0x0a, 0x11, 0x66, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x5f, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, - 0x6f, 0x6c, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x05, 0x52, 0x10, 0x66, 0x61, 0x69, 0x6c, 0x75, - 0x72, 0x65, 0x54, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x47, 0x0a, 0x08, 0x68, - 0x74, 0x74, 0x70, 0x5f, 0x67, 0x65, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e, - 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, - 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, - 0x65, 0x63, 0x6b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x48, 0x00, 0x52, 0x07, 0x68, 0x74, 0x74, - 0x70, 0x47, 0x65, 0x74, 0x12, 0x4a, 0x0a, 0x0a, 0x74, 0x63, 0x70, 0x5f, 0x73, 0x6f, 0x63, 0x6b, - 0x65, 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x54, - 0x43, 0x50, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x43, 0x6f, 0x6e, - 0x66, 0x69, 0x67, 0x48, 0x00, 0x52, 0x09, 0x74, 0x63, 0x70, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, - 0x12, 0x40, 0x0a, 0x04, 0x65, 0x78, 0x65, 0x63, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, - 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, - 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x45, 0x78, 0x65, 0x63, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, - 0x68, 0x65, 0x63, 0x6b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x48, 0x00, 0x52, 0x04, 0x65, 0x78, - 0x65, 0x63, 0x42, 0x15, 0x0a, 0x13, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x5f, 0x63, 0x68, 0x65, - 0x63, 0x6b, 0x5f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x22, 0xb4, 0x01, 0x0a, 0x15, 0x48, 0x54, - 0x54, 0x50, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x43, 0x6f, 0x6e, - 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x17, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, - 0x12, 0x12, 0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, - 0x68, 0x6f, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x65, 0x18, 0x04, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x65, 0x12, 0x42, 0x0a, 0x0c, - 0x68, 0x74, 0x74, 0x70, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x05, 0x20, 0x03, - 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, - 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, - 0x64, 0x65, 0x72, 0x52, 0x0b, 0x68, 0x74, 0x74, 0x70, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, - 0x22, 0x36, 0x0a, 0x0a, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x12, - 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, - 0x6d, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x43, 0x0a, 0x14, 0x54, 0x43, 0x50, 0x48, - 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x12, 0x12, 0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, - 0x68, 0x6f, 0x73, 0x74, 0x12, 0x17, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x0d, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x22, 0x31, 0x0a, - 0x15, 0x45, 0x78, 0x65, 0x63, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, - 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x18, 0x0a, 0x07, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, - 0x64, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, - 0x42, 0x1c, 0x5a, 0x1a, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, - 0x2f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, 0x06, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} - -var ( - file_networking_v1_workload_group_proto_rawDescOnce sync.Once - file_networking_v1_workload_group_proto_rawDescData = file_networking_v1_workload_group_proto_rawDesc -) - -func file_networking_v1_workload_group_proto_rawDescGZIP() []byte { - file_networking_v1_workload_group_proto_rawDescOnce.Do(func() { - file_networking_v1_workload_group_proto_rawDescData = protoimpl.X.CompressGZIP(file_networking_v1_workload_group_proto_rawDescData) - }) - return file_networking_v1_workload_group_proto_rawDescData -} - -var file_networking_v1_workload_group_proto_msgTypes = make([]protoimpl.MessageInfo, 9) -var file_networking_v1_workload_group_proto_goTypes = []interface{}{ - (*WorkloadGroup)(nil), // 0: istio.networking.v1.WorkloadGroup - (*ReadinessProbe)(nil), // 1: istio.networking.v1.ReadinessProbe - (*HTTPHealthCheckConfig)(nil), // 2: istio.networking.v1.HTTPHealthCheckConfig - (*HTTPHeader)(nil), // 3: istio.networking.v1.HTTPHeader - (*TCPHealthCheckConfig)(nil), // 4: istio.networking.v1.TCPHealthCheckConfig - (*ExecHealthCheckConfig)(nil), // 5: istio.networking.v1.ExecHealthCheckConfig - (*WorkloadGroup_ObjectMeta)(nil), // 6: istio.networking.v1.WorkloadGroup.ObjectMeta - nil, // 7: istio.networking.v1.WorkloadGroup.ObjectMeta.LabelsEntry - nil, // 8: istio.networking.v1.WorkloadGroup.ObjectMeta.AnnotationsEntry - (*WorkloadEntry)(nil), // 9: istio.networking.v1.WorkloadEntry -} -var file_networking_v1_workload_group_proto_depIdxs = []int32{ - 6, // 0: istio.networking.v1.WorkloadGroup.metadata:type_name -> istio.networking.v1.WorkloadGroup.ObjectMeta - 9, // 1: istio.networking.v1.WorkloadGroup.template:type_name -> istio.networking.v1.WorkloadEntry - 1, // 2: istio.networking.v1.WorkloadGroup.probe:type_name -> istio.networking.v1.ReadinessProbe - 2, // 3: istio.networking.v1.ReadinessProbe.http_get:type_name -> istio.networking.v1.HTTPHealthCheckConfig - 4, // 4: istio.networking.v1.ReadinessProbe.tcp_socket:type_name -> istio.networking.v1.TCPHealthCheckConfig - 5, // 5: istio.networking.v1.ReadinessProbe.exec:type_name -> istio.networking.v1.ExecHealthCheckConfig - 3, // 6: istio.networking.v1.HTTPHealthCheckConfig.http_headers:type_name -> istio.networking.v1.HTTPHeader - 7, // 7: istio.networking.v1.WorkloadGroup.ObjectMeta.labels:type_name -> istio.networking.v1.WorkloadGroup.ObjectMeta.LabelsEntry - 8, // 8: istio.networking.v1.WorkloadGroup.ObjectMeta.annotations:type_name -> istio.networking.v1.WorkloadGroup.ObjectMeta.AnnotationsEntry - 9, // [9:9] is the sub-list for method output_type - 9, // [9:9] is the sub-list for method input_type - 9, // [9:9] is the sub-list for extension type_name - 9, // [9:9] is the sub-list for extension extendee - 0, // [0:9] is the sub-list for field type_name -} - -func init() { file_networking_v1_workload_group_proto_init() } -func file_networking_v1_workload_group_proto_init() { - if File_networking_v1_workload_group_proto != nil { - return - } - file_networking_v1_workload_entry_proto_init() - if !protoimpl.UnsafeEnabled { - file_networking_v1_workload_group_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*WorkloadGroup); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_workload_group_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ReadinessProbe); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_workload_group_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPHealthCheckConfig); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_workload_group_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPHeader); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_workload_group_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TCPHealthCheckConfig); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_workload_group_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ExecHealthCheckConfig); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1_workload_group_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*WorkloadGroup_ObjectMeta); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - file_networking_v1_workload_group_proto_msgTypes[1].OneofWrappers = []interface{}{ - (*ReadinessProbe_HttpGet)(nil), - (*ReadinessProbe_TcpSocket)(nil), - (*ReadinessProbe_Exec)(nil), - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_networking_v1_workload_group_proto_rawDesc, - NumEnums: 0, - NumMessages: 9, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_networking_v1_workload_group_proto_goTypes, - DependencyIndexes: file_networking_v1_workload_group_proto_depIdxs, - MessageInfos: file_networking_v1_workload_group_proto_msgTypes, - }.Build() - File_networking_v1_workload_group_proto = out.File - file_networking_v1_workload_group_proto_rawDesc = nil - file_networking_v1_workload_group_proto_goTypes = nil - file_networking_v1_workload_group_proto_depIdxs = nil -} diff --git a/networking/v1/workload_group.proto b/networking/v1/workload_group.proto deleted file mode 100644 index 6ddaa43a062..00000000000 --- a/networking/v1/workload_group.proto +++ /dev/null @@ -1,190 +0,0 @@ -// Copyright 2020 Istio Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -import "google/api/field_behavior.proto"; -import "networking/v1/workload_entry.proto"; - -// $schema: istio.networking.v1alpha3.WorkloadGroup -// $title: Workload Group -// $description: Describes a collection of workload instances. -// $location: https://istio.io/docs/reference/config/networking/workload-group.html -// $aliases: [/docs/reference/config/networking/v1alpha3/workload-group] -// $mode: none - -// `WorkloadGroup` describes a collection of workload instances. -// It provides a specification that the workload instances can use to bootstrap -// their proxies, including the metadata and identity. It is only intended to -// be used with non-k8s workloads like Virtual Machines, and is meant to mimic -// the existing sidecar injection and deployment specification model used for -// Kubernetes workloads to bootstrap Istio proxies. -// -// The following example declares a workload group representing a collection -// of workloads that will be registered under `reviews` in namespace -// `bookinfo`. The set of labels will be associated with each workload -// instance during the bootstrap process, and the ports 3550 and 8080 -// will be associated with the workload group and use service account `default`. -// `app.kubernetes.io/version` is just an arbitrary example of a label. -// -// ```yaml -// apiVersion: networking.istio.io/v1 -// kind: WorkloadGroup -// metadata: -// name: reviews -// namespace: bookinfo -// spec: -// metadata: -// labels: -// app.kubernetes.io/name: reviews -// app.kubernetes.io/version: "1.3.4" -// template: -// ports: -// grpc: 3550 -// http: 8080 -// serviceAccount: default -// probe: -// initialDelaySeconds: 5 -// timeoutSeconds: 3 -// periodSeconds: 4 -// successThreshold: 3 -// failureThreshold: 3 -// httpGet: -// path: /foo/bar -// host: 127.0.0.1 -// port: 3100 -// scheme: HTTPS -// httpHeaders: -// - name: Lit-Header -// value: Im-The-Best -// ``` -package istio.networking.v1; - -option go_package = "istio.io/api/networking/v1"; - -// `WorkloadGroup` enables specifying the properties of a single workload for bootstrap and -// provides a template for `WorkloadEntry`, similar to how `Deployment` specifies properties -// of workloads via `Pod` templates. A `WorkloadGroup` can have more than one `WorkloadEntry`. -// `WorkloadGroup` has no relationship to resources which control service registry like `ServiceEntry` -// and as such doesn't configure host name for these workloads. -// -// -// -message WorkloadGroup { - // Metadata that will be used for all corresponding `WorkloadEntries`. - // User labels for a workload group should be set here in `metadata` rather than in `template`. - ObjectMeta metadata = 1; - - // Template to be used for the generation of `WorkloadEntry` resources that belong to this `WorkloadGroup`. - // Please note that `address` and `labels` fields should not be set in the template, and an empty `serviceAccount` - // should default to `default`. The workload identities (mTLS certificates) will be bootstrapped using the - // specified service account's token. Workload entries in this group will be in the same namespace as the - // workload group, and inherit the labels and annotations from the above `metadata` field. - WorkloadEntry template = 2 [(google.api.field_behavior) = REQUIRED]; - - // `ObjectMeta` describes metadata that will be attached to a `WorkloadEntry`. - // It is a subset of the supported Kubernetes metadata. - message ObjectMeta { - // Labels to attach - map labels = 1; - - // Annotations to attach - map annotations = 2; - } - - // `ReadinessProbe` describes the configuration the user must provide for healthchecking on their workload. - // This configuration mirrors K8S in both syntax and logic for the most part. - ReadinessProbe probe = 3; -} - -message ReadinessProbe { - - // Number of seconds after the container has started before readiness probes are initiated. - int32 initial_delay_seconds = 2; - - // Number of seconds after which the probe times out. - // Defaults to 1 second. Minimum value is 1 second. - int32 timeout_seconds = 3; - - // How often (in seconds) to perform the probe. - // Default to 10 seconds. Minimum value is 1 second. - int32 period_seconds = 4; - - // Minimum consecutive successes for the probe to be considered successful after having failed. - // Defaults to 1 second. - int32 success_threshold = 5; - - // Minimum consecutive failures for the probe to be considered failed after having succeeded. - // Defaults to 3 seconds. - int32 failure_threshold = 6; - - // Users can only provide one configuration for healthchecks (tcp, http, exec), - // and this is expressed as a oneof. All of the other configuration values - // hold true for any of the healthcheck methods. - oneof health_check_method { - // `httpGet` is performed to a given endpoint - // and the status/able to connect determines health. - HTTPHealthCheckConfig http_get = 7; - // Health is determined by if the proxy is able to connect. - TCPHealthCheckConfig tcp_socket = 8; - // Health is determined by how the command that is executed exited. - ExecHealthCheckConfig exec = 9; - } -} - -message HTTPHealthCheckConfig { - // Path to access on the HTTP server. - string path = 1; - - // Port on which the endpoint lives. - uint32 port = 2 [(google.api.field_behavior) = REQUIRED]; - - // Host name to connect to, defaults to the pod IP. You probably want to set - // "Host" in httpHeaders instead. - string host = 3; - - // HTTP or HTTPS, defaults to HTTP - string scheme = 4; - - // Headers the proxy will pass on to make the request. - // Allows repeated headers. - repeated HTTPHeader http_headers = 5; -} - -message HTTPHeader { - // The header field name - string name = 1; - - // The header field value - string value = 2; -} - -message TCPHealthCheckConfig { - // Host to connect to, defaults to localhost - string host = 1; - // Port of host - uint32 port = 2 [(google.api.field_behavior) = REQUIRED]; -} - -message ExecHealthCheckConfig { - // Command to run. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - repeated string command = 1; -} diff --git a/networking/v1/workload_group_alias.gen.go b/networking/v1/workload_group_alias.gen.go new file mode 100644 index 00000000000..a26c67026e5 --- /dev/null +++ b/networking/v1/workload_group_alias.gen.go @@ -0,0 +1,15 @@ +// Code generated by protoc-gen-alias. DO NOT EDIT. +package v1 + +import "istio.io/api/networking/v1alpha3" + +type WorkloadGroup = v1alpha3.WorkloadGroup +type WorkloadGroup_ObjectMeta = v1alpha3.WorkloadGroup_ObjectMeta +type ReadinessProbe = v1alpha3.ReadinessProbe +type ReadinessProbe_HttpGet = v1alpha3.ReadinessProbe_HttpGet +type ReadinessProbe_TcpSocket = v1alpha3.ReadinessProbe_TcpSocket +type ReadinessProbe_Exec = v1alpha3.ReadinessProbe_Exec +type HTTPHealthCheckConfig = v1alpha3.HTTPHealthCheckConfig +type HTTPHeader = v1alpha3.HTTPHeader +type TCPHealthCheckConfig = v1alpha3.TCPHealthCheckConfig +type ExecHealthCheckConfig = v1alpha3.ExecHealthCheckConfig diff --git a/networking/v1/workload_group_deepcopy.gen.go b/networking/v1/workload_group_deepcopy.gen.go deleted file mode 100644 index b1e3441c8a5..00000000000 --- a/networking/v1/workload_group_deepcopy.gen.go +++ /dev/null @@ -1,153 +0,0 @@ -// Code generated by protoc-gen-deepcopy. DO NOT EDIT. -package v1 - -import ( - proto "google.golang.org/protobuf/proto" -) - -// DeepCopyInto supports using WorkloadGroup within kubernetes types, where deepcopy-gen is used. -func (in *WorkloadGroup) DeepCopyInto(out *WorkloadGroup) { - p := proto.Clone(in).(*WorkloadGroup) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadGroup. Required by controller-gen. -func (in *WorkloadGroup) DeepCopy() *WorkloadGroup { - if in == nil { - return nil - } - out := new(WorkloadGroup) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadGroup. Required by controller-gen. -func (in *WorkloadGroup) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using WorkloadGroup_ObjectMeta within kubernetes types, where deepcopy-gen is used. -func (in *WorkloadGroup_ObjectMeta) DeepCopyInto(out *WorkloadGroup_ObjectMeta) { - p := proto.Clone(in).(*WorkloadGroup_ObjectMeta) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadGroup_ObjectMeta. Required by controller-gen. -func (in *WorkloadGroup_ObjectMeta) DeepCopy() *WorkloadGroup_ObjectMeta { - if in == nil { - return nil - } - out := new(WorkloadGroup_ObjectMeta) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadGroup_ObjectMeta. Required by controller-gen. -func (in *WorkloadGroup_ObjectMeta) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using ReadinessProbe within kubernetes types, where deepcopy-gen is used. -func (in *ReadinessProbe) DeepCopyInto(out *ReadinessProbe) { - p := proto.Clone(in).(*ReadinessProbe) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReadinessProbe. Required by controller-gen. -func (in *ReadinessProbe) DeepCopy() *ReadinessProbe { - if in == nil { - return nil - } - out := new(ReadinessProbe) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ReadinessProbe. Required by controller-gen. -func (in *ReadinessProbe) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using HTTPHealthCheckConfig within kubernetes types, where deepcopy-gen is used. -func (in *HTTPHealthCheckConfig) DeepCopyInto(out *HTTPHealthCheckConfig) { - p := proto.Clone(in).(*HTTPHealthCheckConfig) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPHealthCheckConfig. Required by controller-gen. -func (in *HTTPHealthCheckConfig) DeepCopy() *HTTPHealthCheckConfig { - if in == nil { - return nil - } - out := new(HTTPHealthCheckConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPHealthCheckConfig. Required by controller-gen. -func (in *HTTPHealthCheckConfig) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using HTTPHeader within kubernetes types, where deepcopy-gen is used. -func (in *HTTPHeader) DeepCopyInto(out *HTTPHeader) { - p := proto.Clone(in).(*HTTPHeader) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPHeader. Required by controller-gen. -func (in *HTTPHeader) DeepCopy() *HTTPHeader { - if in == nil { - return nil - } - out := new(HTTPHeader) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPHeader. Required by controller-gen. -func (in *HTTPHeader) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using TCPHealthCheckConfig within kubernetes types, where deepcopy-gen is used. -func (in *TCPHealthCheckConfig) DeepCopyInto(out *TCPHealthCheckConfig) { - p := proto.Clone(in).(*TCPHealthCheckConfig) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPHealthCheckConfig. Required by controller-gen. -func (in *TCPHealthCheckConfig) DeepCopy() *TCPHealthCheckConfig { - if in == nil { - return nil - } - out := new(TCPHealthCheckConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new TCPHealthCheckConfig. Required by controller-gen. -func (in *TCPHealthCheckConfig) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using ExecHealthCheckConfig within kubernetes types, where deepcopy-gen is used. -func (in *ExecHealthCheckConfig) DeepCopyInto(out *ExecHealthCheckConfig) { - p := proto.Clone(in).(*ExecHealthCheckConfig) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecHealthCheckConfig. Required by controller-gen. -func (in *ExecHealthCheckConfig) DeepCopy() *ExecHealthCheckConfig { - if in == nil { - return nil - } - out := new(ExecHealthCheckConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ExecHealthCheckConfig. Required by controller-gen. -func (in *ExecHealthCheckConfig) DeepCopyInterface() interface{} { - return in.DeepCopy() -} diff --git a/networking/v1/workload_group_json.gen.go b/networking/v1/workload_group_json.gen.go deleted file mode 100644 index 096e680246d..00000000000 --- a/networking/v1/workload_group_json.gen.go +++ /dev/null @@ -1,89 +0,0 @@ -// Code generated by protoc-gen-jsonshim. DO NOT EDIT. -package v1 - -import ( - bytes "bytes" - jsonpb "github.com/golang/protobuf/jsonpb" -) - -// MarshalJSON is a custom marshaler for WorkloadGroup -func (this *WorkloadGroup) MarshalJSON() ([]byte, error) { - str, err := WorkloadGroupMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for WorkloadGroup -func (this *WorkloadGroup) UnmarshalJSON(b []byte) error { - return WorkloadGroupUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for WorkloadGroup_ObjectMeta -func (this *WorkloadGroup_ObjectMeta) MarshalJSON() ([]byte, error) { - str, err := WorkloadGroupMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for WorkloadGroup_ObjectMeta -func (this *WorkloadGroup_ObjectMeta) UnmarshalJSON(b []byte) error { - return WorkloadGroupUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for ReadinessProbe -func (this *ReadinessProbe) MarshalJSON() ([]byte, error) { - str, err := WorkloadGroupMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for ReadinessProbe -func (this *ReadinessProbe) UnmarshalJSON(b []byte) error { - return WorkloadGroupUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for HTTPHealthCheckConfig -func (this *HTTPHealthCheckConfig) MarshalJSON() ([]byte, error) { - str, err := WorkloadGroupMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for HTTPHealthCheckConfig -func (this *HTTPHealthCheckConfig) UnmarshalJSON(b []byte) error { - return WorkloadGroupUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for HTTPHeader -func (this *HTTPHeader) MarshalJSON() ([]byte, error) { - str, err := WorkloadGroupMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for HTTPHeader -func (this *HTTPHeader) UnmarshalJSON(b []byte) error { - return WorkloadGroupUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for TCPHealthCheckConfig -func (this *TCPHealthCheckConfig) MarshalJSON() ([]byte, error) { - str, err := WorkloadGroupMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for TCPHealthCheckConfig -func (this *TCPHealthCheckConfig) UnmarshalJSON(b []byte) error { - return WorkloadGroupUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for ExecHealthCheckConfig -func (this *ExecHealthCheckConfig) MarshalJSON() ([]byte, error) { - str, err := WorkloadGroupMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for ExecHealthCheckConfig -func (this *ExecHealthCheckConfig) UnmarshalJSON(b []byte) error { - return WorkloadGroupUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -var ( - WorkloadGroupMarshaler = &jsonpb.Marshaler{} - WorkloadGroupUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} -) diff --git a/networking/v1alpha3/destination_rule.pb.go b/networking/v1alpha3/destination_rule.pb.go index abfddeeafb9..75dfd4f9434 100644 --- a/networking/v1alpha3/destination_rule.pb.go +++ b/networking/v1alpha3/destination_rule.pb.go @@ -410,9 +410,6 @@ func (ClientTLSSettings_TLSmode) EnumDescriptor() ([]byte, []int) { // +genclient // +k8s:deepcopy-gen=true // --> -// type DestinationRule struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache diff --git a/networking/v1alpha3/destination_rule.proto b/networking/v1alpha3/destination_rule.proto index e446446bfb4..c1a8f9eb4a3 100644 --- a/networking/v1alpha3/destination_rule.proto +++ b/networking/v1alpha3/destination_rule.proto @@ -149,9 +149,6 @@ option go_package = "istio.io/api/networking/v1alpha3"; // +genclient // +k8s:deepcopy-gen=true // --> -// message DestinationRule { // The name of a service from the service registry. Service // names are looked up from the platform's service registry (e.g., diff --git a/networking/v1alpha3/gateway.pb.go b/networking/v1alpha3/gateway.pb.go index 6bfe5cece2b..34dc0a72f77 100644 --- a/networking/v1alpha3/gateway.pb.go +++ b/networking/v1alpha3/gateway.pb.go @@ -384,9 +384,6 @@ func (ServerTLSSettings_TLSProtocol) EnumDescriptor() ([]byte, []int) { // +genclient // +k8s:deepcopy-gen=true // --> -// type Gateway struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache diff --git a/networking/v1alpha3/gateway.proto b/networking/v1alpha3/gateway.proto index 5064ad565e6..030e363559e 100644 --- a/networking/v1alpha3/gateway.proto +++ b/networking/v1alpha3/gateway.proto @@ -216,9 +216,6 @@ option go_package = "istio.io/api/networking/v1alpha3"; // +genclient // +k8s:deepcopy-gen=true // --> -// message Gateway { // A list of server specifications. repeated Server servers = 1; diff --git a/networking/v1alpha3/service_entry.pb.go b/networking/v1alpha3/service_entry.pb.go index 65247cf938e..6e8d8967f2a 100644 --- a/networking/v1alpha3/service_entry.pb.go +++ b/networking/v1alpha3/service_entry.pb.go @@ -590,9 +590,6 @@ func (ServiceEntry_Resolution) EnumDescriptor() ([]byte, []int) { // +genclient // +k8s:deepcopy-gen=true // --> -// type ServiceEntry struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache diff --git a/networking/v1alpha3/service_entry.proto b/networking/v1alpha3/service_entry.proto index c82d4a830a7..63e93828e21 100644 --- a/networking/v1alpha3/service_entry.proto +++ b/networking/v1alpha3/service_entry.proto @@ -432,9 +432,6 @@ option go_package = "istio.io/api/networking/v1alpha3"; // +genclient // +k8s:deepcopy-gen=true // --> -// message ServiceEntry { // The hosts associated with the ServiceEntry. Could be a DNS // name with wildcard prefix. diff --git a/networking/v1alpha3/sidecar.pb.go b/networking/v1alpha3/sidecar.pb.go index aa244e85960..5caebf340fb 100644 --- a/networking/v1alpha3/sidecar.pb.go +++ b/networking/v1alpha3/sidecar.pb.go @@ -490,9 +490,6 @@ func (OutboundTrafficPolicy_Mode) EnumDescriptor() ([]byte, []int) { // +genclient // +k8s:deepcopy-gen=true // --> -// type Sidecar struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache diff --git a/networking/v1alpha3/sidecar.proto b/networking/v1alpha3/sidecar.proto index 2779547c1ee..e532f3d6ffd 100644 --- a/networking/v1alpha3/sidecar.proto +++ b/networking/v1alpha3/sidecar.proto @@ -369,9 +369,6 @@ option go_package = "istio.io/api/networking/v1alpha3"; // +genclient // +k8s:deepcopy-gen=true // --> -// message Sidecar { // Criteria used to select the specific set of pods/VMs on which this // `Sidecar` configuration should be applied. If omitted, the `Sidecar` diff --git a/networking/v1alpha3/virtual_service.pb.go b/networking/v1alpha3/virtual_service.pb.go index 2e99d29cb4d..d1549f59393 100644 --- a/networking/v1alpha3/virtual_service.pb.go +++ b/networking/v1alpha3/virtual_service.pb.go @@ -261,9 +261,6 @@ func (CorsPolicy_UnmatchedPreflights) EnumDescriptor() ([]byte, []int) { // +genclient // +k8s:deepcopy-gen=true // --> -// type VirtualService struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache diff --git a/networking/v1alpha3/virtual_service.proto b/networking/v1alpha3/virtual_service.proto index 69a99e55ce0..d8a3f05ef51 100644 --- a/networking/v1alpha3/virtual_service.proto +++ b/networking/v1alpha3/virtual_service.proto @@ -145,9 +145,6 @@ option go_package = "istio.io/api/networking/v1alpha3"; // +genclient // +k8s:deepcopy-gen=true // --> -// message VirtualService { // The destination hosts to which traffic is being sent. Could // be a DNS name with wildcard prefix or an IP address. Depending on the diff --git a/networking/v1alpha3/workload_entry.pb.go b/networking/v1alpha3/workload_entry.pb.go index 7769789c0d7..1bf23afbe59 100644 --- a/networking/v1alpha3/workload_entry.pb.go +++ b/networking/v1alpha3/workload_entry.pb.go @@ -191,9 +191,6 @@ const ( // +genclient // +k8s:deepcopy-gen=true // --> -// type WorkloadEntry struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache diff --git a/networking/v1alpha3/workload_entry.proto b/networking/v1alpha3/workload_entry.proto index 01a71d6c203..d4b3ceb4dc3 100644 --- a/networking/v1alpha3/workload_entry.proto +++ b/networking/v1alpha3/workload_entry.proto @@ -174,9 +174,6 @@ option go_package = "istio.io/api/networking/v1alpha3"; // +genclient // +k8s:deepcopy-gen=true // --> -// message WorkloadEntry { // Address associated with the network endpoint without the // port. Domain names can be used if and only if the resolution is set diff --git a/networking/v1alpha3/workload_group.pb.go b/networking/v1alpha3/workload_group.pb.go index fca71707381..5c76042aa0a 100644 --- a/networking/v1alpha3/workload_group.pb.go +++ b/networking/v1alpha3/workload_group.pb.go @@ -114,9 +114,6 @@ const ( // +genclient // +k8s:deepcopy-gen=true // --> -// type WorkloadGroup struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache diff --git a/networking/v1alpha3/workload_group.proto b/networking/v1alpha3/workload_group.proto index 096dc549f25..aff023877f1 100644 --- a/networking/v1alpha3/workload_group.proto +++ b/networking/v1alpha3/workload_group.proto @@ -99,9 +99,6 @@ option go_package = "istio.io/api/networking/v1alpha3"; // +genclient // +k8s:deepcopy-gen=true // --> -// message WorkloadGroup { // Metadata that will be used for all corresponding `WorkloadEntries`. // User labels for a workload group should be set here in `metadata` rather than in `template`. diff --git a/networking/v1beta1/destination_rule.pb.go b/networking/v1beta1/destination_rule.pb.go deleted file mode 100644 index 49878969911..00000000000 --- a/networking/v1beta1/destination_rule.pb.go +++ /dev/null @@ -1,3386 +0,0 @@ -// Copyright 2020 Istio Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.33.0 -// protoc (unknown) -// source: networking/v1beta1/destination_rule.proto - -// $schema: istio.networking.v1beta1.DestinationRule -// $title: Destination Rule -// $description: Configuration affecting load balancing, outlier detection, etc. -// $location: https://istio.io/docs/reference/config/networking/destination-rule.html -// $aliases: [/docs/reference/config/networking/v1beta1/destination-rule] -// $mode: none - -// `DestinationRule` defines policies that apply to traffic intended for a -// service after routing has occurred. These rules specify configuration -// for load balancing, connection pool size from the sidecar, and outlier -// detection settings to detect and evict unhealthy hosts from the load -// balancing pool. For example, a simple load balancing policy for the -// ratings service would look as follows: -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: bookinfo-ratings -// spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// loadBalancer: -// simple: LEAST_REQUEST -// ``` -// -// Version specific policies can be specified by defining a named -// `subset` and overriding the settings specified at the service level. The -// following rule uses a round robin load balancing policy for all traffic -// going to a subset named testversion that is composed of endpoints (e.g., -// pods) with labels (version:v3). -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: bookinfo-ratings -// spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// loadBalancer: -// simple: LEAST_REQUEST -// subsets: -// - name: testversion -// labels: -// version: v3 -// trafficPolicy: -// loadBalancer: -// simple: ROUND_ROBIN -// ``` -// -// **Note:** Policies specified for subsets will not take effect until -// a route rule explicitly sends traffic to this subset. -// -// Traffic policies can be customized to specific ports as well. The -// following rule uses the least connection load balancing policy for all -// traffic to port 80, while uses a round robin load balancing setting for -// traffic to the port 9080. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: bookinfo-ratings-port -// spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: # Apply to all ports -// portLevelSettings: -// - port: -// number: 80 -// loadBalancer: -// simple: LEAST_REQUEST -// - port: -// number: 9080 -// loadBalancer: -// simple: ROUND_ROBIN -// ``` - -package v1beta1 - -import ( - duration "github.com/golang/protobuf/ptypes/duration" - wrappers "github.com/golang/protobuf/ptypes/wrappers" - _ "google.golang.org/genproto/googleapis/api/annotations" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - v1beta1 "istio.io/api/type/v1beta1" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type TrafficPolicy_ProxyProtocol_VERSION int32 - -const ( - // ⁣PROXY protocol version 1. Human readable format. - TrafficPolicy_ProxyProtocol_V1 TrafficPolicy_ProxyProtocol_VERSION = 0 - // ⁣PROXY protocol version 2. Binary format. - TrafficPolicy_ProxyProtocol_V2 TrafficPolicy_ProxyProtocol_VERSION = 1 -) - -// Enum value maps for TrafficPolicy_ProxyProtocol_VERSION. -var ( - TrafficPolicy_ProxyProtocol_VERSION_name = map[int32]string{ - 0: "V1", - 1: "V2", - } - TrafficPolicy_ProxyProtocol_VERSION_value = map[string]int32{ - "V1": 0, - "V2": 1, - } -) - -func (x TrafficPolicy_ProxyProtocol_VERSION) Enum() *TrafficPolicy_ProxyProtocol_VERSION { - p := new(TrafficPolicy_ProxyProtocol_VERSION) - *p = x - return p -} - -func (x TrafficPolicy_ProxyProtocol_VERSION) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (TrafficPolicy_ProxyProtocol_VERSION) Descriptor() protoreflect.EnumDescriptor { - return file_networking_v1beta1_destination_rule_proto_enumTypes[0].Descriptor() -} - -func (TrafficPolicy_ProxyProtocol_VERSION) Type() protoreflect.EnumType { - return &file_networking_v1beta1_destination_rule_proto_enumTypes[0] -} - -func (x TrafficPolicy_ProxyProtocol_VERSION) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use TrafficPolicy_ProxyProtocol_VERSION.Descriptor instead. -func (TrafficPolicy_ProxyProtocol_VERSION) EnumDescriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{1, 2, 0} -} - -// Standard load balancing algorithms that require no tuning. -type LoadBalancerSettings_SimpleLB int32 - -const ( - // No load balancing algorithm has been specified by the user. Istio - // will select an appropriate default. - LoadBalancerSettings_UNSPECIFIED LoadBalancerSettings_SimpleLB = 0 - // Deprecated. Use LEAST_REQUEST instead. - // - // Deprecated: Marked as deprecated in networking/v1beta1/destination_rule.proto. - LoadBalancerSettings_LEAST_CONN LoadBalancerSettings_SimpleLB = 1 - // The random load balancer selects a random healthy host. The random - // load balancer generally performs better than round robin if no health - // checking policy is configured. - LoadBalancerSettings_RANDOM LoadBalancerSettings_SimpleLB = 2 - // This option will forward the connection to the original IP address - // requested by the caller without doing any form of load - // balancing. This option must be used with care. It is meant for - // advanced use cases. Refer to Original Destination load balancer in - // Envoy for further details. - LoadBalancerSettings_PASSTHROUGH LoadBalancerSettings_SimpleLB = 3 - // A basic round robin load balancing policy. This is generally unsafe - // for many scenarios (e.g. when endpoint weighting is used) as it can - // overburden endpoints. In general, prefer to use LEAST_REQUEST as a - // drop-in replacement for ROUND_ROBIN. - LoadBalancerSettings_ROUND_ROBIN LoadBalancerSettings_SimpleLB = 4 - // The least request load balancer spreads load across endpoints, favoring - // endpoints with the least outstanding requests. This is generally safer - // and outperforms ROUND_ROBIN in nearly all cases. Prefer to use - // LEAST_REQUEST as a drop-in replacement for ROUND_ROBIN. - LoadBalancerSettings_LEAST_REQUEST LoadBalancerSettings_SimpleLB = 5 -) - -// Enum value maps for LoadBalancerSettings_SimpleLB. -var ( - LoadBalancerSettings_SimpleLB_name = map[int32]string{ - 0: "UNSPECIFIED", - 1: "LEAST_CONN", - 2: "RANDOM", - 3: "PASSTHROUGH", - 4: "ROUND_ROBIN", - 5: "LEAST_REQUEST", - } - LoadBalancerSettings_SimpleLB_value = map[string]int32{ - "UNSPECIFIED": 0, - "LEAST_CONN": 1, - "RANDOM": 2, - "PASSTHROUGH": 3, - "ROUND_ROBIN": 4, - "LEAST_REQUEST": 5, - } -) - -func (x LoadBalancerSettings_SimpleLB) Enum() *LoadBalancerSettings_SimpleLB { - p := new(LoadBalancerSettings_SimpleLB) - *p = x - return p -} - -func (x LoadBalancerSettings_SimpleLB) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (LoadBalancerSettings_SimpleLB) Descriptor() protoreflect.EnumDescriptor { - return file_networking_v1beta1_destination_rule_proto_enumTypes[1].Descriptor() -} - -func (LoadBalancerSettings_SimpleLB) Type() protoreflect.EnumType { - return &file_networking_v1beta1_destination_rule_proto_enumTypes[1] -} - -func (x LoadBalancerSettings_SimpleLB) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use LoadBalancerSettings_SimpleLB.Descriptor instead. -func (LoadBalancerSettings_SimpleLB) EnumDescriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{3, 0} -} - -// Policy for upgrading http1.1 connections to http2. -type ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy int32 - -const ( - // Use the global default. - ConnectionPoolSettings_HTTPSettings_DEFAULT ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy = 0 - // Do not upgrade the connection to http2. - // This opt-out option overrides the default. - ConnectionPoolSettings_HTTPSettings_DO_NOT_UPGRADE ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy = 1 - // Upgrade the connection to http2. - // This opt-in option overrides the default. - ConnectionPoolSettings_HTTPSettings_UPGRADE ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy = 2 -) - -// Enum value maps for ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy. -var ( - ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy_name = map[int32]string{ - 0: "DEFAULT", - 1: "DO_NOT_UPGRADE", - 2: "UPGRADE", - } - ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy_value = map[string]int32{ - "DEFAULT": 0, - "DO_NOT_UPGRADE": 1, - "UPGRADE": 2, - } -) - -func (x ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy) Enum() *ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy { - p := new(ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy) - *p = x - return p -} - -func (x ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy) Descriptor() protoreflect.EnumDescriptor { - return file_networking_v1beta1_destination_rule_proto_enumTypes[2].Descriptor() -} - -func (ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy) Type() protoreflect.EnumType { - return &file_networking_v1beta1_destination_rule_proto_enumTypes[2] -} - -func (x ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy.Descriptor instead. -func (ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy) EnumDescriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{4, 1, 0} -} - -// TLS connection mode -type ClientTLSSettings_TLSmode int32 - -const ( - // Do not setup a TLS connection to the upstream endpoint. - ClientTLSSettings_DISABLE ClientTLSSettings_TLSmode = 0 - // Originate a TLS connection to the upstream endpoint. - ClientTLSSettings_SIMPLE ClientTLSSettings_TLSmode = 1 - // Secure connections to the upstream using mutual TLS by presenting - // client certificates for authentication. - ClientTLSSettings_MUTUAL ClientTLSSettings_TLSmode = 2 - // Secure connections to the upstream using mutual TLS by presenting - // client certificates for authentication. - // Compared to Mutual mode, this mode uses certificates generated - // automatically by Istio for mTLS authentication. When this mode is - // used, all other fields in `ClientTLSSettings` should be empty. - ClientTLSSettings_ISTIO_MUTUAL ClientTLSSettings_TLSmode = 3 -) - -// Enum value maps for ClientTLSSettings_TLSmode. -var ( - ClientTLSSettings_TLSmode_name = map[int32]string{ - 0: "DISABLE", - 1: "SIMPLE", - 2: "MUTUAL", - 3: "ISTIO_MUTUAL", - } - ClientTLSSettings_TLSmode_value = map[string]int32{ - "DISABLE": 0, - "SIMPLE": 1, - "MUTUAL": 2, - "ISTIO_MUTUAL": 3, - } -) - -func (x ClientTLSSettings_TLSmode) Enum() *ClientTLSSettings_TLSmode { - p := new(ClientTLSSettings_TLSmode) - *p = x - return p -} - -func (x ClientTLSSettings_TLSmode) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (ClientTLSSettings_TLSmode) Descriptor() protoreflect.EnumDescriptor { - return file_networking_v1beta1_destination_rule_proto_enumTypes[3].Descriptor() -} - -func (ClientTLSSettings_TLSmode) Type() protoreflect.EnumType { - return &file_networking_v1beta1_destination_rule_proto_enumTypes[3] -} - -func (x ClientTLSSettings_TLSmode) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use ClientTLSSettings_TLSmode.Descriptor instead. -func (ClientTLSSettings_TLSmode) EnumDescriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{6, 0} -} - -// DestinationRule defines policies that apply to traffic intended for a service -// after routing has occurred. -// -// -// -type DestinationRule struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The name of a service from the service registry. Service - // names are looked up from the platform's service registry (e.g., - // Kubernetes services, Consul services, etc.) and from the hosts - // declared by [ServiceEntries](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry). Rules defined for - // services that do not exist in the service registry will be ignored. - // - // *Note for Kubernetes users*: When short names are used (e.g. "reviews" - // instead of "reviews.default.svc.cluster.local"), Istio will interpret - // the short name based on the namespace of the rule, not the service. A - // rule in the "default" namespace containing a host "reviews" will be - // interpreted as "reviews.default.svc.cluster.local", irrespective of - // the actual namespace associated with the reviews service. _To avoid - // potential misconfigurations, it is recommended to always use fully - // qualified domain names over short names._ - // - // Note that the host field applies to both HTTP and TCP services. - Host string `protobuf:"bytes,1,opt,name=host,proto3" json:"host,omitempty"` - // Traffic policies to apply (load balancing policy, connection pool - // sizes, outlier detection). - TrafficPolicy *TrafficPolicy `protobuf:"bytes,2,opt,name=traffic_policy,json=trafficPolicy,proto3" json:"traffic_policy,omitempty"` - // One or more named sets that represent individual versions of a - // service. Traffic policies can be overridden at subset level. - Subsets []*Subset `protobuf:"bytes,3,rep,name=subsets,proto3" json:"subsets,omitempty"` - // A list of namespaces to which this destination rule is exported. - // The resolution of a destination rule to apply to a service occurs in the - // context of a hierarchy of namespaces. Exporting a destination rule allows - // it to be included in the resolution hierarchy for services in - // other namespaces. This feature provides a mechanism for service owners - // and mesh administrators to control the visibility of destination rules - // across namespace boundaries. - // - // If no namespaces are specified then the destination rule is exported to all - // namespaces by default. - // - // The value "." is reserved and defines an export to the same namespace that - // the destination rule is declared in. Similarly, the value "*" is reserved and - // defines an export to all namespaces. - ExportTo []string `protobuf:"bytes,4,rep,name=export_to,json=exportTo,proto3" json:"export_to,omitempty"` - // Criteria used to select the specific set of pods/VMs on which this - // `DestinationRule` configuration should be applied. If specified, the `DestinationRule` - // configuration will be applied only to the workload instances matching the workload selector - // label in the same namespace. Workload selectors do not apply across namespace boundaries. - // If omitted, the `DestinationRule` falls back to its default behavior. - // For example, if specific sidecars need to have egress TLS settings for services outside - // of the mesh, instead of every sidecar in the mesh needing to have the - // configuration (which is the default behaviour), a workload selector can be specified. - WorkloadSelector *v1beta1.WorkloadSelector `protobuf:"bytes,5,opt,name=workload_selector,json=workloadSelector,proto3" json:"workload_selector,omitempty"` -} - -func (x *DestinationRule) Reset() { - *x = DestinationRule{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *DestinationRule) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*DestinationRule) ProtoMessage() {} - -func (x *DestinationRule) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use DestinationRule.ProtoReflect.Descriptor instead. -func (*DestinationRule) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{0} -} - -func (x *DestinationRule) GetHost() string { - if x != nil { - return x.Host - } - return "" -} - -func (x *DestinationRule) GetTrafficPolicy() *TrafficPolicy { - if x != nil { - return x.TrafficPolicy - } - return nil -} - -func (x *DestinationRule) GetSubsets() []*Subset { - if x != nil { - return x.Subsets - } - return nil -} - -func (x *DestinationRule) GetExportTo() []string { - if x != nil { - return x.ExportTo - } - return nil -} - -func (x *DestinationRule) GetWorkloadSelector() *v1beta1.WorkloadSelector { - if x != nil { - return x.WorkloadSelector - } - return nil -} - -// Traffic policies to apply for a specific destination, across all -// destination ports. See DestinationRule for examples. -type TrafficPolicy struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Settings controlling the load balancer algorithms. - LoadBalancer *LoadBalancerSettings `protobuf:"bytes,1,opt,name=load_balancer,json=loadBalancer,proto3" json:"load_balancer,omitempty"` - // Settings controlling the volume of connections to an upstream service - ConnectionPool *ConnectionPoolSettings `protobuf:"bytes,2,opt,name=connection_pool,json=connectionPool,proto3" json:"connection_pool,omitempty"` - // Settings controlling eviction of unhealthy hosts from the load balancing pool - OutlierDetection *OutlierDetection `protobuf:"bytes,3,opt,name=outlier_detection,json=outlierDetection,proto3" json:"outlier_detection,omitempty"` - // TLS related settings for connections to the upstream service. - Tls *ClientTLSSettings `protobuf:"bytes,4,opt,name=tls,proto3" json:"tls,omitempty"` - // Traffic policies specific to individual ports. Note that port level - // settings will override the destination-level settings. Traffic - // settings specified at the destination-level will not be inherited when - // overridden by port-level settings, i.e. default values will be applied - // to fields omitted in port-level traffic policies. - PortLevelSettings []*TrafficPolicy_PortTrafficPolicy `protobuf:"bytes,5,rep,name=port_level_settings,json=portLevelSettings,proto3" json:"port_level_settings,omitempty"` - // Configuration of tunneling TCP over other transport or application layers - // for the host configured in the DestinationRule. - // Tunnel settings can be applied to TCP or TLS routes and can't be applied to HTTP routes. - Tunnel *TrafficPolicy_TunnelSettings `protobuf:"bytes,6,opt,name=tunnel,proto3" json:"tunnel,omitempty"` - // The upstream PROXY protocol settings. - ProxyProtocol *TrafficPolicy_ProxyProtocol `protobuf:"bytes,7,opt,name=proxy_protocol,json=proxyProtocol,proto3" json:"proxy_protocol,omitempty"` -} - -func (x *TrafficPolicy) Reset() { - *x = TrafficPolicy{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *TrafficPolicy) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*TrafficPolicy) ProtoMessage() {} - -func (x *TrafficPolicy) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use TrafficPolicy.ProtoReflect.Descriptor instead. -func (*TrafficPolicy) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{1} -} - -func (x *TrafficPolicy) GetLoadBalancer() *LoadBalancerSettings { - if x != nil { - return x.LoadBalancer - } - return nil -} - -func (x *TrafficPolicy) GetConnectionPool() *ConnectionPoolSettings { - if x != nil { - return x.ConnectionPool - } - return nil -} - -func (x *TrafficPolicy) GetOutlierDetection() *OutlierDetection { - if x != nil { - return x.OutlierDetection - } - return nil -} - -func (x *TrafficPolicy) GetTls() *ClientTLSSettings { - if x != nil { - return x.Tls - } - return nil -} - -func (x *TrafficPolicy) GetPortLevelSettings() []*TrafficPolicy_PortTrafficPolicy { - if x != nil { - return x.PortLevelSettings - } - return nil -} - -func (x *TrafficPolicy) GetTunnel() *TrafficPolicy_TunnelSettings { - if x != nil { - return x.Tunnel - } - return nil -} - -func (x *TrafficPolicy) GetProxyProtocol() *TrafficPolicy_ProxyProtocol { - if x != nil { - return x.ProxyProtocol - } - return nil -} - -// A subset of endpoints of a service. Subsets can be used for scenarios -// like A/B testing, or routing to a specific version of a service. Refer -// to [VirtualService](https://istio.io/docs/reference/config/networking/virtual-service/#VirtualService) documentation for examples of using -// subsets in these scenarios. In addition, traffic policies defined at the -// service-level can be overridden at a subset-level. The following rule -// uses a round robin load balancing policy for all traffic going to a -// subset named testversion that is composed of endpoints (e.g., pods) with -// labels (version:v3). -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// -// name: bookinfo-ratings -// -// spec: -// -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// loadBalancer: -// simple: LEAST_REQUEST -// subsets: -// - name: testversion -// labels: -// version: v3 -// trafficPolicy: -// loadBalancer: -// simple: ROUND_ROBIN -// -// ``` -// -// **Note:** Policies specified for subsets will not take effect until -// a route rule explicitly sends traffic to this subset. -// -// One or more labels are typically required to identify the subset destination, -// however, when the corresponding DestinationRule represents a host that -// supports multiple SNI hosts (e.g., an egress gateway), a subset without labels -// may be meaningful. In this case a traffic policy with [ClientTLSSettings](#ClientTLSSettings) -// can be used to identify a specific SNI host corresponding to the named subset. -type Subset struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Name of the subset. The service name and the subset name can - // be used for traffic splitting in a route rule. - Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` - // Labels apply a filter over the endpoints of a service in the - // service registry. See route rules for examples of usage. - Labels map[string]string `protobuf:"bytes,2,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - // Traffic policies that apply to this subset. Subsets inherit the - // traffic policies specified at the DestinationRule level. Settings - // specified at the subset level will override the corresponding settings - // specified at the DestinationRule level. - TrafficPolicy *TrafficPolicy `protobuf:"bytes,3,opt,name=traffic_policy,json=trafficPolicy,proto3" json:"traffic_policy,omitempty"` -} - -func (x *Subset) Reset() { - *x = Subset{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Subset) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Subset) ProtoMessage() {} - -func (x *Subset) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Subset.ProtoReflect.Descriptor instead. -func (*Subset) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{2} -} - -func (x *Subset) GetName() string { - if x != nil { - return x.Name - } - return "" -} - -func (x *Subset) GetLabels() map[string]string { - if x != nil { - return x.Labels - } - return nil -} - -func (x *Subset) GetTrafficPolicy() *TrafficPolicy { - if x != nil { - return x.TrafficPolicy - } - return nil -} - -// Load balancing policies to apply for a specific destination. See Envoy's -// load balancing -// [documentation](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancing) -// for more details. -// -// For example, the following rule uses a round robin load balancing policy -// for all traffic going to the ratings service. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// -// name: bookinfo-ratings -// -// spec: -// -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// loadBalancer: -// simple: ROUND_ROBIN -// -// ``` -// -// The following example sets up sticky sessions for the ratings service -// hashing-based load balancer for the same ratings service using the -// the User cookie as the hash key. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// -// name: bookinfo-ratings -// -// spec: -// -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// loadBalancer: -// consistentHash: -// httpCookie: -// name: user -// ttl: 0s -// -// ``` -type LoadBalancerSettings struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Upstream load balancing policy. - // - // Types that are assignable to LbPolicy: - // - // *LoadBalancerSettings_Simple - // *LoadBalancerSettings_ConsistentHash - LbPolicy isLoadBalancerSettings_LbPolicy `protobuf_oneof:"lb_policy"` - // Locality load balancer settings, this will override mesh wide settings in entirety, meaning no merging would be performed - // between this object and the object one in MeshConfig - LocalityLbSetting *LocalityLoadBalancerSetting `protobuf:"bytes,3,opt,name=locality_lb_setting,json=localityLbSetting,proto3" json:"locality_lb_setting,omitempty"` - // Represents the warmup duration of Service. If set, the newly created endpoint of service - // remains in warmup mode starting from its creation time for the duration of this window and - // Istio progressively increases amount of traffic for that endpoint instead of sending proportional amount of traffic. - // This should be enabled for services that require warm up time to serve full production load with reasonable latency. - // Please note that this is most effective when few new endpoints come up like scale event in Kubernetes. When all the - // endpoints are relatively new like new deployment, this is not very effective as all endpoints end up getting same - // amount of requests. - // Currently this is only supported for ROUND_ROBIN and LEAST_REQUEST load balancers. - WarmupDurationSecs *duration.Duration `protobuf:"bytes,4,opt,name=warmup_duration_secs,json=warmupDurationSecs,proto3" json:"warmup_duration_secs,omitempty"` -} - -func (x *LoadBalancerSettings) Reset() { - *x = LoadBalancerSettings{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *LoadBalancerSettings) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*LoadBalancerSettings) ProtoMessage() {} - -func (x *LoadBalancerSettings) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use LoadBalancerSettings.ProtoReflect.Descriptor instead. -func (*LoadBalancerSettings) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{3} -} - -func (m *LoadBalancerSettings) GetLbPolicy() isLoadBalancerSettings_LbPolicy { - if m != nil { - return m.LbPolicy - } - return nil -} - -func (x *LoadBalancerSettings) GetSimple() LoadBalancerSettings_SimpleLB { - if x, ok := x.GetLbPolicy().(*LoadBalancerSettings_Simple); ok { - return x.Simple - } - return LoadBalancerSettings_UNSPECIFIED -} - -func (x *LoadBalancerSettings) GetConsistentHash() *LoadBalancerSettings_ConsistentHashLB { - if x, ok := x.GetLbPolicy().(*LoadBalancerSettings_ConsistentHash); ok { - return x.ConsistentHash - } - return nil -} - -func (x *LoadBalancerSettings) GetLocalityLbSetting() *LocalityLoadBalancerSetting { - if x != nil { - return x.LocalityLbSetting - } - return nil -} - -func (x *LoadBalancerSettings) GetWarmupDurationSecs() *duration.Duration { - if x != nil { - return x.WarmupDurationSecs - } - return nil -} - -type isLoadBalancerSettings_LbPolicy interface { - isLoadBalancerSettings_LbPolicy() -} - -type LoadBalancerSettings_Simple struct { - Simple LoadBalancerSettings_SimpleLB `protobuf:"varint,1,opt,name=simple,proto3,enum=istio.networking.v1beta1.LoadBalancerSettings_SimpleLB,oneof"` -} - -type LoadBalancerSettings_ConsistentHash struct { - ConsistentHash *LoadBalancerSettings_ConsistentHashLB `protobuf:"bytes,2,opt,name=consistent_hash,json=consistentHash,proto3,oneof"` -} - -func (*LoadBalancerSettings_Simple) isLoadBalancerSettings_LbPolicy() {} - -func (*LoadBalancerSettings_ConsistentHash) isLoadBalancerSettings_LbPolicy() {} - -// Connection pool settings for an upstream host. The settings apply to -// each individual host in the upstream service. See Envoy's [circuit -// breaker](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/circuit_breaking) -// for more details. Connection pool settings can be applied at the TCP -// level as well as at HTTP level. -// -// For example, the following rule sets a limit of 100 connections to redis -// service called myredissrv with a connect timeout of 30ms -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// -// name: bookinfo-redis -// -// spec: -// -// host: myredissrv.prod.svc.cluster.local -// trafficPolicy: -// connectionPool: -// tcp: -// maxConnections: 100 -// connectTimeout: 30ms -// tcpKeepalive: -// time: 7200s -// interval: 75s -// -// ``` -type ConnectionPoolSettings struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Settings common to both HTTP and TCP upstream connections. - Tcp *ConnectionPoolSettings_TCPSettings `protobuf:"bytes,1,opt,name=tcp,proto3" json:"tcp,omitempty"` - // HTTP connection pool settings. - Http *ConnectionPoolSettings_HTTPSettings `protobuf:"bytes,2,opt,name=http,proto3" json:"http,omitempty"` -} - -func (x *ConnectionPoolSettings) Reset() { - *x = ConnectionPoolSettings{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ConnectionPoolSettings) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ConnectionPoolSettings) ProtoMessage() {} - -func (x *ConnectionPoolSettings) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ConnectionPoolSettings.ProtoReflect.Descriptor instead. -func (*ConnectionPoolSettings) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{4} -} - -func (x *ConnectionPoolSettings) GetTcp() *ConnectionPoolSettings_TCPSettings { - if x != nil { - return x.Tcp - } - return nil -} - -func (x *ConnectionPoolSettings) GetHttp() *ConnectionPoolSettings_HTTPSettings { - if x != nil { - return x.Http - } - return nil -} - -// A Circuit breaker implementation that tracks the status of each -// individual host in the upstream service. Applicable to both HTTP and -// TCP services. For HTTP services, hosts that continually return 5xx -// errors for API calls are ejected from the pool for a pre-defined period -// of time. For TCP services, connection timeouts or connection -// failures to a given host counts as an error when measuring the -// consecutive errors metric. See Envoy's [outlier -// detection](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/outlier) -// for more details. -// -// The following rule sets a connection pool size of 100 HTTP1 connections -// with no more than 10 req/connection to the "reviews" service. In addition, -// it sets a limit of 1000 concurrent HTTP2 requests and configures upstream -// hosts to be scanned every 5 mins so that any host that fails 7 consecutive -// times with a 502, 503, or 504 error code will be ejected for 15 minutes. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// -// name: reviews-cb-policy -// -// spec: -// -// host: reviews.prod.svc.cluster.local -// trafficPolicy: -// connectionPool: -// tcp: -// maxConnections: 100 -// http: -// http2MaxRequests: 1000 -// maxRequestsPerConnection: 10 -// outlierDetection: -// consecutive5xxErrors: 7 -// interval: 5m -// baseEjectionTime: 15m -// -// ``` -type OutlierDetection struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Number of errors before a host is ejected from the connection - // pool. Defaults to 5. When the upstream host is accessed over HTTP, a - // 502, 503, or 504 return code qualifies as an error. When the upstream host - // is accessed over an opaque TCP connection, connect timeouts and - // connection error/failure events qualify as an error. - // $hide_from_docs - // - // Deprecated: Marked as deprecated in networking/v1beta1/destination_rule.proto. - ConsecutiveErrors int32 `protobuf:"varint,1,opt,name=consecutive_errors,json=consecutiveErrors,proto3" json:"consecutive_errors,omitempty"` - // Determines whether to distinguish local origin failures from external errors. If set to true - // consecutive_local_origin_failure is taken into account for outlier detection calculations. - // This should be used when you want to derive the outlier detection status based on the errors - // seen locally such as failure to connect, timeout while connecting etc. rather than the status code - // returned by upstream service. This is especially useful when the upstream service explicitly returns - // a 5xx for some requests and you want to ignore those responses from upstream service while determining - // the outlier detection status of a host. - // Defaults to false. - SplitExternalLocalOriginErrors bool `protobuf:"varint,8,opt,name=split_external_local_origin_errors,json=splitExternalLocalOriginErrors,proto3" json:"split_external_local_origin_errors,omitempty"` - // The number of consecutive locally originated failures before ejection - // occurs. Defaults to 5. Parameter takes effect only when split_external_local_origin_errors - // is set to true. - ConsecutiveLocalOriginFailures *wrappers.UInt32Value `protobuf:"bytes,9,opt,name=consecutive_local_origin_failures,json=consecutiveLocalOriginFailures,proto3" json:"consecutive_local_origin_failures,omitempty"` - // Number of gateway errors before a host is ejected from the connection pool. - // When the upstream host is accessed over HTTP, a 502, 503, or 504 return - // code qualifies as a gateway error. When the upstream host is accessed over - // an opaque TCP connection, connect timeouts and connection error/failure - // events qualify as a gateway error. - // This feature is disabled by default or when set to the value 0. - // - // Note that consecutive_gateway_errors and consecutive_5xx_errors can be - // used separately or together. Because the errors counted by - // consecutive_gateway_errors are also included in consecutive_5xx_errors, - // if the value of consecutive_gateway_errors is greater than or equal to - // the value of consecutive_5xx_errors, consecutive_gateway_errors will have - // no effect. - ConsecutiveGatewayErrors *wrappers.UInt32Value `protobuf:"bytes,6,opt,name=consecutive_gateway_errors,json=consecutiveGatewayErrors,proto3" json:"consecutive_gateway_errors,omitempty"` - // Number of 5xx errors before a host is ejected from the connection pool. - // When the upstream host is accessed over an opaque TCP connection, connect - // timeouts, connection error/failure and request failure events qualify as a - // 5xx error. - // This feature defaults to 5 but can be disabled by setting the value to 0. - // - // Note that consecutive_gateway_errors and consecutive_5xx_errors can be - // used separately or together. Because the errors counted by - // consecutive_gateway_errors are also included in consecutive_5xx_errors, - // if the value of consecutive_gateway_errors is greater than or equal to - // the value of consecutive_5xx_errors, consecutive_gateway_errors will have - // no effect. - Consecutive_5XxErrors *wrappers.UInt32Value `protobuf:"bytes,7,opt,name=consecutive_5xx_errors,json=consecutive5xxErrors,proto3" json:"consecutive_5xx_errors,omitempty"` - // Time interval between ejection sweep analysis. format: - // 1h/1m/1s/1ms. MUST BE >=1ms. Default is 10s. - Interval *duration.Duration `protobuf:"bytes,2,opt,name=interval,proto3" json:"interval,omitempty"` - // Minimum ejection duration. A host will remain ejected for a period - // equal to the product of minimum ejection duration and the number of - // times the host has been ejected. This technique allows the system to - // automatically increase the ejection period for unhealthy upstream - // servers. format: 1h/1m/1s/1ms. MUST BE >=1ms. Default is 30s. - BaseEjectionTime *duration.Duration `protobuf:"bytes,3,opt,name=base_ejection_time,json=baseEjectionTime,proto3" json:"base_ejection_time,omitempty"` - // Maximum % of hosts in the load balancing pool for the upstream - // service that can be ejected. Defaults to 10%. - MaxEjectionPercent int32 `protobuf:"varint,4,opt,name=max_ejection_percent,json=maxEjectionPercent,proto3" json:"max_ejection_percent,omitempty"` - // Outlier detection will be enabled as long as the associated load balancing - // pool has at least min_health_percent hosts in healthy mode. When the - // percentage of healthy hosts in the load balancing pool drops below this - // threshold, outlier detection will be disabled and the proxy will load balance - // across all hosts in the pool (healthy and unhealthy). The threshold can be - // disabled by setting it to 0%. The default is 0% as it's not typically - // applicable in k8s environments with few pods per service. - MinHealthPercent int32 `protobuf:"varint,5,opt,name=min_health_percent,json=minHealthPercent,proto3" json:"min_health_percent,omitempty"` -} - -func (x *OutlierDetection) Reset() { - *x = OutlierDetection{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *OutlierDetection) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*OutlierDetection) ProtoMessage() {} - -func (x *OutlierDetection) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use OutlierDetection.ProtoReflect.Descriptor instead. -func (*OutlierDetection) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{5} -} - -// Deprecated: Marked as deprecated in networking/v1beta1/destination_rule.proto. -func (x *OutlierDetection) GetConsecutiveErrors() int32 { - if x != nil { - return x.ConsecutiveErrors - } - return 0 -} - -func (x *OutlierDetection) GetSplitExternalLocalOriginErrors() bool { - if x != nil { - return x.SplitExternalLocalOriginErrors - } - return false -} - -func (x *OutlierDetection) GetConsecutiveLocalOriginFailures() *wrappers.UInt32Value { - if x != nil { - return x.ConsecutiveLocalOriginFailures - } - return nil -} - -func (x *OutlierDetection) GetConsecutiveGatewayErrors() *wrappers.UInt32Value { - if x != nil { - return x.ConsecutiveGatewayErrors - } - return nil -} - -func (x *OutlierDetection) GetConsecutive_5XxErrors() *wrappers.UInt32Value { - if x != nil { - return x.Consecutive_5XxErrors - } - return nil -} - -func (x *OutlierDetection) GetInterval() *duration.Duration { - if x != nil { - return x.Interval - } - return nil -} - -func (x *OutlierDetection) GetBaseEjectionTime() *duration.Duration { - if x != nil { - return x.BaseEjectionTime - } - return nil -} - -func (x *OutlierDetection) GetMaxEjectionPercent() int32 { - if x != nil { - return x.MaxEjectionPercent - } - return 0 -} - -func (x *OutlierDetection) GetMinHealthPercent() int32 { - if x != nil { - return x.MinHealthPercent - } - return 0 -} - -// SSL/TLS related settings for upstream connections. See Envoy's [TLS -// context](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto.html#common-tls-configuration) -// for more details. These settings are common to both HTTP and TCP upstreams. -// -// For example, the following rule configures a client to use mutual TLS -// for connections to upstream database cluster. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// -// name: db-mtls -// -// spec: -// -// host: mydbserver.prod.svc.cluster.local -// trafficPolicy: -// tls: -// mode: MUTUAL -// clientCertificate: /etc/certs/myclientcert.pem -// privateKey: /etc/certs/client_private_key.pem -// caCertificates: /etc/certs/rootcacerts.pem -// -// ``` -// -// The following rule configures a client to use TLS when talking to a -// foreign service whose domain matches *.foo.com. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// -// name: tls-foo -// -// spec: -// -// host: "*.foo.com" -// trafficPolicy: -// tls: -// mode: SIMPLE -// -// ``` -// -// The following rule configures a client to use Istio mutual TLS when talking -// to rating services. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// -// name: ratings-istio-mtls -// -// spec: -// -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// tls: -// mode: ISTIO_MUTUAL -// -// ``` -type ClientTLSSettings struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Indicates whether connections to this port should be secured - // using TLS. The value of this field determines how TLS is enforced. - Mode ClientTLSSettings_TLSmode `protobuf:"varint,1,opt,name=mode,proto3,enum=istio.networking.v1beta1.ClientTLSSettings_TLSmode" json:"mode,omitempty"` - // REQUIRED if mode is `MUTUAL`. The path to the file holding the - // client-side TLS certificate to use. - // Should be empty if mode is `ISTIO_MUTUAL`. - ClientCertificate string `protobuf:"bytes,2,opt,name=client_certificate,json=clientCertificate,proto3" json:"client_certificate,omitempty"` - // REQUIRED if mode is `MUTUAL`. The path to the file holding the - // client's private key. - // Should be empty if mode is `ISTIO_MUTUAL`. - PrivateKey string `protobuf:"bytes,3,opt,name=private_key,json=privateKey,proto3" json:"private_key,omitempty"` - // OPTIONAL: The path to the file containing certificate authority - // certificates to use in verifying a presented server certificate. If - // omitted, the proxy will verify the server's certificate using - // the OS CA certificates. - // Should be empty if mode is `ISTIO_MUTUAL`. - CaCertificates string `protobuf:"bytes,4,opt,name=ca_certificates,json=caCertificates,proto3" json:"ca_certificates,omitempty"` - // The name of the secret that holds the TLS certs for the - // client including the CA certificates. This secret must exist in - // the namespace of the proxy using the certificates. - // An Opaque secret should contain the following keys and values: - // `key: `, `cert: `, `cacert: `, - // `crl: ` - // Here CACertificate is used to verify the server certificate. - // For mutual TLS, `cacert: ` can be provided in the - // same secret or a separate secret named `-cacert`. - // A TLS secret for client certificates with an additional - // `ca.crt` key for CA certificates and `ca.crl` key for - // certificate revocation list(CRL) is also supported. - // Only one of client certificates and CA certificate - // or credentialName can be specified. - // - // **NOTE:** This field is applicable at sidecars only if - // `DestinationRule` has a `workloadSelector` specified. - // Otherwise the field will be applicable only at gateways, and - // sidecars will continue to use the certificate paths. - CredentialName string `protobuf:"bytes,7,opt,name=credential_name,json=credentialName,proto3" json:"credential_name,omitempty"` - // A list of alternate names to verify the subject identity in the - // certificate. If specified, the proxy will verify that the server - // certificate's subject alt name matches one of the specified values. - // If specified, this list overrides the value of subject_alt_names - // from the ServiceEntry. If unspecified, automatic validation of upstream - // presented certificate for new upstream connections will be done based on the - // downstream HTTP host/authority header. - SubjectAltNames []string `protobuf:"bytes,5,rep,name=subject_alt_names,json=subjectAltNames,proto3" json:"subject_alt_names,omitempty"` - // SNI string to present to the server during TLS handshake. - // If unspecified, SNI will be automatically set based on downstream HTTP - // host/authority header for SIMPLE and MUTUAL TLS modes. - Sni string `protobuf:"bytes,6,opt,name=sni,proto3" json:"sni,omitempty"` - // `insecureSkipVerify` specifies whether the proxy should skip verifying the - // CA signature and SAN for the server certificate corresponding to the host. - // The default value of this field is false. - InsecureSkipVerify *wrappers.BoolValue `protobuf:"bytes,8,opt,name=insecure_skip_verify,json=insecureSkipVerify,proto3" json:"insecure_skip_verify,omitempty"` - // OPTIONAL: The path to the file containing the certificate revocation list (CRL) - // to use in verifying a presented server certificate. `CRL` is a list of certificates - // that have been revoked by the CA (Certificate Authority) before their scheduled expiration date. - // If specified, the proxy will verify if the presented certificate is part of the revoked list of certificates. - // If omitted, the proxy will not verify the certificate against the `crl`. - CaCrl string `protobuf:"bytes,9,opt,name=ca_crl,json=caCrl,proto3" json:"ca_crl,omitempty"` -} - -func (x *ClientTLSSettings) Reset() { - *x = ClientTLSSettings{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ClientTLSSettings) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ClientTLSSettings) ProtoMessage() {} - -func (x *ClientTLSSettings) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[6] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ClientTLSSettings.ProtoReflect.Descriptor instead. -func (*ClientTLSSettings) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{6} -} - -func (x *ClientTLSSettings) GetMode() ClientTLSSettings_TLSmode { - if x != nil { - return x.Mode - } - return ClientTLSSettings_DISABLE -} - -func (x *ClientTLSSettings) GetClientCertificate() string { - if x != nil { - return x.ClientCertificate - } - return "" -} - -func (x *ClientTLSSettings) GetPrivateKey() string { - if x != nil { - return x.PrivateKey - } - return "" -} - -func (x *ClientTLSSettings) GetCaCertificates() string { - if x != nil { - return x.CaCertificates - } - return "" -} - -func (x *ClientTLSSettings) GetCredentialName() string { - if x != nil { - return x.CredentialName - } - return "" -} - -func (x *ClientTLSSettings) GetSubjectAltNames() []string { - if x != nil { - return x.SubjectAltNames - } - return nil -} - -func (x *ClientTLSSettings) GetSni() string { - if x != nil { - return x.Sni - } - return "" -} - -func (x *ClientTLSSettings) GetInsecureSkipVerify() *wrappers.BoolValue { - if x != nil { - return x.InsecureSkipVerify - } - return nil -} - -func (x *ClientTLSSettings) GetCaCrl() string { - if x != nil { - return x.CaCrl - } - return "" -} - -// Locality-weighted load balancing allows administrators to control the -// distribution of traffic to endpoints based on the localities of where the -// traffic originates and where it will terminate. These localities are -// specified using arbitrary labels that designate a hierarchy of localities in -// {region}/{zone}/{sub-zone} form. For additional detail refer to -// [Locality Weight](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/locality_weight) -// The following example shows how to setup locality weights mesh-wide. -// -// Given a mesh with workloads and their service deployed to "us-west/zone1/*" -// and "us-west/zone2/*". This example specifies that when traffic accessing a -// service originates from workloads in "us-west/zone1/*", 80% of the traffic -// will be sent to endpoints in "us-west/zone1/*", i.e the same zone, and the -// remaining 20% will go to endpoints in "us-west/zone2/*". This setup is -// intended to favor routing traffic to endpoints in the same locality. -// A similar setting is specified for traffic originating in "us-west/zone2/*". -// -// ```yaml -// -// distribute: -// - from: us-west/zone1/* -// to: -// "us-west/zone1/*": 80 -// "us-west/zone2/*": 20 -// - from: us-west/zone2/* -// to: -// "us-west/zone1/*": 20 -// "us-west/zone2/*": 80 -// -// ``` -// -// If the goal of the operator is not to distribute load across zones and -// regions but rather to restrict the regionality of failover to meet other -// operational requirements an operator can set a 'failover' policy instead of -// a 'distribute' policy. -// -// The following example sets up a locality failover policy for regions. -// Assume a service resides in zones within us-east, us-west & eu-west -// this example specifies that when endpoints within us-east become unhealthy -// traffic should failover to endpoints in any zone or sub-zone within eu-west -// and similarly us-west should failover to us-east. -// -// ```yaml -// -// failover: -// - from: us-east -// to: eu-west -// - from: us-west -// to: us-east -// -// ``` -// Locality load balancing settings. -type LocalityLoadBalancerSetting struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Optional: only one of distribute, failover or failoverPriority can be set. - // Explicitly specify loadbalancing weight across different zones and geographical locations. - // Refer to [Locality weighted load balancing](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/locality_weight) - // If empty, the locality weight is set according to the endpoints number within it. - Distribute []*LocalityLoadBalancerSetting_Distribute `protobuf:"bytes,1,rep,name=distribute,proto3" json:"distribute,omitempty"` - // Optional: only one of distribute, failover or failoverPriority can be set. - // Explicitly specify the region traffic will land on when endpoints in local region becomes unhealthy. - // Should be used together with OutlierDetection to detect unhealthy endpoints. - // Note: if no OutlierDetection specified, this will not take effect. - Failover []*LocalityLoadBalancerSetting_Failover `protobuf:"bytes,2,rep,name=failover,proto3" json:"failover,omitempty"` - // failoverPriority is an ordered list of labels used to sort endpoints to do priority based load balancing. - // This is to support traffic failover across different groups of endpoints. - // Two kinds of labels can be specified: - // - // - Specify only label keys `[key1, key2, key3]`, istio would compare the label values of client with endpoints. - // Suppose there are total N label keys `[key1, key2, key3, ...keyN]` specified: - // - // 1. Endpoints matching all N labels with the client proxy have priority P(0) i.e. the highest priority. - // 2. Endpoints matching the first N-1 labels with the client proxy have priority P(1) i.e. second highest priority. - // 3. By extension of this logic, endpoints matching only the first label with the client proxy has priority P(N-1) i.e. second lowest priority. - // 4. All the other endpoints have priority P(N) i.e. lowest priority. - // - // - Specify labels with key and value `[key1=value1, key2=value2, key3=value3]`, istio would compare the labels with endpoints. - // Suppose there are total N labels `[key1=value1, key2=value2, key3=value3, ...keyN=valueN]` specified: - // - // 1. Endpoints matching all N labels have priority P(0) i.e. the highest priority. - // 2. Endpoints matching the first N-1 labels have priority P(1) i.e. second highest priority. - // 3. By extension of this logic, endpoints matching only the first label has priority P(N-1) i.e. second lowest priority. - // 4. All the other endpoints have priority P(N) i.e. lowest priority. - // - // Note: For a label to be considered for match, the previous labels must match, i.e. nth label would be considered matched only if first n-1 labels match. - // - // It can be any label specified on both client and server workloads. - // The following labels which have special semantic meaning are also supported: - // - // - `topology.istio.io/network` is used to match the network metadata of an endpoint, which can be specified by pod/namespace label `topology.istio.io/network`, sidecar env `ISTIO_META_NETWORK` or MeshNetworks. - // - `topology.istio.io/cluster` is used to match the clusterID of an endpoint, which can be specified by pod label `topology.istio.io/cluster` or pod env `ISTIO_META_CLUSTER_ID`. - // - `topology.kubernetes.io/region` is used to match the region metadata of an endpoint, which maps to Kubernetes node label `topology.kubernetes.io/region` or the deprecated label `failure-domain.beta.kubernetes.io/region`. - // - `topology.kubernetes.io/zone` is used to match the zone metadata of an endpoint, which maps to Kubernetes node label `topology.kubernetes.io/zone` or the deprecated label `failure-domain.beta.kubernetes.io/zone`. - // - `topology.istio.io/subzone` is used to match the subzone metadata of an endpoint, which maps to Istio node label `topology.istio.io/subzone`. - // - `kubernetes.io/hostname` is used to match the current node of an endpoint, which maps to Kubernetes node label `kubernetes.io/hostname`. - // - // The below topology config indicates the following priority levels: - // - // ```yaml - // failoverPriority: - // - "topology.istio.io/network" - // - "topology.kubernetes.io/region" - // - "topology.kubernetes.io/zone" - // - "topology.istio.io/subzone" - // ``` - // - // 1. endpoints match same [network, region, zone, subzone] label with the client proxy have the highest priority. - // 2. endpoints have same [network, region, zone] label but different [subzone] label with the client proxy have the second highest priority. - // 3. endpoints have same [network, region] label but different [zone] label with the client proxy have the third highest priority. - // 4. endpoints have same [network] but different [region] labels with the client proxy have the fourth highest priority. - // 5. all the other endpoints have the same lowest priority. - // - // Suppose a service associated endpoints reside in multi clusters, the below example represents: - // 1. endpoints in `clusterA` and has `version=v1` label have P(0) priority. - // 2. endpoints not in `clusterA` but has `version=v1` label have P(1) priority. - // 2. all the other endpoints have P(2) priority. - // - // ```yaml - // failoverPriority: - // - "version=v1" - // - "topology.istio.io/cluster=clusterA" - // ``` - // - // Optional: only one of distribute, failover or failoverPriority can be set. - // And it should be used together with `OutlierDetection` to detect unhealthy endpoints, otherwise has no effect. - FailoverPriority []string `protobuf:"bytes,4,rep,name=failover_priority,json=failoverPriority,proto3" json:"failover_priority,omitempty"` - // enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety. - // e.g. true means that turn on locality load balancing for this DestinationRule no matter what mesh wide settings is. - Enabled *wrappers.BoolValue `protobuf:"bytes,3,opt,name=enabled,proto3" json:"enabled,omitempty"` -} - -func (x *LocalityLoadBalancerSetting) Reset() { - *x = LocalityLoadBalancerSetting{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[7] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *LocalityLoadBalancerSetting) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*LocalityLoadBalancerSetting) ProtoMessage() {} - -func (x *LocalityLoadBalancerSetting) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[7] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use LocalityLoadBalancerSetting.ProtoReflect.Descriptor instead. -func (*LocalityLoadBalancerSetting) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{7} -} - -func (x *LocalityLoadBalancerSetting) GetDistribute() []*LocalityLoadBalancerSetting_Distribute { - if x != nil { - return x.Distribute - } - return nil -} - -func (x *LocalityLoadBalancerSetting) GetFailover() []*LocalityLoadBalancerSetting_Failover { - if x != nil { - return x.Failover - } - return nil -} - -func (x *LocalityLoadBalancerSetting) GetFailoverPriority() []string { - if x != nil { - return x.FailoverPriority - } - return nil -} - -func (x *LocalityLoadBalancerSetting) GetEnabled() *wrappers.BoolValue { - if x != nil { - return x.Enabled - } - return nil -} - -// Traffic policies that apply to specific ports of the service -type TrafficPolicy_PortTrafficPolicy struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Specifies the number of a port on the destination service - // on which this policy is being applied. - Port *PortSelector `protobuf:"bytes,1,opt,name=port,proto3" json:"port,omitempty"` - // Settings controlling the load balancer algorithms. - LoadBalancer *LoadBalancerSettings `protobuf:"bytes,2,opt,name=load_balancer,json=loadBalancer,proto3" json:"load_balancer,omitempty"` - // Settings controlling the volume of connections to an upstream service - ConnectionPool *ConnectionPoolSettings `protobuf:"bytes,3,opt,name=connection_pool,json=connectionPool,proto3" json:"connection_pool,omitempty"` - // Settings controlling eviction of unhealthy hosts from the load balancing pool - OutlierDetection *OutlierDetection `protobuf:"bytes,4,opt,name=outlier_detection,json=outlierDetection,proto3" json:"outlier_detection,omitempty"` - // TLS related settings for connections to the upstream service. - Tls *ClientTLSSettings `protobuf:"bytes,5,opt,name=tls,proto3" json:"tls,omitempty"` -} - -func (x *TrafficPolicy_PortTrafficPolicy) Reset() { - *x = TrafficPolicy_PortTrafficPolicy{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[8] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *TrafficPolicy_PortTrafficPolicy) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*TrafficPolicy_PortTrafficPolicy) ProtoMessage() {} - -func (x *TrafficPolicy_PortTrafficPolicy) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[8] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use TrafficPolicy_PortTrafficPolicy.ProtoReflect.Descriptor instead. -func (*TrafficPolicy_PortTrafficPolicy) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{1, 0} -} - -func (x *TrafficPolicy_PortTrafficPolicy) GetPort() *PortSelector { - if x != nil { - return x.Port - } - return nil -} - -func (x *TrafficPolicy_PortTrafficPolicy) GetLoadBalancer() *LoadBalancerSettings { - if x != nil { - return x.LoadBalancer - } - return nil -} - -func (x *TrafficPolicy_PortTrafficPolicy) GetConnectionPool() *ConnectionPoolSettings { - if x != nil { - return x.ConnectionPool - } - return nil -} - -func (x *TrafficPolicy_PortTrafficPolicy) GetOutlierDetection() *OutlierDetection { - if x != nil { - return x.OutlierDetection - } - return nil -} - -func (x *TrafficPolicy_PortTrafficPolicy) GetTls() *ClientTLSSettings { - if x != nil { - return x.Tls - } - return nil -} - -type TrafficPolicy_TunnelSettings struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Specifies which protocol to use for tunneling the downstream connection. - // Supported protocols are: - // - // CONNECT - uses HTTP CONNECT; - // POST - uses HTTP POST. - // - // CONNECT is used by default if not specified. - // HTTP version for upstream requests is determined by the service protocol defined for the proxy. - Protocol string `protobuf:"bytes,1,opt,name=protocol,proto3" json:"protocol,omitempty"` - // Specifies a host to which the downstream connection is tunneled. - // Target host must be an FQDN or IP address. - TargetHost string `protobuf:"bytes,2,opt,name=target_host,json=targetHost,proto3" json:"target_host,omitempty"` - // Specifies a port to which the downstream connection is tunneled. - TargetPort uint32 `protobuf:"varint,3,opt,name=target_port,json=targetPort,proto3" json:"target_port,omitempty"` -} - -func (x *TrafficPolicy_TunnelSettings) Reset() { - *x = TrafficPolicy_TunnelSettings{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[9] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *TrafficPolicy_TunnelSettings) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*TrafficPolicy_TunnelSettings) ProtoMessage() {} - -func (x *TrafficPolicy_TunnelSettings) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[9] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use TrafficPolicy_TunnelSettings.ProtoReflect.Descriptor instead. -func (*TrafficPolicy_TunnelSettings) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{1, 1} -} - -func (x *TrafficPolicy_TunnelSettings) GetProtocol() string { - if x != nil { - return x.Protocol - } - return "" -} - -func (x *TrafficPolicy_TunnelSettings) GetTargetHost() string { - if x != nil { - return x.TargetHost - } - return "" -} - -func (x *TrafficPolicy_TunnelSettings) GetTargetPort() uint32 { - if x != nil { - return x.TargetPort - } - return 0 -} - -type TrafficPolicy_ProxyProtocol struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The PROXY protocol version to use. See https://www.haproxy.org/download/2.1/doc/proxy-protocol.txt for details. - // By default it is `V1`. - Version TrafficPolicy_ProxyProtocol_VERSION `protobuf:"varint,1,opt,name=version,proto3,enum=istio.networking.v1beta1.TrafficPolicy_ProxyProtocol_VERSION" json:"version,omitempty"` -} - -func (x *TrafficPolicy_ProxyProtocol) Reset() { - *x = TrafficPolicy_ProxyProtocol{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[10] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *TrafficPolicy_ProxyProtocol) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*TrafficPolicy_ProxyProtocol) ProtoMessage() {} - -func (x *TrafficPolicy_ProxyProtocol) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[10] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use TrafficPolicy_ProxyProtocol.ProtoReflect.Descriptor instead. -func (*TrafficPolicy_ProxyProtocol) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{1, 2} -} - -func (x *TrafficPolicy_ProxyProtocol) GetVersion() TrafficPolicy_ProxyProtocol_VERSION { - if x != nil { - return x.Version - } - return TrafficPolicy_ProxyProtocol_V1 -} - -// Consistent Hash-based load balancing can be used to provide soft -// session affinity based on HTTP headers, cookies or other -// properties. The affinity to a particular destination host may be -// lost when one or more hosts are added/removed from the destination -// service. -// -// Note: consistent hashing is less reliable at maintaining affinity than common -// "sticky sessions" implementations, which often encode a specific destination in -// a cookie, ensuring affinity is maintained as long as the backend remains. -// With consistent hash, the guarantees are weaker; any host addition or removal can -// break affinity for `1/backends` requests. -// -// Warning: consistent hashing depends on each proxy having a consistent view of endpoints. -// This is not the case when locality load balancing is enabled. Locality load balancing -// and consistent hash will only work together when all proxies are in the same locality, -// or a high level load balancer handles locality affinity. -type LoadBalancerSettings_ConsistentHashLB struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The hash key to use. - // - // Types that are assignable to HashKey: - // - // *LoadBalancerSettings_ConsistentHashLB_HttpHeaderName - // *LoadBalancerSettings_ConsistentHashLB_HttpCookie - // *LoadBalancerSettings_ConsistentHashLB_UseSourceIp - // *LoadBalancerSettings_ConsistentHashLB_HttpQueryParameterName - HashKey isLoadBalancerSettings_ConsistentHashLB_HashKey `protobuf_oneof:"hash_key"` - // The hash algorithm to use. - // Please refer to https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#ring-hash - // and https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#maglev for - // considerations on choosing an algorithm. - // Defaults to RingHash if not specified. - // - // Types that are assignable to HashAlgorithm: - // - // *LoadBalancerSettings_ConsistentHashLB_RingHash_ - // *LoadBalancerSettings_ConsistentHashLB_Maglev - HashAlgorithm isLoadBalancerSettings_ConsistentHashLB_HashAlgorithm `protobuf_oneof:"hash_algorithm"` - // Deprecated. Use RingHash instead. - // - // Deprecated: Marked as deprecated in networking/v1beta1/destination_rule.proto. - MinimumRingSize uint64 `protobuf:"varint,4,opt,name=minimum_ring_size,json=minimumRingSize,proto3" json:"minimum_ring_size,omitempty"` -} - -func (x *LoadBalancerSettings_ConsistentHashLB) Reset() { - *x = LoadBalancerSettings_ConsistentHashLB{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[12] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *LoadBalancerSettings_ConsistentHashLB) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*LoadBalancerSettings_ConsistentHashLB) ProtoMessage() {} - -func (x *LoadBalancerSettings_ConsistentHashLB) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[12] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use LoadBalancerSettings_ConsistentHashLB.ProtoReflect.Descriptor instead. -func (*LoadBalancerSettings_ConsistentHashLB) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{3, 0} -} - -func (m *LoadBalancerSettings_ConsistentHashLB) GetHashKey() isLoadBalancerSettings_ConsistentHashLB_HashKey { - if m != nil { - return m.HashKey - } - return nil -} - -func (x *LoadBalancerSettings_ConsistentHashLB) GetHttpHeaderName() string { - if x, ok := x.GetHashKey().(*LoadBalancerSettings_ConsistentHashLB_HttpHeaderName); ok { - return x.HttpHeaderName - } - return "" -} - -func (x *LoadBalancerSettings_ConsistentHashLB) GetHttpCookie() *LoadBalancerSettings_ConsistentHashLB_HTTPCookie { - if x, ok := x.GetHashKey().(*LoadBalancerSettings_ConsistentHashLB_HttpCookie); ok { - return x.HttpCookie - } - return nil -} - -func (x *LoadBalancerSettings_ConsistentHashLB) GetUseSourceIp() bool { - if x, ok := x.GetHashKey().(*LoadBalancerSettings_ConsistentHashLB_UseSourceIp); ok { - return x.UseSourceIp - } - return false -} - -func (x *LoadBalancerSettings_ConsistentHashLB) GetHttpQueryParameterName() string { - if x, ok := x.GetHashKey().(*LoadBalancerSettings_ConsistentHashLB_HttpQueryParameterName); ok { - return x.HttpQueryParameterName - } - return "" -} - -func (m *LoadBalancerSettings_ConsistentHashLB) GetHashAlgorithm() isLoadBalancerSettings_ConsistentHashLB_HashAlgorithm { - if m != nil { - return m.HashAlgorithm - } - return nil -} - -func (x *LoadBalancerSettings_ConsistentHashLB) GetRingHash() *LoadBalancerSettings_ConsistentHashLB_RingHash { - if x, ok := x.GetHashAlgorithm().(*LoadBalancerSettings_ConsistentHashLB_RingHash_); ok { - return x.RingHash - } - return nil -} - -func (x *LoadBalancerSettings_ConsistentHashLB) GetMaglev() *LoadBalancerSettings_ConsistentHashLB_MagLev { - if x, ok := x.GetHashAlgorithm().(*LoadBalancerSettings_ConsistentHashLB_Maglev); ok { - return x.Maglev - } - return nil -} - -// Deprecated: Marked as deprecated in networking/v1beta1/destination_rule.proto. -func (x *LoadBalancerSettings_ConsistentHashLB) GetMinimumRingSize() uint64 { - if x != nil { - return x.MinimumRingSize - } - return 0 -} - -type isLoadBalancerSettings_ConsistentHashLB_HashKey interface { - isLoadBalancerSettings_ConsistentHashLB_HashKey() -} - -type LoadBalancerSettings_ConsistentHashLB_HttpHeaderName struct { - // Hash based on a specific HTTP header. - HttpHeaderName string `protobuf:"bytes,1,opt,name=http_header_name,json=httpHeaderName,proto3,oneof"` -} - -type LoadBalancerSettings_ConsistentHashLB_HttpCookie struct { - // Hash based on HTTP cookie. - HttpCookie *LoadBalancerSettings_ConsistentHashLB_HTTPCookie `protobuf:"bytes,2,opt,name=http_cookie,json=httpCookie,proto3,oneof"` -} - -type LoadBalancerSettings_ConsistentHashLB_UseSourceIp struct { - // Hash based on the source IP address. - // This is applicable for both TCP and HTTP connections. - UseSourceIp bool `protobuf:"varint,3,opt,name=use_source_ip,json=useSourceIp,proto3,oneof"` -} - -type LoadBalancerSettings_ConsistentHashLB_HttpQueryParameterName struct { - // Hash based on a specific HTTP query parameter. - HttpQueryParameterName string `protobuf:"bytes,5,opt,name=http_query_parameter_name,json=httpQueryParameterName,proto3,oneof"` -} - -func (*LoadBalancerSettings_ConsistentHashLB_HttpHeaderName) isLoadBalancerSettings_ConsistentHashLB_HashKey() { -} - -func (*LoadBalancerSettings_ConsistentHashLB_HttpCookie) isLoadBalancerSettings_ConsistentHashLB_HashKey() { -} - -func (*LoadBalancerSettings_ConsistentHashLB_UseSourceIp) isLoadBalancerSettings_ConsistentHashLB_HashKey() { -} - -func (*LoadBalancerSettings_ConsistentHashLB_HttpQueryParameterName) isLoadBalancerSettings_ConsistentHashLB_HashKey() { -} - -type isLoadBalancerSettings_ConsistentHashLB_HashAlgorithm interface { - isLoadBalancerSettings_ConsistentHashLB_HashAlgorithm() -} - -type LoadBalancerSettings_ConsistentHashLB_RingHash_ struct { - // The ring/modulo hash load balancer implements consistent hashing to backend hosts. - RingHash *LoadBalancerSettings_ConsistentHashLB_RingHash `protobuf:"bytes,6,opt,name=ring_hash,json=ringHash,proto3,oneof"` -} - -type LoadBalancerSettings_ConsistentHashLB_Maglev struct { - // The Maglev load balancer implements consistent hashing to backend hosts. - Maglev *LoadBalancerSettings_ConsistentHashLB_MagLev `protobuf:"bytes,7,opt,name=maglev,proto3,oneof"` -} - -func (*LoadBalancerSettings_ConsistentHashLB_RingHash_) isLoadBalancerSettings_ConsistentHashLB_HashAlgorithm() { -} - -func (*LoadBalancerSettings_ConsistentHashLB_Maglev) isLoadBalancerSettings_ConsistentHashLB_HashAlgorithm() { -} - -type LoadBalancerSettings_ConsistentHashLB_RingHash struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The minimum number of virtual nodes to use for the hash - // ring. Defaults to 1024. Larger ring sizes result in more granular - // load distributions. If the number of hosts in the load balancing - // pool is larger than the ring size, each host will be assigned a - // single virtual node. - MinimumRingSize uint64 `protobuf:"varint,1,opt,name=minimum_ring_size,json=minimumRingSize,proto3" json:"minimum_ring_size,omitempty"` -} - -func (x *LoadBalancerSettings_ConsistentHashLB_RingHash) Reset() { - *x = LoadBalancerSettings_ConsistentHashLB_RingHash{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[13] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *LoadBalancerSettings_ConsistentHashLB_RingHash) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*LoadBalancerSettings_ConsistentHashLB_RingHash) ProtoMessage() {} - -func (x *LoadBalancerSettings_ConsistentHashLB_RingHash) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[13] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use LoadBalancerSettings_ConsistentHashLB_RingHash.ProtoReflect.Descriptor instead. -func (*LoadBalancerSettings_ConsistentHashLB_RingHash) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{3, 0, 0} -} - -func (x *LoadBalancerSettings_ConsistentHashLB_RingHash) GetMinimumRingSize() uint64 { - if x != nil { - return x.MinimumRingSize - } - return 0 -} - -type LoadBalancerSettings_ConsistentHashLB_MagLev struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The table size for Maglev hashing. This helps in controlling the - // disruption when the backend hosts change. - // Increasing the table size reduces the amount of disruption. - // The table size must be prime number less than 5000011. - // If it is not specified, the default is 65537. - TableSize uint64 `protobuf:"varint,1,opt,name=table_size,json=tableSize,proto3" json:"table_size,omitempty"` -} - -func (x *LoadBalancerSettings_ConsistentHashLB_MagLev) Reset() { - *x = LoadBalancerSettings_ConsistentHashLB_MagLev{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[14] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *LoadBalancerSettings_ConsistentHashLB_MagLev) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*LoadBalancerSettings_ConsistentHashLB_MagLev) ProtoMessage() {} - -func (x *LoadBalancerSettings_ConsistentHashLB_MagLev) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[14] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use LoadBalancerSettings_ConsistentHashLB_MagLev.ProtoReflect.Descriptor instead. -func (*LoadBalancerSettings_ConsistentHashLB_MagLev) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{3, 0, 1} -} - -func (x *LoadBalancerSettings_ConsistentHashLB_MagLev) GetTableSize() uint64 { - if x != nil { - return x.TableSize - } - return 0 -} - -// Describes a HTTP cookie that will be used as the hash key for the -// Consistent Hash load balancer. -type LoadBalancerSettings_ConsistentHashLB_HTTPCookie struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Name of the cookie. - Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` - // Path to set for the cookie. - Path string `protobuf:"bytes,2,opt,name=path,proto3" json:"path,omitempty"` - // Lifetime of the cookie. If specified, a cookie with the TTL will be - // generated if the cookie is not present. If the TTL is present and zero, - // the generated cookie will be a session cookie. - Ttl *duration.Duration `protobuf:"bytes,3,opt,name=ttl,proto3" json:"ttl,omitempty"` -} - -func (x *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) Reset() { - *x = LoadBalancerSettings_ConsistentHashLB_HTTPCookie{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[15] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*LoadBalancerSettings_ConsistentHashLB_HTTPCookie) ProtoMessage() {} - -func (x *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[15] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use LoadBalancerSettings_ConsistentHashLB_HTTPCookie.ProtoReflect.Descriptor instead. -func (*LoadBalancerSettings_ConsistentHashLB_HTTPCookie) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{3, 0, 2} -} - -func (x *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) GetName() string { - if x != nil { - return x.Name - } - return "" -} - -func (x *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) GetPath() string { - if x != nil { - return x.Path - } - return "" -} - -func (x *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) GetTtl() *duration.Duration { - if x != nil { - return x.Ttl - } - return nil -} - -// Settings common to both HTTP and TCP upstream connections. -type ConnectionPoolSettings_TCPSettings struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Maximum number of HTTP1 /TCP connections to a destination host. Default 2^32-1. - MaxConnections int32 `protobuf:"varint,1,opt,name=max_connections,json=maxConnections,proto3" json:"max_connections,omitempty"` - // TCP connection timeout. format: - // 1h/1m/1s/1ms. MUST BE >=1ms. Default is 10s. - ConnectTimeout *duration.Duration `protobuf:"bytes,2,opt,name=connect_timeout,json=connectTimeout,proto3" json:"connect_timeout,omitempty"` - // If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. - TcpKeepalive *ConnectionPoolSettings_TCPSettings_TcpKeepalive `protobuf:"bytes,3,opt,name=tcp_keepalive,json=tcpKeepalive,proto3" json:"tcp_keepalive,omitempty"` - // The maximum duration of a connection. The duration is defined as the period since a connection - // was established. If not set, there is no max duration. When max_connection_duration - // is reached the connection will be closed. Duration must be at least 1ms. - MaxConnectionDuration *duration.Duration `protobuf:"bytes,4,opt,name=max_connection_duration,json=maxConnectionDuration,proto3" json:"max_connection_duration,omitempty"` - // The idle timeout for TCP connections. - // The idle timeout is defined as the period in which there are no bytes sent or received on either - // the upstream or downstream connection. - // If not set, the default idle timeout is 1 hour. If set to 0s, the timeout will be disabled. - // Idle timeout is not configured per each cluster individually when weighted destinations are used, - // because idleTimeout is a property of a listener, not a cluster. In that case, idleTimeout - // specified in a destination rule for the first weighted route is configured in the listener, - // which means also for all weighted routes. - IdleTimeout *duration.Duration `protobuf:"bytes,5,opt,name=idle_timeout,json=idleTimeout,proto3" json:"idle_timeout,omitempty"` -} - -func (x *ConnectionPoolSettings_TCPSettings) Reset() { - *x = ConnectionPoolSettings_TCPSettings{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[16] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ConnectionPoolSettings_TCPSettings) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ConnectionPoolSettings_TCPSettings) ProtoMessage() {} - -func (x *ConnectionPoolSettings_TCPSettings) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[16] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ConnectionPoolSettings_TCPSettings.ProtoReflect.Descriptor instead. -func (*ConnectionPoolSettings_TCPSettings) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{4, 0} -} - -func (x *ConnectionPoolSettings_TCPSettings) GetMaxConnections() int32 { - if x != nil { - return x.MaxConnections - } - return 0 -} - -func (x *ConnectionPoolSettings_TCPSettings) GetConnectTimeout() *duration.Duration { - if x != nil { - return x.ConnectTimeout - } - return nil -} - -func (x *ConnectionPoolSettings_TCPSettings) GetTcpKeepalive() *ConnectionPoolSettings_TCPSettings_TcpKeepalive { - if x != nil { - return x.TcpKeepalive - } - return nil -} - -func (x *ConnectionPoolSettings_TCPSettings) GetMaxConnectionDuration() *duration.Duration { - if x != nil { - return x.MaxConnectionDuration - } - return nil -} - -func (x *ConnectionPoolSettings_TCPSettings) GetIdleTimeout() *duration.Duration { - if x != nil { - return x.IdleTimeout - } - return nil -} - -// Settings applicable to HTTP1.1/HTTP2/GRPC connections. -type ConnectionPoolSettings_HTTPSettings struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Maximum number of requests that will be queued while waiting for - // a ready connection pool connection. Default 2^32-1. - // Refer to https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/circuit_breaking - // under which conditions a new connection is created for HTTP2. - // Please note that this is applicable to both HTTP/1.1 and HTTP2. - Http1MaxPendingRequests int32 `protobuf:"varint,1,opt,name=http1_max_pending_requests,json=http1MaxPendingRequests,proto3" json:"http1_max_pending_requests,omitempty"` - // Maximum number of active requests to a destination. Default 2^32-1. - // Please note that this is applicable to both HTTP/1.1 and HTTP2. - Http2MaxRequests int32 `protobuf:"varint,2,opt,name=http2_max_requests,json=http2MaxRequests,proto3" json:"http2_max_requests,omitempty"` - // Maximum number of requests per connection to a backend. Setting this - // parameter to 1 disables keep alive. Default 0, meaning "unlimited", - // up to 2^29. - MaxRequestsPerConnection int32 `protobuf:"varint,3,opt,name=max_requests_per_connection,json=maxRequestsPerConnection,proto3" json:"max_requests_per_connection,omitempty"` - // Maximum number of retries that can be outstanding to all hosts in a - // cluster at a given time. Defaults to 2^32-1. - MaxRetries int32 `protobuf:"varint,4,opt,name=max_retries,json=maxRetries,proto3" json:"max_retries,omitempty"` - // The idle timeout for upstream connection pool connections. The idle timeout - // is defined as the period in which there are no active requests. - // If not set, the default is 1 hour. When the idle timeout is reached, - // the connection will be closed. If the connection is an HTTP/2 - // connection a drain sequence will occur prior to closing the connection. - // Note that request based timeouts mean that HTTP/2 PINGs will not - // keep the connection alive. Applies to both HTTP1.1 and HTTP2 connections. - IdleTimeout *duration.Duration `protobuf:"bytes,5,opt,name=idle_timeout,json=idleTimeout,proto3" json:"idle_timeout,omitempty"` - // Specify if http1.1 connection should be upgraded to http2 for the associated destination. - H2UpgradePolicy ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy `protobuf:"varint,6,opt,name=h2_upgrade_policy,json=h2UpgradePolicy,proto3,enum=istio.networking.v1beta1.ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy" json:"h2_upgrade_policy,omitempty"` - // If set to true, client protocol will be preserved while initiating connection to backend. - // Note that when this is set to true, h2_upgrade_policy will be ineffective i.e. the client - // connections will not be upgraded to http2. - UseClientProtocol bool `protobuf:"varint,7,opt,name=use_client_protocol,json=useClientProtocol,proto3" json:"use_client_protocol,omitempty"` - // The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection. - // Defaults to 2^31-1. - MaxConcurrentStreams int32 `protobuf:"varint,8,opt,name=max_concurrent_streams,json=maxConcurrentStreams,proto3" json:"max_concurrent_streams,omitempty"` -} - -func (x *ConnectionPoolSettings_HTTPSettings) Reset() { - *x = ConnectionPoolSettings_HTTPSettings{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[17] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ConnectionPoolSettings_HTTPSettings) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ConnectionPoolSettings_HTTPSettings) ProtoMessage() {} - -func (x *ConnectionPoolSettings_HTTPSettings) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[17] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ConnectionPoolSettings_HTTPSettings.ProtoReflect.Descriptor instead. -func (*ConnectionPoolSettings_HTTPSettings) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{4, 1} -} - -func (x *ConnectionPoolSettings_HTTPSettings) GetHttp1MaxPendingRequests() int32 { - if x != nil { - return x.Http1MaxPendingRequests - } - return 0 -} - -func (x *ConnectionPoolSettings_HTTPSettings) GetHttp2MaxRequests() int32 { - if x != nil { - return x.Http2MaxRequests - } - return 0 -} - -func (x *ConnectionPoolSettings_HTTPSettings) GetMaxRequestsPerConnection() int32 { - if x != nil { - return x.MaxRequestsPerConnection - } - return 0 -} - -func (x *ConnectionPoolSettings_HTTPSettings) GetMaxRetries() int32 { - if x != nil { - return x.MaxRetries - } - return 0 -} - -func (x *ConnectionPoolSettings_HTTPSettings) GetIdleTimeout() *duration.Duration { - if x != nil { - return x.IdleTimeout - } - return nil -} - -func (x *ConnectionPoolSettings_HTTPSettings) GetH2UpgradePolicy() ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy { - if x != nil { - return x.H2UpgradePolicy - } - return ConnectionPoolSettings_HTTPSettings_DEFAULT -} - -func (x *ConnectionPoolSettings_HTTPSettings) GetUseClientProtocol() bool { - if x != nil { - return x.UseClientProtocol - } - return false -} - -func (x *ConnectionPoolSettings_HTTPSettings) GetMaxConcurrentStreams() int32 { - if x != nil { - return x.MaxConcurrentStreams - } - return 0 -} - -// TCP keepalive. -type ConnectionPoolSettings_TCPSettings_TcpKeepalive struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Maximum number of keepalive probes to send without response before - // deciding the connection is dead. Default is to use the OS level configuration - // (unless overridden, Linux defaults to 9.) - Probes uint32 `protobuf:"varint,1,opt,name=probes,proto3" json:"probes,omitempty"` - // The time duration a connection needs to be idle before keep-alive - // probes start being sent. Default is to use the OS level configuration - // (unless overridden, Linux defaults to 7200s (ie 2 hours.) - Time *duration.Duration `protobuf:"bytes,2,opt,name=time,proto3" json:"time,omitempty"` - // The time duration between keep-alive probes. - // Default is to use the OS level configuration - // (unless overridden, Linux defaults to 75s.) - Interval *duration.Duration `protobuf:"bytes,3,opt,name=interval,proto3" json:"interval,omitempty"` -} - -func (x *ConnectionPoolSettings_TCPSettings_TcpKeepalive) Reset() { - *x = ConnectionPoolSettings_TCPSettings_TcpKeepalive{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[18] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ConnectionPoolSettings_TCPSettings_TcpKeepalive) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ConnectionPoolSettings_TCPSettings_TcpKeepalive) ProtoMessage() {} - -func (x *ConnectionPoolSettings_TCPSettings_TcpKeepalive) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[18] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ConnectionPoolSettings_TCPSettings_TcpKeepalive.ProtoReflect.Descriptor instead. -func (*ConnectionPoolSettings_TCPSettings_TcpKeepalive) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{4, 0, 0} -} - -func (x *ConnectionPoolSettings_TCPSettings_TcpKeepalive) GetProbes() uint32 { - if x != nil { - return x.Probes - } - return 0 -} - -func (x *ConnectionPoolSettings_TCPSettings_TcpKeepalive) GetTime() *duration.Duration { - if x != nil { - return x.Time - } - return nil -} - -func (x *ConnectionPoolSettings_TCPSettings_TcpKeepalive) GetInterval() *duration.Duration { - if x != nil { - return x.Interval - } - return nil -} - -// Describes how traffic originating in the 'from' zone or sub-zone is -// distributed over a set of 'to' zones. Syntax for specifying a zone is -// {region}/{zone}/{sub-zone} and terminal wildcards are allowed on any -// segment of the specification. Examples: -// -// `*` - matches all localities -// -// `us-west/*` - all zones and sub-zones within the us-west region -// -// `us-west/zone-1/*` - all sub-zones within us-west/zone-1 -type LocalityLoadBalancerSetting_Distribute struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Originating locality, '/' separated, e.g. 'region/zone/sub_zone'. - From string `protobuf:"bytes,1,opt,name=from,proto3" json:"from,omitempty"` - // Map of upstream localities to traffic distribution weights. The sum of - // all weights should be 100. Any locality not present will - // receive no traffic. - To map[string]uint32 `protobuf:"bytes,2,rep,name=to,proto3" json:"to,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"varint,2,opt,name=value,proto3"` -} - -func (x *LocalityLoadBalancerSetting_Distribute) Reset() { - *x = LocalityLoadBalancerSetting_Distribute{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[19] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *LocalityLoadBalancerSetting_Distribute) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*LocalityLoadBalancerSetting_Distribute) ProtoMessage() {} - -func (x *LocalityLoadBalancerSetting_Distribute) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[19] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use LocalityLoadBalancerSetting_Distribute.ProtoReflect.Descriptor instead. -func (*LocalityLoadBalancerSetting_Distribute) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{7, 0} -} - -func (x *LocalityLoadBalancerSetting_Distribute) GetFrom() string { - if x != nil { - return x.From - } - return "" -} - -func (x *LocalityLoadBalancerSetting_Distribute) GetTo() map[string]uint32 { - if x != nil { - return x.To - } - return nil -} - -// Specify the traffic failover policy across regions. Since zone and sub-zone -// failover is supported by default this only needs to be specified for -// regions when the operator needs to constrain traffic failover so that -// the default behavior of failing over to any endpoint globally does not -// apply. This is useful when failing over traffic across regions would not -// improve service health or may need to be restricted for other reasons -// like regulatory controls. -type LocalityLoadBalancerSetting_Failover struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Originating region. - From string `protobuf:"bytes,1,opt,name=from,proto3" json:"from,omitempty"` - // Destination region the traffic will fail over to when endpoints in - // the 'from' region becomes unhealthy. - To string `protobuf:"bytes,2,opt,name=to,proto3" json:"to,omitempty"` -} - -func (x *LocalityLoadBalancerSetting_Failover) Reset() { - *x = LocalityLoadBalancerSetting_Failover{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[20] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *LocalityLoadBalancerSetting_Failover) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*LocalityLoadBalancerSetting_Failover) ProtoMessage() {} - -func (x *LocalityLoadBalancerSetting_Failover) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_destination_rule_proto_msgTypes[20] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use LocalityLoadBalancerSetting_Failover.ProtoReflect.Descriptor instead. -func (*LocalityLoadBalancerSetting_Failover) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_destination_rule_proto_rawDescGZIP(), []int{7, 1} -} - -func (x *LocalityLoadBalancerSetting_Failover) GetFrom() string { - if x != nil { - return x.From - } - return "" -} - -func (x *LocalityLoadBalancerSetting_Failover) GetTo() string { - if x != nil { - return x.To - } - return "" -} - -var File_networking_v1beta1_destination_rule_proto protoreflect.FileDescriptor - -var file_networking_v1beta1_destination_rule_proto_rawDesc = []byte{ - 0x0a, 0x29, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, - 0x65, 0x74, 0x61, 0x31, 0x2f, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x5f, 0x72, 0x75, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x18, 0x69, 0x73, 0x74, - 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, - 0x62, 0x65, 0x74, 0x61, 0x31, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, - 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x77, 0x72, 0x61, 0x70, 0x70, 0x65, 0x72, 0x73, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x28, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, - 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x76, 0x69, 0x72, 0x74, 0x75, - 0x61, 0x6c, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x1a, 0x1b, 0x74, 0x79, 0x70, 0x65, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x73, - 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xa6, 0x02, - 0x0a, 0x0f, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x75, 0x6c, - 0x65, 0x12, 0x17, 0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, - 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x12, 0x4e, 0x0a, 0x0e, 0x74, 0x72, - 0x61, 0x66, 0x66, 0x69, 0x63, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, - 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x54, 0x72, - 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x0d, 0x74, 0x72, 0x61, - 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x3a, 0x0a, 0x07, 0x73, 0x75, - 0x62, 0x73, 0x65, 0x74, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, 0x73, - 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, - 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, 0x52, 0x07, 0x73, - 0x75, 0x62, 0x73, 0x65, 0x74, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x65, 0x78, 0x70, 0x6f, 0x72, 0x74, - 0x5f, 0x74, 0x6f, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x65, 0x78, 0x70, 0x6f, 0x72, - 0x74, 0x54, 0x6f, 0x12, 0x51, 0x0a, 0x11, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, - 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, - 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, - 0x74, 0x61, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, - 0x63, 0x74, 0x6f, 0x72, 0x52, 0x10, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, - 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x22, 0x8a, 0x0a, 0x0a, 0x0d, 0x54, 0x72, 0x61, 0x66, 0x66, - 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x53, 0x0a, 0x0d, 0x6c, 0x6f, 0x61, 0x64, - 0x5f, 0x62, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x2e, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, - 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x42, - 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, - 0x0c, 0x6c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x12, 0x59, 0x0a, - 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x6f, 0x6f, 0x6c, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, - 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, - 0x31, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, - 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, - 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x12, 0x57, 0x0a, 0x11, 0x6f, 0x75, 0x74, 0x6c, - 0x69, 0x65, 0x72, 0x5f, 0x64, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, - 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4f, - 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, - 0x10, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, - 0x6e, 0x12, 0x3d, 0x0a, 0x03, 0x74, 0x6c, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, - 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, - 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, - 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x03, 0x74, 0x6c, 0x73, - 0x12, 0x69, 0x0a, 0x13, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x5f, 0x73, - 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x39, 0x2e, - 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, - 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, - 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x50, 0x6f, 0x72, 0x74, 0x54, 0x72, 0x61, 0x66, 0x66, - 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x11, 0x70, 0x6f, 0x72, 0x74, 0x4c, 0x65, - 0x76, 0x65, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x4e, 0x0a, 0x06, 0x74, - 0x75, 0x6e, 0x6e, 0x65, 0x6c, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x69, 0x73, - 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, - 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, - 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x54, 0x75, 0x6e, 0x6e, 0x65, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, - 0x6e, 0x67, 0x73, 0x52, 0x06, 0x74, 0x75, 0x6e, 0x6e, 0x65, 0x6c, 0x12, 0x5c, 0x0a, 0x0e, 0x70, - 0x72, 0x6f, 0x78, 0x79, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x07, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, - 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x54, - 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x50, 0x72, 0x6f, - 0x78, 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x52, 0x0d, 0x70, 0x72, 0x6f, 0x78, - 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x1a, 0x97, 0x03, 0x0a, 0x11, 0x50, 0x6f, - 0x72, 0x74, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, - 0x3a, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, - 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, - 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x50, 0x6f, 0x72, 0x74, 0x53, 0x65, 0x6c, - 0x65, 0x63, 0x74, 0x6f, 0x72, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x53, 0x0a, 0x0d, 0x6c, - 0x6f, 0x61, 0x64, 0x5f, 0x62, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, - 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x6f, - 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, - 0x67, 0x73, 0x52, 0x0c, 0x6c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, - 0x12, 0x59, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, - 0x6f, 0x6f, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x69, 0x73, 0x74, 0x69, - 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, - 0x65, 0x74, 0x61, 0x31, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, - 0x6f, 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0e, 0x63, 0x6f, 0x6e, - 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x12, 0x57, 0x0a, 0x11, 0x6f, - 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x5f, 0x64, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, - 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, - 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, - 0x31, 0x2e, 0x4f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, - 0x6f, 0x6e, 0x52, 0x10, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x44, 0x65, 0x74, 0x65, 0x63, - 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x3d, 0x0a, 0x03, 0x74, 0x6c, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x2b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, - 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x43, 0x6c, 0x69, - 0x65, 0x6e, 0x74, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x03, - 0x74, 0x6c, 0x73, 0x1a, 0x78, 0x0a, 0x0e, 0x54, 0x75, 0x6e, 0x6e, 0x65, 0x6c, 0x53, 0x65, 0x74, - 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, - 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, - 0x6c, 0x12, 0x24, 0x0a, 0x0b, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x68, 0x6f, 0x73, 0x74, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0a, 0x74, 0x61, 0x72, - 0x67, 0x65, 0x74, 0x48, 0x6f, 0x73, 0x74, 0x12, 0x24, 0x0a, 0x0b, 0x74, 0x61, 0x72, 0x67, 0x65, - 0x74, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x03, 0xe0, 0x41, - 0x02, 0x52, 0x0a, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x50, 0x6f, 0x72, 0x74, 0x1a, 0x83, 0x01, - 0x0a, 0x0d, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, - 0x57, 0x0a, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, - 0x32, 0x3d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x54, 0x72, 0x61, 0x66, - 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x50, - 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2e, 0x56, 0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x52, - 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x19, 0x0a, 0x07, 0x56, 0x45, 0x52, 0x53, - 0x49, 0x4f, 0x4e, 0x12, 0x06, 0x0a, 0x02, 0x56, 0x31, 0x10, 0x00, 0x12, 0x06, 0x0a, 0x02, 0x56, - 0x32, 0x10, 0x01, 0x22, 0xf2, 0x01, 0x0a, 0x06, 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, 0x12, 0x17, - 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, - 0x02, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x44, 0x0a, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, - 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, - 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, - 0x61, 0x31, 0x2e, 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x12, 0x4e, 0x0a, - 0x0e, 0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, - 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, - 0x2e, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x0d, - 0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x1a, 0x39, 0x0a, - 0x0b, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, - 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, - 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, - 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xfd, 0x09, 0x0a, 0x14, 0x4c, 0x6f, 0x61, - 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, - 0x73, 0x12, 0x51, 0x0a, 0x06, 0x73, 0x69, 0x6d, 0x70, 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x0e, 0x32, 0x37, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, - 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x6f, 0x61, - 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, - 0x73, 0x2e, 0x53, 0x69, 0x6d, 0x70, 0x6c, 0x65, 0x4c, 0x42, 0x48, 0x00, 0x52, 0x06, 0x73, 0x69, - 0x6d, 0x70, 0x6c, 0x65, 0x12, 0x6a, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x73, 0x69, 0x73, 0x74, 0x65, - 0x6e, 0x74, 0x5f, 0x68, 0x61, 0x73, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3f, 0x2e, - 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, - 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, - 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x43, 0x6f, - 0x6e, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x74, 0x48, 0x61, 0x73, 0x68, 0x4c, 0x42, 0x48, 0x00, - 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x74, 0x48, 0x61, 0x73, 0x68, - 0x12, 0x65, 0x0a, 0x13, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x5f, 0x6c, 0x62, 0x5f, - 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x35, 0x2e, - 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, - 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, - 0x79, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, - 0x74, 0x69, 0x6e, 0x67, 0x52, 0x11, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x4c, 0x62, - 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x12, 0x4b, 0x0a, 0x14, 0x77, 0x61, 0x72, 0x6d, 0x75, - 0x70, 0x5f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x65, 0x63, 0x73, 0x18, - 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x52, 0x12, 0x77, 0x61, 0x72, 0x6d, 0x75, 0x70, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x53, 0x65, 0x63, 0x73, 0x1a, 0xf2, 0x05, 0x0a, 0x10, 0x43, 0x6f, 0x6e, 0x73, 0x69, 0x73, 0x74, - 0x65, 0x6e, 0x74, 0x48, 0x61, 0x73, 0x68, 0x4c, 0x42, 0x12, 0x2a, 0x0a, 0x10, 0x68, 0x74, 0x74, - 0x70, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x0e, 0x68, 0x74, 0x74, 0x70, 0x48, 0x65, 0x61, 0x64, 0x65, - 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x6d, 0x0a, 0x0b, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x63, 0x6f, - 0x6f, 0x6b, 0x69, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x4a, 0x2e, 0x69, 0x73, 0x74, - 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, - 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, - 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x69, - 0x73, 0x74, 0x65, 0x6e, 0x74, 0x48, 0x61, 0x73, 0x68, 0x4c, 0x42, 0x2e, 0x48, 0x54, 0x54, 0x50, - 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x48, 0x00, 0x52, 0x0a, 0x68, 0x74, 0x74, 0x70, 0x43, 0x6f, - 0x6f, 0x6b, 0x69, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x75, 0x73, 0x65, 0x5f, 0x73, 0x6f, 0x75, 0x72, - 0x63, 0x65, 0x5f, 0x69, 0x70, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x48, 0x00, 0x52, 0x0b, 0x75, - 0x73, 0x65, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x70, 0x12, 0x3b, 0x0a, 0x19, 0x68, 0x74, - 0x74, 0x70, 0x5f, 0x71, 0x75, 0x65, 0x72, 0x79, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, - 0x65, 0x72, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, - 0x16, 0x68, 0x74, 0x74, 0x70, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, - 0x74, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x67, 0x0a, 0x09, 0x72, 0x69, 0x6e, 0x67, 0x5f, - 0x68, 0x61, 0x73, 0x68, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x48, 0x2e, 0x69, 0x73, 0x74, - 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, - 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, - 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x69, - 0x73, 0x74, 0x65, 0x6e, 0x74, 0x48, 0x61, 0x73, 0x68, 0x4c, 0x42, 0x2e, 0x52, 0x69, 0x6e, 0x67, - 0x48, 0x61, 0x73, 0x68, 0x48, 0x01, 0x52, 0x08, 0x72, 0x69, 0x6e, 0x67, 0x48, 0x61, 0x73, 0x68, - 0x12, 0x60, 0x0a, 0x06, 0x6d, 0x61, 0x67, 0x6c, 0x65, 0x76, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x46, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x6f, 0x61, 0x64, - 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, - 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x74, 0x48, 0x61, 0x73, 0x68, 0x4c, - 0x42, 0x2e, 0x4d, 0x61, 0x67, 0x4c, 0x65, 0x76, 0x48, 0x01, 0x52, 0x06, 0x6d, 0x61, 0x67, 0x6c, - 0x65, 0x76, 0x12, 0x2e, 0x0a, 0x11, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x5f, 0x72, 0x69, - 0x6e, 0x67, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, 0x42, 0x02, 0x18, - 0x01, 0x52, 0x0f, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x52, 0x69, 0x6e, 0x67, 0x53, 0x69, - 0x7a, 0x65, 0x1a, 0x36, 0x0a, 0x08, 0x52, 0x69, 0x6e, 0x67, 0x48, 0x61, 0x73, 0x68, 0x12, 0x2a, - 0x0a, 0x11, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x73, - 0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0f, 0x6d, 0x69, 0x6e, 0x69, 0x6d, - 0x75, 0x6d, 0x52, 0x69, 0x6e, 0x67, 0x53, 0x69, 0x7a, 0x65, 0x1a, 0x27, 0x0a, 0x06, 0x4d, 0x61, - 0x67, 0x4c, 0x65, 0x76, 0x12, 0x1d, 0x0a, 0x0a, 0x74, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x73, 0x69, - 0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x09, 0x74, 0x61, 0x62, 0x6c, 0x65, 0x53, - 0x69, 0x7a, 0x65, 0x1a, 0x66, 0x0a, 0x0a, 0x48, 0x54, 0x54, 0x50, 0x43, 0x6f, 0x6f, 0x6b, 0x69, - 0x65, 0x12, 0x17, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, - 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, - 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x2b, - 0x0a, 0x03, 0x74, 0x74, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, - 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x03, 0x74, 0x74, 0x6c, 0x42, 0x0a, 0x0a, 0x08, 0x68, - 0x61, 0x73, 0x68, 0x5f, 0x6b, 0x65, 0x79, 0x42, 0x10, 0x0a, 0x0e, 0x68, 0x61, 0x73, 0x68, 0x5f, - 0x61, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x22, 0x70, 0x0a, 0x08, 0x53, 0x69, 0x6d, - 0x70, 0x6c, 0x65, 0x4c, 0x42, 0x12, 0x0f, 0x0a, 0x0b, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, - 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x12, 0x0a, 0x0a, 0x4c, 0x45, 0x41, 0x53, 0x54, 0x5f, - 0x43, 0x4f, 0x4e, 0x4e, 0x10, 0x01, 0x1a, 0x02, 0x08, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x52, 0x41, - 0x4e, 0x44, 0x4f, 0x4d, 0x10, 0x02, 0x12, 0x0f, 0x0a, 0x0b, 0x50, 0x41, 0x53, 0x53, 0x54, 0x48, - 0x52, 0x4f, 0x55, 0x47, 0x48, 0x10, 0x03, 0x12, 0x0f, 0x0a, 0x0b, 0x52, 0x4f, 0x55, 0x4e, 0x44, - 0x5f, 0x52, 0x4f, 0x42, 0x49, 0x4e, 0x10, 0x04, 0x12, 0x11, 0x0a, 0x0d, 0x4c, 0x45, 0x41, 0x53, - 0x54, 0x5f, 0x52, 0x45, 0x51, 0x55, 0x45, 0x53, 0x54, 0x10, 0x05, 0x42, 0x0b, 0x0a, 0x09, 0x6c, - 0x62, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x22, 0x84, 0x0a, 0x0a, 0x16, 0x43, 0x6f, 0x6e, - 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, - 0x6e, 0x67, 0x73, 0x12, 0x4e, 0x0a, 0x03, 0x74, 0x63, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x3c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, - 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, - 0x67, 0x73, 0x2e, 0x54, 0x43, 0x50, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x03, - 0x74, 0x63, 0x70, 0x12, 0x51, 0x0a, 0x04, 0x68, 0x74, 0x74, 0x70, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x3d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, - 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x43, 0x6f, 0x6e, - 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, - 0x6e, 0x67, 0x73, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, - 0x52, 0x04, 0x68, 0x74, 0x74, 0x70, 0x1a, 0x8a, 0x04, 0x0a, 0x0b, 0x54, 0x43, 0x50, 0x53, 0x65, - 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x6d, 0x61, 0x78, 0x5f, 0x63, 0x6f, - 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, - 0x0e, 0x6d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, - 0x42, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, - 0x75, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, - 0x6f, 0x75, 0x74, 0x12, 0x6e, 0x0a, 0x0d, 0x74, 0x63, 0x70, 0x5f, 0x6b, 0x65, 0x65, 0x70, 0x61, - 0x6c, 0x69, 0x76, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x49, 0x2e, 0x69, 0x73, 0x74, - 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, - 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, - 0x50, 0x6f, 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x54, 0x43, 0x50, - 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x54, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, - 0x61, 0x6c, 0x69, 0x76, 0x65, 0x52, 0x0c, 0x74, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x61, 0x6c, - 0x69, 0x76, 0x65, 0x12, 0x51, 0x0a, 0x17, 0x6d, 0x61, 0x78, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, - 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x04, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, - 0x15, 0x6d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x75, - 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x3c, 0x0a, 0x0c, 0x69, 0x64, 0x6c, 0x65, 0x5f, 0x74, - 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, - 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0b, 0x69, 0x64, 0x6c, 0x65, 0x54, 0x69, 0x6d, - 0x65, 0x6f, 0x75, 0x74, 0x1a, 0x8c, 0x01, 0x0a, 0x0c, 0x54, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, - 0x61, 0x6c, 0x69, 0x76, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x73, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x73, 0x12, 0x2d, 0x0a, - 0x04, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, - 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x04, 0x74, 0x69, 0x6d, 0x65, 0x12, 0x35, 0x0a, 0x08, - 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, - 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, - 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, - 0x76, 0x61, 0x6c, 0x1a, 0xb9, 0x04, 0x0a, 0x0c, 0x48, 0x54, 0x54, 0x50, 0x53, 0x65, 0x74, 0x74, - 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3b, 0x0a, 0x1a, 0x68, 0x74, 0x74, 0x70, 0x31, 0x5f, 0x6d, 0x61, - 0x78, 0x5f, 0x70, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x17, 0x68, 0x74, 0x74, 0x70, 0x31, 0x4d, - 0x61, 0x78, 0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x73, 0x12, 0x2c, 0x0a, 0x12, 0x68, 0x74, 0x74, 0x70, 0x32, 0x5f, 0x6d, 0x61, 0x78, 0x5f, 0x72, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x10, 0x68, - 0x74, 0x74, 0x70, 0x32, 0x4d, 0x61, 0x78, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x12, - 0x3d, 0x0a, 0x1b, 0x6d, 0x61, 0x78, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x5f, - 0x70, 0x65, 0x72, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, - 0x20, 0x01, 0x28, 0x05, 0x52, 0x18, 0x6d, 0x61, 0x78, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x73, 0x50, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1f, - 0x0a, 0x0b, 0x6d, 0x61, 0x78, 0x5f, 0x72, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x18, 0x04, 0x20, - 0x01, 0x28, 0x05, 0x52, 0x0a, 0x6d, 0x61, 0x78, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x12, - 0x3c, 0x0a, 0x0c, 0x69, 0x64, 0x6c, 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, - 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x52, 0x0b, 0x69, 0x64, 0x6c, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x79, 0x0a, - 0x11, 0x68, 0x32, 0x5f, 0x75, 0x70, 0x67, 0x72, 0x61, 0x64, 0x65, 0x5f, 0x70, 0x6f, 0x6c, 0x69, - 0x63, 0x79, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x4d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, - 0x74, 0x61, 0x31, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, - 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x53, - 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x48, 0x32, 0x55, 0x70, 0x67, 0x72, 0x61, 0x64, - 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x0f, 0x68, 0x32, 0x55, 0x70, 0x67, 0x72, 0x61, - 0x64, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x2e, 0x0a, 0x13, 0x75, 0x73, 0x65, 0x5f, - 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, - 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x11, 0x75, 0x73, 0x65, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, - 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x34, 0x0a, 0x16, 0x6d, 0x61, 0x78, 0x5f, - 0x63, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x73, 0x74, 0x72, 0x65, 0x61, - 0x6d, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x05, 0x52, 0x14, 0x6d, 0x61, 0x78, 0x43, 0x6f, 0x6e, - 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x22, 0x3f, - 0x0a, 0x0f, 0x48, 0x32, 0x55, 0x70, 0x67, 0x72, 0x61, 0x64, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, - 0x79, 0x12, 0x0b, 0x0a, 0x07, 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x00, 0x12, 0x12, - 0x0a, 0x0e, 0x44, 0x4f, 0x5f, 0x4e, 0x4f, 0x54, 0x5f, 0x55, 0x50, 0x47, 0x52, 0x41, 0x44, 0x45, - 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x50, 0x47, 0x52, 0x41, 0x44, 0x45, 0x10, 0x02, 0x22, - 0x8a, 0x05, 0x0a, 0x10, 0x4f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x44, 0x65, 0x74, 0x65, 0x63, - 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x31, 0x0a, 0x12, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, - 0x69, 0x76, 0x65, 0x5f, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, - 0x42, 0x02, 0x18, 0x01, 0x52, 0x11, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, - 0x65, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x12, 0x4a, 0x0a, 0x22, 0x73, 0x70, 0x6c, 0x69, 0x74, - 0x5f, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5f, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, - 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x5f, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x18, 0x08, 0x20, - 0x01, 0x28, 0x08, 0x52, 0x1e, 0x73, 0x70, 0x6c, 0x69, 0x74, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, - 0x61, 0x6c, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x4f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x45, 0x72, 0x72, - 0x6f, 0x72, 0x73, 0x12, 0x67, 0x0a, 0x21, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, - 0x76, 0x65, 0x5f, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x5f, - 0x66, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, - 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, - 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x1e, 0x63, 0x6f, - 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x4f, 0x72, - 0x69, 0x67, 0x69, 0x6e, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73, 0x12, 0x5a, 0x0a, 0x1a, - 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x67, 0x61, 0x74, 0x65, - 0x77, 0x61, 0x79, 0x5f, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, - 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x18, - 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x47, 0x61, 0x74, 0x65, 0x77, - 0x61, 0x79, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x12, 0x52, 0x0a, 0x16, 0x63, 0x6f, 0x6e, 0x73, - 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x35, 0x78, 0x78, 0x5f, 0x65, 0x72, 0x72, 0x6f, - 0x72, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, - 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x14, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, - 0x69, 0x76, 0x65, 0x35, 0x78, 0x78, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x12, 0x35, 0x0a, 0x08, - 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, - 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, - 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, - 0x76, 0x61, 0x6c, 0x12, 0x47, 0x0a, 0x12, 0x62, 0x61, 0x73, 0x65, 0x5f, 0x65, 0x6a, 0x65, 0x63, - 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, - 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x62, 0x61, 0x73, 0x65, - 0x45, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x30, 0x0a, 0x14, - 0x6d, 0x61, 0x78, 0x5f, 0x65, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x65, 0x72, - 0x63, 0x65, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x12, 0x6d, 0x61, 0x78, 0x45, - 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x12, 0x2c, - 0x0a, 0x12, 0x6d, 0x69, 0x6e, 0x5f, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x5f, 0x70, 0x65, 0x72, - 0x63, 0x65, 0x6e, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x05, 0x52, 0x10, 0x6d, 0x69, 0x6e, 0x48, - 0x65, 0x61, 0x6c, 0x74, 0x68, 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x22, 0xe3, 0x03, 0x0a, - 0x11, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, - 0x67, 0x73, 0x12, 0x47, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, - 0x32, 0x33, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x43, 0x6c, 0x69, 0x65, - 0x6e, 0x74, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x54, 0x4c, - 0x53, 0x6d, 0x6f, 0x64, 0x65, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x2d, 0x0a, 0x12, 0x63, - 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, - 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, - 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x72, - 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x0a, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x12, 0x27, 0x0a, 0x0f, 0x63, - 0x61, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x18, 0x04, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x63, 0x61, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, - 0x61, 0x74, 0x65, 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, - 0x61, 0x6c, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x63, - 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x2a, 0x0a, - 0x11, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x61, 0x6c, 0x74, 0x5f, 0x6e, 0x61, 0x6d, - 0x65, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0f, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, - 0x74, 0x41, 0x6c, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x73, 0x6e, 0x69, - 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x73, 0x6e, 0x69, 0x12, 0x4c, 0x0a, 0x14, 0x69, - 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x5f, 0x73, 0x6b, 0x69, 0x70, 0x5f, 0x76, 0x65, 0x72, - 0x69, 0x66, 0x79, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, - 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, - 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x12, 0x69, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x53, - 0x6b, 0x69, 0x70, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x12, 0x15, 0x0a, 0x06, 0x63, 0x61, 0x5f, - 0x63, 0x72, 0x6c, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x63, 0x61, 0x43, 0x72, 0x6c, - 0x22, 0x40, 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x44, - 0x49, 0x53, 0x41, 0x42, 0x4c, 0x45, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x49, 0x4d, 0x50, - 0x4c, 0x45, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x4d, 0x55, 0x54, 0x55, 0x41, 0x4c, 0x10, 0x02, - 0x12, 0x10, 0x0a, 0x0c, 0x49, 0x53, 0x54, 0x49, 0x4f, 0x5f, 0x4d, 0x55, 0x54, 0x55, 0x41, 0x4c, - 0x10, 0x03, 0x22, 0xa2, 0x04, 0x0a, 0x1b, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x4c, - 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, - 0x6e, 0x67, 0x12, 0x60, 0x0a, 0x0a, 0x64, 0x69, 0x73, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, - 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, - 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, - 0x31, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, - 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x2e, 0x44, 0x69, - 0x73, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x52, 0x0a, 0x64, 0x69, 0x73, 0x74, 0x72, 0x69, - 0x62, 0x75, 0x74, 0x65, 0x12, 0x5a, 0x0a, 0x08, 0x66, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, - 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, - 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, - 0x31, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, - 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x2e, 0x46, 0x61, - 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x52, 0x08, 0x66, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, - 0x12, 0x2b, 0x0a, 0x11, 0x66, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x5f, 0x70, 0x72, 0x69, - 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x10, 0x66, 0x61, 0x69, - 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x50, 0x72, 0x69, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x34, 0x0a, - 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, - 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, - 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x07, 0x65, 0x6e, 0x61, 0x62, - 0x6c, 0x65, 0x64, 0x1a, 0xb1, 0x01, 0x0a, 0x0a, 0x44, 0x69, 0x73, 0x74, 0x72, 0x69, 0x62, 0x75, - 0x74, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x72, 0x6f, 0x6d, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x04, 0x66, 0x72, 0x6f, 0x6d, 0x12, 0x58, 0x0a, 0x02, 0x74, 0x6f, 0x18, 0x02, 0x20, 0x03, - 0x28, 0x0b, 0x32, 0x48, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, - 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x6f, - 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, - 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x2e, 0x44, 0x69, 0x73, 0x74, 0x72, 0x69, - 0x62, 0x75, 0x74, 0x65, 0x2e, 0x54, 0x6f, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x02, 0x74, 0x6f, - 0x1a, 0x35, 0x0a, 0x07, 0x54, 0x6f, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, - 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, - 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, 0x76, 0x61, - 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x2e, 0x0a, 0x08, 0x46, 0x61, 0x69, 0x6c, 0x6f, - 0x76, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x72, 0x6f, 0x6d, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x04, 0x66, 0x72, 0x6f, 0x6d, 0x12, 0x0e, 0x0a, 0x02, 0x74, 0x6f, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x02, 0x74, 0x6f, 0x42, 0x21, 0x5a, 0x1f, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, - 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x33, -} - -var ( - file_networking_v1beta1_destination_rule_proto_rawDescOnce sync.Once - file_networking_v1beta1_destination_rule_proto_rawDescData = file_networking_v1beta1_destination_rule_proto_rawDesc -) - -func file_networking_v1beta1_destination_rule_proto_rawDescGZIP() []byte { - file_networking_v1beta1_destination_rule_proto_rawDescOnce.Do(func() { - file_networking_v1beta1_destination_rule_proto_rawDescData = protoimpl.X.CompressGZIP(file_networking_v1beta1_destination_rule_proto_rawDescData) - }) - return file_networking_v1beta1_destination_rule_proto_rawDescData -} - -var file_networking_v1beta1_destination_rule_proto_enumTypes = make([]protoimpl.EnumInfo, 4) -var file_networking_v1beta1_destination_rule_proto_msgTypes = make([]protoimpl.MessageInfo, 22) -var file_networking_v1beta1_destination_rule_proto_goTypes = []interface{}{ - (TrafficPolicy_ProxyProtocol_VERSION)(0), // 0: istio.networking.v1beta1.TrafficPolicy.ProxyProtocol.VERSION - (LoadBalancerSettings_SimpleLB)(0), // 1: istio.networking.v1beta1.LoadBalancerSettings.SimpleLB - (ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy)(0), // 2: istio.networking.v1beta1.ConnectionPoolSettings.HTTPSettings.H2UpgradePolicy - (ClientTLSSettings_TLSmode)(0), // 3: istio.networking.v1beta1.ClientTLSSettings.TLSmode - (*DestinationRule)(nil), // 4: istio.networking.v1beta1.DestinationRule - (*TrafficPolicy)(nil), // 5: istio.networking.v1beta1.TrafficPolicy - (*Subset)(nil), // 6: istio.networking.v1beta1.Subset - (*LoadBalancerSettings)(nil), // 7: istio.networking.v1beta1.LoadBalancerSettings - (*ConnectionPoolSettings)(nil), // 8: istio.networking.v1beta1.ConnectionPoolSettings - (*OutlierDetection)(nil), // 9: istio.networking.v1beta1.OutlierDetection - (*ClientTLSSettings)(nil), // 10: istio.networking.v1beta1.ClientTLSSettings - (*LocalityLoadBalancerSetting)(nil), // 11: istio.networking.v1beta1.LocalityLoadBalancerSetting - (*TrafficPolicy_PortTrafficPolicy)(nil), // 12: istio.networking.v1beta1.TrafficPolicy.PortTrafficPolicy - (*TrafficPolicy_TunnelSettings)(nil), // 13: istio.networking.v1beta1.TrafficPolicy.TunnelSettings - (*TrafficPolicy_ProxyProtocol)(nil), // 14: istio.networking.v1beta1.TrafficPolicy.ProxyProtocol - nil, // 15: istio.networking.v1beta1.Subset.LabelsEntry - (*LoadBalancerSettings_ConsistentHashLB)(nil), // 16: istio.networking.v1beta1.LoadBalancerSettings.ConsistentHashLB - (*LoadBalancerSettings_ConsistentHashLB_RingHash)(nil), // 17: istio.networking.v1beta1.LoadBalancerSettings.ConsistentHashLB.RingHash - (*LoadBalancerSettings_ConsistentHashLB_MagLev)(nil), // 18: istio.networking.v1beta1.LoadBalancerSettings.ConsistentHashLB.MagLev - (*LoadBalancerSettings_ConsistentHashLB_HTTPCookie)(nil), // 19: istio.networking.v1beta1.LoadBalancerSettings.ConsistentHashLB.HTTPCookie - (*ConnectionPoolSettings_TCPSettings)(nil), // 20: istio.networking.v1beta1.ConnectionPoolSettings.TCPSettings - (*ConnectionPoolSettings_HTTPSettings)(nil), // 21: istio.networking.v1beta1.ConnectionPoolSettings.HTTPSettings - (*ConnectionPoolSettings_TCPSettings_TcpKeepalive)(nil), // 22: istio.networking.v1beta1.ConnectionPoolSettings.TCPSettings.TcpKeepalive - (*LocalityLoadBalancerSetting_Distribute)(nil), // 23: istio.networking.v1beta1.LocalityLoadBalancerSetting.Distribute - (*LocalityLoadBalancerSetting_Failover)(nil), // 24: istio.networking.v1beta1.LocalityLoadBalancerSetting.Failover - nil, // 25: istio.networking.v1beta1.LocalityLoadBalancerSetting.Distribute.ToEntry - (*v1beta1.WorkloadSelector)(nil), // 26: istio.type.v1beta1.WorkloadSelector - (*duration.Duration)(nil), // 27: google.protobuf.Duration - (*wrappers.UInt32Value)(nil), // 28: google.protobuf.UInt32Value - (*wrappers.BoolValue)(nil), // 29: google.protobuf.BoolValue - (*PortSelector)(nil), // 30: istio.networking.v1beta1.PortSelector -} -var file_networking_v1beta1_destination_rule_proto_depIdxs = []int32{ - 5, // 0: istio.networking.v1beta1.DestinationRule.traffic_policy:type_name -> istio.networking.v1beta1.TrafficPolicy - 6, // 1: istio.networking.v1beta1.DestinationRule.subsets:type_name -> istio.networking.v1beta1.Subset - 26, // 2: istio.networking.v1beta1.DestinationRule.workload_selector:type_name -> istio.type.v1beta1.WorkloadSelector - 7, // 3: istio.networking.v1beta1.TrafficPolicy.load_balancer:type_name -> istio.networking.v1beta1.LoadBalancerSettings - 8, // 4: istio.networking.v1beta1.TrafficPolicy.connection_pool:type_name -> istio.networking.v1beta1.ConnectionPoolSettings - 9, // 5: istio.networking.v1beta1.TrafficPolicy.outlier_detection:type_name -> istio.networking.v1beta1.OutlierDetection - 10, // 6: istio.networking.v1beta1.TrafficPolicy.tls:type_name -> istio.networking.v1beta1.ClientTLSSettings - 12, // 7: istio.networking.v1beta1.TrafficPolicy.port_level_settings:type_name -> istio.networking.v1beta1.TrafficPolicy.PortTrafficPolicy - 13, // 8: istio.networking.v1beta1.TrafficPolicy.tunnel:type_name -> istio.networking.v1beta1.TrafficPolicy.TunnelSettings - 14, // 9: istio.networking.v1beta1.TrafficPolicy.proxy_protocol:type_name -> istio.networking.v1beta1.TrafficPolicy.ProxyProtocol - 15, // 10: istio.networking.v1beta1.Subset.labels:type_name -> istio.networking.v1beta1.Subset.LabelsEntry - 5, // 11: istio.networking.v1beta1.Subset.traffic_policy:type_name -> istio.networking.v1beta1.TrafficPolicy - 1, // 12: istio.networking.v1beta1.LoadBalancerSettings.simple:type_name -> istio.networking.v1beta1.LoadBalancerSettings.SimpleLB - 16, // 13: istio.networking.v1beta1.LoadBalancerSettings.consistent_hash:type_name -> istio.networking.v1beta1.LoadBalancerSettings.ConsistentHashLB - 11, // 14: istio.networking.v1beta1.LoadBalancerSettings.locality_lb_setting:type_name -> istio.networking.v1beta1.LocalityLoadBalancerSetting - 27, // 15: istio.networking.v1beta1.LoadBalancerSettings.warmup_duration_secs:type_name -> google.protobuf.Duration - 20, // 16: istio.networking.v1beta1.ConnectionPoolSettings.tcp:type_name -> istio.networking.v1beta1.ConnectionPoolSettings.TCPSettings - 21, // 17: istio.networking.v1beta1.ConnectionPoolSettings.http:type_name -> istio.networking.v1beta1.ConnectionPoolSettings.HTTPSettings - 28, // 18: istio.networking.v1beta1.OutlierDetection.consecutive_local_origin_failures:type_name -> google.protobuf.UInt32Value - 28, // 19: istio.networking.v1beta1.OutlierDetection.consecutive_gateway_errors:type_name -> google.protobuf.UInt32Value - 28, // 20: istio.networking.v1beta1.OutlierDetection.consecutive_5xx_errors:type_name -> google.protobuf.UInt32Value - 27, // 21: istio.networking.v1beta1.OutlierDetection.interval:type_name -> google.protobuf.Duration - 27, // 22: istio.networking.v1beta1.OutlierDetection.base_ejection_time:type_name -> google.protobuf.Duration - 3, // 23: istio.networking.v1beta1.ClientTLSSettings.mode:type_name -> istio.networking.v1beta1.ClientTLSSettings.TLSmode - 29, // 24: istio.networking.v1beta1.ClientTLSSettings.insecure_skip_verify:type_name -> google.protobuf.BoolValue - 23, // 25: istio.networking.v1beta1.LocalityLoadBalancerSetting.distribute:type_name -> istio.networking.v1beta1.LocalityLoadBalancerSetting.Distribute - 24, // 26: istio.networking.v1beta1.LocalityLoadBalancerSetting.failover:type_name -> istio.networking.v1beta1.LocalityLoadBalancerSetting.Failover - 29, // 27: istio.networking.v1beta1.LocalityLoadBalancerSetting.enabled:type_name -> google.protobuf.BoolValue - 30, // 28: istio.networking.v1beta1.TrafficPolicy.PortTrafficPolicy.port:type_name -> istio.networking.v1beta1.PortSelector - 7, // 29: istio.networking.v1beta1.TrafficPolicy.PortTrafficPolicy.load_balancer:type_name -> istio.networking.v1beta1.LoadBalancerSettings - 8, // 30: istio.networking.v1beta1.TrafficPolicy.PortTrafficPolicy.connection_pool:type_name -> istio.networking.v1beta1.ConnectionPoolSettings - 9, // 31: istio.networking.v1beta1.TrafficPolicy.PortTrafficPolicy.outlier_detection:type_name -> istio.networking.v1beta1.OutlierDetection - 10, // 32: istio.networking.v1beta1.TrafficPolicy.PortTrafficPolicy.tls:type_name -> istio.networking.v1beta1.ClientTLSSettings - 0, // 33: istio.networking.v1beta1.TrafficPolicy.ProxyProtocol.version:type_name -> istio.networking.v1beta1.TrafficPolicy.ProxyProtocol.VERSION - 19, // 34: istio.networking.v1beta1.LoadBalancerSettings.ConsistentHashLB.http_cookie:type_name -> istio.networking.v1beta1.LoadBalancerSettings.ConsistentHashLB.HTTPCookie - 17, // 35: istio.networking.v1beta1.LoadBalancerSettings.ConsistentHashLB.ring_hash:type_name -> istio.networking.v1beta1.LoadBalancerSettings.ConsistentHashLB.RingHash - 18, // 36: istio.networking.v1beta1.LoadBalancerSettings.ConsistentHashLB.maglev:type_name -> istio.networking.v1beta1.LoadBalancerSettings.ConsistentHashLB.MagLev - 27, // 37: istio.networking.v1beta1.LoadBalancerSettings.ConsistentHashLB.HTTPCookie.ttl:type_name -> google.protobuf.Duration - 27, // 38: istio.networking.v1beta1.ConnectionPoolSettings.TCPSettings.connect_timeout:type_name -> google.protobuf.Duration - 22, // 39: istio.networking.v1beta1.ConnectionPoolSettings.TCPSettings.tcp_keepalive:type_name -> istio.networking.v1beta1.ConnectionPoolSettings.TCPSettings.TcpKeepalive - 27, // 40: istio.networking.v1beta1.ConnectionPoolSettings.TCPSettings.max_connection_duration:type_name -> google.protobuf.Duration - 27, // 41: istio.networking.v1beta1.ConnectionPoolSettings.TCPSettings.idle_timeout:type_name -> google.protobuf.Duration - 27, // 42: istio.networking.v1beta1.ConnectionPoolSettings.HTTPSettings.idle_timeout:type_name -> google.protobuf.Duration - 2, // 43: istio.networking.v1beta1.ConnectionPoolSettings.HTTPSettings.h2_upgrade_policy:type_name -> istio.networking.v1beta1.ConnectionPoolSettings.HTTPSettings.H2UpgradePolicy - 27, // 44: istio.networking.v1beta1.ConnectionPoolSettings.TCPSettings.TcpKeepalive.time:type_name -> google.protobuf.Duration - 27, // 45: istio.networking.v1beta1.ConnectionPoolSettings.TCPSettings.TcpKeepalive.interval:type_name -> google.protobuf.Duration - 25, // 46: istio.networking.v1beta1.LocalityLoadBalancerSetting.Distribute.to:type_name -> istio.networking.v1beta1.LocalityLoadBalancerSetting.Distribute.ToEntry - 47, // [47:47] is the sub-list for method output_type - 47, // [47:47] is the sub-list for method input_type - 47, // [47:47] is the sub-list for extension type_name - 47, // [47:47] is the sub-list for extension extendee - 0, // [0:47] is the sub-list for field type_name -} - -func init() { file_networking_v1beta1_destination_rule_proto_init() } -func file_networking_v1beta1_destination_rule_proto_init() { - if File_networking_v1beta1_destination_rule_proto != nil { - return - } - file_networking_v1beta1_virtual_service_proto_init() - if !protoimpl.UnsafeEnabled { - file_networking_v1beta1_destination_rule_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*DestinationRule); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_destination_rule_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TrafficPolicy); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_destination_rule_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Subset); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_destination_rule_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*LoadBalancerSettings); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_destination_rule_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ConnectionPoolSettings); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_destination_rule_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*OutlierDetection); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_destination_rule_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ClientTLSSettings); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_destination_rule_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*LocalityLoadBalancerSetting); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_destination_rule_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TrafficPolicy_PortTrafficPolicy); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_destination_rule_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TrafficPolicy_TunnelSettings); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_destination_rule_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TrafficPolicy_ProxyProtocol); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_destination_rule_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*LoadBalancerSettings_ConsistentHashLB); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_destination_rule_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*LoadBalancerSettings_ConsistentHashLB_RingHash); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_destination_rule_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*LoadBalancerSettings_ConsistentHashLB_MagLev); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_destination_rule_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*LoadBalancerSettings_ConsistentHashLB_HTTPCookie); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_destination_rule_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ConnectionPoolSettings_TCPSettings); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_destination_rule_proto_msgTypes[17].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ConnectionPoolSettings_HTTPSettings); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_destination_rule_proto_msgTypes[18].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ConnectionPoolSettings_TCPSettings_TcpKeepalive); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_destination_rule_proto_msgTypes[19].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*LocalityLoadBalancerSetting_Distribute); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_destination_rule_proto_msgTypes[20].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*LocalityLoadBalancerSetting_Failover); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - file_networking_v1beta1_destination_rule_proto_msgTypes[3].OneofWrappers = []interface{}{ - (*LoadBalancerSettings_Simple)(nil), - (*LoadBalancerSettings_ConsistentHash)(nil), - } - file_networking_v1beta1_destination_rule_proto_msgTypes[12].OneofWrappers = []interface{}{ - (*LoadBalancerSettings_ConsistentHashLB_HttpHeaderName)(nil), - (*LoadBalancerSettings_ConsistentHashLB_HttpCookie)(nil), - (*LoadBalancerSettings_ConsistentHashLB_UseSourceIp)(nil), - (*LoadBalancerSettings_ConsistentHashLB_HttpQueryParameterName)(nil), - (*LoadBalancerSettings_ConsistentHashLB_RingHash_)(nil), - (*LoadBalancerSettings_ConsistentHashLB_Maglev)(nil), - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_networking_v1beta1_destination_rule_proto_rawDesc, - NumEnums: 4, - NumMessages: 22, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_networking_v1beta1_destination_rule_proto_goTypes, - DependencyIndexes: file_networking_v1beta1_destination_rule_proto_depIdxs, - EnumInfos: file_networking_v1beta1_destination_rule_proto_enumTypes, - MessageInfos: file_networking_v1beta1_destination_rule_proto_msgTypes, - }.Build() - File_networking_v1beta1_destination_rule_proto = out.File - file_networking_v1beta1_destination_rule_proto_rawDesc = nil - file_networking_v1beta1_destination_rule_proto_goTypes = nil - file_networking_v1beta1_destination_rule_proto_depIdxs = nil -} diff --git a/networking/v1beta1/destination_rule.proto b/networking/v1beta1/destination_rule.proto deleted file mode 100644 index 0fcd1e18197..00000000000 --- a/networking/v1beta1/destination_rule.proto +++ /dev/null @@ -1,1032 +0,0 @@ -// Copyright 2020 Istio Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -syntax = "proto3"; - -import "google/api/field_behavior.proto"; -import "google/protobuf/duration.proto"; -import "google/protobuf/wrappers.proto"; -import "networking/v1beta1/virtual_service.proto"; -import "type/v1beta1/selector.proto"; - -// $schema: istio.networking.v1beta1.DestinationRule -// $title: Destination Rule -// $description: Configuration affecting load balancing, outlier detection, etc. -// $location: https://istio.io/docs/reference/config/networking/destination-rule.html -// $aliases: [/docs/reference/config/networking/v1beta1/destination-rule] -// $mode: none - -// `DestinationRule` defines policies that apply to traffic intended for a -// service after routing has occurred. These rules specify configuration -// for load balancing, connection pool size from the sidecar, and outlier -// detection settings to detect and evict unhealthy hosts from the load -// balancing pool. For example, a simple load balancing policy for the -// ratings service would look as follows: -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: bookinfo-ratings -// spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// loadBalancer: -// simple: LEAST_REQUEST -// ``` -// -// Version specific policies can be specified by defining a named -// `subset` and overriding the settings specified at the service level. The -// following rule uses a round robin load balancing policy for all traffic -// going to a subset named testversion that is composed of endpoints (e.g., -// pods) with labels (version:v3). -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: bookinfo-ratings -// spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// loadBalancer: -// simple: LEAST_REQUEST -// subsets: -// - name: testversion -// labels: -// version: v3 -// trafficPolicy: -// loadBalancer: -// simple: ROUND_ROBIN -// ``` -// -// **Note:** Policies specified for subsets will not take effect until -// a route rule explicitly sends traffic to this subset. -// -// Traffic policies can be customized to specific ports as well. The -// following rule uses the least connection load balancing policy for all -// traffic to port 80, while uses a round robin load balancing setting for -// traffic to the port 9080. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: bookinfo-ratings-port -// spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: # Apply to all ports -// portLevelSettings: -// - port: -// number: 80 -// loadBalancer: -// simple: LEAST_REQUEST -// - port: -// number: 9080 -// loadBalancer: -// simple: ROUND_ROBIN -// ``` -package istio.networking.v1beta1; - -option go_package = "istio.io/api/networking/v1beta1"; - -// DestinationRule defines policies that apply to traffic intended for a service -// after routing has occurred. -// -// -// -message DestinationRule { - // The name of a service from the service registry. Service - // names are looked up from the platform's service registry (e.g., - // Kubernetes services, Consul services, etc.) and from the hosts - // declared by [ServiceEntries](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry). Rules defined for - // services that do not exist in the service registry will be ignored. - // - // *Note for Kubernetes users*: When short names are used (e.g. "reviews" - // instead of "reviews.default.svc.cluster.local"), Istio will interpret - // the short name based on the namespace of the rule, not the service. A - // rule in the "default" namespace containing a host "reviews" will be - // interpreted as "reviews.default.svc.cluster.local", irrespective of - // the actual namespace associated with the reviews service. _To avoid - // potential misconfigurations, it is recommended to always use fully - // qualified domain names over short names._ - // - // Note that the host field applies to both HTTP and TCP services. - string host = 1 [(google.api.field_behavior) = REQUIRED]; - - // Traffic policies to apply (load balancing policy, connection pool - // sizes, outlier detection). - TrafficPolicy traffic_policy = 2; - - // One or more named sets that represent individual versions of a - // service. Traffic policies can be overridden at subset level. - repeated Subset subsets = 3; - - // A list of namespaces to which this destination rule is exported. - // The resolution of a destination rule to apply to a service occurs in the - // context of a hierarchy of namespaces. Exporting a destination rule allows - // it to be included in the resolution hierarchy for services in - // other namespaces. This feature provides a mechanism for service owners - // and mesh administrators to control the visibility of destination rules - // across namespace boundaries. - // - // If no namespaces are specified then the destination rule is exported to all - // namespaces by default. - // - // The value "." is reserved and defines an export to the same namespace that - // the destination rule is declared in. Similarly, the value "*" is reserved and - // defines an export to all namespaces. - repeated string export_to = 4; - // - // Criteria used to select the specific set of pods/VMs on which this - // `DestinationRule` configuration should be applied. If specified, the `DestinationRule` - // configuration will be applied only to the workload instances matching the workload selector - // label in the same namespace. Workload selectors do not apply across namespace boundaries. - // If omitted, the `DestinationRule` falls back to its default behavior. - // For example, if specific sidecars need to have egress TLS settings for services outside - // of the mesh, instead of every sidecar in the mesh needing to have the - // configuration (which is the default behaviour), a workload selector can be specified. - istio.type.v1beta1.WorkloadSelector workload_selector = 5; -} - -// Traffic policies to apply for a specific destination, across all -// destination ports. See DestinationRule for examples. -message TrafficPolicy { - // Settings controlling the load balancer algorithms. - LoadBalancerSettings load_balancer = 1; - - // Settings controlling the volume of connections to an upstream service - ConnectionPoolSettings connection_pool = 2; - - // Settings controlling eviction of unhealthy hosts from the load balancing pool - OutlierDetection outlier_detection = 3; - - // TLS related settings for connections to the upstream service. - ClientTLSSettings tls = 4; - - // Traffic policies that apply to specific ports of the service - message PortTrafficPolicy { - // Specifies the number of a port on the destination service - // on which this policy is being applied. - // - PortSelector port = 1; - - // Settings controlling the load balancer algorithms. - LoadBalancerSettings load_balancer = 2; - - // Settings controlling the volume of connections to an upstream service - ConnectionPoolSettings connection_pool = 3; - - // Settings controlling eviction of unhealthy hosts from the load balancing pool - OutlierDetection outlier_detection = 4; - - // TLS related settings for connections to the upstream service. - ClientTLSSettings tls = 5; - } - - // Traffic policies specific to individual ports. Note that port level - // settings will override the destination-level settings. Traffic - // settings specified at the destination-level will not be inherited when - // overridden by port-level settings, i.e. default values will be applied - // to fields omitted in port-level traffic policies. - repeated PortTrafficPolicy port_level_settings = 5; - - message TunnelSettings { - // Specifies which protocol to use for tunneling the downstream connection. - // Supported protocols are: - // CONNECT - uses HTTP CONNECT; - // POST - uses HTTP POST. - // CONNECT is used by default if not specified. - // HTTP version for upstream requests is determined by the service protocol defined for the proxy. - string protocol = 1; - - // Specifies a host to which the downstream connection is tunneled. - // Target host must be an FQDN or IP address. - string target_host = 2 [(google.api.field_behavior) = REQUIRED]; - - // Specifies a port to which the downstream connection is tunneled. - uint32 target_port = 3 [(google.api.field_behavior) = REQUIRED]; - } - - // Configuration of tunneling TCP over other transport or application layers - // for the host configured in the DestinationRule. - // Tunnel settings can be applied to TCP or TLS routes and can't be applied to HTTP routes. - TunnelSettings tunnel = 6; - - message ProxyProtocol { - enum VERSION { - // ⁣PROXY protocol version 1. Human readable format. - V1 = 0; - - // ⁣PROXY protocol version 2. Binary format. - V2 = 1; - }; - // The PROXY protocol version to use. See https://www.haproxy.org/download/2.1/doc/proxy-protocol.txt for details. - // By default it is `V1`. - VERSION version = 1; - } - - // The upstream PROXY protocol settings. - ProxyProtocol proxy_protocol = 7; -} - -// A subset of endpoints of a service. Subsets can be used for scenarios -// like A/B testing, or routing to a specific version of a service. Refer -// to [VirtualService](https://istio.io/docs/reference/config/networking/virtual-service/#VirtualService) documentation for examples of using -// subsets in these scenarios. In addition, traffic policies defined at the -// service-level can be overridden at a subset-level. The following rule -// uses a round robin load balancing policy for all traffic going to a -// subset named testversion that is composed of endpoints (e.g., pods) with -// labels (version:v3). -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: bookinfo-ratings -// spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// loadBalancer: -// simple: LEAST_REQUEST -// subsets: -// - name: testversion -// labels: -// version: v3 -// trafficPolicy: -// loadBalancer: -// simple: ROUND_ROBIN -// ``` -// -// **Note:** Policies specified for subsets will not take effect until -// a route rule explicitly sends traffic to this subset. -// -// One or more labels are typically required to identify the subset destination, -// however, when the corresponding DestinationRule represents a host that -// supports multiple SNI hosts (e.g., an egress gateway), a subset without labels -// may be meaningful. In this case a traffic policy with [ClientTLSSettings](#ClientTLSSettings) -// can be used to identify a specific SNI host corresponding to the named subset. -message Subset { - // Name of the subset. The service name and the subset name can - // be used for traffic splitting in a route rule. - string name = 1 [(google.api.field_behavior) = REQUIRED]; - - // Labels apply a filter over the endpoints of a service in the - // service registry. See route rules for examples of usage. - map labels = 2; - - // Traffic policies that apply to this subset. Subsets inherit the - // traffic policies specified at the DestinationRule level. Settings - // specified at the subset level will override the corresponding settings - // specified at the DestinationRule level. - TrafficPolicy traffic_policy = 3; -} - -// Load balancing policies to apply for a specific destination. See Envoy's -// load balancing -// [documentation](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancing) -// for more details. -// -// For example, the following rule uses a round robin load balancing policy -// for all traffic going to the ratings service. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: bookinfo-ratings -// spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// loadBalancer: -// simple: ROUND_ROBIN -// ``` -// -// The following example sets up sticky sessions for the ratings service -// hashing-based load balancer for the same ratings service using the -// the User cookie as the hash key. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: bookinfo-ratings -// spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// loadBalancer: -// consistentHash: -// httpCookie: -// name: user -// ttl: 0s -// ``` -// -message LoadBalancerSettings { - // Standard load balancing algorithms that require no tuning. - enum SimpleLB { - // No load balancing algorithm has been specified by the user. Istio - // will select an appropriate default. - UNSPECIFIED = 0; - - // Deprecated. Use LEAST_REQUEST instead. - LEAST_CONN = 1 [deprecated=true]; - - // The random load balancer selects a random healthy host. The random - // load balancer generally performs better than round robin if no health - // checking policy is configured. - RANDOM = 2; - - // This option will forward the connection to the original IP address - // requested by the caller without doing any form of load - // balancing. This option must be used with care. It is meant for - // advanced use cases. Refer to Original Destination load balancer in - // Envoy for further details. - PASSTHROUGH = 3; - - // A basic round robin load balancing policy. This is generally unsafe - // for many scenarios (e.g. when endpoint weighting is used) as it can - // overburden endpoints. In general, prefer to use LEAST_REQUEST as a - // drop-in replacement for ROUND_ROBIN. - ROUND_ROBIN = 4; - - // The least request load balancer spreads load across endpoints, favoring - // endpoints with the least outstanding requests. This is generally safer - // and outperforms ROUND_ROBIN in nearly all cases. Prefer to use - // LEAST_REQUEST as a drop-in replacement for ROUND_ROBIN. - LEAST_REQUEST = 5; - }; - - // Consistent Hash-based load balancing can be used to provide soft - // session affinity based on HTTP headers, cookies or other - // properties. The affinity to a particular destination host may be - // lost when one or more hosts are added/removed from the destination - // service. - // - // Note: consistent hashing is less reliable at maintaining affinity than common - // "sticky sessions" implementations, which often encode a specific destination in - // a cookie, ensuring affinity is maintained as long as the backend remains. - // With consistent hash, the guarantees are weaker; any host addition or removal can - // break affinity for `1/backends` requests. - // - // Warning: consistent hashing depends on each proxy having a consistent view of endpoints. - // This is not the case when locality load balancing is enabled. Locality load balancing - // and consistent hash will only work together when all proxies are in the same locality, - // or a high level load balancer handles locality affinity. - message ConsistentHashLB { - - message RingHash { - // The minimum number of virtual nodes to use for the hash - // ring. Defaults to 1024. Larger ring sizes result in more granular - // load distributions. If the number of hosts in the load balancing - // pool is larger than the ring size, each host will be assigned a - // single virtual node. - uint64 minimum_ring_size = 1; - }; - - message MagLev { - // The table size for Maglev hashing. This helps in controlling the - // disruption when the backend hosts change. - // Increasing the table size reduces the amount of disruption. - // The table size must be prime number less than 5000011. - // If it is not specified, the default is 65537. - uint64 table_size = 1; - }; - // Describes a HTTP cookie that will be used as the hash key for the - // Consistent Hash load balancer. - message HTTPCookie { - // Name of the cookie. - string name = 1 [(google.api.field_behavior) = REQUIRED]; - // Path to set for the cookie. - string path = 2; - // Lifetime of the cookie. If specified, a cookie with the TTL will be - // generated if the cookie is not present. If the TTL is present and zero, - // the generated cookie will be a session cookie. - google.protobuf.Duration ttl = 3; - }; - - // The hash key to use. - oneof hash_key { - // Hash based on a specific HTTP header. - string http_header_name = 1; - - // Hash based on HTTP cookie. - HTTPCookie http_cookie = 2; - - // Hash based on the source IP address. - // This is applicable for both TCP and HTTP connections. - bool use_source_ip = 3; - - // Hash based on a specific HTTP query parameter. - string http_query_parameter_name = 5; - }; - - // The hash algorithm to use. - // Please refer to https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#ring-hash - // and https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancers#maglev for - // considerations on choosing an algorithm. - // Defaults to RingHash if not specified. - oneof hash_algorithm { - // The ring/modulo hash load balancer implements consistent hashing to backend hosts. - RingHash ring_hash = 6; - // The Maglev load balancer implements consistent hashing to backend hosts. - MagLev maglev = 7; - }; - - // Deprecated. Use RingHash instead. - uint64 minimum_ring_size = 4 [deprecated=true]; - }; - - // (-- TODO: Enable Subset load balancing after moving to v2 API Also - // look into enabling Priotity based load balancing for spilling over - // from one priority pool to another. --) - - // Upstream load balancing policy. - oneof lb_policy { - SimpleLB simple = 1; - ConsistentHashLB consistent_hash = 2; - } - - // Locality load balancer settings, this will override mesh wide settings in entirety, meaning no merging would be performed - // between this object and the object one in MeshConfig - LocalityLoadBalancerSetting locality_lb_setting = 3; - - // Represents the warmup duration of Service. If set, the newly created endpoint of service - // remains in warmup mode starting from its creation time for the duration of this window and - // Istio progressively increases amount of traffic for that endpoint instead of sending proportional amount of traffic. - // This should be enabled for services that require warm up time to serve full production load with reasonable latency. - // Please note that this is most effective when few new endpoints come up like scale event in Kubernetes. When all the - // endpoints are relatively new like new deployment, this is not very effective as all endpoints end up getting same - // amount of requests. - // Currently this is only supported for ROUND_ROBIN and LEAST_REQUEST load balancers. - google.protobuf.Duration warmup_duration_secs = 4; -} - -// Connection pool settings for an upstream host. The settings apply to -// each individual host in the upstream service. See Envoy's [circuit -// breaker](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/circuit_breaking) -// for more details. Connection pool settings can be applied at the TCP -// level as well as at HTTP level. -// -// For example, the following rule sets a limit of 100 connections to redis -// service called myredissrv with a connect timeout of 30ms -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: bookinfo-redis -// spec: -// host: myredissrv.prod.svc.cluster.local -// trafficPolicy: -// connectionPool: -// tcp: -// maxConnections: 100 -// connectTimeout: 30ms -// tcpKeepalive: -// time: 7200s -// interval: 75s -// ``` -// -message ConnectionPoolSettings { - // Settings common to both HTTP and TCP upstream connections. - message TCPSettings { - // TCP keepalive. - message TcpKeepalive { - // Maximum number of keepalive probes to send without response before - // deciding the connection is dead. Default is to use the OS level configuration - // (unless overridden, Linux defaults to 9.) - uint32 probes = 1; - - // The time duration a connection needs to be idle before keep-alive - // probes start being sent. Default is to use the OS level configuration - // (unless overridden, Linux defaults to 7200s (ie 2 hours.) - google.protobuf.Duration time = 2; - - // The time duration between keep-alive probes. - // Default is to use the OS level configuration - // (unless overridden, Linux defaults to 75s.) - google.protobuf.Duration interval = 3; - }; - - // Maximum number of HTTP1 /TCP connections to a destination host. Default 2^32-1. - int32 max_connections = 1; - - // TCP connection timeout. format: - // 1h/1m/1s/1ms. MUST BE >=1ms. Default is 10s. - google.protobuf.Duration connect_timeout = 2; - - // If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. - TcpKeepalive tcp_keepalive = 3; - - // The maximum duration of a connection. The duration is defined as the period since a connection - // was established. If not set, there is no max duration. When max_connection_duration - // is reached the connection will be closed. Duration must be at least 1ms. - google.protobuf.Duration max_connection_duration = 4; - - // The idle timeout for TCP connections. - // The idle timeout is defined as the period in which there are no bytes sent or received on either - // the upstream or downstream connection. - // If not set, the default idle timeout is 1 hour. If set to 0s, the timeout will be disabled. - // Idle timeout is not configured per each cluster individually when weighted destinations are used, - // because idleTimeout is a property of a listener, not a cluster. In that case, idleTimeout - // specified in a destination rule for the first weighted route is configured in the listener, - // which means also for all weighted routes. - google.protobuf.Duration idle_timeout = 5; - }; - - // Settings applicable to HTTP1.1/HTTP2/GRPC connections. - message HTTPSettings { - // Maximum number of requests that will be queued while waiting for - // a ready connection pool connection. Default 2^32-1. - // Refer to https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/circuit_breaking - // under which conditions a new connection is created for HTTP2. - // Please note that this is applicable to both HTTP/1.1 and HTTP2. - int32 http1_max_pending_requests = 1; - - // Maximum number of active requests to a destination. Default 2^32-1. - // Please note that this is applicable to both HTTP/1.1 and HTTP2. - int32 http2_max_requests = 2; - - // Maximum number of requests per connection to a backend. Setting this - // parameter to 1 disables keep alive. Default 0, meaning "unlimited", - // up to 2^29. - int32 max_requests_per_connection = 3; - - // Maximum number of retries that can be outstanding to all hosts in a - // cluster at a given time. Defaults to 2^32-1. - int32 max_retries = 4; - - // The idle timeout for upstream connection pool connections. The idle timeout - // is defined as the period in which there are no active requests. - // If not set, the default is 1 hour. When the idle timeout is reached, - // the connection will be closed. If the connection is an HTTP/2 - // connection a drain sequence will occur prior to closing the connection. - // Note that request based timeouts mean that HTTP/2 PINGs will not - // keep the connection alive. Applies to both HTTP1.1 and HTTP2 connections. - google.protobuf.Duration idle_timeout = 5; - - // Policy for upgrading http1.1 connections to http2. - enum H2UpgradePolicy { - // Use the global default. - DEFAULT = 0; - // Do not upgrade the connection to http2. - // This opt-out option overrides the default. - DO_NOT_UPGRADE = 1; - // Upgrade the connection to http2. - // This opt-in option overrides the default. - UPGRADE = 2; - }; - // Specify if http1.1 connection should be upgraded to http2 for the associated destination. - H2UpgradePolicy h2_upgrade_policy = 6; - - // If set to true, client protocol will be preserved while initiating connection to backend. - // Note that when this is set to true, h2_upgrade_policy will be ineffective i.e. the client - // connections will not be upgraded to http2. - bool use_client_protocol = 7; - - // The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection. - // Defaults to 2^31-1. - int32 max_concurrent_streams = 8; - }; - - // Settings common to both HTTP and TCP upstream connections. - TCPSettings tcp = 1; - // HTTP connection pool settings. - HTTPSettings http = 2; -} - -// A Circuit breaker implementation that tracks the status of each -// individual host in the upstream service. Applicable to both HTTP and -// TCP services. For HTTP services, hosts that continually return 5xx -// errors for API calls are ejected from the pool for a pre-defined period -// of time. For TCP services, connection timeouts or connection -// failures to a given host counts as an error when measuring the -// consecutive errors metric. See Envoy's [outlier -// detection](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/outlier) -// for more details. -// -// The following rule sets a connection pool size of 100 HTTP1 connections -// with no more than 10 req/connection to the "reviews" service. In addition, -// it sets a limit of 1000 concurrent HTTP2 requests and configures upstream -// hosts to be scanned every 5 mins so that any host that fails 7 consecutive -// times with a 502, 503, or 504 error code will be ejected for 15 minutes. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: reviews-cb-policy -// spec: -// host: reviews.prod.svc.cluster.local -// trafficPolicy: -// connectionPool: -// tcp: -// maxConnections: 100 -// http: -// http2MaxRequests: 1000 -// maxRequestsPerConnection: 10 -// outlierDetection: -// consecutive5xxErrors: 7 -// interval: 5m -// baseEjectionTime: 15m -// ``` -// -message OutlierDetection { - // Number of errors before a host is ejected from the connection - // pool. Defaults to 5. When the upstream host is accessed over HTTP, a - // 502, 503, or 504 return code qualifies as an error. When the upstream host - // is accessed over an opaque TCP connection, connect timeouts and - // connection error/failure events qualify as an error. - // $hide_from_docs - int32 consecutive_errors = 1 [deprecated=true]; - - // Determines whether to distinguish local origin failures from external errors. If set to true - // consecutive_local_origin_failure is taken into account for outlier detection calculations. - // This should be used when you want to derive the outlier detection status based on the errors - // seen locally such as failure to connect, timeout while connecting etc. rather than the status code - // returned by upstream service. This is especially useful when the upstream service explicitly returns - // a 5xx for some requests and you want to ignore those responses from upstream service while determining - // the outlier detection status of a host. - // Defaults to false. - bool split_external_local_origin_errors = 8; - - // The number of consecutive locally originated failures before ejection - // occurs. Defaults to 5. Parameter takes effect only when split_external_local_origin_errors - // is set to true. - google.protobuf.UInt32Value consecutive_local_origin_failures = 9; - - // Number of gateway errors before a host is ejected from the connection pool. - // When the upstream host is accessed over HTTP, a 502, 503, or 504 return - // code qualifies as a gateway error. When the upstream host is accessed over - // an opaque TCP connection, connect timeouts and connection error/failure - // events qualify as a gateway error. - // This feature is disabled by default or when set to the value 0. - // - // Note that consecutive_gateway_errors and consecutive_5xx_errors can be - // used separately or together. Because the errors counted by - // consecutive_gateway_errors are also included in consecutive_5xx_errors, - // if the value of consecutive_gateway_errors is greater than or equal to - // the value of consecutive_5xx_errors, consecutive_gateway_errors will have - // no effect. - google.protobuf.UInt32Value consecutive_gateway_errors = 6; - - // Number of 5xx errors before a host is ejected from the connection pool. - // When the upstream host is accessed over an opaque TCP connection, connect - // timeouts, connection error/failure and request failure events qualify as a - // 5xx error. - // This feature defaults to 5 but can be disabled by setting the value to 0. - // - // Note that consecutive_gateway_errors and consecutive_5xx_errors can be - // used separately or together. Because the errors counted by - // consecutive_gateway_errors are also included in consecutive_5xx_errors, - // if the value of consecutive_gateway_errors is greater than or equal to - // the value of consecutive_5xx_errors, consecutive_gateway_errors will have - // no effect. - google.protobuf.UInt32Value consecutive_5xx_errors = 7; - - // Time interval between ejection sweep analysis. format: - // 1h/1m/1s/1ms. MUST BE >=1ms. Default is 10s. - google.protobuf.Duration interval = 2; - - // Minimum ejection duration. A host will remain ejected for a period - // equal to the product of minimum ejection duration and the number of - // times the host has been ejected. This technique allows the system to - // automatically increase the ejection period for unhealthy upstream - // servers. format: 1h/1m/1s/1ms. MUST BE >=1ms. Default is 30s. - google.protobuf.Duration base_ejection_time = 3; - - // Maximum % of hosts in the load balancing pool for the upstream - // service that can be ejected. Defaults to 10%. - int32 max_ejection_percent = 4; - - // Outlier detection will be enabled as long as the associated load balancing - // pool has at least min_health_percent hosts in healthy mode. When the - // percentage of healthy hosts in the load balancing pool drops below this - // threshold, outlier detection will be disabled and the proxy will load balance - // across all hosts in the pool (healthy and unhealthy). The threshold can be - // disabled by setting it to 0%. The default is 0% as it's not typically - // applicable in k8s environments with few pods per service. - int32 min_health_percent = 5; -} - -// SSL/TLS related settings for upstream connections. See Envoy's [TLS -// context](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto.html#common-tls-configuration) -// for more details. These settings are common to both HTTP and TCP upstreams. -// -// For example, the following rule configures a client to use mutual TLS -// for connections to upstream database cluster. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: db-mtls -// spec: -// host: mydbserver.prod.svc.cluster.local -// trafficPolicy: -// tls: -// mode: MUTUAL -// clientCertificate: /etc/certs/myclientcert.pem -// privateKey: /etc/certs/client_private_key.pem -// caCertificates: /etc/certs/rootcacerts.pem -// ``` -// -// The following rule configures a client to use TLS when talking to a -// foreign service whose domain matches *.foo.com. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: tls-foo -// spec: -// host: "*.foo.com" -// trafficPolicy: -// tls: -// mode: SIMPLE -// ``` -// -// The following rule configures a client to use Istio mutual TLS when talking -// to rating services. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: ratings-istio-mtls -// spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// tls: -// mode: ISTIO_MUTUAL -// ``` -// -message ClientTLSSettings { - // TLS connection mode - enum TLSmode { - // Do not setup a TLS connection to the upstream endpoint. - DISABLE = 0; - - // Originate a TLS connection to the upstream endpoint. - SIMPLE = 1; - - // Secure connections to the upstream using mutual TLS by presenting - // client certificates for authentication. - MUTUAL = 2; - - // Secure connections to the upstream using mutual TLS by presenting - // client certificates for authentication. - // Compared to Mutual mode, this mode uses certificates generated - // automatically by Istio for mTLS authentication. When this mode is - // used, all other fields in `ClientTLSSettings` should be empty. - ISTIO_MUTUAL = 3; - }; - - // Indicates whether connections to this port should be secured - // using TLS. The value of this field determines how TLS is enforced. - TLSmode mode = 1; - - // REQUIRED if mode is `MUTUAL`. The path to the file holding the - // client-side TLS certificate to use. - // Should be empty if mode is `ISTIO_MUTUAL`. - string client_certificate = 2; - - // REQUIRED if mode is `MUTUAL`. The path to the file holding the - // client's private key. - // Should be empty if mode is `ISTIO_MUTUAL`. - string private_key = 3; - - // OPTIONAL: The path to the file containing certificate authority - // certificates to use in verifying a presented server certificate. If - // omitted, the proxy will verify the server's certificate using - // the OS CA certificates. - // Should be empty if mode is `ISTIO_MUTUAL`. - string ca_certificates = 4; - - // The name of the secret that holds the TLS certs for the - // client including the CA certificates. This secret must exist in - // the namespace of the proxy using the certificates. - // An Opaque secret should contain the following keys and values: - // `key: `, `cert: `, `cacert: `, - // `crl: ` - // Here CACertificate is used to verify the server certificate. - // For mutual TLS, `cacert: ` can be provided in the - // same secret or a separate secret named `-cacert`. - // A TLS secret for client certificates with an additional - // `ca.crt` key for CA certificates and `ca.crl` key for - // certificate revocation list(CRL) is also supported. - // Only one of client certificates and CA certificate - // or credentialName can be specified. - // - // **NOTE:** This field is applicable at sidecars only if - // `DestinationRule` has a `workloadSelector` specified. - // Otherwise the field will be applicable only at gateways, and - // sidecars will continue to use the certificate paths. - string credential_name = 7; - - // A list of alternate names to verify the subject identity in the - // certificate. If specified, the proxy will verify that the server - // certificate's subject alt name matches one of the specified values. - // If specified, this list overrides the value of subject_alt_names - // from the ServiceEntry. If unspecified, automatic validation of upstream - // presented certificate for new upstream connections will be done based on the - // downstream HTTP host/authority header. - repeated string subject_alt_names = 5; - - // SNI string to present to the server during TLS handshake. - // If unspecified, SNI will be automatically set based on downstream HTTP - // host/authority header for SIMPLE and MUTUAL TLS modes. - string sni = 6; - - // `insecureSkipVerify` specifies whether the proxy should skip verifying the - // CA signature and SAN for the server certificate corresponding to the host. - // The default value of this field is false. - google.protobuf.BoolValue insecure_skip_verify = 8; - - // OPTIONAL: The path to the file containing the certificate revocation list (CRL) - // to use in verifying a presented server certificate. `CRL` is a list of certificates - // that have been revoked by the CA (Certificate Authority) before their scheduled expiration date. - // If specified, the proxy will verify if the presented certificate is part of the revoked list of certificates. - // If omitted, the proxy will not verify the certificate against the `crl`. - string ca_crl = 9; -} - -// Locality-weighted load balancing allows administrators to control the -// distribution of traffic to endpoints based on the localities of where the -// traffic originates and where it will terminate. These localities are -// specified using arbitrary labels that designate a hierarchy of localities in -// {region}/{zone}/{sub-zone} form. For additional detail refer to -// [Locality Weight](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/locality_weight) -// The following example shows how to setup locality weights mesh-wide. -// -// Given a mesh with workloads and their service deployed to "us-west/zone1/*" -// and "us-west/zone2/*". This example specifies that when traffic accessing a -// service originates from workloads in "us-west/zone1/*", 80% of the traffic -// will be sent to endpoints in "us-west/zone1/*", i.e the same zone, and the -// remaining 20% will go to endpoints in "us-west/zone2/*". This setup is -// intended to favor routing traffic to endpoints in the same locality. -// A similar setting is specified for traffic originating in "us-west/zone2/*". -// -// ```yaml -// distribute: -// - from: us-west/zone1/* -// to: -// "us-west/zone1/*": 80 -// "us-west/zone2/*": 20 -// - from: us-west/zone2/* -// to: -// "us-west/zone1/*": 20 -// "us-west/zone2/*": 80 -// ``` -// -// If the goal of the operator is not to distribute load across zones and -// regions but rather to restrict the regionality of failover to meet other -// operational requirements an operator can set a 'failover' policy instead of -// a 'distribute' policy. -// -// The following example sets up a locality failover policy for regions. -// Assume a service resides in zones within us-east, us-west & eu-west -// this example specifies that when endpoints within us-east become unhealthy -// traffic should failover to endpoints in any zone or sub-zone within eu-west -// and similarly us-west should failover to us-east. -// -// ```yaml -// failover: -// - from: us-east -// to: eu-west -// - from: us-west -// to: us-east -// ``` -// Locality load balancing settings. -message LocalityLoadBalancerSetting{ - // Describes how traffic originating in the 'from' zone or sub-zone is - // distributed over a set of 'to' zones. Syntax for specifying a zone is - // {region}/{zone}/{sub-zone} and terminal wildcards are allowed on any - // segment of the specification. Examples: - // - // `*` - matches all localities - // - // `us-west/*` - all zones and sub-zones within the us-west region - // - // `us-west/zone-1/*` - all sub-zones within us-west/zone-1 - message Distribute{ - // Originating locality, '/' separated, e.g. 'region/zone/sub_zone'. - string from = 1; - - // Map of upstream localities to traffic distribution weights. The sum of - // all weights should be 100. Any locality not present will - // receive no traffic. - map to = 2; - }; - - // Specify the traffic failover policy across regions. Since zone and sub-zone - // failover is supported by default this only needs to be specified for - // regions when the operator needs to constrain traffic failover so that - // the default behavior of failing over to any endpoint globally does not - // apply. This is useful when failing over traffic across regions would not - // improve service health or may need to be restricted for other reasons - // like regulatory controls. - message Failover{ - // Originating region. - string from = 1; - - // Destination region the traffic will fail over to when endpoints in - // the 'from' region becomes unhealthy. - string to = 2; - }; - - // Optional: only one of distribute, failover or failoverPriority can be set. - // Explicitly specify loadbalancing weight across different zones and geographical locations. - // Refer to [Locality weighted load balancing](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/locality_weight) - // If empty, the locality weight is set according to the endpoints number within it. - repeated Distribute distribute = 1; - - // Optional: only one of distribute, failover or failoverPriority can be set. - // Explicitly specify the region traffic will land on when endpoints in local region becomes unhealthy. - // Should be used together with OutlierDetection to detect unhealthy endpoints. - // Note: if no OutlierDetection specified, this will not take effect. - repeated Failover failover = 2; - - // failoverPriority is an ordered list of labels used to sort endpoints to do priority based load balancing. - // This is to support traffic failover across different groups of endpoints. - // Two kinds of labels can be specified: - // - Specify only label keys `[key1, key2, key3]`, istio would compare the label values of client with endpoints. - // Suppose there are total N label keys `[key1, key2, key3, ...keyN]` specified: - // - // 1. Endpoints matching all N labels with the client proxy have priority P(0) i.e. the highest priority. - // 2. Endpoints matching the first N-1 labels with the client proxy have priority P(1) i.e. second highest priority. - // 3. By extension of this logic, endpoints matching only the first label with the client proxy has priority P(N-1) i.e. second lowest priority. - // 4. All the other endpoints have priority P(N) i.e. lowest priority. - // - // - Specify labels with key and value `[key1=value1, key2=value2, key3=value3]`, istio would compare the labels with endpoints. - // Suppose there are total N labels `[key1=value1, key2=value2, key3=value3, ...keyN=valueN]` specified: - // - // 1. Endpoints matching all N labels have priority P(0) i.e. the highest priority. - // 2. Endpoints matching the first N-1 labels have priority P(1) i.e. second highest priority. - // 3. By extension of this logic, endpoints matching only the first label has priority P(N-1) i.e. second lowest priority. - // 4. All the other endpoints have priority P(N) i.e. lowest priority. - // - // Note: For a label to be considered for match, the previous labels must match, i.e. nth label would be considered matched only if first n-1 labels match. - // - // It can be any label specified on both client and server workloads. - // The following labels which have special semantic meaning are also supported: - // - // - `topology.istio.io/network` is used to match the network metadata of an endpoint, which can be specified by pod/namespace label `topology.istio.io/network`, sidecar env `ISTIO_META_NETWORK` or MeshNetworks. - // - `topology.istio.io/cluster` is used to match the clusterID of an endpoint, which can be specified by pod label `topology.istio.io/cluster` or pod env `ISTIO_META_CLUSTER_ID`. - // - `topology.kubernetes.io/region` is used to match the region metadata of an endpoint, which maps to Kubernetes node label `topology.kubernetes.io/region` or the deprecated label `failure-domain.beta.kubernetes.io/region`. - // - `topology.kubernetes.io/zone` is used to match the zone metadata of an endpoint, which maps to Kubernetes node label `topology.kubernetes.io/zone` or the deprecated label `failure-domain.beta.kubernetes.io/zone`. - // - `topology.istio.io/subzone` is used to match the subzone metadata of an endpoint, which maps to Istio node label `topology.istio.io/subzone`. - // - `kubernetes.io/hostname` is used to match the current node of an endpoint, which maps to Kubernetes node label `kubernetes.io/hostname`. - // - // The below topology config indicates the following priority levels: - // - // ```yaml - // failoverPriority: - // - "topology.istio.io/network" - // - "topology.kubernetes.io/region" - // - "topology.kubernetes.io/zone" - // - "topology.istio.io/subzone" - // ``` - // - // 1. endpoints match same [network, region, zone, subzone] label with the client proxy have the highest priority. - // 2. endpoints have same [network, region, zone] label but different [subzone] label with the client proxy have the second highest priority. - // 3. endpoints have same [network, region] label but different [zone] label with the client proxy have the third highest priority. - // 4. endpoints have same [network] but different [region] labels with the client proxy have the fourth highest priority. - // 5. all the other endpoints have the same lowest priority. - // - // Suppose a service associated endpoints reside in multi clusters, the below example represents: - // 1. endpoints in `clusterA` and has `version=v1` label have P(0) priority. - // 2. endpoints not in `clusterA` but has `version=v1` label have P(1) priority. - // 2. all the other endpoints have P(2) priority. - // - // ```yaml - // failoverPriority: - // - "version=v1" - // - "topology.istio.io/cluster=clusterA" - // ``` - // - // Optional: only one of distribute, failover or failoverPriority can be set. - // And it should be used together with `OutlierDetection` to detect unhealthy endpoints, otherwise has no effect. - repeated string failover_priority = 4; - - // enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety. - // e.g. true means that turn on locality load balancing for this DestinationRule no matter what mesh wide settings is. - google.protobuf.BoolValue enabled = 3; -} diff --git a/networking/v1beta1/destination_rule_alias.gen.go b/networking/v1beta1/destination_rule_alias.gen.go new file mode 100644 index 00000000000..433abf26147 --- /dev/null +++ b/networking/v1beta1/destination_rule_alias.gen.go @@ -0,0 +1,60 @@ +// Code generated by protoc-gen-alias. DO NOT EDIT. +package v1beta1 + +import "istio.io/api/networking/v1alpha3" + +type DestinationRule = v1alpha3.DestinationRule +type TrafficPolicy = v1alpha3.TrafficPolicy +type TrafficPolicy_PortTrafficPolicy = v1alpha3.TrafficPolicy_PortTrafficPolicy +type TrafficPolicy_TunnelSettings = v1alpha3.TrafficPolicy_TunnelSettings +type TrafficPolicy_ProxyProtocol = v1alpha3.TrafficPolicy_ProxyProtocol +type TrafficPolicy_ProxyProtocol_VERSION = v1alpha3.TrafficPolicy_ProxyProtocol_VERSION + +const TrafficPolicy_ProxyProtocol_V1 TrafficPolicy_ProxyProtocol_VERSION = v1alpha3.TrafficPolicy_ProxyProtocol_V1 +const TrafficPolicy_ProxyProtocol_V2 TrafficPolicy_ProxyProtocol_VERSION = v1alpha3.TrafficPolicy_ProxyProtocol_V2 + +type Subset = v1alpha3.Subset +type LoadBalancerSettings = v1alpha3.LoadBalancerSettings +type LoadBalancerSettings_ConsistentHashLB = v1alpha3.LoadBalancerSettings_ConsistentHashLB +type LoadBalancerSettings_ConsistentHashLB_RingHash = v1alpha3.LoadBalancerSettings_ConsistentHashLB_RingHash +type LoadBalancerSettings_ConsistentHashLB_MagLev = v1alpha3.LoadBalancerSettings_ConsistentHashLB_MagLev +type LoadBalancerSettings_ConsistentHashLB_HTTPCookie = v1alpha3.LoadBalancerSettings_ConsistentHashLB_HTTPCookie +type LoadBalancerSettings_ConsistentHashLB_HttpHeaderName = v1alpha3.LoadBalancerSettings_ConsistentHashLB_HttpHeaderName +type LoadBalancerSettings_ConsistentHashLB_HttpCookie = v1alpha3.LoadBalancerSettings_ConsistentHashLB_HttpCookie +type LoadBalancerSettings_ConsistentHashLB_UseSourceIp = v1alpha3.LoadBalancerSettings_ConsistentHashLB_UseSourceIp +type LoadBalancerSettings_ConsistentHashLB_HttpQueryParameterName = v1alpha3.LoadBalancerSettings_ConsistentHashLB_HttpQueryParameterName +type LoadBalancerSettings_ConsistentHashLB_RingHash_ = v1alpha3.LoadBalancerSettings_ConsistentHashLB_RingHash_ +type LoadBalancerSettings_ConsistentHashLB_Maglev = v1alpha3.LoadBalancerSettings_ConsistentHashLB_Maglev +type LoadBalancerSettings_SimpleLB = v1alpha3.LoadBalancerSettings_SimpleLB + +const LoadBalancerSettings_UNSPECIFIED LoadBalancerSettings_SimpleLB = v1alpha3.LoadBalancerSettings_UNSPECIFIED +const LoadBalancerSettings_LEAST_CONN LoadBalancerSettings_SimpleLB = v1alpha3.LoadBalancerSettings_LEAST_CONN +const LoadBalancerSettings_RANDOM LoadBalancerSettings_SimpleLB = v1alpha3.LoadBalancerSettings_RANDOM +const LoadBalancerSettings_PASSTHROUGH LoadBalancerSettings_SimpleLB = v1alpha3.LoadBalancerSettings_PASSTHROUGH +const LoadBalancerSettings_ROUND_ROBIN LoadBalancerSettings_SimpleLB = v1alpha3.LoadBalancerSettings_ROUND_ROBIN +const LoadBalancerSettings_LEAST_REQUEST LoadBalancerSettings_SimpleLB = v1alpha3.LoadBalancerSettings_LEAST_REQUEST + +type LoadBalancerSettings_Simple = v1alpha3.LoadBalancerSettings_Simple +type LoadBalancerSettings_ConsistentHash = v1alpha3.LoadBalancerSettings_ConsistentHash +type ConnectionPoolSettings = v1alpha3.ConnectionPoolSettings +type ConnectionPoolSettings_TCPSettings = v1alpha3.ConnectionPoolSettings_TCPSettings +type ConnectionPoolSettings_TCPSettings_TcpKeepalive = v1alpha3.ConnectionPoolSettings_TCPSettings_TcpKeepalive +type ConnectionPoolSettings_HTTPSettings = v1alpha3.ConnectionPoolSettings_HTTPSettings +type ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy = v1alpha3.ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy + +const ConnectionPoolSettings_HTTPSettings_DEFAULT ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy = v1alpha3.ConnectionPoolSettings_HTTPSettings_DEFAULT +const ConnectionPoolSettings_HTTPSettings_DO_NOT_UPGRADE ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy = v1alpha3.ConnectionPoolSettings_HTTPSettings_DO_NOT_UPGRADE +const ConnectionPoolSettings_HTTPSettings_UPGRADE ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy = v1alpha3.ConnectionPoolSettings_HTTPSettings_UPGRADE + +type OutlierDetection = v1alpha3.OutlierDetection +type ClientTLSSettings = v1alpha3.ClientTLSSettings +type ClientTLSSettings_TLSmode = v1alpha3.ClientTLSSettings_TLSmode + +const ClientTLSSettings_DISABLE ClientTLSSettings_TLSmode = v1alpha3.ClientTLSSettings_DISABLE +const ClientTLSSettings_SIMPLE ClientTLSSettings_TLSmode = v1alpha3.ClientTLSSettings_SIMPLE +const ClientTLSSettings_MUTUAL ClientTLSSettings_TLSmode = v1alpha3.ClientTLSSettings_MUTUAL +const ClientTLSSettings_ISTIO_MUTUAL ClientTLSSettings_TLSmode = v1alpha3.ClientTLSSettings_ISTIO_MUTUAL + +type LocalityLoadBalancerSetting = v1alpha3.LocalityLoadBalancerSetting +type LocalityLoadBalancerSetting_Distribute = v1alpha3.LocalityLoadBalancerSetting_Distribute +type LocalityLoadBalancerSetting_Failover = v1alpha3.LocalityLoadBalancerSetting_Failover diff --git a/networking/v1beta1/destination_rule_deepcopy.gen.go b/networking/v1beta1/destination_rule_deepcopy.gen.go deleted file mode 100644 index c210022dae0..00000000000 --- a/networking/v1beta1/destination_rule_deepcopy.gen.go +++ /dev/null @@ -1,426 +0,0 @@ -// Code generated by protoc-gen-deepcopy. DO NOT EDIT. -package v1beta1 - -import ( - proto "google.golang.org/protobuf/proto" -) - -// DeepCopyInto supports using DestinationRule within kubernetes types, where deepcopy-gen is used. -func (in *DestinationRule) DeepCopyInto(out *DestinationRule) { - p := proto.Clone(in).(*DestinationRule) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DestinationRule. Required by controller-gen. -func (in *DestinationRule) DeepCopy() *DestinationRule { - if in == nil { - return nil - } - out := new(DestinationRule) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new DestinationRule. Required by controller-gen. -func (in *DestinationRule) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using TrafficPolicy within kubernetes types, where deepcopy-gen is used. -func (in *TrafficPolicy) DeepCopyInto(out *TrafficPolicy) { - p := proto.Clone(in).(*TrafficPolicy) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrafficPolicy. Required by controller-gen. -func (in *TrafficPolicy) DeepCopy() *TrafficPolicy { - if in == nil { - return nil - } - out := new(TrafficPolicy) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new TrafficPolicy. Required by controller-gen. -func (in *TrafficPolicy) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using TrafficPolicy_PortTrafficPolicy within kubernetes types, where deepcopy-gen is used. -func (in *TrafficPolicy_PortTrafficPolicy) DeepCopyInto(out *TrafficPolicy_PortTrafficPolicy) { - p := proto.Clone(in).(*TrafficPolicy_PortTrafficPolicy) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrafficPolicy_PortTrafficPolicy. Required by controller-gen. -func (in *TrafficPolicy_PortTrafficPolicy) DeepCopy() *TrafficPolicy_PortTrafficPolicy { - if in == nil { - return nil - } - out := new(TrafficPolicy_PortTrafficPolicy) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new TrafficPolicy_PortTrafficPolicy. Required by controller-gen. -func (in *TrafficPolicy_PortTrafficPolicy) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using TrafficPolicy_TunnelSettings within kubernetes types, where deepcopy-gen is used. -func (in *TrafficPolicy_TunnelSettings) DeepCopyInto(out *TrafficPolicy_TunnelSettings) { - p := proto.Clone(in).(*TrafficPolicy_TunnelSettings) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrafficPolicy_TunnelSettings. Required by controller-gen. -func (in *TrafficPolicy_TunnelSettings) DeepCopy() *TrafficPolicy_TunnelSettings { - if in == nil { - return nil - } - out := new(TrafficPolicy_TunnelSettings) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new TrafficPolicy_TunnelSettings. Required by controller-gen. -func (in *TrafficPolicy_TunnelSettings) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using TrafficPolicy_ProxyProtocol within kubernetes types, where deepcopy-gen is used. -func (in *TrafficPolicy_ProxyProtocol) DeepCopyInto(out *TrafficPolicy_ProxyProtocol) { - p := proto.Clone(in).(*TrafficPolicy_ProxyProtocol) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrafficPolicy_ProxyProtocol. Required by controller-gen. -func (in *TrafficPolicy_ProxyProtocol) DeepCopy() *TrafficPolicy_ProxyProtocol { - if in == nil { - return nil - } - out := new(TrafficPolicy_ProxyProtocol) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new TrafficPolicy_ProxyProtocol. Required by controller-gen. -func (in *TrafficPolicy_ProxyProtocol) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using Subset within kubernetes types, where deepcopy-gen is used. -func (in *Subset) DeepCopyInto(out *Subset) { - p := proto.Clone(in).(*Subset) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Subset. Required by controller-gen. -func (in *Subset) DeepCopy() *Subset { - if in == nil { - return nil - } - out := new(Subset) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Subset. Required by controller-gen. -func (in *Subset) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using LoadBalancerSettings within kubernetes types, where deepcopy-gen is used. -func (in *LoadBalancerSettings) DeepCopyInto(out *LoadBalancerSettings) { - p := proto.Clone(in).(*LoadBalancerSettings) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerSettings. Required by controller-gen. -func (in *LoadBalancerSettings) DeepCopy() *LoadBalancerSettings { - if in == nil { - return nil - } - out := new(LoadBalancerSettings) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerSettings. Required by controller-gen. -func (in *LoadBalancerSettings) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using LoadBalancerSettings_ConsistentHashLB within kubernetes types, where deepcopy-gen is used. -func (in *LoadBalancerSettings_ConsistentHashLB) DeepCopyInto(out *LoadBalancerSettings_ConsistentHashLB) { - p := proto.Clone(in).(*LoadBalancerSettings_ConsistentHashLB) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerSettings_ConsistentHashLB. Required by controller-gen. -func (in *LoadBalancerSettings_ConsistentHashLB) DeepCopy() *LoadBalancerSettings_ConsistentHashLB { - if in == nil { - return nil - } - out := new(LoadBalancerSettings_ConsistentHashLB) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerSettings_ConsistentHashLB. Required by controller-gen. -func (in *LoadBalancerSettings_ConsistentHashLB) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using LoadBalancerSettings_ConsistentHashLB_RingHash within kubernetes types, where deepcopy-gen is used. -func (in *LoadBalancerSettings_ConsistentHashLB_RingHash) DeepCopyInto(out *LoadBalancerSettings_ConsistentHashLB_RingHash) { - p := proto.Clone(in).(*LoadBalancerSettings_ConsistentHashLB_RingHash) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerSettings_ConsistentHashLB_RingHash. Required by controller-gen. -func (in *LoadBalancerSettings_ConsistentHashLB_RingHash) DeepCopy() *LoadBalancerSettings_ConsistentHashLB_RingHash { - if in == nil { - return nil - } - out := new(LoadBalancerSettings_ConsistentHashLB_RingHash) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerSettings_ConsistentHashLB_RingHash. Required by controller-gen. -func (in *LoadBalancerSettings_ConsistentHashLB_RingHash) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using LoadBalancerSettings_ConsistentHashLB_MagLev within kubernetes types, where deepcopy-gen is used. -func (in *LoadBalancerSettings_ConsistentHashLB_MagLev) DeepCopyInto(out *LoadBalancerSettings_ConsistentHashLB_MagLev) { - p := proto.Clone(in).(*LoadBalancerSettings_ConsistentHashLB_MagLev) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerSettings_ConsistentHashLB_MagLev. Required by controller-gen. -func (in *LoadBalancerSettings_ConsistentHashLB_MagLev) DeepCopy() *LoadBalancerSettings_ConsistentHashLB_MagLev { - if in == nil { - return nil - } - out := new(LoadBalancerSettings_ConsistentHashLB_MagLev) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerSettings_ConsistentHashLB_MagLev. Required by controller-gen. -func (in *LoadBalancerSettings_ConsistentHashLB_MagLev) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using LoadBalancerSettings_ConsistentHashLB_HTTPCookie within kubernetes types, where deepcopy-gen is used. -func (in *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) DeepCopyInto(out *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) { - p := proto.Clone(in).(*LoadBalancerSettings_ConsistentHashLB_HTTPCookie) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerSettings_ConsistentHashLB_HTTPCookie. Required by controller-gen. -func (in *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) DeepCopy() *LoadBalancerSettings_ConsistentHashLB_HTTPCookie { - if in == nil { - return nil - } - out := new(LoadBalancerSettings_ConsistentHashLB_HTTPCookie) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerSettings_ConsistentHashLB_HTTPCookie. Required by controller-gen. -func (in *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using ConnectionPoolSettings within kubernetes types, where deepcopy-gen is used. -func (in *ConnectionPoolSettings) DeepCopyInto(out *ConnectionPoolSettings) { - p := proto.Clone(in).(*ConnectionPoolSettings) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionPoolSettings. Required by controller-gen. -func (in *ConnectionPoolSettings) DeepCopy() *ConnectionPoolSettings { - if in == nil { - return nil - } - out := new(ConnectionPoolSettings) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionPoolSettings. Required by controller-gen. -func (in *ConnectionPoolSettings) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using ConnectionPoolSettings_TCPSettings within kubernetes types, where deepcopy-gen is used. -func (in *ConnectionPoolSettings_TCPSettings) DeepCopyInto(out *ConnectionPoolSettings_TCPSettings) { - p := proto.Clone(in).(*ConnectionPoolSettings_TCPSettings) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionPoolSettings_TCPSettings. Required by controller-gen. -func (in *ConnectionPoolSettings_TCPSettings) DeepCopy() *ConnectionPoolSettings_TCPSettings { - if in == nil { - return nil - } - out := new(ConnectionPoolSettings_TCPSettings) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionPoolSettings_TCPSettings. Required by controller-gen. -func (in *ConnectionPoolSettings_TCPSettings) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using ConnectionPoolSettings_TCPSettings_TcpKeepalive within kubernetes types, where deepcopy-gen is used. -func (in *ConnectionPoolSettings_TCPSettings_TcpKeepalive) DeepCopyInto(out *ConnectionPoolSettings_TCPSettings_TcpKeepalive) { - p := proto.Clone(in).(*ConnectionPoolSettings_TCPSettings_TcpKeepalive) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionPoolSettings_TCPSettings_TcpKeepalive. Required by controller-gen. -func (in *ConnectionPoolSettings_TCPSettings_TcpKeepalive) DeepCopy() *ConnectionPoolSettings_TCPSettings_TcpKeepalive { - if in == nil { - return nil - } - out := new(ConnectionPoolSettings_TCPSettings_TcpKeepalive) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionPoolSettings_TCPSettings_TcpKeepalive. Required by controller-gen. -func (in *ConnectionPoolSettings_TCPSettings_TcpKeepalive) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using ConnectionPoolSettings_HTTPSettings within kubernetes types, where deepcopy-gen is used. -func (in *ConnectionPoolSettings_HTTPSettings) DeepCopyInto(out *ConnectionPoolSettings_HTTPSettings) { - p := proto.Clone(in).(*ConnectionPoolSettings_HTTPSettings) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionPoolSettings_HTTPSettings. Required by controller-gen. -func (in *ConnectionPoolSettings_HTTPSettings) DeepCopy() *ConnectionPoolSettings_HTTPSettings { - if in == nil { - return nil - } - out := new(ConnectionPoolSettings_HTTPSettings) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionPoolSettings_HTTPSettings. Required by controller-gen. -func (in *ConnectionPoolSettings_HTTPSettings) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using OutlierDetection within kubernetes types, where deepcopy-gen is used. -func (in *OutlierDetection) DeepCopyInto(out *OutlierDetection) { - p := proto.Clone(in).(*OutlierDetection) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OutlierDetection. Required by controller-gen. -func (in *OutlierDetection) DeepCopy() *OutlierDetection { - if in == nil { - return nil - } - out := new(OutlierDetection) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new OutlierDetection. Required by controller-gen. -func (in *OutlierDetection) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using ClientTLSSettings within kubernetes types, where deepcopy-gen is used. -func (in *ClientTLSSettings) DeepCopyInto(out *ClientTLSSettings) { - p := proto.Clone(in).(*ClientTLSSettings) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientTLSSettings. Required by controller-gen. -func (in *ClientTLSSettings) DeepCopy() *ClientTLSSettings { - if in == nil { - return nil - } - out := new(ClientTLSSettings) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ClientTLSSettings. Required by controller-gen. -func (in *ClientTLSSettings) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using LocalityLoadBalancerSetting within kubernetes types, where deepcopy-gen is used. -func (in *LocalityLoadBalancerSetting) DeepCopyInto(out *LocalityLoadBalancerSetting) { - p := proto.Clone(in).(*LocalityLoadBalancerSetting) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalityLoadBalancerSetting. Required by controller-gen. -func (in *LocalityLoadBalancerSetting) DeepCopy() *LocalityLoadBalancerSetting { - if in == nil { - return nil - } - out := new(LocalityLoadBalancerSetting) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new LocalityLoadBalancerSetting. Required by controller-gen. -func (in *LocalityLoadBalancerSetting) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using LocalityLoadBalancerSetting_Distribute within kubernetes types, where deepcopy-gen is used. -func (in *LocalityLoadBalancerSetting_Distribute) DeepCopyInto(out *LocalityLoadBalancerSetting_Distribute) { - p := proto.Clone(in).(*LocalityLoadBalancerSetting_Distribute) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalityLoadBalancerSetting_Distribute. Required by controller-gen. -func (in *LocalityLoadBalancerSetting_Distribute) DeepCopy() *LocalityLoadBalancerSetting_Distribute { - if in == nil { - return nil - } - out := new(LocalityLoadBalancerSetting_Distribute) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new LocalityLoadBalancerSetting_Distribute. Required by controller-gen. -func (in *LocalityLoadBalancerSetting_Distribute) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using LocalityLoadBalancerSetting_Failover within kubernetes types, where deepcopy-gen is used. -func (in *LocalityLoadBalancerSetting_Failover) DeepCopyInto(out *LocalityLoadBalancerSetting_Failover) { - p := proto.Clone(in).(*LocalityLoadBalancerSetting_Failover) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LocalityLoadBalancerSetting_Failover. Required by controller-gen. -func (in *LocalityLoadBalancerSetting_Failover) DeepCopy() *LocalityLoadBalancerSetting_Failover { - if in == nil { - return nil - } - out := new(LocalityLoadBalancerSetting_Failover) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new LocalityLoadBalancerSetting_Failover. Required by controller-gen. -func (in *LocalityLoadBalancerSetting_Failover) DeepCopyInterface() interface{} { - return in.DeepCopy() -} diff --git a/networking/v1beta1/destination_rule_json.gen.go b/networking/v1beta1/destination_rule_json.gen.go deleted file mode 100644 index c4b38ba7d31..00000000000 --- a/networking/v1beta1/destination_rule_json.gen.go +++ /dev/null @@ -1,232 +0,0 @@ -// Code generated by protoc-gen-jsonshim. DO NOT EDIT. -package v1beta1 - -import ( - bytes "bytes" - jsonpb "github.com/golang/protobuf/jsonpb" -) - -// MarshalJSON is a custom marshaler for DestinationRule -func (this *DestinationRule) MarshalJSON() ([]byte, error) { - str, err := DestinationRuleMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for DestinationRule -func (this *DestinationRule) UnmarshalJSON(b []byte) error { - return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for TrafficPolicy -func (this *TrafficPolicy) MarshalJSON() ([]byte, error) { - str, err := DestinationRuleMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for TrafficPolicy -func (this *TrafficPolicy) UnmarshalJSON(b []byte) error { - return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for TrafficPolicy_PortTrafficPolicy -func (this *TrafficPolicy_PortTrafficPolicy) MarshalJSON() ([]byte, error) { - str, err := DestinationRuleMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for TrafficPolicy_PortTrafficPolicy -func (this *TrafficPolicy_PortTrafficPolicy) UnmarshalJSON(b []byte) error { - return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for TrafficPolicy_TunnelSettings -func (this *TrafficPolicy_TunnelSettings) MarshalJSON() ([]byte, error) { - str, err := DestinationRuleMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for TrafficPolicy_TunnelSettings -func (this *TrafficPolicy_TunnelSettings) UnmarshalJSON(b []byte) error { - return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for TrafficPolicy_ProxyProtocol -func (this *TrafficPolicy_ProxyProtocol) MarshalJSON() ([]byte, error) { - str, err := DestinationRuleMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for TrafficPolicy_ProxyProtocol -func (this *TrafficPolicy_ProxyProtocol) UnmarshalJSON(b []byte) error { - return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for Subset -func (this *Subset) MarshalJSON() ([]byte, error) { - str, err := DestinationRuleMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for Subset -func (this *Subset) UnmarshalJSON(b []byte) error { - return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for LoadBalancerSettings -func (this *LoadBalancerSettings) MarshalJSON() ([]byte, error) { - str, err := DestinationRuleMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for LoadBalancerSettings -func (this *LoadBalancerSettings) UnmarshalJSON(b []byte) error { - return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for LoadBalancerSettings_ConsistentHashLB -func (this *LoadBalancerSettings_ConsistentHashLB) MarshalJSON() ([]byte, error) { - str, err := DestinationRuleMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for LoadBalancerSettings_ConsistentHashLB -func (this *LoadBalancerSettings_ConsistentHashLB) UnmarshalJSON(b []byte) error { - return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for LoadBalancerSettings_ConsistentHashLB_RingHash -func (this *LoadBalancerSettings_ConsistentHashLB_RingHash) MarshalJSON() ([]byte, error) { - str, err := DestinationRuleMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for LoadBalancerSettings_ConsistentHashLB_RingHash -func (this *LoadBalancerSettings_ConsistentHashLB_RingHash) UnmarshalJSON(b []byte) error { - return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for LoadBalancerSettings_ConsistentHashLB_MagLev -func (this *LoadBalancerSettings_ConsistentHashLB_MagLev) MarshalJSON() ([]byte, error) { - str, err := DestinationRuleMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for LoadBalancerSettings_ConsistentHashLB_MagLev -func (this *LoadBalancerSettings_ConsistentHashLB_MagLev) UnmarshalJSON(b []byte) error { - return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for LoadBalancerSettings_ConsistentHashLB_HTTPCookie -func (this *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) MarshalJSON() ([]byte, error) { - str, err := DestinationRuleMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for LoadBalancerSettings_ConsistentHashLB_HTTPCookie -func (this *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) UnmarshalJSON(b []byte) error { - return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for ConnectionPoolSettings -func (this *ConnectionPoolSettings) MarshalJSON() ([]byte, error) { - str, err := DestinationRuleMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for ConnectionPoolSettings -func (this *ConnectionPoolSettings) UnmarshalJSON(b []byte) error { - return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for ConnectionPoolSettings_TCPSettings -func (this *ConnectionPoolSettings_TCPSettings) MarshalJSON() ([]byte, error) { - str, err := DestinationRuleMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for ConnectionPoolSettings_TCPSettings -func (this *ConnectionPoolSettings_TCPSettings) UnmarshalJSON(b []byte) error { - return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for ConnectionPoolSettings_TCPSettings_TcpKeepalive -func (this *ConnectionPoolSettings_TCPSettings_TcpKeepalive) MarshalJSON() ([]byte, error) { - str, err := DestinationRuleMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for ConnectionPoolSettings_TCPSettings_TcpKeepalive -func (this *ConnectionPoolSettings_TCPSettings_TcpKeepalive) UnmarshalJSON(b []byte) error { - return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for ConnectionPoolSettings_HTTPSettings -func (this *ConnectionPoolSettings_HTTPSettings) MarshalJSON() ([]byte, error) { - str, err := DestinationRuleMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for ConnectionPoolSettings_HTTPSettings -func (this *ConnectionPoolSettings_HTTPSettings) UnmarshalJSON(b []byte) error { - return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for OutlierDetection -func (this *OutlierDetection) MarshalJSON() ([]byte, error) { - str, err := DestinationRuleMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for OutlierDetection -func (this *OutlierDetection) UnmarshalJSON(b []byte) error { - return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for ClientTLSSettings -func (this *ClientTLSSettings) MarshalJSON() ([]byte, error) { - str, err := DestinationRuleMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for ClientTLSSettings -func (this *ClientTLSSettings) UnmarshalJSON(b []byte) error { - return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for LocalityLoadBalancerSetting -func (this *LocalityLoadBalancerSetting) MarshalJSON() ([]byte, error) { - str, err := DestinationRuleMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for LocalityLoadBalancerSetting -func (this *LocalityLoadBalancerSetting) UnmarshalJSON(b []byte) error { - return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for LocalityLoadBalancerSetting_Distribute -func (this *LocalityLoadBalancerSetting_Distribute) MarshalJSON() ([]byte, error) { - str, err := DestinationRuleMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for LocalityLoadBalancerSetting_Distribute -func (this *LocalityLoadBalancerSetting_Distribute) UnmarshalJSON(b []byte) error { - return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for LocalityLoadBalancerSetting_Failover -func (this *LocalityLoadBalancerSetting_Failover) MarshalJSON() ([]byte, error) { - str, err := DestinationRuleMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for LocalityLoadBalancerSetting_Failover -func (this *LocalityLoadBalancerSetting_Failover) UnmarshalJSON(b []byte) error { - return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -var ( - DestinationRuleMarshaler = &jsonpb.Marshaler{} - DestinationRuleUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} -) diff --git a/networking/v1beta1/gateway.pb.go b/networking/v1beta1/gateway.pb.go deleted file mode 100644 index 3500bc1228e..00000000000 --- a/networking/v1beta1/gateway.pb.go +++ /dev/null @@ -1,1170 +0,0 @@ -// Copyright 2020 Istio Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.33.0 -// protoc (unknown) -// source: networking/v1beta1/gateway.proto - -// $schema: istio.networking.v1beta1.Gateway -// $title: Gateway -// $description: Configuration affecting edge load balancer. -// $location: https://istio.io/docs/reference/config/networking/gateway.html -// $aliases: [/docs/reference/config/networking/v1beta1/gateway] -// $mode: none - -// `Gateway` describes a load balancer operating at the edge of the mesh -// receiving incoming or outgoing HTTP/TCP connections. The specification -// describes a set of ports that should be exposed, the type of protocol to -// use, SNI configuration for the load balancer, etc. -// -// For example, the following Gateway configuration sets up a proxy to act -// as a load balancer exposing port 80 and 9080 (http), 443 (https), -// 9443(https) and port 2379 (TCP) for ingress. The gateway will be -// applied to the proxy running on a pod with labels `app: -// my-gateway-controller`. While Istio will configure the proxy to listen -// on these ports, it is the responsibility of the user to ensure that -// external traffic to these ports are allowed into the mesh. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Gateway -// metadata: -// name: my-gateway -// namespace: some-config-namespace -// spec: -// selector: -// app: my-gateway-controller -// servers: -// - port: -// number: 80 -// name: http -// protocol: HTTP -// hosts: -// - uk.bookinfo.com -// - eu.bookinfo.com -// tls: -// httpsRedirect: true # sends 301 redirect for http requests -// - port: -// number: 443 -// name: https-443 -// protocol: HTTPS -// hosts: -// - uk.bookinfo.com -// - eu.bookinfo.com -// tls: -// mode: SIMPLE # enables HTTPS on this port -// serverCertificate: /etc/certs/servercert.pem -// privateKey: /etc/certs/privatekey.pem -// - port: -// number: 9443 -// name: https-9443 -// protocol: HTTPS -// hosts: -// - "bookinfo-namespace/*.bookinfo.com" -// tls: -// mode: SIMPLE # enables HTTPS on this port -// credentialName: bookinfo-secret # fetches certs from Kubernetes secret -// - port: -// number: 9080 -// name: http-wildcard -// protocol: HTTP -// hosts: -// - "*" -// - port: -// number: 2379 # to expose internal service via external port 2379 -// name: mongo -// protocol: MONGO -// hosts: -// - "*" -// ``` -// -// The Gateway specification above describes the L4-L6 properties of a load -// balancer. A `VirtualService` can then be bound to a gateway to control -// the forwarding of traffic arriving at a particular host or gateway port. -// -// For example, the following VirtualService splits traffic for -// `https://uk.bookinfo.com/reviews`, `https://eu.bookinfo.com/reviews`, -// `http://uk.bookinfo.com:9080/reviews`, -// `http://eu.bookinfo.com:9080/reviews` into two versions (prod and qa) of -// an internal reviews service on port 9080. In addition, requests -// containing the cookie "user: dev-123" will be sent to special port 7777 -// in the qa version. The same rule is also applicable inside the mesh for -// requests to the "reviews.prod.svc.cluster.local" service. This rule is -// applicable across ports 443, 9080. Note that `http://uk.bookinfo.com` -// gets redirected to `https://uk.bookinfo.com` (i.e. 80 redirects to 443). -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: bookinfo-rule -// namespace: bookinfo-namespace -// spec: -// hosts: -// - reviews.prod.svc.cluster.local -// - uk.bookinfo.com -// - eu.bookinfo.com -// gateways: -// - some-config-namespace/my-gateway -// - mesh # applies to all the sidecars in the mesh -// http: -// - match: -// - headers: -// cookie: -// exact: "user=dev-123" -// route: -// - destination: -// port: -// number: 7777 -// host: reviews.qa.svc.cluster.local -// - match: -// - uri: -// prefix: /reviews/ -// route: -// - destination: -// port: -// number: 9080 # can be omitted if it's the only port for reviews -// host: reviews.prod.svc.cluster.local -// weight: 80 -// - destination: -// host: reviews.qa.svc.cluster.local -// weight: 20 -// ``` -// -// The following VirtualService forwards traffic arriving at (external) -// port 27017 to internal Mongo server on port 5555. This rule is not -// applicable internally in the mesh as the gateway list omits the -// reserved name `mesh`. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: bookinfo-mongo -// namespace: bookinfo-namespace -// spec: -// hosts: -// - mongosvr.prod.svc.cluster.local # name of internal Mongo service -// gateways: -// - some-config-namespace/my-gateway # can omit the namespace if gateway is in same namespace as virtual service. -// tcp: -// - match: -// - port: 27017 -// route: -// - destination: -// host: mongo.prod.svc.cluster.local -// port: -// number: 5555 -// ``` -// -// It is possible to restrict the set of virtual services that can bind to -// a gateway server using the namespace/hostname syntax in the hosts field. -// For example, the following Gateway allows any virtual service in the ns1 -// namespace to bind to it, while restricting only the virtual service with -// foo.bar.com host in the ns2 namespace to bind to it. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Gateway -// metadata: -// name: my-gateway -// namespace: some-config-namespace -// spec: -// selector: -// app: my-gateway-controller -// servers: -// - port: -// number: 80 -// name: http -// protocol: HTTP -// hosts: -// - "ns1/*" -// - "ns2/foo.bar.com" -// ``` - -package v1beta1 - -import ( - _ "google.golang.org/genproto/googleapis/api/annotations" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// TLS modes enforced by the proxy -type ServerTLSSettings_TLSmode int32 - -const ( - // The SNI string presented by the client will be used as the - // match criterion in a VirtualService TLS route to determine - // the destination service from the service registry. - ServerTLSSettings_PASSTHROUGH ServerTLSSettings_TLSmode = 0 - // Secure connections with standard TLS semantics. In this mode - // client certificate is not requested during handshake. - ServerTLSSettings_SIMPLE ServerTLSSettings_TLSmode = 1 - // Secure connections to the downstream using mutual TLS by - // presenting server certificates for authentication. - // A client certificate will also be requested during the handshake and - // at least one valid certificate is required to be sent by the client. - ServerTLSSettings_MUTUAL ServerTLSSettings_TLSmode = 2 - // Similar to the passthrough mode, except servers with this TLS - // mode do not require an associated VirtualService to map from - // the SNI value to service in the registry. The destination - // details such as the service/subset/port are encoded in the - // SNI value. The proxy will forward to the upstream (Envoy) - // cluster (a group of endpoints) specified by the SNI - // value. This server is typically used to provide connectivity - // between services in disparate L3 networks that otherwise do - // not have direct connectivity between their respective - // endpoints. Use of this mode assumes that both the source and - // the destination are using Istio mTLS to secure traffic. - ServerTLSSettings_AUTO_PASSTHROUGH ServerTLSSettings_TLSmode = 3 - // Secure connections from the downstream using mutual TLS by - // presenting server certificates for authentication. Compared - // to Mutual mode, this mode uses certificates, representing - // gateway workload identity, generated automatically by Istio - // for mTLS authentication. When this mode is used, all other - // fields in `TLSOptions` should be empty. - ServerTLSSettings_ISTIO_MUTUAL ServerTLSSettings_TLSmode = 4 - // Similar to MUTUAL mode, except that the client certificate - // is optional. Unlike SIMPLE mode, A client certificate will - // still be explicitly requested during handshake, but the client - // is not required to send a certificate. If a client certificate - // is presented, it will be validated. ca_certificates should - // be specified for validating client certificates. - ServerTLSSettings_OPTIONAL_MUTUAL ServerTLSSettings_TLSmode = 5 -) - -// Enum value maps for ServerTLSSettings_TLSmode. -var ( - ServerTLSSettings_TLSmode_name = map[int32]string{ - 0: "PASSTHROUGH", - 1: "SIMPLE", - 2: "MUTUAL", - 3: "AUTO_PASSTHROUGH", - 4: "ISTIO_MUTUAL", - 5: "OPTIONAL_MUTUAL", - } - ServerTLSSettings_TLSmode_value = map[string]int32{ - "PASSTHROUGH": 0, - "SIMPLE": 1, - "MUTUAL": 2, - "AUTO_PASSTHROUGH": 3, - "ISTIO_MUTUAL": 4, - "OPTIONAL_MUTUAL": 5, - } -) - -func (x ServerTLSSettings_TLSmode) Enum() *ServerTLSSettings_TLSmode { - p := new(ServerTLSSettings_TLSmode) - *p = x - return p -} - -func (x ServerTLSSettings_TLSmode) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (ServerTLSSettings_TLSmode) Descriptor() protoreflect.EnumDescriptor { - return file_networking_v1beta1_gateway_proto_enumTypes[0].Descriptor() -} - -func (ServerTLSSettings_TLSmode) Type() protoreflect.EnumType { - return &file_networking_v1beta1_gateway_proto_enumTypes[0] -} - -func (x ServerTLSSettings_TLSmode) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use ServerTLSSettings_TLSmode.Descriptor instead. -func (ServerTLSSettings_TLSmode) EnumDescriptor() ([]byte, []int) { - return file_networking_v1beta1_gateway_proto_rawDescGZIP(), []int{3, 0} -} - -// TLS protocol versions. -type ServerTLSSettings_TLSProtocol int32 - -const ( - // Automatically choose the optimal TLS version. - ServerTLSSettings_TLS_AUTO ServerTLSSettings_TLSProtocol = 0 - // TLS version 1.0 - ServerTLSSettings_TLSV1_0 ServerTLSSettings_TLSProtocol = 1 - // TLS version 1.1 - ServerTLSSettings_TLSV1_1 ServerTLSSettings_TLSProtocol = 2 - // TLS version 1.2 - ServerTLSSettings_TLSV1_2 ServerTLSSettings_TLSProtocol = 3 - // TLS version 1.3 - ServerTLSSettings_TLSV1_3 ServerTLSSettings_TLSProtocol = 4 -) - -// Enum value maps for ServerTLSSettings_TLSProtocol. -var ( - ServerTLSSettings_TLSProtocol_name = map[int32]string{ - 0: "TLS_AUTO", - 1: "TLSV1_0", - 2: "TLSV1_1", - 3: "TLSV1_2", - 4: "TLSV1_3", - } - ServerTLSSettings_TLSProtocol_value = map[string]int32{ - "TLS_AUTO": 0, - "TLSV1_0": 1, - "TLSV1_1": 2, - "TLSV1_2": 3, - "TLSV1_3": 4, - } -) - -func (x ServerTLSSettings_TLSProtocol) Enum() *ServerTLSSettings_TLSProtocol { - p := new(ServerTLSSettings_TLSProtocol) - *p = x - return p -} - -func (x ServerTLSSettings_TLSProtocol) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (ServerTLSSettings_TLSProtocol) Descriptor() protoreflect.EnumDescriptor { - return file_networking_v1beta1_gateway_proto_enumTypes[1].Descriptor() -} - -func (ServerTLSSettings_TLSProtocol) Type() protoreflect.EnumType { - return &file_networking_v1beta1_gateway_proto_enumTypes[1] -} - -func (x ServerTLSSettings_TLSProtocol) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use ServerTLSSettings_TLSProtocol.Descriptor instead. -func (ServerTLSSettings_TLSProtocol) EnumDescriptor() ([]byte, []int) { - return file_networking_v1beta1_gateway_proto_rawDescGZIP(), []int{3, 1} -} - -// Gateway describes a load balancer operating at the edge of the mesh -// receiving incoming or outgoing HTTP/TCP connections. -// -// -// -type Gateway struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // A list of server specifications. - Servers []*Server `protobuf:"bytes,1,rep,name=servers,proto3" json:"servers,omitempty"` - // One or more labels that indicate a specific set of pods/VMs - // on which this gateway configuration should be applied. - // By default workloads are searched across all namespaces based on label selectors. - // This implies that a gateway resource in the namespace "foo" can select pods in - // the namespace "bar" based on labels. - // This behavior can be controlled via the `PILOT_SCOPE_GATEWAY_TO_NAMESPACE` - // environment variable in istiod. If this variable is set - // to true, the scope of label search is restricted to the configuration - // namespace in which the the resource is present. In other words, the Gateway - // resource must reside in the same namespace as the gateway workload - // instance. - // If selector is nil, the Gateway will be applied to all workloads. - Selector map[string]string `protobuf:"bytes,2,rep,name=selector,proto3" json:"selector,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` -} - -func (x *Gateway) Reset() { - *x = Gateway{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_gateway_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Gateway) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Gateway) ProtoMessage() {} - -func (x *Gateway) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_gateway_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Gateway.ProtoReflect.Descriptor instead. -func (*Gateway) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_gateway_proto_rawDescGZIP(), []int{0} -} - -func (x *Gateway) GetServers() []*Server { - if x != nil { - return x.Servers - } - return nil -} - -func (x *Gateway) GetSelector() map[string]string { - if x != nil { - return x.Selector - } - return nil -} - -// `Server` describes the properties of the proxy on a given load balancer -// port. For example, -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Gateway -// metadata: -// -// name: my-ingress -// -// spec: -// -// selector: -// app: my-ingressgateway -// servers: -// - port: -// number: 80 -// name: http2 -// protocol: HTTP2 -// hosts: -// - "*" -// -// ``` -// -// # Another example -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Gateway -// metadata: -// -// name: my-tcp-ingress -// -// spec: -// -// selector: -// app: my-tcp-ingressgateway -// servers: -// - port: -// number: 27018 -// name: mongo -// protocol: MONGO -// hosts: -// - "*" -// -// ``` -// -// # The following is an example of TLS configuration for port 443 -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Gateway -// metadata: -// -// name: my-tls-ingress -// -// spec: -// -// selector: -// app: my-tls-ingressgateway -// servers: -// - port: -// number: 443 -// name: https -// protocol: HTTPS -// hosts: -// - "*" -// tls: -// mode: SIMPLE -// credentialName: tls-cert -// -// ``` -type Server struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The Port on which the proxy should listen for incoming - // connections. - Port *Port `protobuf:"bytes,1,opt,name=port,proto3" json:"port,omitempty"` - // The ip or the Unix domain socket to which the listener should be bound - // to. Format: `x.x.x.x` or `unix:///path/to/uds` or `unix://@foobar` - // (Linux abstract namespace). When using Unix domain sockets, the port - // number should be 0. - // This can be used to restrict the reachability of this server to be gateway internal only. - // This is typically used when a gateway needs to communicate to another mesh service - // e.g. publishing metrics. In such case, the server created with the - // specified bind will not be available to external gateway clients. - Bind string `protobuf:"bytes,4,opt,name=bind,proto3" json:"bind,omitempty"` - // One or more hosts exposed by this gateway. - // While typically applicable to - // HTTP services, it can also be used for TCP services using TLS with SNI. - // A host is specified as a `dnsName` with an optional `namespace/` prefix. - // The `dnsName` should be specified using FQDN format, optionally including - // a wildcard character in the left-most component (e.g., `prod/*.example.com`). - // Set the `dnsName` to `*` to select all `VirtualService` hosts from the - // specified namespace (e.g.,`prod/*`). - // - // The `namespace` can be set to `*` or `.`, representing any or the current - // namespace, respectively. For example, `*/foo.example.com` selects the - // service from any available namespace while `./foo.example.com` only selects - // the service from the namespace of the sidecar. The default, if no `namespace/` - // is specified, is `*/`, that is, select services from any namespace. - // Any associated `DestinationRule` in the selected namespace will also be used. - // - // A `VirtualService` must be bound to the gateway and must have one or - // more hosts that match the hosts specified in a server. The match - // could be an exact match or a suffix match with the server's hosts. For - // example, if the server's hosts specifies `*.example.com`, a - // `VirtualService` with hosts `dev.example.com` or `prod.example.com` will - // match. However, a `VirtualService` with host `example.com` or - // `newexample.com` will not match. - // - // NOTE: Only virtual services exported to the gateway's namespace - // (e.g., `exportTo` value of `*`) can be referenced. - // Private configurations (e.g., `exportTo` set to `.`) will not be - // available. Refer to the `exportTo` setting in `VirtualService`, - // `DestinationRule`, and `ServiceEntry` configurations for details. - Hosts []string `protobuf:"bytes,2,rep,name=hosts,proto3" json:"hosts,omitempty"` - // Set of TLS related options that govern the server's behavior. Use - // these options to control if all http requests should be redirected to - // https, and the TLS modes to use. - Tls *ServerTLSSettings `protobuf:"bytes,3,opt,name=tls,proto3" json:"tls,omitempty"` - // The loopback IP endpoint or Unix domain socket to which traffic should - // be forwarded to by default. Format should be `127.0.0.1:PORT` or - // `unix:///path/to/socket` or `unix://@foobar` (Linux abstract namespace). - // NOT IMPLEMENTED. - // $hide_from_docs - DefaultEndpoint string `protobuf:"bytes,5,opt,name=default_endpoint,json=defaultEndpoint,proto3" json:"default_endpoint,omitempty"` - // An optional name of the server, when set must be unique across all servers. - // This will be used for variety of purposes like prefixing stats generated with - // this name etc. - Name string `protobuf:"bytes,6,opt,name=name,proto3" json:"name,omitempty"` -} - -func (x *Server) Reset() { - *x = Server{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_gateway_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Server) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Server) ProtoMessage() {} - -func (x *Server) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_gateway_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Server.ProtoReflect.Descriptor instead. -func (*Server) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_gateway_proto_rawDescGZIP(), []int{1} -} - -func (x *Server) GetPort() *Port { - if x != nil { - return x.Port - } - return nil -} - -func (x *Server) GetBind() string { - if x != nil { - return x.Bind - } - return "" -} - -func (x *Server) GetHosts() []string { - if x != nil { - return x.Hosts - } - return nil -} - -func (x *Server) GetTls() *ServerTLSSettings { - if x != nil { - return x.Tls - } - return nil -} - -func (x *Server) GetDefaultEndpoint() string { - if x != nil { - return x.DefaultEndpoint - } - return "" -} - -func (x *Server) GetName() string { - if x != nil { - return x.Name - } - return "" -} - -// Port describes the properties of a specific port of a service. -type Port struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // A valid non-negative integer port number. - Number uint32 `protobuf:"varint,1,opt,name=number,proto3" json:"number,omitempty"` - // The protocol exposed on the port. - // MUST BE one of HTTP|HTTPS|GRPC|GRPC-WEB|HTTP2|MONGO|TCP|TLS. - // TLS can be either used to terminate non-HTTP based connections on a specific port - // or to route traffic based on SNI header to the destination without terminating the TLS connection. - Protocol string `protobuf:"bytes,2,opt,name=protocol,proto3" json:"protocol,omitempty"` - // Label assigned to the port. - Name string `protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"` - // The port number on the endpoint where the traffic will be - // received. Applicable only when used with ServiceEntries. - // $hide_from_docs - // - // Deprecated: Marked as deprecated in networking/v1beta1/gateway.proto. - TargetPort uint32 `protobuf:"varint,4,opt,name=target_port,json=targetPort,proto3" json:"target_port,omitempty"` -} - -func (x *Port) Reset() { - *x = Port{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_gateway_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Port) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Port) ProtoMessage() {} - -func (x *Port) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_gateway_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Port.ProtoReflect.Descriptor instead. -func (*Port) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_gateway_proto_rawDescGZIP(), []int{2} -} - -func (x *Port) GetNumber() uint32 { - if x != nil { - return x.Number - } - return 0 -} - -func (x *Port) GetProtocol() string { - if x != nil { - return x.Protocol - } - return "" -} - -func (x *Port) GetName() string { - if x != nil { - return x.Name - } - return "" -} - -// Deprecated: Marked as deprecated in networking/v1beta1/gateway.proto. -func (x *Port) GetTargetPort() uint32 { - if x != nil { - return x.TargetPort - } - return 0 -} - -type ServerTLSSettings struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // If set to true, the load balancer will send a 301 redirect for - // all http connections, asking the clients to use HTTPS. - HttpsRedirect bool `protobuf:"varint,1,opt,name=https_redirect,json=httpsRedirect,proto3" json:"https_redirect,omitempty"` - // Optional: Indicates whether connections to this port should be - // secured using TLS. The value of this field determines how TLS is - // enforced. - Mode ServerTLSSettings_TLSmode `protobuf:"varint,2,opt,name=mode,proto3,enum=istio.networking.v1beta1.ServerTLSSettings_TLSmode" json:"mode,omitempty"` - // REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file - // holding the server-side TLS certificate to use. - ServerCertificate string `protobuf:"bytes,3,opt,name=server_certificate,json=serverCertificate,proto3" json:"server_certificate,omitempty"` - // REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file - // holding the server's private key. - PrivateKey string `protobuf:"bytes,4,opt,name=private_key,json=privateKey,proto3" json:"private_key,omitempty"` - // REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`. The path to a file - // containing certificate authority certificates to use in verifying a presented - // client side certificate. - CaCertificates string `protobuf:"bytes,5,opt,name=ca_certificates,json=caCertificates,proto3" json:"ca_certificates,omitempty"` - // OPTIONAL: The path to the file containing the certificate revocation list (CRL) - // to use in verifying a presented client side certificate. `CRL` is a list of certificates - // that have been revoked by the CA (Certificate Authority) before their scheduled expiration date. - // If specified, the proxy will verify if the presented certificate is part of the revoked list of certificates. - // If omitted, the proxy will not verify the certificate against the `crl`. - CaCrl string `protobuf:"bytes,13,opt,name=ca_crl,json=caCrl,proto3" json:"ca_crl,omitempty"` - // For gateways running on Kubernetes, the name of the secret that - // holds the TLS certs including the CA certificates. Applicable - // only on Kubernetes. An Opaque secret should contain the following - // keys and values: `tls.key: ` and `tls.crt: ` or - // `key: ` and `cert: `. - // For mutual TLS, `cacert: ` and `crl: ` - // can be provided in the same secret or a separate secret named `-cacert`. - // A TLS secret for server certificates with an additional `tls.ocsp-staple` key - // for specifying OCSP staple information, `ca.crt` key for CA certificates - // and `ca.crl` for certificate revocation list is also supported. - // Only one of server certificates and CA certificate - // or credentialName can be specified. - CredentialName string `protobuf:"bytes,10,opt,name=credential_name,json=credentialName,proto3" json:"credential_name,omitempty"` - // A list of alternate names to verify the subject identity in the - // certificate presented by the client. - SubjectAltNames []string `protobuf:"bytes,6,rep,name=subject_alt_names,json=subjectAltNames,proto3" json:"subject_alt_names,omitempty"` - // An optional list of base64-encoded SHA-256 hashes of the SPKIs of - // authorized client certificates. - // Note: When both verify_certificate_hash and verify_certificate_spki - // are specified, a hash matching either value will result in the - // certificate being accepted. - VerifyCertificateSpki []string `protobuf:"bytes,11,rep,name=verify_certificate_spki,json=verifyCertificateSpki,proto3" json:"verify_certificate_spki,omitempty"` - // An optional list of hex-encoded SHA-256 hashes of the - // authorized client certificates. Both simple and colon separated - // formats are acceptable. - // Note: When both verify_certificate_hash and verify_certificate_spki - // are specified, a hash matching either value will result in the - // certificate being accepted. - VerifyCertificateHash []string `protobuf:"bytes,12,rep,name=verify_certificate_hash,json=verifyCertificateHash,proto3" json:"verify_certificate_hash,omitempty"` - // Optional: Minimum TLS protocol version. By default, it is `TLSV1_2`. - // TLS protocol versions below TLSV1_2 require setting compatible ciphers with the - // `cipherSuites` setting as they no longer include compatible ciphers. - // - // Note: Using TLS protocol versions below TLSV1_2 has serious security risks. - MinProtocolVersion ServerTLSSettings_TLSProtocol `protobuf:"varint,7,opt,name=min_protocol_version,json=minProtocolVersion,proto3,enum=istio.networking.v1beta1.ServerTLSSettings_TLSProtocol" json:"min_protocol_version,omitempty"` - // Optional: Maximum TLS protocol version. - MaxProtocolVersion ServerTLSSettings_TLSProtocol `protobuf:"varint,8,opt,name=max_protocol_version,json=maxProtocolVersion,proto3,enum=istio.networking.v1beta1.ServerTLSSettings_TLSProtocol" json:"max_protocol_version,omitempty"` - // Optional: If specified, only support the specified cipher list. - // Otherwise default to the default cipher list supported by Envoy - // as specified [here](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto). - // The supported list of ciphers are: - // * `ECDHE-ECDSA-AES128-GCM-SHA256` - // * `ECDHE-RSA-AES128-GCM-SHA256` - // * `ECDHE-ECDSA-AES256-GCM-SHA384` - // * `ECDHE-RSA-AES256-GCM-SHA384` - // * `ECDHE-ECDSA-CHACHA20-POLY1305` - // * `ECDHE-RSA-CHACHA20-POLY1305` - // * `ECDHE-ECDSA-AES128-SHA` - // * `ECDHE-RSA-AES128-SHA` - // * `ECDHE-ECDSA-AES256-SHA` - // * `ECDHE-RSA-AES256-SHA` - // * `AES128-GCM-SHA256` - // * `AES256-GCM-SHA384` - // * `AES128-SHA` - // * `AES256-SHA` - // * `DES-CBC3-SHA` - CipherSuites []string `protobuf:"bytes,9,rep,name=cipher_suites,json=cipherSuites,proto3" json:"cipher_suites,omitempty"` -} - -func (x *ServerTLSSettings) Reset() { - *x = ServerTLSSettings{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_gateway_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ServerTLSSettings) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ServerTLSSettings) ProtoMessage() {} - -func (x *ServerTLSSettings) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_gateway_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ServerTLSSettings.ProtoReflect.Descriptor instead. -func (*ServerTLSSettings) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_gateway_proto_rawDescGZIP(), []int{3} -} - -func (x *ServerTLSSettings) GetHttpsRedirect() bool { - if x != nil { - return x.HttpsRedirect - } - return false -} - -func (x *ServerTLSSettings) GetMode() ServerTLSSettings_TLSmode { - if x != nil { - return x.Mode - } - return ServerTLSSettings_PASSTHROUGH -} - -func (x *ServerTLSSettings) GetServerCertificate() string { - if x != nil { - return x.ServerCertificate - } - return "" -} - -func (x *ServerTLSSettings) GetPrivateKey() string { - if x != nil { - return x.PrivateKey - } - return "" -} - -func (x *ServerTLSSettings) GetCaCertificates() string { - if x != nil { - return x.CaCertificates - } - return "" -} - -func (x *ServerTLSSettings) GetCaCrl() string { - if x != nil { - return x.CaCrl - } - return "" -} - -func (x *ServerTLSSettings) GetCredentialName() string { - if x != nil { - return x.CredentialName - } - return "" -} - -func (x *ServerTLSSettings) GetSubjectAltNames() []string { - if x != nil { - return x.SubjectAltNames - } - return nil -} - -func (x *ServerTLSSettings) GetVerifyCertificateSpki() []string { - if x != nil { - return x.VerifyCertificateSpki - } - return nil -} - -func (x *ServerTLSSettings) GetVerifyCertificateHash() []string { - if x != nil { - return x.VerifyCertificateHash - } - return nil -} - -func (x *ServerTLSSettings) GetMinProtocolVersion() ServerTLSSettings_TLSProtocol { - if x != nil { - return x.MinProtocolVersion - } - return ServerTLSSettings_TLS_AUTO -} - -func (x *ServerTLSSettings) GetMaxProtocolVersion() ServerTLSSettings_TLSProtocol { - if x != nil { - return x.MaxProtocolVersion - } - return ServerTLSSettings_TLS_AUTO -} - -func (x *ServerTLSSettings) GetCipherSuites() []string { - if x != nil { - return x.CipherSuites - } - return nil -} - -var File_networking_v1beta1_gateway_proto protoreflect.FileDescriptor - -var file_networking_v1beta1_gateway_proto_rawDesc = []byte{ - 0x0a, 0x20, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, - 0x65, 0x74, 0x61, 0x31, 0x2f, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x12, 0x18, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, - 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x1a, 0x1f, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, - 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xcf, 0x01, - 0x0a, 0x07, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x12, 0x3a, 0x0a, 0x07, 0x73, 0x65, 0x72, - 0x76, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, 0x73, 0x74, - 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, - 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x07, 0x73, 0x65, - 0x72, 0x76, 0x65, 0x72, 0x73, 0x12, 0x4b, 0x0a, 0x08, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, - 0x72, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, - 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, - 0x61, 0x31, 0x2e, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x2e, 0x53, 0x65, 0x6c, 0x65, 0x63, - 0x74, 0x6f, 0x72, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x08, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, - 0x6f, 0x72, 0x1a, 0x3b, 0x0a, 0x0d, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x45, 0x6e, - 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, - 0xee, 0x01, 0x0a, 0x06, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x37, 0x0a, 0x04, 0x70, 0x6f, - 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, - 0x74, 0x61, 0x31, 0x2e, 0x50, 0x6f, 0x72, 0x74, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x70, - 0x6f, 0x72, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x62, 0x69, 0x6e, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x04, 0x62, 0x69, 0x6e, 0x64, 0x12, 0x19, 0x0a, 0x05, 0x68, 0x6f, 0x73, 0x74, 0x73, - 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x05, 0x68, 0x6f, 0x73, - 0x74, 0x73, 0x12, 0x3d, 0x0a, 0x03, 0x74, 0x6c, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x2b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, - 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, - 0x72, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x03, 0x74, 0x6c, - 0x73, 0x12, 0x29, 0x0a, 0x10, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x65, 0x6e, 0x64, - 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x64, 0x65, 0x66, - 0x61, 0x75, 0x6c, 0x74, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x12, 0x0a, 0x04, - 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, - 0x22, 0x82, 0x01, 0x0a, 0x04, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x1b, 0x0a, 0x06, 0x6e, 0x75, 0x6d, - 0x62, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x06, - 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x1f, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, - 0x6f, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x08, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x17, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, - 0x12, 0x23, 0x0a, 0x0b, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, - 0x04, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x02, 0x18, 0x01, 0x52, 0x0a, 0x74, 0x61, 0x72, 0x67, 0x65, - 0x74, 0x50, 0x6f, 0x72, 0x74, 0x22, 0x95, 0x07, 0x0a, 0x11, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, - 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x68, - 0x74, 0x74, 0x70, 0x73, 0x5f, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x08, 0x52, 0x0d, 0x68, 0x74, 0x74, 0x70, 0x73, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, - 0x63, 0x74, 0x12, 0x47, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, - 0x32, 0x33, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, - 0x65, 0x72, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x54, 0x4c, - 0x53, 0x6d, 0x6f, 0x64, 0x65, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x2d, 0x0a, 0x12, 0x73, - 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, - 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x43, - 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x72, - 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x0a, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x12, 0x27, 0x0a, 0x0f, 0x63, - 0x61, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x18, 0x05, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x63, 0x61, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, - 0x61, 0x74, 0x65, 0x73, 0x12, 0x15, 0x0a, 0x06, 0x63, 0x61, 0x5f, 0x63, 0x72, 0x6c, 0x18, 0x0d, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x63, 0x61, 0x43, 0x72, 0x6c, 0x12, 0x27, 0x0a, 0x0f, 0x63, - 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0a, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, - 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x2a, 0x0a, 0x11, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, - 0x61, 0x6c, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52, - 0x0f, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x41, 0x6c, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x73, - 0x12, 0x36, 0x0a, 0x17, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, - 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x73, 0x70, 0x6b, 0x69, 0x18, 0x0b, 0x20, 0x03, 0x28, - 0x09, 0x52, 0x15, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, - 0x63, 0x61, 0x74, 0x65, 0x53, 0x70, 0x6b, 0x69, 0x12, 0x36, 0x0a, 0x17, 0x76, 0x65, 0x72, 0x69, - 0x66, 0x79, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x68, - 0x61, 0x73, 0x68, 0x18, 0x0c, 0x20, 0x03, 0x28, 0x09, 0x52, 0x15, 0x76, 0x65, 0x72, 0x69, 0x66, - 0x79, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x48, 0x61, 0x73, 0x68, - 0x12, 0x69, 0x0a, 0x14, 0x6d, 0x69, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, - 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x37, - 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, - 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, - 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x54, 0x4c, 0x53, 0x50, - 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x52, 0x12, 0x6d, 0x69, 0x6e, 0x50, 0x72, 0x6f, 0x74, - 0x6f, 0x63, 0x6f, 0x6c, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x69, 0x0a, 0x14, 0x6d, - 0x61, 0x78, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x5f, 0x76, 0x65, 0x72, 0x73, - 0x69, 0x6f, 0x6e, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x37, 0x2e, 0x69, 0x73, 0x74, 0x69, - 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, - 0x65, 0x74, 0x61, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x4c, 0x53, 0x53, 0x65, - 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x54, 0x4c, 0x53, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, - 0x6f, 0x6c, 0x52, 0x12, 0x6d, 0x61, 0x78, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x56, - 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x23, 0x0a, 0x0d, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, - 0x5f, 0x73, 0x75, 0x69, 0x74, 0x65, 0x73, 0x18, 0x09, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x63, - 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, 0x73, 0x22, 0x6f, 0x0a, 0x07, 0x54, - 0x4c, 0x53, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x0f, 0x0a, 0x0b, 0x50, 0x41, 0x53, 0x53, 0x54, 0x48, - 0x52, 0x4f, 0x55, 0x47, 0x48, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x49, 0x4d, 0x50, 0x4c, - 0x45, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x4d, 0x55, 0x54, 0x55, 0x41, 0x4c, 0x10, 0x02, 0x12, - 0x14, 0x0a, 0x10, 0x41, 0x55, 0x54, 0x4f, 0x5f, 0x50, 0x41, 0x53, 0x53, 0x54, 0x48, 0x52, 0x4f, - 0x55, 0x47, 0x48, 0x10, 0x03, 0x12, 0x10, 0x0a, 0x0c, 0x49, 0x53, 0x54, 0x49, 0x4f, 0x5f, 0x4d, - 0x55, 0x54, 0x55, 0x41, 0x4c, 0x10, 0x04, 0x12, 0x13, 0x0a, 0x0f, 0x4f, 0x50, 0x54, 0x49, 0x4f, - 0x4e, 0x41, 0x4c, 0x5f, 0x4d, 0x55, 0x54, 0x55, 0x41, 0x4c, 0x10, 0x05, 0x22, 0x4f, 0x0a, 0x0b, - 0x54, 0x4c, 0x53, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x0c, 0x0a, 0x08, 0x54, - 0x4c, 0x53, 0x5f, 0x41, 0x55, 0x54, 0x4f, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x54, 0x4c, 0x53, - 0x56, 0x31, 0x5f, 0x30, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x56, 0x31, 0x5f, - 0x31, 0x10, 0x02, 0x12, 0x0b, 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x56, 0x31, 0x5f, 0x32, 0x10, 0x03, - 0x12, 0x0b, 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x56, 0x31, 0x5f, 0x33, 0x10, 0x04, 0x42, 0x21, 0x5a, - 0x1f, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6e, 0x65, - 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, - 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} - -var ( - file_networking_v1beta1_gateway_proto_rawDescOnce sync.Once - file_networking_v1beta1_gateway_proto_rawDescData = file_networking_v1beta1_gateway_proto_rawDesc -) - -func file_networking_v1beta1_gateway_proto_rawDescGZIP() []byte { - file_networking_v1beta1_gateway_proto_rawDescOnce.Do(func() { - file_networking_v1beta1_gateway_proto_rawDescData = protoimpl.X.CompressGZIP(file_networking_v1beta1_gateway_proto_rawDescData) - }) - return file_networking_v1beta1_gateway_proto_rawDescData -} - -var file_networking_v1beta1_gateway_proto_enumTypes = make([]protoimpl.EnumInfo, 2) -var file_networking_v1beta1_gateway_proto_msgTypes = make([]protoimpl.MessageInfo, 5) -var file_networking_v1beta1_gateway_proto_goTypes = []interface{}{ - (ServerTLSSettings_TLSmode)(0), // 0: istio.networking.v1beta1.ServerTLSSettings.TLSmode - (ServerTLSSettings_TLSProtocol)(0), // 1: istio.networking.v1beta1.ServerTLSSettings.TLSProtocol - (*Gateway)(nil), // 2: istio.networking.v1beta1.Gateway - (*Server)(nil), // 3: istio.networking.v1beta1.Server - (*Port)(nil), // 4: istio.networking.v1beta1.Port - (*ServerTLSSettings)(nil), // 5: istio.networking.v1beta1.ServerTLSSettings - nil, // 6: istio.networking.v1beta1.Gateway.SelectorEntry -} -var file_networking_v1beta1_gateway_proto_depIdxs = []int32{ - 3, // 0: istio.networking.v1beta1.Gateway.servers:type_name -> istio.networking.v1beta1.Server - 6, // 1: istio.networking.v1beta1.Gateway.selector:type_name -> istio.networking.v1beta1.Gateway.SelectorEntry - 4, // 2: istio.networking.v1beta1.Server.port:type_name -> istio.networking.v1beta1.Port - 5, // 3: istio.networking.v1beta1.Server.tls:type_name -> istio.networking.v1beta1.ServerTLSSettings - 0, // 4: istio.networking.v1beta1.ServerTLSSettings.mode:type_name -> istio.networking.v1beta1.ServerTLSSettings.TLSmode - 1, // 5: istio.networking.v1beta1.ServerTLSSettings.min_protocol_version:type_name -> istio.networking.v1beta1.ServerTLSSettings.TLSProtocol - 1, // 6: istio.networking.v1beta1.ServerTLSSettings.max_protocol_version:type_name -> istio.networking.v1beta1.ServerTLSSettings.TLSProtocol - 7, // [7:7] is the sub-list for method output_type - 7, // [7:7] is the sub-list for method input_type - 7, // [7:7] is the sub-list for extension type_name - 7, // [7:7] is the sub-list for extension extendee - 0, // [0:7] is the sub-list for field type_name -} - -func init() { file_networking_v1beta1_gateway_proto_init() } -func file_networking_v1beta1_gateway_proto_init() { - if File_networking_v1beta1_gateway_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_networking_v1beta1_gateway_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Gateway); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_gateway_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Server); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_gateway_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Port); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_gateway_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ServerTLSSettings); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_networking_v1beta1_gateway_proto_rawDesc, - NumEnums: 2, - NumMessages: 5, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_networking_v1beta1_gateway_proto_goTypes, - DependencyIndexes: file_networking_v1beta1_gateway_proto_depIdxs, - EnumInfos: file_networking_v1beta1_gateway_proto_enumTypes, - MessageInfos: file_networking_v1beta1_gateway_proto_msgTypes, - }.Build() - File_networking_v1beta1_gateway_proto = out.File - file_networking_v1beta1_gateway_proto_rawDesc = nil - file_networking_v1beta1_gateway_proto_goTypes = nil - file_networking_v1beta1_gateway_proto_depIdxs = nil -} diff --git a/networking/v1beta1/gateway.proto b/networking/v1beta1/gateway.proto deleted file mode 100644 index bf803bd088e..00000000000 --- a/networking/v1beta1/gateway.proto +++ /dev/null @@ -1,533 +0,0 @@ -// Copyright 2020 Istio Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -import "google/api/field_behavior.proto"; - -// $schema: istio.networking.v1beta1.Gateway -// $title: Gateway -// $description: Configuration affecting edge load balancer. -// $location: https://istio.io/docs/reference/config/networking/gateway.html -// $aliases: [/docs/reference/config/networking/v1beta1/gateway] -// $mode: none - -// `Gateway` describes a load balancer operating at the edge of the mesh -// receiving incoming or outgoing HTTP/TCP connections. The specification -// describes a set of ports that should be exposed, the type of protocol to -// use, SNI configuration for the load balancer, etc. -// -// For example, the following Gateway configuration sets up a proxy to act -// as a load balancer exposing port 80 and 9080 (http), 443 (https), -// 9443(https) and port 2379 (TCP) for ingress. The gateway will be -// applied to the proxy running on a pod with labels `app: -// my-gateway-controller`. While Istio will configure the proxy to listen -// on these ports, it is the responsibility of the user to ensure that -// external traffic to these ports are allowed into the mesh. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Gateway -// metadata: -// name: my-gateway -// namespace: some-config-namespace -// spec: -// selector: -// app: my-gateway-controller -// servers: -// - port: -// number: 80 -// name: http -// protocol: HTTP -// hosts: -// - uk.bookinfo.com -// - eu.bookinfo.com -// tls: -// httpsRedirect: true # sends 301 redirect for http requests -// - port: -// number: 443 -// name: https-443 -// protocol: HTTPS -// hosts: -// - uk.bookinfo.com -// - eu.bookinfo.com -// tls: -// mode: SIMPLE # enables HTTPS on this port -// serverCertificate: /etc/certs/servercert.pem -// privateKey: /etc/certs/privatekey.pem -// - port: -// number: 9443 -// name: https-9443 -// protocol: HTTPS -// hosts: -// - "bookinfo-namespace/*.bookinfo.com" -// tls: -// mode: SIMPLE # enables HTTPS on this port -// credentialName: bookinfo-secret # fetches certs from Kubernetes secret -// - port: -// number: 9080 -// name: http-wildcard -// protocol: HTTP -// hosts: -// - "*" -// - port: -// number: 2379 # to expose internal service via external port 2379 -// name: mongo -// protocol: MONGO -// hosts: -// - "*" -// ``` -// -// The Gateway specification above describes the L4-L6 properties of a load -// balancer. A `VirtualService` can then be bound to a gateway to control -// the forwarding of traffic arriving at a particular host or gateway port. -// -// For example, the following VirtualService splits traffic for -// `https://uk.bookinfo.com/reviews`, `https://eu.bookinfo.com/reviews`, -// `http://uk.bookinfo.com:9080/reviews`, -// `http://eu.bookinfo.com:9080/reviews` into two versions (prod and qa) of -// an internal reviews service on port 9080. In addition, requests -// containing the cookie "user: dev-123" will be sent to special port 7777 -// in the qa version. The same rule is also applicable inside the mesh for -// requests to the "reviews.prod.svc.cluster.local" service. This rule is -// applicable across ports 443, 9080. Note that `http://uk.bookinfo.com` -// gets redirected to `https://uk.bookinfo.com` (i.e. 80 redirects to 443). -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: bookinfo-rule -// namespace: bookinfo-namespace -// spec: -// hosts: -// - reviews.prod.svc.cluster.local -// - uk.bookinfo.com -// - eu.bookinfo.com -// gateways: -// - some-config-namespace/my-gateway -// - mesh # applies to all the sidecars in the mesh -// http: -// - match: -// - headers: -// cookie: -// exact: "user=dev-123" -// route: -// - destination: -// port: -// number: 7777 -// host: reviews.qa.svc.cluster.local -// - match: -// - uri: -// prefix: /reviews/ -// route: -// - destination: -// port: -// number: 9080 # can be omitted if it's the only port for reviews -// host: reviews.prod.svc.cluster.local -// weight: 80 -// - destination: -// host: reviews.qa.svc.cluster.local -// weight: 20 -// ``` -// -// The following VirtualService forwards traffic arriving at (external) -// port 27017 to internal Mongo server on port 5555. This rule is not -// applicable internally in the mesh as the gateway list omits the -// reserved name `mesh`. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: bookinfo-mongo -// namespace: bookinfo-namespace -// spec: -// hosts: -// - mongosvr.prod.svc.cluster.local # name of internal Mongo service -// gateways: -// - some-config-namespace/my-gateway # can omit the namespace if gateway is in same namespace as virtual service. -// tcp: -// - match: -// - port: 27017 -// route: -// - destination: -// host: mongo.prod.svc.cluster.local -// port: -// number: 5555 -// ``` -// -// It is possible to restrict the set of virtual services that can bind to -// a gateway server using the namespace/hostname syntax in the hosts field. -// For example, the following Gateway allows any virtual service in the ns1 -// namespace to bind to it, while restricting only the virtual service with -// foo.bar.com host in the ns2 namespace to bind to it. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Gateway -// metadata: -// name: my-gateway -// namespace: some-config-namespace -// spec: -// selector: -// app: my-gateway-controller -// servers: -// - port: -// number: 80 -// name: http -// protocol: HTTP -// hosts: -// - "ns1/*" -// - "ns2/foo.bar.com" -// ``` -package istio.networking.v1beta1; - -option go_package = "istio.io/api/networking/v1beta1"; - -// Gateway describes a load balancer operating at the edge of the mesh -// receiving incoming or outgoing HTTP/TCP connections. -// -// -// -message Gateway { - // A list of server specifications. - repeated Server servers = 1; - - // One or more labels that indicate a specific set of pods/VMs - // on which this gateway configuration should be applied. - // By default workloads are searched across all namespaces based on label selectors. - // This implies that a gateway resource in the namespace "foo" can select pods in - // the namespace "bar" based on labels. - // This behavior can be controlled via the `PILOT_SCOPE_GATEWAY_TO_NAMESPACE` - // environment variable in istiod. If this variable is set - // to true, the scope of label search is restricted to the configuration - // namespace in which the the resource is present. In other words, the Gateway - // resource must reside in the same namespace as the gateway workload - // instance. - // If selector is nil, the Gateway will be applied to all workloads. - map selector = 2; -} - -// `Server` describes the properties of the proxy on a given load balancer -// port. For example, -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Gateway -// metadata: -// name: my-ingress -// spec: -// selector: -// app: my-ingressgateway -// servers: -// - port: -// number: 80 -// name: http2 -// protocol: HTTP2 -// hosts: -// - "*" -// ``` -// -// Another example -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Gateway -// metadata: -// name: my-tcp-ingress -// spec: -// selector: -// app: my-tcp-ingressgateway -// servers: -// - port: -// number: 27018 -// name: mongo -// protocol: MONGO -// hosts: -// - "*" -// ``` -// -// The following is an example of TLS configuration for port 443 -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Gateway -// metadata: -// name: my-tls-ingress -// spec: -// selector: -// app: my-tls-ingressgateway -// servers: -// - port: -// number: 443 -// name: https -// protocol: HTTPS -// hosts: -// - "*" -// tls: -// mode: SIMPLE -// credentialName: tls-cert -// ``` -// -message Server { - // The Port on which the proxy should listen for incoming - // connections. - Port port = 1 [(google.api.field_behavior) = REQUIRED]; - - // The ip or the Unix domain socket to which the listener should be bound - // to. Format: `x.x.x.x` or `unix:///path/to/uds` or `unix://@foobar` - // (Linux abstract namespace). When using Unix domain sockets, the port - // number should be 0. - // This can be used to restrict the reachability of this server to be gateway internal only. - // This is typically used when a gateway needs to communicate to another mesh service - // e.g. publishing metrics. In such case, the server created with the - // specified bind will not be available to external gateway clients. - string bind = 4; - - // One or more hosts exposed by this gateway. - // While typically applicable to - // HTTP services, it can also be used for TCP services using TLS with SNI. - // A host is specified as a `dnsName` with an optional `namespace/` prefix. - // The `dnsName` should be specified using FQDN format, optionally including - // a wildcard character in the left-most component (e.g., `prod/*.example.com`). - // Set the `dnsName` to `*` to select all `VirtualService` hosts from the - // specified namespace (e.g.,`prod/*`). - // - // The `namespace` can be set to `*` or `.`, representing any or the current - // namespace, respectively. For example, `*/foo.example.com` selects the - // service from any available namespace while `./foo.example.com` only selects - // the service from the namespace of the sidecar. The default, if no `namespace/` - // is specified, is `*/`, that is, select services from any namespace. - // Any associated `DestinationRule` in the selected namespace will also be used. - // - // A `VirtualService` must be bound to the gateway and must have one or - // more hosts that match the hosts specified in a server. The match - // could be an exact match or a suffix match with the server's hosts. For - // example, if the server's hosts specifies `*.example.com`, a - // `VirtualService` with hosts `dev.example.com` or `prod.example.com` will - // match. However, a `VirtualService` with host `example.com` or - // `newexample.com` will not match. - // - // NOTE: Only virtual services exported to the gateway's namespace - // (e.g., `exportTo` value of `*`) can be referenced. - // Private configurations (e.g., `exportTo` set to `.`) will not be - // available. Refer to the `exportTo` setting in `VirtualService`, - // `DestinationRule`, and `ServiceEntry` configurations for details. - repeated string hosts = 2 [(google.api.field_behavior) = REQUIRED]; - - // Set of TLS related options that govern the server's behavior. Use - // these options to control if all http requests should be redirected to - // https, and the TLS modes to use. - ServerTLSSettings tls = 3; - - // The loopback IP endpoint or Unix domain socket to which traffic should - // be forwarded to by default. Format should be `127.0.0.1:PORT` or - // `unix:///path/to/socket` or `unix://@foobar` (Linux abstract namespace). - // NOT IMPLEMENTED. - // $hide_from_docs - string default_endpoint = 5; - - // An optional name of the server, when set must be unique across all servers. - // This will be used for variety of purposes like prefixing stats generated with - // this name etc. - string name = 6; -} - -// Port describes the properties of a specific port of a service. -message Port { - // A valid non-negative integer port number. - uint32 number = 1 [(google.api.field_behavior) = REQUIRED]; - - // The protocol exposed on the port. - // MUST BE one of HTTP|HTTPS|GRPC|GRPC-WEB|HTTP2|MONGO|TCP|TLS. - // TLS can be either used to terminate non-HTTP based connections on a specific port - // or to route traffic based on SNI header to the destination without terminating the TLS connection. - string protocol = 2 [(google.api.field_behavior) = REQUIRED]; - - // Label assigned to the port. - string name = 3 [(google.api.field_behavior) = REQUIRED]; - - // The port number on the endpoint where the traffic will be - // received. Applicable only when used with ServiceEntries. - // $hide_from_docs - uint32 target_port = 4 [deprecated=true]; -} - -message ServerTLSSettings { - // If set to true, the load balancer will send a 301 redirect for - // all http connections, asking the clients to use HTTPS. - bool https_redirect = 1; - - // TLS modes enforced by the proxy - enum TLSmode { - // The SNI string presented by the client will be used as the - // match criterion in a VirtualService TLS route to determine - // the destination service from the service registry. - PASSTHROUGH = 0; - - // Secure connections with standard TLS semantics. In this mode - // client certificate is not requested during handshake. - SIMPLE = 1; - - // Secure connections to the downstream using mutual TLS by - // presenting server certificates for authentication. - // A client certificate will also be requested during the handshake and - // at least one valid certificate is required to be sent by the client. - MUTUAL = 2; - - // Similar to the passthrough mode, except servers with this TLS - // mode do not require an associated VirtualService to map from - // the SNI value to service in the registry. The destination - // details such as the service/subset/port are encoded in the - // SNI value. The proxy will forward to the upstream (Envoy) - // cluster (a group of endpoints) specified by the SNI - // value. This server is typically used to provide connectivity - // between services in disparate L3 networks that otherwise do - // not have direct connectivity between their respective - // endpoints. Use of this mode assumes that both the source and - // the destination are using Istio mTLS to secure traffic. - AUTO_PASSTHROUGH = 3; - - // Secure connections from the downstream using mutual TLS by - // presenting server certificates for authentication. Compared - // to Mutual mode, this mode uses certificates, representing - // gateway workload identity, generated automatically by Istio - // for mTLS authentication. When this mode is used, all other - // fields in `TLSOptions` should be empty. - ISTIO_MUTUAL = 4; - - // Similar to MUTUAL mode, except that the client certificate - // is optional. Unlike SIMPLE mode, A client certificate will - // still be explicitly requested during handshake, but the client - // is not required to send a certificate. If a client certificate - // is presented, it will be validated. ca_certificates should - // be specified for validating client certificates. - OPTIONAL_MUTUAL = 5; - }; - - // Optional: Indicates whether connections to this port should be - // secured using TLS. The value of this field determines how TLS is - // enforced. - TLSmode mode = 2; - - // REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file - // holding the server-side TLS certificate to use. - string server_certificate = 3; - - // REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file - // holding the server's private key. - string private_key = 4; - - // REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`. The path to a file - // containing certificate authority certificates to use in verifying a presented - // client side certificate. - string ca_certificates = 5; - - // OPTIONAL: The path to the file containing the certificate revocation list (CRL) - // to use in verifying a presented client side certificate. `CRL` is a list of certificates - // that have been revoked by the CA (Certificate Authority) before their scheduled expiration date. - // If specified, the proxy will verify if the presented certificate is part of the revoked list of certificates. - // If omitted, the proxy will not verify the certificate against the `crl`. - string ca_crl = 13; - - // For gateways running on Kubernetes, the name of the secret that - // holds the TLS certs including the CA certificates. Applicable - // only on Kubernetes. An Opaque secret should contain the following - // keys and values: `tls.key: ` and `tls.crt: ` or - // `key: ` and `cert: `. - // For mutual TLS, `cacert: ` and `crl: ` - // can be provided in the same secret or a separate secret named `-cacert`. - // A TLS secret for server certificates with an additional `tls.ocsp-staple` key - // for specifying OCSP staple information, `ca.crt` key for CA certificates - // and `ca.crl` for certificate revocation list is also supported. - // Only one of server certificates and CA certificate - // or credentialName can be specified. - string credential_name = 10; - - // A list of alternate names to verify the subject identity in the - // certificate presented by the client. - repeated string subject_alt_names = 6; - - // An optional list of base64-encoded SHA-256 hashes of the SPKIs of - // authorized client certificates. - // Note: When both verify_certificate_hash and verify_certificate_spki - // are specified, a hash matching either value will result in the - // certificate being accepted. - repeated string verify_certificate_spki = 11; - - // An optional list of hex-encoded SHA-256 hashes of the - // authorized client certificates. Both simple and colon separated - // formats are acceptable. - // Note: When both verify_certificate_hash and verify_certificate_spki - // are specified, a hash matching either value will result in the - // certificate being accepted. - repeated string verify_certificate_hash = 12; - - // TLS protocol versions. - enum TLSProtocol { - // Automatically choose the optimal TLS version. - TLS_AUTO = 0; - - // TLS version 1.0 - TLSV1_0 = 1; - - // TLS version 1.1 - TLSV1_1 = 2; - - // TLS version 1.2 - TLSV1_2 = 3; - - // TLS version 1.3 - TLSV1_3 = 4; - } - - // Optional: Minimum TLS protocol version. By default, it is `TLSV1_2`. - // TLS protocol versions below TLSV1_2 require setting compatible ciphers with the - // `cipherSuites` setting as they no longer include compatible ciphers. - // - // Note: Using TLS protocol versions below TLSV1_2 has serious security risks. - TLSProtocol min_protocol_version = 7; - - // Optional: Maximum TLS protocol version. - TLSProtocol max_protocol_version = 8; - - // Optional: If specified, only support the specified cipher list. - // Otherwise default to the default cipher list supported by Envoy - // as specified [here](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto). - // The supported list of ciphers are: - // * `ECDHE-ECDSA-AES128-GCM-SHA256` - // * `ECDHE-RSA-AES128-GCM-SHA256` - // * `ECDHE-ECDSA-AES256-GCM-SHA384` - // * `ECDHE-RSA-AES256-GCM-SHA384` - // * `ECDHE-ECDSA-CHACHA20-POLY1305` - // * `ECDHE-RSA-CHACHA20-POLY1305` - // * `ECDHE-ECDSA-AES128-SHA` - // * `ECDHE-RSA-AES128-SHA` - // * `ECDHE-ECDSA-AES256-SHA` - // * `ECDHE-RSA-AES256-SHA` - // * `AES128-GCM-SHA256` - // * `AES256-GCM-SHA384` - // * `AES128-SHA` - // * `AES256-SHA` - // * `DES-CBC3-SHA` - repeated string cipher_suites = 9; -} diff --git a/networking/v1beta1/gateway_alias.gen.go b/networking/v1beta1/gateway_alias.gen.go new file mode 100644 index 00000000000..6f06106e74c --- /dev/null +++ b/networking/v1beta1/gateway_alias.gen.go @@ -0,0 +1,25 @@ +// Code generated by protoc-gen-alias. DO NOT EDIT. +package v1beta1 + +import "istio.io/api/networking/v1alpha3" + +type Gateway = v1alpha3.Gateway +type Server = v1alpha3.Server +type Port = v1alpha3.Port +type ServerTLSSettings = v1alpha3.ServerTLSSettings +type ServerTLSSettings_TLSmode = v1alpha3.ServerTLSSettings_TLSmode + +const ServerTLSSettings_PASSTHROUGH ServerTLSSettings_TLSmode = v1alpha3.ServerTLSSettings_PASSTHROUGH +const ServerTLSSettings_SIMPLE ServerTLSSettings_TLSmode = v1alpha3.ServerTLSSettings_SIMPLE +const ServerTLSSettings_MUTUAL ServerTLSSettings_TLSmode = v1alpha3.ServerTLSSettings_MUTUAL +const ServerTLSSettings_AUTO_PASSTHROUGH ServerTLSSettings_TLSmode = v1alpha3.ServerTLSSettings_AUTO_PASSTHROUGH +const ServerTLSSettings_ISTIO_MUTUAL ServerTLSSettings_TLSmode = v1alpha3.ServerTLSSettings_ISTIO_MUTUAL +const ServerTLSSettings_OPTIONAL_MUTUAL ServerTLSSettings_TLSmode = v1alpha3.ServerTLSSettings_OPTIONAL_MUTUAL + +type ServerTLSSettings_TLSProtocol = v1alpha3.ServerTLSSettings_TLSProtocol + +const ServerTLSSettings_TLS_AUTO ServerTLSSettings_TLSProtocol = v1alpha3.ServerTLSSettings_TLS_AUTO +const ServerTLSSettings_TLSV1_0 ServerTLSSettings_TLSProtocol = v1alpha3.ServerTLSSettings_TLSV1_0 +const ServerTLSSettings_TLSV1_1 ServerTLSSettings_TLSProtocol = v1alpha3.ServerTLSSettings_TLSV1_1 +const ServerTLSSettings_TLSV1_2 ServerTLSSettings_TLSProtocol = v1alpha3.ServerTLSSettings_TLSV1_2 +const ServerTLSSettings_TLSV1_3 ServerTLSSettings_TLSProtocol = v1alpha3.ServerTLSSettings_TLSV1_3 diff --git a/networking/v1beta1/gateway_deepcopy.gen.go b/networking/v1beta1/gateway_deepcopy.gen.go deleted file mode 100644 index 0318f99bb50..00000000000 --- a/networking/v1beta1/gateway_deepcopy.gen.go +++ /dev/null @@ -1,90 +0,0 @@ -// Code generated by protoc-gen-deepcopy. DO NOT EDIT. -package v1beta1 - -import ( - proto "google.golang.org/protobuf/proto" -) - -// DeepCopyInto supports using Gateway within kubernetes types, where deepcopy-gen is used. -func (in *Gateway) DeepCopyInto(out *Gateway) { - p := proto.Clone(in).(*Gateway) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Gateway. Required by controller-gen. -func (in *Gateway) DeepCopy() *Gateway { - if in == nil { - return nil - } - out := new(Gateway) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Gateway. Required by controller-gen. -func (in *Gateway) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using Server within kubernetes types, where deepcopy-gen is used. -func (in *Server) DeepCopyInto(out *Server) { - p := proto.Clone(in).(*Server) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Server. Required by controller-gen. -func (in *Server) DeepCopy() *Server { - if in == nil { - return nil - } - out := new(Server) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Server. Required by controller-gen. -func (in *Server) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using Port within kubernetes types, where deepcopy-gen is used. -func (in *Port) DeepCopyInto(out *Port) { - p := proto.Clone(in).(*Port) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Port. Required by controller-gen. -func (in *Port) DeepCopy() *Port { - if in == nil { - return nil - } - out := new(Port) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Port. Required by controller-gen. -func (in *Port) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using ServerTLSSettings within kubernetes types, where deepcopy-gen is used. -func (in *ServerTLSSettings) DeepCopyInto(out *ServerTLSSettings) { - p := proto.Clone(in).(*ServerTLSSettings) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServerTLSSettings. Required by controller-gen. -func (in *ServerTLSSettings) DeepCopy() *ServerTLSSettings { - if in == nil { - return nil - } - out := new(ServerTLSSettings) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ServerTLSSettings. Required by controller-gen. -func (in *ServerTLSSettings) DeepCopyInterface() interface{} { - return in.DeepCopy() -} diff --git a/networking/v1beta1/gateway_json.gen.go b/networking/v1beta1/gateway_json.gen.go deleted file mode 100644 index 7f6c0b55f3b..00000000000 --- a/networking/v1beta1/gateway_json.gen.go +++ /dev/null @@ -1,56 +0,0 @@ -// Code generated by protoc-gen-jsonshim. DO NOT EDIT. -package v1beta1 - -import ( - bytes "bytes" - jsonpb "github.com/golang/protobuf/jsonpb" -) - -// MarshalJSON is a custom marshaler for Gateway -func (this *Gateway) MarshalJSON() ([]byte, error) { - str, err := GatewayMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for Gateway -func (this *Gateway) UnmarshalJSON(b []byte) error { - return GatewayUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for Server -func (this *Server) MarshalJSON() ([]byte, error) { - str, err := GatewayMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for Server -func (this *Server) UnmarshalJSON(b []byte) error { - return GatewayUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for Port -func (this *Port) MarshalJSON() ([]byte, error) { - str, err := GatewayMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for Port -func (this *Port) UnmarshalJSON(b []byte) error { - return GatewayUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for ServerTLSSettings -func (this *ServerTLSSettings) MarshalJSON() ([]byte, error) { - str, err := GatewayMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for ServerTLSSettings -func (this *ServerTLSSettings) UnmarshalJSON(b []byte) error { - return GatewayUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -var ( - GatewayMarshaler = &jsonpb.Marshaler{} - GatewayUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} -) diff --git a/networking/v1beta1/service_entry.pb.go b/networking/v1beta1/service_entry.pb.go deleted file mode 100644 index 60eb74e2b02..00000000000 --- a/networking/v1beta1/service_entry.pb.go +++ /dev/null @@ -1,999 +0,0 @@ -// Copyright 2020 Istio Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.33.0 -// protoc (unknown) -// source: networking/v1beta1/service_entry.proto - -// $schema: istio.networking.v1beta1.ServiceEntry -// $title: Service Entry -// $description: Configuration affecting service registry. -// $location: https://istio.io/docs/reference/config/networking/service-entry.html -// $aliases: [/docs/reference/config/networking/v1beta1/service-entry] -// $mode: none - -// `ServiceEntry` enables adding additional entries into Istio's -// internal service registry, so that auto-discovered services in the -// mesh can access/route to these manually specified services. A -// service entry describes the properties of a service (DNS name, -// VIPs, ports, protocols, endpoints). These services could be -// external to the mesh (e.g., web APIs) or mesh-internal services -// that are not part of the platform's service registry (e.g., a set -// of VMs talking to services in Kubernetes). In addition, the -// endpoints of a service entry can also be dynamically selected by -// using the `workloadSelector` field. These endpoints can be VM -// workloads declared using the `WorkloadEntry` object or Kubernetes -// pods. The ability to select both pods and VMs under a single -// service allows for migration of services from VMs to Kubernetes -// without having to change the existing DNS names associated with the -// services. -// -// The following example declares a few external APIs accessed by internal -// applications over HTTPS. The sidecar inspects the SNI value in the -// ClientHello message to route to the appropriate external service. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-https -// spec: -// hosts: -// - api.dropboxapi.com -// - www.googleapis.com -// - api.facebook.com -// location: MESH_EXTERNAL -// ports: -// - number: 443 -// name: https -// protocol: TLS -// resolution: DNS -// ``` -// -// The following configuration adds a set of MongoDB instances running on -// unmanaged VMs to Istio's registry, so that these services can be treated -// as any other service in the mesh. The associated DestinationRule is used -// to initiate mTLS connections to the database instances. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-mongocluster -// spec: -// hosts: -// - mymongodb.somedomain # not used -// addresses: -// - 192.192.192.192/24 # VIPs -// ports: -// - number: 27018 -// name: mongodb -// protocol: MONGO -// location: MESH_INTERNAL -// resolution: STATIC -// endpoints: -// - address: 2.2.2.2 -// - address: 3.3.3.3 -// ``` -// -// and the associated DestinationRule -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: mtls-mongocluster -// spec: -// host: mymongodb.somedomain -// trafficPolicy: -// tls: -// mode: MUTUAL -// clientCertificate: /etc/certs/myclientcert.pem -// privateKey: /etc/certs/client_private_key.pem -// caCertificates: /etc/certs/rootcacerts.pem -// ``` -// -// The following example uses a combination of service entry and TLS -// routing in a virtual service to steer traffic based on the SNI value to -// an internal egress firewall. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-redirect -// spec: -// hosts: -// - wikipedia.org -// - "*.wikipedia.org" -// location: MESH_EXTERNAL -// ports: -// - number: 443 -// name: https -// protocol: TLS -// resolution: NONE -// ``` -// -// And the associated VirtualService to route based on the SNI value. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: tls-routing -// spec: -// hosts: -// - wikipedia.org -// - "*.wikipedia.org" -// tls: -// - match: -// - sniHosts: -// - wikipedia.org -// - "*.wikipedia.org" -// route: -// - destination: -// host: internal-egress-firewall.ns1.svc.cluster.local -// ``` -// -// The virtual service with TLS match serves to override the default SNI -// match. In the absence of a virtual service, traffic will be forwarded to -// the wikipedia domains. -// -// The following example demonstrates the use of a dedicated egress gateway -// through which all external service traffic is forwarded. -// The 'exportTo' field allows for control over the visibility of a service -// declaration to other namespaces in the mesh. By default, a service is exported -// to all namespaces. The following example restricts the visibility to the -// current namespace, represented by ".", so that it cannot be used by other -// namespaces. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-httpbin -// namespace : egress -// spec: -// hosts: -// - example.com -// exportTo: -// - "." -// location: MESH_EXTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: DNS -// ``` -// -// Define a gateway to handle all egress traffic. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Gateway -// metadata: -// name: istio-egressgateway -// namespace: istio-system -// spec: -// selector: -// istio: egressgateway -// servers: -// - port: -// number: 80 -// name: http -// protocol: HTTP -// hosts: -// - "*" -// ``` -// -// And the associated `VirtualService` to route from the sidecar to the -// gateway service (`istio-egressgateway.istio-system.svc.cluster.local`), as -// well as route from the gateway to the external service. Note that the -// virtual service is exported to all namespaces enabling them to route traffic -// through the gateway to the external service. Forcing traffic to go through -// a managed middle proxy like this is a common practice. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: gateway-routing -// namespace: egress -// spec: -// hosts: -// - example.com -// exportTo: -// - "*" -// gateways: -// - mesh -// - istio-egressgateway -// http: -// - match: -// - port: 80 -// gateways: -// - mesh -// route: -// - destination: -// host: istio-egressgateway.istio-system.svc.cluster.local -// - match: -// - port: 80 -// gateways: -// - istio-egressgateway -// route: -// - destination: -// host: example.com -// ``` -// -// The following example demonstrates the use of wildcards in the hosts for -// external services. If the connection has to be routed to the IP address -// requested by the application (i.e. application resolves DNS and attempts -// to connect to a specific IP), the resolution mode must be set to `NONE`. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-wildcard-example -// spec: -// hosts: -// - "*.bar.com" -// location: MESH_EXTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: NONE -// ``` -// -// The following example demonstrates a service that is available via a -// Unix Domain Socket on the host of the client. The resolution must be -// set to STATIC to use Unix address endpoints. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: unix-domain-socket-example -// spec: -// hosts: -// - "example.unix.local" -// location: MESH_EXTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: STATIC -// endpoints: -// - address: unix:///var/run/example/socket -// ``` -// -// For HTTP-based services, it is possible to create a `VirtualService` -// backed by multiple DNS addressable endpoints. In such a scenario, the -// application can use the `HTTP_PROXY` environment variable to transparently -// reroute API calls for the `VirtualService` to a chosen backend. For -// example, the following configuration creates a non-existent external -// service called foo.bar.com backed by three domains: us.foo.bar.com:8080, -// uk.foo.bar.com:9080, and in.foo.bar.com:7080 -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-dns -// spec: -// hosts: -// - foo.bar.com -// location: MESH_EXTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: DNS -// endpoints: -// - address: us.foo.bar.com -// ports: -// http: 8080 -// - address: uk.foo.bar.com -// ports: -// http: 9080 -// - address: in.foo.bar.com -// ports: -// http: 7080 -// ``` -// -// With `HTTP_PROXY=http://localhost/`, calls from the application to -// `http://foo.bar.com` will be load balanced across the three domains -// specified above. In other words, a call to `http://foo.bar.com/baz` would -// be translated to `http://uk.foo.bar.com/baz`. -// -// The following example illustrates the usage of a `ServiceEntry` -// containing a subject alternate name -// whose format conforms to the [SPIFFE standard](https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md): -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: httpbin -// namespace : httpbin-ns -// spec: -// hosts: -// - example.com -// location: MESH_INTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: STATIC -// endpoints: -// - address: 2.2.2.2 -// - address: 3.3.3.3 -// subjectAltNames: -// - "spiffe://cluster.local/ns/httpbin-ns/sa/httpbin-service-account" -// ``` -// -// The following example demonstrates the use of `ServiceEntry` with a -// `workloadSelector` to handle the migration of a service -// `details.bookinfo.com` from VMs to Kubernetes. The service has two -// VM-based instances with sidecars as well as a set of Kubernetes -// pods managed by a standard deployment object. Consumers of this -// service in the mesh will be automatically load balanced across the -// VMs and Kubernetes. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: WorkloadEntry -// metadata: -// name: details-vm-1 -// spec: -// serviceAccount: details -// address: 2.2.2.2 -// labels: -// app: details -// instance-id: vm1 -// --- -// apiVersion: networking.istio.io/v1beta1 -// kind: WorkloadEntry -// metadata: -// name: details-vm-2 -// spec: -// serviceAccount: details -// address: 3.3.3.3 -// labels: -// app: details -// instance-id: vm2 -// ``` -// -// Assuming there is also a Kubernetes deployment with pod labels -// `app: details` using the same service account `details`, the -// following service entry declares a service spanning both VMs and -// Kubernetes: -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: details-svc -// spec: -// hosts: -// - details.bookinfo.com -// location: MESH_INTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: STATIC -// workloadSelector: -// labels: -// app: details -// ``` - -package v1beta1 - -import ( - _ "google.golang.org/genproto/googleapis/api/annotations" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// Location specifies whether the service is part of Istio mesh or -// outside the mesh. Location determines the behavior of several -// features, such as service-to-service mTLS authentication, policy -// enforcement, etc. When communicating with services outside the mesh, -// Istio's mTLS authentication is disabled, and policy enforcement is -// performed on the client-side as opposed to server-side. -type ServiceEntry_Location int32 - -const ( - // Signifies that the service is external to the mesh. Typically used - // to indicate external services consumed through APIs. - ServiceEntry_MESH_EXTERNAL ServiceEntry_Location = 0 - // Signifies that the service is part of the mesh. Typically used to - // indicate services added explicitly as part of expanding the service - // mesh to include unmanaged infrastructure (e.g., VMs added to a - // Kubernetes based service mesh). - ServiceEntry_MESH_INTERNAL ServiceEntry_Location = 1 -) - -// Enum value maps for ServiceEntry_Location. -var ( - ServiceEntry_Location_name = map[int32]string{ - 0: "MESH_EXTERNAL", - 1: "MESH_INTERNAL", - } - ServiceEntry_Location_value = map[string]int32{ - "MESH_EXTERNAL": 0, - "MESH_INTERNAL": 1, - } -) - -func (x ServiceEntry_Location) Enum() *ServiceEntry_Location { - p := new(ServiceEntry_Location) - *p = x - return p -} - -func (x ServiceEntry_Location) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (ServiceEntry_Location) Descriptor() protoreflect.EnumDescriptor { - return file_networking_v1beta1_service_entry_proto_enumTypes[0].Descriptor() -} - -func (ServiceEntry_Location) Type() protoreflect.EnumType { - return &file_networking_v1beta1_service_entry_proto_enumTypes[0] -} - -func (x ServiceEntry_Location) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use ServiceEntry_Location.Descriptor instead. -func (ServiceEntry_Location) EnumDescriptor() ([]byte, []int) { - return file_networking_v1beta1_service_entry_proto_rawDescGZIP(), []int{0, 0} -} - -// Resolution determines how the proxy will resolve the IP addresses of -// the network endpoints associated with the service, so that it can -// route to one of them. The resolution mode specified here has no impact -// on how the application resolves the IP address associated with the -// service. The application may still have to use DNS to resolve the -// service to an IP so that the outbound traffic can be captured by the -// Proxy. Alternatively, for HTTP services, the application could -// directly communicate with the proxy (e.g., by setting HTTP_PROXY) to -// talk to these services. -type ServiceEntry_Resolution int32 - -const ( - // Assume that incoming connections have already been resolved (to a - // specific destination IP address). Such connections are typically - // routed via the proxy using mechanisms such as IP table REDIRECT/ - // eBPF. After performing any routing related transformations, the - // proxy will forward the connection to the IP address to which the - // connection was bound. - ServiceEntry_NONE ServiceEntry_Resolution = 0 - // Use the static IP addresses specified in endpoints (see below) as the - // backing instances associated with the service. - ServiceEntry_STATIC ServiceEntry_Resolution = 1 - // Attempt to resolve the IP address by querying the ambient DNS, - // asynchronously. If no endpoints are specified, the proxy - // will resolve the DNS address specified in the hosts field, if - // wildcards are not used. If endpoints are specified, the DNS - // addresses specified in the endpoints will be resolved to determine - // the destination IP address. DNS resolution cannot be used with Unix - // domain socket endpoints. - ServiceEntry_DNS ServiceEntry_Resolution = 2 - // Attempt to resolve the IP address by querying the ambient DNS, - // asynchronously. Unlike `DNS`, `DNS_ROUND_ROBIN` only uses the - // first IP address returned when a new connection needs to be initiated - // without relying on complete results of DNS resolution, and connections - // made to hosts will be retained even if DNS records change frequently - // eliminating draining connection pools and connection cycling. - // This is best suited for large web scale services that - // must be accessed via DNS. The proxy will resolve the DNS address - // specified in the hosts field, if wildcards are not used. DNS resolution - // cannot be used with Unix domain socket endpoints. - ServiceEntry_DNS_ROUND_ROBIN ServiceEntry_Resolution = 3 -) - -// Enum value maps for ServiceEntry_Resolution. -var ( - ServiceEntry_Resolution_name = map[int32]string{ - 0: "NONE", - 1: "STATIC", - 2: "DNS", - 3: "DNS_ROUND_ROBIN", - } - ServiceEntry_Resolution_value = map[string]int32{ - "NONE": 0, - "STATIC": 1, - "DNS": 2, - "DNS_ROUND_ROBIN": 3, - } -) - -func (x ServiceEntry_Resolution) Enum() *ServiceEntry_Resolution { - p := new(ServiceEntry_Resolution) - *p = x - return p -} - -func (x ServiceEntry_Resolution) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (ServiceEntry_Resolution) Descriptor() protoreflect.EnumDescriptor { - return file_networking_v1beta1_service_entry_proto_enumTypes[1].Descriptor() -} - -func (ServiceEntry_Resolution) Type() protoreflect.EnumType { - return &file_networking_v1beta1_service_entry_proto_enumTypes[1] -} - -func (x ServiceEntry_Resolution) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use ServiceEntry_Resolution.Descriptor instead. -func (ServiceEntry_Resolution) EnumDescriptor() ([]byte, []int) { - return file_networking_v1beta1_service_entry_proto_rawDescGZIP(), []int{0, 1} -} - -// ServiceEntry enables adding additional entries into Istio's internal -// service registry. -// -// -// -type ServiceEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The hosts associated with the ServiceEntry. Could be a DNS - // name with wildcard prefix. - // - // 1. The hosts field is used to select matching hosts in VirtualServices and DestinationRules. - // 2. For HTTP traffic the HTTP Host/Authority header will be matched against the hosts field. - // 3. For HTTPs or TLS traffic containing Server Name Indication (SNI), the SNI value - // will be matched against the hosts field. - // - // **NOTE 1:** When resolution is set to type DNS and no endpoints - // are specified, the host field will be used as the DNS name of the - // endpoint to route traffic to. - // - // **NOTE 2:** If the hostname matches with the name of a service - // from another service registry such as Kubernetes that also - // supplies its own set of endpoints, the ServiceEntry will be - // treated as a decorator of the existing Kubernetes - // service. Properties in the service entry will be added to the - // Kubernetes service if applicable. Currently, only the following - // additional properties will be considered by `istiod`: - // - // 1. subjectAltNames: In addition to verifying the SANs of the - // service accounts associated with the pods of the service, the - // SANs specified here will also be verified. - Hosts []string `protobuf:"bytes,1,rep,name=hosts,proto3" json:"hosts,omitempty"` - // The virtual IP addresses associated with the service. Could be CIDR - // prefix. For HTTP traffic, generated route configurations will include http route - // domains for both the `addresses` and `hosts` field values and the destination will - // be identified based on the HTTP Host/Authority header. - // If one or more IP addresses are specified, - // the incoming traffic will be identified as belonging to this service - // if the destination IP matches the IP/CIDRs specified in the addresses - // field. If the Addresses field is empty, traffic will be identified - // solely based on the destination port. In such scenarios, the port on - // which the service is being accessed must not be shared by any other - // service in the mesh. In other words, the sidecar will behave as a - // simple TCP proxy, forwarding incoming traffic on a specified port to - // the specified destination endpoint IP/host. Unix domain socket - // addresses are not supported in this field. - Addresses []string `protobuf:"bytes,2,rep,name=addresses,proto3" json:"addresses,omitempty"` - // The ports associated with the external service. If the - // Endpoints are Unix domain socket addresses, there must be exactly one - // port. - Ports []*ServicePort `protobuf:"bytes,3,rep,name=ports,proto3" json:"ports,omitempty"` - // Specify whether the service should be considered external to the mesh - // or part of the mesh. - Location ServiceEntry_Location `protobuf:"varint,4,opt,name=location,proto3,enum=istio.networking.v1beta1.ServiceEntry_Location" json:"location,omitempty"` - // Service resolution mode for the hosts. Care must be taken - // when setting the resolution mode to NONE for a TCP port without - // accompanying IP addresses. In such cases, traffic to any IP on - // said port will be allowed (i.e. `0.0.0.0:`). - Resolution ServiceEntry_Resolution `protobuf:"varint,5,opt,name=resolution,proto3,enum=istio.networking.v1beta1.ServiceEntry_Resolution" json:"resolution,omitempty"` - // One or more endpoints associated with the service. Only one of - // `endpoints` or `workloadSelector` can be specified. - Endpoints []*WorkloadEntry `protobuf:"bytes,6,rep,name=endpoints,proto3" json:"endpoints,omitempty"` - // Applicable only for MESH_INTERNAL services. Only one of - // `endpoints` or `workloadSelector` can be specified. Selects one - // or more Kubernetes pods or VM workloads (specified using - // `WorkloadEntry`) based on their labels. The `WorkloadEntry` object - // representing the VMs should be defined in the same namespace as - // the ServiceEntry. - WorkloadSelector *WorkloadSelector `protobuf:"bytes,9,opt,name=workload_selector,json=workloadSelector,proto3" json:"workload_selector,omitempty"` - // A list of namespaces to which this service is exported. Exporting a service - // allows it to be used by sidecars, gateways and virtual services defined in - // other namespaces. This feature provides a mechanism for service owners - // and mesh administrators to control the visibility of services across - // namespace boundaries. - // - // If no namespaces are specified then the service is exported to all - // namespaces by default. - // - // The value "." is reserved and defines an export to the same namespace that - // the service is declared in. Similarly the value "*" is reserved and - // defines an export to all namespaces. - // - // For a Kubernetes Service, the equivalent effect can be achieved by setting - // the annotation "networking.istio.io/exportTo" to a comma-separated list - // of namespace names. - ExportTo []string `protobuf:"bytes,7,rep,name=export_to,json=exportTo,proto3" json:"export_to,omitempty"` - // If specified, the proxy will verify that the server certificate's - // subject alternate name matches one of the specified values. - // - // NOTE: When using the workloadEntry with workloadSelectors, the - // service account specified in the workloadEntry will also be used - // to derive the additional subject alternate names that should be - // verified. - SubjectAltNames []string `protobuf:"bytes,8,rep,name=subject_alt_names,json=subjectAltNames,proto3" json:"subject_alt_names,omitempty"` -} - -func (x *ServiceEntry) Reset() { - *x = ServiceEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_service_entry_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ServiceEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ServiceEntry) ProtoMessage() {} - -func (x *ServiceEntry) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_service_entry_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ServiceEntry.ProtoReflect.Descriptor instead. -func (*ServiceEntry) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_service_entry_proto_rawDescGZIP(), []int{0} -} - -func (x *ServiceEntry) GetHosts() []string { - if x != nil { - return x.Hosts - } - return nil -} - -func (x *ServiceEntry) GetAddresses() []string { - if x != nil { - return x.Addresses - } - return nil -} - -func (x *ServiceEntry) GetPorts() []*ServicePort { - if x != nil { - return x.Ports - } - return nil -} - -func (x *ServiceEntry) GetLocation() ServiceEntry_Location { - if x != nil { - return x.Location - } - return ServiceEntry_MESH_EXTERNAL -} - -func (x *ServiceEntry) GetResolution() ServiceEntry_Resolution { - if x != nil { - return x.Resolution - } - return ServiceEntry_NONE -} - -func (x *ServiceEntry) GetEndpoints() []*WorkloadEntry { - if x != nil { - return x.Endpoints - } - return nil -} - -func (x *ServiceEntry) GetWorkloadSelector() *WorkloadSelector { - if x != nil { - return x.WorkloadSelector - } - return nil -} - -func (x *ServiceEntry) GetExportTo() []string { - if x != nil { - return x.ExportTo - } - return nil -} - -func (x *ServiceEntry) GetSubjectAltNames() []string { - if x != nil { - return x.SubjectAltNames - } - return nil -} - -// ServicePort describes the properties of a specific port of a service. -type ServicePort struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // A valid non-negative integer port number. - Number uint32 `protobuf:"varint,1,opt,name=number,proto3" json:"number,omitempty"` - // The protocol exposed on the port. - // MUST BE one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TLS. - // TLS implies the connection will be routed based on the SNI header to - // the destination without terminating the TLS connection. - Protocol string `protobuf:"bytes,2,opt,name=protocol,proto3" json:"protocol,omitempty"` - // Label assigned to the port. - Name string `protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"` - // The port number on the endpoint where the traffic will be - // received. If unset, default to `number`. - TargetPort uint32 `protobuf:"varint,4,opt,name=target_port,json=targetPort,proto3" json:"target_port,omitempty"` -} - -func (x *ServicePort) Reset() { - *x = ServicePort{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_service_entry_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ServicePort) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ServicePort) ProtoMessage() {} - -func (x *ServicePort) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_service_entry_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ServicePort.ProtoReflect.Descriptor instead. -func (*ServicePort) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_service_entry_proto_rawDescGZIP(), []int{1} -} - -func (x *ServicePort) GetNumber() uint32 { - if x != nil { - return x.Number - } - return 0 -} - -func (x *ServicePort) GetProtocol() string { - if x != nil { - return x.Protocol - } - return "" -} - -func (x *ServicePort) GetName() string { - if x != nil { - return x.Name - } - return "" -} - -func (x *ServicePort) GetTargetPort() uint32 { - if x != nil { - return x.TargetPort - } - return 0 -} - -var File_networking_v1beta1_service_entry_proto protoreflect.FileDescriptor - -var file_networking_v1beta1_service_entry_proto_rawDesc = []byte{ - 0x0a, 0x26, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, - 0x65, 0x74, 0x61, 0x31, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x18, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, - 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, - 0x61, 0x31, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, - 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x1a, 0x20, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, - 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x73, 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x27, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, - 0x67, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, - 0x61, 0x64, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x81, - 0x05, 0x0a, 0x0c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, - 0x19, 0x0a, 0x05, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x42, 0x03, - 0xe0, 0x41, 0x02, 0x52, 0x05, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x61, 0x64, - 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x09, 0x61, - 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x12, 0x3b, 0x0a, 0x05, 0x70, 0x6f, 0x72, 0x74, - 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, - 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, - 0x61, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x6f, 0x72, 0x74, 0x52, 0x05, - 0x70, 0x6f, 0x72, 0x74, 0x73, 0x12, 0x4b, 0x0a, 0x08, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, - 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, - 0x61, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x2e, - 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x12, 0x51, 0x0a, 0x0a, 0x72, 0x65, 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x69, 0x6f, 0x6e, - 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x31, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, - 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, - 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, - 0x65, 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x72, 0x65, 0x73, 0x6f, 0x6c, - 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x45, 0x0a, 0x09, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, - 0x74, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, - 0x74, 0x61, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x45, 0x6e, 0x74, 0x72, - 0x79, 0x52, 0x09, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x12, 0x57, 0x0a, 0x11, - 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, - 0x72, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, - 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, - 0x61, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, - 0x74, 0x6f, 0x72, 0x52, 0x10, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, - 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x1b, 0x0a, 0x09, 0x65, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x5f, - 0x74, 0x6f, 0x18, 0x07, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x65, 0x78, 0x70, 0x6f, 0x72, 0x74, - 0x54, 0x6f, 0x12, 0x2a, 0x0a, 0x11, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x61, 0x6c, - 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0f, 0x73, - 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x41, 0x6c, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x22, 0x30, - 0x0a, 0x08, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x11, 0x0a, 0x0d, 0x4d, 0x45, - 0x53, 0x48, 0x5f, 0x45, 0x58, 0x54, 0x45, 0x52, 0x4e, 0x41, 0x4c, 0x10, 0x00, 0x12, 0x11, 0x0a, - 0x0d, 0x4d, 0x45, 0x53, 0x48, 0x5f, 0x49, 0x4e, 0x54, 0x45, 0x52, 0x4e, 0x41, 0x4c, 0x10, 0x01, - 0x22, 0x40, 0x0a, 0x0a, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x08, - 0x0a, 0x04, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x54, 0x41, 0x54, - 0x49, 0x43, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x44, 0x4e, 0x53, 0x10, 0x02, 0x12, 0x13, 0x0a, - 0x0f, 0x44, 0x4e, 0x53, 0x5f, 0x52, 0x4f, 0x55, 0x4e, 0x44, 0x5f, 0x52, 0x4f, 0x42, 0x49, 0x4e, - 0x10, 0x03, 0x22, 0x80, 0x01, 0x0a, 0x0b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x6f, - 0x72, 0x74, 0x12, 0x1b, 0x0a, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0d, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, - 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x17, 0x0a, 0x04, 0x6e, - 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, - 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x70, - 0x6f, 0x72, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x74, 0x61, 0x72, 0x67, 0x65, - 0x74, 0x50, 0x6f, 0x72, 0x74, 0x42, 0x21, 0x5a, 0x1f, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, - 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, - 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} - -var ( - file_networking_v1beta1_service_entry_proto_rawDescOnce sync.Once - file_networking_v1beta1_service_entry_proto_rawDescData = file_networking_v1beta1_service_entry_proto_rawDesc -) - -func file_networking_v1beta1_service_entry_proto_rawDescGZIP() []byte { - file_networking_v1beta1_service_entry_proto_rawDescOnce.Do(func() { - file_networking_v1beta1_service_entry_proto_rawDescData = protoimpl.X.CompressGZIP(file_networking_v1beta1_service_entry_proto_rawDescData) - }) - return file_networking_v1beta1_service_entry_proto_rawDescData -} - -var file_networking_v1beta1_service_entry_proto_enumTypes = make([]protoimpl.EnumInfo, 2) -var file_networking_v1beta1_service_entry_proto_msgTypes = make([]protoimpl.MessageInfo, 2) -var file_networking_v1beta1_service_entry_proto_goTypes = []interface{}{ - (ServiceEntry_Location)(0), // 0: istio.networking.v1beta1.ServiceEntry.Location - (ServiceEntry_Resolution)(0), // 1: istio.networking.v1beta1.ServiceEntry.Resolution - (*ServiceEntry)(nil), // 2: istio.networking.v1beta1.ServiceEntry - (*ServicePort)(nil), // 3: istio.networking.v1beta1.ServicePort - (*WorkloadEntry)(nil), // 4: istio.networking.v1beta1.WorkloadEntry - (*WorkloadSelector)(nil), // 5: istio.networking.v1beta1.WorkloadSelector -} -var file_networking_v1beta1_service_entry_proto_depIdxs = []int32{ - 3, // 0: istio.networking.v1beta1.ServiceEntry.ports:type_name -> istio.networking.v1beta1.ServicePort - 0, // 1: istio.networking.v1beta1.ServiceEntry.location:type_name -> istio.networking.v1beta1.ServiceEntry.Location - 1, // 2: istio.networking.v1beta1.ServiceEntry.resolution:type_name -> istio.networking.v1beta1.ServiceEntry.Resolution - 4, // 3: istio.networking.v1beta1.ServiceEntry.endpoints:type_name -> istio.networking.v1beta1.WorkloadEntry - 5, // 4: istio.networking.v1beta1.ServiceEntry.workload_selector:type_name -> istio.networking.v1beta1.WorkloadSelector - 5, // [5:5] is the sub-list for method output_type - 5, // [5:5] is the sub-list for method input_type - 5, // [5:5] is the sub-list for extension type_name - 5, // [5:5] is the sub-list for extension extendee - 0, // [0:5] is the sub-list for field type_name -} - -func init() { file_networking_v1beta1_service_entry_proto_init() } -func file_networking_v1beta1_service_entry_proto_init() { - if File_networking_v1beta1_service_entry_proto != nil { - return - } - file_networking_v1beta1_sidecar_proto_init() - file_networking_v1beta1_workload_entry_proto_init() - if !protoimpl.UnsafeEnabled { - file_networking_v1beta1_service_entry_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ServiceEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_service_entry_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ServicePort); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_networking_v1beta1_service_entry_proto_rawDesc, - NumEnums: 2, - NumMessages: 2, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_networking_v1beta1_service_entry_proto_goTypes, - DependencyIndexes: file_networking_v1beta1_service_entry_proto_depIdxs, - EnumInfos: file_networking_v1beta1_service_entry_proto_enumTypes, - MessageInfos: file_networking_v1beta1_service_entry_proto_msgTypes, - }.Build() - File_networking_v1beta1_service_entry_proto = out.File - file_networking_v1beta1_service_entry_proto_rawDesc = nil - file_networking_v1beta1_service_entry_proto_goTypes = nil - file_networking_v1beta1_service_entry_proto_depIdxs = nil -} diff --git a/networking/v1beta1/service_entry.proto b/networking/v1beta1/service_entry.proto deleted file mode 100644 index 38940efc346..00000000000 --- a/networking/v1beta1/service_entry.proto +++ /dev/null @@ -1,596 +0,0 @@ -// Copyright 2020 Istio Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -import "google/api/field_behavior.proto"; -import "networking/v1beta1/sidecar.proto"; -import "networking/v1beta1/workload_entry.proto"; - -// $schema: istio.networking.v1beta1.ServiceEntry -// $title: Service Entry -// $description: Configuration affecting service registry. -// $location: https://istio.io/docs/reference/config/networking/service-entry.html -// $aliases: [/docs/reference/config/networking/v1beta1/service-entry] -// $mode: none - -// `ServiceEntry` enables adding additional entries into Istio's -// internal service registry, so that auto-discovered services in the -// mesh can access/route to these manually specified services. A -// service entry describes the properties of a service (DNS name, -// VIPs, ports, protocols, endpoints). These services could be -// external to the mesh (e.g., web APIs) or mesh-internal services -// that are not part of the platform's service registry (e.g., a set -// of VMs talking to services in Kubernetes). In addition, the -// endpoints of a service entry can also be dynamically selected by -// using the `workloadSelector` field. These endpoints can be VM -// workloads declared using the `WorkloadEntry` object or Kubernetes -// pods. The ability to select both pods and VMs under a single -// service allows for migration of services from VMs to Kubernetes -// without having to change the existing DNS names associated with the -// services. -// -// The following example declares a few external APIs accessed by internal -// applications over HTTPS. The sidecar inspects the SNI value in the -// ClientHello message to route to the appropriate external service. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-https -// spec: -// hosts: -// - api.dropboxapi.com -// - www.googleapis.com -// - api.facebook.com -// location: MESH_EXTERNAL -// ports: -// - number: 443 -// name: https -// protocol: TLS -// resolution: DNS -// ``` -// -// The following configuration adds a set of MongoDB instances running on -// unmanaged VMs to Istio's registry, so that these services can be treated -// as any other service in the mesh. The associated DestinationRule is used -// to initiate mTLS connections to the database instances. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-mongocluster -// spec: -// hosts: -// - mymongodb.somedomain # not used -// addresses: -// - 192.192.192.192/24 # VIPs -// ports: -// - number: 27018 -// name: mongodb -// protocol: MONGO -// location: MESH_INTERNAL -// resolution: STATIC -// endpoints: -// - address: 2.2.2.2 -// - address: 3.3.3.3 -// ``` -// -// and the associated DestinationRule -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: mtls-mongocluster -// spec: -// host: mymongodb.somedomain -// trafficPolicy: -// tls: -// mode: MUTUAL -// clientCertificate: /etc/certs/myclientcert.pem -// privateKey: /etc/certs/client_private_key.pem -// caCertificates: /etc/certs/rootcacerts.pem -// ``` -// -// The following example uses a combination of service entry and TLS -// routing in a virtual service to steer traffic based on the SNI value to -// an internal egress firewall. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-redirect -// spec: -// hosts: -// - wikipedia.org -// - "*.wikipedia.org" -// location: MESH_EXTERNAL -// ports: -// - number: 443 -// name: https -// protocol: TLS -// resolution: NONE -// ``` -// -// And the associated VirtualService to route based on the SNI value. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: tls-routing -// spec: -// hosts: -// - wikipedia.org -// - "*.wikipedia.org" -// tls: -// - match: -// - sniHosts: -// - wikipedia.org -// - "*.wikipedia.org" -// route: -// - destination: -// host: internal-egress-firewall.ns1.svc.cluster.local -// ``` -// -// The virtual service with TLS match serves to override the default SNI -// match. In the absence of a virtual service, traffic will be forwarded to -// the wikipedia domains. -// -// The following example demonstrates the use of a dedicated egress gateway -// through which all external service traffic is forwarded. -// The 'exportTo' field allows for control over the visibility of a service -// declaration to other namespaces in the mesh. By default, a service is exported -// to all namespaces. The following example restricts the visibility to the -// current namespace, represented by ".", so that it cannot be used by other -// namespaces. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-httpbin -// namespace : egress -// spec: -// hosts: -// - example.com -// exportTo: -// - "." -// location: MESH_EXTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: DNS -// ``` -// -// Define a gateway to handle all egress traffic. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Gateway -// metadata: -// name: istio-egressgateway -// namespace: istio-system -// spec: -// selector: -// istio: egressgateway -// servers: -// - port: -// number: 80 -// name: http -// protocol: HTTP -// hosts: -// - "*" -// ``` -// -// And the associated `VirtualService` to route from the sidecar to the -// gateway service (`istio-egressgateway.istio-system.svc.cluster.local`), as -// well as route from the gateway to the external service. Note that the -// virtual service is exported to all namespaces enabling them to route traffic -// through the gateway to the external service. Forcing traffic to go through -// a managed middle proxy like this is a common practice. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: gateway-routing -// namespace: egress -// spec: -// hosts: -// - example.com -// exportTo: -// - "*" -// gateways: -// - mesh -// - istio-egressgateway -// http: -// - match: -// - port: 80 -// gateways: -// - mesh -// route: -// - destination: -// host: istio-egressgateway.istio-system.svc.cluster.local -// - match: -// - port: 80 -// gateways: -// - istio-egressgateway -// route: -// - destination: -// host: example.com -// ``` -// -// The following example demonstrates the use of wildcards in the hosts for -// external services. If the connection has to be routed to the IP address -// requested by the application (i.e. application resolves DNS and attempts -// to connect to a specific IP), the resolution mode must be set to `NONE`. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-wildcard-example -// spec: -// hosts: -// - "*.bar.com" -// location: MESH_EXTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: NONE -// ``` -// -// The following example demonstrates a service that is available via a -// Unix Domain Socket on the host of the client. The resolution must be -// set to STATIC to use Unix address endpoints. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: unix-domain-socket-example -// spec: -// hosts: -// - "example.unix.local" -// location: MESH_EXTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: STATIC -// endpoints: -// - address: unix:///var/run/example/socket -// ``` -// -// For HTTP-based services, it is possible to create a `VirtualService` -// backed by multiple DNS addressable endpoints. In such a scenario, the -// application can use the `HTTP_PROXY` environment variable to transparently -// reroute API calls for the `VirtualService` to a chosen backend. For -// example, the following configuration creates a non-existent external -// service called foo.bar.com backed by three domains: us.foo.bar.com:8080, -// uk.foo.bar.com:9080, and in.foo.bar.com:7080 -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-dns -// spec: -// hosts: -// - foo.bar.com -// location: MESH_EXTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: DNS -// endpoints: -// - address: us.foo.bar.com -// ports: -// http: 8080 -// - address: uk.foo.bar.com -// ports: -// http: 9080 -// - address: in.foo.bar.com -// ports: -// http: 7080 -// ``` -// -// With `HTTP_PROXY=http://localhost/`, calls from the application to -// `http://foo.bar.com` will be load balanced across the three domains -// specified above. In other words, a call to `http://foo.bar.com/baz` would -// be translated to `http://uk.foo.bar.com/baz`. -// -// The following example illustrates the usage of a `ServiceEntry` -// containing a subject alternate name -// whose format conforms to the [SPIFFE standard](https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md): -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: httpbin -// namespace : httpbin-ns -// spec: -// hosts: -// - example.com -// location: MESH_INTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: STATIC -// endpoints: -// - address: 2.2.2.2 -// - address: 3.3.3.3 -// subjectAltNames: -// - "spiffe://cluster.local/ns/httpbin-ns/sa/httpbin-service-account" -// ``` -// -// The following example demonstrates the use of `ServiceEntry` with a -// `workloadSelector` to handle the migration of a service -// `details.bookinfo.com` from VMs to Kubernetes. The service has two -// VM-based instances with sidecars as well as a set of Kubernetes -// pods managed by a standard deployment object. Consumers of this -// service in the mesh will be automatically load balanced across the -// VMs and Kubernetes. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: WorkloadEntry -// metadata: -// name: details-vm-1 -// spec: -// serviceAccount: details -// address: 2.2.2.2 -// labels: -// app: details -// instance-id: vm1 -// --- -// apiVersion: networking.istio.io/v1beta1 -// kind: WorkloadEntry -// metadata: -// name: details-vm-2 -// spec: -// serviceAccount: details -// address: 3.3.3.3 -// labels: -// app: details -// instance-id: vm2 -// ``` -// -// Assuming there is also a Kubernetes deployment with pod labels -// `app: details` using the same service account `details`, the -// following service entry declares a service spanning both VMs and -// Kubernetes: -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: details-svc -// spec: -// hosts: -// - details.bookinfo.com -// location: MESH_INTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: STATIC -// workloadSelector: -// labels: -// app: details -// ``` -package istio.networking.v1beta1; - -option go_package = "istio.io/api/networking/v1beta1"; - -// ServiceEntry enables adding additional entries into Istio's internal -// service registry. -// -// -// -message ServiceEntry { - // The hosts associated with the ServiceEntry. Could be a DNS - // name with wildcard prefix. - // - // 1. The hosts field is used to select matching hosts in VirtualServices and DestinationRules. - // 2. For HTTP traffic the HTTP Host/Authority header will be matched against the hosts field. - // 3. For HTTPs or TLS traffic containing Server Name Indication (SNI), the SNI value - // will be matched against the hosts field. - // - // **NOTE 1:** When resolution is set to type DNS and no endpoints - // are specified, the host field will be used as the DNS name of the - // endpoint to route traffic to. - // - // **NOTE 2:** If the hostname matches with the name of a service - // from another service registry such as Kubernetes that also - // supplies its own set of endpoints, the ServiceEntry will be - // treated as a decorator of the existing Kubernetes - // service. Properties in the service entry will be added to the - // Kubernetes service if applicable. Currently, only the following - // additional properties will be considered by `istiod`: - // - // 1. subjectAltNames: In addition to verifying the SANs of the - // service accounts associated with the pods of the service, the - // SANs specified here will also be verified. - // - repeated string hosts = 1 [(google.api.field_behavior) = REQUIRED]; - - // The virtual IP addresses associated with the service. Could be CIDR - // prefix. For HTTP traffic, generated route configurations will include http route - // domains for both the `addresses` and `hosts` field values and the destination will - // be identified based on the HTTP Host/Authority header. - // If one or more IP addresses are specified, - // the incoming traffic will be identified as belonging to this service - // if the destination IP matches the IP/CIDRs specified in the addresses - // field. If the Addresses field is empty, traffic will be identified - // solely based on the destination port. In such scenarios, the port on - // which the service is being accessed must not be shared by any other - // service in the mesh. In other words, the sidecar will behave as a - // simple TCP proxy, forwarding incoming traffic on a specified port to - // the specified destination endpoint IP/host. Unix domain socket - // addresses are not supported in this field. - repeated string addresses = 2; - - // The ports associated with the external service. If the - // Endpoints are Unix domain socket addresses, there must be exactly one - // port. - repeated ServicePort ports = 3; - - // Location specifies whether the service is part of Istio mesh or - // outside the mesh. Location determines the behavior of several - // features, such as service-to-service mTLS authentication, policy - // enforcement, etc. When communicating with services outside the mesh, - // Istio's mTLS authentication is disabled, and policy enforcement is - // performed on the client-side as opposed to server-side. - enum Location { - // Signifies that the service is external to the mesh. Typically used - // to indicate external services consumed through APIs. - MESH_EXTERNAL = 0; - - // Signifies that the service is part of the mesh. Typically used to - // indicate services added explicitly as part of expanding the service - // mesh to include unmanaged infrastructure (e.g., VMs added to a - // Kubernetes based service mesh). - MESH_INTERNAL = 1; - }; - - // Specify whether the service should be considered external to the mesh - // or part of the mesh. - Location location = 4; - - // Resolution determines how the proxy will resolve the IP addresses of - // the network endpoints associated with the service, so that it can - // route to one of them. The resolution mode specified here has no impact - // on how the application resolves the IP address associated with the - // service. The application may still have to use DNS to resolve the - // service to an IP so that the outbound traffic can be captured by the - // Proxy. Alternatively, for HTTP services, the application could - // directly communicate with the proxy (e.g., by setting HTTP_PROXY) to - // talk to these services. - enum Resolution { - // Assume that incoming connections have already been resolved (to a - // specific destination IP address). Such connections are typically - // routed via the proxy using mechanisms such as IP table REDIRECT/ - // eBPF. After performing any routing related transformations, the - // proxy will forward the connection to the IP address to which the - // connection was bound. - NONE = 0; - - // Use the static IP addresses specified in endpoints (see below) as the - // backing instances associated with the service. - STATIC = 1; - - // Attempt to resolve the IP address by querying the ambient DNS, - // asynchronously. If no endpoints are specified, the proxy - // will resolve the DNS address specified in the hosts field, if - // wildcards are not used. If endpoints are specified, the DNS - // addresses specified in the endpoints will be resolved to determine - // the destination IP address. DNS resolution cannot be used with Unix - // domain socket endpoints. - DNS = 2; - - // Attempt to resolve the IP address by querying the ambient DNS, - // asynchronously. Unlike `DNS`, `DNS_ROUND_ROBIN` only uses the - // first IP address returned when a new connection needs to be initiated - // without relying on complete results of DNS resolution, and connections - // made to hosts will be retained even if DNS records change frequently - // eliminating draining connection pools and connection cycling. - // This is best suited for large web scale services that - // must be accessed via DNS. The proxy will resolve the DNS address - // specified in the hosts field, if wildcards are not used. DNS resolution - // cannot be used with Unix domain socket endpoints. - DNS_ROUND_ROBIN = 3; - }; - - // Service resolution mode for the hosts. Care must be taken - // when setting the resolution mode to NONE for a TCP port without - // accompanying IP addresses. In such cases, traffic to any IP on - // said port will be allowed (i.e. `0.0.0.0:`). - Resolution resolution = 5; - - // One or more endpoints associated with the service. Only one of - // `endpoints` or `workloadSelector` can be specified. - repeated WorkloadEntry endpoints = 6; - - // Applicable only for MESH_INTERNAL services. Only one of - // `endpoints` or `workloadSelector` can be specified. Selects one - // or more Kubernetes pods or VM workloads (specified using - // `WorkloadEntry`) based on their labels. The `WorkloadEntry` object - // representing the VMs should be defined in the same namespace as - // the ServiceEntry. - WorkloadSelector workload_selector = 9; - - // A list of namespaces to which this service is exported. Exporting a service - // allows it to be used by sidecars, gateways and virtual services defined in - // other namespaces. This feature provides a mechanism for service owners - // and mesh administrators to control the visibility of services across - // namespace boundaries. - // - // If no namespaces are specified then the service is exported to all - // namespaces by default. - // - // The value "." is reserved and defines an export to the same namespace that - // the service is declared in. Similarly the value "*" is reserved and - // defines an export to all namespaces. - // - // For a Kubernetes Service, the equivalent effect can be achieved by setting - // the annotation "networking.istio.io/exportTo" to a comma-separated list - // of namespace names. - repeated string export_to = 7; - - // If specified, the proxy will verify that the server certificate's - // subject alternate name matches one of the specified values. - // - // NOTE: When using the workloadEntry with workloadSelectors, the - // service account specified in the workloadEntry will also be used - // to derive the additional subject alternate names that should be - // verified. - repeated string subject_alt_names = 8; -} - -// ServicePort describes the properties of a specific port of a service. -message ServicePort { - // A valid non-negative integer port number. - uint32 number = 1 [(google.api.field_behavior) = REQUIRED]; - - // The protocol exposed on the port. - // MUST BE one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TLS. - // TLS implies the connection will be routed based on the SNI header to - // the destination without terminating the TLS connection. - string protocol = 2; - - // Label assigned to the port. - string name = 3 [(google.api.field_behavior) = REQUIRED]; - - // The port number on the endpoint where the traffic will be - // received. If unset, default to `number`. - uint32 target_port = 4; -} diff --git a/networking/v1beta1/service_entry_alias.gen.go b/networking/v1beta1/service_entry_alias.gen.go new file mode 100644 index 00000000000..705093bdf52 --- /dev/null +++ b/networking/v1beta1/service_entry_alias.gen.go @@ -0,0 +1,19 @@ +// Code generated by protoc-gen-alias. DO NOT EDIT. +package v1beta1 + +import "istio.io/api/networking/v1alpha3" + +type ServiceEntry = v1alpha3.ServiceEntry +type ServiceEntry_Location = v1alpha3.ServiceEntry_Location + +const ServiceEntry_MESH_EXTERNAL ServiceEntry_Location = v1alpha3.ServiceEntry_MESH_EXTERNAL +const ServiceEntry_MESH_INTERNAL ServiceEntry_Location = v1alpha3.ServiceEntry_MESH_INTERNAL + +type ServiceEntry_Resolution = v1alpha3.ServiceEntry_Resolution + +const ServiceEntry_NONE ServiceEntry_Resolution = v1alpha3.ServiceEntry_NONE +const ServiceEntry_STATIC ServiceEntry_Resolution = v1alpha3.ServiceEntry_STATIC +const ServiceEntry_DNS ServiceEntry_Resolution = v1alpha3.ServiceEntry_DNS +const ServiceEntry_DNS_ROUND_ROBIN ServiceEntry_Resolution = v1alpha3.ServiceEntry_DNS_ROUND_ROBIN + +type ServicePort = v1alpha3.ServicePort diff --git a/networking/v1beta1/service_entry_deepcopy.gen.go b/networking/v1beta1/service_entry_deepcopy.gen.go deleted file mode 100644 index e7aade1c9f1..00000000000 --- a/networking/v1beta1/service_entry_deepcopy.gen.go +++ /dev/null @@ -1,48 +0,0 @@ -// Code generated by protoc-gen-deepcopy. DO NOT EDIT. -package v1beta1 - -import ( - proto "google.golang.org/protobuf/proto" -) - -// DeepCopyInto supports using ServiceEntry within kubernetes types, where deepcopy-gen is used. -func (in *ServiceEntry) DeepCopyInto(out *ServiceEntry) { - p := proto.Clone(in).(*ServiceEntry) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceEntry. Required by controller-gen. -func (in *ServiceEntry) DeepCopy() *ServiceEntry { - if in == nil { - return nil - } - out := new(ServiceEntry) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ServiceEntry. Required by controller-gen. -func (in *ServiceEntry) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using ServicePort within kubernetes types, where deepcopy-gen is used. -func (in *ServicePort) DeepCopyInto(out *ServicePort) { - p := proto.Clone(in).(*ServicePort) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServicePort. Required by controller-gen. -func (in *ServicePort) DeepCopy() *ServicePort { - if in == nil { - return nil - } - out := new(ServicePort) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ServicePort. Required by controller-gen. -func (in *ServicePort) DeepCopyInterface() interface{} { - return in.DeepCopy() -} diff --git a/networking/v1beta1/service_entry_json.gen.go b/networking/v1beta1/service_entry_json.gen.go deleted file mode 100644 index 1593b8d3bb9..00000000000 --- a/networking/v1beta1/service_entry_json.gen.go +++ /dev/null @@ -1,34 +0,0 @@ -// Code generated by protoc-gen-jsonshim. DO NOT EDIT. -package v1beta1 - -import ( - bytes "bytes" - jsonpb "github.com/golang/protobuf/jsonpb" -) - -// MarshalJSON is a custom marshaler for ServiceEntry -func (this *ServiceEntry) MarshalJSON() ([]byte, error) { - str, err := ServiceEntryMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for ServiceEntry -func (this *ServiceEntry) UnmarshalJSON(b []byte) error { - return ServiceEntryUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for ServicePort -func (this *ServicePort) MarshalJSON() ([]byte, error) { - str, err := ServiceEntryMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for ServicePort -func (this *ServicePort) UnmarshalJSON(b []byte) error { - return ServiceEntryUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -var ( - ServiceEntryMarshaler = &jsonpb.Marshaler{} - ServiceEntryUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} -) diff --git a/networking/v1beta1/sidecar.pb.go b/networking/v1beta1/sidecar.pb.go deleted file mode 100644 index c89792337e6..00000000000 --- a/networking/v1beta1/sidecar.pb.go +++ /dev/null @@ -1,1279 +0,0 @@ -// Copyright 2020 Istio Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.33.0 -// protoc (unknown) -// source: networking/v1beta1/sidecar.proto - -// $schema: istio.networking.v1beta1.Sidecar -// $title: Sidecar -// $description: Configuration affecting network reachability of a sidecar. -// $location: https://istio.io/docs/reference/config/networking/sidecar.html -// $aliases: [/docs/reference/config/networking/v1beta1/sidecar] -// $mode: none - -// `Sidecar` describes the configuration of the sidecar proxy that mediates -// inbound and outbound communication to the workload instance it is attached to. By -// default, Istio will program all sidecar proxies in the mesh with the -// necessary configuration required to reach every workload instance in the mesh, as -// well as accept traffic on all the ports associated with the -// workload. The `Sidecar` configuration provides a way to fine tune the set of -// ports, protocols that the proxy will accept when forwarding traffic to -// and from the workload. In addition, it is possible to restrict the set -// of services that the proxy can reach when forwarding outbound traffic -// from workload instances. -// -// Services and configuration in a mesh are organized into one or more -// namespaces (e.g., a Kubernetes namespace or a CF org/space). A `Sidecar` -// configuration in a namespace will apply to one or more workload instances in the same -// namespace, selected using the `workloadSelector` field. In the absence of a -// `workloadSelector`, it will apply to all workload instances in the same -// namespace. When determining the `Sidecar` configuration to be applied to a -// workload instance, preference will be given to the resource with a -// `workloadSelector` that selects this workload instance, over a `Sidecar` configuration -// without any `workloadSelector`. -// -// **NOTE 1**: *_Each namespace can have only one `Sidecar` -// configuration without any `workloadSelector`_ that specifies the -// default for all pods in that namespace*. It is recommended to use -// the name `default` for the namespace-wide sidecar. The behavior of -// the system is undefined if more than one selector-less `Sidecar` -// configurations exist in a given namespace. The behavior of the -// system is undefined if two or more `Sidecar` configurations with a -// `workloadSelector` select the same workload instance. -// -// **NOTE 2**: *_A `Sidecar` configuration in the `MeshConfig` -// [root namespace](https://istio.io/docs/reference/config/istio.mesh.v1alpha1/#MeshConfig) -// will be applied by default to all namespaces without a `Sidecar` -// configuration_*. This global default `Sidecar` configuration should not have -// any `workloadSelector`. -// -// **NOTE 3**: *_A `Sidecar` is not applicable to gateways, even though gateways are istio-proxies_*. -// -// The example below declares a global default `Sidecar` configuration -// in the root namespace called `istio-config`, that configures -// sidecars in all namespaces to allow egress traffic only to other -// workloads in the same namespace as well as to services in the -// `istio-system` namespace. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Sidecar -// metadata: -// name: default -// namespace: istio-config -// spec: -// egress: -// - hosts: -// - "./*" -// - "istio-system/*" -// ``` -// -// The example below declares a `Sidecar` configuration in the -// `prod-us1` namespace that overrides the global default defined -// above, and configures the sidecars in the namespace to allow egress -// traffic to public services in the `prod-us1`, `prod-apis`, and the -// `istio-system` namespaces. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Sidecar -// metadata: -// name: default -// namespace: prod-us1 -// spec: -// egress: -// - hosts: -// - "prod-us1/*" -// - "prod-apis/*" -// - "istio-system/*" -// ``` -// -// The following example declares a `Sidecar` configuration in the -// `prod-us1` namespace for all pods with labels `app: ratings` -// belonging to the `ratings.prod-us1` service. The workload accepts -// inbound HTTP traffic on port 9080. The traffic is then forwarded to -// the attached workload instance listening on a Unix domain -// socket. In the egress direction, in addition to the `istio-system` -// namespace, the sidecar proxies only HTTP traffic bound for port -// 9080 for services in the `prod-us1` namespace. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Sidecar -// metadata: -// name: ratings -// namespace: prod-us1 -// spec: -// workloadSelector: -// labels: -// app: ratings -// ingress: -// - port: -// number: 9080 -// protocol: HTTP -// name: somename -// defaultEndpoint: unix:///var/run/someuds.sock -// egress: -// - port: -// number: 9080 -// protocol: HTTP -// name: egresshttp -// hosts: -// - "prod-us1/*" -// - hosts: -// - "istio-system/*" -// ``` -// -// If the workload is deployed without IPTables-based traffic capture, -// the `Sidecar` configuration is the only way to configure the ports -// on the proxy attached to the workload instance. The following -// example declares a `Sidecar` configuration in the `prod-us1` -// namespace for all pods with labels `app: productpage` belonging to -// the `productpage.prod-us1` service. Assuming that these pods are -// deployed without IPtable rules (i.e. the `istio-init` container) -// and the proxy metadata `ISTIO_META_INTERCEPTION_MODE` is set to -// `NONE`, the specification, below, allows such pods to receive HTTP -// traffic on port 9080 (wrapped inside Istio mutual TLS) and forward -// it to the application listening on `127.0.0.1:8080`. It also allows -// the application to communicate with a backing MySQL database on -// `127.0.0.1:3306`, that then gets proxied to the externally hosted -// MySQL service at `mysql.foo.com:3306`. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Sidecar -// metadata: -// name: no-ip-tables -// namespace: prod-us1 -// spec: -// workloadSelector: -// labels: -// app: productpage -// ingress: -// - port: -// number: 9080 # binds to proxy_instance_ip:9080 (0.0.0.0:9080, if no unicast IP is available for the instance) -// protocol: HTTP -// name: somename -// defaultEndpoint: 127.0.0.1:8080 -// captureMode: NONE # not needed if metadata is set for entire proxy -// egress: -// - port: -// number: 3306 -// protocol: MYSQL -// name: egressmysql -// captureMode: NONE # not needed if metadata is set for entire proxy -// bind: 127.0.0.1 -// hosts: -// - "*/mysql.foo.com" -// ``` -// -// And the associated service entry for routing to `mysql.foo.com:3306` -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-mysql -// namespace: ns1 -// spec: -// hosts: -// - mysql.foo.com -// ports: -// - number: 3306 -// name: mysql -// protocol: MYSQL -// location: MESH_EXTERNAL -// resolution: DNS -// ``` -// -// It is also possible to mix and match traffic capture modes in a single -// proxy. For example, consider a setup where internal services are on the -// `192.168.0.0/16` subnet. So, IP tables are setup on the VM to capture all -// outbound traffic on `192.168.0.0/16` subnet. Assume that the VM has an -// additional network interface on `172.16.0.0/16` subnet for inbound -// traffic. The following `Sidecar` configuration allows the VM to expose a -// listener on `172.16.1.32:80` (the VM's IP) for traffic arriving from the -// `172.16.0.0/16` subnet. -// -// **NOTE**: The `ISTIO_META_INTERCEPTION_MODE` metadata on the -// proxy in the VM should contain `REDIRECT` or `TPROXY` as its value, -// implying that IP tables based traffic capture is active. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Sidecar -// metadata: -// name: partial-ip-tables -// namespace: prod-us1 -// spec: -// workloadSelector: -// labels: -// app: productpage -// ingress: -// - bind: 172.16.1.32 -// port: -// number: 80 # binds to 172.16.1.32:80 -// protocol: HTTP -// name: somename -// defaultEndpoint: 127.0.0.1:8080 -// captureMode: NONE -// egress: -// # use the system detected defaults -// # sets up configuration to handle outbound traffic to services -// # in 192.168.0.0/16 subnet, based on information provided by the -// # service registry -// - captureMode: IPTABLES -// hosts: -// - "*/*" -// ``` -// -// In addition to configuring traffic capture and how traffic is forwarded to the app, -// it's possible to control inbound connection pool settings. By default, Istio pushes -// connection pool settings from `DestinationRules` to both clients (for outbound -// connections to the service) as well as servers (for inbound connections to a service -// instance). Using the `InboundConnectionPool` and per-port `ConnectionPool` settings -// in a `Sidecar` allow you to control those connection pools for the server separately -// from the settings pushed to all clients. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Sidecar -// metadata: -// name: connection-pool-settings -// namespace: prod-us1 -// spec: -// workloadSelector: -// labels: -// app: productpage -// inboundConnectionPool: -// http: -// http1MaxPendingRequests: 1024 -// http2MaxRequests: 1024 -// maxRequestsPerConnection: 1024 -// maxRetries: 100 -// ingress: -// - port: -// number: 80 -// protocol: HTTP -// name: somename -// connectionPool: -// http: -// http1MaxPendingRequests: 1024 -// http2MaxRequests: 1024 -// maxRequestsPerConnection: 1024 -// maxRetries: 100 -// tcp: -// maxConnections: 100 -// ``` - -package v1beta1 - -import ( - _ "google.golang.org/genproto/googleapis/api/annotations" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// `CaptureMode` describes how traffic to a listener is expected to be -// captured. Applicable only when the listener is bound to an IP. -type CaptureMode int32 - -const ( - // The default capture mode defined by the environment. - CaptureMode_DEFAULT CaptureMode = 0 - // Capture traffic using IPtables redirection. - CaptureMode_IPTABLES CaptureMode = 1 - // No traffic capture. When used in an egress listener, the application is - // expected to explicitly communicate with the listener port or Unix - // domain socket. When used in an ingress listener, care needs to be taken - // to ensure that the listener port is not in use by other processes on - // the host. - CaptureMode_NONE CaptureMode = 2 -) - -// Enum value maps for CaptureMode. -var ( - CaptureMode_name = map[int32]string{ - 0: "DEFAULT", - 1: "IPTABLES", - 2: "NONE", - } - CaptureMode_value = map[string]int32{ - "DEFAULT": 0, - "IPTABLES": 1, - "NONE": 2, - } -) - -func (x CaptureMode) Enum() *CaptureMode { - p := new(CaptureMode) - *p = x - return p -} - -func (x CaptureMode) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (CaptureMode) Descriptor() protoreflect.EnumDescriptor { - return file_networking_v1beta1_sidecar_proto_enumTypes[0].Descriptor() -} - -func (CaptureMode) Type() protoreflect.EnumType { - return &file_networking_v1beta1_sidecar_proto_enumTypes[0] -} - -func (x CaptureMode) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use CaptureMode.Descriptor instead. -func (CaptureMode) EnumDescriptor() ([]byte, []int) { - return file_networking_v1beta1_sidecar_proto_rawDescGZIP(), []int{0} -} - -type OutboundTrafficPolicy_Mode int32 - -const ( - // Outbound traffic will be restricted to services defined in the - // service registry as well as those defined through `ServiceEntry` configurations. - OutboundTrafficPolicy_REGISTRY_ONLY OutboundTrafficPolicy_Mode = 0 - // Outbound traffic to unknown destinations will be allowed, in case - // there are no services or `ServiceEntry` configurations for the destination port. - OutboundTrafficPolicy_ALLOW_ANY OutboundTrafficPolicy_Mode = 1 -) - -// Enum value maps for OutboundTrafficPolicy_Mode. -var ( - OutboundTrafficPolicy_Mode_name = map[int32]string{ - 0: "REGISTRY_ONLY", - 1: "ALLOW_ANY", - } - OutboundTrafficPolicy_Mode_value = map[string]int32{ - "REGISTRY_ONLY": 0, - "ALLOW_ANY": 1, - } -) - -func (x OutboundTrafficPolicy_Mode) Enum() *OutboundTrafficPolicy_Mode { - p := new(OutboundTrafficPolicy_Mode) - *p = x - return p -} - -func (x OutboundTrafficPolicy_Mode) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (OutboundTrafficPolicy_Mode) Descriptor() protoreflect.EnumDescriptor { - return file_networking_v1beta1_sidecar_proto_enumTypes[1].Descriptor() -} - -func (OutboundTrafficPolicy_Mode) Type() protoreflect.EnumType { - return &file_networking_v1beta1_sidecar_proto_enumTypes[1] -} - -func (x OutboundTrafficPolicy_Mode) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use OutboundTrafficPolicy_Mode.Descriptor instead. -func (OutboundTrafficPolicy_Mode) EnumDescriptor() ([]byte, []int) { - return file_networking_v1beta1_sidecar_proto_rawDescGZIP(), []int{4, 0} -} - -// `Sidecar` describes the configuration of the sidecar proxy that mediates -// inbound and outbound communication of the workload instance to which it is -// attached. -// -// -// -type Sidecar struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Criteria used to select the specific set of pods/VMs on which this - // `Sidecar` configuration should be applied. If omitted, the `Sidecar` - // configuration will be applied to all workload instances in the same namespace. - WorkloadSelector *WorkloadSelector `protobuf:"bytes,1,opt,name=workload_selector,json=workloadSelector,proto3" json:"workload_selector,omitempty"` - // Ingress specifies the configuration of the sidecar for processing - // inbound traffic to the attached workload instance. If omitted, Istio will - // automatically configure the sidecar based on the information about the workload - // obtained from the orchestration platform (e.g., exposed ports, services, - // etc.). If specified, inbound ports are configured if and only if the - // workload instance is associated with a service. - Ingress []*IstioIngressListener `protobuf:"bytes,2,rep,name=ingress,proto3" json:"ingress,omitempty"` - // Egress specifies the configuration of the sidecar for processing - // outbound traffic from the attached workload instance to other - // services in the mesh. If not specified, inherits the system - // detected defaults from the namespace-wide or the global default Sidecar. - Egress []*IstioEgressListener `protobuf:"bytes,3,rep,name=egress,proto3" json:"egress,omitempty"` - // Settings controlling the volume of connections Envoy will accept from the network. - // This default will apply for all inbound listeners and can be overridden per-port - // in the `Ingress` field. This configuration mirrors the `DestinationRule`'s - // [`connectionPool`](https://istio.io/latest/docs/reference/config/networking/destination-rule/#ConnectionPoolSettings) field. - // - // By default, Istio applies a service's `DestinationRule` to client sidecars - // for outbound traffic directed at the service -- the usual case folks think - // of when configuring a `DestinationRule` -- but also to the server's inbound - // sidecar. The `Sidecar`'s connection pool configures the server's inbound - // sidecar directly, so its settings can be different than clients'. This is - // valuable, for example, when you have many clients calling few servers: a - // `DestinationRule` can limit the concurrency of any single client, while - // the `Sidecar` allows you to configure much higher concurrency on the server - // side. - // - // Connection pool settings for a server's inbound sidecar are configured in the - // following precedence, highest to lowest: - // - per-port `ConnectionPool` from the `Sidecar` - // - top level `InboundConnectionPool` from the `Sidecar` - // - per-port `TrafficPolicy.ConnectionPool` from the `DestinationRule` - // - top level `TrafficPolicy.ConnectionPool` from the `DestinationRule` - // - default connection pool settings (essentially unlimited) - // - // In every case, the connection pool settings are overriden, not merged. - InboundConnectionPool *ConnectionPoolSettings `protobuf:"bytes,7,opt,name=inbound_connection_pool,json=inboundConnectionPool,proto3" json:"inbound_connection_pool,omitempty"` - // Configuration for the outbound traffic policy. If your - // application uses one or more external services that are not known - // apriori, setting the policy to `ALLOW_ANY` will cause the - // sidecars to route any unknown traffic originating from the - // application to its requested destination. If not specified, - // inherits the system detected defaults from the namespace-wide or - // the global default Sidecar. - OutboundTrafficPolicy *OutboundTrafficPolicy `protobuf:"bytes,4,opt,name=outbound_traffic_policy,json=outboundTrafficPolicy,proto3" json:"outbound_traffic_policy,omitempty"` -} - -func (x *Sidecar) Reset() { - *x = Sidecar{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_sidecar_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Sidecar) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Sidecar) ProtoMessage() {} - -func (x *Sidecar) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_sidecar_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Sidecar.ProtoReflect.Descriptor instead. -func (*Sidecar) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_sidecar_proto_rawDescGZIP(), []int{0} -} - -func (x *Sidecar) GetWorkloadSelector() *WorkloadSelector { - if x != nil { - return x.WorkloadSelector - } - return nil -} - -func (x *Sidecar) GetIngress() []*IstioIngressListener { - if x != nil { - return x.Ingress - } - return nil -} - -func (x *Sidecar) GetEgress() []*IstioEgressListener { - if x != nil { - return x.Egress - } - return nil -} - -func (x *Sidecar) GetInboundConnectionPool() *ConnectionPoolSettings { - if x != nil { - return x.InboundConnectionPool - } - return nil -} - -func (x *Sidecar) GetOutboundTrafficPolicy() *OutboundTrafficPolicy { - if x != nil { - return x.OutboundTrafficPolicy - } - return nil -} - -// `IstioIngressListener` specifies the properties of an inbound -// traffic listener on the sidecar proxy attached to a workload instance. -type IstioIngressListener struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The port associated with the listener. - Port *SidecarPort `protobuf:"bytes,1,opt,name=port,proto3" json:"port,omitempty"` - // The IP(IPv4 or IPv6) to which the listener should be bound. - // Unix domain socket addresses are not allowed in - // the bind field for ingress listeners. If omitted, Istio will - // automatically configure the defaults based on imported services - // and the workload instances to which this configuration is applied - // to. - Bind string `protobuf:"bytes,2,opt,name=bind,proto3" json:"bind,omitempty"` - // The captureMode option dictates how traffic to the listener is - // expected to be captured (or not). - CaptureMode CaptureMode `protobuf:"varint,3,opt,name=capture_mode,json=captureMode,proto3,enum=istio.networking.v1beta1.CaptureMode" json:"capture_mode,omitempty"` - // The IP endpoint or Unix domain socket to which - // traffic should be forwarded to. This configuration can be used to - // redirect traffic arriving at the bind `IP:Port` on the sidecar to a `localhost:port` - // or Unix domain socket where the application workload instance is listening for - // connections. Arbitrary IPs are not supported. Format should be one of - // `127.0.0.1:PORT`, `[::1]:PORT` (forward to localhost), - // `0.0.0.0:PORT`, `[::]:PORT` (forward to the instance IP), - // or `unix:///path/to/socket` (forward to Unix domain socket). - DefaultEndpoint string `protobuf:"bytes,4,opt,name=default_endpoint,json=defaultEndpoint,proto3" json:"default_endpoint,omitempty"` - // Set of TLS related options that will enable TLS termination on the - // sidecar for requests originating from outside the mesh. - // Currently supports only SIMPLE and MUTUAL TLS modes. - Tls *ServerTLSSettings `protobuf:"bytes,7,opt,name=tls,proto3" json:"tls,omitempty"` - // Settings controlling the volume of connections Envoy will accept from the network. - // This setting overrides the top-level default `inboundConnectionPool` to configure - // specific settings for this port. This configuration mirrors the `DestinationRule`'s - // [`PortTrafficPolicy.connectionPool`](https://istio.io/latest/docs/reference/config/networking/destination-rule/#TrafficPolicy-PortTrafficPolicy) field. - // This port level connection pool has the highest precedence in configuration, - // overriding both the `Sidecar`'s top level `InboundConnectionPool` as well as any - // connection pooling settings from the `DestinationRule`. - ConnectionPool *ConnectionPoolSettings `protobuf:"bytes,8,opt,name=connection_pool,json=connectionPool,proto3" json:"connection_pool,omitempty"` -} - -func (x *IstioIngressListener) Reset() { - *x = IstioIngressListener{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_sidecar_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *IstioIngressListener) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*IstioIngressListener) ProtoMessage() {} - -func (x *IstioIngressListener) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_sidecar_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use IstioIngressListener.ProtoReflect.Descriptor instead. -func (*IstioIngressListener) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_sidecar_proto_rawDescGZIP(), []int{1} -} - -func (x *IstioIngressListener) GetPort() *SidecarPort { - if x != nil { - return x.Port - } - return nil -} - -func (x *IstioIngressListener) GetBind() string { - if x != nil { - return x.Bind - } - return "" -} - -func (x *IstioIngressListener) GetCaptureMode() CaptureMode { - if x != nil { - return x.CaptureMode - } - return CaptureMode_DEFAULT -} - -func (x *IstioIngressListener) GetDefaultEndpoint() string { - if x != nil { - return x.DefaultEndpoint - } - return "" -} - -func (x *IstioIngressListener) GetTls() *ServerTLSSettings { - if x != nil { - return x.Tls - } - return nil -} - -func (x *IstioIngressListener) GetConnectionPool() *ConnectionPoolSettings { - if x != nil { - return x.ConnectionPool - } - return nil -} - -// `IstioEgressListener` specifies the properties of an outbound traffic -// listener on the sidecar proxy attached to a workload instance. -type IstioEgressListener struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The port associated with the listener. If using Unix domain socket, - // use 0 as the port number, with a valid protocol. The port if - // specified, will be used as the default destination port associated - // with the imported hosts. If the port is omitted, Istio will infer the - // listener ports based on the imported hosts. Note that when multiple - // egress listeners are specified, where one or more listeners have - // specific ports while others have no port, the hosts exposed on a - // listener port will be based on the listener with the most specific - // port. - Port *SidecarPort `protobuf:"bytes,1,opt,name=port,proto3" json:"port,omitempty"` - // The IP(IPv4 or IPv6) or the Unix domain socket to which the listener should be bound - // to. Port MUST be specified if bind is not empty. Format: IPv4 or IPv6 address formats or - // `unix:///path/to/uds` or `unix://@foobar` (Linux abstract namespace). If - // omitted, Istio will automatically configure the defaults based on imported - // services, the workload instances to which this configuration is applied to and - // the captureMode. If captureMode is `NONE`, bind will default to - // 127.0.0.1. - Bind string `protobuf:"bytes,2,opt,name=bind,proto3" json:"bind,omitempty"` - // When the bind address is an IP, the captureMode option dictates - // how traffic to the listener is expected to be captured (or not). - // captureMode must be DEFAULT or `NONE` for Unix domain socket binds. - CaptureMode CaptureMode `protobuf:"varint,3,opt,name=capture_mode,json=captureMode,proto3,enum=istio.networking.v1beta1.CaptureMode" json:"capture_mode,omitempty"` - // One or more service hosts exposed by the listener - // in `namespace/dnsName` format. Services in the specified namespace - // matching `dnsName` will be exposed. - // The corresponding service can be a service in the service registry - // (e.g., a Kubernetes or cloud foundry service) or a service specified - // using a `ServiceEntry` or `VirtualService` configuration. Any - // associated `DestinationRule` in the same namespace will also be used. - // - // The `dnsName` should be specified using FQDN format, optionally including - // a wildcard character in the left-most component (e.g., `prod/*.example.com`). - // Set the `dnsName` to `*` to select all services from the specified namespace - // (e.g., `prod/*`). - // - // The `namespace` can be set to `*`, `.`, or `~`, representing any, the current, - // or no namespace, respectively. For example, `*/foo.example.com` selects the - // service from any available namespace while `./foo.example.com` only selects - // the service from the namespace of the sidecar. If a host is set to `*/*`, - // Istio will configure the sidecar to be able to reach every service in the - // mesh that is exported to the sidecar's namespace. The value `~/*` can be used - // to completely trim the configuration for sidecars that simply receive traffic - // and respond, but make no outbound connections of their own. - // - // NOTE: Only services and configuration artifacts exported to the sidecar's - // namespace (e.g., `exportTo` value of `*`) can be referenced. - // Private configurations (e.g., `exportTo` set to `.`) will - // not be available. Refer to the `exportTo` setting in `VirtualService`, - // `DestinationRule`, and `ServiceEntry` configurations for details. - Hosts []string `protobuf:"bytes,4,rep,name=hosts,proto3" json:"hosts,omitempty"` -} - -func (x *IstioEgressListener) Reset() { - *x = IstioEgressListener{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_sidecar_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *IstioEgressListener) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*IstioEgressListener) ProtoMessage() {} - -func (x *IstioEgressListener) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_sidecar_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use IstioEgressListener.ProtoReflect.Descriptor instead. -func (*IstioEgressListener) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_sidecar_proto_rawDescGZIP(), []int{2} -} - -func (x *IstioEgressListener) GetPort() *SidecarPort { - if x != nil { - return x.Port - } - return nil -} - -func (x *IstioEgressListener) GetBind() string { - if x != nil { - return x.Bind - } - return "" -} - -func (x *IstioEgressListener) GetCaptureMode() CaptureMode { - if x != nil { - return x.CaptureMode - } - return CaptureMode_DEFAULT -} - -func (x *IstioEgressListener) GetHosts() []string { - if x != nil { - return x.Hosts - } - return nil -} - -// `WorkloadSelector` specifies the criteria used to determine if the -// `Gateway`, `Sidecar`, `EnvoyFilter`, `ServiceEntry`, or `DestinationRule` -// configuration can be applied to a proxy. The matching criteria -// includes the metadata associated with a proxy, workload instance -// info such as labels attached to the pod/VM, or any other info that -// the proxy provides to Istio during the initial handshake. If -// multiple conditions are specified, all conditions need to match in -// order for the workload instance to be selected. Currently, only -// label based selection mechanism is supported. -type WorkloadSelector struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // One or more labels that indicate a specific set of pods/VMs - // on which the configuration should be applied. The scope of - // label search is restricted to the configuration namespace in which the - // the resource is present. - Labels map[string]string `protobuf:"bytes,1,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` -} - -func (x *WorkloadSelector) Reset() { - *x = WorkloadSelector{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_sidecar_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *WorkloadSelector) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*WorkloadSelector) ProtoMessage() {} - -func (x *WorkloadSelector) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_sidecar_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use WorkloadSelector.ProtoReflect.Descriptor instead. -func (*WorkloadSelector) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_sidecar_proto_rawDescGZIP(), []int{3} -} - -func (x *WorkloadSelector) GetLabels() map[string]string { - if x != nil { - return x.Labels - } - return nil -} - -// `OutboundTrafficPolicy` sets the default behavior of the sidecar for -// handling outbound traffic from the application. -// If your application uses one or more external -// services that are not known apriori, setting the policy to `ALLOW_ANY` -// will cause the sidecars to route any unknown traffic originating from -// the application to its requested destination. Users are strongly -// encouraged to use `ServiceEntry` configurations to explicitly declare any external -// dependencies, instead of using `ALLOW_ANY`, so that traffic to these -// services can be monitored. -type OutboundTrafficPolicy struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Mode OutboundTrafficPolicy_Mode `protobuf:"varint,1,opt,name=mode,proto3,enum=istio.networking.v1beta1.OutboundTrafficPolicy_Mode" json:"mode,omitempty"` - // Specifies the details of the egress proxy to which unknown - // traffic should be forwarded to from the sidecar. Valid only if - // the mode is set to ALLOW_ANY. If not specified when the mode is - // ALLOW_ANY, the sidecar will send the unknown traffic directly to - // the IP requested by the application. - // - // ** NOTE 1**: The specified egress host must be imported in the - // egress section for the traffic forwarding to work. - // - // ** NOTE 2**: An Envoy based egress gateway is unlikely to be able - // to handle plain text TCP connections forwarded from the sidecar. - // Envoy's dynamic forward proxy can handle only HTTP and TLS - // connections. - // $hide_from_docs - EgressProxy *Destination `protobuf:"bytes,2,opt,name=egress_proxy,json=egressProxy,proto3" json:"egress_proxy,omitempty"` -} - -func (x *OutboundTrafficPolicy) Reset() { - *x = OutboundTrafficPolicy{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_sidecar_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *OutboundTrafficPolicy) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*OutboundTrafficPolicy) ProtoMessage() {} - -func (x *OutboundTrafficPolicy) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_sidecar_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use OutboundTrafficPolicy.ProtoReflect.Descriptor instead. -func (*OutboundTrafficPolicy) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_sidecar_proto_rawDescGZIP(), []int{4} -} - -func (x *OutboundTrafficPolicy) GetMode() OutboundTrafficPolicy_Mode { - if x != nil { - return x.Mode - } - return OutboundTrafficPolicy_REGISTRY_ONLY -} - -func (x *OutboundTrafficPolicy) GetEgressProxy() *Destination { - if x != nil { - return x.EgressProxy - } - return nil -} - -// Port describes the properties of a specific port of a service. -type SidecarPort struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // A valid non-negative integer port number. - Number uint32 `protobuf:"varint,1,opt,name=number,proto3" json:"number,omitempty"` - // The protocol exposed on the port. - // MUST BE one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TLS. - // TLS can be either used to terminate non-HTTP based connections on a specific port - // or to route traffic based on SNI header to the destination without terminating the TLS connection. - Protocol string `protobuf:"bytes,2,opt,name=protocol,proto3" json:"protocol,omitempty"` - // Label assigned to the port. - Name string `protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"` - // Has no effect, only for backwards compatibility - // received. Applicable only when used with ServiceEntries. - // $hide_from_docs - // - // Deprecated: Marked as deprecated in networking/v1beta1/sidecar.proto. - TargetPort uint32 `protobuf:"varint,4,opt,name=target_port,json=targetPort,proto3" json:"target_port,omitempty"` -} - -func (x *SidecarPort) Reset() { - *x = SidecarPort{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_sidecar_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *SidecarPort) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*SidecarPort) ProtoMessage() {} - -func (x *SidecarPort) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_sidecar_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use SidecarPort.ProtoReflect.Descriptor instead. -func (*SidecarPort) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_sidecar_proto_rawDescGZIP(), []int{5} -} - -func (x *SidecarPort) GetNumber() uint32 { - if x != nil { - return x.Number - } - return 0 -} - -func (x *SidecarPort) GetProtocol() string { - if x != nil { - return x.Protocol - } - return "" -} - -func (x *SidecarPort) GetName() string { - if x != nil { - return x.Name - } - return "" -} - -// Deprecated: Marked as deprecated in networking/v1beta1/sidecar.proto. -func (x *SidecarPort) GetTargetPort() uint32 { - if x != nil { - return x.TargetPort - } - return 0 -} - -var File_networking_v1beta1_sidecar_proto protoreflect.FileDescriptor - -var file_networking_v1beta1_sidecar_proto_rawDesc = []byte{ - 0x0a, 0x20, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, - 0x65, 0x74, 0x61, 0x31, 0x2f, 0x73, 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x12, 0x18, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, - 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x1a, 0x1f, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, - 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x29, 0x6e, - 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, - 0x31, 0x2f, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x75, - 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x20, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, - 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x67, 0x61, 0x74, - 0x65, 0x77, 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x28, 0x6e, 0x65, 0x74, 0x77, - 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x76, - 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xdd, 0x03, 0x0a, 0x07, 0x53, 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, - 0x12, 0x57, 0x0a, 0x11, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x73, 0x65, 0x6c, - 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x69, 0x73, - 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, - 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, - 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x52, 0x10, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, - 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x48, 0x0a, 0x07, 0x69, 0x6e, 0x67, - 0x72, 0x65, 0x73, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x69, 0x73, 0x74, - 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, - 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x49, 0x73, 0x74, 0x69, 0x6f, 0x49, 0x6e, 0x67, 0x72, 0x65, - 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x07, 0x69, 0x6e, 0x67, 0x72, - 0x65, 0x73, 0x73, 0x12, 0x45, 0x0a, 0x06, 0x65, 0x67, 0x72, 0x65, 0x73, 0x73, 0x18, 0x03, 0x20, - 0x03, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, - 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x49, - 0x73, 0x74, 0x69, 0x6f, 0x45, 0x67, 0x72, 0x65, 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, - 0x65, 0x72, 0x52, 0x06, 0x65, 0x67, 0x72, 0x65, 0x73, 0x73, 0x12, 0x68, 0x0a, 0x17, 0x69, 0x6e, - 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, - 0x5f, 0x70, 0x6f, 0x6f, 0x6c, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x69, 0x73, - 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, - 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, - 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x15, 0x69, - 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, - 0x50, 0x6f, 0x6f, 0x6c, 0x12, 0x67, 0x0a, 0x17, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, - 0x5f, 0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, - 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, - 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, - 0x2e, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, - 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x15, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, - 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4a, 0x04, 0x08, - 0x05, 0x10, 0x06, 0x4a, 0x04, 0x08, 0x06, 0x10, 0x07, 0x52, 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, - 0x68, 0x6f, 0x73, 0x74, 0x22, 0x9b, 0x03, 0x0a, 0x14, 0x49, 0x73, 0x74, 0x69, 0x6f, 0x49, 0x6e, - 0x67, 0x72, 0x65, 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x12, 0x3e, 0x0a, - 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x73, - 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, - 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x53, 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, 0x50, 0x6f, - 0x72, 0x74, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x12, 0x0a, - 0x04, 0x62, 0x69, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x62, 0x69, 0x6e, - 0x64, 0x12, 0x48, 0x0a, 0x0c, 0x63, 0x61, 0x70, 0x74, 0x75, 0x72, 0x65, 0x5f, 0x6d, 0x6f, 0x64, - 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x25, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, - 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, - 0x61, 0x31, 0x2e, 0x43, 0x61, 0x70, 0x74, 0x75, 0x72, 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x0b, - 0x63, 0x61, 0x70, 0x74, 0x75, 0x72, 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x29, 0x0a, 0x10, 0x64, - 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, - 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x45, 0x6e, - 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x3d, 0x0a, 0x03, 0x74, 0x6c, 0x73, 0x18, 0x07, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, - 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x53, - 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, - 0x52, 0x03, 0x74, 0x6c, 0x73, 0x12, 0x59, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, - 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x6f, 0x6f, 0x6c, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, - 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, - 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, - 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, - 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, - 0x4a, 0x04, 0x08, 0x05, 0x10, 0x06, 0x4a, 0x04, 0x08, 0x06, 0x10, 0x07, 0x52, 0x14, 0x6c, 0x6f, - 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x74, - 0x6c, 0x73, 0x22, 0xeb, 0x01, 0x0a, 0x13, 0x49, 0x73, 0x74, 0x69, 0x6f, 0x45, 0x67, 0x72, 0x65, - 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x12, 0x39, 0x0a, 0x04, 0x70, 0x6f, - 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, - 0x74, 0x61, 0x31, 0x2e, 0x53, 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x52, - 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x62, 0x69, 0x6e, 0x64, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x04, 0x62, 0x69, 0x6e, 0x64, 0x12, 0x48, 0x0a, 0x0c, 0x63, 0x61, 0x70, - 0x74, 0x75, 0x72, 0x65, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, - 0x25, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, - 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x43, 0x61, 0x70, 0x74, 0x75, - 0x72, 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x0b, 0x63, 0x61, 0x70, 0x74, 0x75, 0x72, 0x65, 0x4d, - 0x6f, 0x64, 0x65, 0x12, 0x19, 0x0a, 0x05, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x18, 0x04, 0x20, 0x03, - 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x05, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x4a, 0x04, - 0x08, 0x05, 0x10, 0x06, 0x4a, 0x04, 0x08, 0x06, 0x10, 0x07, 0x52, 0x14, 0x6c, 0x6f, 0x63, 0x61, - 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x74, 0x6c, 0x73, - 0x22, 0x9d, 0x01, 0x0a, 0x10, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, - 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x4e, 0x0a, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, - 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, - 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, - 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, - 0x72, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x6c, - 0x61, 0x62, 0x65, 0x6c, 0x73, 0x1a, 0x39, 0x0a, 0x0b, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, - 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, - 0x22, 0xd5, 0x01, 0x0a, 0x15, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54, 0x72, 0x61, - 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x48, 0x0a, 0x04, 0x6d, 0x6f, - 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x34, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, - 0x74, 0x61, 0x31, 0x2e, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54, 0x72, 0x61, 0x66, - 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x04, - 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x48, 0x0a, 0x0c, 0x65, 0x67, 0x72, 0x65, 0x73, 0x73, 0x5f, 0x70, - 0x72, 0x6f, 0x78, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x73, 0x74, - 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, - 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x52, 0x0b, 0x65, 0x67, 0x72, 0x65, 0x73, 0x73, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x22, 0x28, - 0x0a, 0x04, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x11, 0x0a, 0x0d, 0x52, 0x45, 0x47, 0x49, 0x53, 0x54, - 0x52, 0x59, 0x5f, 0x4f, 0x4e, 0x4c, 0x59, 0x10, 0x00, 0x12, 0x0d, 0x0a, 0x09, 0x41, 0x4c, 0x4c, - 0x4f, 0x57, 0x5f, 0x41, 0x4e, 0x59, 0x10, 0x01, 0x22, 0x7a, 0x0a, 0x0b, 0x53, 0x69, 0x64, 0x65, - 0x63, 0x61, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, - 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, - 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x12, 0x0a, 0x04, 0x6e, - 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, - 0x23, 0x0a, 0x0b, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x04, - 0x20, 0x01, 0x28, 0x0d, 0x42, 0x02, 0x18, 0x01, 0x52, 0x0a, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, - 0x50, 0x6f, 0x72, 0x74, 0x2a, 0x32, 0x0a, 0x0b, 0x43, 0x61, 0x70, 0x74, 0x75, 0x72, 0x65, 0x4d, - 0x6f, 0x64, 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x00, - 0x12, 0x0c, 0x0a, 0x08, 0x49, 0x50, 0x54, 0x41, 0x42, 0x4c, 0x45, 0x53, 0x10, 0x01, 0x12, 0x08, - 0x0a, 0x04, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x02, 0x42, 0x21, 0x5a, 0x1f, 0x69, 0x73, 0x74, 0x69, - 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x33, -} - -var ( - file_networking_v1beta1_sidecar_proto_rawDescOnce sync.Once - file_networking_v1beta1_sidecar_proto_rawDescData = file_networking_v1beta1_sidecar_proto_rawDesc -) - -func file_networking_v1beta1_sidecar_proto_rawDescGZIP() []byte { - file_networking_v1beta1_sidecar_proto_rawDescOnce.Do(func() { - file_networking_v1beta1_sidecar_proto_rawDescData = protoimpl.X.CompressGZIP(file_networking_v1beta1_sidecar_proto_rawDescData) - }) - return file_networking_v1beta1_sidecar_proto_rawDescData -} - -var file_networking_v1beta1_sidecar_proto_enumTypes = make([]protoimpl.EnumInfo, 2) -var file_networking_v1beta1_sidecar_proto_msgTypes = make([]protoimpl.MessageInfo, 7) -var file_networking_v1beta1_sidecar_proto_goTypes = []interface{}{ - (CaptureMode)(0), // 0: istio.networking.v1beta1.CaptureMode - (OutboundTrafficPolicy_Mode)(0), // 1: istio.networking.v1beta1.OutboundTrafficPolicy.Mode - (*Sidecar)(nil), // 2: istio.networking.v1beta1.Sidecar - (*IstioIngressListener)(nil), // 3: istio.networking.v1beta1.IstioIngressListener - (*IstioEgressListener)(nil), // 4: istio.networking.v1beta1.IstioEgressListener - (*WorkloadSelector)(nil), // 5: istio.networking.v1beta1.WorkloadSelector - (*OutboundTrafficPolicy)(nil), // 6: istio.networking.v1beta1.OutboundTrafficPolicy - (*SidecarPort)(nil), // 7: istio.networking.v1beta1.SidecarPort - nil, // 8: istio.networking.v1beta1.WorkloadSelector.LabelsEntry - (*ConnectionPoolSettings)(nil), // 9: istio.networking.v1beta1.ConnectionPoolSettings - (*ServerTLSSettings)(nil), // 10: istio.networking.v1beta1.ServerTLSSettings - (*Destination)(nil), // 11: istio.networking.v1beta1.Destination -} -var file_networking_v1beta1_sidecar_proto_depIdxs = []int32{ - 5, // 0: istio.networking.v1beta1.Sidecar.workload_selector:type_name -> istio.networking.v1beta1.WorkloadSelector - 3, // 1: istio.networking.v1beta1.Sidecar.ingress:type_name -> istio.networking.v1beta1.IstioIngressListener - 4, // 2: istio.networking.v1beta1.Sidecar.egress:type_name -> istio.networking.v1beta1.IstioEgressListener - 9, // 3: istio.networking.v1beta1.Sidecar.inbound_connection_pool:type_name -> istio.networking.v1beta1.ConnectionPoolSettings - 6, // 4: istio.networking.v1beta1.Sidecar.outbound_traffic_policy:type_name -> istio.networking.v1beta1.OutboundTrafficPolicy - 7, // 5: istio.networking.v1beta1.IstioIngressListener.port:type_name -> istio.networking.v1beta1.SidecarPort - 0, // 6: istio.networking.v1beta1.IstioIngressListener.capture_mode:type_name -> istio.networking.v1beta1.CaptureMode - 10, // 7: istio.networking.v1beta1.IstioIngressListener.tls:type_name -> istio.networking.v1beta1.ServerTLSSettings - 9, // 8: istio.networking.v1beta1.IstioIngressListener.connection_pool:type_name -> istio.networking.v1beta1.ConnectionPoolSettings - 7, // 9: istio.networking.v1beta1.IstioEgressListener.port:type_name -> istio.networking.v1beta1.SidecarPort - 0, // 10: istio.networking.v1beta1.IstioEgressListener.capture_mode:type_name -> istio.networking.v1beta1.CaptureMode - 8, // 11: istio.networking.v1beta1.WorkloadSelector.labels:type_name -> istio.networking.v1beta1.WorkloadSelector.LabelsEntry - 1, // 12: istio.networking.v1beta1.OutboundTrafficPolicy.mode:type_name -> istio.networking.v1beta1.OutboundTrafficPolicy.Mode - 11, // 13: istio.networking.v1beta1.OutboundTrafficPolicy.egress_proxy:type_name -> istio.networking.v1beta1.Destination - 14, // [14:14] is the sub-list for method output_type - 14, // [14:14] is the sub-list for method input_type - 14, // [14:14] is the sub-list for extension type_name - 14, // [14:14] is the sub-list for extension extendee - 0, // [0:14] is the sub-list for field type_name -} - -func init() { file_networking_v1beta1_sidecar_proto_init() } -func file_networking_v1beta1_sidecar_proto_init() { - if File_networking_v1beta1_sidecar_proto != nil { - return - } - file_networking_v1beta1_destination_rule_proto_init() - file_networking_v1beta1_gateway_proto_init() - file_networking_v1beta1_virtual_service_proto_init() - if !protoimpl.UnsafeEnabled { - file_networking_v1beta1_sidecar_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Sidecar); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_sidecar_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*IstioIngressListener); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_sidecar_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*IstioEgressListener); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_sidecar_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*WorkloadSelector); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_sidecar_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*OutboundTrafficPolicy); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_sidecar_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SidecarPort); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_networking_v1beta1_sidecar_proto_rawDesc, - NumEnums: 2, - NumMessages: 7, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_networking_v1beta1_sidecar_proto_goTypes, - DependencyIndexes: file_networking_v1beta1_sidecar_proto_depIdxs, - EnumInfos: file_networking_v1beta1_sidecar_proto_enumTypes, - MessageInfos: file_networking_v1beta1_sidecar_proto_msgTypes, - }.Build() - File_networking_v1beta1_sidecar_proto = out.File - file_networking_v1beta1_sidecar_proto_rawDesc = nil - file_networking_v1beta1_sidecar_proto_goTypes = nil - file_networking_v1beta1_sidecar_proto_depIdxs = nil -} diff --git a/networking/v1beta1/sidecar.proto b/networking/v1beta1/sidecar.proto deleted file mode 100644 index 004fa1c7878..00000000000 --- a/networking/v1beta1/sidecar.proto +++ /dev/null @@ -1,561 +0,0 @@ -// Copyright 2020 Istio Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -import "google/api/field_behavior.proto"; -import "networking/v1beta1/destination_rule.proto"; -import "networking/v1beta1/gateway.proto"; -import "networking/v1beta1/virtual_service.proto"; - -// $schema: istio.networking.v1beta1.Sidecar -// $title: Sidecar -// $description: Configuration affecting network reachability of a sidecar. -// $location: https://istio.io/docs/reference/config/networking/sidecar.html -// $aliases: [/docs/reference/config/networking/v1beta1/sidecar] -// $mode: none - -// `Sidecar` describes the configuration of the sidecar proxy that mediates -// inbound and outbound communication to the workload instance it is attached to. By -// default, Istio will program all sidecar proxies in the mesh with the -// necessary configuration required to reach every workload instance in the mesh, as -// well as accept traffic on all the ports associated with the -// workload. The `Sidecar` configuration provides a way to fine tune the set of -// ports, protocols that the proxy will accept when forwarding traffic to -// and from the workload. In addition, it is possible to restrict the set -// of services that the proxy can reach when forwarding outbound traffic -// from workload instances. -// -// Services and configuration in a mesh are organized into one or more -// namespaces (e.g., a Kubernetes namespace or a CF org/space). A `Sidecar` -// configuration in a namespace will apply to one or more workload instances in the same -// namespace, selected using the `workloadSelector` field. In the absence of a -// `workloadSelector`, it will apply to all workload instances in the same -// namespace. When determining the `Sidecar` configuration to be applied to a -// workload instance, preference will be given to the resource with a -// `workloadSelector` that selects this workload instance, over a `Sidecar` configuration -// without any `workloadSelector`. -// -// **NOTE 1**: *_Each namespace can have only one `Sidecar` -// configuration without any `workloadSelector`_ that specifies the -// default for all pods in that namespace*. It is recommended to use -// the name `default` for the namespace-wide sidecar. The behavior of -// the system is undefined if more than one selector-less `Sidecar` -// configurations exist in a given namespace. The behavior of the -// system is undefined if two or more `Sidecar` configurations with a -// `workloadSelector` select the same workload instance. -// -// **NOTE 2**: *_A `Sidecar` configuration in the `MeshConfig` -// [root namespace](https://istio.io/docs/reference/config/istio.mesh.v1alpha1/#MeshConfig) -// will be applied by default to all namespaces without a `Sidecar` -// configuration_*. This global default `Sidecar` configuration should not have -// any `workloadSelector`. -// -// **NOTE 3**: *_A `Sidecar` is not applicable to gateways, even though gateways are istio-proxies_*. -// -// The example below declares a global default `Sidecar` configuration -// in the root namespace called `istio-config`, that configures -// sidecars in all namespaces to allow egress traffic only to other -// workloads in the same namespace as well as to services in the -// `istio-system` namespace. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Sidecar -// metadata: -// name: default -// namespace: istio-config -// spec: -// egress: -// - hosts: -// - "./*" -// - "istio-system/*" -// ``` -// -// The example below declares a `Sidecar` configuration in the -// `prod-us1` namespace that overrides the global default defined -// above, and configures the sidecars in the namespace to allow egress -// traffic to public services in the `prod-us1`, `prod-apis`, and the -// `istio-system` namespaces. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Sidecar -// metadata: -// name: default -// namespace: prod-us1 -// spec: -// egress: -// - hosts: -// - "prod-us1/*" -// - "prod-apis/*" -// - "istio-system/*" -// ``` -// -// The following example declares a `Sidecar` configuration in the -// `prod-us1` namespace for all pods with labels `app: ratings` -// belonging to the `ratings.prod-us1` service. The workload accepts -// inbound HTTP traffic on port 9080. The traffic is then forwarded to -// the attached workload instance listening on a Unix domain -// socket. In the egress direction, in addition to the `istio-system` -// namespace, the sidecar proxies only HTTP traffic bound for port -// 9080 for services in the `prod-us1` namespace. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Sidecar -// metadata: -// name: ratings -// namespace: prod-us1 -// spec: -// workloadSelector: -// labels: -// app: ratings -// ingress: -// - port: -// number: 9080 -// protocol: HTTP -// name: somename -// defaultEndpoint: unix:///var/run/someuds.sock -// egress: -// - port: -// number: 9080 -// protocol: HTTP -// name: egresshttp -// hosts: -// - "prod-us1/*" -// - hosts: -// - "istio-system/*" -// ``` -// -// If the workload is deployed without IPTables-based traffic capture, -// the `Sidecar` configuration is the only way to configure the ports -// on the proxy attached to the workload instance. The following -// example declares a `Sidecar` configuration in the `prod-us1` -// namespace for all pods with labels `app: productpage` belonging to -// the `productpage.prod-us1` service. Assuming that these pods are -// deployed without IPtable rules (i.e. the `istio-init` container) -// and the proxy metadata `ISTIO_META_INTERCEPTION_MODE` is set to -// `NONE`, the specification, below, allows such pods to receive HTTP -// traffic on port 9080 (wrapped inside Istio mutual TLS) and forward -// it to the application listening on `127.0.0.1:8080`. It also allows -// the application to communicate with a backing MySQL database on -// `127.0.0.1:3306`, that then gets proxied to the externally hosted -// MySQL service at `mysql.foo.com:3306`. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Sidecar -// metadata: -// name: no-ip-tables -// namespace: prod-us1 -// spec: -// workloadSelector: -// labels: -// app: productpage -// ingress: -// - port: -// number: 9080 # binds to proxy_instance_ip:9080 (0.0.0.0:9080, if no unicast IP is available for the instance) -// protocol: HTTP -// name: somename -// defaultEndpoint: 127.0.0.1:8080 -// captureMode: NONE # not needed if metadata is set for entire proxy -// egress: -// - port: -// number: 3306 -// protocol: MYSQL -// name: egressmysql -// captureMode: NONE # not needed if metadata is set for entire proxy -// bind: 127.0.0.1 -// hosts: -// - "*/mysql.foo.com" -// ``` -// -// And the associated service entry for routing to `mysql.foo.com:3306` -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-mysql -// namespace: ns1 -// spec: -// hosts: -// - mysql.foo.com -// ports: -// - number: 3306 -// name: mysql -// protocol: MYSQL -// location: MESH_EXTERNAL -// resolution: DNS -// ``` -// -// It is also possible to mix and match traffic capture modes in a single -// proxy. For example, consider a setup where internal services are on the -// `192.168.0.0/16` subnet. So, IP tables are setup on the VM to capture all -// outbound traffic on `192.168.0.0/16` subnet. Assume that the VM has an -// additional network interface on `172.16.0.0/16` subnet for inbound -// traffic. The following `Sidecar` configuration allows the VM to expose a -// listener on `172.16.1.32:80` (the VM's IP) for traffic arriving from the -// `172.16.0.0/16` subnet. -// -// **NOTE**: The `ISTIO_META_INTERCEPTION_MODE` metadata on the -// proxy in the VM should contain `REDIRECT` or `TPROXY` as its value, -// implying that IP tables based traffic capture is active. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Sidecar -// metadata: -// name: partial-ip-tables -// namespace: prod-us1 -// spec: -// workloadSelector: -// labels: -// app: productpage -// ingress: -// - bind: 172.16.1.32 -// port: -// number: 80 # binds to 172.16.1.32:80 -// protocol: HTTP -// name: somename -// defaultEndpoint: 127.0.0.1:8080 -// captureMode: NONE -// egress: -// # use the system detected defaults -// # sets up configuration to handle outbound traffic to services -// # in 192.168.0.0/16 subnet, based on information provided by the -// # service registry -// - captureMode: IPTABLES -// hosts: -// - "*/*" -// ``` -// -// In addition to configuring traffic capture and how traffic is forwarded to the app, -// it's possible to control inbound connection pool settings. By default, Istio pushes -// connection pool settings from `DestinationRules` to both clients (for outbound -// connections to the service) as well as servers (for inbound connections to a service -// instance). Using the `InboundConnectionPool` and per-port `ConnectionPool` settings -// in a `Sidecar` allow you to control those connection pools for the server separately -// from the settings pushed to all clients. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Sidecar -// metadata: -// name: connection-pool-settings -// namespace: prod-us1 -// spec: -// workloadSelector: -// labels: -// app: productpage -// inboundConnectionPool: -// http: -// http1MaxPendingRequests: 1024 -// http2MaxRequests: 1024 -// maxRequestsPerConnection: 1024 -// maxRetries: 100 -// ingress: -// - port: -// number: 80 -// protocol: HTTP -// name: somename -// connectionPool: -// http: -// http1MaxPendingRequests: 1024 -// http2MaxRequests: 1024 -// maxRequestsPerConnection: 1024 -// maxRetries: 100 -// tcp: -// maxConnections: 100 -// ``` -package istio.networking.v1beta1; - -option go_package = "istio.io/api/networking/v1beta1"; - -// `Sidecar` describes the configuration of the sidecar proxy that mediates -// inbound and outbound communication of the workload instance to which it is -// attached. -// -// -// -message Sidecar { - // Criteria used to select the specific set of pods/VMs on which this - // `Sidecar` configuration should be applied. If omitted, the `Sidecar` - // configuration will be applied to all workload instances in the same namespace. - WorkloadSelector workload_selector = 1; - - // Ingress specifies the configuration of the sidecar for processing - // inbound traffic to the attached workload instance. If omitted, Istio will - // automatically configure the sidecar based on the information about the workload - // obtained from the orchestration platform (e.g., exposed ports, services, - // etc.). If specified, inbound ports are configured if and only if the - // workload instance is associated with a service. - repeated IstioIngressListener ingress = 2; - - // Egress specifies the configuration of the sidecar for processing - // outbound traffic from the attached workload instance to other - // services in the mesh. If not specified, inherits the system - // detected defaults from the namespace-wide or the global default Sidecar. - repeated IstioEgressListener egress = 3; - - // Settings controlling the volume of connections Envoy will accept from the network. - // This default will apply for all inbound listeners and can be overridden per-port - // in the `Ingress` field. This configuration mirrors the `DestinationRule`'s - // [`connectionPool`](https://istio.io/latest/docs/reference/config/networking/destination-rule/#ConnectionPoolSettings) field. - // - // By default, Istio applies a service's `DestinationRule` to client sidecars - // for outbound traffic directed at the service -- the usual case folks think - // of when configuring a `DestinationRule` -- but also to the server's inbound - // sidecar. The `Sidecar`'s connection pool configures the server's inbound - // sidecar directly, so its settings can be different than clients'. This is - // valuable, for example, when you have many clients calling few servers: a - // `DestinationRule` can limit the concurrency of any single client, while - // the `Sidecar` allows you to configure much higher concurrency on the server - // side. - // - // Connection pool settings for a server's inbound sidecar are configured in the - // following precedence, highest to lowest: - // - per-port `ConnectionPool` from the `Sidecar` - // - top level `InboundConnectionPool` from the `Sidecar` - // - per-port `TrafficPolicy.ConnectionPool` from the `DestinationRule` - // - top level `TrafficPolicy.ConnectionPool` from the `DestinationRule` - // - default connection pool settings (essentially unlimited) - // - // In every case, the connection pool settings are overriden, not merged. - ConnectionPoolSettings inbound_connection_pool = 7; - - // Configuration for the outbound traffic policy. If your - // application uses one or more external services that are not known - // apriori, setting the policy to `ALLOW_ANY` will cause the - // sidecars to route any unknown traffic originating from the - // application to its requested destination. If not specified, - // inherits the system detected defaults from the namespace-wide or - // the global default Sidecar. - OutboundTrafficPolicy outbound_traffic_policy = 4; - - reserved "localhost"; - reserved 5, 6; -} - -// `IstioIngressListener` specifies the properties of an inbound -// traffic listener on the sidecar proxy attached to a workload instance. -message IstioIngressListener { - // The port associated with the listener. - SidecarPort port = 1 [(google.api.field_behavior) = REQUIRED]; - - // The IP(IPv4 or IPv6) to which the listener should be bound. - // Unix domain socket addresses are not allowed in - // the bind field for ingress listeners. If omitted, Istio will - // automatically configure the defaults based on imported services - // and the workload instances to which this configuration is applied - // to. - string bind = 2; - - // The captureMode option dictates how traffic to the listener is - // expected to be captured (or not). - CaptureMode capture_mode = 3; - - // The IP endpoint or Unix domain socket to which - // traffic should be forwarded to. This configuration can be used to - // redirect traffic arriving at the bind `IP:Port` on the sidecar to a `localhost:port` - // or Unix domain socket where the application workload instance is listening for - // connections. Arbitrary IPs are not supported. Format should be one of - // `127.0.0.1:PORT`, `[::1]:PORT` (forward to localhost), - // `0.0.0.0:PORT`, `[::]:PORT` (forward to the instance IP), - // or `unix:///path/to/socket` (forward to Unix domain socket). - string default_endpoint = 4; - - reserved "localhost_client_tls"; - reserved 5, 6; - - // Set of TLS related options that will enable TLS termination on the - // sidecar for requests originating from outside the mesh. - // Currently supports only SIMPLE and MUTUAL TLS modes. - ServerTLSSettings tls = 7; - - // Settings controlling the volume of connections Envoy will accept from the network. - // This setting overrides the top-level default `inboundConnectionPool` to configure - // specific settings for this port. This configuration mirrors the `DestinationRule`'s - // [`PortTrafficPolicy.connectionPool`](https://istio.io/latest/docs/reference/config/networking/destination-rule/#TrafficPolicy-PortTrafficPolicy) field. - // This port level connection pool has the highest precedence in configuration, - // overriding both the `Sidecar`'s top level `InboundConnectionPool` as well as any - // connection pooling settings from the `DestinationRule`. - ConnectionPoolSettings connection_pool = 8; -} - -// `IstioEgressListener` specifies the properties of an outbound traffic -// listener on the sidecar proxy attached to a workload instance. -message IstioEgressListener { - // The port associated with the listener. If using Unix domain socket, - // use 0 as the port number, with a valid protocol. The port if - // specified, will be used as the default destination port associated - // with the imported hosts. If the port is omitted, Istio will infer the - // listener ports based on the imported hosts. Note that when multiple - // egress listeners are specified, where one or more listeners have - // specific ports while others have no port, the hosts exposed on a - // listener port will be based on the listener with the most specific - // port. - SidecarPort port = 1; - - // The IP(IPv4 or IPv6) or the Unix domain socket to which the listener should be bound - // to. Port MUST be specified if bind is not empty. Format: IPv4 or IPv6 address formats or - // `unix:///path/to/uds` or `unix://@foobar` (Linux abstract namespace). If - // omitted, Istio will automatically configure the defaults based on imported - // services, the workload instances to which this configuration is applied to and - // the captureMode. If captureMode is `NONE`, bind will default to - // 127.0.0.1. - string bind = 2; - - // When the bind address is an IP, the captureMode option dictates - // how traffic to the listener is expected to be captured (or not). - // captureMode must be DEFAULT or `NONE` for Unix domain socket binds. - CaptureMode capture_mode = 3; - - // One or more service hosts exposed by the listener - // in `namespace/dnsName` format. Services in the specified namespace - // matching `dnsName` will be exposed. - // The corresponding service can be a service in the service registry - // (e.g., a Kubernetes or cloud foundry service) or a service specified - // using a `ServiceEntry` or `VirtualService` configuration. Any - // associated `DestinationRule` in the same namespace will also be used. - // - // The `dnsName` should be specified using FQDN format, optionally including - // a wildcard character in the left-most component (e.g., `prod/*.example.com`). - // Set the `dnsName` to `*` to select all services from the specified namespace - // (e.g., `prod/*`). - // - // The `namespace` can be set to `*`, `.`, or `~`, representing any, the current, - // or no namespace, respectively. For example, `*/foo.example.com` selects the - // service from any available namespace while `./foo.example.com` only selects - // the service from the namespace of the sidecar. If a host is set to `*/*`, - // Istio will configure the sidecar to be able to reach every service in the - // mesh that is exported to the sidecar's namespace. The value `~/*` can be used - // to completely trim the configuration for sidecars that simply receive traffic - // and respond, but make no outbound connections of their own. - // - // NOTE: Only services and configuration artifacts exported to the sidecar's - // namespace (e.g., `exportTo` value of `*`) can be referenced. - // Private configurations (e.g., `exportTo` set to `.`) will - // not be available. Refer to the `exportTo` setting in `VirtualService`, - // `DestinationRule`, and `ServiceEntry` configurations for details. - repeated string hosts = 4 [(google.api.field_behavior) = REQUIRED]; - - reserved "localhost_server_tls"; - reserved 5, 6; -} - -// `WorkloadSelector` specifies the criteria used to determine if the -// `Gateway`, `Sidecar`, `EnvoyFilter`, `ServiceEntry`, or `DestinationRule` -// configuration can be applied to a proxy. The matching criteria -// includes the metadata associated with a proxy, workload instance -// info such as labels attached to the pod/VM, or any other info that -// the proxy provides to Istio during the initial handshake. If -// multiple conditions are specified, all conditions need to match in -// order for the workload instance to be selected. Currently, only -// label based selection mechanism is supported. -message WorkloadSelector { - // One or more labels that indicate a specific set of pods/VMs - // on which the configuration should be applied. The scope of - // label search is restricted to the configuration namespace in which the - // the resource is present. - map labels = 1; - - // $hide_from_docs - // other forms of identification supplied by the proxy - // when connecting to Pilot, such as X509 fields, tenant IDs, JWT, - // etc. This has nothing to do with the request level authN etc. -} - -// `OutboundTrafficPolicy` sets the default behavior of the sidecar for -// handling outbound traffic from the application. -// If your application uses one or more external -// services that are not known apriori, setting the policy to `ALLOW_ANY` -// will cause the sidecars to route any unknown traffic originating from -// the application to its requested destination. Users are strongly -// encouraged to use `ServiceEntry` configurations to explicitly declare any external -// dependencies, instead of using `ALLOW_ANY`, so that traffic to these -// services can be monitored. -message OutboundTrafficPolicy { - enum Mode { - // Outbound traffic will be restricted to services defined in the - // service registry as well as those defined through `ServiceEntry` configurations. - REGISTRY_ONLY = 0; - // Outbound traffic to unknown destinations will be allowed, in case - // there are no services or `ServiceEntry` configurations for the destination port. - ALLOW_ANY = 1; - } - Mode mode = 1; - - // Specifies the details of the egress proxy to which unknown - // traffic should be forwarded to from the sidecar. Valid only if - // the mode is set to ALLOW_ANY. If not specified when the mode is - // ALLOW_ANY, the sidecar will send the unknown traffic directly to - // the IP requested by the application. - // - // ** NOTE 1**: The specified egress host must be imported in the - // egress section for the traffic forwarding to work. - // - // ** NOTE 2**: An Envoy based egress gateway is unlikely to be able - // to handle plain text TCP connections forwarded from the sidecar. - // Envoy's dynamic forward proxy can handle only HTTP and TLS - // connections. - // $hide_from_docs - Destination egress_proxy = 2; -} - - -// `CaptureMode` describes how traffic to a listener is expected to be -// captured. Applicable only when the listener is bound to an IP. -enum CaptureMode { - // The default capture mode defined by the environment. - DEFAULT = 0; - - // Capture traffic using IPtables redirection. - IPTABLES = 1; - - // No traffic capture. When used in an egress listener, the application is - // expected to explicitly communicate with the listener port or Unix - // domain socket. When used in an ingress listener, care needs to be taken - // to ensure that the listener port is not in use by other processes on - // the host. - NONE = 2; -} - -// Port describes the properties of a specific port of a service. -message SidecarPort { - // A valid non-negative integer port number. - uint32 number = 1; - - // The protocol exposed on the port. - // MUST BE one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TLS. - // TLS can be either used to terminate non-HTTP based connections on a specific port - // or to route traffic based on SNI header to the destination without terminating the TLS connection. - string protocol = 2; - - // Label assigned to the port. - string name = 3; - - // Has no effect, only for backwards compatibility - // received. Applicable only when used with ServiceEntries. - // $hide_from_docs - uint32 target_port = 4 [deprecated=true]; -} diff --git a/networking/v1beta1/sidecar_alias.gen.go b/networking/v1beta1/sidecar_alias.gen.go new file mode 100644 index 00000000000..779d4486ca8 --- /dev/null +++ b/networking/v1beta1/sidecar_alias.gen.go @@ -0,0 +1,21 @@ +// Code generated by protoc-gen-alias. DO NOT EDIT. +package v1beta1 + +import "istio.io/api/networking/v1alpha3" + +type Sidecar = v1alpha3.Sidecar +type IstioIngressListener = v1alpha3.IstioIngressListener +type IstioEgressListener = v1alpha3.IstioEgressListener +type WorkloadSelector = v1alpha3.WorkloadSelector +type OutboundTrafficPolicy = v1alpha3.OutboundTrafficPolicy +type OutboundTrafficPolicy_Mode = v1alpha3.OutboundTrafficPolicy_Mode + +const OutboundTrafficPolicy_REGISTRY_ONLY OutboundTrafficPolicy_Mode = v1alpha3.OutboundTrafficPolicy_REGISTRY_ONLY +const OutboundTrafficPolicy_ALLOW_ANY OutboundTrafficPolicy_Mode = v1alpha3.OutboundTrafficPolicy_ALLOW_ANY + +type SidecarPort = v1alpha3.SidecarPort +type CaptureMode = v1alpha3.CaptureMode + +const CaptureMode_DEFAULT CaptureMode = v1alpha3.CaptureMode_DEFAULT +const CaptureMode_IPTABLES CaptureMode = v1alpha3.CaptureMode_IPTABLES +const CaptureMode_NONE CaptureMode = v1alpha3.CaptureMode_NONE diff --git a/networking/v1beta1/sidecar_deepcopy.gen.go b/networking/v1beta1/sidecar_deepcopy.gen.go deleted file mode 100644 index 5a0cdf9aaf2..00000000000 --- a/networking/v1beta1/sidecar_deepcopy.gen.go +++ /dev/null @@ -1,132 +0,0 @@ -// Code generated by protoc-gen-deepcopy. DO NOT EDIT. -package v1beta1 - -import ( - proto "google.golang.org/protobuf/proto" -) - -// DeepCopyInto supports using Sidecar within kubernetes types, where deepcopy-gen is used. -func (in *Sidecar) DeepCopyInto(out *Sidecar) { - p := proto.Clone(in).(*Sidecar) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Sidecar. Required by controller-gen. -func (in *Sidecar) DeepCopy() *Sidecar { - if in == nil { - return nil - } - out := new(Sidecar) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Sidecar. Required by controller-gen. -func (in *Sidecar) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using IstioIngressListener within kubernetes types, where deepcopy-gen is used. -func (in *IstioIngressListener) DeepCopyInto(out *IstioIngressListener) { - p := proto.Clone(in).(*IstioIngressListener) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IstioIngressListener. Required by controller-gen. -func (in *IstioIngressListener) DeepCopy() *IstioIngressListener { - if in == nil { - return nil - } - out := new(IstioIngressListener) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new IstioIngressListener. Required by controller-gen. -func (in *IstioIngressListener) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using IstioEgressListener within kubernetes types, where deepcopy-gen is used. -func (in *IstioEgressListener) DeepCopyInto(out *IstioEgressListener) { - p := proto.Clone(in).(*IstioEgressListener) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IstioEgressListener. Required by controller-gen. -func (in *IstioEgressListener) DeepCopy() *IstioEgressListener { - if in == nil { - return nil - } - out := new(IstioEgressListener) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new IstioEgressListener. Required by controller-gen. -func (in *IstioEgressListener) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using WorkloadSelector within kubernetes types, where deepcopy-gen is used. -func (in *WorkloadSelector) DeepCopyInto(out *WorkloadSelector) { - p := proto.Clone(in).(*WorkloadSelector) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadSelector. Required by controller-gen. -func (in *WorkloadSelector) DeepCopy() *WorkloadSelector { - if in == nil { - return nil - } - out := new(WorkloadSelector) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadSelector. Required by controller-gen. -func (in *WorkloadSelector) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using OutboundTrafficPolicy within kubernetes types, where deepcopy-gen is used. -func (in *OutboundTrafficPolicy) DeepCopyInto(out *OutboundTrafficPolicy) { - p := proto.Clone(in).(*OutboundTrafficPolicy) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OutboundTrafficPolicy. Required by controller-gen. -func (in *OutboundTrafficPolicy) DeepCopy() *OutboundTrafficPolicy { - if in == nil { - return nil - } - out := new(OutboundTrafficPolicy) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new OutboundTrafficPolicy. Required by controller-gen. -func (in *OutboundTrafficPolicy) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using SidecarPort within kubernetes types, where deepcopy-gen is used. -func (in *SidecarPort) DeepCopyInto(out *SidecarPort) { - p := proto.Clone(in).(*SidecarPort) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SidecarPort. Required by controller-gen. -func (in *SidecarPort) DeepCopy() *SidecarPort { - if in == nil { - return nil - } - out := new(SidecarPort) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new SidecarPort. Required by controller-gen. -func (in *SidecarPort) DeepCopyInterface() interface{} { - return in.DeepCopy() -} diff --git a/networking/v1beta1/sidecar_json.gen.go b/networking/v1beta1/sidecar_json.gen.go deleted file mode 100644 index 64024fbca48..00000000000 --- a/networking/v1beta1/sidecar_json.gen.go +++ /dev/null @@ -1,78 +0,0 @@ -// Code generated by protoc-gen-jsonshim. DO NOT EDIT. -package v1beta1 - -import ( - bytes "bytes" - jsonpb "github.com/golang/protobuf/jsonpb" -) - -// MarshalJSON is a custom marshaler for Sidecar -func (this *Sidecar) MarshalJSON() ([]byte, error) { - str, err := SidecarMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for Sidecar -func (this *Sidecar) UnmarshalJSON(b []byte) error { - return SidecarUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for IstioIngressListener -func (this *IstioIngressListener) MarshalJSON() ([]byte, error) { - str, err := SidecarMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for IstioIngressListener -func (this *IstioIngressListener) UnmarshalJSON(b []byte) error { - return SidecarUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for IstioEgressListener -func (this *IstioEgressListener) MarshalJSON() ([]byte, error) { - str, err := SidecarMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for IstioEgressListener -func (this *IstioEgressListener) UnmarshalJSON(b []byte) error { - return SidecarUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for WorkloadSelector -func (this *WorkloadSelector) MarshalJSON() ([]byte, error) { - str, err := SidecarMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for WorkloadSelector -func (this *WorkloadSelector) UnmarshalJSON(b []byte) error { - return SidecarUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for OutboundTrafficPolicy -func (this *OutboundTrafficPolicy) MarshalJSON() ([]byte, error) { - str, err := SidecarMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for OutboundTrafficPolicy -func (this *OutboundTrafficPolicy) UnmarshalJSON(b []byte) error { - return SidecarUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for SidecarPort -func (this *SidecarPort) MarshalJSON() ([]byte, error) { - str, err := SidecarMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for SidecarPort -func (this *SidecarPort) UnmarshalJSON(b []byte) error { - return SidecarUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -var ( - SidecarMarshaler = &jsonpb.Marshaler{} - SidecarUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} -) diff --git a/networking/v1beta1/virtual_service.pb.go b/networking/v1beta1/virtual_service.pb.go deleted file mode 100644 index 73612ab0b8d..00000000000 --- a/networking/v1beta1/virtual_service.pb.go +++ /dev/null @@ -1,4466 +0,0 @@ -// Copyright 2020 Istio Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.33.0 -// protoc (unknown) -// source: networking/v1beta1/virtual_service.proto - -// $schema: istio.networking.v1beta1.VirtualService -// $title: Virtual Service -// $description: Configuration affecting label/content routing, sni routing, etc. -// $location: https://istio.io/docs/reference/config/networking/virtual-service.html -// $aliases: [/docs/reference/config/networking/v1beta1/virtual-service] -// $mode: none - -// Configuration affecting traffic routing. Here are a few terms useful to define -// in the context of traffic routing. -// -// `Service` a unit of application behavior bound to a unique name in a -// service registry. Services consist of multiple network *endpoints* -// implemented by workload instances running on pods, containers, VMs etc. -// -// `Service versions (a.k.a. subsets)` - In a continuous deployment -// scenario, for a given service, there can be distinct subsets of -// instances running different variants of the application binary. These -// variants are not necessarily different API versions. They could be -// iterative changes to the same service, deployed in different -// environments (prod, staging, dev, etc.). Common scenarios where this -// occurs include A/B testing, canary rollouts, etc. The choice of a -// particular version can be decided based on various criterion (headers, -// url, etc.) and/or by weights assigned to each version. Each service has -// a default version consisting of all its instances. -// -// `Source` - A downstream client calling a service. -// -// `Host` - The address used by a client when attempting to connect to a -// service. -// -// `Access model` - Applications address only the destination service -// (Host) without knowledge of individual service versions (subsets). The -// actual choice of the version is determined by the proxy/sidecar, enabling the -// application code to decouple itself from the evolution of dependent -// services. -// -// A `VirtualService` defines a set of traffic routing rules to apply when a host is -// addressed. Each routing rule defines matching criteria for traffic of a specific -// protocol. If the traffic is matched, then it is sent to a named destination service -// (or subset/version of it) defined in the registry. -// -// The source of traffic can also be matched in a routing rule. This allows routing -// to be customized for specific client contexts. -// -// The following example on Kubernetes, routes all HTTP traffic by default to -// pods of the reviews service with label "version: v1". In addition, -// HTTP requests with path starting with /wpcatalog/ or /consumercatalog/ will -// be rewritten to /newcatalog and sent to pods with label "version: v2". -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: reviews-route -// spec: -// hosts: -// - reviews.prod.svc.cluster.local -// http: -// - name: "reviews-v2-routes" -// match: -// - uri: -// prefix: "/wpcatalog" -// - uri: -// prefix: "/consumercatalog" -// rewrite: -// uri: "/newcatalog" -// route: -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v2 -// - name: "reviews-v1-route" -// route: -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v1 -// ``` -// -// A subset/version of a route destination is identified with a reference -// to a named service subset which must be declared in a corresponding -// `DestinationRule`. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: reviews-destination -// spec: -// host: reviews.prod.svc.cluster.local -// subsets: -// - name: v1 -// labels: -// version: v1 -// - name: v2 -// labels: -// version: v2 -// ``` - -package v1beta1 - -import ( - duration "github.com/golang/protobuf/ptypes/duration" - wrappers "github.com/golang/protobuf/ptypes/wrappers" - _ "google.golang.org/genproto/googleapis/api/annotations" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type HTTPRedirect_RedirectPortSelection int32 - -const ( - HTTPRedirect_FROM_PROTOCOL_DEFAULT HTTPRedirect_RedirectPortSelection = 0 - HTTPRedirect_FROM_REQUEST_PORT HTTPRedirect_RedirectPortSelection = 1 -) - -// Enum value maps for HTTPRedirect_RedirectPortSelection. -var ( - HTTPRedirect_RedirectPortSelection_name = map[int32]string{ - 0: "FROM_PROTOCOL_DEFAULT", - 1: "FROM_REQUEST_PORT", - } - HTTPRedirect_RedirectPortSelection_value = map[string]int32{ - "FROM_PROTOCOL_DEFAULT": 0, - "FROM_REQUEST_PORT": 1, - } -) - -func (x HTTPRedirect_RedirectPortSelection) Enum() *HTTPRedirect_RedirectPortSelection { - p := new(HTTPRedirect_RedirectPortSelection) - *p = x - return p -} - -func (x HTTPRedirect_RedirectPortSelection) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (HTTPRedirect_RedirectPortSelection) Descriptor() protoreflect.EnumDescriptor { - return file_networking_v1beta1_virtual_service_proto_enumTypes[0].Descriptor() -} - -func (HTTPRedirect_RedirectPortSelection) Type() protoreflect.EnumType { - return &file_networking_v1beta1_virtual_service_proto_enumTypes[0] -} - -func (x HTTPRedirect_RedirectPortSelection) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use HTTPRedirect_RedirectPortSelection.Descriptor instead. -func (HTTPRedirect_RedirectPortSelection) EnumDescriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{12, 0} -} - -type CorsPolicy_UnmatchedPreflights int32 - -const ( - // Default to FORWARD - CorsPolicy_UNSPECIFIED CorsPolicy_UnmatchedPreflights = 0 - // Preflight requests not matching the configured allowed origin - // will be forwarded to the upstream. - CorsPolicy_FORWARD CorsPolicy_UnmatchedPreflights = 1 - // Preflight requests not matching the configured allowed origin - // will not be forwarded to the upstream. - CorsPolicy_IGNORE CorsPolicy_UnmatchedPreflights = 2 -) - -// Enum value maps for CorsPolicy_UnmatchedPreflights. -var ( - CorsPolicy_UnmatchedPreflights_name = map[int32]string{ - 0: "UNSPECIFIED", - 1: "FORWARD", - 2: "IGNORE", - } - CorsPolicy_UnmatchedPreflights_value = map[string]int32{ - "UNSPECIFIED": 0, - "FORWARD": 1, - "IGNORE": 2, - } -) - -func (x CorsPolicy_UnmatchedPreflights) Enum() *CorsPolicy_UnmatchedPreflights { - p := new(CorsPolicy_UnmatchedPreflights) - *p = x - return p -} - -func (x CorsPolicy_UnmatchedPreflights) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (CorsPolicy_UnmatchedPreflights) Descriptor() protoreflect.EnumDescriptor { - return file_networking_v1beta1_virtual_service_proto_enumTypes[1].Descriptor() -} - -func (CorsPolicy_UnmatchedPreflights) Type() protoreflect.EnumType { - return &file_networking_v1beta1_virtual_service_proto_enumTypes[1] -} - -func (x CorsPolicy_UnmatchedPreflights) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use CorsPolicy_UnmatchedPreflights.Descriptor instead. -func (CorsPolicy_UnmatchedPreflights) EnumDescriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{19, 0} -} - -// Configuration affecting traffic routing. -// -// -// -type VirtualService struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The destination hosts to which traffic is being sent. Could - // be a DNS name with wildcard prefix or an IP address. Depending on the - // platform, short-names can also be used instead of a FQDN (i.e. has no - // dots in the name). In such a scenario, the FQDN of the host would be - // derived based on the underlying platform. - // - // A single VirtualService can be used to describe all the traffic - // properties of the corresponding hosts, including those for multiple - // HTTP and TCP ports. Alternatively, the traffic properties of a host - // can be defined using more than one VirtualService, with certain - // caveats. Refer to the - // [Operations Guide](https://istio.io/docs/ops/best-practices/traffic-management/#split-virtual-services) - // for details. - // - // *Note for Kubernetes users*: When short names are used (e.g. "reviews" - // instead of "reviews.default.svc.cluster.local"), Istio will interpret - // the short name based on the namespace of the rule, not the service. A - // rule in the "default" namespace containing a host "reviews" will be - // interpreted as "reviews.default.svc.cluster.local", irrespective of - // the actual namespace associated with the reviews service. _To avoid - // potential misconfigurations, it is recommended to always use fully - // qualified domain names over short names._ - // - // The hosts field applies to both HTTP and TCP services. Service inside - // the mesh, i.e., those found in the service registry, must always be - // referred to using their alphanumeric names. IP addresses are allowed - // only for services defined via the Gateway. - // - // *Note*: It must be empty for a delegate VirtualService. - Hosts []string `protobuf:"bytes,1,rep,name=hosts,proto3" json:"hosts,omitempty"` - // The names of gateways and sidecars that should apply these routes. - // Gateways in other namespaces may be referred to by - // `/`; specifying a gateway with no - // namespace qualifier is the same as specifying the VirtualService's - // namespace. A single VirtualService is used for sidecars inside the mesh as - // well as for one or more gateways. The selection condition imposed by this - // field can be overridden using the source field in the match conditions - // of protocol-specific routes. The reserved word `mesh` is used to imply - // all the sidecars in the mesh. When this field is omitted, the default - // gateway (`mesh`) will be used, which would apply the rule to all - // sidecars in the mesh. If a list of gateway names is provided, the - // rules will apply only to the gateways. To apply the rules to both - // gateways and sidecars, specify `mesh` as one of the gateway names. - Gateways []string `protobuf:"bytes,2,rep,name=gateways,proto3" json:"gateways,omitempty"` - // An ordered list of route rules for HTTP traffic. HTTP routes will be - // applied to platform service ports using HTTP/HTTP2/GRPC protocols, gateway - // ports with protocol HTTP/HTTP2/GRPC/TLS-terminated-HTTPS and service - // entry ports using HTTP/HTTP2/GRPC protocols. The first rule matching - // an incoming request is used. - Http []*HTTPRoute `protobuf:"bytes,3,rep,name=http,proto3" json:"http,omitempty"` - // An ordered list of route rule for non-terminated TLS & HTTPS - // traffic. Routing is typically performed using the SNI value presented - // by the ClientHello message. TLS routes will be applied to platform - // service ports named 'https-*', 'tls-*', unterminated gateway ports using - // HTTPS/TLS protocols (i.e. with "passthrough" TLS mode) and service - // entry ports using HTTPS/TLS protocols. The first rule matching an - // incoming request is used. NOTE: Traffic 'https-*' or 'tls-*' ports - // without associated virtual service will be treated as opaque TCP - // traffic. - Tls []*TLSRoute `protobuf:"bytes,5,rep,name=tls,proto3" json:"tls,omitempty"` - // An ordered list of route rules for opaque TCP traffic. TCP routes will - // be applied to any port that is not a HTTP or TLS port. The first rule - // matching an incoming request is used. - Tcp []*TCPRoute `protobuf:"bytes,4,rep,name=tcp,proto3" json:"tcp,omitempty"` - // A list of namespaces to which this virtual service is exported. Exporting a - // virtual service allows it to be used by sidecars and gateways defined in - // other namespaces. This feature provides a mechanism for service owners - // and mesh administrators to control the visibility of virtual services - // across namespace boundaries. - // - // If no namespaces are specified then the virtual service is exported to all - // namespaces by default. - // - // The value "." is reserved and defines an export to the same namespace that - // the virtual service is declared in. Similarly the value "*" is reserved and - // defines an export to all namespaces. - ExportTo []string `protobuf:"bytes,6,rep,name=export_to,json=exportTo,proto3" json:"export_to,omitempty"` -} - -func (x *VirtualService) Reset() { - *x = VirtualService{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *VirtualService) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*VirtualService) ProtoMessage() {} - -func (x *VirtualService) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use VirtualService.ProtoReflect.Descriptor instead. -func (*VirtualService) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{0} -} - -func (x *VirtualService) GetHosts() []string { - if x != nil { - return x.Hosts - } - return nil -} - -func (x *VirtualService) GetGateways() []string { - if x != nil { - return x.Gateways - } - return nil -} - -func (x *VirtualService) GetHttp() []*HTTPRoute { - if x != nil { - return x.Http - } - return nil -} - -func (x *VirtualService) GetTls() []*TLSRoute { - if x != nil { - return x.Tls - } - return nil -} - -func (x *VirtualService) GetTcp() []*TCPRoute { - if x != nil { - return x.Tcp - } - return nil -} - -func (x *VirtualService) GetExportTo() []string { - if x != nil { - return x.ExportTo - } - return nil -} - -// Destination indicates the network addressable service to which the -// request/connection will be sent after processing a routing rule. The -// destination.host should unambiguously refer to a service in the service -// registry. Istio's service registry is composed of all the services found -// in the platform's service registry (e.g., Kubernetes services, Consul -// services), as well as services declared through the -// [ServiceEntry](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry) resource. -// -// *Note for Kubernetes users*: When short names are used (e.g. "reviews" -// instead of "reviews.default.svc.cluster.local"), Istio will interpret -// the short name based on the namespace of the rule, not the service. A -// rule in the "default" namespace containing a host "reviews" will be -// interpreted as "reviews.default.svc.cluster.local", irrespective of the -// actual namespace associated with the reviews service. _To avoid potential -// misconfigurations, it is recommended to always use fully qualified -// domain names over short names._ -// -// The following Kubernetes example routes all traffic by default to pods -// of the reviews service with label "version: v1" (i.e., subset v1), and -// some to subset v2, in a Kubernetes environment. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// -// name: reviews-route -// namespace: foo -// -// spec: -// -// hosts: -// - reviews # interpreted as reviews.foo.svc.cluster.local -// http: -// - match: -// - uri: -// prefix: "/wpcatalog" -// - uri: -// prefix: "/consumercatalog" -// rewrite: -// uri: "/newcatalog" -// route: -// - destination: -// host: reviews # interpreted as reviews.foo.svc.cluster.local -// subset: v2 -// - route: -// - destination: -// host: reviews # interpreted as reviews.foo.svc.cluster.local -// subset: v1 -// -// ``` -// -// # And the associated DestinationRule -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// -// name: reviews-destination -// namespace: foo -// -// spec: -// -// host: reviews # interpreted as reviews.foo.svc.cluster.local -// subsets: -// - name: v1 -// labels: -// version: v1 -// - name: v2 -// labels: -// version: v2 -// -// ``` -// -// The following VirtualService sets a timeout of 5s for all calls to -// productpage.prod.svc.cluster.local service in Kubernetes. Notice that -// there are no subsets defined in this rule. Istio will fetch all -// instances of productpage.prod.svc.cluster.local service from the service -// registry and populate the sidecar's load balancing pool. Also, notice -// that this rule is set in the istio-system namespace but uses the fully -// qualified domain name of the productpage service, -// productpage.prod.svc.cluster.local. Therefore the rule's namespace does -// not have an impact in resolving the name of the productpage service. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// -// name: my-productpage-rule -// namespace: istio-system -// -// spec: -// -// hosts: -// - productpage.prod.svc.cluster.local # ignores rule namespace -// http: -// - timeout: 5s -// route: -// - destination: -// host: productpage.prod.svc.cluster.local -// -// ``` -// -// To control routing for traffic bound to services outside the mesh, external -// services must first be added to Istio's internal service registry using the -// ServiceEntry resource. VirtualServices can then be defined to control traffic -// bound to these external services. For example, the following rules define a -// Service for wikipedia.org and set a timeout of 5s for HTTP requests. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// -// name: external-svc-wikipedia -// -// spec: -// -// hosts: -// - wikipedia.org -// location: MESH_EXTERNAL -// ports: -// - number: 80 -// name: example-http -// protocol: HTTP -// resolution: DNS -// -// --- -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// -// name: my-wiki-rule -// -// spec: -// -// hosts: -// - wikipedia.org -// http: -// - timeout: 5s -// route: -// - destination: -// host: wikipedia.org -// -// ``` -type Destination struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The name of a service from the service registry. Service - // names are looked up from the platform's service registry (e.g., - // Kubernetes services, Consul services, etc.) and from the hosts - // declared by [ServiceEntry](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry). Traffic forwarded to - // destinations that are not found in either of the two, will be dropped. - // - // *Note for Kubernetes users*: When short names are used (e.g. "reviews" - // instead of "reviews.default.svc.cluster.local"), Istio will interpret - // the short name based on the namespace of the rule, not the service. A - // rule in the "default" namespace containing a host "reviews" will be - // interpreted as "reviews.default.svc.cluster.local", irrespective of - // the actual namespace associated with the reviews service. To avoid - // potential misconfiguration, it is recommended to always use fully - // qualified domain names over short names. - Host string `protobuf:"bytes,1,opt,name=host,proto3" json:"host,omitempty"` - // The name of a subset within the service. Applicable only to services - // within the mesh. The subset must be defined in a corresponding - // DestinationRule. - Subset string `protobuf:"bytes,2,opt,name=subset,proto3" json:"subset,omitempty"` - // Specifies the port on the host that is being addressed. If a service - // exposes only a single port it is not required to explicitly select the - // port. - Port *PortSelector `protobuf:"bytes,3,opt,name=port,proto3" json:"port,omitempty"` -} - -func (x *Destination) Reset() { - *x = Destination{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Destination) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Destination) ProtoMessage() {} - -func (x *Destination) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Destination.ProtoReflect.Descriptor instead. -func (*Destination) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{1} -} - -func (x *Destination) GetHost() string { - if x != nil { - return x.Host - } - return "" -} - -func (x *Destination) GetSubset() string { - if x != nil { - return x.Subset - } - return "" -} - -func (x *Destination) GetPort() *PortSelector { - if x != nil { - return x.Port - } - return nil -} - -// Describes match conditions and actions for routing HTTP/1.1, HTTP2, and -// gRPC traffic. See VirtualService for usage examples. -type HTTPRoute struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The name assigned to the route for debugging purposes. The - // route's name will be concatenated with the match's name and will - // be logged in the access logs for requests matching this - // route/match. - Name string `protobuf:"bytes,17,opt,name=name,proto3" json:"name,omitempty"` - // Match conditions to be satisfied for the rule to be - // activated. All conditions inside a single match block have AND - // semantics, while the list of match blocks have OR semantics. The rule - // is matched if any one of the match blocks succeed. - Match []*HTTPMatchRequest `protobuf:"bytes,1,rep,name=match,proto3" json:"match,omitempty"` - // A HTTP rule can either return a direct_response, redirect or forward (default) traffic. - // The forwarding target can be one of several versions of a service (see - // glossary in beginning of document). Weights associated with the - // service version determine the proportion of traffic it receives. - Route []*HTTPRouteDestination `protobuf:"bytes,2,rep,name=route,proto3" json:"route,omitempty"` - // A HTTP rule can either return a direct_response, redirect or forward (default) traffic. - // If traffic passthrough option is specified in the rule, - // route/redirect will be ignored. The redirect primitive can be used to - // send a HTTP 301 redirect to a different URI or Authority. - Redirect *HTTPRedirect `protobuf:"bytes,3,opt,name=redirect,proto3" json:"redirect,omitempty"` - // A HTTP rule can either return a direct_response, redirect or forward (default) traffic. - // Direct Response is used to specify a fixed response that should - // be sent to clients. - // - // It can be set only when `Route` and `Redirect` are empty. - DirectResponse *HTTPDirectResponse `protobuf:"bytes,21,opt,name=direct_response,json=directResponse,proto3" json:"direct_response,omitempty"` - // Delegate is used to specify the particular VirtualService which - // can be used to define delegate HTTPRoute. - // - // It can be set only when `Route` and `Redirect` are empty, and the route - // rules of the delegate VirtualService will be merged with that in the - // current one. - // - // **NOTE**: - // - // 1. Only one level delegation is supported. - // 2. The delegate's HTTPMatchRequest must be a strict subset of the root's, - // otherwise there is a conflict and the HTTPRoute will not take effect. - Delegate *Delegate `protobuf:"bytes,20,opt,name=delegate,proto3" json:"delegate,omitempty"` - // Rewrite HTTP URIs and Authority headers. Rewrite cannot be used with - // Redirect primitive. Rewrite will be performed before forwarding. - Rewrite *HTTPRewrite `protobuf:"bytes,4,opt,name=rewrite,proto3" json:"rewrite,omitempty"` - // Timeout for HTTP requests, default is disabled. - Timeout *duration.Duration `protobuf:"bytes,6,opt,name=timeout,proto3" json:"timeout,omitempty"` - // Retry policy for HTTP requests. - Retries *HTTPRetry `protobuf:"bytes,7,opt,name=retries,proto3" json:"retries,omitempty"` - // Fault injection policy to apply on HTTP traffic at the client side. - // Note that timeouts or retries will not be enabled when faults are - // enabled on the client side. - Fault *HTTPFaultInjection `protobuf:"bytes,8,opt,name=fault,proto3" json:"fault,omitempty"` - // Mirror HTTP traffic to a another destination in addition to forwarding - // the requests to the intended destination. Mirrored traffic is on a - // best effort basis where the sidecar/gateway will not wait for the - // mirrored cluster to respond before returning the response from the - // original destination. Statistics will be generated for the mirrored - // destination. - Mirror *Destination `protobuf:"bytes,9,opt,name=mirror,proto3" json:"mirror,omitempty"` - // Specifies the destinations to mirror HTTP traffic in addition - // to the original destination. Mirrored traffic is on a - // best effort basis where the sidecar/gateway will not wait for the - // mirrored destinations to respond before returning the response from the - // original destination. Statistics will be generated for the mirrored - // destination. - Mirrors []*HTTPMirrorPolicy `protobuf:"bytes,22,rep,name=mirrors,proto3" json:"mirrors,omitempty"` - // Percentage of the traffic to be mirrored by the `mirror` field. - // Use of integer `mirror_percent` value is deprecated. Use the - // double `mirror_percentage` field instead - // $hide_from_docs - // +kubebuilder:altName=mirror_percent - // - // Deprecated: Marked as deprecated in networking/v1beta1/virtual_service.proto. - MirrorPercent *wrappers.UInt32Value `protobuf:"bytes,18,opt,name=mirror_percent,json=mirrorPercent,proto3" json:"mirror_percent,omitempty"` - // Percentage of the traffic to be mirrored by the `mirror` field. - // If this field is absent, all the traffic (100%) will be mirrored. - // Max value is 100. - MirrorPercentage *Percent `protobuf:"bytes,19,opt,name=mirror_percentage,json=mirrorPercentage,proto3" json:"mirror_percentage,omitempty"` - // Cross-Origin Resource Sharing policy (CORS). Refer to - // [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) - // for further details about cross origin resource sharing. - CorsPolicy *CorsPolicy `protobuf:"bytes,10,opt,name=cors_policy,json=corsPolicy,proto3" json:"cors_policy,omitempty"` - // Header manipulation rules - Headers *Headers `protobuf:"bytes,16,opt,name=headers,proto3" json:"headers,omitempty"` -} - -func (x *HTTPRoute) Reset() { - *x = HTTPRoute{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *HTTPRoute) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*HTTPRoute) ProtoMessage() {} - -func (x *HTTPRoute) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use HTTPRoute.ProtoReflect.Descriptor instead. -func (*HTTPRoute) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{2} -} - -func (x *HTTPRoute) GetName() string { - if x != nil { - return x.Name - } - return "" -} - -func (x *HTTPRoute) GetMatch() []*HTTPMatchRequest { - if x != nil { - return x.Match - } - return nil -} - -func (x *HTTPRoute) GetRoute() []*HTTPRouteDestination { - if x != nil { - return x.Route - } - return nil -} - -func (x *HTTPRoute) GetRedirect() *HTTPRedirect { - if x != nil { - return x.Redirect - } - return nil -} - -func (x *HTTPRoute) GetDirectResponse() *HTTPDirectResponse { - if x != nil { - return x.DirectResponse - } - return nil -} - -func (x *HTTPRoute) GetDelegate() *Delegate { - if x != nil { - return x.Delegate - } - return nil -} - -func (x *HTTPRoute) GetRewrite() *HTTPRewrite { - if x != nil { - return x.Rewrite - } - return nil -} - -func (x *HTTPRoute) GetTimeout() *duration.Duration { - if x != nil { - return x.Timeout - } - return nil -} - -func (x *HTTPRoute) GetRetries() *HTTPRetry { - if x != nil { - return x.Retries - } - return nil -} - -func (x *HTTPRoute) GetFault() *HTTPFaultInjection { - if x != nil { - return x.Fault - } - return nil -} - -func (x *HTTPRoute) GetMirror() *Destination { - if x != nil { - return x.Mirror - } - return nil -} - -func (x *HTTPRoute) GetMirrors() []*HTTPMirrorPolicy { - if x != nil { - return x.Mirrors - } - return nil -} - -// Deprecated: Marked as deprecated in networking/v1beta1/virtual_service.proto. -func (x *HTTPRoute) GetMirrorPercent() *wrappers.UInt32Value { - if x != nil { - return x.MirrorPercent - } - return nil -} - -func (x *HTTPRoute) GetMirrorPercentage() *Percent { - if x != nil { - return x.MirrorPercentage - } - return nil -} - -func (x *HTTPRoute) GetCorsPolicy() *CorsPolicy { - if x != nil { - return x.CorsPolicy - } - return nil -} - -func (x *HTTPRoute) GetHeaders() *Headers { - if x != nil { - return x.Headers - } - return nil -} - -// Describes the delegate VirtualService. -// The following routing rules forward the traffic to `/productpage` by a delegate VirtualService named `productpage`, -// forward the traffic to `/reviews` by a delegate VirtualService named `reviews`. -// -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// -// name: bookinfo -// -// spec: -// -// hosts: -// - "bookinfo.com" -// gateways: -// - mygateway -// http: -// - match: -// - uri: -// prefix: "/productpage" -// delegate: -// name: productpage -// namespace: nsA -// - match: -// - uri: -// prefix: "/reviews" -// delegate: -// name: reviews -// namespace: nsB -// -// ``` -// -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// -// name: productpage -// namespace: nsA -// -// spec: -// -// http: -// - match: -// - uri: -// prefix: "/productpage/v1/" -// route: -// - destination: -// host: productpage-v1.nsA.svc.cluster.local -// - route: -// - destination: -// host: productpage.nsA.svc.cluster.local -// -// ``` -// -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// -// name: reviews -// namespace: nsB -// -// spec: -// -// http: -// - route: -// - destination: -// host: reviews.nsB.svc.cluster.local -// -// ``` -type Delegate struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Name specifies the name of the delegate VirtualService. - Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` - // Namespace specifies the namespace where the delegate VirtualService resides. - // By default, it is same to the root's. - Namespace string `protobuf:"bytes,2,opt,name=namespace,proto3" json:"namespace,omitempty"` -} - -func (x *Delegate) Reset() { - *x = Delegate{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Delegate) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Delegate) ProtoMessage() {} - -func (x *Delegate) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Delegate.ProtoReflect.Descriptor instead. -func (*Delegate) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{3} -} - -func (x *Delegate) GetName() string { - if x != nil { - return x.Name - } - return "" -} - -func (x *Delegate) GetNamespace() string { - if x != nil { - return x.Namespace - } - return "" -} - -// Message headers can be manipulated when Envoy forwards requests to, -// or responses from, a destination service. Header manipulation rules can -// be specified for a specific route destination or for all destinations. -// The following VirtualService adds a `test` header with the value `true` -// to requests that are routed to any `reviews` service destination. -// It also removes the `foo` response header, but only from responses -// coming from the `v1` subset (version) of the `reviews` service. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// -// name: reviews-route -// -// spec: -// -// hosts: -// - reviews.prod.svc.cluster.local -// http: -// - headers: -// request: -// set: -// test: "true" -// route: -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v2 -// weight: 25 -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v1 -// headers: -// response: -// remove: -// - foo -// weight: 75 -// -// ``` -type Headers struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Header manipulation rules to apply before forwarding a request - // to the destination service - Request *Headers_HeaderOperations `protobuf:"bytes,1,opt,name=request,proto3" json:"request,omitempty"` - // Header manipulation rules to apply before returning a response - // to the caller - Response *Headers_HeaderOperations `protobuf:"bytes,2,opt,name=response,proto3" json:"response,omitempty"` -} - -func (x *Headers) Reset() { - *x = Headers{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Headers) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Headers) ProtoMessage() {} - -func (x *Headers) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Headers.ProtoReflect.Descriptor instead. -func (*Headers) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{4} -} - -func (x *Headers) GetRequest() *Headers_HeaderOperations { - if x != nil { - return x.Request - } - return nil -} - -func (x *Headers) GetResponse() *Headers_HeaderOperations { - if x != nil { - return x.Response - } - return nil -} - -// Describes match conditions and actions for routing unterminated TLS -// traffic (TLS/HTTPS) The following routing rule forwards unterminated TLS -// traffic arriving at port 443 of gateway called "mygateway" to internal -// services in the mesh based on the SNI value. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// -// name: bookinfo-sni -// -// spec: -// -// hosts: -// - "*.bookinfo.com" -// gateways: -// - mygateway -// tls: -// - match: -// - port: 443 -// sniHosts: -// - login.bookinfo.com -// route: -// - destination: -// host: login.prod.svc.cluster.local -// - match: -// - port: 443 -// sniHosts: -// - reviews.bookinfo.com -// route: -// - destination: -// host: reviews.prod.svc.cluster.local -// -// ``` -type TLSRoute struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Match conditions to be satisfied for the rule to be - // activated. All conditions inside a single match block have AND - // semantics, while the list of match blocks have OR semantics. The rule - // is matched if any one of the match blocks succeed. - Match []*TLSMatchAttributes `protobuf:"bytes,1,rep,name=match,proto3" json:"match,omitempty"` - // The destination to which the connection should be forwarded to. - Route []*RouteDestination `protobuf:"bytes,2,rep,name=route,proto3" json:"route,omitempty"` -} - -func (x *TLSRoute) Reset() { - *x = TLSRoute{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *TLSRoute) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*TLSRoute) ProtoMessage() {} - -func (x *TLSRoute) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use TLSRoute.ProtoReflect.Descriptor instead. -func (*TLSRoute) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{5} -} - -func (x *TLSRoute) GetMatch() []*TLSMatchAttributes { - if x != nil { - return x.Match - } - return nil -} - -func (x *TLSRoute) GetRoute() []*RouteDestination { - if x != nil { - return x.Route - } - return nil -} - -// Describes match conditions and actions for routing TCP traffic. The -// following routing rule forwards traffic arriving at port 27017 for -// mongo.prod.svc.cluster.local to another Mongo server on port 5555. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// -// name: bookinfo-mongo -// -// spec: -// -// hosts: -// - mongo.prod.svc.cluster.local -// tcp: -// - match: -// - port: 27017 -// route: -// - destination: -// host: mongo.backup.svc.cluster.local -// port: -// number: 5555 -// -// ``` -type TCPRoute struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Match conditions to be satisfied for the rule to be - // activated. All conditions inside a single match block have AND - // semantics, while the list of match blocks have OR semantics. The rule - // is matched if any one of the match blocks succeed. - Match []*L4MatchAttributes `protobuf:"bytes,1,rep,name=match,proto3" json:"match,omitempty"` - // The destination to which the connection should be forwarded to. - Route []*RouteDestination `protobuf:"bytes,2,rep,name=route,proto3" json:"route,omitempty"` -} - -func (x *TCPRoute) Reset() { - *x = TCPRoute{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *TCPRoute) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*TCPRoute) ProtoMessage() {} - -func (x *TCPRoute) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[6] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use TCPRoute.ProtoReflect.Descriptor instead. -func (*TCPRoute) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{6} -} - -func (x *TCPRoute) GetMatch() []*L4MatchAttributes { - if x != nil { - return x.Match - } - return nil -} - -func (x *TCPRoute) GetRoute() []*RouteDestination { - if x != nil { - return x.Route - } - return nil -} - -// HttpMatchRequest specifies a set of criteria to be met in order for the -// rule to be applied to the HTTP request. For example, the following -// restricts the rule to match only requests where the URL path -// starts with /ratings/v2/ and the request contains a custom `end-user` header -// with value `jason`. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// -// name: ratings-route -// -// spec: -// -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - headers: -// end-user: -// exact: jason -// uri: -// prefix: "/ratings/v2/" -// ignoreUriCase: true -// route: -// - destination: -// host: ratings.prod.svc.cluster.local -// -// ``` -// -// HTTPMatchRequest CANNOT be empty. -// **Note:** -// 1. If a root VirtualService have matched any property (path, header etc.) by regex, delegate VirtualServices should not have any other matches on the same property. -// 2. If a delegate VirtualService have matched any property (path, header etc.) by regex, root VirtualServices should not have any other matches on the same property. -type HTTPMatchRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The name assigned to a match. The match's name will be - // concatenated with the parent route's name and will be logged in - // the access logs for requests matching this route. - Name string `protobuf:"bytes,11,opt,name=name,proto3" json:"name,omitempty"` - // URI to match - // values are case-sensitive and formatted as follows: - // - // - `exact: "value"` for exact string match - // - // - `prefix: "value"` for prefix-based match - // - // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - // - // **Note:** Case-insensitive matching could be enabled via the - // `ignoreUriCase` flag. - Uri *StringMatch `protobuf:"bytes,1,opt,name=uri,proto3" json:"uri,omitempty"` - // URI Scheme - // values are case-sensitive and formatted as follows: - // - // - `exact: "value"` for exact string match - // - // - `prefix: "value"` for prefix-based match - // - // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - Scheme *StringMatch `protobuf:"bytes,2,opt,name=scheme,proto3" json:"scheme,omitempty"` - // HTTP Method - // values are case-sensitive and formatted as follows: - // - // - `exact: "value"` for exact string match - // - // - `prefix: "value"` for prefix-based match - // - // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - Method *StringMatch `protobuf:"bytes,3,opt,name=method,proto3" json:"method,omitempty"` - // HTTP Authority - // values are case-sensitive and formatted as follows: - // - // - `exact: "value"` for exact string match - // - // - `prefix: "value"` for prefix-based match - // - // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - Authority *StringMatch `protobuf:"bytes,4,opt,name=authority,proto3" json:"authority,omitempty"` - // The header keys must be lowercase and use hyphen as the separator, - // e.g. _x-request-id_. - // - // Header values are case-sensitive and formatted as follows: - // - // - `exact: "value"` for exact string match - // - // - `prefix: "value"` for prefix-based match - // - // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - // - // If the value is empty and only the name of header is specified, presence of the header is checked. - // To provide an empty value, use `{}`, for example: - // - // ``` - // - match: - // - headers: - // myheader: {} - // - // ``` - // **Note:** The keys `uri`, `scheme`, `method`, and `authority` will be ignored. - Headers map[string]*StringMatch `protobuf:"bytes,5,rep,name=headers,proto3" json:"headers,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - // Specifies the ports on the host that is being addressed. Many services - // only expose a single port or label ports with the protocols they support, - // in these cases it is not required to explicitly select the port. - Port uint32 `protobuf:"varint,6,opt,name=port,proto3" json:"port,omitempty"` - // One or more labels that constrain the applicability of a rule to source (client) workloads - // with the given labels. If the VirtualService has a list of gateways specified - // in the top-level `gateways` field, it must include the reserved gateway - // `mesh` for this field to be applicable. - SourceLabels map[string]string `protobuf:"bytes,7,rep,name=source_labels,json=sourceLabels,proto3" json:"source_labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - // Names of gateways where the rule should be applied. Gateway names - // in the top-level `gateways` field of the VirtualService (if any) are overridden. The gateway - // match is independent of sourceLabels. - Gateways []string `protobuf:"bytes,8,rep,name=gateways,proto3" json:"gateways,omitempty"` - // Query parameters for matching. - // - // Ex: - // - // - For a query parameter like "?key=true", the map key would be "key" and - // the string match could be defined as `exact: "true"`. - // - // - For a query parameter like "?key", the map key would be "key" and the - // string match could be defined as `exact: ""`. - // - // - For a query parameter like "?key=abc" or "?key=abx", the map key would be "key" and the - // string match could be defined as `prefix: "ab"`. - // - // - For a query parameter like "?key=123", the map key would be "key" and the - // string match could be defined as `regex: "\d+$"`. Note that this - // configuration will only match values like "123" but not "a123" or "123a". - QueryParams map[string]*StringMatch `protobuf:"bytes,9,rep,name=query_params,json=queryParams,proto3" json:"query_params,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - // Flag to specify whether the URI matching should be case-insensitive. - // - // **Note:** The case will be ignored only in the case of `exact` and `prefix` - // URI matches. - IgnoreUriCase bool `protobuf:"varint,10,opt,name=ignore_uri_case,json=ignoreUriCase,proto3" json:"ignore_uri_case,omitempty"` - // withoutHeader has the same syntax with the header, but has opposite meaning. - // If a header is matched with a matching rule among withoutHeader, the traffic becomes not matched one. - WithoutHeaders map[string]*StringMatch `protobuf:"bytes,12,rep,name=without_headers,json=withoutHeaders,proto3" json:"without_headers,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - // Source namespace constraining the applicability of a rule to workloads in that namespace. - // If the VirtualService has a list of gateways specified in the top-level `gateways` field, - // it must include the reserved gateway `mesh` for this field to be applicable. - SourceNamespace string `protobuf:"bytes,13,opt,name=source_namespace,json=sourceNamespace,proto3" json:"source_namespace,omitempty"` - // The human readable prefix to use when emitting statistics for this route. - // The statistics are generated with prefix route.. - // This should be set for highly critical routes that one wishes to get "per-route" statistics on. - // This prefix is only for proxy-level statistics (envoy_*) and not service-level (istio_*) statistics. - // Refer to https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-route-stat-prefix - // for statistics that are generated when this is configured. - StatPrefix string `protobuf:"bytes,14,opt,name=stat_prefix,json=statPrefix,proto3" json:"stat_prefix,omitempty"` -} - -func (x *HTTPMatchRequest) Reset() { - *x = HTTPMatchRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[7] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *HTTPMatchRequest) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*HTTPMatchRequest) ProtoMessage() {} - -func (x *HTTPMatchRequest) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[7] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use HTTPMatchRequest.ProtoReflect.Descriptor instead. -func (*HTTPMatchRequest) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{7} -} - -func (x *HTTPMatchRequest) GetName() string { - if x != nil { - return x.Name - } - return "" -} - -func (x *HTTPMatchRequest) GetUri() *StringMatch { - if x != nil { - return x.Uri - } - return nil -} - -func (x *HTTPMatchRequest) GetScheme() *StringMatch { - if x != nil { - return x.Scheme - } - return nil -} - -func (x *HTTPMatchRequest) GetMethod() *StringMatch { - if x != nil { - return x.Method - } - return nil -} - -func (x *HTTPMatchRequest) GetAuthority() *StringMatch { - if x != nil { - return x.Authority - } - return nil -} - -func (x *HTTPMatchRequest) GetHeaders() map[string]*StringMatch { - if x != nil { - return x.Headers - } - return nil -} - -func (x *HTTPMatchRequest) GetPort() uint32 { - if x != nil { - return x.Port - } - return 0 -} - -func (x *HTTPMatchRequest) GetSourceLabels() map[string]string { - if x != nil { - return x.SourceLabels - } - return nil -} - -func (x *HTTPMatchRequest) GetGateways() []string { - if x != nil { - return x.Gateways - } - return nil -} - -func (x *HTTPMatchRequest) GetQueryParams() map[string]*StringMatch { - if x != nil { - return x.QueryParams - } - return nil -} - -func (x *HTTPMatchRequest) GetIgnoreUriCase() bool { - if x != nil { - return x.IgnoreUriCase - } - return false -} - -func (x *HTTPMatchRequest) GetWithoutHeaders() map[string]*StringMatch { - if x != nil { - return x.WithoutHeaders - } - return nil -} - -func (x *HTTPMatchRequest) GetSourceNamespace() string { - if x != nil { - return x.SourceNamespace - } - return "" -} - -func (x *HTTPMatchRequest) GetStatPrefix() string { - if x != nil { - return x.StatPrefix - } - return "" -} - -// Each routing rule is associated with one or more service versions (see -// glossary in beginning of document). Weights associated with the version -// determine the proportion of traffic it receives. For example, the -// following rule will route 25% of traffic for the "reviews" service to -// instances with the "v2" tag and the remaining traffic (i.e., 75%) to -// "v1". -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// -// name: reviews-route -// -// spec: -// -// hosts: -// - reviews.prod.svc.cluster.local -// http: -// - route: -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v2 -// weight: 25 -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v1 -// weight: 75 -// -// ``` -// -// # And the associated DestinationRule -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// -// name: reviews-destination -// -// spec: -// -// host: reviews.prod.svc.cluster.local -// subsets: -// - name: v1 -// labels: -// version: v1 -// - name: v2 -// labels: -// version: v2 -// -// ``` -// -// Traffic can also be split across two entirely different services without -// having to define new subsets. For example, the following rule forwards 25% of -// traffic to reviews.com to dev.reviews.com -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// -// name: reviews-route-two-domains -// -// spec: -// -// hosts: -// - reviews.com -// http: -// - route: -// - destination: -// host: dev.reviews.com -// weight: 25 -// - destination: -// host: reviews.com -// weight: 75 -// -// ``` -type HTTPRouteDestination struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Destination uniquely identifies the instances of a service - // to which the request/connection should be forwarded to. - Destination *Destination `protobuf:"bytes,1,opt,name=destination,proto3" json:"destination,omitempty"` - // Weight specifies the relative proportion of traffic to be forwarded to the destination. A destination will receive `weight/(sum of all weights)` requests. - // If there is only one destination in a rule, it will receive all traffic. - // Otherwise, if weight is `0`, the destination will not receive any traffic. - Weight int32 `protobuf:"varint,2,opt,name=weight,proto3" json:"weight,omitempty"` - // Header manipulation rules - Headers *Headers `protobuf:"bytes,7,opt,name=headers,proto3" json:"headers,omitempty"` -} - -func (x *HTTPRouteDestination) Reset() { - *x = HTTPRouteDestination{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[8] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *HTTPRouteDestination) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*HTTPRouteDestination) ProtoMessage() {} - -func (x *HTTPRouteDestination) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[8] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use HTTPRouteDestination.ProtoReflect.Descriptor instead. -func (*HTTPRouteDestination) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{8} -} - -func (x *HTTPRouteDestination) GetDestination() *Destination { - if x != nil { - return x.Destination - } - return nil -} - -func (x *HTTPRouteDestination) GetWeight() int32 { - if x != nil { - return x.Weight - } - return 0 -} - -func (x *HTTPRouteDestination) GetHeaders() *Headers { - if x != nil { - return x.Headers - } - return nil -} - -// L4 routing rule weighted destination. -type RouteDestination struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Destination uniquely identifies the instances of a service - // to which the request/connection should be forwarded to. - Destination *Destination `protobuf:"bytes,1,opt,name=destination,proto3" json:"destination,omitempty"` - // Weight specifies the relative proportion of traffic to be forwarded to the destination. A destination will receive `weight/(sum of all weights)` requests. - // If there is only one destination in a rule, it will receive all traffic. - // Otherwise, if weight is `0`, the destination will not receive any traffic. - Weight int32 `protobuf:"varint,2,opt,name=weight,proto3" json:"weight,omitempty"` -} - -func (x *RouteDestination) Reset() { - *x = RouteDestination{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[9] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *RouteDestination) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*RouteDestination) ProtoMessage() {} - -func (x *RouteDestination) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[9] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use RouteDestination.ProtoReflect.Descriptor instead. -func (*RouteDestination) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{9} -} - -func (x *RouteDestination) GetDestination() *Destination { - if x != nil { - return x.Destination - } - return nil -} - -func (x *RouteDestination) GetWeight() int32 { - if x != nil { - return x.Weight - } - return 0 -} - -// L4 connection match attributes. Note that L4 connection matching support -// is incomplete. -type L4MatchAttributes struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // IPv4 or IPv6 ip addresses of destination with optional subnet. E.g., - // a.b.c.d/xx form or just a.b.c.d. - DestinationSubnets []string `protobuf:"bytes,1,rep,name=destination_subnets,json=destinationSubnets,proto3" json:"destination_subnets,omitempty"` - // Specifies the port on the host that is being addressed. Many services - // only expose a single port or label ports with the protocols they support, - // in these cases it is not required to explicitly select the port. - Port uint32 `protobuf:"varint,2,opt,name=port,proto3" json:"port,omitempty"` - // IPv4 or IPv6 ip address of source with optional subnet. E.g., a.b.c.d/xx - // form or just a.b.c.d - // $hide_from_docs - SourceSubnet string `protobuf:"bytes,3,opt,name=source_subnet,json=sourceSubnet,proto3" json:"source_subnet,omitempty"` - // One or more labels that constrain the applicability of a rule to - // workloads with the given labels. If the VirtualService has a list of - // gateways specified in the top-level `gateways` field, it should include the reserved gateway - // `mesh` in order for this field to be applicable. - SourceLabels map[string]string `protobuf:"bytes,4,rep,name=source_labels,json=sourceLabels,proto3" json:"source_labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - // Names of gateways where the rule should be applied. Gateway names - // in the top-level `gateways` field of the VirtualService (if any) are overridden. The gateway - // match is independent of sourceLabels. - Gateways []string `protobuf:"bytes,5,rep,name=gateways,proto3" json:"gateways,omitempty"` - // Source namespace constraining the applicability of a rule to workloads in that namespace. - // If the VirtualService has a list of gateways specified in the top-level `gateways` field, - // it must include the reserved gateway `mesh` for this field to be applicable. - SourceNamespace string `protobuf:"bytes,6,opt,name=source_namespace,json=sourceNamespace,proto3" json:"source_namespace,omitempty"` -} - -func (x *L4MatchAttributes) Reset() { - *x = L4MatchAttributes{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[10] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *L4MatchAttributes) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*L4MatchAttributes) ProtoMessage() {} - -func (x *L4MatchAttributes) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[10] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use L4MatchAttributes.ProtoReflect.Descriptor instead. -func (*L4MatchAttributes) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{10} -} - -func (x *L4MatchAttributes) GetDestinationSubnets() []string { - if x != nil { - return x.DestinationSubnets - } - return nil -} - -func (x *L4MatchAttributes) GetPort() uint32 { - if x != nil { - return x.Port - } - return 0 -} - -func (x *L4MatchAttributes) GetSourceSubnet() string { - if x != nil { - return x.SourceSubnet - } - return "" -} - -func (x *L4MatchAttributes) GetSourceLabels() map[string]string { - if x != nil { - return x.SourceLabels - } - return nil -} - -func (x *L4MatchAttributes) GetGateways() []string { - if x != nil { - return x.Gateways - } - return nil -} - -func (x *L4MatchAttributes) GetSourceNamespace() string { - if x != nil { - return x.SourceNamespace - } - return "" -} - -// TLS connection match attributes. -type TLSMatchAttributes struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // SNI (server name indicator) to match on. Wildcard prefixes - // can be used in the SNI value, e.g., *.com will match foo.example.com - // as well as example.com. An SNI value must be a subset (i.e., fall - // within the domain) of the corresponding virtual service's hosts. - SniHosts []string `protobuf:"bytes,1,rep,name=sni_hosts,json=sniHosts,proto3" json:"sni_hosts,omitempty"` - // IPv4 or IPv6 ip addresses of destination with optional subnet. E.g., - // a.b.c.d/xx form or just a.b.c.d. - DestinationSubnets []string `protobuf:"bytes,2,rep,name=destination_subnets,json=destinationSubnets,proto3" json:"destination_subnets,omitempty"` - // Specifies the port on the host that is being addressed. Many services - // only expose a single port or label ports with the protocols they - // support, in these cases it is not required to explicitly select the - // port. - Port uint32 `protobuf:"varint,3,opt,name=port,proto3" json:"port,omitempty"` - // One or more labels that constrain the applicability of a rule to - // workloads with the given labels. If the VirtualService has a list of - // gateways specified in the top-level `gateways` field, it should include the reserved gateway - // `mesh` in order for this field to be applicable. - SourceLabels map[string]string `protobuf:"bytes,5,rep,name=source_labels,json=sourceLabels,proto3" json:"source_labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - // Names of gateways where the rule should be applied. Gateway names - // in the top-level `gateways` field of the VirtualService (if any) are overridden. The gateway - // match is independent of sourceLabels. - Gateways []string `protobuf:"bytes,6,rep,name=gateways,proto3" json:"gateways,omitempty"` - // Source namespace constraining the applicability of a rule to workloads in that namespace. - // If the VirtualService has a list of gateways specified in the top-level `gateways` field, - // it must include the reserved gateway `mesh` for this field to be applicable. - SourceNamespace string `protobuf:"bytes,7,opt,name=source_namespace,json=sourceNamespace,proto3" json:"source_namespace,omitempty"` -} - -func (x *TLSMatchAttributes) Reset() { - *x = TLSMatchAttributes{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[11] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *TLSMatchAttributes) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*TLSMatchAttributes) ProtoMessage() {} - -func (x *TLSMatchAttributes) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[11] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use TLSMatchAttributes.ProtoReflect.Descriptor instead. -func (*TLSMatchAttributes) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{11} -} - -func (x *TLSMatchAttributes) GetSniHosts() []string { - if x != nil { - return x.SniHosts - } - return nil -} - -func (x *TLSMatchAttributes) GetDestinationSubnets() []string { - if x != nil { - return x.DestinationSubnets - } - return nil -} - -func (x *TLSMatchAttributes) GetPort() uint32 { - if x != nil { - return x.Port - } - return 0 -} - -func (x *TLSMatchAttributes) GetSourceLabels() map[string]string { - if x != nil { - return x.SourceLabels - } - return nil -} - -func (x *TLSMatchAttributes) GetGateways() []string { - if x != nil { - return x.Gateways - } - return nil -} - -func (x *TLSMatchAttributes) GetSourceNamespace() string { - if x != nil { - return x.SourceNamespace - } - return "" -} - -// HTTPRedirect can be used to send a 301 redirect response to the caller, -// where the Authority/Host and the URI in the response can be swapped with -// the specified values. For example, the following rule redirects -// requests for /v1/getProductRatings API on the ratings service to -// /v1/bookRatings provided by the bookratings service. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// -// name: ratings-route -// -// spec: -// -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - uri: -// exact: /v1/getProductRatings -// redirect: -// uri: /v1/bookRatings -// authority: newratings.default.svc.cluster.local -// ... -// -// ``` -type HTTPRedirect struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // On a redirect, overwrite the Path portion of the URL with this - // value. Note that the entire path will be replaced, irrespective of the - // request URI being matched as an exact path or prefix. - Uri string `protobuf:"bytes,1,opt,name=uri,proto3" json:"uri,omitempty"` - // On a redirect, overwrite the Authority/Host portion of the URL with - // this value. - Authority string `protobuf:"bytes,2,opt,name=authority,proto3" json:"authority,omitempty"` - // Types that are assignable to RedirectPort: - // - // *HTTPRedirect_Port - // *HTTPRedirect_DerivePort - RedirectPort isHTTPRedirect_RedirectPort `protobuf_oneof:"redirect_port"` - // On a redirect, overwrite the scheme portion of the URL with this value. - // For example, `http` or `https`. - // If unset, the original scheme will be used. - // If `derivePort` is set to `FROM_PROTOCOL_DEFAULT`, this will impact the port used as well - Scheme string `protobuf:"bytes,6,opt,name=scheme,proto3" json:"scheme,omitempty"` - // On a redirect, Specifies the HTTP status code to use in the redirect - // response. The default response code is MOVED_PERMANENTLY (301). - RedirectCode uint32 `protobuf:"varint,3,opt,name=redirect_code,json=redirectCode,proto3" json:"redirect_code,omitempty"` -} - -func (x *HTTPRedirect) Reset() { - *x = HTTPRedirect{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[12] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *HTTPRedirect) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*HTTPRedirect) ProtoMessage() {} - -func (x *HTTPRedirect) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[12] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use HTTPRedirect.ProtoReflect.Descriptor instead. -func (*HTTPRedirect) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{12} -} - -func (x *HTTPRedirect) GetUri() string { - if x != nil { - return x.Uri - } - return "" -} - -func (x *HTTPRedirect) GetAuthority() string { - if x != nil { - return x.Authority - } - return "" -} - -func (m *HTTPRedirect) GetRedirectPort() isHTTPRedirect_RedirectPort { - if m != nil { - return m.RedirectPort - } - return nil -} - -func (x *HTTPRedirect) GetPort() uint32 { - if x, ok := x.GetRedirectPort().(*HTTPRedirect_Port); ok { - return x.Port - } - return 0 -} - -func (x *HTTPRedirect) GetDerivePort() HTTPRedirect_RedirectPortSelection { - if x, ok := x.GetRedirectPort().(*HTTPRedirect_DerivePort); ok { - return x.DerivePort - } - return HTTPRedirect_FROM_PROTOCOL_DEFAULT -} - -func (x *HTTPRedirect) GetScheme() string { - if x != nil { - return x.Scheme - } - return "" -} - -func (x *HTTPRedirect) GetRedirectCode() uint32 { - if x != nil { - return x.RedirectCode - } - return 0 -} - -type isHTTPRedirect_RedirectPort interface { - isHTTPRedirect_RedirectPort() -} - -type HTTPRedirect_Port struct { - // On a redirect, overwrite the port portion of the URL with this value. - Port uint32 `protobuf:"varint,4,opt,name=port,proto3,oneof"` -} - -type HTTPRedirect_DerivePort struct { - // On a redirect, dynamically set the port: - // * FROM_PROTOCOL_DEFAULT: automatically set to 80 for HTTP and 443 for HTTPS. - // * FROM_REQUEST_PORT: automatically use the port of the request. - DerivePort HTTPRedirect_RedirectPortSelection `protobuf:"varint,5,opt,name=derive_port,json=derivePort,proto3,enum=istio.networking.v1beta1.HTTPRedirect_RedirectPortSelection,oneof"` -} - -func (*HTTPRedirect_Port) isHTTPRedirect_RedirectPort() {} - -func (*HTTPRedirect_DerivePort) isHTTPRedirect_RedirectPort() {} - -// HTTPDirectResponse can be used to send a fixed response to clients. -// For example, the following rule returns a fixed 503 status with a body -// to requests for /v1/getProductRatings API. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// -// name: ratings-route -// -// spec: -// -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - uri: -// exact: /v1/getProductRatings -// directResponse: -// status: 503 -// body: -// string: "unknown error" -// ... -// -// ``` -// -// It is also possible to specify a binary response body. -// This is mostly useful for non text-based protocols such as gRPC. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// -// name: ratings-route -// -// spec: -// -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - uri: -// exact: /v1/getProductRatings -// directResponse: -// status: 503 -// body: -// bytes: "dW5rbm93biBlcnJvcg==" # "unknown error" in base64 -// ... -// -// ``` -// -// It is good practice to add headers in the HTTPRoute -// as well as the direct_response, for example to specify -// the returned Content-Type. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// -// name: ratings-route -// -// spec: -// -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - uri: -// exact: /v1/getProductRatings -// directResponse: -// status: 503 -// body: -// string: "{\"error\": \"unknown error\"}" -// headers: -// response: -// set: -// content-type: "text/plain" -// ... -// -// ``` -type HTTPDirectResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Specifies the HTTP response status to be returned. - Status uint32 `protobuf:"varint,1,opt,name=status,proto3" json:"status,omitempty"` - // Specifies the content of the response body. If this setting is omitted, - // no body is included in the generated response. - Body *HTTPBody `protobuf:"bytes,2,opt,name=body,proto3" json:"body,omitempty"` -} - -func (x *HTTPDirectResponse) Reset() { - *x = HTTPDirectResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[13] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *HTTPDirectResponse) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*HTTPDirectResponse) ProtoMessage() {} - -func (x *HTTPDirectResponse) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[13] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use HTTPDirectResponse.ProtoReflect.Descriptor instead. -func (*HTTPDirectResponse) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{13} -} - -func (x *HTTPDirectResponse) GetStatus() uint32 { - if x != nil { - return x.Status - } - return 0 -} - -func (x *HTTPDirectResponse) GetBody() *HTTPBody { - if x != nil { - return x.Body - } - return nil -} - -type HTTPBody struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Types that are assignable to Specifier: - // - // *HTTPBody_String_ - // *HTTPBody_Bytes - Specifier isHTTPBody_Specifier `protobuf_oneof:"specifier"` -} - -func (x *HTTPBody) Reset() { - *x = HTTPBody{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[14] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *HTTPBody) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*HTTPBody) ProtoMessage() {} - -func (x *HTTPBody) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[14] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use HTTPBody.ProtoReflect.Descriptor instead. -func (*HTTPBody) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{14} -} - -func (m *HTTPBody) GetSpecifier() isHTTPBody_Specifier { - if m != nil { - return m.Specifier - } - return nil -} - -func (x *HTTPBody) GetString_() string { - if x, ok := x.GetSpecifier().(*HTTPBody_String_); ok { - return x.String_ - } - return "" -} - -func (x *HTTPBody) GetBytes() []byte { - if x, ok := x.GetSpecifier().(*HTTPBody_Bytes); ok { - return x.Bytes - } - return nil -} - -type isHTTPBody_Specifier interface { - isHTTPBody_Specifier() -} - -type HTTPBody_String_ struct { - // response body as a string - String_ string `protobuf:"bytes,1,opt,name=string,proto3,oneof"` -} - -type HTTPBody_Bytes struct { - // response body as base64 encoded bytes. - Bytes []byte `protobuf:"bytes,2,opt,name=bytes,proto3,oneof"` -} - -func (*HTTPBody_String_) isHTTPBody_Specifier() {} - -func (*HTTPBody_Bytes) isHTTPBody_Specifier() {} - -// HTTPRewrite can be used to rewrite specific parts of a HTTP request -// before forwarding the request to the destination. Rewrite primitive can -// be used only with HTTPRouteDestination. The following example -// demonstrates how to rewrite the URL prefix for api call (/ratings) to -// ratings service before making the actual API call. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// -// name: ratings-route -// -// spec: -// -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - uri: -// prefix: /ratings -// rewrite: -// uri: /v1/bookRatings -// route: -// - destination: -// host: ratings.prod.svc.cluster.local -// subset: v1 -// -// ``` -type HTTPRewrite struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // rewrite the path (or the prefix) portion of the URI with this - // value. If the original URI was matched based on prefix, the value - // provided in this field will replace the corresponding matched prefix. - Uri string `protobuf:"bytes,1,opt,name=uri,proto3" json:"uri,omitempty"` - // rewrite the Authority/Host header with this value. - Authority string `protobuf:"bytes,2,opt,name=authority,proto3" json:"authority,omitempty"` - // rewrite the path portion of the URI with the specified regex. - UriRegexRewrite *RegexRewrite `protobuf:"bytes,3,opt,name=uri_regex_rewrite,json=uriRegexRewrite,proto3" json:"uri_regex_rewrite,omitempty"` -} - -func (x *HTTPRewrite) Reset() { - *x = HTTPRewrite{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[15] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *HTTPRewrite) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*HTTPRewrite) ProtoMessage() {} - -func (x *HTTPRewrite) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[15] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use HTTPRewrite.ProtoReflect.Descriptor instead. -func (*HTTPRewrite) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{15} -} - -func (x *HTTPRewrite) GetUri() string { - if x != nil { - return x.Uri - } - return "" -} - -func (x *HTTPRewrite) GetAuthority() string { - if x != nil { - return x.Authority - } - return "" -} - -func (x *HTTPRewrite) GetUriRegexRewrite() *RegexRewrite { - if x != nil { - return x.UriRegexRewrite - } - return nil -} - -type RegexRewrite struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - Match string `protobuf:"bytes,1,opt,name=match,proto3" json:"match,omitempty"` - // The string that should replace into matching portions of original URI. - // Capture groups in the pattern can be referenced in the new URI. - // Examples: - // - // Example 1: rewrite with capture groups - // Path pattern "/service/update/v1/api" with match "^/service/([^/]+)(/.*)$" and - // rewrite string of "/customprefix/\2/\1" would transform into "/customprefix/v1/api/update". - // - // Example 2: case insensitive rewrite - // Path pattern "/aaa/XxX/bbb" with match "(?i)/xxx/" and a rewrite string of /yyy/ would do a - // case-insensitive match and transform the path to "/aaa/yyy/bbb". - Rewrite string `protobuf:"bytes,2,opt,name=rewrite,proto3" json:"rewrite,omitempty"` -} - -func (x *RegexRewrite) Reset() { - *x = RegexRewrite{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[16] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *RegexRewrite) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*RegexRewrite) ProtoMessage() {} - -func (x *RegexRewrite) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[16] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use RegexRewrite.ProtoReflect.Descriptor instead. -func (*RegexRewrite) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{16} -} - -func (x *RegexRewrite) GetMatch() string { - if x != nil { - return x.Match - } - return "" -} - -func (x *RegexRewrite) GetRewrite() string { - if x != nil { - return x.Rewrite - } - return "" -} - -// Describes how to match a given string in HTTP headers. Match is -// case-sensitive. -type StringMatch struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Types that are assignable to MatchType: - // - // *StringMatch_Exact - // *StringMatch_Prefix - // *StringMatch_Regex - MatchType isStringMatch_MatchType `protobuf_oneof:"match_type"` -} - -func (x *StringMatch) Reset() { - *x = StringMatch{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[17] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *StringMatch) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*StringMatch) ProtoMessage() {} - -func (x *StringMatch) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[17] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use StringMatch.ProtoReflect.Descriptor instead. -func (*StringMatch) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{17} -} - -func (m *StringMatch) GetMatchType() isStringMatch_MatchType { - if m != nil { - return m.MatchType - } - return nil -} - -func (x *StringMatch) GetExact() string { - if x, ok := x.GetMatchType().(*StringMatch_Exact); ok { - return x.Exact - } - return "" -} - -func (x *StringMatch) GetPrefix() string { - if x, ok := x.GetMatchType().(*StringMatch_Prefix); ok { - return x.Prefix - } - return "" -} - -func (x *StringMatch) GetRegex() string { - if x, ok := x.GetMatchType().(*StringMatch_Regex); ok { - return x.Regex - } - return "" -} - -type isStringMatch_MatchType interface { - isStringMatch_MatchType() -} - -type StringMatch_Exact struct { - // exact string match - Exact string `protobuf:"bytes,1,opt,name=exact,proto3,oneof"` -} - -type StringMatch_Prefix struct { - // prefix-based match - Prefix string `protobuf:"bytes,2,opt,name=prefix,proto3,oneof"` -} - -type StringMatch_Regex struct { - // RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - Regex string `protobuf:"bytes,3,opt,name=regex,proto3,oneof"` -} - -func (*StringMatch_Exact) isStringMatch_MatchType() {} - -func (*StringMatch_Prefix) isStringMatch_MatchType() {} - -func (*StringMatch_Regex) isStringMatch_MatchType() {} - -// Describes the retry policy to use when a HTTP request fails. For -// example, the following rule sets the maximum number of retries to 3 when -// calling ratings:v1 service, with a 2s timeout per retry attempt. -// A retry will be attempted if there is a connect-failure, refused_stream -// or when the upstream server responds with Service Unavailable(503). -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// -// name: ratings-route -// -// spec: -// -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - route: -// - destination: -// host: ratings.prod.svc.cluster.local -// subset: v1 -// retries: -// attempts: 3 -// perTryTimeout: 2s -// retryOn: gateway-error,connect-failure,refused-stream -// -// ``` -type HTTPRetry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Number of retries to be allowed for a given request. The interval - // between retries will be determined automatically (25ms+). When request - // `timeout` of the [HTTP route](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPRoute) - // or `per_try_timeout` is configured, the actual number of retries attempted also depends on - // the specified request `timeout` and `per_try_timeout` values. MUST BE >= 0. If `0`, retries will be disabled. - // The maximum possible number of requests made will be 1 + `attempts`. - Attempts int32 `protobuf:"varint,1,opt,name=attempts,proto3" json:"attempts,omitempty"` - // Timeout per attempt for a given request, including the initial call and any retries. Format: 1h/1m/1s/1ms. MUST BE >=1ms. - // Default is same value as request - // `timeout` of the [HTTP route](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPRoute), - // which means no timeout. - PerTryTimeout *duration.Duration `protobuf:"bytes,2,opt,name=per_try_timeout,json=perTryTimeout,proto3" json:"per_try_timeout,omitempty"` - // Specifies the conditions under which retry takes place. - // One or more policies can be specified using a ‘,’ delimited list. - // If `retry_on` specifies a valid HTTP status, it will be added to retriable_status_codes retry policy. - // See the [retry policies](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-on) - // and [gRPC retry policies](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-grpc-on) for more details. - RetryOn string `protobuf:"bytes,3,opt,name=retry_on,json=retryOn,proto3" json:"retry_on,omitempty"` - // Flag to specify whether the retries should retry to other localities. - // See the [retry plugin configuration](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/http/http_connection_management#retry-plugin-configuration) for more details. - RetryRemoteLocalities *wrappers.BoolValue `protobuf:"bytes,4,opt,name=retry_remote_localities,json=retryRemoteLocalities,proto3" json:"retry_remote_localities,omitempty"` -} - -func (x *HTTPRetry) Reset() { - *x = HTTPRetry{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[18] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *HTTPRetry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*HTTPRetry) ProtoMessage() {} - -func (x *HTTPRetry) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[18] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use HTTPRetry.ProtoReflect.Descriptor instead. -func (*HTTPRetry) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{18} -} - -func (x *HTTPRetry) GetAttempts() int32 { - if x != nil { - return x.Attempts - } - return 0 -} - -func (x *HTTPRetry) GetPerTryTimeout() *duration.Duration { - if x != nil { - return x.PerTryTimeout - } - return nil -} - -func (x *HTTPRetry) GetRetryOn() string { - if x != nil { - return x.RetryOn - } - return "" -} - -func (x *HTTPRetry) GetRetryRemoteLocalities() *wrappers.BoolValue { - if x != nil { - return x.RetryRemoteLocalities - } - return nil -} - -// Describes the Cross-Origin Resource Sharing (CORS) policy, for a given -// service. Refer to [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS) -// for further details about cross origin resource sharing. For example, -// the following rule restricts cross origin requests to those originating -// from example.com domain using HTTP POST/GET, and sets the -// `Access-Control-Allow-Credentials` header to false. In addition, it only -// exposes `X-Foo-bar` header and sets an expiry period of 1 day. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// -// name: ratings-route -// -// spec: -// -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - route: -// - destination: -// host: ratings.prod.svc.cluster.local -// subset: v1 -// corsPolicy: -// allowOrigins: -// - exact: https://example.com -// allowMethods: -// - POST -// - GET -// allowCredentials: false -// allowHeaders: -// - X-Foo-Bar -// maxAge: "24h" -// -// ``` -type CorsPolicy struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The list of origins that are allowed to perform CORS requests. The - // content will be serialized into the Access-Control-Allow-Origin - // header. Wildcard * will allow all origins. - // $hide_from_docs - // - // Deprecated: Marked as deprecated in networking/v1beta1/virtual_service.proto. - AllowOrigin []string `protobuf:"bytes,1,rep,name=allow_origin,json=allowOrigin,proto3" json:"allow_origin,omitempty"` - // String patterns that match allowed origins. - // An origin is allowed if any of the string matchers match. - // If a match is found, then the outgoing Access-Control-Allow-Origin would be set to the origin as provided by the client. - AllowOrigins []*StringMatch `protobuf:"bytes,7,rep,name=allow_origins,json=allowOrigins,proto3" json:"allow_origins,omitempty"` - // List of HTTP methods allowed to access the resource. The content will - // be serialized into the Access-Control-Allow-Methods header. - AllowMethods []string `protobuf:"bytes,2,rep,name=allow_methods,json=allowMethods,proto3" json:"allow_methods,omitempty"` - // List of HTTP headers that can be used when requesting the - // resource. Serialized to Access-Control-Allow-Headers header. - AllowHeaders []string `protobuf:"bytes,3,rep,name=allow_headers,json=allowHeaders,proto3" json:"allow_headers,omitempty"` - // A list of HTTP headers that the browsers are allowed to - // access. Serialized into Access-Control-Expose-Headers header. - ExposeHeaders []string `protobuf:"bytes,4,rep,name=expose_headers,json=exposeHeaders,proto3" json:"expose_headers,omitempty"` - // Specifies how long the results of a preflight request can be - // cached. Translates to the `Access-Control-Max-Age` header. - MaxAge *duration.Duration `protobuf:"bytes,5,opt,name=max_age,json=maxAge,proto3" json:"max_age,omitempty"` - // Indicates whether the caller is allowed to send the actual request - // (not the preflight) using credentials. Translates to - // `Access-Control-Allow-Credentials` header. - AllowCredentials *wrappers.BoolValue `protobuf:"bytes,6,opt,name=allow_credentials,json=allowCredentials,proto3" json:"allow_credentials,omitempty"` - // Indicates whether preflight requests not matching the configured - // allowed origin shouldn't be forwarded to the upstream. - // Default is forward to upstream. - UnmatchedPreflights CorsPolicy_UnmatchedPreflights `protobuf:"varint,8,opt,name=unmatched_preflights,json=unmatchedPreflights,proto3,enum=istio.networking.v1beta1.CorsPolicy_UnmatchedPreflights" json:"unmatched_preflights,omitempty"` -} - -func (x *CorsPolicy) Reset() { - *x = CorsPolicy{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[19] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CorsPolicy) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CorsPolicy) ProtoMessage() {} - -func (x *CorsPolicy) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[19] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CorsPolicy.ProtoReflect.Descriptor instead. -func (*CorsPolicy) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{19} -} - -// Deprecated: Marked as deprecated in networking/v1beta1/virtual_service.proto. -func (x *CorsPolicy) GetAllowOrigin() []string { - if x != nil { - return x.AllowOrigin - } - return nil -} - -func (x *CorsPolicy) GetAllowOrigins() []*StringMatch { - if x != nil { - return x.AllowOrigins - } - return nil -} - -func (x *CorsPolicy) GetAllowMethods() []string { - if x != nil { - return x.AllowMethods - } - return nil -} - -func (x *CorsPolicy) GetAllowHeaders() []string { - if x != nil { - return x.AllowHeaders - } - return nil -} - -func (x *CorsPolicy) GetExposeHeaders() []string { - if x != nil { - return x.ExposeHeaders - } - return nil -} - -func (x *CorsPolicy) GetMaxAge() *duration.Duration { - if x != nil { - return x.MaxAge - } - return nil -} - -func (x *CorsPolicy) GetAllowCredentials() *wrappers.BoolValue { - if x != nil { - return x.AllowCredentials - } - return nil -} - -func (x *CorsPolicy) GetUnmatchedPreflights() CorsPolicy_UnmatchedPreflights { - if x != nil { - return x.UnmatchedPreflights - } - return CorsPolicy_UNSPECIFIED -} - -// HTTPFaultInjection can be used to specify one or more faults to inject -// while forwarding HTTP requests to the destination specified in a route. -// Fault specification is part of a VirtualService rule. Faults include -// aborting the Http request from downstream service, and/or delaying -// proxying of requests. A fault rule MUST HAVE delay or abort or both. -// -// *Note:* Delay and abort faults are independent of one another, even if -// both are specified simultaneously. -type HTTPFaultInjection struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Delay requests before forwarding, emulating various failures such as - // network issues, overloaded upstream service, etc. - Delay *HTTPFaultInjection_Delay `protobuf:"bytes,1,opt,name=delay,proto3" json:"delay,omitempty"` - // Abort Http request attempts and return error codes back to downstream - // service, giving the impression that the upstream service is faulty. - Abort *HTTPFaultInjection_Abort `protobuf:"bytes,2,opt,name=abort,proto3" json:"abort,omitempty"` -} - -func (x *HTTPFaultInjection) Reset() { - *x = HTTPFaultInjection{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[20] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *HTTPFaultInjection) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*HTTPFaultInjection) ProtoMessage() {} - -func (x *HTTPFaultInjection) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[20] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use HTTPFaultInjection.ProtoReflect.Descriptor instead. -func (*HTTPFaultInjection) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{20} -} - -func (x *HTTPFaultInjection) GetDelay() *HTTPFaultInjection_Delay { - if x != nil { - return x.Delay - } - return nil -} - -func (x *HTTPFaultInjection) GetAbort() *HTTPFaultInjection_Abort { - if x != nil { - return x.Abort - } - return nil -} - -// HTTPMirrorPolicy can be used to specify the destinations to mirror HTTP traffic in addition -// to the original destination. Mirrored traffic is on a -// best effort basis where the sidecar/gateway will not wait for the -// mirrored destinations to respond before returning the response from the -// original destination. Statistics will be generated for the mirrored -// destination. -type HTTPMirrorPolicy struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Destination specifies the target of the mirror operation. - Destination *Destination `protobuf:"bytes,1,opt,name=destination,proto3" json:"destination,omitempty"` - // Percentage of the traffic to be mirrored by the `destination` field. - // If this field is absent, all the traffic (100%) will be mirrored. - // Max value is 100. - Percentage *Percent `protobuf:"bytes,2,opt,name=percentage,proto3" json:"percentage,omitempty"` -} - -func (x *HTTPMirrorPolicy) Reset() { - *x = HTTPMirrorPolicy{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[21] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *HTTPMirrorPolicy) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*HTTPMirrorPolicy) ProtoMessage() {} - -func (x *HTTPMirrorPolicy) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[21] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use HTTPMirrorPolicy.ProtoReflect.Descriptor instead. -func (*HTTPMirrorPolicy) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{21} -} - -func (x *HTTPMirrorPolicy) GetDestination() *Destination { - if x != nil { - return x.Destination - } - return nil -} - -func (x *HTTPMirrorPolicy) GetPercentage() *Percent { - if x != nil { - return x.Percentage - } - return nil -} - -// PortSelector specifies the number of a port to be used for -// matching or selection for final routing. -type PortSelector struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Valid port number - Number uint32 `protobuf:"varint,1,opt,name=number,proto3" json:"number,omitempty"` -} - -func (x *PortSelector) Reset() { - *x = PortSelector{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[22] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *PortSelector) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*PortSelector) ProtoMessage() {} - -func (x *PortSelector) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[22] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use PortSelector.ProtoReflect.Descriptor instead. -func (*PortSelector) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{22} -} - -func (x *PortSelector) GetNumber() uint32 { - if x != nil { - return x.Number - } - return 0 -} - -// Percent specifies a percentage in the range of [0.0, 100.0]. -type Percent struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Value float64 `protobuf:"fixed64,1,opt,name=value,proto3" json:"value,omitempty"` -} - -func (x *Percent) Reset() { - *x = Percent{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[23] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Percent) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Percent) ProtoMessage() {} - -func (x *Percent) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[23] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Percent.ProtoReflect.Descriptor instead. -func (*Percent) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{23} -} - -func (x *Percent) GetValue() float64 { - if x != nil { - return x.Value - } - return 0 -} - -// HeaderOperations Describes the header manipulations to apply -type Headers_HeaderOperations struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Overwrite the headers specified by key with the given values - Set map[string]string `protobuf:"bytes,1,rep,name=set,proto3" json:"set,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - // Append the given values to the headers specified by keys - // (will create a comma-separated list of values) - Add map[string]string `protobuf:"bytes,2,rep,name=add,proto3" json:"add,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - // Remove the specified headers - Remove []string `protobuf:"bytes,3,rep,name=remove,proto3" json:"remove,omitempty"` -} - -func (x *Headers_HeaderOperations) Reset() { - *x = Headers_HeaderOperations{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[24] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Headers_HeaderOperations) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Headers_HeaderOperations) ProtoMessage() {} - -func (x *Headers_HeaderOperations) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[24] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Headers_HeaderOperations.ProtoReflect.Descriptor instead. -func (*Headers_HeaderOperations) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{4, 0} -} - -func (x *Headers_HeaderOperations) GetSet() map[string]string { - if x != nil { - return x.Set - } - return nil -} - -func (x *Headers_HeaderOperations) GetAdd() map[string]string { - if x != nil { - return x.Add - } - return nil -} - -func (x *Headers_HeaderOperations) GetRemove() []string { - if x != nil { - return x.Remove - } - return nil -} - -// Delay specification is used to inject latency into the request -// forwarding path. The following example will introduce a 5 second delay -// in 1 out of every 1000 requests to the "v1" version of the "reviews" -// service from all pods with label env: prod -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// -// name: reviews-route -// -// spec: -// -// hosts: -// - reviews.prod.svc.cluster.local -// http: -// - match: -// - sourceLabels: -// env: prod -// route: -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v1 -// fault: -// delay: -// percentage: -// value: 0.1 -// fixedDelay: 5s -// -// ``` -// -// The _fixedDelay_ field is used to indicate the amount of delay in seconds. -// The optional _percentage_ field can be used to only delay a certain -// percentage of requests. If left unspecified, no request will be delayed. -type HTTPFaultInjection_Delay struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Percentage of requests on which the delay will be injected (0-100). - // Use of integer `percent` value is deprecated. Use the double `percentage` - // field instead. - // - // Deprecated: Marked as deprecated in networking/v1beta1/virtual_service.proto. - Percent int32 `protobuf:"varint,1,opt,name=percent,proto3" json:"percent,omitempty"` - // Types that are assignable to HttpDelayType: - // - // *HTTPFaultInjection_Delay_FixedDelay - // *HTTPFaultInjection_Delay_ExponentialDelay - HttpDelayType isHTTPFaultInjection_Delay_HttpDelayType `protobuf_oneof:"http_delay_type"` - // Percentage of requests on which the delay will be injected. - // If left unspecified, no request will be delayed. - Percentage *Percent `protobuf:"bytes,5,opt,name=percentage,proto3" json:"percentage,omitempty"` -} - -func (x *HTTPFaultInjection_Delay) Reset() { - *x = HTTPFaultInjection_Delay{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[33] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *HTTPFaultInjection_Delay) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*HTTPFaultInjection_Delay) ProtoMessage() {} - -func (x *HTTPFaultInjection_Delay) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[33] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use HTTPFaultInjection_Delay.ProtoReflect.Descriptor instead. -func (*HTTPFaultInjection_Delay) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{20, 0} -} - -// Deprecated: Marked as deprecated in networking/v1beta1/virtual_service.proto. -func (x *HTTPFaultInjection_Delay) GetPercent() int32 { - if x != nil { - return x.Percent - } - return 0 -} - -func (m *HTTPFaultInjection_Delay) GetHttpDelayType() isHTTPFaultInjection_Delay_HttpDelayType { - if m != nil { - return m.HttpDelayType - } - return nil -} - -func (x *HTTPFaultInjection_Delay) GetFixedDelay() *duration.Duration { - if x, ok := x.GetHttpDelayType().(*HTTPFaultInjection_Delay_FixedDelay); ok { - return x.FixedDelay - } - return nil -} - -func (x *HTTPFaultInjection_Delay) GetExponentialDelay() *duration.Duration { - if x, ok := x.GetHttpDelayType().(*HTTPFaultInjection_Delay_ExponentialDelay); ok { - return x.ExponentialDelay - } - return nil -} - -func (x *HTTPFaultInjection_Delay) GetPercentage() *Percent { - if x != nil { - return x.Percentage - } - return nil -} - -type isHTTPFaultInjection_Delay_HttpDelayType interface { - isHTTPFaultInjection_Delay_HttpDelayType() -} - -type HTTPFaultInjection_Delay_FixedDelay struct { - // Add a fixed delay before forwarding the request. Format: - // 1h/1m/1s/1ms. MUST be >=1ms. - FixedDelay *duration.Duration `protobuf:"bytes,2,opt,name=fixed_delay,json=fixedDelay,proto3,oneof"` -} - -type HTTPFaultInjection_Delay_ExponentialDelay struct { - // $hide_from_docs - ExponentialDelay *duration.Duration `protobuf:"bytes,3,opt,name=exponential_delay,json=exponentialDelay,proto3,oneof"` -} - -func (*HTTPFaultInjection_Delay_FixedDelay) isHTTPFaultInjection_Delay_HttpDelayType() {} - -func (*HTTPFaultInjection_Delay_ExponentialDelay) isHTTPFaultInjection_Delay_HttpDelayType() {} - -// Abort specification is used to prematurely abort a request with a -// pre-specified error code. The following example will return an HTTP 400 -// error code for 1 out of every 1000 requests to the "ratings" service "v1". -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// -// name: ratings-route -// -// spec: -// -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - route: -// - destination: -// host: ratings.prod.svc.cluster.local -// subset: v1 -// fault: -// abort: -// percentage: -// value: 0.1 -// httpStatus: 400 -// -// ``` -// -// The _httpStatus_ field is used to indicate the HTTP status code to -// return to the caller. The optional _percentage_ field can be used to only -// abort a certain percentage of requests. If not specified, no request will be -// aborted. -type HTTPFaultInjection_Abort struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Types that are assignable to ErrorType: - // - // *HTTPFaultInjection_Abort_HttpStatus - // *HTTPFaultInjection_Abort_GrpcStatus - // *HTTPFaultInjection_Abort_Http2Error - ErrorType isHTTPFaultInjection_Abort_ErrorType `protobuf_oneof:"error_type"` - // Percentage of requests to be aborted with the error code provided. - // If not specified, no request will be aborted. - Percentage *Percent `protobuf:"bytes,5,opt,name=percentage,proto3" json:"percentage,omitempty"` -} - -func (x *HTTPFaultInjection_Abort) Reset() { - *x = HTTPFaultInjection_Abort{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[34] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *HTTPFaultInjection_Abort) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*HTTPFaultInjection_Abort) ProtoMessage() {} - -func (x *HTTPFaultInjection_Abort) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_virtual_service_proto_msgTypes[34] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use HTTPFaultInjection_Abort.ProtoReflect.Descriptor instead. -func (*HTTPFaultInjection_Abort) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_virtual_service_proto_rawDescGZIP(), []int{20, 1} -} - -func (m *HTTPFaultInjection_Abort) GetErrorType() isHTTPFaultInjection_Abort_ErrorType { - if m != nil { - return m.ErrorType - } - return nil -} - -func (x *HTTPFaultInjection_Abort) GetHttpStatus() int32 { - if x, ok := x.GetErrorType().(*HTTPFaultInjection_Abort_HttpStatus); ok { - return x.HttpStatus - } - return 0 -} - -func (x *HTTPFaultInjection_Abort) GetGrpcStatus() string { - if x, ok := x.GetErrorType().(*HTTPFaultInjection_Abort_GrpcStatus); ok { - return x.GrpcStatus - } - return "" -} - -func (x *HTTPFaultInjection_Abort) GetHttp2Error() string { - if x, ok := x.GetErrorType().(*HTTPFaultInjection_Abort_Http2Error); ok { - return x.Http2Error - } - return "" -} - -func (x *HTTPFaultInjection_Abort) GetPercentage() *Percent { - if x != nil { - return x.Percentage - } - return nil -} - -type isHTTPFaultInjection_Abort_ErrorType interface { - isHTTPFaultInjection_Abort_ErrorType() -} - -type HTTPFaultInjection_Abort_HttpStatus struct { - // HTTP status code to use to abort the Http request. - HttpStatus int32 `protobuf:"varint,2,opt,name=http_status,json=httpStatus,proto3,oneof"` -} - -type HTTPFaultInjection_Abort_GrpcStatus struct { - // GRPC status code to use to abort the request. The supported - // codes are documented in https://github.com/grpc/grpc/blob/master/doc/statuscodes.md - // Note: If you want to return the status "Unavailable", then you should - // specify the code as `UNAVAILABLE`(all caps), but not `14`. - GrpcStatus string `protobuf:"bytes,3,opt,name=grpc_status,json=grpcStatus,proto3,oneof"` -} - -type HTTPFaultInjection_Abort_Http2Error struct { - // $hide_from_docs - Http2Error string `protobuf:"bytes,4,opt,name=http2_error,json=http2Error,proto3,oneof"` -} - -func (*HTTPFaultInjection_Abort_HttpStatus) isHTTPFaultInjection_Abort_ErrorType() {} - -func (*HTTPFaultInjection_Abort_GrpcStatus) isHTTPFaultInjection_Abort_ErrorType() {} - -func (*HTTPFaultInjection_Abort_Http2Error) isHTTPFaultInjection_Abort_ErrorType() {} - -var File_networking_v1beta1_virtual_service_proto protoreflect.FileDescriptor - -var file_networking_v1beta1_virtual_service_proto_rawDesc = []byte{ - 0x0a, 0x28, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, - 0x65, 0x74, 0x61, 0x31, 0x2f, 0x76, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x5f, 0x73, 0x65, 0x72, - 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x18, 0x69, 0x73, 0x74, 0x69, - 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, - 0x65, 0x74, 0x61, 0x31, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, - 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x77, 0x72, 0x61, 0x70, 0x70, 0x65, 0x72, 0x73, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x84, 0x02, 0x0a, 0x0e, 0x56, 0x69, 0x72, 0x74, 0x75, 0x61, - 0x6c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x68, 0x6f, 0x73, 0x74, - 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x12, 0x1a, - 0x0a, 0x08, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, - 0x52, 0x08, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x73, 0x12, 0x37, 0x0a, 0x04, 0x68, 0x74, - 0x74, 0x70, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, - 0x74, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x04, 0x68, - 0x74, 0x74, 0x70, 0x12, 0x34, 0x0a, 0x03, 0x74, 0x6c, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x22, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x54, 0x4c, 0x53, 0x52, - 0x6f, 0x75, 0x74, 0x65, 0x52, 0x03, 0x74, 0x6c, 0x73, 0x12, 0x34, 0x0a, 0x03, 0x74, 0x63, 0x70, - 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, - 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, - 0x31, 0x2e, 0x54, 0x43, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x03, 0x74, 0x63, 0x70, 0x12, - 0x1b, 0x0a, 0x09, 0x65, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x74, 0x6f, 0x18, 0x06, 0x20, 0x03, - 0x28, 0x09, 0x52, 0x08, 0x65, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x54, 0x6f, 0x22, 0x7a, 0x0a, 0x0b, - 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x17, 0x0a, 0x04, 0x68, - 0x6f, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, - 0x68, 0x6f, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x75, 0x62, 0x73, 0x65, 0x74, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x75, 0x62, 0x73, 0x65, 0x74, 0x12, 0x3a, 0x0a, 0x04, - 0x70, 0x6f, 0x72, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, - 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, - 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x50, 0x6f, 0x72, 0x74, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, - 0x6f, 0x72, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x22, 0xae, 0x09, 0x0a, 0x09, 0x48, 0x54, 0x54, - 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x11, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x40, 0x0a, 0x05, 0x6d, 0x61, - 0x74, 0x63, 0x68, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x69, 0x73, 0x74, 0x69, - 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, - 0x65, 0x74, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x52, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x44, 0x0a, 0x05, - 0x72, 0x6f, 0x75, 0x74, 0x65, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x69, 0x73, - 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, - 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, - 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x05, 0x72, 0x6f, 0x75, - 0x74, 0x65, 0x12, 0x42, 0x0a, 0x08, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x18, 0x03, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, - 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, - 0x48, 0x54, 0x54, 0x50, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x52, 0x08, 0x72, 0x65, - 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x12, 0x55, 0x0a, 0x0f, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, - 0x5f, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x18, 0x15, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x2c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, - 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x44, - 0x69, 0x72, 0x65, 0x63, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x52, 0x0e, 0x64, - 0x69, 0x72, 0x65, 0x63, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3e, 0x0a, - 0x08, 0x64, 0x65, 0x6c, 0x65, 0x67, 0x61, 0x74, 0x65, 0x18, 0x14, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x22, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, - 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x67, - 0x61, 0x74, 0x65, 0x52, 0x08, 0x64, 0x65, 0x6c, 0x65, 0x67, 0x61, 0x74, 0x65, 0x12, 0x3f, 0x0a, - 0x07, 0x72, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, - 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, - 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x65, - 0x77, 0x72, 0x69, 0x74, 0x65, 0x52, 0x07, 0x72, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x12, 0x33, - 0x0a, 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, - 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x74, 0x69, 0x6d, 0x65, - 0x6f, 0x75, 0x74, 0x12, 0x3d, 0x0a, 0x07, 0x72, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x18, 0x07, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, - 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, - 0x48, 0x54, 0x54, 0x50, 0x52, 0x65, 0x74, 0x72, 0x79, 0x52, 0x07, 0x72, 0x65, 0x74, 0x72, 0x69, - 0x65, 0x73, 0x12, 0x42, 0x0a, 0x05, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x2c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, - 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, - 0x50, 0x46, 0x61, 0x75, 0x6c, 0x74, 0x49, 0x6e, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, - 0x05, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x12, 0x3d, 0x0a, 0x06, 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, - 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, - 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, - 0x31, 0x2e, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x06, 0x6d, - 0x69, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x44, 0x0a, 0x07, 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x73, - 0x18, 0x16, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, - 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, - 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x50, 0x6f, 0x6c, 0x69, - 0x63, 0x79, 0x52, 0x07, 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x12, 0x47, 0x0a, 0x0e, 0x6d, - 0x69, 0x72, 0x72, 0x6f, 0x72, 0x5f, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x18, 0x12, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, - 0x65, 0x42, 0x02, 0x18, 0x01, 0x52, 0x0d, 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x50, 0x65, 0x72, - 0x63, 0x65, 0x6e, 0x74, 0x12, 0x4e, 0x0a, 0x11, 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x5f, 0x70, - 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x61, 0x67, 0x65, 0x18, 0x13, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x21, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, - 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x50, 0x65, 0x72, 0x63, 0x65, - 0x6e, 0x74, 0x52, 0x10, 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, - 0x74, 0x61, 0x67, 0x65, 0x12, 0x45, 0x0a, 0x0b, 0x63, 0x6f, 0x72, 0x73, 0x5f, 0x70, 0x6f, 0x6c, - 0x69, 0x63, 0x79, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x69, 0x73, 0x74, 0x69, - 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, - 0x65, 0x74, 0x61, 0x31, 0x2e, 0x43, 0x6f, 0x72, 0x73, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, - 0x0a, 0x63, 0x6f, 0x72, 0x73, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x3b, 0x0a, 0x07, 0x68, - 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x10, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x69, - 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, - 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x52, - 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x4a, 0x04, 0x08, 0x05, 0x10, 0x06, 0x4a, 0x04, - 0x08, 0x0b, 0x10, 0x10, 0x52, 0x11, 0x77, 0x65, 0x62, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x5f, - 0x75, 0x70, 0x67, 0x72, 0x61, 0x64, 0x65, 0x52, 0x0e, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x5f, - 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x52, 0x17, 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x5f, - 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, - 0x52, 0x17, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, - 0x65, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x52, 0x16, 0x72, 0x65, 0x6d, 0x6f, 0x76, - 0x65, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, - 0x73, 0x52, 0x16, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x22, 0x3c, 0x0a, 0x08, 0x44, 0x65, 0x6c, - 0x65, 0x67, 0x61, 0x74, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x61, 0x6d, - 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, 0x61, - 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x22, 0xe2, 0x03, 0x0a, 0x07, 0x48, 0x65, 0x61, 0x64, - 0x65, 0x72, 0x73, 0x12, 0x4c, 0x0a, 0x07, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, - 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, - 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4f, 0x70, - 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x12, 0x4e, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, - 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x48, - 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4f, 0x70, 0x65, - 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, - 0x65, 0x1a, 0xb8, 0x02, 0x0a, 0x10, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4f, 0x70, 0x65, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x4d, 0x0a, 0x03, 0x73, 0x65, 0x74, 0x18, 0x01, 0x20, - 0x03, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, - 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x48, - 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4f, 0x70, 0x65, - 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x53, 0x65, 0x74, 0x45, 0x6e, 0x74, 0x72, 0x79, - 0x52, 0x03, 0x73, 0x65, 0x74, 0x12, 0x4d, 0x0a, 0x03, 0x61, 0x64, 0x64, 0x18, 0x02, 0x20, 0x03, - 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, - 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x48, 0x65, - 0x61, 0x64, 0x65, 0x72, 0x73, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4f, 0x70, 0x65, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x41, 0x64, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, - 0x03, 0x61, 0x64, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x18, 0x03, - 0x20, 0x03, 0x28, 0x09, 0x52, 0x06, 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x1a, 0x36, 0x0a, 0x08, - 0x53, 0x65, 0x74, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, - 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x36, 0x0a, 0x08, 0x41, 0x64, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, - 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, - 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x95, 0x01, 0x0a, - 0x08, 0x54, 0x4c, 0x53, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x47, 0x0a, 0x05, 0x6d, 0x61, 0x74, - 0x63, 0x68, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, - 0x74, 0x61, 0x31, 0x2e, 0x54, 0x4c, 0x53, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x41, 0x74, 0x74, 0x72, - 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x05, 0x6d, 0x61, 0x74, - 0x63, 0x68, 0x12, 0x40, 0x0a, 0x05, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x18, 0x02, 0x20, 0x03, 0x28, - 0x0b, 0x32, 0x2a, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, - 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x52, 0x6f, 0x75, - 0x74, 0x65, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x05, 0x72, - 0x6f, 0x75, 0x74, 0x65, 0x22, 0x8f, 0x01, 0x0a, 0x08, 0x54, 0x43, 0x50, 0x52, 0x6f, 0x75, 0x74, - 0x65, 0x12, 0x41, 0x0a, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x2b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x34, 0x4d, 0x61, - 0x74, 0x63, 0x68, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x52, 0x05, 0x6d, - 0x61, 0x74, 0x63, 0x68, 0x12, 0x40, 0x0a, 0x05, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x18, 0x02, 0x20, - 0x03, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, - 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x52, - 0x6f, 0x75, 0x74, 0x65, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, - 0x05, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x22, 0xba, 0x09, 0x0a, 0x10, 0x48, 0x54, 0x54, 0x50, 0x4d, - 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, - 0x61, 0x6d, 0x65, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, - 0x37, 0x0a, 0x03, 0x75, 0x72, 0x69, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, - 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, - 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, - 0x74, 0x63, 0x68, 0x52, 0x03, 0x75, 0x72, 0x69, 0x12, 0x3d, 0x0a, 0x06, 0x73, 0x63, 0x68, 0x65, - 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, - 0x74, 0x61, 0x31, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, - 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x65, 0x12, 0x3d, 0x0a, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, - 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, - 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, - 0x61, 0x31, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x06, - 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x43, 0x0a, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, - 0x69, 0x74, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x73, 0x74, 0x69, - 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, - 0x65, 0x74, 0x61, 0x31, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, 0x68, - 0x52, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x51, 0x0a, 0x07, 0x68, - 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x37, 0x2e, 0x69, - 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, - 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, - 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x12, - 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x70, 0x6f, - 0x72, 0x74, 0x12, 0x61, 0x0a, 0x0d, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x6c, 0x61, 0x62, - 0x65, 0x6c, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x69, 0x73, 0x74, 0x69, - 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, - 0x65, 0x74, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4c, 0x61, 0x62, 0x65, - 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0c, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4c, - 0x61, 0x62, 0x65, 0x6c, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, - 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, - 0x73, 0x12, 0x5e, 0x0a, 0x0c, 0x71, 0x75, 0x65, 0x72, 0x79, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, - 0x73, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, - 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, - 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x2e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x45, - 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0b, 0x71, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, - 0x73, 0x12, 0x26, 0x0a, 0x0f, 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65, 0x5f, 0x75, 0x72, 0x69, 0x5f, - 0x63, 0x61, 0x73, 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x69, 0x67, 0x6e, 0x6f, - 0x72, 0x65, 0x55, 0x72, 0x69, 0x43, 0x61, 0x73, 0x65, 0x12, 0x67, 0x0a, 0x0f, 0x77, 0x69, 0x74, - 0x68, 0x6f, 0x75, 0x74, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x0c, 0x20, 0x03, - 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, - 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x48, 0x54, - 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x57, - 0x69, 0x74, 0x68, 0x6f, 0x75, 0x74, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x45, 0x6e, 0x74, - 0x72, 0x79, 0x52, 0x0e, 0x77, 0x69, 0x74, 0x68, 0x6f, 0x75, 0x74, 0x48, 0x65, 0x61, 0x64, 0x65, - 0x72, 0x73, 0x12, 0x29, 0x0a, 0x10, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x6e, 0x61, 0x6d, - 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x73, 0x6f, - 0x75, 0x72, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x1f, 0x0a, - 0x0b, 0x73, 0x74, 0x61, 0x74, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x0e, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x0a, 0x73, 0x74, 0x61, 0x74, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x1a, 0x61, - 0x0a, 0x0c, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, - 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, - 0x12, 0x3b, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x25, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, - 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, - 0x67, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, - 0x01, 0x1a, 0x3f, 0x0a, 0x11, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4c, 0x61, 0x62, 0x65, 0x6c, - 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, - 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, - 0x38, 0x01, 0x1a, 0x65, 0x0a, 0x10, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, - 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x3b, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, - 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, - 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, - 0x61, 0x31, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x05, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x68, 0x0a, 0x13, 0x57, 0x69, 0x74, - 0x68, 0x6f, 0x75, 0x74, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, - 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, - 0x65, 0x79, 0x12, 0x3b, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, - 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x53, 0x74, 0x72, - 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, - 0x02, 0x38, 0x01, 0x22, 0xa1, 0x02, 0x0a, 0x14, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, - 0x65, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x4c, 0x0a, 0x0b, - 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, - 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x44, 0x65, 0x73, - 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0b, 0x64, - 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x06, 0x77, 0x65, - 0x69, 0x67, 0x68, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x77, 0x65, 0x69, 0x67, - 0x68, 0x74, 0x12, 0x3b, 0x0a, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x07, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, - 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x48, - 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x52, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x4a, - 0x04, 0x08, 0x03, 0x10, 0x07, 0x52, 0x17, 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x5f, 0x72, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x52, 0x17, - 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x5f, - 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x52, 0x16, 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x5f, - 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x52, - 0x16, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, - 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x22, 0x78, 0x0a, 0x10, 0x52, 0x6f, 0x75, 0x74, 0x65, - 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x4c, 0x0a, 0x0b, 0x64, - 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x25, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x44, 0x65, 0x73, 0x74, - 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0b, 0x64, 0x65, - 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x06, 0x77, 0x65, 0x69, - 0x67, 0x68, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, - 0x74, 0x22, 0xe9, 0x02, 0x0a, 0x11, 0x4c, 0x34, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x41, 0x74, 0x74, - 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x12, 0x2f, 0x0a, 0x13, 0x64, 0x65, 0x73, 0x74, 0x69, - 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x75, 0x62, 0x6e, 0x65, 0x74, 0x73, 0x18, 0x01, - 0x20, 0x03, 0x28, 0x09, 0x52, 0x12, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x53, 0x75, 0x62, 0x6e, 0x65, 0x74, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x23, 0x0a, 0x0d, - 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x73, 0x75, 0x62, 0x6e, 0x65, 0x74, 0x18, 0x03, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x0c, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x53, 0x75, 0x62, 0x6e, 0x65, - 0x74, 0x12, 0x62, 0x0a, 0x0d, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x6c, 0x61, 0x62, 0x65, - 0x6c, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, - 0x74, 0x61, 0x31, 0x2e, 0x4c, 0x34, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x41, 0x74, 0x74, 0x72, 0x69, - 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4c, 0x61, 0x62, 0x65, - 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0c, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4c, - 0x61, 0x62, 0x65, 0x6c, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, - 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, - 0x73, 0x12, 0x29, 0x0a, 0x10, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, - 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x73, 0x6f, 0x75, - 0x72, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x1a, 0x3f, 0x0a, 0x11, - 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, - 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, - 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xfd, 0x02, - 0x0a, 0x12, 0x54, 0x4c, 0x53, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, - 0x75, 0x74, 0x65, 0x73, 0x12, 0x20, 0x0a, 0x09, 0x73, 0x6e, 0x69, 0x5f, 0x68, 0x6f, 0x73, 0x74, - 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x08, 0x73, 0x6e, - 0x69, 0x48, 0x6f, 0x73, 0x74, 0x73, 0x12, 0x2f, 0x0a, 0x13, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x75, 0x62, 0x6e, 0x65, 0x74, 0x73, 0x18, 0x02, 0x20, - 0x03, 0x28, 0x09, 0x52, 0x12, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x53, 0x75, 0x62, 0x6e, 0x65, 0x74, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x63, 0x0a, 0x0d, 0x73, - 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, 0x05, 0x20, 0x03, - 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, - 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x54, 0x4c, - 0x53, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, - 0x2e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, - 0x72, 0x79, 0x52, 0x0c, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, - 0x12, 0x1a, 0x0a, 0x08, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x73, 0x18, 0x06, 0x20, 0x03, - 0x28, 0x09, 0x52, 0x08, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x73, 0x12, 0x29, 0x0a, 0x10, - 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, - 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4e, 0x61, - 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x1a, 0x3f, 0x0a, 0x11, 0x53, 0x6f, 0x75, 0x72, 0x63, - 0x65, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, - 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, - 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, - 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x4a, 0x04, 0x08, 0x04, 0x10, 0x05, 0x52, 0x0d, - 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x73, 0x75, 0x62, 0x6e, 0x65, 0x74, 0x22, 0xce, 0x02, - 0x0a, 0x0c, 0x48, 0x54, 0x54, 0x50, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x12, 0x10, - 0x0a, 0x03, 0x75, 0x72, 0x69, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x69, - 0x12, 0x1c, 0x0a, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x14, - 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x48, 0x00, 0x52, 0x04, - 0x70, 0x6f, 0x72, 0x74, 0x12, 0x5f, 0x0a, 0x0b, 0x64, 0x65, 0x72, 0x69, 0x76, 0x65, 0x5f, 0x70, - 0x6f, 0x72, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x3c, 0x2e, 0x69, 0x73, 0x74, 0x69, - 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, - 0x65, 0x74, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, - 0x74, 0x2e, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x50, 0x6f, 0x72, 0x74, 0x53, 0x65, - 0x6c, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x00, 0x52, 0x0a, 0x64, 0x65, 0x72, 0x69, 0x76, - 0x65, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x65, 0x18, - 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x65, 0x12, 0x23, 0x0a, - 0x0d, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x5f, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x03, - 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0c, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x43, 0x6f, - 0x64, 0x65, 0x22, 0x49, 0x0a, 0x15, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x50, 0x6f, - 0x72, 0x74, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x19, 0x0a, 0x15, 0x46, - 0x52, 0x4f, 0x4d, 0x5f, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x5f, 0x44, 0x45, 0x46, - 0x41, 0x55, 0x4c, 0x54, 0x10, 0x00, 0x12, 0x15, 0x0a, 0x11, 0x46, 0x52, 0x4f, 0x4d, 0x5f, 0x52, - 0x45, 0x51, 0x55, 0x45, 0x53, 0x54, 0x5f, 0x50, 0x4f, 0x52, 0x54, 0x10, 0x01, 0x42, 0x0f, 0x0a, - 0x0d, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x22, 0x69, - 0x0a, 0x12, 0x48, 0x54, 0x54, 0x50, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x52, 0x65, 0x73, 0x70, - 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1b, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x0d, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, - 0x73, 0x12, 0x36, 0x0a, 0x04, 0x62, 0x6f, 0x64, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x22, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, - 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x42, - 0x6f, 0x64, 0x79, 0x52, 0x04, 0x62, 0x6f, 0x64, 0x79, 0x22, 0x49, 0x0a, 0x08, 0x48, 0x54, 0x54, - 0x50, 0x42, 0x6f, 0x64, 0x79, 0x12, 0x18, 0x0a, 0x06, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x06, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x12, - 0x16, 0x0a, 0x05, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x48, 0x00, - 0x52, 0x05, 0x62, 0x79, 0x74, 0x65, 0x73, 0x42, 0x0b, 0x0a, 0x09, 0x73, 0x70, 0x65, 0x63, 0x69, - 0x66, 0x69, 0x65, 0x72, 0x22, 0x91, 0x01, 0x0a, 0x0b, 0x48, 0x54, 0x54, 0x50, 0x52, 0x65, 0x77, - 0x72, 0x69, 0x74, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x69, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x03, 0x75, 0x72, 0x69, 0x12, 0x1c, 0x0a, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, - 0x69, 0x74, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, - 0x72, 0x69, 0x74, 0x79, 0x12, 0x52, 0x0a, 0x11, 0x75, 0x72, 0x69, 0x5f, 0x72, 0x65, 0x67, 0x65, - 0x78, 0x5f, 0x72, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, - 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x52, 0x65, 0x67, 0x65, 0x78, - 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x52, 0x0f, 0x75, 0x72, 0x69, 0x52, 0x65, 0x67, 0x65, - 0x78, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x22, 0x3e, 0x0a, 0x0c, 0x52, 0x65, 0x67, 0x65, - 0x78, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x6d, 0x61, 0x74, 0x63, - 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x18, - 0x0a, 0x07, 0x72, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x07, 0x72, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x22, 0x65, 0x0a, 0x0b, 0x53, 0x74, 0x72, 0x69, - 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x16, 0x0a, 0x05, 0x65, 0x78, 0x61, 0x63, 0x74, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x05, 0x65, 0x78, 0x61, 0x63, 0x74, 0x12, - 0x18, 0x0a, 0x06, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x48, - 0x00, 0x52, 0x06, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x16, 0x0a, 0x05, 0x72, 0x65, 0x67, - 0x65, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x05, 0x72, 0x65, 0x67, 0x65, - 0x78, 0x42, 0x0c, 0x0a, 0x0a, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x22, - 0xd9, 0x01, 0x0a, 0x09, 0x48, 0x54, 0x54, 0x50, 0x52, 0x65, 0x74, 0x72, 0x79, 0x12, 0x1a, 0x0a, - 0x08, 0x61, 0x74, 0x74, 0x65, 0x6d, 0x70, 0x74, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, - 0x08, 0x61, 0x74, 0x74, 0x65, 0x6d, 0x70, 0x74, 0x73, 0x12, 0x41, 0x0a, 0x0f, 0x70, 0x65, 0x72, - 0x5f, 0x74, 0x72, 0x79, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0d, 0x70, - 0x65, 0x72, 0x54, 0x72, 0x79, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x19, 0x0a, 0x08, - 0x72, 0x65, 0x74, 0x72, 0x79, 0x5f, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, - 0x72, 0x65, 0x74, 0x72, 0x79, 0x4f, 0x6e, 0x12, 0x52, 0x0a, 0x17, 0x72, 0x65, 0x74, 0x72, 0x79, - 0x5f, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x5f, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x69, - 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, - 0x61, 0x6c, 0x75, 0x65, 0x52, 0x15, 0x72, 0x65, 0x74, 0x72, 0x79, 0x52, 0x65, 0x6d, 0x6f, 0x74, - 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x69, 0x65, 0x73, 0x22, 0x9b, 0x04, 0x0a, 0x0a, - 0x43, 0x6f, 0x72, 0x73, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x25, 0x0a, 0x0c, 0x61, 0x6c, - 0x6c, 0x6f, 0x77, 0x5f, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, - 0x42, 0x02, 0x18, 0x01, 0x52, 0x0b, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x4f, 0x72, 0x69, 0x67, 0x69, - 0x6e, 0x12, 0x4a, 0x0a, 0x0d, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x6f, 0x72, 0x69, 0x67, 0x69, - 0x6e, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, - 0x74, 0x61, 0x31, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, - 0x0c, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x4f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x73, 0x12, 0x23, 0x0a, - 0x0d, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x73, 0x18, 0x02, - 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x4d, 0x65, 0x74, 0x68, 0x6f, - 0x64, 0x73, 0x12, 0x23, 0x0a, 0x0d, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x68, 0x65, 0x61, 0x64, - 0x65, 0x72, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x61, 0x6c, 0x6c, 0x6f, 0x77, - 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x65, 0x78, 0x70, 0x6f, 0x73, - 0x65, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, - 0x0d, 0x65, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x32, - 0x0a, 0x07, 0x6d, 0x61, 0x78, 0x5f, 0x61, 0x67, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, - 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x06, 0x6d, 0x61, 0x78, 0x41, - 0x67, 0x65, 0x12, 0x47, 0x0a, 0x11, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x63, 0x72, 0x65, 0x64, - 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, - 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, - 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x10, 0x61, 0x6c, 0x6c, 0x6f, 0x77, - 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x12, 0x6b, 0x0a, 0x14, 0x75, - 0x6e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x64, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x6c, 0x69, 0x67, - 0x68, 0x74, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x38, 0x2e, 0x69, 0x73, 0x74, 0x69, - 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, - 0x65, 0x74, 0x61, 0x31, 0x2e, 0x43, 0x6f, 0x72, 0x73, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, - 0x55, 0x6e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x64, 0x50, 0x72, 0x65, 0x66, 0x6c, 0x69, 0x67, - 0x68, 0x74, 0x73, 0x52, 0x13, 0x75, 0x6e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x64, 0x50, 0x72, - 0x65, 0x66, 0x6c, 0x69, 0x67, 0x68, 0x74, 0x73, 0x22, 0x3f, 0x0a, 0x13, 0x55, 0x6e, 0x6d, 0x61, - 0x74, 0x63, 0x68, 0x65, 0x64, 0x50, 0x72, 0x65, 0x66, 0x6c, 0x69, 0x67, 0x68, 0x74, 0x73, 0x12, - 0x0f, 0x0a, 0x0b, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, - 0x12, 0x0b, 0x0a, 0x07, 0x46, 0x4f, 0x52, 0x57, 0x41, 0x52, 0x44, 0x10, 0x01, 0x12, 0x0a, 0x0a, - 0x06, 0x49, 0x47, 0x4e, 0x4f, 0x52, 0x45, 0x10, 0x02, 0x22, 0x81, 0x05, 0x0a, 0x12, 0x48, 0x54, - 0x54, 0x50, 0x46, 0x61, 0x75, 0x6c, 0x74, 0x49, 0x6e, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, - 0x12, 0x48, 0x0a, 0x05, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x32, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, - 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x46, - 0x61, 0x75, 0x6c, 0x74, 0x49, 0x6e, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x44, 0x65, - 0x6c, 0x61, 0x79, 0x52, 0x05, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x12, 0x48, 0x0a, 0x05, 0x61, 0x62, - 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x69, 0x73, 0x74, 0x69, - 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, - 0x65, 0x74, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x46, 0x61, 0x75, 0x6c, 0x74, 0x49, 0x6e, - 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x41, 0x62, 0x6f, 0x72, 0x74, 0x52, 0x05, 0x61, - 0x62, 0x6f, 0x72, 0x74, 0x1a, 0x83, 0x02, 0x0a, 0x05, 0x44, 0x65, 0x6c, 0x61, 0x79, 0x12, 0x1c, - 0x0a, 0x07, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x42, - 0x02, 0x18, 0x01, 0x52, 0x07, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x12, 0x3c, 0x0a, 0x0b, - 0x66, 0x69, 0x78, 0x65, 0x64, 0x5f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x00, 0x52, 0x0a, - 0x66, 0x69, 0x78, 0x65, 0x64, 0x44, 0x65, 0x6c, 0x61, 0x79, 0x12, 0x48, 0x0a, 0x11, 0x65, 0x78, - 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x48, 0x00, 0x52, 0x10, 0x65, 0x78, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x44, - 0x65, 0x6c, 0x61, 0x79, 0x12, 0x41, 0x0a, 0x0a, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x61, - 0x67, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, - 0x74, 0x61, 0x31, 0x2e, 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x52, 0x0a, 0x70, 0x65, 0x72, - 0x63, 0x65, 0x6e, 0x74, 0x61, 0x67, 0x65, 0x42, 0x11, 0x0a, 0x0f, 0x68, 0x74, 0x74, 0x70, 0x5f, - 0x64, 0x65, 0x6c, 0x61, 0x79, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x1a, 0xd0, 0x01, 0x0a, 0x05, 0x41, - 0x62, 0x6f, 0x72, 0x74, 0x12, 0x21, 0x0a, 0x0b, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x73, 0x74, 0x61, - 0x74, 0x75, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x48, 0x00, 0x52, 0x0a, 0x68, 0x74, 0x74, - 0x70, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x21, 0x0a, 0x0b, 0x67, 0x72, 0x70, 0x63, 0x5f, - 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x0a, - 0x67, 0x72, 0x70, 0x63, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x21, 0x0a, 0x0b, 0x68, 0x74, - 0x74, 0x70, 0x32, 0x5f, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x48, - 0x00, 0x52, 0x0a, 0x68, 0x74, 0x74, 0x70, 0x32, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x41, 0x0a, - 0x0a, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x61, 0x67, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x21, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, - 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x50, 0x65, 0x72, - 0x63, 0x65, 0x6e, 0x74, 0x52, 0x0a, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x61, 0x67, 0x65, - 0x42, 0x0c, 0x0a, 0x0a, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x4a, 0x04, - 0x08, 0x01, 0x10, 0x02, 0x52, 0x07, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x22, 0xa3, 0x01, - 0x0a, 0x10, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x50, 0x6f, 0x6c, 0x69, - 0x63, 0x79, 0x12, 0x4c, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, - 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, - 0x61, 0x31, 0x2e, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x03, - 0xe0, 0x41, 0x02, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x12, 0x41, 0x0a, 0x0a, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x61, 0x67, 0x65, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, - 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, - 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x52, 0x0a, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, - 0x61, 0x67, 0x65, 0x22, 0x32, 0x0a, 0x0c, 0x50, 0x6f, 0x72, 0x74, 0x53, 0x65, 0x6c, 0x65, 0x63, - 0x74, 0x6f, 0x72, 0x12, 0x16, 0x0a, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0d, 0x52, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x4a, 0x04, 0x08, 0x02, 0x10, - 0x03, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x1f, 0x0a, 0x07, 0x50, 0x65, 0x72, 0x63, 0x65, - 0x6e, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x01, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x42, 0x21, 0x5a, 0x1f, 0x69, 0x73, 0x74, 0x69, - 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x33, -} - -var ( - file_networking_v1beta1_virtual_service_proto_rawDescOnce sync.Once - file_networking_v1beta1_virtual_service_proto_rawDescData = file_networking_v1beta1_virtual_service_proto_rawDesc -) - -func file_networking_v1beta1_virtual_service_proto_rawDescGZIP() []byte { - file_networking_v1beta1_virtual_service_proto_rawDescOnce.Do(func() { - file_networking_v1beta1_virtual_service_proto_rawDescData = protoimpl.X.CompressGZIP(file_networking_v1beta1_virtual_service_proto_rawDescData) - }) - return file_networking_v1beta1_virtual_service_proto_rawDescData -} - -var file_networking_v1beta1_virtual_service_proto_enumTypes = make([]protoimpl.EnumInfo, 2) -var file_networking_v1beta1_virtual_service_proto_msgTypes = make([]protoimpl.MessageInfo, 35) -var file_networking_v1beta1_virtual_service_proto_goTypes = []interface{}{ - (HTTPRedirect_RedirectPortSelection)(0), // 0: istio.networking.v1beta1.HTTPRedirect.RedirectPortSelection - (CorsPolicy_UnmatchedPreflights)(0), // 1: istio.networking.v1beta1.CorsPolicy.UnmatchedPreflights - (*VirtualService)(nil), // 2: istio.networking.v1beta1.VirtualService - (*Destination)(nil), // 3: istio.networking.v1beta1.Destination - (*HTTPRoute)(nil), // 4: istio.networking.v1beta1.HTTPRoute - (*Delegate)(nil), // 5: istio.networking.v1beta1.Delegate - (*Headers)(nil), // 6: istio.networking.v1beta1.Headers - (*TLSRoute)(nil), // 7: istio.networking.v1beta1.TLSRoute - (*TCPRoute)(nil), // 8: istio.networking.v1beta1.TCPRoute - (*HTTPMatchRequest)(nil), // 9: istio.networking.v1beta1.HTTPMatchRequest - (*HTTPRouteDestination)(nil), // 10: istio.networking.v1beta1.HTTPRouteDestination - (*RouteDestination)(nil), // 11: istio.networking.v1beta1.RouteDestination - (*L4MatchAttributes)(nil), // 12: istio.networking.v1beta1.L4MatchAttributes - (*TLSMatchAttributes)(nil), // 13: istio.networking.v1beta1.TLSMatchAttributes - (*HTTPRedirect)(nil), // 14: istio.networking.v1beta1.HTTPRedirect - (*HTTPDirectResponse)(nil), // 15: istio.networking.v1beta1.HTTPDirectResponse - (*HTTPBody)(nil), // 16: istio.networking.v1beta1.HTTPBody - (*HTTPRewrite)(nil), // 17: istio.networking.v1beta1.HTTPRewrite - (*RegexRewrite)(nil), // 18: istio.networking.v1beta1.RegexRewrite - (*StringMatch)(nil), // 19: istio.networking.v1beta1.StringMatch - (*HTTPRetry)(nil), // 20: istio.networking.v1beta1.HTTPRetry - (*CorsPolicy)(nil), // 21: istio.networking.v1beta1.CorsPolicy - (*HTTPFaultInjection)(nil), // 22: istio.networking.v1beta1.HTTPFaultInjection - (*HTTPMirrorPolicy)(nil), // 23: istio.networking.v1beta1.HTTPMirrorPolicy - (*PortSelector)(nil), // 24: istio.networking.v1beta1.PortSelector - (*Percent)(nil), // 25: istio.networking.v1beta1.Percent - (*Headers_HeaderOperations)(nil), // 26: istio.networking.v1beta1.Headers.HeaderOperations - nil, // 27: istio.networking.v1beta1.Headers.HeaderOperations.SetEntry - nil, // 28: istio.networking.v1beta1.Headers.HeaderOperations.AddEntry - nil, // 29: istio.networking.v1beta1.HTTPMatchRequest.HeadersEntry - nil, // 30: istio.networking.v1beta1.HTTPMatchRequest.SourceLabelsEntry - nil, // 31: istio.networking.v1beta1.HTTPMatchRequest.QueryParamsEntry - nil, // 32: istio.networking.v1beta1.HTTPMatchRequest.WithoutHeadersEntry - nil, // 33: istio.networking.v1beta1.L4MatchAttributes.SourceLabelsEntry - nil, // 34: istio.networking.v1beta1.TLSMatchAttributes.SourceLabelsEntry - (*HTTPFaultInjection_Delay)(nil), // 35: istio.networking.v1beta1.HTTPFaultInjection.Delay - (*HTTPFaultInjection_Abort)(nil), // 36: istio.networking.v1beta1.HTTPFaultInjection.Abort - (*duration.Duration)(nil), // 37: google.protobuf.Duration - (*wrappers.UInt32Value)(nil), // 38: google.protobuf.UInt32Value - (*wrappers.BoolValue)(nil), // 39: google.protobuf.BoolValue -} -var file_networking_v1beta1_virtual_service_proto_depIdxs = []int32{ - 4, // 0: istio.networking.v1beta1.VirtualService.http:type_name -> istio.networking.v1beta1.HTTPRoute - 7, // 1: istio.networking.v1beta1.VirtualService.tls:type_name -> istio.networking.v1beta1.TLSRoute - 8, // 2: istio.networking.v1beta1.VirtualService.tcp:type_name -> istio.networking.v1beta1.TCPRoute - 24, // 3: istio.networking.v1beta1.Destination.port:type_name -> istio.networking.v1beta1.PortSelector - 9, // 4: istio.networking.v1beta1.HTTPRoute.match:type_name -> istio.networking.v1beta1.HTTPMatchRequest - 10, // 5: istio.networking.v1beta1.HTTPRoute.route:type_name -> istio.networking.v1beta1.HTTPRouteDestination - 14, // 6: istio.networking.v1beta1.HTTPRoute.redirect:type_name -> istio.networking.v1beta1.HTTPRedirect - 15, // 7: istio.networking.v1beta1.HTTPRoute.direct_response:type_name -> istio.networking.v1beta1.HTTPDirectResponse - 5, // 8: istio.networking.v1beta1.HTTPRoute.delegate:type_name -> istio.networking.v1beta1.Delegate - 17, // 9: istio.networking.v1beta1.HTTPRoute.rewrite:type_name -> istio.networking.v1beta1.HTTPRewrite - 37, // 10: istio.networking.v1beta1.HTTPRoute.timeout:type_name -> google.protobuf.Duration - 20, // 11: istio.networking.v1beta1.HTTPRoute.retries:type_name -> istio.networking.v1beta1.HTTPRetry - 22, // 12: istio.networking.v1beta1.HTTPRoute.fault:type_name -> istio.networking.v1beta1.HTTPFaultInjection - 3, // 13: istio.networking.v1beta1.HTTPRoute.mirror:type_name -> istio.networking.v1beta1.Destination - 23, // 14: istio.networking.v1beta1.HTTPRoute.mirrors:type_name -> istio.networking.v1beta1.HTTPMirrorPolicy - 38, // 15: istio.networking.v1beta1.HTTPRoute.mirror_percent:type_name -> google.protobuf.UInt32Value - 25, // 16: istio.networking.v1beta1.HTTPRoute.mirror_percentage:type_name -> istio.networking.v1beta1.Percent - 21, // 17: istio.networking.v1beta1.HTTPRoute.cors_policy:type_name -> istio.networking.v1beta1.CorsPolicy - 6, // 18: istio.networking.v1beta1.HTTPRoute.headers:type_name -> istio.networking.v1beta1.Headers - 26, // 19: istio.networking.v1beta1.Headers.request:type_name -> istio.networking.v1beta1.Headers.HeaderOperations - 26, // 20: istio.networking.v1beta1.Headers.response:type_name -> istio.networking.v1beta1.Headers.HeaderOperations - 13, // 21: istio.networking.v1beta1.TLSRoute.match:type_name -> istio.networking.v1beta1.TLSMatchAttributes - 11, // 22: istio.networking.v1beta1.TLSRoute.route:type_name -> istio.networking.v1beta1.RouteDestination - 12, // 23: istio.networking.v1beta1.TCPRoute.match:type_name -> istio.networking.v1beta1.L4MatchAttributes - 11, // 24: istio.networking.v1beta1.TCPRoute.route:type_name -> istio.networking.v1beta1.RouteDestination - 19, // 25: istio.networking.v1beta1.HTTPMatchRequest.uri:type_name -> istio.networking.v1beta1.StringMatch - 19, // 26: istio.networking.v1beta1.HTTPMatchRequest.scheme:type_name -> istio.networking.v1beta1.StringMatch - 19, // 27: istio.networking.v1beta1.HTTPMatchRequest.method:type_name -> istio.networking.v1beta1.StringMatch - 19, // 28: istio.networking.v1beta1.HTTPMatchRequest.authority:type_name -> istio.networking.v1beta1.StringMatch - 29, // 29: istio.networking.v1beta1.HTTPMatchRequest.headers:type_name -> istio.networking.v1beta1.HTTPMatchRequest.HeadersEntry - 30, // 30: istio.networking.v1beta1.HTTPMatchRequest.source_labels:type_name -> istio.networking.v1beta1.HTTPMatchRequest.SourceLabelsEntry - 31, // 31: istio.networking.v1beta1.HTTPMatchRequest.query_params:type_name -> istio.networking.v1beta1.HTTPMatchRequest.QueryParamsEntry - 32, // 32: istio.networking.v1beta1.HTTPMatchRequest.without_headers:type_name -> istio.networking.v1beta1.HTTPMatchRequest.WithoutHeadersEntry - 3, // 33: istio.networking.v1beta1.HTTPRouteDestination.destination:type_name -> istio.networking.v1beta1.Destination - 6, // 34: istio.networking.v1beta1.HTTPRouteDestination.headers:type_name -> istio.networking.v1beta1.Headers - 3, // 35: istio.networking.v1beta1.RouteDestination.destination:type_name -> istio.networking.v1beta1.Destination - 33, // 36: istio.networking.v1beta1.L4MatchAttributes.source_labels:type_name -> istio.networking.v1beta1.L4MatchAttributes.SourceLabelsEntry - 34, // 37: istio.networking.v1beta1.TLSMatchAttributes.source_labels:type_name -> istio.networking.v1beta1.TLSMatchAttributes.SourceLabelsEntry - 0, // 38: istio.networking.v1beta1.HTTPRedirect.derive_port:type_name -> istio.networking.v1beta1.HTTPRedirect.RedirectPortSelection - 16, // 39: istio.networking.v1beta1.HTTPDirectResponse.body:type_name -> istio.networking.v1beta1.HTTPBody - 18, // 40: istio.networking.v1beta1.HTTPRewrite.uri_regex_rewrite:type_name -> istio.networking.v1beta1.RegexRewrite - 37, // 41: istio.networking.v1beta1.HTTPRetry.per_try_timeout:type_name -> google.protobuf.Duration - 39, // 42: istio.networking.v1beta1.HTTPRetry.retry_remote_localities:type_name -> google.protobuf.BoolValue - 19, // 43: istio.networking.v1beta1.CorsPolicy.allow_origins:type_name -> istio.networking.v1beta1.StringMatch - 37, // 44: istio.networking.v1beta1.CorsPolicy.max_age:type_name -> google.protobuf.Duration - 39, // 45: istio.networking.v1beta1.CorsPolicy.allow_credentials:type_name -> google.protobuf.BoolValue - 1, // 46: istio.networking.v1beta1.CorsPolicy.unmatched_preflights:type_name -> istio.networking.v1beta1.CorsPolicy.UnmatchedPreflights - 35, // 47: istio.networking.v1beta1.HTTPFaultInjection.delay:type_name -> istio.networking.v1beta1.HTTPFaultInjection.Delay - 36, // 48: istio.networking.v1beta1.HTTPFaultInjection.abort:type_name -> istio.networking.v1beta1.HTTPFaultInjection.Abort - 3, // 49: istio.networking.v1beta1.HTTPMirrorPolicy.destination:type_name -> istio.networking.v1beta1.Destination - 25, // 50: istio.networking.v1beta1.HTTPMirrorPolicy.percentage:type_name -> istio.networking.v1beta1.Percent - 27, // 51: istio.networking.v1beta1.Headers.HeaderOperations.set:type_name -> istio.networking.v1beta1.Headers.HeaderOperations.SetEntry - 28, // 52: istio.networking.v1beta1.Headers.HeaderOperations.add:type_name -> istio.networking.v1beta1.Headers.HeaderOperations.AddEntry - 19, // 53: istio.networking.v1beta1.HTTPMatchRequest.HeadersEntry.value:type_name -> istio.networking.v1beta1.StringMatch - 19, // 54: istio.networking.v1beta1.HTTPMatchRequest.QueryParamsEntry.value:type_name -> istio.networking.v1beta1.StringMatch - 19, // 55: istio.networking.v1beta1.HTTPMatchRequest.WithoutHeadersEntry.value:type_name -> istio.networking.v1beta1.StringMatch - 37, // 56: istio.networking.v1beta1.HTTPFaultInjection.Delay.fixed_delay:type_name -> google.protobuf.Duration - 37, // 57: istio.networking.v1beta1.HTTPFaultInjection.Delay.exponential_delay:type_name -> google.protobuf.Duration - 25, // 58: istio.networking.v1beta1.HTTPFaultInjection.Delay.percentage:type_name -> istio.networking.v1beta1.Percent - 25, // 59: istio.networking.v1beta1.HTTPFaultInjection.Abort.percentage:type_name -> istio.networking.v1beta1.Percent - 60, // [60:60] is the sub-list for method output_type - 60, // [60:60] is the sub-list for method input_type - 60, // [60:60] is the sub-list for extension type_name - 60, // [60:60] is the sub-list for extension extendee - 0, // [0:60] is the sub-list for field type_name -} - -func init() { file_networking_v1beta1_virtual_service_proto_init() } -func file_networking_v1beta1_virtual_service_proto_init() { - if File_networking_v1beta1_virtual_service_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_networking_v1beta1_virtual_service_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*VirtualService); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Destination); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPRoute); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Delegate); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Headers); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TLSRoute); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TCPRoute); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPMatchRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPRouteDestination); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*RouteDestination); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*L4MatchAttributes); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TLSMatchAttributes); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPRedirect); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPDirectResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPBody); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPRewrite); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*RegexRewrite); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[17].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*StringMatch); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[18].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPRetry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[19].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CorsPolicy); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[20].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPFaultInjection); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[21].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPMirrorPolicy); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[22].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PortSelector); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[23].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Percent); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[24].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Headers_HeaderOperations); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[33].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPFaultInjection_Delay); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[34].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPFaultInjection_Abort); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - file_networking_v1beta1_virtual_service_proto_msgTypes[12].OneofWrappers = []interface{}{ - (*HTTPRedirect_Port)(nil), - (*HTTPRedirect_DerivePort)(nil), - } - file_networking_v1beta1_virtual_service_proto_msgTypes[14].OneofWrappers = []interface{}{ - (*HTTPBody_String_)(nil), - (*HTTPBody_Bytes)(nil), - } - file_networking_v1beta1_virtual_service_proto_msgTypes[17].OneofWrappers = []interface{}{ - (*StringMatch_Exact)(nil), - (*StringMatch_Prefix)(nil), - (*StringMatch_Regex)(nil), - } - file_networking_v1beta1_virtual_service_proto_msgTypes[33].OneofWrappers = []interface{}{ - (*HTTPFaultInjection_Delay_FixedDelay)(nil), - (*HTTPFaultInjection_Delay_ExponentialDelay)(nil), - } - file_networking_v1beta1_virtual_service_proto_msgTypes[34].OneofWrappers = []interface{}{ - (*HTTPFaultInjection_Abort_HttpStatus)(nil), - (*HTTPFaultInjection_Abort_GrpcStatus)(nil), - (*HTTPFaultInjection_Abort_Http2Error)(nil), - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_networking_v1beta1_virtual_service_proto_rawDesc, - NumEnums: 2, - NumMessages: 35, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_networking_v1beta1_virtual_service_proto_goTypes, - DependencyIndexes: file_networking_v1beta1_virtual_service_proto_depIdxs, - EnumInfos: file_networking_v1beta1_virtual_service_proto_enumTypes, - MessageInfos: file_networking_v1beta1_virtual_service_proto_msgTypes, - }.Build() - File_networking_v1beta1_virtual_service_proto = out.File - file_networking_v1beta1_virtual_service_proto_rawDesc = nil - file_networking_v1beta1_virtual_service_proto_goTypes = nil - file_networking_v1beta1_virtual_service_proto_depIdxs = nil -} diff --git a/networking/v1beta1/virtual_service.proto b/networking/v1beta1/virtual_service.proto deleted file mode 100644 index d4d5cd6d756..00000000000 --- a/networking/v1beta1/virtual_service.proto +++ /dev/null @@ -1,1518 +0,0 @@ -// Copyright 2020 Istio Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -import "google/api/field_behavior.proto"; -import "google/protobuf/duration.proto"; -import "google/protobuf/wrappers.proto"; - -// $schema: istio.networking.v1beta1.VirtualService -// $title: Virtual Service -// $description: Configuration affecting label/content routing, sni routing, etc. -// $location: https://istio.io/docs/reference/config/networking/virtual-service.html -// $aliases: [/docs/reference/config/networking/v1beta1/virtual-service] -// $mode: none - -// Configuration affecting traffic routing. Here are a few terms useful to define -// in the context of traffic routing. -// -// `Service` a unit of application behavior bound to a unique name in a -// service registry. Services consist of multiple network *endpoints* -// implemented by workload instances running on pods, containers, VMs etc. -// -// `Service versions (a.k.a. subsets)` - In a continuous deployment -// scenario, for a given service, there can be distinct subsets of -// instances running different variants of the application binary. These -// variants are not necessarily different API versions. They could be -// iterative changes to the same service, deployed in different -// environments (prod, staging, dev, etc.). Common scenarios where this -// occurs include A/B testing, canary rollouts, etc. The choice of a -// particular version can be decided based on various criterion (headers, -// url, etc.) and/or by weights assigned to each version. Each service has -// a default version consisting of all its instances. -// -// `Source` - A downstream client calling a service. -// -// `Host` - The address used by a client when attempting to connect to a -// service. -// -// `Access model` - Applications address only the destination service -// (Host) without knowledge of individual service versions (subsets). The -// actual choice of the version is determined by the proxy/sidecar, enabling the -// application code to decouple itself from the evolution of dependent -// services. -// -// A `VirtualService` defines a set of traffic routing rules to apply when a host is -// addressed. Each routing rule defines matching criteria for traffic of a specific -// protocol. If the traffic is matched, then it is sent to a named destination service -// (or subset/version of it) defined in the registry. -// -// The source of traffic can also be matched in a routing rule. This allows routing -// to be customized for specific client contexts. -// -// The following example on Kubernetes, routes all HTTP traffic by default to -// pods of the reviews service with label "version: v1". In addition, -// HTTP requests with path starting with /wpcatalog/ or /consumercatalog/ will -// be rewritten to /newcatalog and sent to pods with label "version: v2". -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: reviews-route -// spec: -// hosts: -// - reviews.prod.svc.cluster.local -// http: -// - name: "reviews-v2-routes" -// match: -// - uri: -// prefix: "/wpcatalog" -// - uri: -// prefix: "/consumercatalog" -// rewrite: -// uri: "/newcatalog" -// route: -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v2 -// - name: "reviews-v1-route" -// route: -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v1 -// ``` -// -// A subset/version of a route destination is identified with a reference -// to a named service subset which must be declared in a corresponding -// `DestinationRule`. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: reviews-destination -// spec: -// host: reviews.prod.svc.cluster.local -// subsets: -// - name: v1 -// labels: -// version: v1 -// - name: v2 -// labels: -// version: v2 -// ``` -package istio.networking.v1beta1; - -option go_package = "istio.io/api/networking/v1beta1"; - -// Configuration affecting traffic routing. -// -// -// -message VirtualService { - // The destination hosts to which traffic is being sent. Could - // be a DNS name with wildcard prefix or an IP address. Depending on the - // platform, short-names can also be used instead of a FQDN (i.e. has no - // dots in the name). In such a scenario, the FQDN of the host would be - // derived based on the underlying platform. - // - // A single VirtualService can be used to describe all the traffic - // properties of the corresponding hosts, including those for multiple - // HTTP and TCP ports. Alternatively, the traffic properties of a host - // can be defined using more than one VirtualService, with certain - // caveats. Refer to the - // [Operations Guide](https://istio.io/docs/ops/best-practices/traffic-management/#split-virtual-services) - // for details. - // - // *Note for Kubernetes users*: When short names are used (e.g. "reviews" - // instead of "reviews.default.svc.cluster.local"), Istio will interpret - // the short name based on the namespace of the rule, not the service. A - // rule in the "default" namespace containing a host "reviews" will be - // interpreted as "reviews.default.svc.cluster.local", irrespective of - // the actual namespace associated with the reviews service. _To avoid - // potential misconfigurations, it is recommended to always use fully - // qualified domain names over short names._ - // - // The hosts field applies to both HTTP and TCP services. Service inside - // the mesh, i.e., those found in the service registry, must always be - // referred to using their alphanumeric names. IP addresses are allowed - // only for services defined via the Gateway. - // - // *Note*: It must be empty for a delegate VirtualService. - repeated string hosts = 1; - - // The names of gateways and sidecars that should apply these routes. - // Gateways in other namespaces may be referred to by - // `/`; specifying a gateway with no - // namespace qualifier is the same as specifying the VirtualService's - // namespace. A single VirtualService is used for sidecars inside the mesh as - // well as for one or more gateways. The selection condition imposed by this - // field can be overridden using the source field in the match conditions - // of protocol-specific routes. The reserved word `mesh` is used to imply - // all the sidecars in the mesh. When this field is omitted, the default - // gateway (`mesh`) will be used, which would apply the rule to all - // sidecars in the mesh. If a list of gateway names is provided, the - // rules will apply only to the gateways. To apply the rules to both - // gateways and sidecars, specify `mesh` as one of the gateway names. - repeated string gateways = 2; - - // An ordered list of route rules for HTTP traffic. HTTP routes will be - // applied to platform service ports using HTTP/HTTP2/GRPC protocols, gateway - // ports with protocol HTTP/HTTP2/GRPC/TLS-terminated-HTTPS and service - // entry ports using HTTP/HTTP2/GRPC protocols. The first rule matching - // an incoming request is used. - repeated HTTPRoute http = 3; - - // An ordered list of route rule for non-terminated TLS & HTTPS - // traffic. Routing is typically performed using the SNI value presented - // by the ClientHello message. TLS routes will be applied to platform - // service ports named 'https-*', 'tls-*', unterminated gateway ports using - // HTTPS/TLS protocols (i.e. with "passthrough" TLS mode) and service - // entry ports using HTTPS/TLS protocols. The first rule matching an - // incoming request is used. NOTE: Traffic 'https-*' or 'tls-*' ports - // without associated virtual service will be treated as opaque TCP - // traffic. - repeated TLSRoute tls = 5; - - // An ordered list of route rules for opaque TCP traffic. TCP routes will - // be applied to any port that is not a HTTP or TLS port. The first rule - // matching an incoming request is used. - repeated TCPRoute tcp = 4; - - // A list of namespaces to which this virtual service is exported. Exporting a - // virtual service allows it to be used by sidecars and gateways defined in - // other namespaces. This feature provides a mechanism for service owners - // and mesh administrators to control the visibility of virtual services - // across namespace boundaries. - // - // If no namespaces are specified then the virtual service is exported to all - // namespaces by default. - // - // The value "." is reserved and defines an export to the same namespace that - // the virtual service is declared in. Similarly the value "*" is reserved and - // defines an export to all namespaces. - repeated string export_to = 6; -} - -// Destination indicates the network addressable service to which the -// request/connection will be sent after processing a routing rule. The -// destination.host should unambiguously refer to a service in the service -// registry. Istio's service registry is composed of all the services found -// in the platform's service registry (e.g., Kubernetes services, Consul -// services), as well as services declared through the -// [ServiceEntry](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry) resource. -// -// *Note for Kubernetes users*: When short names are used (e.g. "reviews" -// instead of "reviews.default.svc.cluster.local"), Istio will interpret -// the short name based on the namespace of the rule, not the service. A -// rule in the "default" namespace containing a host "reviews" will be -// interpreted as "reviews.default.svc.cluster.local", irrespective of the -// actual namespace associated with the reviews service. _To avoid potential -// misconfigurations, it is recommended to always use fully qualified -// domain names over short names._ -// -// The following Kubernetes example routes all traffic by default to pods -// of the reviews service with label "version: v1" (i.e., subset v1), and -// some to subset v2, in a Kubernetes environment. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: reviews-route -// namespace: foo -// spec: -// hosts: -// - reviews # interpreted as reviews.foo.svc.cluster.local -// http: -// - match: -// - uri: -// prefix: "/wpcatalog" -// - uri: -// prefix: "/consumercatalog" -// rewrite: -// uri: "/newcatalog" -// route: -// - destination: -// host: reviews # interpreted as reviews.foo.svc.cluster.local -// subset: v2 -// - route: -// - destination: -// host: reviews # interpreted as reviews.foo.svc.cluster.local -// subset: v1 -// ``` -// -// And the associated DestinationRule -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: reviews-destination -// namespace: foo -// spec: -// host: reviews # interpreted as reviews.foo.svc.cluster.local -// subsets: -// - name: v1 -// labels: -// version: v1 -// - name: v2 -// labels: -// version: v2 -// ``` -// -// The following VirtualService sets a timeout of 5s for all calls to -// productpage.prod.svc.cluster.local service in Kubernetes. Notice that -// there are no subsets defined in this rule. Istio will fetch all -// instances of productpage.prod.svc.cluster.local service from the service -// registry and populate the sidecar's load balancing pool. Also, notice -// that this rule is set in the istio-system namespace but uses the fully -// qualified domain name of the productpage service, -// productpage.prod.svc.cluster.local. Therefore the rule's namespace does -// not have an impact in resolving the name of the productpage service. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: my-productpage-rule -// namespace: istio-system -// spec: -// hosts: -// - productpage.prod.svc.cluster.local # ignores rule namespace -// http: -// - timeout: 5s -// route: -// - destination: -// host: productpage.prod.svc.cluster.local -// ``` -// -// To control routing for traffic bound to services outside the mesh, external -// services must first be added to Istio's internal service registry using the -// ServiceEntry resource. VirtualServices can then be defined to control traffic -// bound to these external services. For example, the following rules define a -// Service for wikipedia.org and set a timeout of 5s for HTTP requests. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-wikipedia -// spec: -// hosts: -// - wikipedia.org -// location: MESH_EXTERNAL -// ports: -// - number: 80 -// name: example-http -// protocol: HTTP -// resolution: DNS -// --- -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: my-wiki-rule -// spec: -// hosts: -// - wikipedia.org -// http: -// - timeout: 5s -// route: -// - destination: -// host: wikipedia.org -// ``` -// -message Destination { - // The name of a service from the service registry. Service - // names are looked up from the platform's service registry (e.g., - // Kubernetes services, Consul services, etc.) and from the hosts - // declared by [ServiceEntry](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry). Traffic forwarded to - // destinations that are not found in either of the two, will be dropped. - // - // *Note for Kubernetes users*: When short names are used (e.g. "reviews" - // instead of "reviews.default.svc.cluster.local"), Istio will interpret - // the short name based on the namespace of the rule, not the service. A - // rule in the "default" namespace containing a host "reviews" will be - // interpreted as "reviews.default.svc.cluster.local", irrespective of - // the actual namespace associated with the reviews service. To avoid - // potential misconfiguration, it is recommended to always use fully - // qualified domain names over short names. - string host = 1 [(google.api.field_behavior) = REQUIRED]; - - // The name of a subset within the service. Applicable only to services - // within the mesh. The subset must be defined in a corresponding - // DestinationRule. - string subset = 2; - - // Specifies the port on the host that is being addressed. If a service - // exposes only a single port it is not required to explicitly select the - // port. - PortSelector port = 3; -} - -// Describes match conditions and actions for routing HTTP/1.1, HTTP2, and -// gRPC traffic. See VirtualService for usage examples. -message HTTPRoute { - // The name assigned to the route for debugging purposes. The - // route's name will be concatenated with the match's name and will - // be logged in the access logs for requests matching this - // route/match. - string name = 17; - - // Match conditions to be satisfied for the rule to be - // activated. All conditions inside a single match block have AND - // semantics, while the list of match blocks have OR semantics. The rule - // is matched if any one of the match blocks succeed. - repeated HTTPMatchRequest match = 1; - - // A HTTP rule can either return a direct_response, redirect or forward (default) traffic. - // The forwarding target can be one of several versions of a service (see - // glossary in beginning of document). Weights associated with the - // service version determine the proportion of traffic it receives. - repeated HTTPRouteDestination route = 2; - - // A HTTP rule can either return a direct_response, redirect or forward (default) traffic. - // If traffic passthrough option is specified in the rule, - // route/redirect will be ignored. The redirect primitive can be used to - // send a HTTP 301 redirect to a different URI or Authority. - HTTPRedirect redirect = 3; - - // A HTTP rule can either return a direct_response, redirect or forward (default) traffic. - // Direct Response is used to specify a fixed response that should - // be sent to clients. - // - // It can be set only when `Route` and `Redirect` are empty. - HTTPDirectResponse direct_response = 21; - - // Delegate is used to specify the particular VirtualService which - // can be used to define delegate HTTPRoute. - // - // It can be set only when `Route` and `Redirect` are empty, and the route - // rules of the delegate VirtualService will be merged with that in the - // current one. - // - // **NOTE**: - // - // 1. Only one level delegation is supported. - // 2. The delegate's HTTPMatchRequest must be a strict subset of the root's, - // otherwise there is a conflict and the HTTPRoute will not take effect. - Delegate delegate = 20; - - // Rewrite HTTP URIs and Authority headers. Rewrite cannot be used with - // Redirect primitive. Rewrite will be performed before forwarding. - HTTPRewrite rewrite = 4; - - reserved 5; - reserved "websocket_upgrade"; - - // Timeout for HTTP requests, default is disabled. - google.protobuf.Duration timeout = 6; - - // Retry policy for HTTP requests. - HTTPRetry retries = 7; - - // Fault injection policy to apply on HTTP traffic at the client side. - // Note that timeouts or retries will not be enabled when faults are - // enabled on the client side. - HTTPFaultInjection fault = 8; - - // Mirror HTTP traffic to a another destination in addition to forwarding - // the requests to the intended destination. Mirrored traffic is on a - // best effort basis where the sidecar/gateway will not wait for the - // mirrored cluster to respond before returning the response from the - // original destination. Statistics will be generated for the mirrored - // destination. - Destination mirror = 9; - - // Specifies the destinations to mirror HTTP traffic in addition - // to the original destination. Mirrored traffic is on a - // best effort basis where the sidecar/gateway will not wait for the - // mirrored destinations to respond before returning the response from the - // original destination. Statistics will be generated for the mirrored - // destination. - repeated HTTPMirrorPolicy mirrors = 22; - - // Percentage of the traffic to be mirrored by the `mirror` field. - // Use of integer `mirror_percent` value is deprecated. Use the - // double `mirror_percentage` field instead - // $hide_from_docs - // +kubebuilder:altName=mirror_percent - google.protobuf.UInt32Value mirror_percent = 18 [deprecated=true]; - - // Percentage of the traffic to be mirrored by the `mirror` field. - // If this field is absent, all the traffic (100%) will be mirrored. - // Max value is 100. - Percent mirror_percentage = 19; - - // Cross-Origin Resource Sharing policy (CORS). Refer to - // [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) - // for further details about cross origin resource sharing. - CorsPolicy cors_policy = 10; - - reserved 11 to 15; - reserved "append_headers", "remove_response_headers", "append_response_headers","remove_request_headers", "append_request_headers"; - - // Header manipulation rules - Headers headers = 16; - - // $hide_from_docs - // Next available field number: 23 -} - - -// Describes the delegate VirtualService. -// The following routing rules forward the traffic to `/productpage` by a delegate VirtualService named `productpage`, -// forward the traffic to `/reviews` by a delegate VirtualService named `reviews`. -// -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// name: bookinfo -// spec: -// hosts: -// - "bookinfo.com" -// gateways: -// - mygateway -// http: -// - match: -// - uri: -// prefix: "/productpage" -// delegate: -// name: productpage -// namespace: nsA -// - match: -// - uri: -// prefix: "/reviews" -// delegate: -// name: reviews -// namespace: nsB -// ``` -// -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// name: productpage -// namespace: nsA -// spec: -// http: -// - match: -// - uri: -// prefix: "/productpage/v1/" -// route: -// - destination: -// host: productpage-v1.nsA.svc.cluster.local -// - route: -// - destination: -// host: productpage.nsA.svc.cluster.local -// ``` -// -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// name: reviews -// namespace: nsB -// spec: -// http: -// - route: -// - destination: -// host: reviews.nsB.svc.cluster.local -// ``` -message Delegate { - // Name specifies the name of the delegate VirtualService. - string name = 1; - // Namespace specifies the namespace where the delegate VirtualService resides. - // By default, it is same to the root's. - string namespace = 2; -} - - -// Message headers can be manipulated when Envoy forwards requests to, -// or responses from, a destination service. Header manipulation rules can -// be specified for a specific route destination or for all destinations. -// The following VirtualService adds a `test` header with the value `true` -// to requests that are routed to any `reviews` service destination. -// It also removes the `foo` response header, but only from responses -// coming from the `v1` subset (version) of the `reviews` service. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: reviews-route -// spec: -// hosts: -// - reviews.prod.svc.cluster.local -// http: -// - headers: -// request: -// set: -// test: "true" -// route: -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v2 -// weight: 25 -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v1 -// headers: -// response: -// remove: -// - foo -// weight: 75 -// ``` -message Headers { - // Header manipulation rules to apply before forwarding a request - // to the destination service - HeaderOperations request = 1; - // Header manipulation rules to apply before returning a response - // to the caller - HeaderOperations response = 2; - - // HeaderOperations Describes the header manipulations to apply - message HeaderOperations { - // Overwrite the headers specified by key with the given values - map set = 1; - // Append the given values to the headers specified by keys - // (will create a comma-separated list of values) - map add = 2; - // Remove the specified headers - repeated string remove = 3; - } -} - -// Describes match conditions and actions for routing unterminated TLS -// traffic (TLS/HTTPS) The following routing rule forwards unterminated TLS -// traffic arriving at port 443 of gateway called "mygateway" to internal -// services in the mesh based on the SNI value. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: bookinfo-sni -// spec: -// hosts: -// - "*.bookinfo.com" -// gateways: -// - mygateway -// tls: -// - match: -// - port: 443 -// sniHosts: -// - login.bookinfo.com -// route: -// - destination: -// host: login.prod.svc.cluster.local -// - match: -// - port: 443 -// sniHosts: -// - reviews.bookinfo.com -// route: -// - destination: -// host: reviews.prod.svc.cluster.local -// ``` -message TLSRoute { - // Match conditions to be satisfied for the rule to be - // activated. All conditions inside a single match block have AND - // semantics, while the list of match blocks have OR semantics. The rule - // is matched if any one of the match blocks succeed. - repeated TLSMatchAttributes match = 1 [(google.api.field_behavior) = REQUIRED]; - - // The destination to which the connection should be forwarded to. - repeated RouteDestination route = 2; -} - -// Describes match conditions and actions for routing TCP traffic. The -// following routing rule forwards traffic arriving at port 27017 for -// mongo.prod.svc.cluster.local to another Mongo server on port 5555. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: bookinfo-mongo -// spec: -// hosts: -// - mongo.prod.svc.cluster.local -// tcp: -// - match: -// - port: 27017 -// route: -// - destination: -// host: mongo.backup.svc.cluster.local -// port: -// number: 5555 -// ``` -message TCPRoute { - // Match conditions to be satisfied for the rule to be - // activated. All conditions inside a single match block have AND - // semantics, while the list of match blocks have OR semantics. The rule - // is matched if any one of the match blocks succeed. - repeated L4MatchAttributes match = 1; - - // The destination to which the connection should be forwarded to. - repeated RouteDestination route = 2; -} - -// HttpMatchRequest specifies a set of criteria to be met in order for the -// rule to be applied to the HTTP request. For example, the following -// restricts the rule to match only requests where the URL path -// starts with /ratings/v2/ and the request contains a custom `end-user` header -// with value `jason`. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: ratings-route -// spec: -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - headers: -// end-user: -// exact: jason -// uri: -// prefix: "/ratings/v2/" -// ignoreUriCase: true -// route: -// - destination: -// host: ratings.prod.svc.cluster.local -// ``` -// -// HTTPMatchRequest CANNOT be empty. -// **Note:** -// 1. If a root VirtualService have matched any property (path, header etc.) by regex, delegate VirtualServices should not have any other matches on the same property. -// 2. If a delegate VirtualService have matched any property (path, header etc.) by regex, root VirtualServices should not have any other matches on the same property. -message HTTPMatchRequest { - // The name assigned to a match. The match's name will be - // concatenated with the parent route's name and will be logged in - // the access logs for requests matching this route. - string name = 11; - - // URI to match - // values are case-sensitive and formatted as follows: - // - // - `exact: "value"` for exact string match - // - // - `prefix: "value"` for prefix-based match - // - // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - // - // **Note:** Case-insensitive matching could be enabled via the - // `ignoreUriCase` flag. - StringMatch uri = 1; - - // URI Scheme - // values are case-sensitive and formatted as follows: - // - // - `exact: "value"` for exact string match - // - // - `prefix: "value"` for prefix-based match - // - // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - // - StringMatch scheme = 2; - - // HTTP Method - // values are case-sensitive and formatted as follows: - // - // - `exact: "value"` for exact string match - // - // - `prefix: "value"` for prefix-based match - // - // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - // - StringMatch method = 3; - - // HTTP Authority - // values are case-sensitive and formatted as follows: - // - // - `exact: "value"` for exact string match - // - // - `prefix: "value"` for prefix-based match - // - // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - // - StringMatch authority = 4; - - // The header keys must be lowercase and use hyphen as the separator, - // e.g. _x-request-id_. - // - // Header values are case-sensitive and formatted as follows: - // - // - `exact: "value"` for exact string match - // - // - `prefix: "value"` for prefix-based match - // - // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - // - // If the value is empty and only the name of header is specified, presence of the header is checked. - // To provide an empty value, use `{}`, for example: - // - // ``` - // - match: - // - headers: - // myheader: {} - // ``` - // **Note:** The keys `uri`, `scheme`, `method`, and `authority` will be ignored. - map headers = 5; - - // Specifies the ports on the host that is being addressed. Many services - // only expose a single port or label ports with the protocols they support, - // in these cases it is not required to explicitly select the port. - uint32 port = 6; - - // One or more labels that constrain the applicability of a rule to source (client) workloads - // with the given labels. If the VirtualService has a list of gateways specified - // in the top-level `gateways` field, it must include the reserved gateway - // `mesh` for this field to be applicable. - map source_labels = 7; - - // Names of gateways where the rule should be applied. Gateway names - // in the top-level `gateways` field of the VirtualService (if any) are overridden. The gateway - // match is independent of sourceLabels. - repeated string gateways = 8; - - // Query parameters for matching. - // - // Ex: - // - // - For a query parameter like "?key=true", the map key would be "key" and - // the string match could be defined as `exact: "true"`. - // - // - For a query parameter like "?key", the map key would be "key" and the - // string match could be defined as `exact: ""`. - // - // - For a query parameter like "?key=abc" or "?key=abx", the map key would be "key" and the - // string match could be defined as `prefix: "ab"`. - // - // - For a query parameter like "?key=123", the map key would be "key" and the - // string match could be defined as `regex: "\d+$"`. Note that this - // configuration will only match values like "123" but not "a123" or "123a". - map query_params = 9; - - // Flag to specify whether the URI matching should be case-insensitive. - // - // **Note:** The case will be ignored only in the case of `exact` and `prefix` - // URI matches. - bool ignore_uri_case = 10; - - // withoutHeader has the same syntax with the header, but has opposite meaning. - // If a header is matched with a matching rule among withoutHeader, the traffic becomes not matched one. - map without_headers = 12; - - // Source namespace constraining the applicability of a rule to workloads in that namespace. - // If the VirtualService has a list of gateways specified in the top-level `gateways` field, - // it must include the reserved gateway `mesh` for this field to be applicable. - string source_namespace = 13; - - // The human readable prefix to use when emitting statistics for this route. - // The statistics are generated with prefix route.. - // This should be set for highly critical routes that one wishes to get "per-route" statistics on. - // This prefix is only for proxy-level statistics (envoy_*) and not service-level (istio_*) statistics. - // Refer to https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-route-stat-prefix - // for statistics that are generated when this is configured. - string stat_prefix = 14; -} - -// Each routing rule is associated with one or more service versions (see -// glossary in beginning of document). Weights associated with the version -// determine the proportion of traffic it receives. For example, the -// following rule will route 25% of traffic for the "reviews" service to -// instances with the "v2" tag and the remaining traffic (i.e., 75%) to -// "v1". -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: reviews-route -// spec: -// hosts: -// - reviews.prod.svc.cluster.local -// http: -// - route: -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v2 -// weight: 25 -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v1 -// weight: 75 -// ``` -// -// And the associated DestinationRule -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: reviews-destination -// spec: -// host: reviews.prod.svc.cluster.local -// subsets: -// - name: v1 -// labels: -// version: v1 -// - name: v2 -// labels: -// version: v2 -// ``` -// -// Traffic can also be split across two entirely different services without -// having to define new subsets. For example, the following rule forwards 25% of -// traffic to reviews.com to dev.reviews.com -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: reviews-route-two-domains -// spec: -// hosts: -// - reviews.com -// http: -// - route: -// - destination: -// host: dev.reviews.com -// weight: 25 -// - destination: -// host: reviews.com -// weight: 75 -// ``` -// -message HTTPRouteDestination { - // Destination uniquely identifies the instances of a service - // to which the request/connection should be forwarded to. - Destination destination = 1 [(google.api.field_behavior) = REQUIRED]; - - // Weight specifies the relative proportion of traffic to be forwarded to the destination. A destination will receive `weight/(sum of all weights)` requests. - // If there is only one destination in a rule, it will receive all traffic. - // Otherwise, if weight is `0`, the destination will not receive any traffic. - int32 weight = 2; - - reserved 3 to 6; - reserved "remove_response_headers", "append_response_headers", "remove_request_headers", "append_request_headers"; - - // Header manipulation rules - Headers headers = 7; -} - -// L4 routing rule weighted destination. -message RouteDestination { - // Destination uniquely identifies the instances of a service - // to which the request/connection should be forwarded to. - Destination destination = 1 [(google.api.field_behavior) = REQUIRED]; - - // Weight specifies the relative proportion of traffic to be forwarded to the destination. A destination will receive `weight/(sum of all weights)` requests. - // If there is only one destination in a rule, it will receive all traffic. - // Otherwise, if weight is `0`, the destination will not receive any traffic. - int32 weight = 2; -} - -// L4 connection match attributes. Note that L4 connection matching support -// is incomplete. -message L4MatchAttributes { - // IPv4 or IPv6 ip addresses of destination with optional subnet. E.g., - // a.b.c.d/xx form or just a.b.c.d. - repeated string destination_subnets = 1; - - // Specifies the port on the host that is being addressed. Many services - // only expose a single port or label ports with the protocols they support, - // in these cases it is not required to explicitly select the port. - uint32 port = 2; - - // IPv4 or IPv6 ip address of source with optional subnet. E.g., a.b.c.d/xx - // form or just a.b.c.d - // $hide_from_docs - string source_subnet = 3; - - // One or more labels that constrain the applicability of a rule to - // workloads with the given labels. If the VirtualService has a list of - // gateways specified in the top-level `gateways` field, it should include the reserved gateway - // `mesh` in order for this field to be applicable. - map source_labels = 4; - - // Names of gateways where the rule should be applied. Gateway names - // in the top-level `gateways` field of the VirtualService (if any) are overridden. The gateway - // match is independent of sourceLabels. - repeated string gateways = 5; - - // Source namespace constraining the applicability of a rule to workloads in that namespace. - // If the VirtualService has a list of gateways specified in the top-level `gateways` field, - // it must include the reserved gateway `mesh` for this field to be applicable. - string source_namespace = 6; -} - -// TLS connection match attributes. -message TLSMatchAttributes { - // SNI (server name indicator) to match on. Wildcard prefixes - // can be used in the SNI value, e.g., *.com will match foo.example.com - // as well as example.com. An SNI value must be a subset (i.e., fall - // within the domain) of the corresponding virtual service's hosts. - repeated string sni_hosts = 1 [(google.api.field_behavior) = REQUIRED]; - - // IPv4 or IPv6 ip addresses of destination with optional subnet. E.g., - // a.b.c.d/xx form or just a.b.c.d. - repeated string destination_subnets = 2; - - // Specifies the port on the host that is being addressed. Many services - // only expose a single port or label ports with the protocols they - // support, in these cases it is not required to explicitly select the - // port. - uint32 port = 3; - - reserved 4; - reserved "source_subnet"; - - // One or more labels that constrain the applicability of a rule to - // workloads with the given labels. If the VirtualService has a list of - // gateways specified in the top-level `gateways` field, it should include the reserved gateway - // `mesh` in order for this field to be applicable. - map source_labels = 5; - - // Names of gateways where the rule should be applied. Gateway names - // in the top-level `gateways` field of the VirtualService (if any) are overridden. The gateway - // match is independent of sourceLabels. - repeated string gateways = 6; - - // Source namespace constraining the applicability of a rule to workloads in that namespace. - // If the VirtualService has a list of gateways specified in the top-level `gateways` field, - // it must include the reserved gateway `mesh` for this field to be applicable. - string source_namespace = 7; -} - -// HTTPRedirect can be used to send a 301 redirect response to the caller, -// where the Authority/Host and the URI in the response can be swapped with -// the specified values. For example, the following rule redirects -// requests for /v1/getProductRatings API on the ratings service to -// /v1/bookRatings provided by the bookratings service. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: ratings-route -// spec: -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - uri: -// exact: /v1/getProductRatings -// redirect: -// uri: /v1/bookRatings -// authority: newratings.default.svc.cluster.local -// ... -// ``` -// -message HTTPRedirect { - // On a redirect, overwrite the Path portion of the URL with this - // value. Note that the entire path will be replaced, irrespective of the - // request URI being matched as an exact path or prefix. - string uri = 1; - - // On a redirect, overwrite the Authority/Host portion of the URL with - // this value. - string authority = 2; - - enum RedirectPortSelection { - FROM_PROTOCOL_DEFAULT = 0; - FROM_REQUEST_PORT = 1; - } - oneof redirect_port { - // On a redirect, overwrite the port portion of the URL with this value. - uint32 port = 4; - // On a redirect, dynamically set the port: - // * FROM_PROTOCOL_DEFAULT: automatically set to 80 for HTTP and 443 for HTTPS. - // * FROM_REQUEST_PORT: automatically use the port of the request. - RedirectPortSelection derive_port = 5; - } - - // On a redirect, overwrite the scheme portion of the URL with this value. - // For example, `http` or `https`. - // If unset, the original scheme will be used. - // If `derivePort` is set to `FROM_PROTOCOL_DEFAULT`, this will impact the port used as well - string scheme = 6; - - // On a redirect, Specifies the HTTP status code to use in the redirect - // response. The default response code is MOVED_PERMANENTLY (301). - uint32 redirect_code = 3; -} - -// HTTPDirectResponse can be used to send a fixed response to clients. -// For example, the following rule returns a fixed 503 status with a body -// to requests for /v1/getProductRatings API. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: ratings-route -// spec: -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - uri: -// exact: /v1/getProductRatings -// directResponse: -// status: 503 -// body: -// string: "unknown error" -// ... -// ``` -// -// It is also possible to specify a binary response body. -// This is mostly useful for non text-based protocols such as gRPC. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: ratings-route -// spec: -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - uri: -// exact: /v1/getProductRatings -// directResponse: -// status: 503 -// body: -// bytes: "dW5rbm93biBlcnJvcg==" # "unknown error" in base64 -// ... -// ``` -// -// It is good practice to add headers in the HTTPRoute -// as well as the direct_response, for example to specify -// the returned Content-Type. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: ratings-route -// spec: -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - uri: -// exact: /v1/getProductRatings -// directResponse: -// status: 503 -// body: -// string: "{\"error\": \"unknown error\"}" -// headers: -// response: -// set: -// content-type: "text/plain" -// ... -// ``` -// -message HTTPDirectResponse { - // Specifies the HTTP response status to be returned. - uint32 status = 1 [(google.api.field_behavior) = REQUIRED]; - - // Specifies the content of the response body. If this setting is omitted, - // no body is included in the generated response. - HTTPBody body = 2; -} - -message HTTPBody { - oneof specifier { - // response body as a string - string string = 1; - - // response body as base64 encoded bytes. - bytes bytes = 2; - } -} - -// HTTPRewrite can be used to rewrite specific parts of a HTTP request -// before forwarding the request to the destination. Rewrite primitive can -// be used only with HTTPRouteDestination. The following example -// demonstrates how to rewrite the URL prefix for api call (/ratings) to -// ratings service before making the actual API call. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: ratings-route -// spec: -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - uri: -// prefix: /ratings -// rewrite: -// uri: /v1/bookRatings -// route: -// - destination: -// host: ratings.prod.svc.cluster.local -// subset: v1 -// ``` -// -message HTTPRewrite { - // rewrite the path (or the prefix) portion of the URI with this - // value. If the original URI was matched based on prefix, the value - // provided in this field will replace the corresponding matched prefix. - string uri = 1; - - // rewrite the Authority/Host header with this value. - string authority = 2; - - // rewrite the path portion of the URI with the specified regex. - RegexRewrite uri_regex_rewrite = 3; -} - -message RegexRewrite { - // RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - string match = 1; - - // The string that should replace into matching portions of original URI. - // Capture groups in the pattern can be referenced in the new URI. - // Examples: - // - // Example 1: rewrite with capture groups - // Path pattern "/service/update/v1/api" with match "^/service/([^/]+)(/.*)$" and - // rewrite string of "/customprefix/\2/\1" would transform into "/customprefix/v1/api/update". - // - // Example 2: case insensitive rewrite - // Path pattern "/aaa/XxX/bbb" with match "(?i)/xxx/" and a rewrite string of /yyy/ would do a - // case-insensitive match and transform the path to "/aaa/yyy/bbb". - string rewrite = 2; -} - -// Describes how to match a given string in HTTP headers. Match is -// case-sensitive. -message StringMatch { - oneof match_type { - - // exact string match - string exact = 1; - - // prefix-based match - string prefix = 2; - - // RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - string regex = 3; - } -} - -// Describes the retry policy to use when a HTTP request fails. For -// example, the following rule sets the maximum number of retries to 3 when -// calling ratings:v1 service, with a 2s timeout per retry attempt. -// A retry will be attempted if there is a connect-failure, refused_stream -// or when the upstream server responds with Service Unavailable(503). -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: ratings-route -// spec: -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - route: -// - destination: -// host: ratings.prod.svc.cluster.local -// subset: v1 -// retries: -// attempts: 3 -// perTryTimeout: 2s -// retryOn: gateway-error,connect-failure,refused-stream -// ``` -// -message HTTPRetry { - // Number of retries to be allowed for a given request. The interval - // between retries will be determined automatically (25ms+). When request - // `timeout` of the [HTTP route](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPRoute) - // or `per_try_timeout` is configured, the actual number of retries attempted also depends on - // the specified request `timeout` and `per_try_timeout` values. MUST BE >= 0. If `0`, retries will be disabled. - // The maximum possible number of requests made will be 1 + `attempts`. - int32 attempts = 1; - - // Timeout per attempt for a given request, including the initial call and any retries. Format: 1h/1m/1s/1ms. MUST BE >=1ms. - // Default is same value as request - // `timeout` of the [HTTP route](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPRoute), - // which means no timeout. - google.protobuf.Duration per_try_timeout = 2; - - // Specifies the conditions under which retry takes place. - // One or more policies can be specified using a ‘,’ delimited list. - // If `retry_on` specifies a valid HTTP status, it will be added to retriable_status_codes retry policy. - // See the [retry policies](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-on) - // and [gRPC retry policies](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-grpc-on) for more details. - string retry_on = 3; - - // Flag to specify whether the retries should retry to other localities. - // See the [retry plugin configuration](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/http/http_connection_management#retry-plugin-configuration) for more details. - google.protobuf.BoolValue retry_remote_localities = 4; -} - -// Describes the Cross-Origin Resource Sharing (CORS) policy, for a given -// service. Refer to [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS) -// for further details about cross origin resource sharing. For example, -// the following rule restricts cross origin requests to those originating -// from example.com domain using HTTP POST/GET, and sets the -// `Access-Control-Allow-Credentials` header to false. In addition, it only -// exposes `X-Foo-bar` header and sets an expiry period of 1 day. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: ratings-route -// spec: -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - route: -// - destination: -// host: ratings.prod.svc.cluster.local -// subset: v1 -// corsPolicy: -// allowOrigins: -// - exact: https://example.com -// allowMethods: -// - POST -// - GET -// allowCredentials: false -// allowHeaders: -// - X-Foo-Bar -// maxAge: "24h" -// ``` -// -message CorsPolicy { - // The list of origins that are allowed to perform CORS requests. The - // content will be serialized into the Access-Control-Allow-Origin - // header. Wildcard * will allow all origins. - // $hide_from_docs - repeated string allow_origin = 1 [deprecated=true]; - - // String patterns that match allowed origins. - // An origin is allowed if any of the string matchers match. - // If a match is found, then the outgoing Access-Control-Allow-Origin would be set to the origin as provided by the client. - repeated StringMatch allow_origins = 7; - - // List of HTTP methods allowed to access the resource. The content will - // be serialized into the Access-Control-Allow-Methods header. - repeated string allow_methods = 2; - - // List of HTTP headers that can be used when requesting the - // resource. Serialized to Access-Control-Allow-Headers header. - repeated string allow_headers = 3; - - // A list of HTTP headers that the browsers are allowed to - // access. Serialized into Access-Control-Expose-Headers header. - repeated string expose_headers = 4; - - // Specifies how long the results of a preflight request can be - // cached. Translates to the `Access-Control-Max-Age` header. - google.protobuf.Duration max_age = 5; - - // Indicates whether the caller is allowed to send the actual request - // (not the preflight) using credentials. Translates to - // `Access-Control-Allow-Credentials` header. - google.protobuf.BoolValue allow_credentials = 6; - - // Indicates whether preflight requests not matching the configured - // allowed origin shouldn't be forwarded to the upstream. - // Default is forward to upstream. - UnmatchedPreflights unmatched_preflights = 8; - - enum UnmatchedPreflights { - // Default to FORWARD - UNSPECIFIED = 0; - // Preflight requests not matching the configured allowed origin - // will be forwarded to the upstream. - FORWARD = 1; - // Preflight requests not matching the configured allowed origin - // will not be forwarded to the upstream. - IGNORE = 2; - } -} - -// HTTPFaultInjection can be used to specify one or more faults to inject -// while forwarding HTTP requests to the destination specified in a route. -// Fault specification is part of a VirtualService rule. Faults include -// aborting the Http request from downstream service, and/or delaying -// proxying of requests. A fault rule MUST HAVE delay or abort or both. -// -// *Note:* Delay and abort faults are independent of one another, even if -// both are specified simultaneously. -message HTTPFaultInjection { - // Delay requests before forwarding, emulating various failures such as - // network issues, overloaded upstream service, etc. - Delay delay = 1; - - // Abort Http request attempts and return error codes back to downstream - // service, giving the impression that the upstream service is faulty. - Abort abort = 2; - - // Delay specification is used to inject latency into the request - // forwarding path. The following example will introduce a 5 second delay - // in 1 out of every 1000 requests to the "v1" version of the "reviews" - // service from all pods with label env: prod - // - // ```yaml - // apiVersion: networking.istio.io/v1beta1 - // kind: VirtualService - // metadata: - // name: reviews-route - // spec: - // hosts: - // - reviews.prod.svc.cluster.local - // http: - // - match: - // - sourceLabels: - // env: prod - // route: - // - destination: - // host: reviews.prod.svc.cluster.local - // subset: v1 - // fault: - // delay: - // percentage: - // value: 0.1 - // fixedDelay: 5s - // ``` - // - // The _fixedDelay_ field is used to indicate the amount of delay in seconds. - // The optional _percentage_ field can be used to only delay a certain - // percentage of requests. If left unspecified, no request will be delayed. - message Delay { - // Percentage of requests on which the delay will be injected (0-100). - // Use of integer `percent` value is deprecated. Use the double `percentage` - // field instead. - int32 percent = 1 [deprecated=true]; - - oneof http_delay_type { - // Add a fixed delay before forwarding the request. Format: - // 1h/1m/1s/1ms. MUST be >=1ms. - google.protobuf.Duration fixed_delay = 2; - - // $hide_from_docs - google.protobuf.Duration exponential_delay = 3 ; - } - - // Percentage of requests on which the delay will be injected. - // If left unspecified, no request will be delayed. - Percent percentage = 5; - } - - // Abort specification is used to prematurely abort a request with a - // pre-specified error code. The following example will return an HTTP 400 - // error code for 1 out of every 1000 requests to the "ratings" service "v1". - // - // ```yaml - // apiVersion: networking.istio.io/v1beta1 - // kind: VirtualService - // metadata: - // name: ratings-route - // spec: - // hosts: - // - ratings.prod.svc.cluster.local - // http: - // - route: - // - destination: - // host: ratings.prod.svc.cluster.local - // subset: v1 - // fault: - // abort: - // percentage: - // value: 0.1 - // httpStatus: 400 - // ``` - // - // The _httpStatus_ field is used to indicate the HTTP status code to - // return to the caller. The optional _percentage_ field can be used to only - // abort a certain percentage of requests. If not specified, no request will be - // aborted. - message Abort { - reserved 1; - reserved "percent"; - - oneof error_type { - // HTTP status code to use to abort the Http request. - int32 http_status = 2; - - // GRPC status code to use to abort the request. The supported - // codes are documented in https://github.com/grpc/grpc/blob/master/doc/statuscodes.md - // Note: If you want to return the status "Unavailable", then you should - // specify the code as `UNAVAILABLE`(all caps), but not `14`. - string grpc_status = 3; - - // $hide_from_docs - string http2_error = 4; - } - - // Percentage of requests to be aborted with the error code provided. - // If not specified, no request will be aborted. - Percent percentage = 5; - } -} - -// HTTPMirrorPolicy can be used to specify the destinations to mirror HTTP traffic in addition -// to the original destination. Mirrored traffic is on a -// best effort basis where the sidecar/gateway will not wait for the -// mirrored destinations to respond before returning the response from the -// original destination. Statistics will be generated for the mirrored -// destination. -message HTTPMirrorPolicy { - // Destination specifies the target of the mirror operation. - Destination destination = 1 [(google.api.field_behavior) = REQUIRED]; - - // Percentage of the traffic to be mirrored by the `destination` field. - // If this field is absent, all the traffic (100%) will be mirrored. - // Max value is 100. - Percent percentage = 2; -} - -// PortSelector specifies the number of a port to be used for -// matching or selection for final routing. -message PortSelector { - // Valid port number - uint32 number = 1; - - reserved 2; - reserved "name"; -} - -// Percent specifies a percentage in the range of [0.0, 100.0]. -message Percent { - double value = 1; -} diff --git a/networking/v1beta1/virtual_service_alias.gen.go b/networking/v1beta1/virtual_service_alias.gen.go new file mode 100644 index 00000000000..ee79cf54795 --- /dev/null +++ b/networking/v1beta1/virtual_service_alias.gen.go @@ -0,0 +1,55 @@ +// Code generated by protoc-gen-alias. DO NOT EDIT. +package v1beta1 + +import "istio.io/api/networking/v1alpha3" + +type VirtualService = v1alpha3.VirtualService +type Destination = v1alpha3.Destination +type HTTPRoute = v1alpha3.HTTPRoute +type Delegate = v1alpha3.Delegate +type Headers = v1alpha3.Headers +type Headers_HeaderOperations = v1alpha3.Headers_HeaderOperations +type TLSRoute = v1alpha3.TLSRoute +type TCPRoute = v1alpha3.TCPRoute +type HTTPMatchRequest = v1alpha3.HTTPMatchRequest +type HTTPRouteDestination = v1alpha3.HTTPRouteDestination +type RouteDestination = v1alpha3.RouteDestination +type L4MatchAttributes = v1alpha3.L4MatchAttributes +type TLSMatchAttributes = v1alpha3.TLSMatchAttributes +type HTTPRedirect = v1alpha3.HTTPRedirect +type HTTPRedirect_RedirectPortSelection = v1alpha3.HTTPRedirect_RedirectPortSelection + +const HTTPRedirect_FROM_PROTOCOL_DEFAULT HTTPRedirect_RedirectPortSelection = v1alpha3.HTTPRedirect_FROM_PROTOCOL_DEFAULT +const HTTPRedirect_FROM_REQUEST_PORT HTTPRedirect_RedirectPortSelection = v1alpha3.HTTPRedirect_FROM_REQUEST_PORT + +type HTTPRedirect_Port = v1alpha3.HTTPRedirect_Port +type HTTPRedirect_DerivePort = v1alpha3.HTTPRedirect_DerivePort +type HTTPDirectResponse = v1alpha3.HTTPDirectResponse +type HTTPBody = v1alpha3.HTTPBody +type HTTPBody_String_ = v1alpha3.HTTPBody_String_ +type HTTPBody_Bytes = v1alpha3.HTTPBody_Bytes +type HTTPRewrite = v1alpha3.HTTPRewrite +type RegexRewrite = v1alpha3.RegexRewrite +type StringMatch = v1alpha3.StringMatch +type StringMatch_Exact = v1alpha3.StringMatch_Exact +type StringMatch_Prefix = v1alpha3.StringMatch_Prefix +type StringMatch_Regex = v1alpha3.StringMatch_Regex +type HTTPRetry = v1alpha3.HTTPRetry +type CorsPolicy = v1alpha3.CorsPolicy +type CorsPolicy_UnmatchedPreflights = v1alpha3.CorsPolicy_UnmatchedPreflights + +const CorsPolicy_UNSPECIFIED CorsPolicy_UnmatchedPreflights = v1alpha3.CorsPolicy_UNSPECIFIED +const CorsPolicy_FORWARD CorsPolicy_UnmatchedPreflights = v1alpha3.CorsPolicy_FORWARD +const CorsPolicy_IGNORE CorsPolicy_UnmatchedPreflights = v1alpha3.CorsPolicy_IGNORE + +type HTTPFaultInjection = v1alpha3.HTTPFaultInjection +type HTTPFaultInjection_Delay = v1alpha3.HTTPFaultInjection_Delay +type HTTPFaultInjection_Delay_FixedDelay = v1alpha3.HTTPFaultInjection_Delay_FixedDelay +type HTTPFaultInjection_Delay_ExponentialDelay = v1alpha3.HTTPFaultInjection_Delay_ExponentialDelay +type HTTPFaultInjection_Abort = v1alpha3.HTTPFaultInjection_Abort +type HTTPFaultInjection_Abort_HttpStatus = v1alpha3.HTTPFaultInjection_Abort_HttpStatus +type HTTPFaultInjection_Abort_GrpcStatus = v1alpha3.HTTPFaultInjection_Abort_GrpcStatus +type HTTPFaultInjection_Abort_Http2Error = v1alpha3.HTTPFaultInjection_Abort_Http2Error +type HTTPMirrorPolicy = v1alpha3.HTTPMirrorPolicy +type PortSelector = v1alpha3.PortSelector +type Percent = v1alpha3.Percent diff --git a/networking/v1beta1/virtual_service_deepcopy.gen.go b/networking/v1beta1/virtual_service_deepcopy.gen.go deleted file mode 100644 index 30cf8d5f395..00000000000 --- a/networking/v1beta1/virtual_service_deepcopy.gen.go +++ /dev/null @@ -1,573 +0,0 @@ -// Code generated by protoc-gen-deepcopy. DO NOT EDIT. -package v1beta1 - -import ( - proto "google.golang.org/protobuf/proto" -) - -// DeepCopyInto supports using VirtualService within kubernetes types, where deepcopy-gen is used. -func (in *VirtualService) DeepCopyInto(out *VirtualService) { - p := proto.Clone(in).(*VirtualService) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VirtualService. Required by controller-gen. -func (in *VirtualService) DeepCopy() *VirtualService { - if in == nil { - return nil - } - out := new(VirtualService) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new VirtualService. Required by controller-gen. -func (in *VirtualService) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using Destination within kubernetes types, where deepcopy-gen is used. -func (in *Destination) DeepCopyInto(out *Destination) { - p := proto.Clone(in).(*Destination) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Destination. Required by controller-gen. -func (in *Destination) DeepCopy() *Destination { - if in == nil { - return nil - } - out := new(Destination) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Destination. Required by controller-gen. -func (in *Destination) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using HTTPRoute within kubernetes types, where deepcopy-gen is used. -func (in *HTTPRoute) DeepCopyInto(out *HTTPRoute) { - p := proto.Clone(in).(*HTTPRoute) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRoute. Required by controller-gen. -func (in *HTTPRoute) DeepCopy() *HTTPRoute { - if in == nil { - return nil - } - out := new(HTTPRoute) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRoute. Required by controller-gen. -func (in *HTTPRoute) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using Delegate within kubernetes types, where deepcopy-gen is used. -func (in *Delegate) DeepCopyInto(out *Delegate) { - p := proto.Clone(in).(*Delegate) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Delegate. Required by controller-gen. -func (in *Delegate) DeepCopy() *Delegate { - if in == nil { - return nil - } - out := new(Delegate) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Delegate. Required by controller-gen. -func (in *Delegate) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using Headers within kubernetes types, where deepcopy-gen is used. -func (in *Headers) DeepCopyInto(out *Headers) { - p := proto.Clone(in).(*Headers) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Headers. Required by controller-gen. -func (in *Headers) DeepCopy() *Headers { - if in == nil { - return nil - } - out := new(Headers) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Headers. Required by controller-gen. -func (in *Headers) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using Headers_HeaderOperations within kubernetes types, where deepcopy-gen is used. -func (in *Headers_HeaderOperations) DeepCopyInto(out *Headers_HeaderOperations) { - p := proto.Clone(in).(*Headers_HeaderOperations) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Headers_HeaderOperations. Required by controller-gen. -func (in *Headers_HeaderOperations) DeepCopy() *Headers_HeaderOperations { - if in == nil { - return nil - } - out := new(Headers_HeaderOperations) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Headers_HeaderOperations. Required by controller-gen. -func (in *Headers_HeaderOperations) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using TLSRoute within kubernetes types, where deepcopy-gen is used. -func (in *TLSRoute) DeepCopyInto(out *TLSRoute) { - p := proto.Clone(in).(*TLSRoute) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSRoute. Required by controller-gen. -func (in *TLSRoute) DeepCopy() *TLSRoute { - if in == nil { - return nil - } - out := new(TLSRoute) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new TLSRoute. Required by controller-gen. -func (in *TLSRoute) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using TCPRoute within kubernetes types, where deepcopy-gen is used. -func (in *TCPRoute) DeepCopyInto(out *TCPRoute) { - p := proto.Clone(in).(*TCPRoute) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPRoute. Required by controller-gen. -func (in *TCPRoute) DeepCopy() *TCPRoute { - if in == nil { - return nil - } - out := new(TCPRoute) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new TCPRoute. Required by controller-gen. -func (in *TCPRoute) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using HTTPMatchRequest within kubernetes types, where deepcopy-gen is used. -func (in *HTTPMatchRequest) DeepCopyInto(out *HTTPMatchRequest) { - p := proto.Clone(in).(*HTTPMatchRequest) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPMatchRequest. Required by controller-gen. -func (in *HTTPMatchRequest) DeepCopy() *HTTPMatchRequest { - if in == nil { - return nil - } - out := new(HTTPMatchRequest) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPMatchRequest. Required by controller-gen. -func (in *HTTPMatchRequest) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using HTTPRouteDestination within kubernetes types, where deepcopy-gen is used. -func (in *HTTPRouteDestination) DeepCopyInto(out *HTTPRouteDestination) { - p := proto.Clone(in).(*HTTPRouteDestination) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRouteDestination. Required by controller-gen. -func (in *HTTPRouteDestination) DeepCopy() *HTTPRouteDestination { - if in == nil { - return nil - } - out := new(HTTPRouteDestination) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRouteDestination. Required by controller-gen. -func (in *HTTPRouteDestination) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using RouteDestination within kubernetes types, where deepcopy-gen is used. -func (in *RouteDestination) DeepCopyInto(out *RouteDestination) { - p := proto.Clone(in).(*RouteDestination) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteDestination. Required by controller-gen. -func (in *RouteDestination) DeepCopy() *RouteDestination { - if in == nil { - return nil - } - out := new(RouteDestination) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new RouteDestination. Required by controller-gen. -func (in *RouteDestination) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using L4MatchAttributes within kubernetes types, where deepcopy-gen is used. -func (in *L4MatchAttributes) DeepCopyInto(out *L4MatchAttributes) { - p := proto.Clone(in).(*L4MatchAttributes) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new L4MatchAttributes. Required by controller-gen. -func (in *L4MatchAttributes) DeepCopy() *L4MatchAttributes { - if in == nil { - return nil - } - out := new(L4MatchAttributes) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new L4MatchAttributes. Required by controller-gen. -func (in *L4MatchAttributes) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using TLSMatchAttributes within kubernetes types, where deepcopy-gen is used. -func (in *TLSMatchAttributes) DeepCopyInto(out *TLSMatchAttributes) { - p := proto.Clone(in).(*TLSMatchAttributes) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSMatchAttributes. Required by controller-gen. -func (in *TLSMatchAttributes) DeepCopy() *TLSMatchAttributes { - if in == nil { - return nil - } - out := new(TLSMatchAttributes) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new TLSMatchAttributes. Required by controller-gen. -func (in *TLSMatchAttributes) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using HTTPRedirect within kubernetes types, where deepcopy-gen is used. -func (in *HTTPRedirect) DeepCopyInto(out *HTTPRedirect) { - p := proto.Clone(in).(*HTTPRedirect) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRedirect. Required by controller-gen. -func (in *HTTPRedirect) DeepCopy() *HTTPRedirect { - if in == nil { - return nil - } - out := new(HTTPRedirect) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRedirect. Required by controller-gen. -func (in *HTTPRedirect) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using HTTPDirectResponse within kubernetes types, where deepcopy-gen is used. -func (in *HTTPDirectResponse) DeepCopyInto(out *HTTPDirectResponse) { - p := proto.Clone(in).(*HTTPDirectResponse) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPDirectResponse. Required by controller-gen. -func (in *HTTPDirectResponse) DeepCopy() *HTTPDirectResponse { - if in == nil { - return nil - } - out := new(HTTPDirectResponse) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPDirectResponse. Required by controller-gen. -func (in *HTTPDirectResponse) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using HTTPBody within kubernetes types, where deepcopy-gen is used. -func (in *HTTPBody) DeepCopyInto(out *HTTPBody) { - p := proto.Clone(in).(*HTTPBody) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPBody. Required by controller-gen. -func (in *HTTPBody) DeepCopy() *HTTPBody { - if in == nil { - return nil - } - out := new(HTTPBody) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPBody. Required by controller-gen. -func (in *HTTPBody) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using HTTPRewrite within kubernetes types, where deepcopy-gen is used. -func (in *HTTPRewrite) DeepCopyInto(out *HTTPRewrite) { - p := proto.Clone(in).(*HTTPRewrite) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRewrite. Required by controller-gen. -func (in *HTTPRewrite) DeepCopy() *HTTPRewrite { - if in == nil { - return nil - } - out := new(HTTPRewrite) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRewrite. Required by controller-gen. -func (in *HTTPRewrite) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using RegexRewrite within kubernetes types, where deepcopy-gen is used. -func (in *RegexRewrite) DeepCopyInto(out *RegexRewrite) { - p := proto.Clone(in).(*RegexRewrite) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegexRewrite. Required by controller-gen. -func (in *RegexRewrite) DeepCopy() *RegexRewrite { - if in == nil { - return nil - } - out := new(RegexRewrite) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new RegexRewrite. Required by controller-gen. -func (in *RegexRewrite) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using StringMatch within kubernetes types, where deepcopy-gen is used. -func (in *StringMatch) DeepCopyInto(out *StringMatch) { - p := proto.Clone(in).(*StringMatch) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StringMatch. Required by controller-gen. -func (in *StringMatch) DeepCopy() *StringMatch { - if in == nil { - return nil - } - out := new(StringMatch) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new StringMatch. Required by controller-gen. -func (in *StringMatch) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using HTTPRetry within kubernetes types, where deepcopy-gen is used. -func (in *HTTPRetry) DeepCopyInto(out *HTTPRetry) { - p := proto.Clone(in).(*HTTPRetry) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRetry. Required by controller-gen. -func (in *HTTPRetry) DeepCopy() *HTTPRetry { - if in == nil { - return nil - } - out := new(HTTPRetry) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPRetry. Required by controller-gen. -func (in *HTTPRetry) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using CorsPolicy within kubernetes types, where deepcopy-gen is used. -func (in *CorsPolicy) DeepCopyInto(out *CorsPolicy) { - p := proto.Clone(in).(*CorsPolicy) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CorsPolicy. Required by controller-gen. -func (in *CorsPolicy) DeepCopy() *CorsPolicy { - if in == nil { - return nil - } - out := new(CorsPolicy) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new CorsPolicy. Required by controller-gen. -func (in *CorsPolicy) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using HTTPFaultInjection within kubernetes types, where deepcopy-gen is used. -func (in *HTTPFaultInjection) DeepCopyInto(out *HTTPFaultInjection) { - p := proto.Clone(in).(*HTTPFaultInjection) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPFaultInjection. Required by controller-gen. -func (in *HTTPFaultInjection) DeepCopy() *HTTPFaultInjection { - if in == nil { - return nil - } - out := new(HTTPFaultInjection) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPFaultInjection. Required by controller-gen. -func (in *HTTPFaultInjection) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using HTTPFaultInjection_Delay within kubernetes types, where deepcopy-gen is used. -func (in *HTTPFaultInjection_Delay) DeepCopyInto(out *HTTPFaultInjection_Delay) { - p := proto.Clone(in).(*HTTPFaultInjection_Delay) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPFaultInjection_Delay. Required by controller-gen. -func (in *HTTPFaultInjection_Delay) DeepCopy() *HTTPFaultInjection_Delay { - if in == nil { - return nil - } - out := new(HTTPFaultInjection_Delay) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPFaultInjection_Delay. Required by controller-gen. -func (in *HTTPFaultInjection_Delay) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using HTTPFaultInjection_Abort within kubernetes types, where deepcopy-gen is used. -func (in *HTTPFaultInjection_Abort) DeepCopyInto(out *HTTPFaultInjection_Abort) { - p := proto.Clone(in).(*HTTPFaultInjection_Abort) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPFaultInjection_Abort. Required by controller-gen. -func (in *HTTPFaultInjection_Abort) DeepCopy() *HTTPFaultInjection_Abort { - if in == nil { - return nil - } - out := new(HTTPFaultInjection_Abort) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPFaultInjection_Abort. Required by controller-gen. -func (in *HTTPFaultInjection_Abort) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using HTTPMirrorPolicy within kubernetes types, where deepcopy-gen is used. -func (in *HTTPMirrorPolicy) DeepCopyInto(out *HTTPMirrorPolicy) { - p := proto.Clone(in).(*HTTPMirrorPolicy) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPMirrorPolicy. Required by controller-gen. -func (in *HTTPMirrorPolicy) DeepCopy() *HTTPMirrorPolicy { - if in == nil { - return nil - } - out := new(HTTPMirrorPolicy) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPMirrorPolicy. Required by controller-gen. -func (in *HTTPMirrorPolicy) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using PortSelector within kubernetes types, where deepcopy-gen is used. -func (in *PortSelector) DeepCopyInto(out *PortSelector) { - p := proto.Clone(in).(*PortSelector) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PortSelector. Required by controller-gen. -func (in *PortSelector) DeepCopy() *PortSelector { - if in == nil { - return nil - } - out := new(PortSelector) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new PortSelector. Required by controller-gen. -func (in *PortSelector) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using Percent within kubernetes types, where deepcopy-gen is used. -func (in *Percent) DeepCopyInto(out *Percent) { - p := proto.Clone(in).(*Percent) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Percent. Required by controller-gen. -func (in *Percent) DeepCopy() *Percent { - if in == nil { - return nil - } - out := new(Percent) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Percent. Required by controller-gen. -func (in *Percent) DeepCopyInterface() interface{} { - return in.DeepCopy() -} diff --git a/networking/v1beta1/virtual_service_json.gen.go b/networking/v1beta1/virtual_service_json.gen.go deleted file mode 100644 index 82fa845124a..00000000000 --- a/networking/v1beta1/virtual_service_json.gen.go +++ /dev/null @@ -1,309 +0,0 @@ -// Code generated by protoc-gen-jsonshim. DO NOT EDIT. -package v1beta1 - -import ( - bytes "bytes" - jsonpb "github.com/golang/protobuf/jsonpb" -) - -// MarshalJSON is a custom marshaler for VirtualService -func (this *VirtualService) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for VirtualService -func (this *VirtualService) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for Destination -func (this *Destination) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for Destination -func (this *Destination) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for HTTPRoute -func (this *HTTPRoute) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for HTTPRoute -func (this *HTTPRoute) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for Delegate -func (this *Delegate) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for Delegate -func (this *Delegate) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for Headers -func (this *Headers) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for Headers -func (this *Headers) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for Headers_HeaderOperations -func (this *Headers_HeaderOperations) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for Headers_HeaderOperations -func (this *Headers_HeaderOperations) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for TLSRoute -func (this *TLSRoute) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for TLSRoute -func (this *TLSRoute) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for TCPRoute -func (this *TCPRoute) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for TCPRoute -func (this *TCPRoute) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for HTTPMatchRequest -func (this *HTTPMatchRequest) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for HTTPMatchRequest -func (this *HTTPMatchRequest) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for HTTPRouteDestination -func (this *HTTPRouteDestination) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for HTTPRouteDestination -func (this *HTTPRouteDestination) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for RouteDestination -func (this *RouteDestination) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for RouteDestination -func (this *RouteDestination) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for L4MatchAttributes -func (this *L4MatchAttributes) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for L4MatchAttributes -func (this *L4MatchAttributes) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for TLSMatchAttributes -func (this *TLSMatchAttributes) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for TLSMatchAttributes -func (this *TLSMatchAttributes) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for HTTPRedirect -func (this *HTTPRedirect) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for HTTPRedirect -func (this *HTTPRedirect) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for HTTPDirectResponse -func (this *HTTPDirectResponse) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for HTTPDirectResponse -func (this *HTTPDirectResponse) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for HTTPBody -func (this *HTTPBody) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for HTTPBody -func (this *HTTPBody) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for HTTPRewrite -func (this *HTTPRewrite) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for HTTPRewrite -func (this *HTTPRewrite) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for RegexRewrite -func (this *RegexRewrite) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for RegexRewrite -func (this *RegexRewrite) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for StringMatch -func (this *StringMatch) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for StringMatch -func (this *StringMatch) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for HTTPRetry -func (this *HTTPRetry) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for HTTPRetry -func (this *HTTPRetry) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for CorsPolicy -func (this *CorsPolicy) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for CorsPolicy -func (this *CorsPolicy) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for HTTPFaultInjection -func (this *HTTPFaultInjection) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for HTTPFaultInjection -func (this *HTTPFaultInjection) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for HTTPFaultInjection_Delay -func (this *HTTPFaultInjection_Delay) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for HTTPFaultInjection_Delay -func (this *HTTPFaultInjection_Delay) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for HTTPFaultInjection_Abort -func (this *HTTPFaultInjection_Abort) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for HTTPFaultInjection_Abort -func (this *HTTPFaultInjection_Abort) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for HTTPMirrorPolicy -func (this *HTTPMirrorPolicy) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for HTTPMirrorPolicy -func (this *HTTPMirrorPolicy) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for PortSelector -func (this *PortSelector) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for PortSelector -func (this *PortSelector) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for Percent -func (this *Percent) MarshalJSON() ([]byte, error) { - str, err := VirtualServiceMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for Percent -func (this *Percent) UnmarshalJSON(b []byte) error { - return VirtualServiceUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -var ( - VirtualServiceMarshaler = &jsonpb.Marshaler{} - VirtualServiceUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} -) diff --git a/networking/v1beta1/workload_entry.pb.go b/networking/v1beta1/workload_entry.pb.go deleted file mode 100644 index 08b8a73e79f..00000000000 --- a/networking/v1beta1/workload_entry.pb.go +++ /dev/null @@ -1,432 +0,0 @@ -// Copyright 2020 Istio Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.33.0 -// protoc (unknown) -// source: networking/v1beta1/workload_entry.proto - -// $schema: istio.networking.v1beta1.WorkloadEntry -// $title: Workload Entry -// $description: Configuration affecting VMs onboarded into the mesh. -// $location: https://istio.io/docs/reference/config/networking/workload-entry.html -// $aliases: [/docs/reference/config/networking/v1beta1/workload-entry] -// $mode: none - -// `WorkloadEntry` enables operators to describe the properties of a -// single non-Kubernetes workload such as a VM or a bare metal server -// as it is onboarded into the mesh. A `WorkloadEntry` must be -// accompanied by an Istio `ServiceEntry` that selects the workload -// through the appropriate labels and provides the service definition -// for a `MESH_INTERNAL` service (hostnames, port properties, etc.). A -// `ServiceEntry` object can select multiple workload entries as well -// as Kubernetes pods based on the label selector specified in the -// service entry. -// -// When a workload connects to `istiod`, the status field in the -// custom resource will be updated to indicate the health of the -// workload along with other details, similar to how Kubernetes -// updates the status of a pod. -// -// The following example declares a workload entry representing a VM -// for the `details.bookinfo.com` service. This VM has sidecar -// installed and bootstrapped using the `details-legacy` service -// account. The service is exposed on port 80 to applications in the -// mesh. The HTTP traffic to this service is wrapped in Istio mutual -// TLS and sent to sidecars on VMs on target port 8080, that in turn -// forward it to the application on localhost on the same port. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: WorkloadEntry -// metadata: -// name: details-svc -// spec: -// # use of the service account indicates that the workload has a -// # sidecar proxy bootstrapped with this service account. Pods with -// # sidecars will automatically communicate with the workload using -// # istio mutual TLS. -// serviceAccount: details-legacy -// address: 2.2.2.2 -// labels: -// app: details-legacy -// instance-id: vm1 -// ``` -// -// and the associated service entry -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: details-svc -// spec: -// hosts: -// - details.bookinfo.com -// location: MESH_INTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// targetPort: 8080 -// resolution: STATIC -// workloadSelector: -// labels: -// app: details-legacy -// ``` -// -// -// The following example declares the same VM workload using -// its fully qualified DNS name. The service entry's resolution -// mode should be changed to DNS to indicate that the client-side -// sidecars should dynamically resolve the DNS name at runtime before -// forwarding the request. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: WorkloadEntry -// metadata: -// name: details-svc -// spec: -// # use of the service account indicates that the workload has a -// # sidecar proxy bootstrapped with this service account. Pods with -// # sidecars will automatically communicate with the workload using -// # istio mutual TLS. -// serviceAccount: details-legacy -// address: vm1.vpc01.corp.net -// labels: -// app: details-legacy -// instance-id: vm1 -// ``` -// -// and the associated service entry -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: details-svc -// spec: -// hosts: -// - details.bookinfo.com -// location: MESH_INTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// targetPort: 8080 -// resolution: DNS -// workloadSelector: -// labels: -// app: details-legacy -// ``` -// -// The following example declares a VM workload without an address. -// An alternative to having istiod read from remote API servers is -// to write a `WorkloadEntry` in the local cluster that represents -// the Workload(s) in the remote network with the given labels. A -// single `WorkloadEntry` with weights represent the aggregate of all -// the actual workloads in a given remote network. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: WorkloadEntry -// metadata: -// name: foo-workloads-cluster-2 -// spec: -// serviceAccount: foo -// network: cluster-2-network -// labels: -// app: foo -// ``` - -package v1beta1 - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// WorkloadEntry enables specifying the properties of a single non-Kubernetes workload such a VM or a bare metal services that can be referred to by service entries. -// -// -// -type WorkloadEntry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Address associated with the network endpoint without the - // port. Domain names can be used if and only if the resolution is set - // to DNS, and must be fully-qualified without wildcards. Use the form - // unix:///absolute/path/to/socket for Unix domain socket endpoints. - // If address is empty, network must be specified. - Address string `protobuf:"bytes,1,opt,name=address,proto3" json:"address,omitempty"` - // Set of ports associated with the endpoint. If the port map is - // specified, it must be a map of servicePortName to this endpoint's - // port, such that traffic to the service port will be forwarded to - // the endpoint port that maps to the service's portName. If - // omitted, and the targetPort is specified as part of the service's - // port specification, traffic to the service port will be forwarded - // to one of the endpoints on the specified `targetPort`. If both - // the targetPort and endpoint's port map are not specified, traffic - // to a service port will be forwarded to one of the endpoints on - // the same port. - // - // **NOTE 1:** Do not use for `unix://` addresses. - // - // **NOTE 2:** endpoint port map takes precedence over targetPort. - Ports map[string]uint32 `protobuf:"bytes,2,rep,name=ports,proto3" json:"ports,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"varint,2,opt,name=value,proto3"` - // One or more labels associated with the endpoint. - Labels map[string]string `protobuf:"bytes,3,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - // Network enables Istio to group endpoints resident in the same L3 - // domain/network. All endpoints in the same network are assumed to be - // directly reachable from one another. When endpoints in different - // networks cannot reach each other directly, an Istio Gateway can be - // used to establish connectivity (usually using the - // `AUTO_PASSTHROUGH` mode in a Gateway Server). This is - // an advanced configuration used typically for spanning an Istio mesh - // over multiple clusters. Required if address is not provided. - Network string `protobuf:"bytes,4,opt,name=network,proto3" json:"network,omitempty"` - // The locality associated with the endpoint. A locality corresponds - // to a failure domain (e.g., country/region/zone). Arbitrary failure - // domain hierarchies can be represented by separating each - // encapsulating failure domain by /. For example, the locality of an - // an endpoint in US, in US-East-1 region, within availability zone - // az-1, in data center rack r11 can be represented as - // us/us-east-1/az-1/r11. Istio will configure the sidecar to route to - // endpoints within the same locality as the sidecar. If none of the - // endpoints in the locality are available, endpoints parent locality - // (but within the same network ID) will be chosen. For example, if - // there are two endpoints in same network (networkID "n1"), say e1 - // with locality us/us-east-1/az-1/r11 and e2 with locality - // us/us-east-1/az-2/r12, a sidecar from us/us-east-1/az-1/r11 locality - // will prefer e1 from the same locality over e2 from a different - // locality. Endpoint e2 could be the IP associated with a gateway - // (that bridges networks n1 and n2), or the IP associated with a - // standard service endpoint. - Locality string `protobuf:"bytes,5,opt,name=locality,proto3" json:"locality,omitempty"` - // The load balancing weight associated with the endpoint. Endpoints - // with higher weights will receive proportionally higher traffic. - Weight uint32 `protobuf:"varint,6,opt,name=weight,proto3" json:"weight,omitempty"` - // The service account associated with the workload if a sidecar - // is present in the workload. The service account must be present - // in the same namespace as the configuration ( WorkloadEntry or a - // ServiceEntry) - ServiceAccount string `protobuf:"bytes,7,opt,name=service_account,json=serviceAccount,proto3" json:"service_account,omitempty"` -} - -func (x *WorkloadEntry) Reset() { - *x = WorkloadEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_workload_entry_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *WorkloadEntry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*WorkloadEntry) ProtoMessage() {} - -func (x *WorkloadEntry) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_workload_entry_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use WorkloadEntry.ProtoReflect.Descriptor instead. -func (*WorkloadEntry) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_workload_entry_proto_rawDescGZIP(), []int{0} -} - -func (x *WorkloadEntry) GetAddress() string { - if x != nil { - return x.Address - } - return "" -} - -func (x *WorkloadEntry) GetPorts() map[string]uint32 { - if x != nil { - return x.Ports - } - return nil -} - -func (x *WorkloadEntry) GetLabels() map[string]string { - if x != nil { - return x.Labels - } - return nil -} - -func (x *WorkloadEntry) GetNetwork() string { - if x != nil { - return x.Network - } - return "" -} - -func (x *WorkloadEntry) GetLocality() string { - if x != nil { - return x.Locality - } - return "" -} - -func (x *WorkloadEntry) GetWeight() uint32 { - if x != nil { - return x.Weight - } - return 0 -} - -func (x *WorkloadEntry) GetServiceAccount() string { - if x != nil { - return x.ServiceAccount - } - return "" -} - -var File_networking_v1beta1_workload_entry_proto protoreflect.FileDescriptor - -var file_networking_v1beta1_workload_entry_proto_rawDesc = []byte{ - 0x0a, 0x27, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, - 0x65, 0x74, 0x61, 0x31, 0x2f, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x65, 0x6e, - 0x74, 0x72, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x18, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, - 0x74, 0x61, 0x31, 0x22, 0xac, 0x03, 0x0a, 0x0d, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, - 0x48, 0x0a, 0x05, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x32, - 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, - 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, - 0x61, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x50, 0x6f, 0x72, 0x74, 0x73, 0x45, 0x6e, 0x74, - 0x72, 0x79, 0x52, 0x05, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x12, 0x4b, 0x0a, 0x06, 0x6c, 0x61, 0x62, - 0x65, 0x6c, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x69, 0x73, 0x74, 0x69, - 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, - 0x65, 0x74, 0x61, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x45, 0x6e, 0x74, - 0x72, 0x79, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, - 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, - 0x6b, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x12, 0x1a, 0x0a, 0x08, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x18, 0x05, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x08, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x12, 0x16, 0x0a, 0x06, - 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x77, 0x65, - 0x69, 0x67, 0x68, 0x74, 0x12, 0x27, 0x0a, 0x0f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, - 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x73, - 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x1a, 0x38, 0x0a, - 0x0a, 0x50, 0x6f, 0x72, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, - 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, - 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, 0x76, 0x61, - 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x39, 0x0a, 0x0b, 0x4c, 0x61, 0x62, 0x65, 0x6c, - 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, - 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, - 0x38, 0x01, 0x42, 0x21, 0x5a, 0x1f, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, - 0x70, 0x69, 0x2f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, - 0x62, 0x65, 0x74, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} - -var ( - file_networking_v1beta1_workload_entry_proto_rawDescOnce sync.Once - file_networking_v1beta1_workload_entry_proto_rawDescData = file_networking_v1beta1_workload_entry_proto_rawDesc -) - -func file_networking_v1beta1_workload_entry_proto_rawDescGZIP() []byte { - file_networking_v1beta1_workload_entry_proto_rawDescOnce.Do(func() { - file_networking_v1beta1_workload_entry_proto_rawDescData = protoimpl.X.CompressGZIP(file_networking_v1beta1_workload_entry_proto_rawDescData) - }) - return file_networking_v1beta1_workload_entry_proto_rawDescData -} - -var file_networking_v1beta1_workload_entry_proto_msgTypes = make([]protoimpl.MessageInfo, 3) -var file_networking_v1beta1_workload_entry_proto_goTypes = []interface{}{ - (*WorkloadEntry)(nil), // 0: istio.networking.v1beta1.WorkloadEntry - nil, // 1: istio.networking.v1beta1.WorkloadEntry.PortsEntry - nil, // 2: istio.networking.v1beta1.WorkloadEntry.LabelsEntry -} -var file_networking_v1beta1_workload_entry_proto_depIdxs = []int32{ - 1, // 0: istio.networking.v1beta1.WorkloadEntry.ports:type_name -> istio.networking.v1beta1.WorkloadEntry.PortsEntry - 2, // 1: istio.networking.v1beta1.WorkloadEntry.labels:type_name -> istio.networking.v1beta1.WorkloadEntry.LabelsEntry - 2, // [2:2] is the sub-list for method output_type - 2, // [2:2] is the sub-list for method input_type - 2, // [2:2] is the sub-list for extension type_name - 2, // [2:2] is the sub-list for extension extendee - 0, // [0:2] is the sub-list for field type_name -} - -func init() { file_networking_v1beta1_workload_entry_proto_init() } -func file_networking_v1beta1_workload_entry_proto_init() { - if File_networking_v1beta1_workload_entry_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_networking_v1beta1_workload_entry_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*WorkloadEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_networking_v1beta1_workload_entry_proto_rawDesc, - NumEnums: 0, - NumMessages: 3, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_networking_v1beta1_workload_entry_proto_goTypes, - DependencyIndexes: file_networking_v1beta1_workload_entry_proto_depIdxs, - MessageInfos: file_networking_v1beta1_workload_entry_proto_msgTypes, - }.Build() - File_networking_v1beta1_workload_entry_proto = out.File - file_networking_v1beta1_workload_entry_proto_rawDesc = nil - file_networking_v1beta1_workload_entry_proto_goTypes = nil - file_networking_v1beta1_workload_entry_proto_depIdxs = nil -} diff --git a/networking/v1beta1/workload_entry.proto b/networking/v1beta1/workload_entry.proto deleted file mode 100644 index 1a57c06fa30..00000000000 --- a/networking/v1beta1/workload_entry.proto +++ /dev/null @@ -1,230 +0,0 @@ -// Copyright 2020 Istio Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -// $schema: istio.networking.v1beta1.WorkloadEntry -// $title: Workload Entry -// $description: Configuration affecting VMs onboarded into the mesh. -// $location: https://istio.io/docs/reference/config/networking/workload-entry.html -// $aliases: [/docs/reference/config/networking/v1beta1/workload-entry] -// $mode: none - -// `WorkloadEntry` enables operators to describe the properties of a -// single non-Kubernetes workload such as a VM or a bare metal server -// as it is onboarded into the mesh. A `WorkloadEntry` must be -// accompanied by an Istio `ServiceEntry` that selects the workload -// through the appropriate labels and provides the service definition -// for a `MESH_INTERNAL` service (hostnames, port properties, etc.). A -// `ServiceEntry` object can select multiple workload entries as well -// as Kubernetes pods based on the label selector specified in the -// service entry. -// -// When a workload connects to `istiod`, the status field in the -// custom resource will be updated to indicate the health of the -// workload along with other details, similar to how Kubernetes -// updates the status of a pod. -// -// The following example declares a workload entry representing a VM -// for the `details.bookinfo.com` service. This VM has sidecar -// installed and bootstrapped using the `details-legacy` service -// account. The service is exposed on port 80 to applications in the -// mesh. The HTTP traffic to this service is wrapped in Istio mutual -// TLS and sent to sidecars on VMs on target port 8080, that in turn -// forward it to the application on localhost on the same port. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: WorkloadEntry -// metadata: -// name: details-svc -// spec: -// # use of the service account indicates that the workload has a -// # sidecar proxy bootstrapped with this service account. Pods with -// # sidecars will automatically communicate with the workload using -// # istio mutual TLS. -// serviceAccount: details-legacy -// address: 2.2.2.2 -// labels: -// app: details-legacy -// instance-id: vm1 -// ``` -// -// and the associated service entry -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: details-svc -// spec: -// hosts: -// - details.bookinfo.com -// location: MESH_INTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// targetPort: 8080 -// resolution: STATIC -// workloadSelector: -// labels: -// app: details-legacy -// ``` -// -// -// The following example declares the same VM workload using -// its fully qualified DNS name. The service entry's resolution -// mode should be changed to DNS to indicate that the client-side -// sidecars should dynamically resolve the DNS name at runtime before -// forwarding the request. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: WorkloadEntry -// metadata: -// name: details-svc -// spec: -// # use of the service account indicates that the workload has a -// # sidecar proxy bootstrapped with this service account. Pods with -// # sidecars will automatically communicate with the workload using -// # istio mutual TLS. -// serviceAccount: details-legacy -// address: vm1.vpc01.corp.net -// labels: -// app: details-legacy -// instance-id: vm1 -// ``` -// -// and the associated service entry -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: details-svc -// spec: -// hosts: -// - details.bookinfo.com -// location: MESH_INTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// targetPort: 8080 -// resolution: DNS -// workloadSelector: -// labels: -// app: details-legacy -// ``` -// -// The following example declares a VM workload without an address. -// An alternative to having istiod read from remote API servers is -// to write a `WorkloadEntry` in the local cluster that represents -// the Workload(s) in the remote network with the given labels. A -// single `WorkloadEntry` with weights represent the aggregate of all -// the actual workloads in a given remote network. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: WorkloadEntry -// metadata: -// name: foo-workloads-cluster-2 -// spec: -// serviceAccount: foo -// network: cluster-2-network -// labels: -// app: foo -// ``` -package istio.networking.v1beta1; - -option go_package = "istio.io/api/networking/v1beta1"; - -// WorkloadEntry enables specifying the properties of a single non-Kubernetes workload such a VM or a bare metal services that can be referred to by service entries. -// -// -// -message WorkloadEntry { - // Address associated with the network endpoint without the - // port. Domain names can be used if and only if the resolution is set - // to DNS, and must be fully-qualified without wildcards. Use the form - // unix:///absolute/path/to/socket for Unix domain socket endpoints. - // If address is empty, network must be specified. - string address = 1; - - // Set of ports associated with the endpoint. If the port map is - // specified, it must be a map of servicePortName to this endpoint's - // port, such that traffic to the service port will be forwarded to - // the endpoint port that maps to the service's portName. If - // omitted, and the targetPort is specified as part of the service's - // port specification, traffic to the service port will be forwarded - // to one of the endpoints on the specified `targetPort`. If both - // the targetPort and endpoint's port map are not specified, traffic - // to a service port will be forwarded to one of the endpoints on - // the same port. - // - // **NOTE 1:** Do not use for `unix://` addresses. - // - // **NOTE 2:** endpoint port map takes precedence over targetPort. - map ports = 2; - - // One or more labels associated with the endpoint. - map labels = 3; - - // Network enables Istio to group endpoints resident in the same L3 - // domain/network. All endpoints in the same network are assumed to be - // directly reachable from one another. When endpoints in different - // networks cannot reach each other directly, an Istio Gateway can be - // used to establish connectivity (usually using the - // `AUTO_PASSTHROUGH` mode in a Gateway Server). This is - // an advanced configuration used typically for spanning an Istio mesh - // over multiple clusters. Required if address is not provided. - string network = 4; - - // The locality associated with the endpoint. A locality corresponds - // to a failure domain (e.g., country/region/zone). Arbitrary failure - // domain hierarchies can be represented by separating each - // encapsulating failure domain by /. For example, the locality of an - // an endpoint in US, in US-East-1 region, within availability zone - // az-1, in data center rack r11 can be represented as - // us/us-east-1/az-1/r11. Istio will configure the sidecar to route to - // endpoints within the same locality as the sidecar. If none of the - // endpoints in the locality are available, endpoints parent locality - // (but within the same network ID) will be chosen. For example, if - // there are two endpoints in same network (networkID "n1"), say e1 - // with locality us/us-east-1/az-1/r11 and e2 with locality - // us/us-east-1/az-2/r12, a sidecar from us/us-east-1/az-1/r11 locality - // will prefer e1 from the same locality over e2 from a different - // locality. Endpoint e2 could be the IP associated with a gateway - // (that bridges networks n1 and n2), or the IP associated with a - // standard service endpoint. - string locality = 5; - - // The load balancing weight associated with the endpoint. Endpoints - // with higher weights will receive proportionally higher traffic. - uint32 weight = 6; - - // The service account associated with the workload if a sidecar - // is present in the workload. The service account must be present - // in the same namespace as the configuration ( WorkloadEntry or a - // ServiceEntry) - string service_account = 7; -}; diff --git a/networking/v1beta1/workload_entry_alias.gen.go b/networking/v1beta1/workload_entry_alias.gen.go new file mode 100644 index 00000000000..bfc85078fcb --- /dev/null +++ b/networking/v1beta1/workload_entry_alias.gen.go @@ -0,0 +1,6 @@ +// Code generated by protoc-gen-alias. DO NOT EDIT. +package v1beta1 + +import "istio.io/api/networking/v1alpha3" + +type WorkloadEntry = v1alpha3.WorkloadEntry diff --git a/networking/v1beta1/workload_entry_deepcopy.gen.go b/networking/v1beta1/workload_entry_deepcopy.gen.go deleted file mode 100644 index 2febbaa4eee..00000000000 --- a/networking/v1beta1/workload_entry_deepcopy.gen.go +++ /dev/null @@ -1,27 +0,0 @@ -// Code generated by protoc-gen-deepcopy. DO NOT EDIT. -package v1beta1 - -import ( - proto "google.golang.org/protobuf/proto" -) - -// DeepCopyInto supports using WorkloadEntry within kubernetes types, where deepcopy-gen is used. -func (in *WorkloadEntry) DeepCopyInto(out *WorkloadEntry) { - p := proto.Clone(in).(*WorkloadEntry) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadEntry. Required by controller-gen. -func (in *WorkloadEntry) DeepCopy() *WorkloadEntry { - if in == nil { - return nil - } - out := new(WorkloadEntry) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadEntry. Required by controller-gen. -func (in *WorkloadEntry) DeepCopyInterface() interface{} { - return in.DeepCopy() -} diff --git a/networking/v1beta1/workload_entry_json.gen.go b/networking/v1beta1/workload_entry_json.gen.go deleted file mode 100644 index 5a3d64f7f1e..00000000000 --- a/networking/v1beta1/workload_entry_json.gen.go +++ /dev/null @@ -1,23 +0,0 @@ -// Code generated by protoc-gen-jsonshim. DO NOT EDIT. -package v1beta1 - -import ( - bytes "bytes" - jsonpb "github.com/golang/protobuf/jsonpb" -) - -// MarshalJSON is a custom marshaler for WorkloadEntry -func (this *WorkloadEntry) MarshalJSON() ([]byte, error) { - str, err := WorkloadEntryMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for WorkloadEntry -func (this *WorkloadEntry) UnmarshalJSON(b []byte) error { - return WorkloadEntryUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -var ( - WorkloadEntryMarshaler = &jsonpb.Marshaler{} - WorkloadEntryUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} -) diff --git a/networking/v1beta1/workload_group.pb.go b/networking/v1beta1/workload_group.pb.go deleted file mode 100644 index 03b9a419853..00000000000 --- a/networking/v1beta1/workload_group.pb.go +++ /dev/null @@ -1,900 +0,0 @@ -// Copyright 2020 Istio Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.33.0 -// protoc (unknown) -// source: networking/v1beta1/workload_group.proto - -// $schema: istio.networking.v1alpha3.WorkloadGroup -// $title: Workload Group -// $description: Describes a collection of workload instances. -// $location: https://istio.io/docs/reference/config/networking/workload-group.html -// $aliases: [/docs/reference/config/networking/v1alpha3/workload-group] -// $mode: none - -// `WorkloadGroup` describes a collection of workload instances. -// It provides a specification that the workload instances can use to bootstrap -// their proxies, including the metadata and identity. It is only intended to -// be used with non-k8s workloads like Virtual Machines, and is meant to mimic -// the existing sidecar injection and deployment specification model used for -// Kubernetes workloads to bootstrap Istio proxies. -// -// The following example declares a workload group representing a collection -// of workloads that will be registered under `reviews` in namespace -// `bookinfo`. The set of labels will be associated with each workload -// instance during the bootstrap process, and the ports 3550 and 8080 -// will be associated with the workload group and use service account `default`. -// `app.kubernetes.io/version` is just an arbitrary example of a label. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: WorkloadGroup -// metadata: -// name: reviews -// namespace: bookinfo -// spec: -// metadata: -// labels: -// app.kubernetes.io/name: reviews -// app.kubernetes.io/version: "1.3.4" -// template: -// ports: -// grpc: 3550 -// http: 8080 -// serviceAccount: default -// probe: -// initialDelaySeconds: 5 -// timeoutSeconds: 3 -// periodSeconds: 4 -// successThreshold: 3 -// failureThreshold: 3 -// httpGet: -// path: /foo/bar -// host: 127.0.0.1 -// port: 3100 -// scheme: HTTPS -// httpHeaders: -// - name: Lit-Header -// value: Im-The-Best -// ``` - -package v1beta1 - -import ( - _ "google.golang.org/genproto/googleapis/api/annotations" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// `WorkloadGroup` enables specifying the properties of a single workload for bootstrap and -// provides a template for `WorkloadEntry`, similar to how `Deployment` specifies properties -// of workloads via `Pod` templates. A `WorkloadGroup` can have more than one `WorkloadEntry`. -// `WorkloadGroup` has no relationship to resources which control service registry like `ServiceEntry` -// and as such doesn't configure host name for these workloads. -// -// -// -type WorkloadGroup struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Metadata that will be used for all corresponding `WorkloadEntries`. - // User labels for a workload group should be set here in `metadata` rather than in `template`. - Metadata *WorkloadGroup_ObjectMeta `protobuf:"bytes,1,opt,name=metadata,proto3" json:"metadata,omitempty"` - // Template to be used for the generation of `WorkloadEntry` resources that belong to this `WorkloadGroup`. - // Please note that `address` and `labels` fields should not be set in the template, and an empty `serviceAccount` - // should default to `default`. The workload identities (mTLS certificates) will be bootstrapped using the - // specified service account's token. Workload entries in this group will be in the same namespace as the - // workload group, and inherit the labels and annotations from the above `metadata` field. - Template *WorkloadEntry `protobuf:"bytes,2,opt,name=template,proto3" json:"template,omitempty"` - // `ReadinessProbe` describes the configuration the user must provide for healthchecking on their workload. - // This configuration mirrors K8S in both syntax and logic for the most part. - Probe *ReadinessProbe `protobuf:"bytes,3,opt,name=probe,proto3" json:"probe,omitempty"` -} - -func (x *WorkloadGroup) Reset() { - *x = WorkloadGroup{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_workload_group_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *WorkloadGroup) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*WorkloadGroup) ProtoMessage() {} - -func (x *WorkloadGroup) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_workload_group_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use WorkloadGroup.ProtoReflect.Descriptor instead. -func (*WorkloadGroup) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_workload_group_proto_rawDescGZIP(), []int{0} -} - -func (x *WorkloadGroup) GetMetadata() *WorkloadGroup_ObjectMeta { - if x != nil { - return x.Metadata - } - return nil -} - -func (x *WorkloadGroup) GetTemplate() *WorkloadEntry { - if x != nil { - return x.Template - } - return nil -} - -func (x *WorkloadGroup) GetProbe() *ReadinessProbe { - if x != nil { - return x.Probe - } - return nil -} - -type ReadinessProbe struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Number of seconds after the container has started before readiness probes are initiated. - InitialDelaySeconds int32 `protobuf:"varint,2,opt,name=initial_delay_seconds,json=initialDelaySeconds,proto3" json:"initial_delay_seconds,omitempty"` - // Number of seconds after which the probe times out. - // Defaults to 1 second. Minimum value is 1 second. - TimeoutSeconds int32 `protobuf:"varint,3,opt,name=timeout_seconds,json=timeoutSeconds,proto3" json:"timeout_seconds,omitempty"` - // How often (in seconds) to perform the probe. - // Default to 10 seconds. Minimum value is 1 second. - PeriodSeconds int32 `protobuf:"varint,4,opt,name=period_seconds,json=periodSeconds,proto3" json:"period_seconds,omitempty"` - // Minimum consecutive successes for the probe to be considered successful after having failed. - // Defaults to 1 second. - SuccessThreshold int32 `protobuf:"varint,5,opt,name=success_threshold,json=successThreshold,proto3" json:"success_threshold,omitempty"` - // Minimum consecutive failures for the probe to be considered failed after having succeeded. - // Defaults to 3 seconds. - FailureThreshold int32 `protobuf:"varint,6,opt,name=failure_threshold,json=failureThreshold,proto3" json:"failure_threshold,omitempty"` - // Users can only provide one configuration for healthchecks (tcp, http, exec), - // and this is expressed as a oneof. All of the other configuration values - // hold true for any of the healthcheck methods. - // - // Types that are assignable to HealthCheckMethod: - // - // *ReadinessProbe_HttpGet - // *ReadinessProbe_TcpSocket - // *ReadinessProbe_Exec - HealthCheckMethod isReadinessProbe_HealthCheckMethod `protobuf_oneof:"health_check_method"` -} - -func (x *ReadinessProbe) Reset() { - *x = ReadinessProbe{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_workload_group_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ReadinessProbe) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ReadinessProbe) ProtoMessage() {} - -func (x *ReadinessProbe) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_workload_group_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ReadinessProbe.ProtoReflect.Descriptor instead. -func (*ReadinessProbe) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_workload_group_proto_rawDescGZIP(), []int{1} -} - -func (x *ReadinessProbe) GetInitialDelaySeconds() int32 { - if x != nil { - return x.InitialDelaySeconds - } - return 0 -} - -func (x *ReadinessProbe) GetTimeoutSeconds() int32 { - if x != nil { - return x.TimeoutSeconds - } - return 0 -} - -func (x *ReadinessProbe) GetPeriodSeconds() int32 { - if x != nil { - return x.PeriodSeconds - } - return 0 -} - -func (x *ReadinessProbe) GetSuccessThreshold() int32 { - if x != nil { - return x.SuccessThreshold - } - return 0 -} - -func (x *ReadinessProbe) GetFailureThreshold() int32 { - if x != nil { - return x.FailureThreshold - } - return 0 -} - -func (m *ReadinessProbe) GetHealthCheckMethod() isReadinessProbe_HealthCheckMethod { - if m != nil { - return m.HealthCheckMethod - } - return nil -} - -func (x *ReadinessProbe) GetHttpGet() *HTTPHealthCheckConfig { - if x, ok := x.GetHealthCheckMethod().(*ReadinessProbe_HttpGet); ok { - return x.HttpGet - } - return nil -} - -func (x *ReadinessProbe) GetTcpSocket() *TCPHealthCheckConfig { - if x, ok := x.GetHealthCheckMethod().(*ReadinessProbe_TcpSocket); ok { - return x.TcpSocket - } - return nil -} - -func (x *ReadinessProbe) GetExec() *ExecHealthCheckConfig { - if x, ok := x.GetHealthCheckMethod().(*ReadinessProbe_Exec); ok { - return x.Exec - } - return nil -} - -type isReadinessProbe_HealthCheckMethod interface { - isReadinessProbe_HealthCheckMethod() -} - -type ReadinessProbe_HttpGet struct { - // `httpGet` is performed to a given endpoint - // and the status/able to connect determines health. - HttpGet *HTTPHealthCheckConfig `protobuf:"bytes,7,opt,name=http_get,json=httpGet,proto3,oneof"` -} - -type ReadinessProbe_TcpSocket struct { - // Health is determined by if the proxy is able to connect. - TcpSocket *TCPHealthCheckConfig `protobuf:"bytes,8,opt,name=tcp_socket,json=tcpSocket,proto3,oneof"` -} - -type ReadinessProbe_Exec struct { - // Health is determined by how the command that is executed exited. - Exec *ExecHealthCheckConfig `protobuf:"bytes,9,opt,name=exec,proto3,oneof"` -} - -func (*ReadinessProbe_HttpGet) isReadinessProbe_HealthCheckMethod() {} - -func (*ReadinessProbe_TcpSocket) isReadinessProbe_HealthCheckMethod() {} - -func (*ReadinessProbe_Exec) isReadinessProbe_HealthCheckMethod() {} - -type HTTPHealthCheckConfig struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Path to access on the HTTP server. - Path string `protobuf:"bytes,1,opt,name=path,proto3" json:"path,omitempty"` - // Port on which the endpoint lives. - Port uint32 `protobuf:"varint,2,opt,name=port,proto3" json:"port,omitempty"` - // Host name to connect to, defaults to the pod IP. You probably want to set - // "Host" in httpHeaders instead. - Host string `protobuf:"bytes,3,opt,name=host,proto3" json:"host,omitempty"` - // HTTP or HTTPS, defaults to HTTP - Scheme string `protobuf:"bytes,4,opt,name=scheme,proto3" json:"scheme,omitempty"` - // Headers the proxy will pass on to make the request. - // Allows repeated headers. - HttpHeaders []*HTTPHeader `protobuf:"bytes,5,rep,name=http_headers,json=httpHeaders,proto3" json:"http_headers,omitempty"` -} - -func (x *HTTPHealthCheckConfig) Reset() { - *x = HTTPHealthCheckConfig{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_workload_group_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *HTTPHealthCheckConfig) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*HTTPHealthCheckConfig) ProtoMessage() {} - -func (x *HTTPHealthCheckConfig) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_workload_group_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use HTTPHealthCheckConfig.ProtoReflect.Descriptor instead. -func (*HTTPHealthCheckConfig) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_workload_group_proto_rawDescGZIP(), []int{2} -} - -func (x *HTTPHealthCheckConfig) GetPath() string { - if x != nil { - return x.Path - } - return "" -} - -func (x *HTTPHealthCheckConfig) GetPort() uint32 { - if x != nil { - return x.Port - } - return 0 -} - -func (x *HTTPHealthCheckConfig) GetHost() string { - if x != nil { - return x.Host - } - return "" -} - -func (x *HTTPHealthCheckConfig) GetScheme() string { - if x != nil { - return x.Scheme - } - return "" -} - -func (x *HTTPHealthCheckConfig) GetHttpHeaders() []*HTTPHeader { - if x != nil { - return x.HttpHeaders - } - return nil -} - -type HTTPHeader struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The header field name - Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` - // The header field value - Value string `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"` -} - -func (x *HTTPHeader) Reset() { - *x = HTTPHeader{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_workload_group_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *HTTPHeader) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*HTTPHeader) ProtoMessage() {} - -func (x *HTTPHeader) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_workload_group_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use HTTPHeader.ProtoReflect.Descriptor instead. -func (*HTTPHeader) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_workload_group_proto_rawDescGZIP(), []int{3} -} - -func (x *HTTPHeader) GetName() string { - if x != nil { - return x.Name - } - return "" -} - -func (x *HTTPHeader) GetValue() string { - if x != nil { - return x.Value - } - return "" -} - -type TCPHealthCheckConfig struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Host to connect to, defaults to localhost - Host string `protobuf:"bytes,1,opt,name=host,proto3" json:"host,omitempty"` - // Port of host - Port uint32 `protobuf:"varint,2,opt,name=port,proto3" json:"port,omitempty"` -} - -func (x *TCPHealthCheckConfig) Reset() { - *x = TCPHealthCheckConfig{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_workload_group_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *TCPHealthCheckConfig) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*TCPHealthCheckConfig) ProtoMessage() {} - -func (x *TCPHealthCheckConfig) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_workload_group_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use TCPHealthCheckConfig.ProtoReflect.Descriptor instead. -func (*TCPHealthCheckConfig) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_workload_group_proto_rawDescGZIP(), []int{4} -} - -func (x *TCPHealthCheckConfig) GetHost() string { - if x != nil { - return x.Host - } - return "" -} - -func (x *TCPHealthCheckConfig) GetPort() uint32 { - if x != nil { - return x.Port - } - return 0 -} - -type ExecHealthCheckConfig struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Command to run. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - Command []string `protobuf:"bytes,1,rep,name=command,proto3" json:"command,omitempty"` -} - -func (x *ExecHealthCheckConfig) Reset() { - *x = ExecHealthCheckConfig{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_workload_group_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ExecHealthCheckConfig) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ExecHealthCheckConfig) ProtoMessage() {} - -func (x *ExecHealthCheckConfig) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_workload_group_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ExecHealthCheckConfig.ProtoReflect.Descriptor instead. -func (*ExecHealthCheckConfig) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_workload_group_proto_rawDescGZIP(), []int{5} -} - -func (x *ExecHealthCheckConfig) GetCommand() []string { - if x != nil { - return x.Command - } - return nil -} - -// `ObjectMeta` describes metadata that will be attached to a `WorkloadEntry`. -// It is a subset of the supported Kubernetes metadata. -type WorkloadGroup_ObjectMeta struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Labels to attach - Labels map[string]string `protobuf:"bytes,1,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - // Annotations to attach - Annotations map[string]string `protobuf:"bytes,2,rep,name=annotations,proto3" json:"annotations,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` -} - -func (x *WorkloadGroup_ObjectMeta) Reset() { - *x = WorkloadGroup_ObjectMeta{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1beta1_workload_group_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *WorkloadGroup_ObjectMeta) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*WorkloadGroup_ObjectMeta) ProtoMessage() {} - -func (x *WorkloadGroup_ObjectMeta) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1beta1_workload_group_proto_msgTypes[6] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use WorkloadGroup_ObjectMeta.ProtoReflect.Descriptor instead. -func (*WorkloadGroup_ObjectMeta) Descriptor() ([]byte, []int) { - return file_networking_v1beta1_workload_group_proto_rawDescGZIP(), []int{0, 0} -} - -func (x *WorkloadGroup_ObjectMeta) GetLabels() map[string]string { - if x != nil { - return x.Labels - } - return nil -} - -func (x *WorkloadGroup_ObjectMeta) GetAnnotations() map[string]string { - if x != nil { - return x.Annotations - } - return nil -} - -var File_networking_v1beta1_workload_group_proto protoreflect.FileDescriptor - -var file_networking_v1beta1_workload_group_proto_rawDesc = []byte{ - 0x0a, 0x27, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, - 0x65, 0x74, 0x61, 0x31, 0x2f, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x67, 0x72, - 0x6f, 0x75, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x18, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, - 0x74, 0x61, 0x31, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, - 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x27, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, - 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, - 0x64, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xb2, 0x04, - 0x0a, 0x0d, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, - 0x4e, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x32, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, - 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x57, 0x6f, 0x72, - 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, - 0x74, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, - 0x48, 0x0a, 0x08, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x27, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, - 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x57, 0x6f, 0x72, - 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, - 0x08, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x12, 0x3e, 0x0a, 0x05, 0x70, 0x72, 0x6f, - 0x62, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, - 0x74, 0x61, 0x31, 0x2e, 0x52, 0x65, 0x61, 0x64, 0x69, 0x6e, 0x65, 0x73, 0x73, 0x50, 0x72, 0x6f, - 0x62, 0x65, 0x52, 0x05, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x1a, 0xc6, 0x02, 0x0a, 0x0a, 0x4f, 0x62, - 0x6a, 0x65, 0x63, 0x74, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x56, 0x0a, 0x06, 0x6c, 0x61, 0x62, 0x65, - 0x6c, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, - 0x74, 0x61, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x47, 0x72, 0x6f, 0x75, - 0x70, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x4d, 0x65, 0x74, 0x61, 0x2e, 0x4c, 0x61, 0x62, - 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, - 0x12, 0x65, 0x0a, 0x0b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, - 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x43, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, - 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, - 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x2e, 0x4f, - 0x62, 0x6a, 0x65, 0x63, 0x74, 0x4d, 0x65, 0x74, 0x61, 0x2e, 0x41, 0x6e, 0x6e, 0x6f, 0x74, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0b, 0x61, 0x6e, 0x6e, 0x6f, - 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x1a, 0x39, 0x0a, 0x0b, 0x4c, 0x61, 0x62, 0x65, 0x6c, - 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, - 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, - 0x38, 0x01, 0x1a, 0x3e, 0x0a, 0x10, 0x41, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, - 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, - 0x38, 0x01, 0x22, 0xeb, 0x03, 0x0a, 0x0e, 0x52, 0x65, 0x61, 0x64, 0x69, 0x6e, 0x65, 0x73, 0x73, - 0x50, 0x72, 0x6f, 0x62, 0x65, 0x12, 0x32, 0x0a, 0x15, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, - 0x5f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x5f, 0x73, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x05, 0x52, 0x13, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, 0x44, 0x65, 0x6c, - 0x61, 0x79, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x74, 0x69, 0x6d, - 0x65, 0x6f, 0x75, 0x74, 0x5f, 0x73, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x05, 0x52, 0x0e, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x53, 0x65, 0x63, 0x6f, 0x6e, - 0x64, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x70, 0x65, 0x72, 0x69, 0x6f, 0x64, 0x5f, 0x73, 0x65, 0x63, - 0x6f, 0x6e, 0x64, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0d, 0x70, 0x65, 0x72, 0x69, - 0x6f, 0x64, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x12, 0x2b, 0x0a, 0x11, 0x73, 0x75, 0x63, - 0x63, 0x65, 0x73, 0x73, 0x5f, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x05, - 0x20, 0x01, 0x28, 0x05, 0x52, 0x10, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x68, 0x72, - 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x2b, 0x0a, 0x11, 0x66, 0x61, 0x69, 0x6c, 0x75, 0x72, - 0x65, 0x5f, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, - 0x05, 0x52, 0x10, 0x66, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x54, 0x68, 0x72, 0x65, 0x73, 0x68, - 0x6f, 0x6c, 0x64, 0x12, 0x4c, 0x0a, 0x08, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x67, 0x65, 0x74, 0x18, - 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, - 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, - 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, - 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x48, 0x00, 0x52, 0x07, 0x68, 0x74, 0x74, 0x70, 0x47, 0x65, - 0x74, 0x12, 0x4f, 0x0a, 0x0a, 0x74, 0x63, 0x70, 0x5f, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x18, - 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, - 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, - 0x2e, 0x54, 0x43, 0x50, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x43, - 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x48, 0x00, 0x52, 0x09, 0x74, 0x63, 0x70, 0x53, 0x6f, 0x63, 0x6b, - 0x65, 0x74, 0x12, 0x45, 0x0a, 0x04, 0x65, 0x78, 0x65, 0x63, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x2f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x45, 0x78, 0x65, 0x63, - 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x43, 0x6f, 0x6e, 0x66, 0x69, - 0x67, 0x48, 0x00, 0x52, 0x04, 0x65, 0x78, 0x65, 0x63, 0x42, 0x15, 0x0a, 0x13, 0x68, 0x65, 0x61, - 0x6c, 0x74, 0x68, 0x5f, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x5f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, - 0x22, 0xb9, 0x01, 0x0a, 0x15, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, - 0x68, 0x65, 0x63, 0x6b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, - 0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x17, - 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x03, 0xe0, 0x41, - 0x02, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, - 0x63, 0x68, 0x65, 0x6d, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x63, 0x68, - 0x65, 0x6d, 0x65, 0x12, 0x47, 0x0a, 0x0c, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x68, 0x65, 0x61, 0x64, - 0x65, 0x72, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x69, 0x73, 0x74, 0x69, - 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x62, - 0x65, 0x74, 0x61, 0x31, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x52, - 0x0b, 0x68, 0x74, 0x74, 0x70, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x22, 0x36, 0x0a, 0x0a, - 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, - 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x14, - 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, - 0x61, 0x6c, 0x75, 0x65, 0x22, 0x43, 0x0a, 0x14, 0x54, 0x43, 0x50, 0x48, 0x65, 0x61, 0x6c, 0x74, - 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, - 0x68, 0x6f, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x68, 0x6f, 0x73, 0x74, - 0x12, 0x17, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x03, - 0xe0, 0x41, 0x02, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x22, 0x31, 0x0a, 0x15, 0x45, 0x78, 0x65, - 0x63, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x43, 0x6f, 0x6e, 0x66, - 0x69, 0x67, 0x12, 0x18, 0x0a, 0x07, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x18, 0x01, 0x20, - 0x03, 0x28, 0x09, 0x52, 0x07, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x42, 0x21, 0x5a, 0x1f, - 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6e, 0x65, 0x74, - 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x62, - 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} - -var ( - file_networking_v1beta1_workload_group_proto_rawDescOnce sync.Once - file_networking_v1beta1_workload_group_proto_rawDescData = file_networking_v1beta1_workload_group_proto_rawDesc -) - -func file_networking_v1beta1_workload_group_proto_rawDescGZIP() []byte { - file_networking_v1beta1_workload_group_proto_rawDescOnce.Do(func() { - file_networking_v1beta1_workload_group_proto_rawDescData = protoimpl.X.CompressGZIP(file_networking_v1beta1_workload_group_proto_rawDescData) - }) - return file_networking_v1beta1_workload_group_proto_rawDescData -} - -var file_networking_v1beta1_workload_group_proto_msgTypes = make([]protoimpl.MessageInfo, 9) -var file_networking_v1beta1_workload_group_proto_goTypes = []interface{}{ - (*WorkloadGroup)(nil), // 0: istio.networking.v1beta1.WorkloadGroup - (*ReadinessProbe)(nil), // 1: istio.networking.v1beta1.ReadinessProbe - (*HTTPHealthCheckConfig)(nil), // 2: istio.networking.v1beta1.HTTPHealthCheckConfig - (*HTTPHeader)(nil), // 3: istio.networking.v1beta1.HTTPHeader - (*TCPHealthCheckConfig)(nil), // 4: istio.networking.v1beta1.TCPHealthCheckConfig - (*ExecHealthCheckConfig)(nil), // 5: istio.networking.v1beta1.ExecHealthCheckConfig - (*WorkloadGroup_ObjectMeta)(nil), // 6: istio.networking.v1beta1.WorkloadGroup.ObjectMeta - nil, // 7: istio.networking.v1beta1.WorkloadGroup.ObjectMeta.LabelsEntry - nil, // 8: istio.networking.v1beta1.WorkloadGroup.ObjectMeta.AnnotationsEntry - (*WorkloadEntry)(nil), // 9: istio.networking.v1beta1.WorkloadEntry -} -var file_networking_v1beta1_workload_group_proto_depIdxs = []int32{ - 6, // 0: istio.networking.v1beta1.WorkloadGroup.metadata:type_name -> istio.networking.v1beta1.WorkloadGroup.ObjectMeta - 9, // 1: istio.networking.v1beta1.WorkloadGroup.template:type_name -> istio.networking.v1beta1.WorkloadEntry - 1, // 2: istio.networking.v1beta1.WorkloadGroup.probe:type_name -> istio.networking.v1beta1.ReadinessProbe - 2, // 3: istio.networking.v1beta1.ReadinessProbe.http_get:type_name -> istio.networking.v1beta1.HTTPHealthCheckConfig - 4, // 4: istio.networking.v1beta1.ReadinessProbe.tcp_socket:type_name -> istio.networking.v1beta1.TCPHealthCheckConfig - 5, // 5: istio.networking.v1beta1.ReadinessProbe.exec:type_name -> istio.networking.v1beta1.ExecHealthCheckConfig - 3, // 6: istio.networking.v1beta1.HTTPHealthCheckConfig.http_headers:type_name -> istio.networking.v1beta1.HTTPHeader - 7, // 7: istio.networking.v1beta1.WorkloadGroup.ObjectMeta.labels:type_name -> istio.networking.v1beta1.WorkloadGroup.ObjectMeta.LabelsEntry - 8, // 8: istio.networking.v1beta1.WorkloadGroup.ObjectMeta.annotations:type_name -> istio.networking.v1beta1.WorkloadGroup.ObjectMeta.AnnotationsEntry - 9, // [9:9] is the sub-list for method output_type - 9, // [9:9] is the sub-list for method input_type - 9, // [9:9] is the sub-list for extension type_name - 9, // [9:9] is the sub-list for extension extendee - 0, // [0:9] is the sub-list for field type_name -} - -func init() { file_networking_v1beta1_workload_group_proto_init() } -func file_networking_v1beta1_workload_group_proto_init() { - if File_networking_v1beta1_workload_group_proto != nil { - return - } - file_networking_v1beta1_workload_entry_proto_init() - if !protoimpl.UnsafeEnabled { - file_networking_v1beta1_workload_group_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*WorkloadGroup); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_workload_group_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ReadinessProbe); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_workload_group_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPHealthCheckConfig); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_workload_group_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPHeader); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_workload_group_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TCPHealthCheckConfig); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_workload_group_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ExecHealthCheckConfig); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1beta1_workload_group_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*WorkloadGroup_ObjectMeta); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - file_networking_v1beta1_workload_group_proto_msgTypes[1].OneofWrappers = []interface{}{ - (*ReadinessProbe_HttpGet)(nil), - (*ReadinessProbe_TcpSocket)(nil), - (*ReadinessProbe_Exec)(nil), - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_networking_v1beta1_workload_group_proto_rawDesc, - NumEnums: 0, - NumMessages: 9, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_networking_v1beta1_workload_group_proto_goTypes, - DependencyIndexes: file_networking_v1beta1_workload_group_proto_depIdxs, - MessageInfos: file_networking_v1beta1_workload_group_proto_msgTypes, - }.Build() - File_networking_v1beta1_workload_group_proto = out.File - file_networking_v1beta1_workload_group_proto_rawDesc = nil - file_networking_v1beta1_workload_group_proto_goTypes = nil - file_networking_v1beta1_workload_group_proto_depIdxs = nil -} diff --git a/networking/v1beta1/workload_group.proto b/networking/v1beta1/workload_group.proto deleted file mode 100644 index 08a09c15adf..00000000000 --- a/networking/v1beta1/workload_group.proto +++ /dev/null @@ -1,190 +0,0 @@ -// Copyright 2020 Istio Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -import "google/api/field_behavior.proto"; -import "networking/v1beta1/workload_entry.proto"; - -// $schema: istio.networking.v1alpha3.WorkloadGroup -// $title: Workload Group -// $description: Describes a collection of workload instances. -// $location: https://istio.io/docs/reference/config/networking/workload-group.html -// $aliases: [/docs/reference/config/networking/v1alpha3/workload-group] -// $mode: none - -// `WorkloadGroup` describes a collection of workload instances. -// It provides a specification that the workload instances can use to bootstrap -// their proxies, including the metadata and identity. It is only intended to -// be used with non-k8s workloads like Virtual Machines, and is meant to mimic -// the existing sidecar injection and deployment specification model used for -// Kubernetes workloads to bootstrap Istio proxies. -// -// The following example declares a workload group representing a collection -// of workloads that will be registered under `reviews` in namespace -// `bookinfo`. The set of labels will be associated with each workload -// instance during the bootstrap process, and the ports 3550 and 8080 -// will be associated with the workload group and use service account `default`. -// `app.kubernetes.io/version` is just an arbitrary example of a label. -// -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: WorkloadGroup -// metadata: -// name: reviews -// namespace: bookinfo -// spec: -// metadata: -// labels: -// app.kubernetes.io/name: reviews -// app.kubernetes.io/version: "1.3.4" -// template: -// ports: -// grpc: 3550 -// http: 8080 -// serviceAccount: default -// probe: -// initialDelaySeconds: 5 -// timeoutSeconds: 3 -// periodSeconds: 4 -// successThreshold: 3 -// failureThreshold: 3 -// httpGet: -// path: /foo/bar -// host: 127.0.0.1 -// port: 3100 -// scheme: HTTPS -// httpHeaders: -// - name: Lit-Header -// value: Im-The-Best -// ``` -package istio.networking.v1beta1; - -option go_package = "istio.io/api/networking/v1beta1"; - -// `WorkloadGroup` enables specifying the properties of a single workload for bootstrap and -// provides a template for `WorkloadEntry`, similar to how `Deployment` specifies properties -// of workloads via `Pod` templates. A `WorkloadGroup` can have more than one `WorkloadEntry`. -// `WorkloadGroup` has no relationship to resources which control service registry like `ServiceEntry` -// and as such doesn't configure host name for these workloads. -// -// -// -message WorkloadGroup { - // Metadata that will be used for all corresponding `WorkloadEntries`. - // User labels for a workload group should be set here in `metadata` rather than in `template`. - ObjectMeta metadata = 1; - - // Template to be used for the generation of `WorkloadEntry` resources that belong to this `WorkloadGroup`. - // Please note that `address` and `labels` fields should not be set in the template, and an empty `serviceAccount` - // should default to `default`. The workload identities (mTLS certificates) will be bootstrapped using the - // specified service account's token. Workload entries in this group will be in the same namespace as the - // workload group, and inherit the labels and annotations from the above `metadata` field. - WorkloadEntry template = 2 [(google.api.field_behavior) = REQUIRED]; - - // `ObjectMeta` describes metadata that will be attached to a `WorkloadEntry`. - // It is a subset of the supported Kubernetes metadata. - message ObjectMeta { - // Labels to attach - map labels = 1; - - // Annotations to attach - map annotations = 2; - } - - // `ReadinessProbe` describes the configuration the user must provide for healthchecking on their workload. - // This configuration mirrors K8S in both syntax and logic for the most part. - ReadinessProbe probe = 3; -} - -message ReadinessProbe { - - // Number of seconds after the container has started before readiness probes are initiated. - int32 initial_delay_seconds = 2; - - // Number of seconds after which the probe times out. - // Defaults to 1 second. Minimum value is 1 second. - int32 timeout_seconds = 3; - - // How often (in seconds) to perform the probe. - // Default to 10 seconds. Minimum value is 1 second. - int32 period_seconds = 4; - - // Minimum consecutive successes for the probe to be considered successful after having failed. - // Defaults to 1 second. - int32 success_threshold = 5; - - // Minimum consecutive failures for the probe to be considered failed after having succeeded. - // Defaults to 3 seconds. - int32 failure_threshold = 6; - - // Users can only provide one configuration for healthchecks (tcp, http, exec), - // and this is expressed as a oneof. All of the other configuration values - // hold true for any of the healthcheck methods. - oneof health_check_method { - // `httpGet` is performed to a given endpoint - // and the status/able to connect determines health. - HTTPHealthCheckConfig http_get = 7; - // Health is determined by if the proxy is able to connect. - TCPHealthCheckConfig tcp_socket = 8; - // Health is determined by how the command that is executed exited. - ExecHealthCheckConfig exec = 9; - } -} - -message HTTPHealthCheckConfig { - // Path to access on the HTTP server. - string path = 1; - - // Port on which the endpoint lives. - uint32 port = 2 [(google.api.field_behavior) = REQUIRED]; - - // Host name to connect to, defaults to the pod IP. You probably want to set - // "Host" in httpHeaders instead. - string host = 3; - - // HTTP or HTTPS, defaults to HTTP - string scheme = 4; - - // Headers the proxy will pass on to make the request. - // Allows repeated headers. - repeated HTTPHeader http_headers = 5; -} - -message HTTPHeader { - // The header field name - string name = 1; - - // The header field value - string value = 2; -} - -message TCPHealthCheckConfig { - // Host to connect to, defaults to localhost - string host = 1; - // Port of host - uint32 port = 2 [(google.api.field_behavior) = REQUIRED]; -} - -message ExecHealthCheckConfig { - // Command to run. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - repeated string command = 1; -} diff --git a/networking/v1beta1/workload_group_alias.gen.go b/networking/v1beta1/workload_group_alias.gen.go new file mode 100644 index 00000000000..d8f5786e56c --- /dev/null +++ b/networking/v1beta1/workload_group_alias.gen.go @@ -0,0 +1,15 @@ +// Code generated by protoc-gen-alias. DO NOT EDIT. +package v1beta1 + +import "istio.io/api/networking/v1alpha3" + +type WorkloadGroup = v1alpha3.WorkloadGroup +type WorkloadGroup_ObjectMeta = v1alpha3.WorkloadGroup_ObjectMeta +type ReadinessProbe = v1alpha3.ReadinessProbe +type ReadinessProbe_HttpGet = v1alpha3.ReadinessProbe_HttpGet +type ReadinessProbe_TcpSocket = v1alpha3.ReadinessProbe_TcpSocket +type ReadinessProbe_Exec = v1alpha3.ReadinessProbe_Exec +type HTTPHealthCheckConfig = v1alpha3.HTTPHealthCheckConfig +type HTTPHeader = v1alpha3.HTTPHeader +type TCPHealthCheckConfig = v1alpha3.TCPHealthCheckConfig +type ExecHealthCheckConfig = v1alpha3.ExecHealthCheckConfig diff --git a/networking/v1beta1/workload_group_deepcopy.gen.go b/networking/v1beta1/workload_group_deepcopy.gen.go deleted file mode 100644 index 239a4ec4acc..00000000000 --- a/networking/v1beta1/workload_group_deepcopy.gen.go +++ /dev/null @@ -1,153 +0,0 @@ -// Code generated by protoc-gen-deepcopy. DO NOT EDIT. -package v1beta1 - -import ( - proto "google.golang.org/protobuf/proto" -) - -// DeepCopyInto supports using WorkloadGroup within kubernetes types, where deepcopy-gen is used. -func (in *WorkloadGroup) DeepCopyInto(out *WorkloadGroup) { - p := proto.Clone(in).(*WorkloadGroup) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadGroup. Required by controller-gen. -func (in *WorkloadGroup) DeepCopy() *WorkloadGroup { - if in == nil { - return nil - } - out := new(WorkloadGroup) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadGroup. Required by controller-gen. -func (in *WorkloadGroup) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using WorkloadGroup_ObjectMeta within kubernetes types, where deepcopy-gen is used. -func (in *WorkloadGroup_ObjectMeta) DeepCopyInto(out *WorkloadGroup_ObjectMeta) { - p := proto.Clone(in).(*WorkloadGroup_ObjectMeta) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadGroup_ObjectMeta. Required by controller-gen. -func (in *WorkloadGroup_ObjectMeta) DeepCopy() *WorkloadGroup_ObjectMeta { - if in == nil { - return nil - } - out := new(WorkloadGroup_ObjectMeta) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadGroup_ObjectMeta. Required by controller-gen. -func (in *WorkloadGroup_ObjectMeta) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using ReadinessProbe within kubernetes types, where deepcopy-gen is used. -func (in *ReadinessProbe) DeepCopyInto(out *ReadinessProbe) { - p := proto.Clone(in).(*ReadinessProbe) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReadinessProbe. Required by controller-gen. -func (in *ReadinessProbe) DeepCopy() *ReadinessProbe { - if in == nil { - return nil - } - out := new(ReadinessProbe) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ReadinessProbe. Required by controller-gen. -func (in *ReadinessProbe) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using HTTPHealthCheckConfig within kubernetes types, where deepcopy-gen is used. -func (in *HTTPHealthCheckConfig) DeepCopyInto(out *HTTPHealthCheckConfig) { - p := proto.Clone(in).(*HTTPHealthCheckConfig) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPHealthCheckConfig. Required by controller-gen. -func (in *HTTPHealthCheckConfig) DeepCopy() *HTTPHealthCheckConfig { - if in == nil { - return nil - } - out := new(HTTPHealthCheckConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPHealthCheckConfig. Required by controller-gen. -func (in *HTTPHealthCheckConfig) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using HTTPHeader within kubernetes types, where deepcopy-gen is used. -func (in *HTTPHeader) DeepCopyInto(out *HTTPHeader) { - p := proto.Clone(in).(*HTTPHeader) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPHeader. Required by controller-gen. -func (in *HTTPHeader) DeepCopy() *HTTPHeader { - if in == nil { - return nil - } - out := new(HTTPHeader) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new HTTPHeader. Required by controller-gen. -func (in *HTTPHeader) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using TCPHealthCheckConfig within kubernetes types, where deepcopy-gen is used. -func (in *TCPHealthCheckConfig) DeepCopyInto(out *TCPHealthCheckConfig) { - p := proto.Clone(in).(*TCPHealthCheckConfig) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPHealthCheckConfig. Required by controller-gen. -func (in *TCPHealthCheckConfig) DeepCopy() *TCPHealthCheckConfig { - if in == nil { - return nil - } - out := new(TCPHealthCheckConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new TCPHealthCheckConfig. Required by controller-gen. -func (in *TCPHealthCheckConfig) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using ExecHealthCheckConfig within kubernetes types, where deepcopy-gen is used. -func (in *ExecHealthCheckConfig) DeepCopyInto(out *ExecHealthCheckConfig) { - p := proto.Clone(in).(*ExecHealthCheckConfig) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecHealthCheckConfig. Required by controller-gen. -func (in *ExecHealthCheckConfig) DeepCopy() *ExecHealthCheckConfig { - if in == nil { - return nil - } - out := new(ExecHealthCheckConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ExecHealthCheckConfig. Required by controller-gen. -func (in *ExecHealthCheckConfig) DeepCopyInterface() interface{} { - return in.DeepCopy() -} diff --git a/networking/v1beta1/workload_group_json.gen.go b/networking/v1beta1/workload_group_json.gen.go deleted file mode 100644 index 3288f270a35..00000000000 --- a/networking/v1beta1/workload_group_json.gen.go +++ /dev/null @@ -1,89 +0,0 @@ -// Code generated by protoc-gen-jsonshim. DO NOT EDIT. -package v1beta1 - -import ( - bytes "bytes" - jsonpb "github.com/golang/protobuf/jsonpb" -) - -// MarshalJSON is a custom marshaler for WorkloadGroup -func (this *WorkloadGroup) MarshalJSON() ([]byte, error) { - str, err := WorkloadGroupMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for WorkloadGroup -func (this *WorkloadGroup) UnmarshalJSON(b []byte) error { - return WorkloadGroupUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for WorkloadGroup_ObjectMeta -func (this *WorkloadGroup_ObjectMeta) MarshalJSON() ([]byte, error) { - str, err := WorkloadGroupMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for WorkloadGroup_ObjectMeta -func (this *WorkloadGroup_ObjectMeta) UnmarshalJSON(b []byte) error { - return WorkloadGroupUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for ReadinessProbe -func (this *ReadinessProbe) MarshalJSON() ([]byte, error) { - str, err := WorkloadGroupMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for ReadinessProbe -func (this *ReadinessProbe) UnmarshalJSON(b []byte) error { - return WorkloadGroupUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for HTTPHealthCheckConfig -func (this *HTTPHealthCheckConfig) MarshalJSON() ([]byte, error) { - str, err := WorkloadGroupMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for HTTPHealthCheckConfig -func (this *HTTPHealthCheckConfig) UnmarshalJSON(b []byte) error { - return WorkloadGroupUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for HTTPHeader -func (this *HTTPHeader) MarshalJSON() ([]byte, error) { - str, err := WorkloadGroupMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for HTTPHeader -func (this *HTTPHeader) UnmarshalJSON(b []byte) error { - return WorkloadGroupUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for TCPHealthCheckConfig -func (this *TCPHealthCheckConfig) MarshalJSON() ([]byte, error) { - str, err := WorkloadGroupMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for TCPHealthCheckConfig -func (this *TCPHealthCheckConfig) UnmarshalJSON(b []byte) error { - return WorkloadGroupUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for ExecHealthCheckConfig -func (this *ExecHealthCheckConfig) MarshalJSON() ([]byte, error) { - str, err := WorkloadGroupMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for ExecHealthCheckConfig -func (this *ExecHealthCheckConfig) UnmarshalJSON(b []byte) error { - return WorkloadGroupUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -var ( - WorkloadGroupMarshaler = &jsonpb.Marshaler{} - WorkloadGroupUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} -) diff --git a/releasenotes/notes/drop-protos.yaml b/releasenotes/notes/drop-protos.yaml new file mode 100644 index 00000000000..ddfeef44dcc --- /dev/null +++ b/releasenotes/notes/drop-protos.yaml @@ -0,0 +1,32 @@ +apiVersion: release-notes/v2 +kind: feature +area: extensibility + +# issue is a list of GitHub issues resolved in this note. +issue: + - https://github.com/istio/api/issues/3127 + +releaseNotes: + - | + **Removed** internal multi-version protobuf files from the API. + This is an internal change for most users. + If you directly consume Istio APIs as protobufs, read the upgrade notes. + +upgradeNotes: +- title: Internal API protobuf changes + content: | + If you do not use Istio APIs from Go (via `istio.io/api` or `istio.io/client-go`) or Protobuf (from `istio.io/api`), this change does not impact you. + + In prior versions, Istio APIs had identical contents replicated across multiple versions. + For example, the same `VirtualService` protobuf message is defined 3 times (`v1alpha3`, `v1beta1`, and `v1`). + These schemas are identical except in the package they reside in. + + In this version of Istio, these have been consolidated down to a single version. + For resources that had multiple versions, the oldest version is retained. + + * If you use Istio APIs only via Kubernetes (YAML), there is no impact at all. + * If you use Istio APIs by Go types, there is essentially no impact. + Each removed version has been replaced with type aliases to the remaining version, ensuring backwards compatibility. + However, niche use cases (reflection, etc) may have some impact. + * If you use Istio APIs directly by Protobuf, and use newer versions, these will no longer be included as part of the API. + Please reach out to the team if you are impacted. diff --git a/scripts/sync.sh b/scripts/sync.sh deleted file mode 100755 index 6d3ee039935..00000000000 --- a/scripts/sync.sh +++ /dev/null @@ -1,69 +0,0 @@ -#!/bin/bash - -# Copyright Istio Authors - -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -eEou pipefail - -# sync.sh keeps pairs of files in sync. Specifically, this is used for multi version protobuf. -# These files have a unique (comment) header per version, but should have identical proto definitions. -# To pair two files, The +istio.io/sync-{from,start} tags can be added. -# For example: In v1beta1/service_entry.proto, we can add `+istio.io/sync-from:networking/v1alpha3/service_entry.proto`. -# Next, we add `+istio.io/sync-start` to the `v1alpha3/service_entry.proto` file - -FROM_TAG="+istio.io/sync-from" -START_TAG="+istio.io/sync-start" -MODE="\$mode: none" -ALIAS="\$aliases:" - -BIG_NUMBER=100000 # If our files are longer than this we have bigger issues.. - -find . -name '*.proto' -not -path "./common-protos/*" -print0 | while read -r -d $'\0' file; do - res="$(grep "${FROM_TAG}" "${file}" || true)" - if [[ "${res}" != "" ]]; then # We need to sync this file - replacement="$(echo "${res}" | cut -d: -f2)" - echo "Syncing ${file} from ${replacement}" - # First we retain the top section of the file, everything before FROM_TAG - header="$(grep "${FROM_TAG}" "${file}" -B "${BIG_NUMBER}")" - # Then we copy the bottom section of the replacement file, everything after START_TAG - body="$(grep "${START_TAG}" "${replacement}" -A "${BIG_NUMBER}")" - # And merge them into a single file - echo "${header}" > "${file}" - # We skip the first line of the replacement to avoid copying the start tag - echo "${body}" | tail -n +2 >> "${file}" - # Check to make sure mode is set newer version file so there are not duplicate pb.html files in the different versions - mode="$(grep "${MODE}" "${file}" || true)" - if [[ "${mode}" == "" ]]; then # mode is not present we need to add it - echo "for ${file} the mode is empty ${mode}" - before="$(grep "${ALIAS}" "${file}" -B "${BIG_NUMBER}")" - after="$(grep "${ALIAS}" "${file}" -A "${BIG_NUMBER}")" - # And merge them into a single file - echo "${before}" > "${file}" - # Insert the mode line - echo "// ${MODE}" >> "${file}" - # Skip the first line of the after section to avoid copying the alias tag - echo "${after}" | tail -n +2 >> "${file}" - fi - # Check to make sure mode is NOT set older version file so there are not duplicate pb.html files in the different versions - mode_rep="$(grep "${MODE}" "${replacement}" || true)" - if [[ "${mode_rep}" != "" ]]; then # mode should not be in the replacement file - echo "for ${replacement} the mode is ${mode_rep}" - before="$(grep "${MODE}" "${replacement}" -B "${BIG_NUMBER}")" - after="$(grep "${MODE}" "${replacement}" -A "${BIG_NUMBER}")" - echo "${before}" | head -n -1 > "${replacement}" - # We skip the first line of the replacement to avoid copying the mode tag - echo "${after}" | tail -n +2 >> "${replacement}" - fi - fi -done diff --git a/security/v1/authorization_policy.pb.go b/security/v1/authorization_policy.pb.go deleted file mode 100644 index 387e0a976ef..00000000000 --- a/security/v1/authorization_policy.pb.go +++ /dev/null @@ -1,1399 +0,0 @@ -// Copyright 2019 Istio Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.33.0 -// protoc (unknown) -// source: security/v1/authorization_policy.proto - -// $schema: istio.security.v1.AuthorizationPolicy -// $title: Authorization Policy -// $description: Configuration for access control on workloads. -// $location: https://istio.io/docs/reference/config/security/authorization-policy.html -// $weight: 20 -// $aliases: [/docs/reference/config/authorization/authorization-policy] -// $mode: none - -// Istio Authorization Policy enables access control on workloads in the mesh. -// -// Authorization policy supports CUSTOM, DENY and ALLOW actions for access control. When CUSTOM, DENY and ALLOW actions -// are used for a workload at the same time, the CUSTOM action is evaluated first, then the DENY action, and finally the ALLOW action. -// The evaluation is determined by the following rules: -// -// 1. If there are any CUSTOM policies that match the request, evaluate and deny the request if the evaluation result is deny. -// 2. If there are any DENY policies that match the request, deny the request. -// 3. If there are no ALLOW policies for the workload, allow the request. -// 4. If any of the ALLOW policies match the request, allow the request. -// 5. Deny the request. -// -// Istio Authorization Policy also supports the AUDIT action to decide whether to log requests. -// AUDIT policies do not affect whether requests are allowed or denied to the workload. -// Requests will be allowed or denied based solely on CUSTOM, DENY and ALLOW actions. -// -// A request will be internally marked that it should be audited if there is an AUDIT policy on the workload that matches the request. -// A separate plugin must be configured and enabled to actually fulfill the audit decision and complete the audit behavior. -// The request will not be audited if there are no such supporting plugins enabled. -// -// Here is an example of Istio Authorization Policy: -// -// It sets the `action` to `ALLOW` to create an allow policy. The default action is `ALLOW` -// but it is useful to be explicit in the policy. -// -// It allows requests from: -// -// - service account `cluster.local/ns/default/sa/sleep` or -// - namespace `test` -// -// to access the workload with: -// -// - `GET` method at paths of prefix `/info` or, -// - `POST` method at path `/data`. -// -// when the request has a valid JWT token issued by `https://accounts.google.com`. -// -// Any other requests will be denied. -// -// ```yaml -// apiVersion: security.istio.io/v1 -// kind: AuthorizationPolicy -// metadata: -// name: httpbin -// namespace: foo -// spec: -// action: ALLOW -// rules: -// - from: -// - source: -// principals: ["cluster.local/ns/default/sa/sleep"] -// - source: -// namespaces: ["test"] -// to: -// - operation: -// methods: ["GET"] -// paths: ["/info*"] -// - operation: -// methods: ["POST"] -// paths: ["/data"] -// when: -// - key: request.auth.claims[iss] -// values: ["https://accounts.google.com"] -// ``` -// -// The following is another example that sets `action` to `DENY` to create a deny policy. -// It denies requests from the `dev` namespace to the `POST` method on all workloads -// in the `foo` namespace. -// -// ```yaml -// apiVersion: security.istio.io/v1 -// kind: AuthorizationPolicy -// metadata: -// name: httpbin -// namespace: foo -// spec: -// action: DENY -// rules: -// - from: -// - source: -// namespaces: ["dev"] -// to: -// - operation: -// methods: ["POST"] -// ``` -// -// The following is another example that sets `action` to `DENY` to create a deny policy. -// It denies all the requests with `POST` method on port `8080` on all workloads -// in the `foo` namespace. Note the ports in the `ports` field refer to container ports, -// not the Kubernetes Service ports. -// -// ```yaml -// apiVersion: security.istio.io/v1 -// kind: AuthorizationPolicy -// metadata: -// name: httpbin -// namespace: foo -// spec: -// action: DENY -// rules: -// - to: -// - operation: -// methods: ["POST"] -// ports: ["8080"] -// ``` -// -// When this rule is applied to TCP traffic, the `method` field (as will all HTTP based attributes) cannot be processed. -// For a `DENY` rule, missing attributes are treated as matches. This means all TCP traffic on port `8080` would be denied in the example above. -// If we were to remove the `ports` match, all TCP traffic would be denied. As a result, it is recommended to always scope `DENY` policies to a specific port, -// especially when using HTTP attributes [Authorization Policy for TCP Ports](https://istio.io/latest/docs/tasks/security/authorization/authz-tcp/). -// -// The following authorization policy sets the `action` to `AUDIT`. It will audit any GET requests to the path with the -// prefix `/user/profile`. -// -// ```yaml -// apiVersion: security.istio.io/v1 -// kind: AuthorizationPolicy -// metadata: -// namespace: ns1 -// name: anyname -// spec: -// selector: -// matchLabels: -// app: myapi -// action: AUDIT -// rules: -// - to: -// - operation: -// methods: ["GET"] -// paths: ["/user/profile/*"] -// ``` -// -// Authorization Policy scope (target) is determined by "metadata/namespace" and -// an optional `selector`. -// -// - "metadata/namespace" tells which namespace the policy applies. If set to root -// namespace, the policy applies to all namespaces in a mesh. -// - workload `selector` can be used to further restrict where a policy applies. -// -// For example, the following authorization policy applies to all workloads in namespace `foo`. It allows nothing and effectively denies -// all requests to workloads in namespace `foo`. -// -// ```yaml -// apiVersion: security.istio.io/v1 -// kind: AuthorizationPolicy -// metadata: -// name: allow-nothing -// namespace: foo -// spec: -// {} -// ``` -// -// The following authorization policy allows all requests to workloads in namespace `foo`. -// -// ```yaml -// apiVersion: security.istio.io/v1 -// kind: AuthorizationPolicy -// metadata: -// name: allow-all -// namespace: foo -// spec: -// rules: -// - {} -// ``` -// -// The following authorization policy applies to workloads containing label `app: httpbin` in namespace `bar`. It allows -// nothing and effectively denies all requests to the selected workloads. -// -// ```yaml -// apiVersion: security.istio.io/v1 -// kind: AuthorizationPolicy -// metadata: -// name: allow-nothing -// namespace: bar -// spec: -// selector: -// matchLabels: -// app: httpbin -// ``` -// -// The following authorization policy applies to workloads containing label `version: v1` in all namespaces in the mesh. -// (Assuming the root namespace is configured to `istio-system`). -// -// ```yaml -// apiVersion: security.istio.io/v1 -// kind: AuthorizationPolicy -// metadata: -// name: allow-nothing -// namespace: istio-system -// spec: -// selector: -// matchLabels: -// version: v1 -// ``` -// -// The following example shows you how to set up an authorization policy using an [experimental annotation](https://istio.io/latest/docs/reference/config/annotations/) -// `istio.io/dry-run` to dry-run the policy without actually enforcing it. -// -// The dry-run annotation allows you to better understand the effect of an authorization policy before applying it to the production traffic. -// This helps to reduce the risk of breaking the production traffic caused by an incorrect authorization policy. -// For more information, see [dry-run tasks](https://istio.io/latest/docs/tasks/security/authorization/authz-dry-run/). -// -// ```yaml -// apiVersion: security.istio.io/v1 -// kind: AuthorizationPolicy -// metadata: -// name: dry-run-example -// annotations: -// "istio.io/dry-run": "true" -// spec: -// selector: -// matchLabels: -// app: httpbin -// action: DENY -// rules: -// - to: -// - operation: -// paths: ["/headers"] -// ``` - -package v1 - -import ( - _ "google.golang.org/genproto/googleapis/api/annotations" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - v1beta1 "istio.io/api/type/v1beta1" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// Action specifies the operation to take. -type AuthorizationPolicy_Action int32 - -const ( - // Allow a request only if it matches the rules. This is the default type. - AuthorizationPolicy_ALLOW AuthorizationPolicy_Action = 0 - // Deny a request if it matches any of the rules. - AuthorizationPolicy_DENY AuthorizationPolicy_Action = 1 - // Audit a request if it matches any of the rules. - AuthorizationPolicy_AUDIT AuthorizationPolicy_Action = 2 - // The CUSTOM action allows an extension to handle the user request if the matching rules evaluate to true. - // The extension is evaluated independently and before the native ALLOW and DENY actions. When used together, A request - // is allowed if and only if all the actions return allow, in other words, the extension cannot bypass the - // authorization decision made by ALLOW and DENY action. - // Extension behavior is defined by the named providers declared in MeshConfig. The authorization policy refers to - // the extension by specifying the name of the provider. - // One example use case of the extension is to integrate with a custom external authorization system to delegate - // the authorization decision to it. - // - // The following authorization policy applies to an ingress gateway and delegates the authorization check to a named extension - // `my-custom-authz` if the request path has prefix `/admin/`. - // - // ```yaml - // apiVersion: security.istio.io/v1beta1 - // kind: AuthorizationPolicy - // metadata: - // - // name: ext-authz - // namespace: istio-system - // - // spec: - // - // selector: - // matchLabels: - // app: istio-ingressgateway - // action: CUSTOM - // provider: - // name: "my-custom-authz" - // rules: - // - to: - // - operation: - // paths: ["/admin/*"] - // - // ``` - AuthorizationPolicy_CUSTOM AuthorizationPolicy_Action = 3 -) - -// Enum value maps for AuthorizationPolicy_Action. -var ( - AuthorizationPolicy_Action_name = map[int32]string{ - 0: "ALLOW", - 1: "DENY", - 2: "AUDIT", - 3: "CUSTOM", - } - AuthorizationPolicy_Action_value = map[string]int32{ - "ALLOW": 0, - "DENY": 1, - "AUDIT": 2, - "CUSTOM": 3, - } -) - -func (x AuthorizationPolicy_Action) Enum() *AuthorizationPolicy_Action { - p := new(AuthorizationPolicy_Action) - *p = x - return p -} - -func (x AuthorizationPolicy_Action) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (AuthorizationPolicy_Action) Descriptor() protoreflect.EnumDescriptor { - return file_security_v1_authorization_policy_proto_enumTypes[0].Descriptor() -} - -func (AuthorizationPolicy_Action) Type() protoreflect.EnumType { - return &file_security_v1_authorization_policy_proto_enumTypes[0] -} - -func (x AuthorizationPolicy_Action) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use AuthorizationPolicy_Action.Descriptor instead. -func (AuthorizationPolicy_Action) EnumDescriptor() ([]byte, []int) { - return file_security_v1_authorization_policy_proto_rawDescGZIP(), []int{0, 0} -} - -// AuthorizationPolicy enables access control on workloads. -// -// -// -type AuthorizationPolicy struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Optional. The selector decides where to apply the authorization policy. The selector will match with workloads - // in the same namespace as the authorization policy. If the authorization policy is in the root namespace, the selector - // will additionally match with workloads in all namespaces. - // - // If the selector and the targetRef are not set, the selector will match all workloads. - // - // At most one of `selector` or `targetRefs` can be set for a given policy. - Selector *v1beta1.WorkloadSelector `protobuf:"bytes,1,opt,name=selector,proto3" json:"selector,omitempty"` - // $hide_from_docs - TargetRef *v1beta1.PolicyTargetReference `protobuf:"bytes,5,opt,name=targetRef,proto3" json:"targetRef,omitempty"` - // Optional. The targetRefs specifies a list of resources the policy should be - // applied to. The targeted resources specified will determine which workloads - // the policy applies to. - // - // Currently, the following resource attachment types are supported: - // * `kind: Gateway` with `group: gateway.networking.k8s.io` in the same namespace. - // * `kind: Service` with `""` in the same namespace. This type is only supported for waypoints. - // - // If not set, the policy is applied as defined by the selector. - // At most one of the selector and targetRefs can be set. - // - // NOTE: If you are using the `targetRefs` field in a multi-revision environment with Istio versions prior to 1.22, - // it is highly recommended that you pin the policy to a revision running 1.22+ via the `istio.io/rev` label. - // This is to prevent proxies connected to older control planes (that don't know about the `targetRefs` field) - // from misinterpreting the policy as namespace-wide during the upgrade process. - // - // NOTE: Waypoint proxies are required to use this field for policies to apply; `selector` policies will be ignored. - TargetRefs []*v1beta1.PolicyTargetReference `protobuf:"bytes,6,rep,name=targetRefs,proto3" json:"targetRefs,omitempty"` - // Optional. A list of rules to match the request. A match occurs when at least one rule matches the request. - // - // If not set, the match will never occur. This is equivalent to setting a default of deny for the target workloads if - // the action is ALLOW. - Rules []*Rule `protobuf:"bytes,2,rep,name=rules,proto3" json:"rules,omitempty"` - // Optional. The action to take if the request is matched with the rules. Default is ALLOW if not specified. - Action AuthorizationPolicy_Action `protobuf:"varint,3,opt,name=action,proto3,enum=istio.security.v1.AuthorizationPolicy_Action" json:"action,omitempty"` - // Types that are assignable to ActionDetail: - // - // *AuthorizationPolicy_Provider - ActionDetail isAuthorizationPolicy_ActionDetail `protobuf_oneof:"action_detail"` -} - -func (x *AuthorizationPolicy) Reset() { - *x = AuthorizationPolicy{} - if protoimpl.UnsafeEnabled { - mi := &file_security_v1_authorization_policy_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *AuthorizationPolicy) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*AuthorizationPolicy) ProtoMessage() {} - -func (x *AuthorizationPolicy) ProtoReflect() protoreflect.Message { - mi := &file_security_v1_authorization_policy_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use AuthorizationPolicy.ProtoReflect.Descriptor instead. -func (*AuthorizationPolicy) Descriptor() ([]byte, []int) { - return file_security_v1_authorization_policy_proto_rawDescGZIP(), []int{0} -} - -func (x *AuthorizationPolicy) GetSelector() *v1beta1.WorkloadSelector { - if x != nil { - return x.Selector - } - return nil -} - -func (x *AuthorizationPolicy) GetTargetRef() *v1beta1.PolicyTargetReference { - if x != nil { - return x.TargetRef - } - return nil -} - -func (x *AuthorizationPolicy) GetTargetRefs() []*v1beta1.PolicyTargetReference { - if x != nil { - return x.TargetRefs - } - return nil -} - -func (x *AuthorizationPolicy) GetRules() []*Rule { - if x != nil { - return x.Rules - } - return nil -} - -func (x *AuthorizationPolicy) GetAction() AuthorizationPolicy_Action { - if x != nil { - return x.Action - } - return AuthorizationPolicy_ALLOW -} - -func (m *AuthorizationPolicy) GetActionDetail() isAuthorizationPolicy_ActionDetail { - if m != nil { - return m.ActionDetail - } - return nil -} - -func (x *AuthorizationPolicy) GetProvider() *AuthorizationPolicy_ExtensionProvider { - if x, ok := x.GetActionDetail().(*AuthorizationPolicy_Provider); ok { - return x.Provider - } - return nil -} - -type isAuthorizationPolicy_ActionDetail interface { - isAuthorizationPolicy_ActionDetail() -} - -type AuthorizationPolicy_Provider struct { - // Specifies detailed configuration of the CUSTOM action. Must be used only with CUSTOM action. - Provider *AuthorizationPolicy_ExtensionProvider `protobuf:"bytes,4,opt,name=provider,proto3,oneof"` -} - -func (*AuthorizationPolicy_Provider) isAuthorizationPolicy_ActionDetail() {} - -// Rule matches requests from a list of sources that perform a list of operations subject to a -// list of conditions. A match occurs when at least one source, one operation and all conditions -// matches the request. An empty rule is always matched. -// -// Any string field in the rule supports Exact, Prefix, Suffix and Presence match: -// -// - Exact match: `abc` will match on value `abc`. -// - Prefix match: `abc*` will match on value `abc` and `abcd`. -// - Suffix match: `*abc` will match on value `abc` and `xabc`. -// - Presence match: `*` will match when value is not empty. -type Rule struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Optional. `from` specifies the source of a request. - // - // If not set, any source is allowed. - From []*Rule_From `protobuf:"bytes,1,rep,name=from,proto3" json:"from,omitempty"` - // Optional. `to` specifies the operation of a request. - // - // If not set, any operation is allowed. - To []*Rule_To `protobuf:"bytes,2,rep,name=to,proto3" json:"to,omitempty"` - // Optional. `when` specifies a list of additional conditions of a request. - // - // If not set, any condition is allowed. - When []*Condition `protobuf:"bytes,3,rep,name=when,proto3" json:"when,omitempty"` -} - -func (x *Rule) Reset() { - *x = Rule{} - if protoimpl.UnsafeEnabled { - mi := &file_security_v1_authorization_policy_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Rule) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Rule) ProtoMessage() {} - -func (x *Rule) ProtoReflect() protoreflect.Message { - mi := &file_security_v1_authorization_policy_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Rule.ProtoReflect.Descriptor instead. -func (*Rule) Descriptor() ([]byte, []int) { - return file_security_v1_authorization_policy_proto_rawDescGZIP(), []int{1} -} - -func (x *Rule) GetFrom() []*Rule_From { - if x != nil { - return x.From - } - return nil -} - -func (x *Rule) GetTo() []*Rule_To { - if x != nil { - return x.To - } - return nil -} - -func (x *Rule) GetWhen() []*Condition { - if x != nil { - return x.When - } - return nil -} - -// Source specifies the source identities of a request. Fields in the source are -// ANDed together. -// -// For example, the following source matches if the principal is `admin` or `dev` -// and the namespace is `prod` or `test` and the ip is not `203.0.113.4`. -// -// ```yaml -// principals: ["admin", "dev"] -// namespaces: ["prod", "test"] -// notIpBlocks: ["203.0.113.4"] -// ``` -type Source struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Optional. A list of peer identities derived from the peer certificate. The peer identity is in the format of - // `"/ns//sa/"`, for example, `"cluster.local/ns/default/sa/productpage"`. - // This field requires mTLS enabled and is the same as the `source.principal` attribute. - // - // If not set, any principal is allowed. - Principals []string `protobuf:"bytes,1,rep,name=principals,proto3" json:"principals,omitempty"` - // Optional. A list of negative match of peer identities. - NotPrincipals []string `protobuf:"bytes,5,rep,name=not_principals,json=notPrincipals,proto3" json:"not_principals,omitempty"` - // Optional. A list of request identities derived from the JWT. The request identity is in the format of - // `"/"`, for example, `"example.com/sub-1"`. This field requires request authentication enabled and is the - // same as the `request.auth.principal` attribute. - // - // If not set, any request principal is allowed. - RequestPrincipals []string `protobuf:"bytes,2,rep,name=request_principals,json=requestPrincipals,proto3" json:"request_principals,omitempty"` - // Optional. A list of negative match of request identities. - NotRequestPrincipals []string `protobuf:"bytes,6,rep,name=not_request_principals,json=notRequestPrincipals,proto3" json:"not_request_principals,omitempty"` - // Optional. A list of namespaces derived from the peer certificate. - // This field requires mTLS enabled and is the same as the `source.namespace` attribute. - // - // If not set, any namespace is allowed. - Namespaces []string `protobuf:"bytes,3,rep,name=namespaces,proto3" json:"namespaces,omitempty"` - // Optional. A list of negative match of namespaces. - NotNamespaces []string `protobuf:"bytes,7,rep,name=not_namespaces,json=notNamespaces,proto3" json:"not_namespaces,omitempty"` - // Optional. A list of IP blocks, populated from the source address of the IP packet. Single IP (e.g. `203.0.113.4`) and - // CIDR (e.g. `203.0.113.0/24`) are supported. This is the same as the `source.ip` attribute. - // - // If not set, any IP is allowed. - IpBlocks []string `protobuf:"bytes,4,rep,name=ip_blocks,json=ipBlocks,proto3" json:"ip_blocks,omitempty"` - // Optional. A list of negative match of IP blocks. - NotIpBlocks []string `protobuf:"bytes,8,rep,name=not_ip_blocks,json=notIpBlocks,proto3" json:"not_ip_blocks,omitempty"` - // Optional. A list of IP blocks, populated from `X-Forwarded-For` header or proxy protocol. - // To make use of this field, you must configure the `numTrustedProxies` field of the `gatewayTopology` under the `meshConfig` - // when you install Istio or using an annotation on the ingress gateway. See the documentation here: - // [Configuring Gateway Network Topology](https://istio.io/latest/docs/ops/configuration/traffic-management/network-topologies/). - // Single IP (e.g. `203.0.113.4`) and CIDR (e.g. `203.0.113.0/24`) are supported. - // This is the same as the `remote.ip` attribute. - // - // If not set, any IP is allowed. - RemoteIpBlocks []string `protobuf:"bytes,9,rep,name=remote_ip_blocks,json=remoteIpBlocks,proto3" json:"remote_ip_blocks,omitempty"` - // Optional. A list of negative match of remote IP blocks. - NotRemoteIpBlocks []string `protobuf:"bytes,10,rep,name=not_remote_ip_blocks,json=notRemoteIpBlocks,proto3" json:"not_remote_ip_blocks,omitempty"` -} - -func (x *Source) Reset() { - *x = Source{} - if protoimpl.UnsafeEnabled { - mi := &file_security_v1_authorization_policy_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Source) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Source) ProtoMessage() {} - -func (x *Source) ProtoReflect() protoreflect.Message { - mi := &file_security_v1_authorization_policy_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Source.ProtoReflect.Descriptor instead. -func (*Source) Descriptor() ([]byte, []int) { - return file_security_v1_authorization_policy_proto_rawDescGZIP(), []int{2} -} - -func (x *Source) GetPrincipals() []string { - if x != nil { - return x.Principals - } - return nil -} - -func (x *Source) GetNotPrincipals() []string { - if x != nil { - return x.NotPrincipals - } - return nil -} - -func (x *Source) GetRequestPrincipals() []string { - if x != nil { - return x.RequestPrincipals - } - return nil -} - -func (x *Source) GetNotRequestPrincipals() []string { - if x != nil { - return x.NotRequestPrincipals - } - return nil -} - -func (x *Source) GetNamespaces() []string { - if x != nil { - return x.Namespaces - } - return nil -} - -func (x *Source) GetNotNamespaces() []string { - if x != nil { - return x.NotNamespaces - } - return nil -} - -func (x *Source) GetIpBlocks() []string { - if x != nil { - return x.IpBlocks - } - return nil -} - -func (x *Source) GetNotIpBlocks() []string { - if x != nil { - return x.NotIpBlocks - } - return nil -} - -func (x *Source) GetRemoteIpBlocks() []string { - if x != nil { - return x.RemoteIpBlocks - } - return nil -} - -func (x *Source) GetNotRemoteIpBlocks() []string { - if x != nil { - return x.NotRemoteIpBlocks - } - return nil -} - -// Operation specifies the operations of a request. Fields in the operation are -// ANDed together. -// -// For example, the following operation matches if the host has suffix `.example.com` -// and the method is `GET` or `HEAD` and the path doesn't have prefix `/admin`. -// -// ```yaml -// hosts: ["*.example.com"] -// methods: ["GET", "HEAD"] -// notPaths: ["/admin*"] -// ``` -type Operation struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Optional. A list of hosts as specified in the HTTP request. The match is case-insensitive. - // See the [security best practices](https://istio.io/latest/docs/ops/best-practices/security/#writing-host-match-policies) for - // recommended usage of this field. - // - // If not set, any host is allowed. Must be used only with HTTP. - Hosts []string `protobuf:"bytes,1,rep,name=hosts,proto3" json:"hosts,omitempty"` - // Optional. A list of negative match of hosts as specified in the HTTP request. The match is case-insensitive. - NotHosts []string `protobuf:"bytes,5,rep,name=not_hosts,json=notHosts,proto3" json:"not_hosts,omitempty"` - // Optional. A list of ports as specified in the connection. - // - // If not set, any port is allowed. - Ports []string `protobuf:"bytes,2,rep,name=ports,proto3" json:"ports,omitempty"` - // Optional. A list of negative match of ports as specified in the connection. - NotPorts []string `protobuf:"bytes,6,rep,name=not_ports,json=notPorts,proto3" json:"not_ports,omitempty"` - // Optional. A list of methods as specified in the HTTP request. - // For gRPC service, this will always be `POST`. - // - // If not set, any method is allowed. Must be used only with HTTP. - Methods []string `protobuf:"bytes,3,rep,name=methods,proto3" json:"methods,omitempty"` - // Optional. A list of negative match of methods as specified in the HTTP request. - NotMethods []string `protobuf:"bytes,7,rep,name=not_methods,json=notMethods,proto3" json:"not_methods,omitempty"` - // Optional. A list of paths as specified in the HTTP request. See the [Authorization Policy Normalization](https://istio.io/latest/docs/reference/config/security/normalization/) - // for details of the path normalization. - // For gRPC service, this will be the fully-qualified name in the form of `/package.service/method`. - // - // If a path in the list contains the `{*}` or `{**}` path template operator, it will be interpreted as an [Envoy Uri Template](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/path/match/uri_template/v3/uri_template_match.proto). - // To be a valid path template, the path must not contain `*`, `{`, or `}` outside of a supported operator. No other characters are allowed in the path segment with the path template operator. - // - `{*}` matches a single glob that cannot extend beyond a path segment. - // - `{**}` matches zero or more globs. If a path contains `{**}`, it must be the last operator. - // - // Examples: - // - `/foo/{*}` matches `/foo/bar` but not `/foo/bar/baz` - // - `/foo/{**}/` matches `/foo/bar/`, `/foo/bar/baz.txt`, and `/foo//` but not `/foo/bar` - // - `/foo/{*}/bar/{**}` matches `/foo/buzz/bar/` and `/foo/buzz/bar/baz` - // - `/*/baz/{*}“ is not a valid path template since it includes `*` outside of a supported operator - // - `/**/baz/{*}“ is not a valid path template since it includes `**` outside of a supported operator - // - `/{**}/foo/{*}` is not a valid path template since `{**}` is not the last operator - // - `/foo/{*}.txt` is invalid since there are characters other than `{*}` in the path segment - // - // If not set, any path is allowed. Must be used only with HTTP. - Paths []string `protobuf:"bytes,4,rep,name=paths,proto3" json:"paths,omitempty"` - // Optional. A list of negative match of paths. - NotPaths []string `protobuf:"bytes,8,rep,name=not_paths,json=notPaths,proto3" json:"not_paths,omitempty"` -} - -func (x *Operation) Reset() { - *x = Operation{} - if protoimpl.UnsafeEnabled { - mi := &file_security_v1_authorization_policy_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Operation) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Operation) ProtoMessage() {} - -func (x *Operation) ProtoReflect() protoreflect.Message { - mi := &file_security_v1_authorization_policy_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Operation.ProtoReflect.Descriptor instead. -func (*Operation) Descriptor() ([]byte, []int) { - return file_security_v1_authorization_policy_proto_rawDescGZIP(), []int{3} -} - -func (x *Operation) GetHosts() []string { - if x != nil { - return x.Hosts - } - return nil -} - -func (x *Operation) GetNotHosts() []string { - if x != nil { - return x.NotHosts - } - return nil -} - -func (x *Operation) GetPorts() []string { - if x != nil { - return x.Ports - } - return nil -} - -func (x *Operation) GetNotPorts() []string { - if x != nil { - return x.NotPorts - } - return nil -} - -func (x *Operation) GetMethods() []string { - if x != nil { - return x.Methods - } - return nil -} - -func (x *Operation) GetNotMethods() []string { - if x != nil { - return x.NotMethods - } - return nil -} - -func (x *Operation) GetPaths() []string { - if x != nil { - return x.Paths - } - return nil -} - -func (x *Operation) GetNotPaths() []string { - if x != nil { - return x.NotPaths - } - return nil -} - -// Condition specifies additional required attributes. -type Condition struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The name of an Istio attribute. - // See the [full list of supported attributes](https://istio.io/docs/reference/config/security/conditions/). - Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"` - // Optional. A list of allowed values for the attribute. - // Note: at least one of `values` or `notValues` must be set. - Values []string `protobuf:"bytes,2,rep,name=values,proto3" json:"values,omitempty"` - // Optional. A list of negative match of values for the attribute. - // Note: at least one of `values` or `notValues` must be set. - NotValues []string `protobuf:"bytes,3,rep,name=not_values,json=notValues,proto3" json:"not_values,omitempty"` -} - -func (x *Condition) Reset() { - *x = Condition{} - if protoimpl.UnsafeEnabled { - mi := &file_security_v1_authorization_policy_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Condition) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Condition) ProtoMessage() {} - -func (x *Condition) ProtoReflect() protoreflect.Message { - mi := &file_security_v1_authorization_policy_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Condition.ProtoReflect.Descriptor instead. -func (*Condition) Descriptor() ([]byte, []int) { - return file_security_v1_authorization_policy_proto_rawDescGZIP(), []int{4} -} - -func (x *Condition) GetKey() string { - if x != nil { - return x.Key - } - return "" -} - -func (x *Condition) GetValues() []string { - if x != nil { - return x.Values - } - return nil -} - -func (x *Condition) GetNotValues() []string { - if x != nil { - return x.NotValues - } - return nil -} - -type AuthorizationPolicy_ExtensionProvider struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Specifies the name of the extension provider. The list of available providers is defined in the MeshConfig. - // Note, currently at most 1 extension provider is allowed per workload. Different workloads can use different extension provider. - Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` -} - -func (x *AuthorizationPolicy_ExtensionProvider) Reset() { - *x = AuthorizationPolicy_ExtensionProvider{} - if protoimpl.UnsafeEnabled { - mi := &file_security_v1_authorization_policy_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *AuthorizationPolicy_ExtensionProvider) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*AuthorizationPolicy_ExtensionProvider) ProtoMessage() {} - -func (x *AuthorizationPolicy_ExtensionProvider) ProtoReflect() protoreflect.Message { - mi := &file_security_v1_authorization_policy_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use AuthorizationPolicy_ExtensionProvider.ProtoReflect.Descriptor instead. -func (*AuthorizationPolicy_ExtensionProvider) Descriptor() ([]byte, []int) { - return file_security_v1_authorization_policy_proto_rawDescGZIP(), []int{0, 0} -} - -func (x *AuthorizationPolicy_ExtensionProvider) GetName() string { - if x != nil { - return x.Name - } - return "" -} - -// From includes a list of sources. -type Rule_From struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Source specifies the source of a request. - Source *Source `protobuf:"bytes,1,opt,name=source,proto3" json:"source,omitempty"` -} - -func (x *Rule_From) Reset() { - *x = Rule_From{} - if protoimpl.UnsafeEnabled { - mi := &file_security_v1_authorization_policy_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Rule_From) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Rule_From) ProtoMessage() {} - -func (x *Rule_From) ProtoReflect() protoreflect.Message { - mi := &file_security_v1_authorization_policy_proto_msgTypes[6] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Rule_From.ProtoReflect.Descriptor instead. -func (*Rule_From) Descriptor() ([]byte, []int) { - return file_security_v1_authorization_policy_proto_rawDescGZIP(), []int{1, 0} -} - -func (x *Rule_From) GetSource() *Source { - if x != nil { - return x.Source - } - return nil -} - -// To includes a list of operations. -type Rule_To struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Operation specifies the operation of a request. - Operation *Operation `protobuf:"bytes,1,opt,name=operation,proto3" json:"operation,omitempty"` -} - -func (x *Rule_To) Reset() { - *x = Rule_To{} - if protoimpl.UnsafeEnabled { - mi := &file_security_v1_authorization_policy_proto_msgTypes[7] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Rule_To) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Rule_To) ProtoMessage() {} - -func (x *Rule_To) ProtoReflect() protoreflect.Message { - mi := &file_security_v1_authorization_policy_proto_msgTypes[7] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Rule_To.ProtoReflect.Descriptor instead. -func (*Rule_To) Descriptor() ([]byte, []int) { - return file_security_v1_authorization_policy_proto_rawDescGZIP(), []int{1, 1} -} - -func (x *Rule_To) GetOperation() *Operation { - if x != nil { - return x.Operation - } - return nil -} - -var File_security_v1_authorization_policy_proto protoreflect.FileDescriptor - -var file_security_v1_authorization_policy_proto_rawDesc = []byte{ - 0x0a, 0x26, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2f, 0x76, 0x31, 0x2f, 0x61, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x6f, 0x6c, 0x69, - 0x63, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x11, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, - 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, - 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x74, 0x79, - 0x70, 0x65, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x73, 0x65, 0x6c, 0x65, 0x63, - 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xa9, 0x04, 0x0a, 0x13, 0x41, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6c, 0x69, 0x63, - 0x79, 0x12, 0x40, 0x0a, 0x08, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x74, 0x79, 0x70, 0x65, - 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, - 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x52, 0x08, 0x73, 0x65, 0x6c, 0x65, 0x63, - 0x74, 0x6f, 0x72, 0x12, 0x47, 0x0a, 0x09, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, - 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x74, - 0x79, 0x70, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x50, 0x6f, 0x6c, 0x69, - 0x63, 0x79, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, - 0x65, 0x52, 0x09, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x12, 0x49, 0x0a, 0x0a, - 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x29, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x76, 0x31, - 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x54, 0x61, 0x72, 0x67, - 0x65, 0x74, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x0a, 0x74, 0x61, 0x72, - 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x73, 0x12, 0x2d, 0x0a, 0x05, 0x72, 0x75, 0x6c, 0x65, 0x73, - 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x73, - 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x75, 0x6c, 0x65, 0x52, - 0x05, 0x72, 0x75, 0x6c, 0x65, 0x73, 0x12, 0x45, 0x0a, 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, - 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x73, - 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, - 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x41, - 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x56, 0x0a, - 0x08, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x38, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, - 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, - 0x6e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x48, 0x00, 0x52, 0x08, 0x70, 0x72, 0x6f, - 0x76, 0x69, 0x64, 0x65, 0x72, 0x1a, 0x27, 0x0a, 0x11, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, - 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, - 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x34, - 0x0a, 0x06, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x4c, 0x4c, 0x4f, - 0x57, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x44, 0x45, 0x4e, 0x59, 0x10, 0x01, 0x12, 0x09, 0x0a, - 0x05, 0x41, 0x55, 0x44, 0x49, 0x54, 0x10, 0x02, 0x12, 0x0a, 0x0a, 0x06, 0x43, 0x55, 0x53, 0x54, - 0x4f, 0x4d, 0x10, 0x03, 0x42, 0x0f, 0x0a, 0x0d, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x64, - 0x65, 0x74, 0x61, 0x69, 0x6c, 0x22, 0x93, 0x02, 0x0a, 0x04, 0x52, 0x75, 0x6c, 0x65, 0x12, 0x30, - 0x0a, 0x04, 0x66, 0x72, 0x6f, 0x6d, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x69, - 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, - 0x2e, 0x52, 0x75, 0x6c, 0x65, 0x2e, 0x46, 0x72, 0x6f, 0x6d, 0x52, 0x04, 0x66, 0x72, 0x6f, 0x6d, - 0x12, 0x2a, 0x0a, 0x02, 0x74, 0x6f, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x69, - 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, - 0x2e, 0x52, 0x75, 0x6c, 0x65, 0x2e, 0x54, 0x6f, 0x52, 0x02, 0x74, 0x6f, 0x12, 0x30, 0x0a, 0x04, - 0x77, 0x68, 0x65, 0x6e, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x69, 0x73, 0x74, - 0x69, 0x6f, 0x2e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x43, - 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x04, 0x77, 0x68, 0x65, 0x6e, 0x1a, 0x39, - 0x0a, 0x04, 0x46, 0x72, 0x6f, 0x6d, 0x12, 0x31, 0x0a, 0x06, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x73, - 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x6f, 0x75, 0x72, 0x63, - 0x65, 0x52, 0x06, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x1a, 0x40, 0x0a, 0x02, 0x54, 0x6f, 0x12, - 0x3a, 0x0a, 0x09, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x73, 0x65, 0x63, 0x75, 0x72, - 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x52, 0x09, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x97, 0x03, 0x0a, 0x06, - 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, - 0x70, 0x61, 0x6c, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x70, 0x72, 0x69, 0x6e, - 0x63, 0x69, 0x70, 0x61, 0x6c, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x6e, 0x6f, 0x74, 0x5f, 0x70, 0x72, - 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0d, - 0x6e, 0x6f, 0x74, 0x50, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x73, 0x12, 0x2d, 0x0a, - 0x12, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, - 0x61, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x11, 0x72, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x50, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x73, 0x12, 0x34, 0x0a, 0x16, - 0x6e, 0x6f, 0x74, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x70, 0x72, 0x69, 0x6e, - 0x63, 0x69, 0x70, 0x61, 0x6c, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52, 0x14, 0x6e, 0x6f, - 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x50, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, - 0x6c, 0x73, 0x12, 0x1e, 0x0a, 0x0a, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x73, - 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, - 0x65, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x6e, 0x6f, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, - 0x61, 0x63, 0x65, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0d, 0x6e, 0x6f, 0x74, 0x4e, - 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x69, 0x70, 0x5f, - 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x69, 0x70, - 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x73, 0x12, 0x22, 0x0a, 0x0d, 0x6e, 0x6f, 0x74, 0x5f, 0x69, 0x70, - 0x5f, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0b, 0x6e, - 0x6f, 0x74, 0x49, 0x70, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x73, 0x12, 0x28, 0x0a, 0x10, 0x72, 0x65, - 0x6d, 0x6f, 0x74, 0x65, 0x5f, 0x69, 0x70, 0x5f, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x73, 0x18, 0x09, - 0x20, 0x03, 0x28, 0x09, 0x52, 0x0e, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x49, 0x70, 0x42, 0x6c, - 0x6f, 0x63, 0x6b, 0x73, 0x12, 0x2f, 0x0a, 0x14, 0x6e, 0x6f, 0x74, 0x5f, 0x72, 0x65, 0x6d, 0x6f, - 0x74, 0x65, 0x5f, 0x69, 0x70, 0x5f, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x73, 0x18, 0x0a, 0x20, 0x03, - 0x28, 0x09, 0x52, 0x11, 0x6e, 0x6f, 0x74, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x49, 0x70, 0x42, - 0x6c, 0x6f, 0x63, 0x6b, 0x73, 0x22, 0xdf, 0x01, 0x0a, 0x09, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x12, 0x14, 0x0a, 0x05, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, - 0x28, 0x09, 0x52, 0x05, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x6e, 0x6f, 0x74, - 0x5f, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x6e, 0x6f, - 0x74, 0x48, 0x6f, 0x73, 0x74, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, - 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x12, 0x1b, 0x0a, 0x09, - 0x6e, 0x6f, 0x74, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52, - 0x08, 0x6e, 0x6f, 0x74, 0x50, 0x6f, 0x72, 0x74, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x6d, 0x65, 0x74, - 0x68, 0x6f, 0x64, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x6d, 0x65, 0x74, 0x68, - 0x6f, 0x64, 0x73, 0x12, 0x1f, 0x0a, 0x0b, 0x6e, 0x6f, 0x74, 0x5f, 0x6d, 0x65, 0x74, 0x68, 0x6f, - 0x64, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x6e, 0x6f, 0x74, 0x4d, 0x65, 0x74, - 0x68, 0x6f, 0x64, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x70, 0x61, 0x74, 0x68, 0x73, 0x18, 0x04, 0x20, - 0x03, 0x28, 0x09, 0x52, 0x05, 0x70, 0x61, 0x74, 0x68, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x6e, 0x6f, - 0x74, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x6e, - 0x6f, 0x74, 0x50, 0x61, 0x74, 0x68, 0x73, 0x22, 0x59, 0x0a, 0x09, 0x43, 0x6f, 0x6e, 0x64, 0x69, - 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x15, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x16, 0x0a, 0x06, 0x76, - 0x61, 0x6c, 0x75, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x06, 0x76, 0x61, 0x6c, - 0x75, 0x65, 0x73, 0x12, 0x1d, 0x0a, 0x0a, 0x6e, 0x6f, 0x74, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x09, 0x6e, 0x6f, 0x74, 0x56, 0x61, 0x6c, 0x75, - 0x65, 0x73, 0x42, 0x1a, 0x5a, 0x18, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, - 0x70, 0x69, 0x2f, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2f, 0x76, 0x31, 0x62, 0x06, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} - -var ( - file_security_v1_authorization_policy_proto_rawDescOnce sync.Once - file_security_v1_authorization_policy_proto_rawDescData = file_security_v1_authorization_policy_proto_rawDesc -) - -func file_security_v1_authorization_policy_proto_rawDescGZIP() []byte { - file_security_v1_authorization_policy_proto_rawDescOnce.Do(func() { - file_security_v1_authorization_policy_proto_rawDescData = protoimpl.X.CompressGZIP(file_security_v1_authorization_policy_proto_rawDescData) - }) - return file_security_v1_authorization_policy_proto_rawDescData -} - -var file_security_v1_authorization_policy_proto_enumTypes = make([]protoimpl.EnumInfo, 1) -var file_security_v1_authorization_policy_proto_msgTypes = make([]protoimpl.MessageInfo, 8) -var file_security_v1_authorization_policy_proto_goTypes = []interface{}{ - (AuthorizationPolicy_Action)(0), // 0: istio.security.v1.AuthorizationPolicy.Action - (*AuthorizationPolicy)(nil), // 1: istio.security.v1.AuthorizationPolicy - (*Rule)(nil), // 2: istio.security.v1.Rule - (*Source)(nil), // 3: istio.security.v1.Source - (*Operation)(nil), // 4: istio.security.v1.Operation - (*Condition)(nil), // 5: istio.security.v1.Condition - (*AuthorizationPolicy_ExtensionProvider)(nil), // 6: istio.security.v1.AuthorizationPolicy.ExtensionProvider - (*Rule_From)(nil), // 7: istio.security.v1.Rule.From - (*Rule_To)(nil), // 8: istio.security.v1.Rule.To - (*v1beta1.WorkloadSelector)(nil), // 9: istio.type.v1beta1.WorkloadSelector - (*v1beta1.PolicyTargetReference)(nil), // 10: istio.type.v1beta1.PolicyTargetReference -} -var file_security_v1_authorization_policy_proto_depIdxs = []int32{ - 9, // 0: istio.security.v1.AuthorizationPolicy.selector:type_name -> istio.type.v1beta1.WorkloadSelector - 10, // 1: istio.security.v1.AuthorizationPolicy.targetRef:type_name -> istio.type.v1beta1.PolicyTargetReference - 10, // 2: istio.security.v1.AuthorizationPolicy.targetRefs:type_name -> istio.type.v1beta1.PolicyTargetReference - 2, // 3: istio.security.v1.AuthorizationPolicy.rules:type_name -> istio.security.v1.Rule - 0, // 4: istio.security.v1.AuthorizationPolicy.action:type_name -> istio.security.v1.AuthorizationPolicy.Action - 6, // 5: istio.security.v1.AuthorizationPolicy.provider:type_name -> istio.security.v1.AuthorizationPolicy.ExtensionProvider - 7, // 6: istio.security.v1.Rule.from:type_name -> istio.security.v1.Rule.From - 8, // 7: istio.security.v1.Rule.to:type_name -> istio.security.v1.Rule.To - 5, // 8: istio.security.v1.Rule.when:type_name -> istio.security.v1.Condition - 3, // 9: istio.security.v1.Rule.From.source:type_name -> istio.security.v1.Source - 4, // 10: istio.security.v1.Rule.To.operation:type_name -> istio.security.v1.Operation - 11, // [11:11] is the sub-list for method output_type - 11, // [11:11] is the sub-list for method input_type - 11, // [11:11] is the sub-list for extension type_name - 11, // [11:11] is the sub-list for extension extendee - 0, // [0:11] is the sub-list for field type_name -} - -func init() { file_security_v1_authorization_policy_proto_init() } -func file_security_v1_authorization_policy_proto_init() { - if File_security_v1_authorization_policy_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_security_v1_authorization_policy_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*AuthorizationPolicy); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_security_v1_authorization_policy_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Rule); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_security_v1_authorization_policy_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Source); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_security_v1_authorization_policy_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Operation); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_security_v1_authorization_policy_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Condition); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_security_v1_authorization_policy_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*AuthorizationPolicy_ExtensionProvider); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_security_v1_authorization_policy_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Rule_From); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_security_v1_authorization_policy_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Rule_To); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - file_security_v1_authorization_policy_proto_msgTypes[0].OneofWrappers = []interface{}{ - (*AuthorizationPolicy_Provider)(nil), - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_security_v1_authorization_policy_proto_rawDesc, - NumEnums: 1, - NumMessages: 8, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_security_v1_authorization_policy_proto_goTypes, - DependencyIndexes: file_security_v1_authorization_policy_proto_depIdxs, - EnumInfos: file_security_v1_authorization_policy_proto_enumTypes, - MessageInfos: file_security_v1_authorization_policy_proto_msgTypes, - }.Build() - File_security_v1_authorization_policy_proto = out.File - file_security_v1_authorization_policy_proto_rawDesc = nil - file_security_v1_authorization_policy_proto_goTypes = nil - file_security_v1_authorization_policy_proto_depIdxs = nil -} diff --git a/security/v1/authorization_policy.proto b/security/v1/authorization_policy.proto deleted file mode 100644 index a0e9a258566..00000000000 --- a/security/v1/authorization_policy.proto +++ /dev/null @@ -1,542 +0,0 @@ -// Copyright 2019 Istio Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -syntax = "proto3"; - -import "google/api/field_behavior.proto"; -import "type/v1beta1/selector.proto"; - -// $schema: istio.security.v1.AuthorizationPolicy -// $title: Authorization Policy -// $description: Configuration for access control on workloads. -// $location: https://istio.io/docs/reference/config/security/authorization-policy.html -// $weight: 20 -// $aliases: [/docs/reference/config/authorization/authorization-policy] -// $mode: none - -// Istio Authorization Policy enables access control on workloads in the mesh. -// -// Authorization policy supports CUSTOM, DENY and ALLOW actions for access control. When CUSTOM, DENY and ALLOW actions -// are used for a workload at the same time, the CUSTOM action is evaluated first, then the DENY action, and finally the ALLOW action. -// The evaluation is determined by the following rules: -// -// 1. If there are any CUSTOM policies that match the request, evaluate and deny the request if the evaluation result is deny. -// 2. If there are any DENY policies that match the request, deny the request. -// 3. If there are no ALLOW policies for the workload, allow the request. -// 4. If any of the ALLOW policies match the request, allow the request. -// 5. Deny the request. -// -// Istio Authorization Policy also supports the AUDIT action to decide whether to log requests. -// AUDIT policies do not affect whether requests are allowed or denied to the workload. -// Requests will be allowed or denied based solely on CUSTOM, DENY and ALLOW actions. -// -// A request will be internally marked that it should be audited if there is an AUDIT policy on the workload that matches the request. -// A separate plugin must be configured and enabled to actually fulfill the audit decision and complete the audit behavior. -// The request will not be audited if there are no such supporting plugins enabled. -// -// Here is an example of Istio Authorization Policy: -// -// It sets the `action` to `ALLOW` to create an allow policy. The default action is `ALLOW` -// but it is useful to be explicit in the policy. -// -// It allows requests from: -// -// - service account `cluster.local/ns/default/sa/sleep` or -// - namespace `test` -// -// to access the workload with: -// -// - `GET` method at paths of prefix `/info` or, -// - `POST` method at path `/data`. -// -// when the request has a valid JWT token issued by `https://accounts.google.com`. -// -// Any other requests will be denied. -// -// ```yaml -// apiVersion: security.istio.io/v1 -// kind: AuthorizationPolicy -// metadata: -// name: httpbin -// namespace: foo -// spec: -// action: ALLOW -// rules: -// - from: -// - source: -// principals: ["cluster.local/ns/default/sa/sleep"] -// - source: -// namespaces: ["test"] -// to: -// - operation: -// methods: ["GET"] -// paths: ["/info*"] -// - operation: -// methods: ["POST"] -// paths: ["/data"] -// when: -// - key: request.auth.claims[iss] -// values: ["https://accounts.google.com"] -// ``` -// -// The following is another example that sets `action` to `DENY` to create a deny policy. -// It denies requests from the `dev` namespace to the `POST` method on all workloads -// in the `foo` namespace. -// -// ```yaml -// apiVersion: security.istio.io/v1 -// kind: AuthorizationPolicy -// metadata: -// name: httpbin -// namespace: foo -// spec: -// action: DENY -// rules: -// - from: -// - source: -// namespaces: ["dev"] -// to: -// - operation: -// methods: ["POST"] -// ``` -// -// The following is another example that sets `action` to `DENY` to create a deny policy. -// It denies all the requests with `POST` method on port `8080` on all workloads -// in the `foo` namespace. Note the ports in the `ports` field refer to container ports, -// not the Kubernetes Service ports. -// -// ```yaml -// apiVersion: security.istio.io/v1 -// kind: AuthorizationPolicy -// metadata: -// name: httpbin -// namespace: foo -// spec: -// action: DENY -// rules: -// - to: -// - operation: -// methods: ["POST"] -// ports: ["8080"] -// ``` -// -// When this rule is applied to TCP traffic, the `method` field (as will all HTTP based attributes) cannot be processed. -// For a `DENY` rule, missing attributes are treated as matches. This means all TCP traffic on port `8080` would be denied in the example above. -// If we were to remove the `ports` match, all TCP traffic would be denied. As a result, it is recommended to always scope `DENY` policies to a specific port, -// especially when using HTTP attributes [Authorization Policy for TCP Ports](https://istio.io/latest/docs/tasks/security/authorization/authz-tcp/). -// -// The following authorization policy sets the `action` to `AUDIT`. It will audit any GET requests to the path with the -// prefix `/user/profile`. -// -// ```yaml -// apiVersion: security.istio.io/v1 -// kind: AuthorizationPolicy -// metadata: -// namespace: ns1 -// name: anyname -// spec: -// selector: -// matchLabels: -// app: myapi -// action: AUDIT -// rules: -// - to: -// - operation: -// methods: ["GET"] -// paths: ["/user/profile/*"] -// ``` -// -// Authorization Policy scope (target) is determined by "metadata/namespace" and -// an optional `selector`. -// -// - "metadata/namespace" tells which namespace the policy applies. If set to root -// namespace, the policy applies to all namespaces in a mesh. -// - workload `selector` can be used to further restrict where a policy applies. -// -// For example, the following authorization policy applies to all workloads in namespace `foo`. It allows nothing and effectively denies -// all requests to workloads in namespace `foo`. -// -// ```yaml -// apiVersion: security.istio.io/v1 -// kind: AuthorizationPolicy -// metadata: -// name: allow-nothing -// namespace: foo -// spec: -// {} -// ``` -// -// The following authorization policy allows all requests to workloads in namespace `foo`. -// -// ```yaml -// apiVersion: security.istio.io/v1 -// kind: AuthorizationPolicy -// metadata: -// name: allow-all -// namespace: foo -// spec: -// rules: -// - {} -// ``` -// -// The following authorization policy applies to workloads containing label `app: httpbin` in namespace `bar`. It allows -// nothing and effectively denies all requests to the selected workloads. -// -// ```yaml -// apiVersion: security.istio.io/v1 -// kind: AuthorizationPolicy -// metadata: -// name: allow-nothing -// namespace: bar -// spec: -// selector: -// matchLabels: -// app: httpbin -// ``` -// -// The following authorization policy applies to workloads containing label `version: v1` in all namespaces in the mesh. -// (Assuming the root namespace is configured to `istio-system`). -// -// ```yaml -// apiVersion: security.istio.io/v1 -// kind: AuthorizationPolicy -// metadata: -// name: allow-nothing -// namespace: istio-system -// spec: -// selector: -// matchLabels: -// version: v1 -// ``` -// -// The following example shows you how to set up an authorization policy using an [experimental annotation](https://istio.io/latest/docs/reference/config/annotations/) -// `istio.io/dry-run` to dry-run the policy without actually enforcing it. -// -// The dry-run annotation allows you to better understand the effect of an authorization policy before applying it to the production traffic. -// This helps to reduce the risk of breaking the production traffic caused by an incorrect authorization policy. -// For more information, see [dry-run tasks](https://istio.io/latest/docs/tasks/security/authorization/authz-dry-run/). -// -// ```yaml -// apiVersion: security.istio.io/v1 -// kind: AuthorizationPolicy -// metadata: -// name: dry-run-example -// annotations: -// "istio.io/dry-run": "true" -// spec: -// selector: -// matchLabels: -// app: httpbin -// action: DENY -// rules: -// - to: -// - operation: -// paths: ["/headers"] -// ``` -package istio.security.v1; - -option go_package="istio.io/api/security/v1"; - -// AuthorizationPolicy enables access control on workloads. -// -// -// -message AuthorizationPolicy { - // Optional. The selector decides where to apply the authorization policy. The selector will match with workloads - // in the same namespace as the authorization policy. If the authorization policy is in the root namespace, the selector - // will additionally match with workloads in all namespaces. - // - // If the selector and the targetRef are not set, the selector will match all workloads. - // - // At most one of `selector` or `targetRefs` can be set for a given policy. - istio.type.v1beta1.WorkloadSelector selector = 1; - - // $hide_from_docs - istio.type.v1beta1.PolicyTargetReference targetRef = 5; - - // Optional. The targetRefs specifies a list of resources the policy should be - // applied to. The targeted resources specified will determine which workloads - // the policy applies to. - // - // Currently, the following resource attachment types are supported: - // * `kind: Gateway` with `group: gateway.networking.k8s.io` in the same namespace. - // * `kind: Service` with `""` in the same namespace. This type is only supported for waypoints. - // - // If not set, the policy is applied as defined by the selector. - // At most one of the selector and targetRefs can be set. - // - // NOTE: If you are using the `targetRefs` field in a multi-revision environment with Istio versions prior to 1.22, - // it is highly recommended that you pin the policy to a revision running 1.22+ via the `istio.io/rev` label. - // This is to prevent proxies connected to older control planes (that don't know about the `targetRefs` field) - // from misinterpreting the policy as namespace-wide during the upgrade process. - // - // NOTE: Waypoint proxies are required to use this field for policies to apply; `selector` policies will be ignored. - repeated istio.type.v1beta1.PolicyTargetReference targetRefs = 6; - - // Optional. A list of rules to match the request. A match occurs when at least one rule matches the request. - // - // If not set, the match will never occur. This is equivalent to setting a default of deny for the target workloads if - // the action is ALLOW. - repeated Rule rules = 2; - - // Action specifies the operation to take. - enum Action { - // Allow a request only if it matches the rules. This is the default type. - ALLOW = 0; - - // Deny a request if it matches any of the rules. - DENY = 1; - - // Audit a request if it matches any of the rules. - AUDIT = 2; - - // $hide_from_docs - // Audit policy decisions can be read by telemetry plugins using the function getAuditPolicy - // defined [here](https://github.com/istio/proxy/blob/master/extensions/common/context.h). - - // The CUSTOM action allows an extension to handle the user request if the matching rules evaluate to true. - // The extension is evaluated independently and before the native ALLOW and DENY actions. When used together, A request - // is allowed if and only if all the actions return allow, in other words, the extension cannot bypass the - // authorization decision made by ALLOW and DENY action. - // Extension behavior is defined by the named providers declared in MeshConfig. The authorization policy refers to - // the extension by specifying the name of the provider. - // One example use case of the extension is to integrate with a custom external authorization system to delegate - // the authorization decision to it. - // - // The following authorization policy applies to an ingress gateway and delegates the authorization check to a named extension - // `my-custom-authz` if the request path has prefix `/admin/`. - // - // ```yaml - // apiVersion: security.istio.io/v1beta1 - // kind: AuthorizationPolicy - // metadata: - // name: ext-authz - // namespace: istio-system - // spec: - // selector: - // matchLabels: - // app: istio-ingressgateway - // action: CUSTOM - // provider: - // name: "my-custom-authz" - // rules: - // - to: - // - operation: - // paths: ["/admin/*"] - // ``` - CUSTOM = 3; - } - - // Optional. The action to take if the request is matched with the rules. Default is ALLOW if not specified. - Action action = 3; - - message ExtensionProvider { - // Specifies the name of the extension provider. The list of available providers is defined in the MeshConfig. - // Note, currently at most 1 extension provider is allowed per workload. Different workloads can use different extension provider. - string name = 1; - } - - oneof action_detail { - // Specifies detailed configuration of the CUSTOM action. Must be used only with CUSTOM action. - ExtensionProvider provider = 4; - } -} - -// Rule matches requests from a list of sources that perform a list of operations subject to a -// list of conditions. A match occurs when at least one source, one operation and all conditions -// matches the request. An empty rule is always matched. -// -// Any string field in the rule supports Exact, Prefix, Suffix and Presence match: -// -// - Exact match: `abc` will match on value `abc`. -// - Prefix match: `abc*` will match on value `abc` and `abcd`. -// - Suffix match: `*abc` will match on value `abc` and `xabc`. -// - Presence match: `*` will match when value is not empty. -message Rule { - // From includes a list of sources. - message From { - // Source specifies the source of a request. - Source source = 1; - } - - // Optional. `from` specifies the source of a request. - // - // If not set, any source is allowed. - repeated From from = 1; - - // To includes a list of operations. - message To { - // Operation specifies the operation of a request. - Operation operation = 1; - } - - // Optional. `to` specifies the operation of a request. - // - // If not set, any operation is allowed. - repeated To to = 2; - - // Optional. `when` specifies a list of additional conditions of a request. - // - // If not set, any condition is allowed. - repeated Condition when = 3; -} - -// Source specifies the source identities of a request. Fields in the source are -// ANDed together. -// -// For example, the following source matches if the principal is `admin` or `dev` -// and the namespace is `prod` or `test` and the ip is not `203.0.113.4`. -// -// ```yaml -// principals: ["admin", "dev"] -// namespaces: ["prod", "test"] -// notIpBlocks: ["203.0.113.4"] -// ``` -message Source { - // Optional. A list of peer identities derived from the peer certificate. The peer identity is in the format of - // `"/ns//sa/"`, for example, `"cluster.local/ns/default/sa/productpage"`. - // This field requires mTLS enabled and is the same as the `source.principal` attribute. - // - // If not set, any principal is allowed. - repeated string principals = 1; - - // Optional. A list of negative match of peer identities. - repeated string not_principals = 5; - - // Optional. A list of request identities derived from the JWT. The request identity is in the format of - // `"/"`, for example, `"example.com/sub-1"`. This field requires request authentication enabled and is the - // same as the `request.auth.principal` attribute. - // - // If not set, any request principal is allowed. - repeated string request_principals = 2; - - // Optional. A list of negative match of request identities. - repeated string not_request_principals = 6; - - // Optional. A list of namespaces derived from the peer certificate. - // This field requires mTLS enabled and is the same as the `source.namespace` attribute. - // - // If not set, any namespace is allowed. - repeated string namespaces = 3; - - // Optional. A list of negative match of namespaces. - repeated string not_namespaces = 7; - - // Optional. A list of IP blocks, populated from the source address of the IP packet. Single IP (e.g. `203.0.113.4`) and - // CIDR (e.g. `203.0.113.0/24`) are supported. This is the same as the `source.ip` attribute. - // - // If not set, any IP is allowed. - repeated string ip_blocks = 4; - - // Optional. A list of negative match of IP blocks. - repeated string not_ip_blocks = 8; - - // Optional. A list of IP blocks, populated from `X-Forwarded-For` header or proxy protocol. - // To make use of this field, you must configure the `numTrustedProxies` field of the `gatewayTopology` under the `meshConfig` - // when you install Istio or using an annotation on the ingress gateway. See the documentation here: - // [Configuring Gateway Network Topology](https://istio.io/latest/docs/ops/configuration/traffic-management/network-topologies/). - // Single IP (e.g. `203.0.113.4`) and CIDR (e.g. `203.0.113.0/24`) are supported. - // This is the same as the `remote.ip` attribute. - // - // If not set, any IP is allowed. - repeated string remote_ip_blocks = 9; - - // Optional. A list of negative match of remote IP blocks. - repeated string not_remote_ip_blocks = 10; -} - -// Operation specifies the operations of a request. Fields in the operation are -// ANDed together. -// -// For example, the following operation matches if the host has suffix `.example.com` -// and the method is `GET` or `HEAD` and the path doesn't have prefix `/admin`. -// -// ```yaml -// hosts: ["*.example.com"] -// methods: ["GET", "HEAD"] -// notPaths: ["/admin*"] -// ``` -message Operation { - // Optional. A list of hosts as specified in the HTTP request. The match is case-insensitive. - // See the [security best practices](https://istio.io/latest/docs/ops/best-practices/security/#writing-host-match-policies) for - // recommended usage of this field. - // - // If not set, any host is allowed. Must be used only with HTTP. - repeated string hosts = 1; - - // Optional. A list of negative match of hosts as specified in the HTTP request. The match is case-insensitive. - repeated string not_hosts = 5; - - // Optional. A list of ports as specified in the connection. - // - // If not set, any port is allowed. - repeated string ports = 2; - - // Optional. A list of negative match of ports as specified in the connection. - repeated string not_ports = 6; - - // Optional. A list of methods as specified in the HTTP request. - // For gRPC service, this will always be `POST`. - // - // If not set, any method is allowed. Must be used only with HTTP. - repeated string methods = 3; - - // Optional. A list of negative match of methods as specified in the HTTP request. - repeated string not_methods = 7; - - // Optional. A list of paths as specified in the HTTP request. See the [Authorization Policy Normalization](https://istio.io/latest/docs/reference/config/security/normalization/) - // for details of the path normalization. - // For gRPC service, this will be the fully-qualified name in the form of `/package.service/method`. - // - // If a path in the list contains the `{*}` or `{**}` path template operator, it will be interpreted as an [Envoy Uri Template](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/path/match/uri_template/v3/uri_template_match.proto). - // To be a valid path template, the path must not contain `*`, `{`, or `}` outside of a supported operator. No other characters are allowed in the path segment with the path template operator. - // - `{*}` matches a single glob that cannot extend beyond a path segment. - // - `{**}` matches zero or more globs. If a path contains `{**}`, it must be the last operator. - // - // Examples: - // - `/foo/{*}` matches `/foo/bar` but not `/foo/bar/baz` - // - `/foo/{**}/` matches `/foo/bar/`, `/foo/bar/baz.txt`, and `/foo//` but not `/foo/bar` - // - `/foo/{*}/bar/{**}` matches `/foo/buzz/bar/` and `/foo/buzz/bar/baz` - // - `/*/baz/{*}`` is not a valid path template since it includes `*` outside of a supported operator - // - `/**/baz/{*}`` is not a valid path template since it includes `**` outside of a supported operator - // - `/{**}/foo/{*}` is not a valid path template since `{**}` is not the last operator - // - `/foo/{*}.txt` is invalid since there are characters other than `{*}` in the path segment - // - // If not set, any path is allowed. Must be used only with HTTP. - repeated string paths = 4; - - // Optional. A list of negative match of paths. - repeated string not_paths = 8; -} - -// Condition specifies additional required attributes. -message Condition { - // The name of an Istio attribute. - // See the [full list of supported attributes](https://istio.io/docs/reference/config/security/conditions/). - string key = 1 [(google.api.field_behavior) = REQUIRED]; - - // Optional. A list of allowed values for the attribute. - // Note: at least one of `values` or `notValues` must be set. - repeated string values = 2; - - // Optional. A list of negative match of values for the attribute. - // Note: at least one of `values` or `notValues` must be set. - repeated string not_values = 3; -} diff --git a/security/v1/authorization_policy_alias.gen.go b/security/v1/authorization_policy_alias.gen.go new file mode 100644 index 00000000000..b8ac3d6598d --- /dev/null +++ b/security/v1/authorization_policy_alias.gen.go @@ -0,0 +1,21 @@ +// Code generated by protoc-gen-alias. DO NOT EDIT. +package v1 + +import "istio.io/api/security/v1beta1" + +type AuthorizationPolicy = v1beta1.AuthorizationPolicy +type AuthorizationPolicy_ExtensionProvider = v1beta1.AuthorizationPolicy_ExtensionProvider +type AuthorizationPolicy_Action = v1beta1.AuthorizationPolicy_Action + +const AuthorizationPolicy_ALLOW AuthorizationPolicy_Action = v1beta1.AuthorizationPolicy_ALLOW +const AuthorizationPolicy_DENY AuthorizationPolicy_Action = v1beta1.AuthorizationPolicy_DENY +const AuthorizationPolicy_AUDIT AuthorizationPolicy_Action = v1beta1.AuthorizationPolicy_AUDIT +const AuthorizationPolicy_CUSTOM AuthorizationPolicy_Action = v1beta1.AuthorizationPolicy_CUSTOM + +type AuthorizationPolicy_Provider = v1beta1.AuthorizationPolicy_Provider +type Rule = v1beta1.Rule +type Rule_From = v1beta1.Rule_From +type Rule_To = v1beta1.Rule_To +type Source = v1beta1.Source +type Operation = v1beta1.Operation +type Condition = v1beta1.Condition diff --git a/security/v1/authorization_policy_deepcopy.gen.go b/security/v1/authorization_policy_deepcopy.gen.go deleted file mode 100644 index f5f79746eb7..00000000000 --- a/security/v1/authorization_policy_deepcopy.gen.go +++ /dev/null @@ -1,174 +0,0 @@ -// Code generated by protoc-gen-deepcopy. DO NOT EDIT. -package v1 - -import ( - proto "google.golang.org/protobuf/proto" -) - -// DeepCopyInto supports using AuthorizationPolicy within kubernetes types, where deepcopy-gen is used. -func (in *AuthorizationPolicy) DeepCopyInto(out *AuthorizationPolicy) { - p := proto.Clone(in).(*AuthorizationPolicy) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthorizationPolicy. Required by controller-gen. -func (in *AuthorizationPolicy) DeepCopy() *AuthorizationPolicy { - if in == nil { - return nil - } - out := new(AuthorizationPolicy) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new AuthorizationPolicy. Required by controller-gen. -func (in *AuthorizationPolicy) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using AuthorizationPolicy_ExtensionProvider within kubernetes types, where deepcopy-gen is used. -func (in *AuthorizationPolicy_ExtensionProvider) DeepCopyInto(out *AuthorizationPolicy_ExtensionProvider) { - p := proto.Clone(in).(*AuthorizationPolicy_ExtensionProvider) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthorizationPolicy_ExtensionProvider. Required by controller-gen. -func (in *AuthorizationPolicy_ExtensionProvider) DeepCopy() *AuthorizationPolicy_ExtensionProvider { - if in == nil { - return nil - } - out := new(AuthorizationPolicy_ExtensionProvider) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new AuthorizationPolicy_ExtensionProvider. Required by controller-gen. -func (in *AuthorizationPolicy_ExtensionProvider) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using Rule within kubernetes types, where deepcopy-gen is used. -func (in *Rule) DeepCopyInto(out *Rule) { - p := proto.Clone(in).(*Rule) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Rule. Required by controller-gen. -func (in *Rule) DeepCopy() *Rule { - if in == nil { - return nil - } - out := new(Rule) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Rule. Required by controller-gen. -func (in *Rule) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using Rule_From within kubernetes types, where deepcopy-gen is used. -func (in *Rule_From) DeepCopyInto(out *Rule_From) { - p := proto.Clone(in).(*Rule_From) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Rule_From. Required by controller-gen. -func (in *Rule_From) DeepCopy() *Rule_From { - if in == nil { - return nil - } - out := new(Rule_From) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Rule_From. Required by controller-gen. -func (in *Rule_From) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using Rule_To within kubernetes types, where deepcopy-gen is used. -func (in *Rule_To) DeepCopyInto(out *Rule_To) { - p := proto.Clone(in).(*Rule_To) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Rule_To. Required by controller-gen. -func (in *Rule_To) DeepCopy() *Rule_To { - if in == nil { - return nil - } - out := new(Rule_To) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Rule_To. Required by controller-gen. -func (in *Rule_To) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using Source within kubernetes types, where deepcopy-gen is used. -func (in *Source) DeepCopyInto(out *Source) { - p := proto.Clone(in).(*Source) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Source. Required by controller-gen. -func (in *Source) DeepCopy() *Source { - if in == nil { - return nil - } - out := new(Source) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Source. Required by controller-gen. -func (in *Source) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using Operation within kubernetes types, where deepcopy-gen is used. -func (in *Operation) DeepCopyInto(out *Operation) { - p := proto.Clone(in).(*Operation) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Operation. Required by controller-gen. -func (in *Operation) DeepCopy() *Operation { - if in == nil { - return nil - } - out := new(Operation) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Operation. Required by controller-gen. -func (in *Operation) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using Condition within kubernetes types, where deepcopy-gen is used. -func (in *Condition) DeepCopyInto(out *Condition) { - p := proto.Clone(in).(*Condition) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Condition. Required by controller-gen. -func (in *Condition) DeepCopy() *Condition { - if in == nil { - return nil - } - out := new(Condition) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Condition. Required by controller-gen. -func (in *Condition) DeepCopyInterface() interface{} { - return in.DeepCopy() -} diff --git a/security/v1/authorization_policy_json.gen.go b/security/v1/authorization_policy_json.gen.go deleted file mode 100644 index 168c233fdb0..00000000000 --- a/security/v1/authorization_policy_json.gen.go +++ /dev/null @@ -1,100 +0,0 @@ -// Code generated by protoc-gen-jsonshim. DO NOT EDIT. -package v1 - -import ( - bytes "bytes" - jsonpb "github.com/golang/protobuf/jsonpb" -) - -// MarshalJSON is a custom marshaler for AuthorizationPolicy -func (this *AuthorizationPolicy) MarshalJSON() ([]byte, error) { - str, err := AuthorizationPolicyMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for AuthorizationPolicy -func (this *AuthorizationPolicy) UnmarshalJSON(b []byte) error { - return AuthorizationPolicyUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for AuthorizationPolicy_ExtensionProvider -func (this *AuthorizationPolicy_ExtensionProvider) MarshalJSON() ([]byte, error) { - str, err := AuthorizationPolicyMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for AuthorizationPolicy_ExtensionProvider -func (this *AuthorizationPolicy_ExtensionProvider) UnmarshalJSON(b []byte) error { - return AuthorizationPolicyUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for Rule -func (this *Rule) MarshalJSON() ([]byte, error) { - str, err := AuthorizationPolicyMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for Rule -func (this *Rule) UnmarshalJSON(b []byte) error { - return AuthorizationPolicyUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for Rule_From -func (this *Rule_From) MarshalJSON() ([]byte, error) { - str, err := AuthorizationPolicyMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for Rule_From -func (this *Rule_From) UnmarshalJSON(b []byte) error { - return AuthorizationPolicyUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for Rule_To -func (this *Rule_To) MarshalJSON() ([]byte, error) { - str, err := AuthorizationPolicyMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for Rule_To -func (this *Rule_To) UnmarshalJSON(b []byte) error { - return AuthorizationPolicyUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for Source -func (this *Source) MarshalJSON() ([]byte, error) { - str, err := AuthorizationPolicyMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for Source -func (this *Source) UnmarshalJSON(b []byte) error { - return AuthorizationPolicyUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for Operation -func (this *Operation) MarshalJSON() ([]byte, error) { - str, err := AuthorizationPolicyMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for Operation -func (this *Operation) UnmarshalJSON(b []byte) error { - return AuthorizationPolicyUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for Condition -func (this *Condition) MarshalJSON() ([]byte, error) { - str, err := AuthorizationPolicyMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for Condition -func (this *Condition) UnmarshalJSON(b []byte) error { - return AuthorizationPolicyUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -var ( - AuthorizationPolicyMarshaler = &jsonpb.Marshaler{} - AuthorizationPolicyUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} -) diff --git a/security/v1/peer_authentication.pb.go b/security/v1/peer_authentication.pb.go deleted file mode 100644 index ccbc3d19ba3..00000000000 --- a/security/v1/peer_authentication.pb.go +++ /dev/null @@ -1,463 +0,0 @@ -// Copyright 2020 Istio Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.33.0 -// protoc (unknown) -// source: security/v1/peer_authentication.proto - -// $schema: istio.security.v1.PeerAuthentication -// $title: PeerAuthentication -// $description: Peer authentication configuration for workloads. -// $location: https://istio.io/docs/reference/config/security/peer_authentication.html -// $aliases: [/docs/reference/config/security/v1/peer_authentication] -// $mode: none - -package v1 - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - v1beta1 "istio.io/api/type/v1beta1" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type PeerAuthentication_MutualTLS_Mode int32 - -const ( - // Inherit from parent, if has one. Otherwise treated as `PERMISSIVE`. - PeerAuthentication_MutualTLS_UNSET PeerAuthentication_MutualTLS_Mode = 0 - // Connection is not tunneled. - PeerAuthentication_MutualTLS_DISABLE PeerAuthentication_MutualTLS_Mode = 1 - // Connection can be either plaintext or mTLS tunnel. - PeerAuthentication_MutualTLS_PERMISSIVE PeerAuthentication_MutualTLS_Mode = 2 - // Connection is an mTLS tunnel (TLS with client cert must be presented). - PeerAuthentication_MutualTLS_STRICT PeerAuthentication_MutualTLS_Mode = 3 -) - -// Enum value maps for PeerAuthentication_MutualTLS_Mode. -var ( - PeerAuthentication_MutualTLS_Mode_name = map[int32]string{ - 0: "UNSET", - 1: "DISABLE", - 2: "PERMISSIVE", - 3: "STRICT", - } - PeerAuthentication_MutualTLS_Mode_value = map[string]int32{ - "UNSET": 0, - "DISABLE": 1, - "PERMISSIVE": 2, - "STRICT": 3, - } -) - -func (x PeerAuthentication_MutualTLS_Mode) Enum() *PeerAuthentication_MutualTLS_Mode { - p := new(PeerAuthentication_MutualTLS_Mode) - *p = x - return p -} - -func (x PeerAuthentication_MutualTLS_Mode) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (PeerAuthentication_MutualTLS_Mode) Descriptor() protoreflect.EnumDescriptor { - return file_security_v1_peer_authentication_proto_enumTypes[0].Descriptor() -} - -func (PeerAuthentication_MutualTLS_Mode) Type() protoreflect.EnumType { - return &file_security_v1_peer_authentication_proto_enumTypes[0] -} - -func (x PeerAuthentication_MutualTLS_Mode) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use PeerAuthentication_MutualTLS_Mode.Descriptor instead. -func (PeerAuthentication_MutualTLS_Mode) EnumDescriptor() ([]byte, []int) { - return file_security_v1_peer_authentication_proto_rawDescGZIP(), []int{0, 0, 0} -} - -// {{< warning >}} -// Development of PeerAuthentication is currently frozen and likely to be replaced in Ambient. -// {{< /warning >}} -// PeerAuthentication defines how traffic will be tunneled (or not) to the sidecar. -// -// Examples: -// -// Policy to allow mTLS traffic for all workloads under namespace `foo`: -// ```yaml -// apiVersion: security.istio.io/v1 -// kind: PeerAuthentication -// metadata: -// -// name: default -// namespace: foo -// -// spec: -// -// mtls: -// mode: STRICT -// -// ``` -// For mesh level, put the policy in root-namespace according to your Istio installation. -// -// Policies to allow both mTLS and plaintext traffic for all workloads under namespace `foo`, but -// require mTLS for workload `finance`. -// ```yaml -// apiVersion: security.istio.io/v1 -// kind: PeerAuthentication -// metadata: -// -// name: default -// namespace: foo -// -// spec: -// -// mtls: -// mode: PERMISSIVE -// -// --- -// apiVersion: security.istio.io/v1 -// kind: PeerAuthentication -// metadata: -// -// name: finance -// namespace: foo -// -// spec: -// -// selector: -// matchLabels: -// app: finance -// mtls: -// mode: STRICT -// -// ``` -// Policy that enables strict mTLS for all `finance` workloads, but leaves the port `8080` to -// plaintext. Note the port value in the `portLevelMtls` field refers to the port -// of the workload, not the port of the Kubernetes service. -// ```yaml -// apiVersion: security.istio.io/v1 -// kind: PeerAuthentication -// metadata: -// -// name: default -// namespace: foo -// -// spec: -// -// selector: -// matchLabels: -// app: finance -// mtls: -// mode: STRICT -// portLevelMtls: -// 8080: -// mode: DISABLE -// -// ``` -// Policy that inherits mTLS mode from namespace (or mesh) settings, and disables -// mTLS for workload port `8080`. -// ```yaml -// apiVersion: security.istio.io/v1 -// kind: PeerAuthentication -// metadata: -// -// name: default -// namespace: foo -// -// spec: -// -// selector: -// matchLabels: -// app: finance -// mtls: -// mode: UNSET -// portLevelMtls: -// 8080: -// mode: DISABLE -// -// ``` -// -// -// -type PeerAuthentication struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The selector determines the workloads to apply the PeerAuthentication on. The selector will match with workloads in the - // same namespace as the policy. If the policy is in the root namespace, the selector will additionally match with workloads in all namespace. - // - // If not set, the policy will be applied to all workloads in the same namespace as the policy. If it is in the root namespace, it would be applied - // to all workloads in the mesh. - Selector *v1beta1.WorkloadSelector `protobuf:"bytes,1,opt,name=selector,proto3" json:"selector,omitempty"` - // Mutual TLS settings for workload. If not defined, inherit from parent. - Mtls *PeerAuthentication_MutualTLS `protobuf:"bytes,2,opt,name=mtls,proto3" json:"mtls,omitempty"` - // Port specific mutual TLS settings. These only apply when a workload selector - // is specified. The port refers to the port of the workload, not the port of the - // Kubernetes service. - PortLevelMtls map[uint32]*PeerAuthentication_MutualTLS `protobuf:"bytes,3,rep,name=port_level_mtls,json=portLevelMtls,proto3" json:"port_level_mtls,omitempty" protobuf_key:"varint,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` -} - -func (x *PeerAuthentication) Reset() { - *x = PeerAuthentication{} - if protoimpl.UnsafeEnabled { - mi := &file_security_v1_peer_authentication_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *PeerAuthentication) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*PeerAuthentication) ProtoMessage() {} - -func (x *PeerAuthentication) ProtoReflect() protoreflect.Message { - mi := &file_security_v1_peer_authentication_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use PeerAuthentication.ProtoReflect.Descriptor instead. -func (*PeerAuthentication) Descriptor() ([]byte, []int) { - return file_security_v1_peer_authentication_proto_rawDescGZIP(), []int{0} -} - -func (x *PeerAuthentication) GetSelector() *v1beta1.WorkloadSelector { - if x != nil { - return x.Selector - } - return nil -} - -func (x *PeerAuthentication) GetMtls() *PeerAuthentication_MutualTLS { - if x != nil { - return x.Mtls - } - return nil -} - -func (x *PeerAuthentication) GetPortLevelMtls() map[uint32]*PeerAuthentication_MutualTLS { - if x != nil { - return x.PortLevelMtls - } - return nil -} - -// Mutual TLS settings. -type PeerAuthentication_MutualTLS struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Defines the mTLS mode used for peer authentication. - Mode PeerAuthentication_MutualTLS_Mode `protobuf:"varint,1,opt,name=mode,proto3,enum=istio.security.v1.PeerAuthentication_MutualTLS_Mode" json:"mode,omitempty"` -} - -func (x *PeerAuthentication_MutualTLS) Reset() { - *x = PeerAuthentication_MutualTLS{} - if protoimpl.UnsafeEnabled { - mi := &file_security_v1_peer_authentication_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *PeerAuthentication_MutualTLS) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*PeerAuthentication_MutualTLS) ProtoMessage() {} - -func (x *PeerAuthentication_MutualTLS) ProtoReflect() protoreflect.Message { - mi := &file_security_v1_peer_authentication_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use PeerAuthentication_MutualTLS.ProtoReflect.Descriptor instead. -func (*PeerAuthentication_MutualTLS) Descriptor() ([]byte, []int) { - return file_security_v1_peer_authentication_proto_rawDescGZIP(), []int{0, 0} -} - -func (x *PeerAuthentication_MutualTLS) GetMode() PeerAuthentication_MutualTLS_Mode { - if x != nil { - return x.Mode - } - return PeerAuthentication_MutualTLS_UNSET -} - -var File_security_v1_peer_authentication_proto protoreflect.FileDescriptor - -var file_security_v1_peer_authentication_proto_rawDesc = []byte{ - 0x0a, 0x25, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2f, 0x76, 0x31, 0x2f, 0x70, 0x65, - 0x65, 0x72, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x11, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x73, - 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x1a, 0x1b, 0x74, 0x79, 0x70, 0x65, - 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, - 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x84, 0x04, 0x0a, 0x12, 0x50, 0x65, 0x65, 0x72, - 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x40, - 0x0a, 0x08, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x24, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x76, 0x31, - 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, - 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x52, 0x08, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, - 0x12, 0x43, 0x0a, 0x04, 0x6d, 0x74, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, - 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2e, - 0x76, 0x31, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x4d, 0x75, 0x74, 0x75, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x52, - 0x04, 0x6d, 0x74, 0x6c, 0x73, 0x12, 0x60, 0x0a, 0x0f, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x6c, 0x65, - 0x76, 0x65, 0x6c, 0x5f, 0x6d, 0x74, 0x6c, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x38, - 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2e, - 0x76, 0x31, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x50, 0x6f, 0x72, 0x74, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x4d, - 0x74, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0d, 0x70, 0x6f, 0x72, 0x74, 0x4c, 0x65, - 0x76, 0x65, 0x6c, 0x4d, 0x74, 0x6c, 0x73, 0x1a, 0x91, 0x01, 0x0a, 0x09, 0x4d, 0x75, 0x74, 0x75, - 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x12, 0x48, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0e, 0x32, 0x34, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x73, 0x65, 0x63, 0x75, - 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x41, 0x75, 0x74, 0x68, - 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x4d, 0x75, 0x74, 0x75, 0x61, - 0x6c, 0x54, 0x4c, 0x53, 0x2e, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x22, - 0x3a, 0x0a, 0x04, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x09, 0x0a, 0x05, 0x55, 0x4e, 0x53, 0x45, 0x54, - 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x44, 0x49, 0x53, 0x41, 0x42, 0x4c, 0x45, 0x10, 0x01, 0x12, - 0x0e, 0x0a, 0x0a, 0x50, 0x45, 0x52, 0x4d, 0x49, 0x53, 0x53, 0x49, 0x56, 0x45, 0x10, 0x02, 0x12, - 0x0a, 0x0a, 0x06, 0x53, 0x54, 0x52, 0x49, 0x43, 0x54, 0x10, 0x03, 0x1a, 0x71, 0x0a, 0x12, 0x50, - 0x6f, 0x72, 0x74, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x4d, 0x74, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, - 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x03, - 0x6b, 0x65, 0x79, 0x12, 0x45, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x73, 0x65, 0x63, 0x75, 0x72, - 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x41, 0x75, 0x74, 0x68, 0x65, - 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x4d, 0x75, 0x74, 0x75, 0x61, 0x6c, - 0x54, 0x4c, 0x53, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x42, 0x1a, - 0x5a, 0x18, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x73, - 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2f, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x33, -} - -var ( - file_security_v1_peer_authentication_proto_rawDescOnce sync.Once - file_security_v1_peer_authentication_proto_rawDescData = file_security_v1_peer_authentication_proto_rawDesc -) - -func file_security_v1_peer_authentication_proto_rawDescGZIP() []byte { - file_security_v1_peer_authentication_proto_rawDescOnce.Do(func() { - file_security_v1_peer_authentication_proto_rawDescData = protoimpl.X.CompressGZIP(file_security_v1_peer_authentication_proto_rawDescData) - }) - return file_security_v1_peer_authentication_proto_rawDescData -} - -var file_security_v1_peer_authentication_proto_enumTypes = make([]protoimpl.EnumInfo, 1) -var file_security_v1_peer_authentication_proto_msgTypes = make([]protoimpl.MessageInfo, 3) -var file_security_v1_peer_authentication_proto_goTypes = []interface{}{ - (PeerAuthentication_MutualTLS_Mode)(0), // 0: istio.security.v1.PeerAuthentication.MutualTLS.Mode - (*PeerAuthentication)(nil), // 1: istio.security.v1.PeerAuthentication - (*PeerAuthentication_MutualTLS)(nil), // 2: istio.security.v1.PeerAuthentication.MutualTLS - nil, // 3: istio.security.v1.PeerAuthentication.PortLevelMtlsEntry - (*v1beta1.WorkloadSelector)(nil), // 4: istio.type.v1beta1.WorkloadSelector -} -var file_security_v1_peer_authentication_proto_depIdxs = []int32{ - 4, // 0: istio.security.v1.PeerAuthentication.selector:type_name -> istio.type.v1beta1.WorkloadSelector - 2, // 1: istio.security.v1.PeerAuthentication.mtls:type_name -> istio.security.v1.PeerAuthentication.MutualTLS - 3, // 2: istio.security.v1.PeerAuthentication.port_level_mtls:type_name -> istio.security.v1.PeerAuthentication.PortLevelMtlsEntry - 0, // 3: istio.security.v1.PeerAuthentication.MutualTLS.mode:type_name -> istio.security.v1.PeerAuthentication.MutualTLS.Mode - 2, // 4: istio.security.v1.PeerAuthentication.PortLevelMtlsEntry.value:type_name -> istio.security.v1.PeerAuthentication.MutualTLS - 5, // [5:5] is the sub-list for method output_type - 5, // [5:5] is the sub-list for method input_type - 5, // [5:5] is the sub-list for extension type_name - 5, // [5:5] is the sub-list for extension extendee - 0, // [0:5] is the sub-list for field type_name -} - -func init() { file_security_v1_peer_authentication_proto_init() } -func file_security_v1_peer_authentication_proto_init() { - if File_security_v1_peer_authentication_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_security_v1_peer_authentication_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PeerAuthentication); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_security_v1_peer_authentication_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PeerAuthentication_MutualTLS); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_security_v1_peer_authentication_proto_rawDesc, - NumEnums: 1, - NumMessages: 3, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_security_v1_peer_authentication_proto_goTypes, - DependencyIndexes: file_security_v1_peer_authentication_proto_depIdxs, - EnumInfos: file_security_v1_peer_authentication_proto_enumTypes, - MessageInfos: file_security_v1_peer_authentication_proto_msgTypes, - }.Build() - File_security_v1_peer_authentication_proto = out.File - file_security_v1_peer_authentication_proto_rawDesc = nil - file_security_v1_peer_authentication_proto_goTypes = nil - file_security_v1_peer_authentication_proto_depIdxs = nil -} diff --git a/security/v1/peer_authentication.proto b/security/v1/peer_authentication.proto deleted file mode 100644 index bdc08e5c568..00000000000 --- a/security/v1/peer_authentication.proto +++ /dev/null @@ -1,155 +0,0 @@ -// Copyright 2020 Istio Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -syntax = "proto3"; - -import "type/v1beta1/selector.proto"; - -// $schema: istio.security.v1.PeerAuthentication -// $title: PeerAuthentication -// $description: Peer authentication configuration for workloads. -// $location: https://istio.io/docs/reference/config/security/peer_authentication.html -// $aliases: [/docs/reference/config/security/v1/peer_authentication] -// $mode: none - -package istio.security.v1; - -option go_package="istio.io/api/security/v1"; - -// {{< warning >}} -// Development of PeerAuthentication is currently frozen and likely to be replaced in Ambient. -// {{< /warning >}} -// PeerAuthentication defines how traffic will be tunneled (or not) to the sidecar. -// -// Examples: -// -// Policy to allow mTLS traffic for all workloads under namespace `foo`: -// ```yaml -// apiVersion: security.istio.io/v1 -// kind: PeerAuthentication -// metadata: -// name: default -// namespace: foo -// spec: -// mtls: -// mode: STRICT -// ``` -// For mesh level, put the policy in root-namespace according to your Istio installation. -// -// Policies to allow both mTLS and plaintext traffic for all workloads under namespace `foo`, but -// require mTLS for workload `finance`. -// ```yaml -// apiVersion: security.istio.io/v1 -// kind: PeerAuthentication -// metadata: -// name: default -// namespace: foo -// spec: -// mtls: -// mode: PERMISSIVE -// --- -// apiVersion: security.istio.io/v1 -// kind: PeerAuthentication -// metadata: -// name: finance -// namespace: foo -// spec: -// selector: -// matchLabels: -// app: finance -// mtls: -// mode: STRICT -// ``` -// Policy that enables strict mTLS for all `finance` workloads, but leaves the port `8080` to -// plaintext. Note the port value in the `portLevelMtls` field refers to the port -// of the workload, not the port of the Kubernetes service. -// ```yaml -// apiVersion: security.istio.io/v1 -// kind: PeerAuthentication -// metadata: -// name: default -// namespace: foo -// spec: -// selector: -// matchLabels: -// app: finance -// mtls: -// mode: STRICT -// portLevelMtls: -// 8080: -// mode: DISABLE -// ``` -// Policy that inherits mTLS mode from namespace (or mesh) settings, and disables -// mTLS for workload port `8080`. -// ```yaml -// apiVersion: security.istio.io/v1 -// kind: PeerAuthentication -// metadata: -// name: default -// namespace: foo -// spec: -// selector: -// matchLabels: -// app: finance -// mtls: -// mode: UNSET -// portLevelMtls: -// 8080: -// mode: DISABLE -// ``` -// -// -// -message PeerAuthentication { - // The selector determines the workloads to apply the PeerAuthentication on. The selector will match with workloads in the - // same namespace as the policy. If the policy is in the root namespace, the selector will additionally match with workloads in all namespace. - // - // If not set, the policy will be applied to all workloads in the same namespace as the policy. If it is in the root namespace, it would be applied - // to all workloads in the mesh. - istio.type.v1beta1.WorkloadSelector selector = 1; - - // Mutual TLS settings. - message MutualTLS { - enum Mode { - // Inherit from parent, if has one. Otherwise treated as `PERMISSIVE`. - UNSET = 0; - - // Connection is not tunneled. - DISABLE = 1; - - // Connection can be either plaintext or mTLS tunnel. - PERMISSIVE = 2; - - // Connection is an mTLS tunnel (TLS with client cert must be presented). - STRICT = 3; - } - - // Defines the mTLS mode used for peer authentication. - Mode mode = 1; - } - - // Mutual TLS settings for workload. If not defined, inherit from parent. - MutualTLS mtls = 2; - - // Port specific mutual TLS settings. These only apply when a workload selector - // is specified. The port refers to the port of the workload, not the port of the - // Kubernetes service. - map port_level_mtls = 3; -} diff --git a/security/v1/peer_authentication_alias.gen.go b/security/v1/peer_authentication_alias.gen.go new file mode 100644 index 00000000000..1b27e9bbac2 --- /dev/null +++ b/security/v1/peer_authentication_alias.gen.go @@ -0,0 +1,13 @@ +// Code generated by protoc-gen-alias. DO NOT EDIT. +package v1 + +import "istio.io/api/security/v1beta1" + +type PeerAuthentication = v1beta1.PeerAuthentication +type PeerAuthentication_MutualTLS = v1beta1.PeerAuthentication_MutualTLS +type PeerAuthentication_MutualTLS_Mode = v1beta1.PeerAuthentication_MutualTLS_Mode + +const PeerAuthentication_MutualTLS_UNSET PeerAuthentication_MutualTLS_Mode = v1beta1.PeerAuthentication_MutualTLS_UNSET +const PeerAuthentication_MutualTLS_DISABLE PeerAuthentication_MutualTLS_Mode = v1beta1.PeerAuthentication_MutualTLS_DISABLE +const PeerAuthentication_MutualTLS_PERMISSIVE PeerAuthentication_MutualTLS_Mode = v1beta1.PeerAuthentication_MutualTLS_PERMISSIVE +const PeerAuthentication_MutualTLS_STRICT PeerAuthentication_MutualTLS_Mode = v1beta1.PeerAuthentication_MutualTLS_STRICT diff --git a/security/v1/peer_authentication_deepcopy.gen.go b/security/v1/peer_authentication_deepcopy.gen.go deleted file mode 100644 index 56fc81ce1b3..00000000000 --- a/security/v1/peer_authentication_deepcopy.gen.go +++ /dev/null @@ -1,48 +0,0 @@ -// Code generated by protoc-gen-deepcopy. DO NOT EDIT. -package v1 - -import ( - proto "google.golang.org/protobuf/proto" -) - -// DeepCopyInto supports using PeerAuthentication within kubernetes types, where deepcopy-gen is used. -func (in *PeerAuthentication) DeepCopyInto(out *PeerAuthentication) { - p := proto.Clone(in).(*PeerAuthentication) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PeerAuthentication. Required by controller-gen. -func (in *PeerAuthentication) DeepCopy() *PeerAuthentication { - if in == nil { - return nil - } - out := new(PeerAuthentication) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new PeerAuthentication. Required by controller-gen. -func (in *PeerAuthentication) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using PeerAuthentication_MutualTLS within kubernetes types, where deepcopy-gen is used. -func (in *PeerAuthentication_MutualTLS) DeepCopyInto(out *PeerAuthentication_MutualTLS) { - p := proto.Clone(in).(*PeerAuthentication_MutualTLS) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PeerAuthentication_MutualTLS. Required by controller-gen. -func (in *PeerAuthentication_MutualTLS) DeepCopy() *PeerAuthentication_MutualTLS { - if in == nil { - return nil - } - out := new(PeerAuthentication_MutualTLS) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new PeerAuthentication_MutualTLS. Required by controller-gen. -func (in *PeerAuthentication_MutualTLS) DeepCopyInterface() interface{} { - return in.DeepCopy() -} diff --git a/security/v1/peer_authentication_json.gen.go b/security/v1/peer_authentication_json.gen.go deleted file mode 100644 index e7869582e25..00000000000 --- a/security/v1/peer_authentication_json.gen.go +++ /dev/null @@ -1,34 +0,0 @@ -// Code generated by protoc-gen-jsonshim. DO NOT EDIT. -package v1 - -import ( - bytes "bytes" - jsonpb "github.com/golang/protobuf/jsonpb" -) - -// MarshalJSON is a custom marshaler for PeerAuthentication -func (this *PeerAuthentication) MarshalJSON() ([]byte, error) { - str, err := PeerAuthenticationMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for PeerAuthentication -func (this *PeerAuthentication) UnmarshalJSON(b []byte) error { - return PeerAuthenticationUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for PeerAuthentication_MutualTLS -func (this *PeerAuthentication_MutualTLS) MarshalJSON() ([]byte, error) { - str, err := PeerAuthenticationMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for PeerAuthentication_MutualTLS -func (this *PeerAuthentication_MutualTLS) UnmarshalJSON(b []byte) error { - return PeerAuthenticationUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -var ( - PeerAuthenticationMarshaler = &jsonpb.Marshaler{} - PeerAuthenticationUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} -) diff --git a/security/v1/request_authentication.pb.go b/security/v1/request_authentication.pb.go deleted file mode 100644 index 3c843efc77a..00000000000 --- a/security/v1/request_authentication.pb.go +++ /dev/null @@ -1,956 +0,0 @@ -// Copyright 2019 Istio Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.33.0 -// protoc (unknown) -// source: security/v1/request_authentication.proto - -// $schema: istio.security.v1.RequestAuthentication -// $title: RequestAuthentication -// $description: Request authentication configuration for workloads. -// $location: https://istio.io/docs/reference/config/security/request_authentication.html -// $aliases: [/docs/reference/config/security/v1/request_authentication, /docs/reference/config/security/v1/jwt, /docs/reference/config/security/v1/jwt.html] -// $weight: 50 -// $mode: none - -package v1 - -import ( - duration "github.com/golang/protobuf/ptypes/duration" - _ "google.golang.org/genproto/googleapis/api/annotations" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - v1beta1 "istio.io/api/type/v1beta1" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// RequestAuthentication defines what request authentication methods are supported by a workload. -// It will reject a request if the request contains invalid authentication information, based on the -// configured authentication rules. A request that does not contain any authentication credentials -// will be accepted but will not have any authenticated identity. To restrict access to authenticated -// requests only, this should be accompanied by an authorization rule. -// Examples: -// -// - Require JWT for all request for workloads that have label `app:httpbin` -// -// ```yaml -// apiVersion: security.istio.io/v1 -// kind: RequestAuthentication -// metadata: -// -// name: httpbin -// namespace: foo -// -// spec: -// -// selector: -// matchLabels: -// app: httpbin -// jwtRules: -// - issuer: "issuer-foo" -// jwksUri: https://example.com/.well-known/jwks.json -// -// --- -// apiVersion: security.istio.io/v1 -// kind: AuthorizationPolicy -// metadata: -// -// name: httpbin -// namespace: foo -// -// spec: -// -// selector: -// matchLabels: -// app: httpbin -// rules: -// - from: -// - source: -// requestPrincipals: ["*"] -// -// ``` -// -// - A policy in the root namespace ("istio-system" by default) applies to workloads in all namespaces -// in a mesh. The following policy makes all workloads only accept requests that contain a -// valid JWT token. -// -// ```yaml -// apiVersion: security.istio.io/v1 -// kind: RequestAuthentication -// metadata: -// -// name: req-authn-for-all -// namespace: istio-system -// -// spec: -// -// jwtRules: -// - issuer: "issuer-foo" -// jwksUri: https://example.com/.well-known/jwks.json -// -// --- -// apiVersion: security.istio.io/v1 -// kind: AuthorizationPolicy -// metadata: -// -// name: require-jwt-for-all -// namespace: istio-system -// -// spec: -// -// rules: -// - from: -// - source: -// requestPrincipals: ["*"] -// -// ``` -// -// - The next example shows how to set a different JWT requirement for a different `host`. The `RequestAuthentication` -// declares it can accept JWTs issued by either `issuer-foo` or `issuer-bar` (the public key set is implicitly -// set from the OpenID Connect spec). -// -// ```yaml -// apiVersion: security.istio.io/v1 -// kind: RequestAuthentication -// metadata: -// -// name: httpbin -// namespace: foo -// -// spec: -// -// selector: -// matchLabels: -// app: httpbin -// jwtRules: -// - issuer: "issuer-foo" -// - issuer: "issuer-bar" -// -// --- -// apiVersion: security.istio.io/v1 -// kind: AuthorizationPolicy -// metadata: -// -// name: httpbin -// namespace: foo -// -// spec: -// -// selector: -// matchLabels: -// app: httpbin -// rules: -// - from: -// - source: -// requestPrincipals: ["issuer-foo/*"] -// to: -// - operation: -// hosts: ["example.com"] -// - from: -// - source: -// requestPrincipals: ["issuer-bar/*"] -// to: -// - operation: -// hosts: ["another-host.com"] -// -// ``` -// -// - You can fine tune the authorization policy to set different requirement per path. For example, -// to require JWT on all paths, except /healthz, the same `RequestAuthentication` can be used, but the -// authorization policy could be: -// -// ```yaml -// apiVersion: security.istio.io/v1 -// kind: AuthorizationPolicy -// metadata: -// -// name: httpbin -// namespace: foo -// -// spec: -// -// selector: -// matchLabels: -// app: httpbin -// rules: -// - from: -// - source: -// requestPrincipals: ["*"] -// - to: -// - operation: -// paths: ["/healthz"] -// -// ``` -// -// [Experimental] Routing based on derived [metadata](https://istio.io/latest/docs/reference/config/security/conditions/) -// is now supported. A prefix '@' is used to denote a match against internal metadata instead of the headers in the request. -// Currently this feature is only supported for the following metadata: -// -// - `request.auth.claims.{claim-name}[.{nested-claim}]*` which are extracted from validated JWT tokens. -// Use the `.` or `[]` as a separator for nested claim names. -// Examples: `request.auth.claims.sub`, `request.auth.claims.name.givenName` and `request.auth.claims[foo.com/name]`. -// For more information, see [JWT claim based routing](https://istio.io/latest/docs/tasks/security/authentication/jwt-route/). -// -// The use of matches against JWT claim metadata is only supported in Gateways. The following example shows: -// -// - RequestAuthentication to decode and validate a JWT. This also makes the `@request.auth.claims` available for use in the VirtualService. -// - AuthorizationPolicy to check for valid principals in the request. This makes the JWT required for the request. -// - VirtualService to route the request based on the "sub" claim. -// -// ```yaml -// apiVersion: security.istio.io/v1 -// kind: RequestAuthentication -// metadata: -// -// name: jwt-on-ingress -// namespace: istio-system -// -// spec: -// -// selector: -// matchLabels: -// app: istio-ingressgateway -// jwtRules: -// - issuer: "example.com" -// jwksUri: https://example.com/.well-known/jwks.json -// -// --- -// apiVersion: security.istio.io/v1 -// kind: AuthorizationPolicy -// metadata: -// -// name: require-jwt -// namespace: istio-system -// -// spec: -// -// selector: -// matchLabels: -// app: istio-ingressgateway -// rules: -// - from: -// - source: -// requestPrincipals: ["*"] -// -// --- -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// -// name: route-jwt -// -// spec: -// -// hosts: -// - foo.prod.svc.cluster.local -// gateways: -// - istio-ingressgateway -// http: -// - name: "v2" -// match: -// - headers: -// "@request.auth.claims.sub": -// exact: "dev" -// route: -// - destination: -// host: foo.prod.svc.cluster.local -// subset: v2 -// - name: "default" -// route: -// - destination: -// host: foo.prod.svc.cluster.local -// subset: v1 -// -// ``` -// -// -// -type RequestAuthentication struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Optional. The selector decides where to apply the request authentication policy. The selector will match with workloads - // in the same namespace as the request authentication policy. If the request authentication policy is in the root namespace, - // the selector will additionally match with workloads in all namespaces. - // - // If not set, the selector will match all workloads. - // - // At most one of `selector` or `targetRefs` can be set for a given policy. - Selector *v1beta1.WorkloadSelector `protobuf:"bytes,1,opt,name=selector,proto3" json:"selector,omitempty"` - // $hide_from_docs - TargetRef *v1beta1.PolicyTargetReference `protobuf:"bytes,3,opt,name=targetRef,proto3" json:"targetRef,omitempty"` - // Optional. The targetRefs specifies a list of resources the policy should be - // applied to. The targeted resources specified will determine which workloads - // the policy applies to. - // - // Currently, the following resource attachment types are supported: - // * `kind: Gateway` with `group: gateway.networking.k8s.io` in the same namespace. - // * `kind: Service` with `""` in the same namespace. This type is only supported for waypoints. - // - // If not set, the policy is applied as defined by the selector. - // At most one of the selector and targetRefs can be set. - // - // NOTE: If you are using the `targetRefs` field in a multi-revision environment with Istio versions prior to 1.22, - // it is highly recommended that you pin the policy to a revision running 1.22+ via the `istio.io/rev` label. - // This is to prevent proxies connected to older control planes (that don't know about the `targetRefs` field) - // from misinterpreting the policy as namespace-wide during the upgrade process. - // - // NOTE: Waypoint proxies are required to use this field for policies to apply; `selector` policies will be ignored. - TargetRefs []*v1beta1.PolicyTargetReference `protobuf:"bytes,4,rep,name=targetRefs,proto3" json:"targetRefs,omitempty"` - // Define the list of JWTs that can be validated at the selected workloads' proxy. A valid token - // will be used to extract the authenticated identity. - // Each rule will be activated only when a token is presented at the location recognized by the - // rule. The token will be validated based on the JWT rule config. If validation fails, the request will - // be rejected. - // Note: Requests with multiple tokens (at different locations) are not supported, the output principal of - // such requests is undefined. - JwtRules []*JWTRule `protobuf:"bytes,2,rep,name=jwt_rules,json=jwtRules,proto3" json:"jwt_rules,omitempty"` -} - -func (x *RequestAuthentication) Reset() { - *x = RequestAuthentication{} - if protoimpl.UnsafeEnabled { - mi := &file_security_v1_request_authentication_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *RequestAuthentication) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*RequestAuthentication) ProtoMessage() {} - -func (x *RequestAuthentication) ProtoReflect() protoreflect.Message { - mi := &file_security_v1_request_authentication_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use RequestAuthentication.ProtoReflect.Descriptor instead. -func (*RequestAuthentication) Descriptor() ([]byte, []int) { - return file_security_v1_request_authentication_proto_rawDescGZIP(), []int{0} -} - -func (x *RequestAuthentication) GetSelector() *v1beta1.WorkloadSelector { - if x != nil { - return x.Selector - } - return nil -} - -func (x *RequestAuthentication) GetTargetRef() *v1beta1.PolicyTargetReference { - if x != nil { - return x.TargetRef - } - return nil -} - -func (x *RequestAuthentication) GetTargetRefs() []*v1beta1.PolicyTargetReference { - if x != nil { - return x.TargetRefs - } - return nil -} - -func (x *RequestAuthentication) GetJwtRules() []*JWTRule { - if x != nil { - return x.JwtRules - } - return nil -} - -// JSON Web Token (JWT) token format for authentication as defined by -// [RFC 7519](https://tools.ietf.org/html/rfc7519). See [OAuth 2.0](https://tools.ietf.org/html/rfc6749) and -// [OIDC 1.0](http://openid.net/connect) for how this is used in the whole -// authentication flow. -// -// Examples: -// -// Spec for a JWT that is issued by `https://example.com`, with the audience claims must be either -// `bookstore_android.apps.example.com` or `bookstore_web.apps.example.com`. -// The token should be presented at the `Authorization` header (default). The JSON Web Key Set (JWKS) -// will be discovered following OpenID Connect protocol. -// -// ```yaml -// issuer: https://example.com -// audiences: -// - bookstore_android.apps.example.com -// bookstore_web.apps.example.com -// -// ``` -// -// This example specifies a token in a non-default location (`x-goog-iap-jwt-assertion` header). It also -// defines the URI to fetch JWKS explicitly. -// -// ```yaml -// issuer: https://example.com -// jwksUri: https://example.com/.secret/jwks.json -// fromHeaders: -// - "x-goog-iap-jwt-assertion" -// ``` -type JWTRule struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Identifies the issuer that issued the JWT. See - // [issuer](https://tools.ietf.org/html/rfc7519#section-4.1.1) - // A JWT with different `iss` claim will be rejected. - // - // Example: `https://foobar.auth0.com` - // Example: `1234567-compute@developer.gserviceaccount.com` - Issuer string `protobuf:"bytes,1,opt,name=issuer,proto3" json:"issuer,omitempty"` - // The list of JWT - // [audiences](https://tools.ietf.org/html/rfc7519#section-4.1.3) - // that are allowed to access. A JWT containing any of these - // audiences will be accepted. - // - // The service name will be accepted if audiences is empty. - // - // Example: - // - // ```yaml - // audiences: - // - bookstore_android.apps.example.com - // bookstore_web.apps.example.com - // - // ``` - Audiences []string `protobuf:"bytes,2,rep,name=audiences,proto3" json:"audiences,omitempty"` - // URL of the provider's public key set to validate signature of the - // JWT. See [OpenID Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata). - // - // Optional if the key set document can either (a) be retrieved from - // [OpenID - // Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html) of - // the issuer or (b) inferred from the email domain of the issuer (e.g. a - // Google service account). - // - // Example: `https://www.googleapis.com/oauth2/v1/certs` - // - // Note: Only one of `jwksUri` and `jwks` should be used. - // +kubebuilder:altName=jwks_uri - JwksUri string `protobuf:"bytes,3,opt,name=jwks_uri,json=jwksUri,proto3" json:"jwks_uri,omitempty"` - // JSON Web Key Set of public keys to validate signature of the JWT. - // See https://auth0.com/docs/jwks. - // - // Note: Only one of `jwksUri` and `jwks` should be used. - Jwks string `protobuf:"bytes,10,opt,name=jwks,proto3" json:"jwks,omitempty"` - // List of header locations from which JWT is expected. For example, below is the location spec - // if JWT is expected to be found in `x-jwt-assertion` header, and have `Bearer` prefix: - // - // ```yaml - // - // fromHeaders: - // - name: x-jwt-assertion - // prefix: "Bearer " - // - // ``` - // - // Note: Requests with multiple tokens (at different locations) are not supported, the output principal of - // such requests is undefined. - FromHeaders []*JWTHeader `protobuf:"bytes,6,rep,name=from_headers,json=fromHeaders,proto3" json:"from_headers,omitempty"` - // List of query parameters from which JWT is expected. For example, if JWT is provided via query - // parameter `my_token` (e.g `/path?my_token=`), the config is: - // - // ```yaml - // - // fromParams: - // - "my_token" - // - // ``` - // - // Note: Requests with multiple tokens (at different locations) are not supported, the output principal of - // such requests is undefined. - FromParams []string `protobuf:"bytes,7,rep,name=from_params,json=fromParams,proto3" json:"from_params,omitempty"` - // This field specifies the header name to output a successfully verified JWT payload to the - // backend. The forwarded data is `base64_encoded(jwt_payload_in_JSON)`. If it is not specified, - // the payload will not be emitted. - OutputPayloadToHeader string `protobuf:"bytes,8,opt,name=output_payload_to_header,json=outputPayloadToHeader,proto3" json:"output_payload_to_header,omitempty"` - // List of cookie names from which JWT is expected. // - // For example, if config is: - // - // ``` yaml - // - // from_cookies: - // - auth-token - // - // ``` - // Then JWT will be extracted from “auth-token“ cookie in the request. - // - // Note: Requests with multiple tokens (at different locations) are not supported, the output principal of - // such requests is undefined. - FromCookies []string `protobuf:"bytes,12,rep,name=from_cookies,json=fromCookies,proto3" json:"from_cookies,omitempty"` - // If set to true, the original token will be kept for the upstream request. Default is false. - ForwardOriginalToken bool `protobuf:"varint,9,opt,name=forward_original_token,json=forwardOriginalToken,proto3" json:"forward_original_token,omitempty"` - // This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token. - // This differs from the `output_payload_to_header` by allowing outputting individual claims instead of the whole payload. - // The header specified in each operation in the list must be unique. Nested claims of type string/int/bool is supported as well. - // ``` - // - // outputClaimToHeaders: - // - header: x-my-company-jwt-group - // claim: my-group - // - header: x-test-environment-flag - // claim: test-flag - // - header: x-jwt-claim-group - // claim: nested.key.group - // - // ``` - // [Experimental] This feature is a experimental feature. - OutputClaimToHeaders []*ClaimToHeader `protobuf:"bytes,11,rep,name=output_claim_to_headers,json=outputClaimToHeaders,proto3" json:"output_claim_to_headers,omitempty"` // [TODO:Update the status whenever this feature is promoted.] - // The maximum amount of time that the resolver, determined by the PILOT_JWT_ENABLE_REMOTE_JWKS environment variable, - // will spend waiting for the JWKS to be fetched. Default is 5s. - Timeout *duration.Duration `protobuf:"bytes,13,opt,name=timeout,proto3" json:"timeout,omitempty"` -} - -func (x *JWTRule) Reset() { - *x = JWTRule{} - if protoimpl.UnsafeEnabled { - mi := &file_security_v1_request_authentication_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *JWTRule) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*JWTRule) ProtoMessage() {} - -func (x *JWTRule) ProtoReflect() protoreflect.Message { - mi := &file_security_v1_request_authentication_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use JWTRule.ProtoReflect.Descriptor instead. -func (*JWTRule) Descriptor() ([]byte, []int) { - return file_security_v1_request_authentication_proto_rawDescGZIP(), []int{1} -} - -func (x *JWTRule) GetIssuer() string { - if x != nil { - return x.Issuer - } - return "" -} - -func (x *JWTRule) GetAudiences() []string { - if x != nil { - return x.Audiences - } - return nil -} - -func (x *JWTRule) GetJwksUri() string { - if x != nil { - return x.JwksUri - } - return "" -} - -func (x *JWTRule) GetJwks() string { - if x != nil { - return x.Jwks - } - return "" -} - -func (x *JWTRule) GetFromHeaders() []*JWTHeader { - if x != nil { - return x.FromHeaders - } - return nil -} - -func (x *JWTRule) GetFromParams() []string { - if x != nil { - return x.FromParams - } - return nil -} - -func (x *JWTRule) GetOutputPayloadToHeader() string { - if x != nil { - return x.OutputPayloadToHeader - } - return "" -} - -func (x *JWTRule) GetFromCookies() []string { - if x != nil { - return x.FromCookies - } - return nil -} - -func (x *JWTRule) GetForwardOriginalToken() bool { - if x != nil { - return x.ForwardOriginalToken - } - return false -} - -func (x *JWTRule) GetOutputClaimToHeaders() []*ClaimToHeader { - if x != nil { - return x.OutputClaimToHeaders - } - return nil -} - -func (x *JWTRule) GetTimeout() *duration.Duration { - if x != nil { - return x.Timeout - } - return nil -} - -// This message specifies a header location to extract JWT token. -type JWTHeader struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The HTTP header name. - Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` - // The prefix that should be stripped before decoding the token. - // For example, for `Authorization: Bearer `, prefix=`Bearer` with a space at the end. - // If the header doesn't have this exact prefix, it is considered invalid. - Prefix string `protobuf:"bytes,2,opt,name=prefix,proto3" json:"prefix,omitempty"` -} - -func (x *JWTHeader) Reset() { - *x = JWTHeader{} - if protoimpl.UnsafeEnabled { - mi := &file_security_v1_request_authentication_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *JWTHeader) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*JWTHeader) ProtoMessage() {} - -func (x *JWTHeader) ProtoReflect() protoreflect.Message { - mi := &file_security_v1_request_authentication_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use JWTHeader.ProtoReflect.Descriptor instead. -func (*JWTHeader) Descriptor() ([]byte, []int) { - return file_security_v1_request_authentication_proto_rawDescGZIP(), []int{2} -} - -func (x *JWTHeader) GetName() string { - if x != nil { - return x.Name - } - return "" -} - -func (x *JWTHeader) GetPrefix() string { - if x != nil { - return x.Prefix - } - return "" -} - -// This message specifies the detail for copying claim to header. -type ClaimToHeader struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The name of the header to be created. The header will be overridden if it already exists in the request. - Header string `protobuf:"bytes,1,opt,name=header,proto3" json:"header,omitempty"` - // The name of the claim to be copied from. Only claim of type string/int/bool is supported. - // The header will not be there if the claim does not exist or the type of the claim is not supported. - Claim string `protobuf:"bytes,2,opt,name=claim,proto3" json:"claim,omitempty"` -} - -func (x *ClaimToHeader) Reset() { - *x = ClaimToHeader{} - if protoimpl.UnsafeEnabled { - mi := &file_security_v1_request_authentication_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ClaimToHeader) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ClaimToHeader) ProtoMessage() {} - -func (x *ClaimToHeader) ProtoReflect() protoreflect.Message { - mi := &file_security_v1_request_authentication_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ClaimToHeader.ProtoReflect.Descriptor instead. -func (*ClaimToHeader) Descriptor() ([]byte, []int) { - return file_security_v1_request_authentication_proto_rawDescGZIP(), []int{3} -} - -func (x *ClaimToHeader) GetHeader() string { - if x != nil { - return x.Header - } - return "" -} - -func (x *ClaimToHeader) GetClaim() string { - if x != nil { - return x.Claim - } - return "" -} - -var File_security_v1_request_authentication_proto protoreflect.FileDescriptor - -var file_security_v1_request_authentication_proto_rawDesc = []byte{ - 0x0a, 0x28, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2f, 0x76, 0x31, 0x2f, 0x72, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x11, 0x69, 0x73, 0x74, 0x69, - 0x6f, 0x2e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x1a, 0x1e, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, - 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1f, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, - 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b, - 0x74, 0x79, 0x70, 0x65, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x73, 0x65, 0x6c, - 0x65, 0x63, 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xa6, 0x02, 0x0a, 0x15, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x40, 0x0a, 0x08, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, - 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, - 0x74, 0x79, 0x70, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x57, 0x6f, 0x72, - 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x52, 0x08, 0x73, - 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x47, 0x0a, 0x09, 0x74, 0x61, 0x72, 0x67, 0x65, - 0x74, 0x52, 0x65, 0x66, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x69, 0x73, 0x74, - 0x69, 0x6f, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, - 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x65, - 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x09, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, - 0x12, 0x49, 0x0a, 0x0a, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x73, 0x18, 0x04, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x74, 0x79, 0x70, - 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, - 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, - 0x0a, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x73, 0x12, 0x37, 0x0a, 0x09, 0x6a, - 0x77, 0x74, 0x5f, 0x72, 0x75, 0x6c, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1a, - 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2e, - 0x76, 0x31, 0x2e, 0x4a, 0x57, 0x54, 0x52, 0x75, 0x6c, 0x65, 0x52, 0x08, 0x6a, 0x77, 0x74, 0x52, - 0x75, 0x6c, 0x65, 0x73, 0x22, 0xf5, 0x03, 0x0a, 0x07, 0x4a, 0x57, 0x54, 0x52, 0x75, 0x6c, 0x65, - 0x12, 0x1b, 0x0a, 0x06, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x06, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x12, 0x1c, 0x0a, - 0x09, 0x61, 0x75, 0x64, 0x69, 0x65, 0x6e, 0x63, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, - 0x52, 0x09, 0x61, 0x75, 0x64, 0x69, 0x65, 0x6e, 0x63, 0x65, 0x73, 0x12, 0x19, 0x0a, 0x08, 0x6a, - 0x77, 0x6b, 0x73, 0x5f, 0x75, 0x72, 0x69, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6a, - 0x77, 0x6b, 0x73, 0x55, 0x72, 0x69, 0x12, 0x12, 0x0a, 0x04, 0x6a, 0x77, 0x6b, 0x73, 0x18, 0x0a, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6a, 0x77, 0x6b, 0x73, 0x12, 0x3f, 0x0a, 0x0c, 0x66, 0x72, - 0x6f, 0x6d, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x1c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, - 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x4a, 0x57, 0x54, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x52, 0x0b, - 0x66, 0x72, 0x6f, 0x6d, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x1f, 0x0a, 0x0b, 0x66, - 0x72, 0x6f, 0x6d, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x09, - 0x52, 0x0a, 0x66, 0x72, 0x6f, 0x6d, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x12, 0x37, 0x0a, 0x18, - 0x6f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x5f, 0x70, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x74, - 0x6f, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x15, - 0x6f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x50, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x54, 0x6f, 0x48, - 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x21, 0x0a, 0x0c, 0x66, 0x72, 0x6f, 0x6d, 0x5f, 0x63, 0x6f, - 0x6f, 0x6b, 0x69, 0x65, 0x73, 0x18, 0x0c, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0b, 0x66, 0x72, 0x6f, - 0x6d, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x73, 0x12, 0x34, 0x0a, 0x16, 0x66, 0x6f, 0x72, 0x77, - 0x61, 0x72, 0x64, 0x5f, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x61, 0x6c, 0x5f, 0x74, 0x6f, 0x6b, - 0x65, 0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x08, 0x52, 0x14, 0x66, 0x6f, 0x72, 0x77, 0x61, 0x72, - 0x64, 0x4f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x61, 0x6c, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x57, - 0x0a, 0x17, 0x6f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x5f, 0x63, 0x6c, 0x61, 0x69, 0x6d, 0x5f, 0x74, - 0x6f, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x0b, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x20, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, - 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x6c, 0x61, 0x69, 0x6d, 0x54, 0x6f, 0x48, 0x65, 0x61, 0x64, 0x65, - 0x72, 0x52, 0x14, 0x6f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x43, 0x6c, 0x61, 0x69, 0x6d, 0x54, 0x6f, - 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x33, 0x0a, 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, - 0x75, 0x74, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x22, 0x3c, 0x0a, 0x09, - 0x4a, 0x57, 0x54, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x17, 0x0a, 0x04, 0x6e, 0x61, 0x6d, - 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x6e, 0x61, - 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x06, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x22, 0x3d, 0x0a, 0x0d, 0x43, 0x6c, - 0x61, 0x69, 0x6d, 0x54, 0x6f, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x16, 0x0a, 0x06, 0x68, - 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x68, 0x65, 0x61, - 0x64, 0x65, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x63, 0x6c, 0x61, 0x69, 0x6d, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x05, 0x63, 0x6c, 0x61, 0x69, 0x6d, 0x42, 0x1a, 0x5a, 0x18, 0x69, 0x73, 0x74, - 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, - 0x74, 0x79, 0x2f, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} - -var ( - file_security_v1_request_authentication_proto_rawDescOnce sync.Once - file_security_v1_request_authentication_proto_rawDescData = file_security_v1_request_authentication_proto_rawDesc -) - -func file_security_v1_request_authentication_proto_rawDescGZIP() []byte { - file_security_v1_request_authentication_proto_rawDescOnce.Do(func() { - file_security_v1_request_authentication_proto_rawDescData = protoimpl.X.CompressGZIP(file_security_v1_request_authentication_proto_rawDescData) - }) - return file_security_v1_request_authentication_proto_rawDescData -} - -var file_security_v1_request_authentication_proto_msgTypes = make([]protoimpl.MessageInfo, 4) -var file_security_v1_request_authentication_proto_goTypes = []interface{}{ - (*RequestAuthentication)(nil), // 0: istio.security.v1.RequestAuthentication - (*JWTRule)(nil), // 1: istio.security.v1.JWTRule - (*JWTHeader)(nil), // 2: istio.security.v1.JWTHeader - (*ClaimToHeader)(nil), // 3: istio.security.v1.ClaimToHeader - (*v1beta1.WorkloadSelector)(nil), // 4: istio.type.v1beta1.WorkloadSelector - (*v1beta1.PolicyTargetReference)(nil), // 5: istio.type.v1beta1.PolicyTargetReference - (*duration.Duration)(nil), // 6: google.protobuf.Duration -} -var file_security_v1_request_authentication_proto_depIdxs = []int32{ - 4, // 0: istio.security.v1.RequestAuthentication.selector:type_name -> istio.type.v1beta1.WorkloadSelector - 5, // 1: istio.security.v1.RequestAuthentication.targetRef:type_name -> istio.type.v1beta1.PolicyTargetReference - 5, // 2: istio.security.v1.RequestAuthentication.targetRefs:type_name -> istio.type.v1beta1.PolicyTargetReference - 1, // 3: istio.security.v1.RequestAuthentication.jwt_rules:type_name -> istio.security.v1.JWTRule - 2, // 4: istio.security.v1.JWTRule.from_headers:type_name -> istio.security.v1.JWTHeader - 3, // 5: istio.security.v1.JWTRule.output_claim_to_headers:type_name -> istio.security.v1.ClaimToHeader - 6, // 6: istio.security.v1.JWTRule.timeout:type_name -> google.protobuf.Duration - 7, // [7:7] is the sub-list for method output_type - 7, // [7:7] is the sub-list for method input_type - 7, // [7:7] is the sub-list for extension type_name - 7, // [7:7] is the sub-list for extension extendee - 0, // [0:7] is the sub-list for field type_name -} - -func init() { file_security_v1_request_authentication_proto_init() } -func file_security_v1_request_authentication_proto_init() { - if File_security_v1_request_authentication_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_security_v1_request_authentication_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*RequestAuthentication); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_security_v1_request_authentication_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*JWTRule); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_security_v1_request_authentication_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*JWTHeader); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_security_v1_request_authentication_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ClaimToHeader); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_security_v1_request_authentication_proto_rawDesc, - NumEnums: 0, - NumMessages: 4, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_security_v1_request_authentication_proto_goTypes, - DependencyIndexes: file_security_v1_request_authentication_proto_depIdxs, - MessageInfos: file_security_v1_request_authentication_proto_msgTypes, - }.Build() - File_security_v1_request_authentication_proto = out.File - file_security_v1_request_authentication_proto_rawDesc = nil - file_security_v1_request_authentication_proto_goTypes = nil - file_security_v1_request_authentication_proto_depIdxs = nil -} diff --git a/security/v1/request_authentication.proto b/security/v1/request_authentication.proto deleted file mode 100644 index ef409203a22..00000000000 --- a/security/v1/request_authentication.proto +++ /dev/null @@ -1,457 +0,0 @@ -// Copyright 2019 Istio Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -syntax = "proto3"; - -import "google/protobuf/duration.proto"; -import "google/api/field_behavior.proto"; -import "type/v1beta1/selector.proto"; - -// $schema: istio.security.v1.RequestAuthentication -// $title: RequestAuthentication -// $description: Request authentication configuration for workloads. -// $location: https://istio.io/docs/reference/config/security/request_authentication.html -// $aliases: [/docs/reference/config/security/v1/request_authentication, /docs/reference/config/security/v1/jwt, /docs/reference/config/security/v1/jwt.html] -// $weight: 50 -// $mode: none - -package istio.security.v1; - -option go_package="istio.io/api/security/v1"; - -// RequestAuthentication defines what request authentication methods are supported by a workload. -// It will reject a request if the request contains invalid authentication information, based on the -// configured authentication rules. A request that does not contain any authentication credentials -// will be accepted but will not have any authenticated identity. To restrict access to authenticated -// requests only, this should be accompanied by an authorization rule. -// Examples: -// -// - Require JWT for all request for workloads that have label `app:httpbin` -// -// ```yaml -// apiVersion: security.istio.io/v1 -// kind: RequestAuthentication -// metadata: -// name: httpbin -// namespace: foo -// spec: -// selector: -// matchLabels: -// app: httpbin -// jwtRules: -// - issuer: "issuer-foo" -// jwksUri: https://example.com/.well-known/jwks.json -// --- -// apiVersion: security.istio.io/v1 -// kind: AuthorizationPolicy -// metadata: -// name: httpbin -// namespace: foo -// spec: -// selector: -// matchLabels: -// app: httpbin -// rules: -// - from: -// - source: -// requestPrincipals: ["*"] -// ``` -// -// - A policy in the root namespace ("istio-system" by default) applies to workloads in all namespaces -// in a mesh. The following policy makes all workloads only accept requests that contain a -// valid JWT token. -// -// ```yaml -// apiVersion: security.istio.io/v1 -// kind: RequestAuthentication -// metadata: -// name: req-authn-for-all -// namespace: istio-system -// spec: -// jwtRules: -// - issuer: "issuer-foo" -// jwksUri: https://example.com/.well-known/jwks.json -// --- -// apiVersion: security.istio.io/v1 -// kind: AuthorizationPolicy -// metadata: -// name: require-jwt-for-all -// namespace: istio-system -// spec: -// rules: -// - from: -// - source: -// requestPrincipals: ["*"] -// ``` -// -// - The next example shows how to set a different JWT requirement for a different `host`. The `RequestAuthentication` -// declares it can accept JWTs issued by either `issuer-foo` or `issuer-bar` (the public key set is implicitly -// set from the OpenID Connect spec). -// -// ```yaml -// apiVersion: security.istio.io/v1 -// kind: RequestAuthentication -// metadata: -// name: httpbin -// namespace: foo -// spec: -// selector: -// matchLabels: -// app: httpbin -// jwtRules: -// - issuer: "issuer-foo" -// - issuer: "issuer-bar" -// --- -// apiVersion: security.istio.io/v1 -// kind: AuthorizationPolicy -// metadata: -// name: httpbin -// namespace: foo -// spec: -// selector: -// matchLabels: -// app: httpbin -// rules: -// - from: -// - source: -// requestPrincipals: ["issuer-foo/*"] -// to: -// - operation: -// hosts: ["example.com"] -// - from: -// - source: -// requestPrincipals: ["issuer-bar/*"] -// to: -// - operation: -// hosts: ["another-host.com"] -// ``` -// -// - You can fine tune the authorization policy to set different requirement per path. For example, -// to require JWT on all paths, except /healthz, the same `RequestAuthentication` can be used, but the -// authorization policy could be: -// -// ```yaml -// apiVersion: security.istio.io/v1 -// kind: AuthorizationPolicy -// metadata: -// name: httpbin -// namespace: foo -// spec: -// selector: -// matchLabels: -// app: httpbin -// rules: -// - from: -// - source: -// requestPrincipals: ["*"] -// - to: -// - operation: -// paths: ["/healthz"] -// ``` -// -// [Experimental] Routing based on derived [metadata](https://istio.io/latest/docs/reference/config/security/conditions/) -// is now supported. A prefix '@' is used to denote a match against internal metadata instead of the headers in the request. -// Currently this feature is only supported for the following metadata: -// -// - `request.auth.claims.{claim-name}[.{nested-claim}]*` which are extracted from validated JWT tokens. -// Use the `.` or `[]` as a separator for nested claim names. -// Examples: `request.auth.claims.sub`, `request.auth.claims.name.givenName` and `request.auth.claims[foo.com/name]`. -// For more information, see [JWT claim based routing](https://istio.io/latest/docs/tasks/security/authentication/jwt-route/). -// -// The use of matches against JWT claim metadata is only supported in Gateways. The following example shows: -// -// - RequestAuthentication to decode and validate a JWT. This also makes the `@request.auth.claims` available for use in the VirtualService. -// - AuthorizationPolicy to check for valid principals in the request. This makes the JWT required for the request. -// - VirtualService to route the request based on the "sub" claim. -// -// ```yaml -// apiVersion: security.istio.io/v1 -// kind: RequestAuthentication -// metadata: -// name: jwt-on-ingress -// namespace: istio-system -// spec: -// selector: -// matchLabels: -// app: istio-ingressgateway -// jwtRules: -// - issuer: "example.com" -// jwksUri: https://example.com/.well-known/jwks.json -// --- -// apiVersion: security.istio.io/v1 -// kind: AuthorizationPolicy -// metadata: -// name: require-jwt -// namespace: istio-system -// spec: -// selector: -// matchLabels: -// app: istio-ingressgateway -// rules: -// - from: -// - source: -// requestPrincipals: ["*"] -// --- -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// name: route-jwt -// spec: -// hosts: -// - foo.prod.svc.cluster.local -// gateways: -// - istio-ingressgateway -// http: -// - name: "v2" -// match: -// - headers: -// "@request.auth.claims.sub": -// exact: "dev" -// route: -// - destination: -// host: foo.prod.svc.cluster.local -// subset: v2 -// - name: "default" -// route: -// - destination: -// host: foo.prod.svc.cluster.local -// subset: v1 -// ``` -// -// -// -message RequestAuthentication { - // Optional. The selector decides where to apply the request authentication policy. The selector will match with workloads - // in the same namespace as the request authentication policy. If the request authentication policy is in the root namespace, - // the selector will additionally match with workloads in all namespaces. - // - // If not set, the selector will match all workloads. - // - // At most one of `selector` or `targetRefs` can be set for a given policy. - istio.type.v1beta1.WorkloadSelector selector = 1; - - // $hide_from_docs - istio.type.v1beta1.PolicyTargetReference targetRef = 3; - - // Optional. The targetRefs specifies a list of resources the policy should be - // applied to. The targeted resources specified will determine which workloads - // the policy applies to. - // - // Currently, the following resource attachment types are supported: - // * `kind: Gateway` with `group: gateway.networking.k8s.io` in the same namespace. - // * `kind: Service` with `""` in the same namespace. This type is only supported for waypoints. - // - // If not set, the policy is applied as defined by the selector. - // At most one of the selector and targetRefs can be set. - // - // NOTE: If you are using the `targetRefs` field in a multi-revision environment with Istio versions prior to 1.22, - // it is highly recommended that you pin the policy to a revision running 1.22+ via the `istio.io/rev` label. - // This is to prevent proxies connected to older control planes (that don't know about the `targetRefs` field) - // from misinterpreting the policy as namespace-wide during the upgrade process. - // - // NOTE: Waypoint proxies are required to use this field for policies to apply; `selector` policies will be ignored. - repeated istio.type.v1beta1.PolicyTargetReference targetRefs = 4; - - // Define the list of JWTs that can be validated at the selected workloads' proxy. A valid token - // will be used to extract the authenticated identity. - // Each rule will be activated only when a token is presented at the location recognized by the - // rule. The token will be validated based on the JWT rule config. If validation fails, the request will - // be rejected. - // Note: Requests with multiple tokens (at different locations) are not supported, the output principal of - // such requests is undefined. - repeated JWTRule jwt_rules = 2; -} -// JSON Web Token (JWT) token format for authentication as defined by -// [RFC 7519](https://tools.ietf.org/html/rfc7519). See [OAuth 2.0](https://tools.ietf.org/html/rfc6749) and -// [OIDC 1.0](http://openid.net/connect) for how this is used in the whole -// authentication flow. -// -// Examples: -// -// Spec for a JWT that is issued by `https://example.com`, with the audience claims must be either -// `bookstore_android.apps.example.com` or `bookstore_web.apps.example.com`. -// The token should be presented at the `Authorization` header (default). The JSON Web Key Set (JWKS) -// will be discovered following OpenID Connect protocol. -// -// ```yaml -// issuer: https://example.com -// audiences: -// - bookstore_android.apps.example.com -// bookstore_web.apps.example.com -// ``` -// -// This example specifies a token in a non-default location (`x-goog-iap-jwt-assertion` header). It also -// defines the URI to fetch JWKS explicitly. -// -// ```yaml -// issuer: https://example.com -// jwksUri: https://example.com/.secret/jwks.json -// fromHeaders: -// - "x-goog-iap-jwt-assertion" -// ``` -message JWTRule { - // Identifies the issuer that issued the JWT. See - // [issuer](https://tools.ietf.org/html/rfc7519#section-4.1.1) - // A JWT with different `iss` claim will be rejected. - // - // Example: `https://foobar.auth0.com` - // Example: `1234567-compute@developer.gserviceaccount.com` - string issuer = 1 [(google.api.field_behavior) = REQUIRED]; - - // The list of JWT - // [audiences](https://tools.ietf.org/html/rfc7519#section-4.1.3) - // that are allowed to access. A JWT containing any of these - // audiences will be accepted. - // - // The service name will be accepted if audiences is empty. - // - // Example: - // - // ```yaml - // audiences: - // - bookstore_android.apps.example.com - // bookstore_web.apps.example.com - // ``` - repeated string audiences = 2; - - // URL of the provider's public key set to validate signature of the - // JWT. See [OpenID Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata). - // - // Optional if the key set document can either (a) be retrieved from - // [OpenID - // Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html) of - // the issuer or (b) inferred from the email domain of the issuer (e.g. a - // Google service account). - // - // Example: `https://www.googleapis.com/oauth2/v1/certs` - // - // Note: Only one of `jwksUri` and `jwks` should be used. - // +kubebuilder:altName=jwks_uri - string jwks_uri = 3; - - // JSON Web Key Set of public keys to validate signature of the JWT. - // See https://auth0.com/docs/jwks. - // - // Note: Only one of `jwksUri` and `jwks` should be used. - string jwks = 10; - - // The next two fields define how to extract the JWT from an HTTP request. - // - // If no explicit location is specified the following default - // locations are tried in order: - // - // 1) The Authorization header using the Bearer schema, - // e.g. Authorization: Bearer . (see - // [Authorization Request Header - // Field](https://tools.ietf.org/html/rfc6750#section-2.1)) - // - // 2) The `access_token` query parameter (see - // [URI Query Parameter](https://tools.ietf.org/html/rfc6750#section-2.3)) - - // List of header locations from which JWT is expected. For example, below is the location spec - // if JWT is expected to be found in `x-jwt-assertion` header, and have `Bearer` prefix: - // - // ```yaml - // fromHeaders: - // - name: x-jwt-assertion - // prefix: "Bearer " - // ``` - // - // Note: Requests with multiple tokens (at different locations) are not supported, the output principal of - // such requests is undefined. - repeated JWTHeader from_headers = 6; - - // List of query parameters from which JWT is expected. For example, if JWT is provided via query - // parameter `my_token` (e.g `/path?my_token=`), the config is: - // - // ```yaml - // fromParams: - // - "my_token" - // ``` - // - // Note: Requests with multiple tokens (at different locations) are not supported, the output principal of - // such requests is undefined. - repeated string from_params = 7; - - // This field specifies the header name to output a successfully verified JWT payload to the - // backend. The forwarded data is `base64_encoded(jwt_payload_in_JSON)`. If it is not specified, - // the payload will not be emitted. - string output_payload_to_header = 8; - - // List of cookie names from which JWT is expected. // - // For example, if config is: - // - // ``` yaml - // from_cookies: - // - auth-token - // ``` - // Then JWT will be extracted from ``auth-token`` cookie in the request. - // - // Note: Requests with multiple tokens (at different locations) are not supported, the output principal of - // such requests is undefined. - repeated string from_cookies = 12; - - // If set to true, the original token will be kept for the upstream request. Default is false. - bool forward_original_token = 9; - - - // This field specifies a list of operations to copy the claim to HTTP headers on a successfully verified token. - // This differs from the `output_payload_to_header` by allowing outputting individual claims instead of the whole payload. - // The header specified in each operation in the list must be unique. Nested claims of type string/int/bool is supported as well. - // ``` - // outputClaimToHeaders: - // - header: x-my-company-jwt-group - // claim: my-group - // - header: x-test-environment-flag - // claim: test-flag - // - header: x-jwt-claim-group - // claim: nested.key.group - // ``` - // [Experimental] This feature is a experimental feature. - repeated ClaimToHeader output_claim_to_headers = 11; // [TODO:Update the status whenever this feature is promoted.] - - // The maximum amount of time that the resolver, determined by the PILOT_JWT_ENABLE_REMOTE_JWKS environment variable, - // will spend waiting for the JWKS to be fetched. Default is 5s. - google.protobuf.Duration timeout = 13; - - // $hide_from_docs - // Next available field number: 14 -} - -// This message specifies a header location to extract JWT token. -message JWTHeader { - // The HTTP header name. - string name = 1 [(google.api.field_behavior) = REQUIRED]; - - // The prefix that should be stripped before decoding the token. - // For example, for `Authorization: Bearer `, prefix=`Bearer` with a space at the end. - // If the header doesn't have this exact prefix, it is considered invalid. - string prefix = 2; -} - -// This message specifies the detail for copying claim to header. -message ClaimToHeader { - // The name of the header to be created. The header will be overridden if it already exists in the request. - string header = 1; - - // The name of the claim to be copied from. Only claim of type string/int/bool is supported. - // The header will not be there if the claim does not exist or the type of the claim is not supported. - string claim = 2; -} diff --git a/security/v1/request_authentication_alias.gen.go b/security/v1/request_authentication_alias.gen.go new file mode 100644 index 00000000000..fb8b9631ba6 --- /dev/null +++ b/security/v1/request_authentication_alias.gen.go @@ -0,0 +1,9 @@ +// Code generated by protoc-gen-alias. DO NOT EDIT. +package v1 + +import "istio.io/api/security/v1beta1" + +type RequestAuthentication = v1beta1.RequestAuthentication +type JWTRule = v1beta1.JWTRule +type JWTHeader = v1beta1.JWTHeader +type ClaimToHeader = v1beta1.ClaimToHeader diff --git a/security/v1/request_authentication_deepcopy.gen.go b/security/v1/request_authentication_deepcopy.gen.go deleted file mode 100644 index 47c01a58824..00000000000 --- a/security/v1/request_authentication_deepcopy.gen.go +++ /dev/null @@ -1,90 +0,0 @@ -// Code generated by protoc-gen-deepcopy. DO NOT EDIT. -package v1 - -import ( - proto "google.golang.org/protobuf/proto" -) - -// DeepCopyInto supports using RequestAuthentication within kubernetes types, where deepcopy-gen is used. -func (in *RequestAuthentication) DeepCopyInto(out *RequestAuthentication) { - p := proto.Clone(in).(*RequestAuthentication) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestAuthentication. Required by controller-gen. -func (in *RequestAuthentication) DeepCopy() *RequestAuthentication { - if in == nil { - return nil - } - out := new(RequestAuthentication) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new RequestAuthentication. Required by controller-gen. -func (in *RequestAuthentication) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using JWTRule within kubernetes types, where deepcopy-gen is used. -func (in *JWTRule) DeepCopyInto(out *JWTRule) { - p := proto.Clone(in).(*JWTRule) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTRule. Required by controller-gen. -func (in *JWTRule) DeepCopy() *JWTRule { - if in == nil { - return nil - } - out := new(JWTRule) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new JWTRule. Required by controller-gen. -func (in *JWTRule) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using JWTHeader within kubernetes types, where deepcopy-gen is used. -func (in *JWTHeader) DeepCopyInto(out *JWTHeader) { - p := proto.Clone(in).(*JWTHeader) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTHeader. Required by controller-gen. -func (in *JWTHeader) DeepCopy() *JWTHeader { - if in == nil { - return nil - } - out := new(JWTHeader) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new JWTHeader. Required by controller-gen. -func (in *JWTHeader) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using ClaimToHeader within kubernetes types, where deepcopy-gen is used. -func (in *ClaimToHeader) DeepCopyInto(out *ClaimToHeader) { - p := proto.Clone(in).(*ClaimToHeader) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClaimToHeader. Required by controller-gen. -func (in *ClaimToHeader) DeepCopy() *ClaimToHeader { - if in == nil { - return nil - } - out := new(ClaimToHeader) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ClaimToHeader. Required by controller-gen. -func (in *ClaimToHeader) DeepCopyInterface() interface{} { - return in.DeepCopy() -} diff --git a/security/v1/request_authentication_json.gen.go b/security/v1/request_authentication_json.gen.go deleted file mode 100644 index 486cc8b67a9..00000000000 --- a/security/v1/request_authentication_json.gen.go +++ /dev/null @@ -1,56 +0,0 @@ -// Code generated by protoc-gen-jsonshim. DO NOT EDIT. -package v1 - -import ( - bytes "bytes" - jsonpb "github.com/golang/protobuf/jsonpb" -) - -// MarshalJSON is a custom marshaler for RequestAuthentication -func (this *RequestAuthentication) MarshalJSON() ([]byte, error) { - str, err := RequestAuthenticationMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for RequestAuthentication -func (this *RequestAuthentication) UnmarshalJSON(b []byte) error { - return RequestAuthenticationUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for JWTRule -func (this *JWTRule) MarshalJSON() ([]byte, error) { - str, err := RequestAuthenticationMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for JWTRule -func (this *JWTRule) UnmarshalJSON(b []byte) error { - return RequestAuthenticationUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for JWTHeader -func (this *JWTHeader) MarshalJSON() ([]byte, error) { - str, err := RequestAuthenticationMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for JWTHeader -func (this *JWTHeader) UnmarshalJSON(b []byte) error { - return RequestAuthenticationUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for ClaimToHeader -func (this *ClaimToHeader) MarshalJSON() ([]byte, error) { - str, err := RequestAuthenticationMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for ClaimToHeader -func (this *ClaimToHeader) UnmarshalJSON(b []byte) error { - return RequestAuthenticationUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -var ( - RequestAuthenticationMarshaler = &jsonpb.Marshaler{} - RequestAuthenticationUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} -) diff --git a/security/v1beta1/authorization_policy.pb.go b/security/v1beta1/authorization_policy.pb.go index eb1de2664fc..dcd2664808c 100644 --- a/security/v1beta1/authorization_policy.pb.go +++ b/security/v1beta1/authorization_policy.pb.go @@ -377,9 +377,6 @@ func (AuthorizationPolicy_Action) EnumDescriptor() ([]byte, []int) { // +genclient // +k8s:deepcopy-gen=true // --> -// type AuthorizationPolicy struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache diff --git a/security/v1beta1/authorization_policy.proto b/security/v1beta1/authorization_policy.proto index 486fa797adb..d7833f7b7a5 100644 --- a/security/v1beta1/authorization_policy.proto +++ b/security/v1beta1/authorization_policy.proto @@ -270,9 +270,6 @@ option go_package="istio.io/api/security/v1beta1"; // +genclient // +k8s:deepcopy-gen=true // --> -// message AuthorizationPolicy { // Optional. The selector decides where to apply the authorization policy. The selector will match with workloads // in the same namespace as the authorization policy. If the authorization policy is in the root namespace, the selector diff --git a/security/v1beta1/peer_authentication.pb.go b/security/v1beta1/peer_authentication.pb.go index d5f28624e20..ab2c367e8cd 100644 --- a/security/v1beta1/peer_authentication.pb.go +++ b/security/v1beta1/peer_authentication.pb.go @@ -222,9 +222,6 @@ func (PeerAuthentication_MutualTLS_Mode) EnumDescriptor() ([]byte, []int) { // +genclient // +k8s:deepcopy-gen=true // --> -// type PeerAuthentication struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache diff --git a/security/v1beta1/peer_authentication.proto b/security/v1beta1/peer_authentication.proto index c5b5f2e1b3e..6ee28cf3898 100644 --- a/security/v1beta1/peer_authentication.proto +++ b/security/v1beta1/peer_authentication.proto @@ -130,9 +130,6 @@ option go_package="istio.io/api/security/v1beta1"; // +genclient // +k8s:deepcopy-gen=true // --> -// message PeerAuthentication { // The selector determines the workloads to apply the PeerAuthentication on. The selector will match with workloads in the // same namespace as the policy. If the policy is in the root namespace, the selector will additionally match with workloads in all namespace. diff --git a/security/v1beta1/request_authentication.pb.go b/security/v1beta1/request_authentication.pb.go index 8cbd0da1135..9ce3cba522f 100644 --- a/security/v1beta1/request_authentication.pb.go +++ b/security/v1beta1/request_authentication.pb.go @@ -300,9 +300,6 @@ const ( // +genclient // +k8s:deepcopy-gen=true // --> -// type RequestAuthentication struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache diff --git a/security/v1beta1/request_authentication.proto b/security/v1beta1/request_authentication.proto index 4969958b738..1a59ffc9709 100644 --- a/security/v1beta1/request_authentication.proto +++ b/security/v1beta1/request_authentication.proto @@ -244,9 +244,6 @@ option go_package="istio.io/api/security/v1beta1"; // +genclient // +k8s:deepcopy-gen=true // --> -// message RequestAuthentication { // Optional. The selector decides where to apply the request authentication policy. The selector will match with workloads // in the same namespace as the request authentication policy. If the request authentication policy is in the root namespace, diff --git a/telemetry/v1/telemetry.pb.go b/telemetry/v1/telemetry.pb.go deleted file mode 100644 index 69ed30090a4..00000000000 --- a/telemetry/v1/telemetry.pb.go +++ /dev/null @@ -1,2201 +0,0 @@ -// Copyright Istio Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.33.0 -// protoc (unknown) -// source: telemetry/v1/telemetry.proto - -// $schema: istio.telemetry.v1.Telemetry -// $title: Telemetry -// $description: Telemetry configuration for workloads. -// $location: https://istio.io/docs/reference/config/telemetry.html -// $aliases: [/docs/reference/config/telemetry/v1/telemetry] -// $mode: none - -// Telemetry defines how the telemetry is generated for workloads within a mesh. -// -// For mesh level configuration, put the resource in root configuration -// namespace for your Istio installation *without* a workload selector. -// -// For any namespace, including the root configuration namespace, it is only -// valid to have a single workload selector-less Telemetry resource. -// -// For resources with a workload selector, it is only valid to have one resource -// selecting any given workload. -// -// The hierarchy of Telemetry configuration is as follows: -// -// 1. Workload-specific configuration -// 2. Namespace-specific configuration -// 3. Root namespace configuration -// -// ## Examples -// -// Policy to enable random sampling for 10% of traffic: -// ```yaml -// apiVersion: telemetry.istio.io/v1 -// kind: Telemetry -// metadata: -// name: mesh-default -// namespace: istio-system -// spec: -// # no selector specified, applies to all workloads -// tracing: -// - randomSamplingPercentage: 10.00 -// ``` -// -// Policy to disable trace reporting for the `foo` workload (note: tracing -// context will still be propagated): -// ```yaml -// apiVersion: telemetry.istio.io/v1 -// kind: Telemetry -// metadata: -// name: foo-tracing -// namespace: bar -// spec: -// selector: -// matchLabels: -// service.istio.io/canonical-name: foo -// tracing: -// - disableSpanReporting: true -// ``` -// -// Policy to select the alternate zipkin provider for trace reporting: -// ```yaml -// apiVersion: telemetry.istio.io/v1 -// kind: Telemetry -// metadata: -// name: foo-tracing-alternate -// namespace: baz -// spec: -// selector: -// matchLabels: -// service.istio.io/canonical-name: foo -// tracing: -// - providers: -// - name: "zipkin-alternate" -// randomSamplingPercentage: 10.00 -// ``` -// -// Policy to tailor the zipkin provider to sample traces from Client workloads only: -// ```yaml -// apiVersion: telemetry.istio.io/v1alpha1 -// kind: Telemetry -// metadata: -// name: mesh-default -// namespace: istio-system -// spec: -// # no selector specified, applies to all workloads -// tracing: -// - match: CLIENT -// - providers: -// - name: "zipkin" -// ``` -// -// Policy to add a custom tag from a literal value: -// ```yaml -// apiVersion: telemetry.istio.io/v1 -// kind: Telemetry -// metadata: -// name: mesh-default -// namespace: istio-system -// spec: -// # no selector specified, applies to all workloads -// tracing: -// - randomSamplingPercentage: 10.00 -// customTags: -// my_new_foo_tag: -// literal: -// value: "foo" -// ``` -// -// Policy to disable server-side metrics for Prometheus for an entire mesh: -// ```yaml -// apiVersion: telemetry.istio.io/v1 -// kind: Telemetry -// metadata: -// name: mesh-default -// namespace: istio-system -// spec: -// # no selector specified, applies to all workloads -// metrics: -// - providers: -// - name: prometheus -// overrides: -// - match: -// metric: ALL_METRICS -// mode: SERVER -// disabled: true -// ``` -// -// Policy to add dimensions to all Prometheus metrics for the `foo` namespace: -// ```yaml -// apiVersion: telemetry.istio.io/v1 -// kind: Telemetry -// metadata: -// name: namespace-metrics -// namespace: foo -// spec: -// # no selector specified, applies to all workloads in the namespace -// metrics: -// - providers: -// - name: prometheus -// overrides: -// # match clause left off matches all istio metrics, client and server -// - tagOverrides: -// request_method: -// value: "request.method" -// request_host: -// value: "request.host" -// ``` -// -// Policy to remove the `response_code` dimension on some Prometheus metrics for -// the `bar.foo` workload: -// ```yaml -// apiVersion: telemetry.istio.io/v1 -// kind: Telemetry -// metadata: -// name: remove-response-code -// namespace: foo -// spec: -// selector: -// matchLabels: -// service.istio.io/canonical-name: bar -// metrics: -// - providers: -// - name: prometheus -// overrides: -// - match: -// metric: REQUEST_COUNT -// tagOverrides: -// response_code: -// operation: REMOVE -// - match: -// metric: REQUEST_DURATION -// tagOverrides: -// response_code: -// operation: REMOVE -// - match: -// metric: REQUEST_SIZE -// tagOverrides: -// response_code: -// operation: REMOVE -// - match: -// metric: RESPONSE_SIZE -// tagOverrides: -// response_code: -// operation: REMOVE -// ``` -// -// Policy to enable access logging for the entire mesh: -// ```yaml -// apiVersion: telemetry.istio.io/v1 -// kind: Telemetry -// metadata: -// name: mesh-default -// namespace: istio-system -// spec: -// # no selector specified, applies to all workloads -// accessLogging: -// - providers: -// - name: envoy -// # By default, this turns on access logging (no need to set `disabled: false`). -// # Unspecified `disabled` will be treated as `disabled: false`, except in -// # cases where a parent configuration has marked as `disabled: true`. In -// # those cases, `disabled: false` must be set explicitly to override. -// ``` -// -// Policy to disable access logging for the `foo` namespace: -// ```yaml -// apiVersion: telemetry.istio.io/v1 -// kind: Telemetry -// metadata: -// name: namespace-no-log -// namespace: foo -// spec: -// # no selector specified, applies to all workloads in the namespace -// accessLogging: -// - disabled: true -// ``` -// - -package v1 - -import ( - duration "github.com/golang/protobuf/ptypes/duration" - wrappers "github.com/golang/protobuf/ptypes/wrappers" - _ "google.golang.org/genproto/googleapis/api/annotations" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - v1beta1 "istio.io/api/type/v1beta1" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// WorkloadMode allows selection of the role of the underlying workload in -// network traffic. A workload is considered as acting as a `SERVER` if it is -// the destination of the traffic (that is, traffic direction, from the -// perspective of the workload is *inbound*). If the workload is the source of -// the network traffic, it is considered to be in `CLIENT` mode (traffic is -// *outbound* from the workload). -type WorkloadMode int32 - -const ( - // Selects for scenarios when the workload is either the - // source or destination of the network traffic. - WorkloadMode_CLIENT_AND_SERVER WorkloadMode = 0 - // Selects for scenarios when the workload is the - // source of the network traffic. - WorkloadMode_CLIENT WorkloadMode = 1 - // Selects for scenarios when the workload is the - // destination of the network traffic. - WorkloadMode_SERVER WorkloadMode = 2 -) - -// Enum value maps for WorkloadMode. -var ( - WorkloadMode_name = map[int32]string{ - 0: "CLIENT_AND_SERVER", - 1: "CLIENT", - 2: "SERVER", - } - WorkloadMode_value = map[string]int32{ - "CLIENT_AND_SERVER": 0, - "CLIENT": 1, - "SERVER": 2, - } -) - -func (x WorkloadMode) Enum() *WorkloadMode { - p := new(WorkloadMode) - *p = x - return p -} - -func (x WorkloadMode) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (WorkloadMode) Descriptor() protoreflect.EnumDescriptor { - return file_telemetry_v1_telemetry_proto_enumTypes[0].Descriptor() -} - -func (WorkloadMode) Type() protoreflect.EnumType { - return &file_telemetry_v1_telemetry_proto_enumTypes[0] -} - -func (x WorkloadMode) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use WorkloadMode.Descriptor instead. -func (WorkloadMode) EnumDescriptor() ([]byte, []int) { - return file_telemetry_v1_telemetry_proto_rawDescGZIP(), []int{0} -} - -// Curated list of known metric types that is supported by Istio metric -// providers. See also: -// https://istio.io/latest/docs/reference/config/metrics/#metrics -type MetricSelector_IstioMetric int32 - -const ( - // Use of this enum indicates that the override should apply to all Istio - // default metrics. - MetricSelector_ALL_METRICS MetricSelector_IstioMetric = 0 - // Counter of requests to/from an application, generated for HTTP, HTTP/2, - // and GRPC traffic. - // - // The Prometheus provider exports this metric as: `istio_requests_total`. - // - // The Stackdriver provider exports this metric as: - // - // - `istio.io/service/server/request_count` (SERVER mode) - // - `istio.io/service/client/request_count` (CLIENT mode) - MetricSelector_REQUEST_COUNT MetricSelector_IstioMetric = 1 - // Histogram of request durations, generated for HTTP, HTTP/2, and GRPC - // traffic. - // - // The Prometheus provider exports this metric as: - // `istio_request_duration_milliseconds`. - // - // The Stackdriver provider exports this metric as: - // - // - `istio.io/service/server/response_latencies` (SERVER mode) - // - `istio.io/service/client/roundtrip_latencies` (CLIENT mode) - MetricSelector_REQUEST_DURATION MetricSelector_IstioMetric = 2 - // Histogram of request body sizes, generated for HTTP, HTTP/2, and GRPC - // traffic. - // - // The Prometheus provider exports this metric as: `istio_request_bytes`. - // - // The Stackdriver provider exports this metric as: - // - // - `istio.io/service/server/request_bytes` (SERVER mode) - // - `istio.io/service/client/request_bytes` (CLIENT mode) - MetricSelector_REQUEST_SIZE MetricSelector_IstioMetric = 3 - // Histogram of response body sizes, generated for HTTP, HTTP/2, and GRPC - // traffic. - // - // The Prometheus provider exports this metric as: `istio_response_bytes`. - // - // The Stackdriver provider exports this metric as: - // - // - `istio.io/service/server/response_bytes` (SERVER mode) - // - `istio.io/service/client/response_bytes` (CLIENT mode) - MetricSelector_RESPONSE_SIZE MetricSelector_IstioMetric = 4 - // Counter of TCP connections opened over lifetime of workload. - // - // The Prometheus provider exports this metric as: - // `istio_tcp_connections_opened_total`. - // - // The Stackdriver provider exports this metric as: - // - // - `istio.io/service/server/connection_open_count` (SERVER mode) - // - `istio.io/service/client/connection_open_count` (CLIENT mode) - MetricSelector_TCP_OPENED_CONNECTIONS MetricSelector_IstioMetric = 5 - // Counter of TCP connections closed over lifetime of workload. - // - // The Prometheus provider exports this metric as: - // `istio_tcp_connections_closed_total`. - // - // The Stackdriver provider exports this metric as: - // - // - `istio.io/service/server/connection_close_count` (SERVER mode) - // - `istio.io/service/client/connection_close_count` (CLIENT mode) - MetricSelector_TCP_CLOSED_CONNECTIONS MetricSelector_IstioMetric = 6 - // Counter of bytes sent during a response over a TCP connection. - // - // The Prometheus provider exports this metric as: - // `istio_tcp_sent_bytes_total`. - // - // The Stackdriver provider exports this metric as: - // - // - `istio.io/service/server/sent_bytes_count` (SERVER mode) - // - `istio.io/service/client/sent_bytes_count` (CLIENT mode) - MetricSelector_TCP_SENT_BYTES MetricSelector_IstioMetric = 7 - // Counter of bytes received during a request over a TCP connection. - // - // The Prometheus provider exports this metric as: - // `istio_tcp_received_bytes_total`. - // - // The Stackdriver provider exports this metric as: - // - // - `istio.io/service/server/received_bytes_count` (SERVER mode) - // - `istio.io/service/client/received_bytes_count` (CLIENT mode) - MetricSelector_TCP_RECEIVED_BYTES MetricSelector_IstioMetric = 8 - // Counter incremented for every gRPC messages sent from a client. - // - // The Prometheus provider exports this metric as: - // `istio_request_messages_total` - MetricSelector_GRPC_REQUEST_MESSAGES MetricSelector_IstioMetric = 9 - // Counter incremented for every gRPC messages sent from a server. - // - // The Prometheus provider exports this metric as: - // `istio_response_messages_total` - MetricSelector_GRPC_RESPONSE_MESSAGES MetricSelector_IstioMetric = 10 -) - -// Enum value maps for MetricSelector_IstioMetric. -var ( - MetricSelector_IstioMetric_name = map[int32]string{ - 0: "ALL_METRICS", - 1: "REQUEST_COUNT", - 2: "REQUEST_DURATION", - 3: "REQUEST_SIZE", - 4: "RESPONSE_SIZE", - 5: "TCP_OPENED_CONNECTIONS", - 6: "TCP_CLOSED_CONNECTIONS", - 7: "TCP_SENT_BYTES", - 8: "TCP_RECEIVED_BYTES", - 9: "GRPC_REQUEST_MESSAGES", - 10: "GRPC_RESPONSE_MESSAGES", - } - MetricSelector_IstioMetric_value = map[string]int32{ - "ALL_METRICS": 0, - "REQUEST_COUNT": 1, - "REQUEST_DURATION": 2, - "REQUEST_SIZE": 3, - "RESPONSE_SIZE": 4, - "TCP_OPENED_CONNECTIONS": 5, - "TCP_CLOSED_CONNECTIONS": 6, - "TCP_SENT_BYTES": 7, - "TCP_RECEIVED_BYTES": 8, - "GRPC_REQUEST_MESSAGES": 9, - "GRPC_RESPONSE_MESSAGES": 10, - } -) - -func (x MetricSelector_IstioMetric) Enum() *MetricSelector_IstioMetric { - p := new(MetricSelector_IstioMetric) - *p = x - return p -} - -func (x MetricSelector_IstioMetric) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (MetricSelector_IstioMetric) Descriptor() protoreflect.EnumDescriptor { - return file_telemetry_v1_telemetry_proto_enumTypes[1].Descriptor() -} - -func (MetricSelector_IstioMetric) Type() protoreflect.EnumType { - return &file_telemetry_v1_telemetry_proto_enumTypes[1] -} - -func (x MetricSelector_IstioMetric) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use MetricSelector_IstioMetric.Descriptor instead. -func (MetricSelector_IstioMetric) EnumDescriptor() ([]byte, []int) { - return file_telemetry_v1_telemetry_proto_rawDescGZIP(), []int{4, 0} -} - -type MetricsOverrides_TagOverride_Operation int32 - -const ( - // Insert or Update the tag with the provided value expression. The - // `value` field MUST be specified if `UPSERT` is used as the operation. - MetricsOverrides_TagOverride_UPSERT MetricsOverrides_TagOverride_Operation = 0 - // Specifies that the tag should not be included in the metric when - // generated. - MetricsOverrides_TagOverride_REMOVE MetricsOverrides_TagOverride_Operation = 1 -) - -// Enum value maps for MetricsOverrides_TagOverride_Operation. -var ( - MetricsOverrides_TagOverride_Operation_name = map[int32]string{ - 0: "UPSERT", - 1: "REMOVE", - } - MetricsOverrides_TagOverride_Operation_value = map[string]int32{ - "UPSERT": 0, - "REMOVE": 1, - } -) - -func (x MetricsOverrides_TagOverride_Operation) Enum() *MetricsOverrides_TagOverride_Operation { - p := new(MetricsOverrides_TagOverride_Operation) - *p = x - return p -} - -func (x MetricsOverrides_TagOverride_Operation) String() string { - return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) -} - -func (MetricsOverrides_TagOverride_Operation) Descriptor() protoreflect.EnumDescriptor { - return file_telemetry_v1_telemetry_proto_enumTypes[2].Descriptor() -} - -func (MetricsOverrides_TagOverride_Operation) Type() protoreflect.EnumType { - return &file_telemetry_v1_telemetry_proto_enumTypes[2] -} - -func (x MetricsOverrides_TagOverride_Operation) Number() protoreflect.EnumNumber { - return protoreflect.EnumNumber(x) -} - -// Deprecated: Use MetricsOverrides_TagOverride_Operation.Descriptor instead. -func (MetricsOverrides_TagOverride_Operation) EnumDescriptor() ([]byte, []int) { - return file_telemetry_v1_telemetry_proto_rawDescGZIP(), []int{5, 0, 0} -} - -// -// --> -// -type Telemetry struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Optional. The selector decides where to apply the policy. - // If not set, the policy will be applied to all workloads in the - // same namespace as the policy. - // - // At most one of `selector` or `targetRefs` can be set for a given policy. - Selector *v1beta1.WorkloadSelector `protobuf:"bytes,1,opt,name=selector,proto3" json:"selector,omitempty"` - // $hide_from_docs - TargetRef *v1beta1.PolicyTargetReference `protobuf:"bytes,5,opt,name=targetRef,proto3" json:"targetRef,omitempty"` - // Optional. The targetRefs specifies a list of resources the policy should be - // applied to. The targeted resources specified will determine which workloads - // the policy applies to. - // - // Currently, the following resource attachment types are supported: - // * `kind: Gateway` with `group: gateway.networking.k8s.io` in the same namespace. - // * `kind: Service` with `""` in the same namespace. This type is only supported for waypoints. - // - // If not set, the policy is applied as defined by the selector. - // At most one of the selector and targetRefs can be set. - // - // NOTE: If you are using the `targetRefs` field in a multi-revision environment with Istio versions prior to 1.22, - // it is highly recommended that you pin the policy to a revision running 1.22+ via the `istio.io/rev` label. - // This is to prevent proxies connected to older control planes (that don't know about the `targetRefs` field) - // from misinterpreting the policy as namespace-wide during the upgrade process. - // - // NOTE: Waypoint proxies are required to use this field for policies to apply; `selector` policies will be ignored. - TargetRefs []*v1beta1.PolicyTargetReference `protobuf:"bytes,6,rep,name=targetRefs,proto3" json:"targetRefs,omitempty"` - // Optional. Tracing configures the tracing behavior for all - // selected workloads. - Tracing []*Tracing `protobuf:"bytes,2,rep,name=tracing,proto3" json:"tracing,omitempty"` - // Optional. Metrics configures the metrics behavior for all - // selected workloads. - Metrics []*Metrics `protobuf:"bytes,3,rep,name=metrics,proto3" json:"metrics,omitempty"` - // Optional. Access logging configures the access logging behavior for all - // selected workloads. - AccessLogging []*AccessLogging `protobuf:"bytes,4,rep,name=access_logging,json=accessLogging,proto3" json:"access_logging,omitempty"` -} - -func (x *Telemetry) Reset() { - *x = Telemetry{} - if protoimpl.UnsafeEnabled { - mi := &file_telemetry_v1_telemetry_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Telemetry) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Telemetry) ProtoMessage() {} - -func (x *Telemetry) ProtoReflect() protoreflect.Message { - mi := &file_telemetry_v1_telemetry_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Telemetry.ProtoReflect.Descriptor instead. -func (*Telemetry) Descriptor() ([]byte, []int) { - return file_telemetry_v1_telemetry_proto_rawDescGZIP(), []int{0} -} - -func (x *Telemetry) GetSelector() *v1beta1.WorkloadSelector { - if x != nil { - return x.Selector - } - return nil -} - -func (x *Telemetry) GetTargetRef() *v1beta1.PolicyTargetReference { - if x != nil { - return x.TargetRef - } - return nil -} - -func (x *Telemetry) GetTargetRefs() []*v1beta1.PolicyTargetReference { - if x != nil { - return x.TargetRefs - } - return nil -} - -func (x *Telemetry) GetTracing() []*Tracing { - if x != nil { - return x.Tracing - } - return nil -} - -func (x *Telemetry) GetMetrics() []*Metrics { - if x != nil { - return x.Metrics - } - return nil -} - -func (x *Telemetry) GetAccessLogging() []*AccessLogging { - if x != nil { - return x.AccessLogging - } - return nil -} - -// Tracing configures tracing behavior for workloads within a mesh. -// It can be used to enable/disable tracing, as well as to set sampling -// rates and custom tag extraction. -// -// Tracing configuration support overrides of the fields `providers`, -// `random_sampling_percentage`, `disable_span_reporting`, and `custom_tags` at -// each level in the configuration hierarchy, with missing values filled in -// from parent resources. However, when specified, `custom_tags` will -// fully replace any values provided by parent configuration. -type Tracing struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Allows tailoring of behavior to specific conditions. - Match *Tracing_TracingSelector `protobuf:"bytes,7,opt,name=match,proto3" json:"match,omitempty"` - // Optional. Name of provider(s) to use for span reporting. If a provider is - // not specified, the [default tracing - // provider](https://istio.io/docs/reference/config/istio.mesh.v1alpha1/#MeshConfig-DefaultProviders) will be - // used. NOTE: At the moment, only a single provider can be specified in a - // given Tracing rule. - Providers []*ProviderRef `protobuf:"bytes,2,rep,name=providers,proto3" json:"providers,omitempty"` - // Controls the rate at which traffic will be selected for tracing if no - // prior sampling decision has been made. If a prior sampling decision has - // been made, that decision will be respected. However, if no sampling - // decision has been made (example: no `x-b3-sampled` tracing header was - // present in the requests), the traffic will be selected for telemetry - // generation at the percentage specified. - // - // Defaults to 0%. Valid values [0.00-100.00]. Can be specified in 0.01% - // increments. - // +kubebuilder:validation:Minimum=0 - // +kubebuilder:validation:Maximum=100 - RandomSamplingPercentage *wrappers.DoubleValue `protobuf:"bytes,3,opt,name=random_sampling_percentage,json=randomSamplingPercentage,proto3" json:"random_sampling_percentage,omitempty"` - // Controls span reporting. If set to true, no spans will be reported for - // impacted workloads. This does NOT impact context propagation or trace - // sampling behavior. - DisableSpanReporting *wrappers.BoolValue `protobuf:"bytes,4,opt,name=disable_span_reporting,json=disableSpanReporting,proto3" json:"disable_span_reporting,omitempty"` - // Optional. Configures additional custom tags to the generated trace spans. - CustomTags map[string]*Tracing_CustomTag `protobuf:"bytes,5,rep,name=custom_tags,json=customTags,proto3" json:"custom_tags,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - // This value is true by default; Envoy decides whether or not to sample based - // on the value of the Request ID generated by Ingress in distributed tracing. - // The format of this Request ID is specific to Envoy, and if the Request ID - // generated by the proxy that receives user traffic first is not specific to - // Envoy, Envoy will break the trace because it cannot interpret the Request - // ID. By setting this value to false, we can prevent Envoy from sampling - // based on the Request ID. As a result, the trace will not be broken even if - // the Request ID is not in the Envoy format. [Trace Context - // Propagation](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/observability/tracing#trace-context-propagation) - // provides more information on Request ID handling. - // $hide_from_docs - // +cue-gen:Telemetry:releaseChannel:extended - UseRequestIdForTraceSampling *wrappers.BoolValue `protobuf:"bytes,6,opt,name=use_request_id_for_trace_sampling,json=useRequestIdForTraceSampling,proto3" json:"use_request_id_for_trace_sampling,omitempty"` -} - -func (x *Tracing) Reset() { - *x = Tracing{} - if protoimpl.UnsafeEnabled { - mi := &file_telemetry_v1_telemetry_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Tracing) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Tracing) ProtoMessage() {} - -func (x *Tracing) ProtoReflect() protoreflect.Message { - mi := &file_telemetry_v1_telemetry_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Tracing.ProtoReflect.Descriptor instead. -func (*Tracing) Descriptor() ([]byte, []int) { - return file_telemetry_v1_telemetry_proto_rawDescGZIP(), []int{1} -} - -func (x *Tracing) GetMatch() *Tracing_TracingSelector { - if x != nil { - return x.Match - } - return nil -} - -func (x *Tracing) GetProviders() []*ProviderRef { - if x != nil { - return x.Providers - } - return nil -} - -func (x *Tracing) GetRandomSamplingPercentage() *wrappers.DoubleValue { - if x != nil { - return x.RandomSamplingPercentage - } - return nil -} - -func (x *Tracing) GetDisableSpanReporting() *wrappers.BoolValue { - if x != nil { - return x.DisableSpanReporting - } - return nil -} - -func (x *Tracing) GetCustomTags() map[string]*Tracing_CustomTag { - if x != nil { - return x.CustomTags - } - return nil -} - -func (x *Tracing) GetUseRequestIdForTraceSampling() *wrappers.BoolValue { - if x != nil { - return x.UseRequestIdForTraceSampling - } - return nil -} - -// Used to bind Telemetry configuration to specific providers for -// targeted customization. -type ProviderRef struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Required. Name of Telemetry provider in [MeshConfig](https://istio.io/latest/docs/reference/config/istio.mesh.v1alpha1/#MeshConfig-ExtensionProvider). - // +kubebuilder:validation:MinLength=1 - Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` -} - -func (x *ProviderRef) Reset() { - *x = ProviderRef{} - if protoimpl.UnsafeEnabled { - mi := &file_telemetry_v1_telemetry_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ProviderRef) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ProviderRef) ProtoMessage() {} - -func (x *ProviderRef) ProtoReflect() protoreflect.Message { - mi := &file_telemetry_v1_telemetry_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ProviderRef.ProtoReflect.Descriptor instead. -func (*ProviderRef) Descriptor() ([]byte, []int) { - return file_telemetry_v1_telemetry_proto_rawDescGZIP(), []int{2} -} - -func (x *ProviderRef) GetName() string { - if x != nil { - return x.Name - } - return "" -} - -// Metrics defines the workload-level overrides for metrics generation behavior -// within a mesh. It can be used to enable/disable metrics generation, as well -// as to customize the dimensions of the generated metrics. -type Metrics struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Optional. Name of providers to which this configuration should apply. - // If a provider is not specified, the [default metrics - // provider](https://istio.io/docs/reference/config/istio.mesh.v1alpha1/#MeshConfig-DefaultProviders) will be - // used. - Providers []*ProviderRef `protobuf:"bytes,1,rep,name=providers,proto3" json:"providers,omitempty"` - // Optional. Ordered list of overrides to metrics generation behavior. - // - // Specified overrides will be applied in order. They will be applied on - // top of inherited overrides from other resources in the hierarchy in the - // following order: - // 1. Mesh-scoped overrides - // 2. Namespace-scoped overrides - // 3. Workload-scoped overrides - // - // Because overrides are applied in order, users are advised to order their - // overrides from least specific to most specific matches. That is, it is - // a best practice to list any universal overrides first, with tailored - // overrides following them. - Overrides []*MetricsOverrides `protobuf:"bytes,2,rep,name=overrides,proto3" json:"overrides,omitempty"` - // Optional. Reporting interval allows configuration of the time between calls out to for metrics reporting. - // This currently only supports TCP metrics but we may use this for long duration HTTP streams in the future. - // The default duration is `5s`. - // +cue-gen:Telemetry:releaseChannel:extended - ReportingInterval *duration.Duration `protobuf:"bytes,3,opt,name=reporting_interval,json=reportingInterval,proto3" json:"reporting_interval,omitempty"` -} - -func (x *Metrics) Reset() { - *x = Metrics{} - if protoimpl.UnsafeEnabled { - mi := &file_telemetry_v1_telemetry_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Metrics) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Metrics) ProtoMessage() {} - -func (x *Metrics) ProtoReflect() protoreflect.Message { - mi := &file_telemetry_v1_telemetry_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Metrics.ProtoReflect.Descriptor instead. -func (*Metrics) Descriptor() ([]byte, []int) { - return file_telemetry_v1_telemetry_proto_rawDescGZIP(), []int{3} -} - -func (x *Metrics) GetProviders() []*ProviderRef { - if x != nil { - return x.Providers - } - return nil -} - -func (x *Metrics) GetOverrides() []*MetricsOverrides { - if x != nil { - return x.Overrides - } - return nil -} - -func (x *Metrics) GetReportingInterval() *duration.Duration { - if x != nil { - return x.ReportingInterval - } - return nil -} - -// Provides a mechanism for matching metrics for the application of override -// behaviors. -type MetricSelector struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Controls which metric(s) are selected by the selector. - // - // Types that are assignable to MetricMatch: - // - // *MetricSelector_Metric - // *MetricSelector_CustomMetric - MetricMatch isMetricSelector_MetricMatch `protobuf_oneof:"metric_match"` - // Controls which mode of metrics generation is selected: `CLIENT`, `SERVER`, - // or `CLIENT_AND_SERVER`. - Mode WorkloadMode `protobuf:"varint,3,opt,name=mode,proto3,enum=istio.telemetry.v1.WorkloadMode" json:"mode,omitempty"` -} - -func (x *MetricSelector) Reset() { - *x = MetricSelector{} - if protoimpl.UnsafeEnabled { - mi := &file_telemetry_v1_telemetry_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *MetricSelector) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*MetricSelector) ProtoMessage() {} - -func (x *MetricSelector) ProtoReflect() protoreflect.Message { - mi := &file_telemetry_v1_telemetry_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use MetricSelector.ProtoReflect.Descriptor instead. -func (*MetricSelector) Descriptor() ([]byte, []int) { - return file_telemetry_v1_telemetry_proto_rawDescGZIP(), []int{4} -} - -func (m *MetricSelector) GetMetricMatch() isMetricSelector_MetricMatch { - if m != nil { - return m.MetricMatch - } - return nil -} - -func (x *MetricSelector) GetMetric() MetricSelector_IstioMetric { - if x, ok := x.GetMetricMatch().(*MetricSelector_Metric); ok { - return x.Metric - } - return MetricSelector_ALL_METRICS -} - -func (x *MetricSelector) GetCustomMetric() string { - if x, ok := x.GetMetricMatch().(*MetricSelector_CustomMetric); ok { - return x.CustomMetric - } - return "" -} - -func (x *MetricSelector) GetMode() WorkloadMode { - if x != nil { - return x.Mode - } - return WorkloadMode_CLIENT_AND_SERVER -} - -type isMetricSelector_MetricMatch interface { - isMetricSelector_MetricMatch() -} - -type MetricSelector_Metric struct { - // One of the well-known [Istio Standard Metrics](https://istio.io/latest/docs/reference/config/metrics/). - Metric MetricSelector_IstioMetric `protobuf:"varint,1,opt,name=metric,proto3,enum=istio.telemetry.v1.MetricSelector_IstioMetric,oneof"` -} - -type MetricSelector_CustomMetric struct { - // Allows free-form specification of a metric. No validation of custom - // metrics is provided. - // +kubebuilder:validation:MinLength=1 - CustomMetric string `protobuf:"bytes,2,opt,name=custom_metric,json=customMetric,proto3,oneof"` -} - -func (*MetricSelector_Metric) isMetricSelector_MetricMatch() {} - -func (*MetricSelector_CustomMetric) isMetricSelector_MetricMatch() {} - -// MetricsOverrides defines custom metric generation behavior for an individual -// metric or the set of all standard metrics. -type MetricsOverrides struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Match allows providing the scope of the override. It can be used to select - // individual metrics, as well as the workload modes (server, client, or both) - // in which the metrics will be generated. - // - // If match is not specified, the overrides will apply to *all* metrics for - // *both* modes of operation (client and server). - Match *MetricSelector `protobuf:"bytes,1,opt,name=match,proto3" json:"match,omitempty"` - // Optional. Must explicitly set this to `true` to turn off metrics reporting - // for the listed metrics. If disabled has been set to `true` in a parent - // configuration, it must explicitly be set to `false` to turn metrics - // reporting on in the workloads selected by the Telemetry resource. - Disabled *wrappers.BoolValue `protobuf:"bytes,2,opt,name=disabled,proto3" json:"disabled,omitempty"` - // Optional. Collection of tag names and tag expressions to override in the - // selected metric(s). - // The key in the map is the name of the tag. - // The value in the map is the operation to perform on the the tag. - // WARNING: some providers may not support adding/removing tags. - // See also: https://istio.io/latest/docs/reference/config/metrics/#labels - TagOverrides map[string]*MetricsOverrides_TagOverride `protobuf:"bytes,3,rep,name=tag_overrides,json=tagOverrides,proto3" json:"tag_overrides,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` -} - -func (x *MetricsOverrides) Reset() { - *x = MetricsOverrides{} - if protoimpl.UnsafeEnabled { - mi := &file_telemetry_v1_telemetry_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *MetricsOverrides) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*MetricsOverrides) ProtoMessage() {} - -func (x *MetricsOverrides) ProtoReflect() protoreflect.Message { - mi := &file_telemetry_v1_telemetry_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use MetricsOverrides.ProtoReflect.Descriptor instead. -func (*MetricsOverrides) Descriptor() ([]byte, []int) { - return file_telemetry_v1_telemetry_proto_rawDescGZIP(), []int{5} -} - -func (x *MetricsOverrides) GetMatch() *MetricSelector { - if x != nil { - return x.Match - } - return nil -} - -func (x *MetricsOverrides) GetDisabled() *wrappers.BoolValue { - if x != nil { - return x.Disabled - } - return nil -} - -func (x *MetricsOverrides) GetTagOverrides() map[string]*MetricsOverrides_TagOverride { - if x != nil { - return x.TagOverrides - } - return nil -} - -// Access logging defines the workload-level overrides for access log -// generation. It can be used to select provider or enable/disable access log -// generation for a workload. -type AccessLogging struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Allows tailoring of logging behavior to specific conditions. - Match *AccessLogging_LogSelector `protobuf:"bytes,4,opt,name=match,proto3" json:"match,omitempty"` - // Optional. Name of providers to which this configuration should apply. - // If a provider is not specified, the [default logging - // provider](https://istio.io/docs/reference/config/istio.mesh.v1alpha1/#MeshConfig-DefaultProviders) will be used. - Providers []*ProviderRef `protobuf:"bytes,1,rep,name=providers,proto3" json:"providers,omitempty"` - // Controls logging. If set to true, no access logs will be generated for - // impacted workloads (for the specified providers). - // NOTE: currently default behavior will be controlled by the provider(s) - // selected above. Customization controls will be added to this API in - // future releases. - Disabled *wrappers.BoolValue `protobuf:"bytes,2,opt,name=disabled,proto3" json:"disabled,omitempty"` - // Optional. If specified, this filter will be used to select specific - // requests/connections for logging. - // +cue-gen:Telemetry:releaseChannel:extended - Filter *AccessLogging_Filter `protobuf:"bytes,3,opt,name=filter,proto3" json:"filter,omitempty"` -} - -func (x *AccessLogging) Reset() { - *x = AccessLogging{} - if protoimpl.UnsafeEnabled { - mi := &file_telemetry_v1_telemetry_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *AccessLogging) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*AccessLogging) ProtoMessage() {} - -func (x *AccessLogging) ProtoReflect() protoreflect.Message { - mi := &file_telemetry_v1_telemetry_proto_msgTypes[6] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use AccessLogging.ProtoReflect.Descriptor instead. -func (*AccessLogging) Descriptor() ([]byte, []int) { - return file_telemetry_v1_telemetry_proto_rawDescGZIP(), []int{6} -} - -func (x *AccessLogging) GetMatch() *AccessLogging_LogSelector { - if x != nil { - return x.Match - } - return nil -} - -func (x *AccessLogging) GetProviders() []*ProviderRef { - if x != nil { - return x.Providers - } - return nil -} - -func (x *AccessLogging) GetDisabled() *wrappers.BoolValue { - if x != nil { - return x.Disabled - } - return nil -} - -func (x *AccessLogging) GetFilter() *AccessLogging_Filter { - if x != nil { - return x.Filter - } - return nil -} - -// TracingSelector provides a coarse-grained ability to configure tracing -// behavior based on certain traffic metadata (such as traffic direction). -type Tracing_TracingSelector struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // This determines whether or not to apply the tracing configuration - // based on the direction of traffic relative to the proxied workload. - Mode WorkloadMode `protobuf:"varint,1,opt,name=mode,proto3,enum=istio.telemetry.v1.WorkloadMode" json:"mode,omitempty"` -} - -func (x *Tracing_TracingSelector) Reset() { - *x = Tracing_TracingSelector{} - if protoimpl.UnsafeEnabled { - mi := &file_telemetry_v1_telemetry_proto_msgTypes[7] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Tracing_TracingSelector) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Tracing_TracingSelector) ProtoMessage() {} - -func (x *Tracing_TracingSelector) ProtoReflect() protoreflect.Message { - mi := &file_telemetry_v1_telemetry_proto_msgTypes[7] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Tracing_TracingSelector.ProtoReflect.Descriptor instead. -func (*Tracing_TracingSelector) Descriptor() ([]byte, []int) { - return file_telemetry_v1_telemetry_proto_rawDescGZIP(), []int{1, 0} -} - -func (x *Tracing_TracingSelector) GetMode() WorkloadMode { - if x != nil { - return x.Mode - } - return WorkloadMode_CLIENT_AND_SERVER -} - -// CustomTag defines a tag to be added to a trace span that is based on -// an operator-supplied value. This value can either be a hard-coded value, -// a value taken from an environment variable known to the sidecar proxy, or -// from a request header. -// -// NOTE: when specified, `custom_tags` will fully replace any values provided -// by parent configuration. -type Tracing_CustomTag struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Types that are assignable to Type: - // - // *Tracing_CustomTag_Literal - // *Tracing_CustomTag_Environment - // *Tracing_CustomTag_Header - Type isTracing_CustomTag_Type `protobuf_oneof:"type"` -} - -func (x *Tracing_CustomTag) Reset() { - *x = Tracing_CustomTag{} - if protoimpl.UnsafeEnabled { - mi := &file_telemetry_v1_telemetry_proto_msgTypes[8] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Tracing_CustomTag) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Tracing_CustomTag) ProtoMessage() {} - -func (x *Tracing_CustomTag) ProtoReflect() protoreflect.Message { - mi := &file_telemetry_v1_telemetry_proto_msgTypes[8] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Tracing_CustomTag.ProtoReflect.Descriptor instead. -func (*Tracing_CustomTag) Descriptor() ([]byte, []int) { - return file_telemetry_v1_telemetry_proto_rawDescGZIP(), []int{1, 1} -} - -func (m *Tracing_CustomTag) GetType() isTracing_CustomTag_Type { - if m != nil { - return m.Type - } - return nil -} - -func (x *Tracing_CustomTag) GetLiteral() *Tracing_Literal { - if x, ok := x.GetType().(*Tracing_CustomTag_Literal); ok { - return x.Literal - } - return nil -} - -func (x *Tracing_CustomTag) GetEnvironment() *Tracing_Environment { - if x, ok := x.GetType().(*Tracing_CustomTag_Environment); ok { - return x.Environment - } - return nil -} - -func (x *Tracing_CustomTag) GetHeader() *Tracing_RequestHeader { - if x, ok := x.GetType().(*Tracing_CustomTag_Header); ok { - return x.Header - } - return nil -} - -type isTracing_CustomTag_Type interface { - isTracing_CustomTag_Type() -} - -type Tracing_CustomTag_Literal struct { - // Literal adds the same, hard-coded value to each span. - Literal *Tracing_Literal `protobuf:"bytes,1,opt,name=literal,proto3,oneof"` -} - -type Tracing_CustomTag_Environment struct { - // Environment adds the value of an environment variable to each span. - Environment *Tracing_Environment `protobuf:"bytes,2,opt,name=environment,proto3,oneof"` -} - -type Tracing_CustomTag_Header struct { - // RequestHeader adds the value of an header from the request to each - // span. - Header *Tracing_RequestHeader `protobuf:"bytes,3,opt,name=header,proto3,oneof"` // TODO: add support for Metadata tags -} - -func (*Tracing_CustomTag_Literal) isTracing_CustomTag_Type() {} - -func (*Tracing_CustomTag_Environment) isTracing_CustomTag_Type() {} - -func (*Tracing_CustomTag_Header) isTracing_CustomTag_Type() {} - -type Tracing_Literal struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The tag value to use. - // +kubebuilder:validation:MinLength=1 - Value string `protobuf:"bytes,1,opt,name=value,proto3" json:"value,omitempty"` -} - -func (x *Tracing_Literal) Reset() { - *x = Tracing_Literal{} - if protoimpl.UnsafeEnabled { - mi := &file_telemetry_v1_telemetry_proto_msgTypes[9] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Tracing_Literal) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Tracing_Literal) ProtoMessage() {} - -func (x *Tracing_Literal) ProtoReflect() protoreflect.Message { - mi := &file_telemetry_v1_telemetry_proto_msgTypes[9] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Tracing_Literal.ProtoReflect.Descriptor instead. -func (*Tracing_Literal) Descriptor() ([]byte, []int) { - return file_telemetry_v1_telemetry_proto_rawDescGZIP(), []int{1, 2} -} - -func (x *Tracing_Literal) GetValue() string { - if x != nil { - return x.Value - } - return "" -} - -type Tracing_Environment struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Name of the environment variable from which to extract the tag value. - // +kubebuilder:validation:MinLength=1 - Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` - // Optional. If the environment variable is not found, this value will be - // used instead. - DefaultValue string `protobuf:"bytes,2,opt,name=default_value,json=defaultValue,proto3" json:"default_value,omitempty"` -} - -func (x *Tracing_Environment) Reset() { - *x = Tracing_Environment{} - if protoimpl.UnsafeEnabled { - mi := &file_telemetry_v1_telemetry_proto_msgTypes[10] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Tracing_Environment) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Tracing_Environment) ProtoMessage() {} - -func (x *Tracing_Environment) ProtoReflect() protoreflect.Message { - mi := &file_telemetry_v1_telemetry_proto_msgTypes[10] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Tracing_Environment.ProtoReflect.Descriptor instead. -func (*Tracing_Environment) Descriptor() ([]byte, []int) { - return file_telemetry_v1_telemetry_proto_rawDescGZIP(), []int{1, 3} -} - -func (x *Tracing_Environment) GetName() string { - if x != nil { - return x.Name - } - return "" -} - -func (x *Tracing_Environment) GetDefaultValue() string { - if x != nil { - return x.DefaultValue - } - return "" -} - -type Tracing_RequestHeader struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Name of the header from which to extract the tag value. - // +kubebuilder:validation:MinLength=1 - Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` - // Optional. If the header is not found, this value will be - // used instead. - DefaultValue string `protobuf:"bytes,2,opt,name=default_value,json=defaultValue,proto3" json:"default_value,omitempty"` -} - -func (x *Tracing_RequestHeader) Reset() { - *x = Tracing_RequestHeader{} - if protoimpl.UnsafeEnabled { - mi := &file_telemetry_v1_telemetry_proto_msgTypes[11] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Tracing_RequestHeader) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Tracing_RequestHeader) ProtoMessage() {} - -func (x *Tracing_RequestHeader) ProtoReflect() protoreflect.Message { - mi := &file_telemetry_v1_telemetry_proto_msgTypes[11] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Tracing_RequestHeader.ProtoReflect.Descriptor instead. -func (*Tracing_RequestHeader) Descriptor() ([]byte, []int) { - return file_telemetry_v1_telemetry_proto_rawDescGZIP(), []int{1, 4} -} - -func (x *Tracing_RequestHeader) GetName() string { - if x != nil { - return x.Name - } - return "" -} - -func (x *Tracing_RequestHeader) GetDefaultValue() string { - if x != nil { - return x.DefaultValue - } - return "" -} - -// TagOverride specifies an operation to perform on a metric dimension (also -// known as a `label`). Tags may be added, removed, or have their default -// values overridden. -// +kubebuilder:validation:XValidation:message="value must be set when operation is UPSERT",rule="((has(self.operation) ? self.operation : ”) == 'UPSERT') ? self.value != ” : true" -// +kubebuilder:validation:XValidation:message="value must not be set when operation is REMOVE",rule="((has(self.operation) ? self.operation : ”) == 'REMOVE') ? !has(self.value) : true" -type MetricsOverrides_TagOverride struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Operation controls whether or not to update/add a tag, or to remove it. - Operation MetricsOverrides_TagOverride_Operation `protobuf:"varint,1,opt,name=operation,proto3,enum=istio.telemetry.v1.MetricsOverrides_TagOverride_Operation" json:"operation,omitempty"` - // Value is only considered if the operation is `UPSERT`. - // Values are [CEL expressions](https://opensource.google/projects/cel) over - // attributes. Examples include: `string(destination.port)` and - // `request.host`. Istio exposes all standard [Envoy - // attributes](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/advanced/attributes). - // Additionally, Istio exposes node metadata as attributes. - // More information is provided in the [customization - // docs](https://istio.io/latest/docs/tasks/observability/metrics/customize-metrics/#use-expressions-for-values). - Value string `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"` -} - -func (x *MetricsOverrides_TagOverride) Reset() { - *x = MetricsOverrides_TagOverride{} - if protoimpl.UnsafeEnabled { - mi := &file_telemetry_v1_telemetry_proto_msgTypes[13] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *MetricsOverrides_TagOverride) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*MetricsOverrides_TagOverride) ProtoMessage() {} - -func (x *MetricsOverrides_TagOverride) ProtoReflect() protoreflect.Message { - mi := &file_telemetry_v1_telemetry_proto_msgTypes[13] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use MetricsOverrides_TagOverride.ProtoReflect.Descriptor instead. -func (*MetricsOverrides_TagOverride) Descriptor() ([]byte, []int) { - return file_telemetry_v1_telemetry_proto_rawDescGZIP(), []int{5, 0} -} - -func (x *MetricsOverrides_TagOverride) GetOperation() MetricsOverrides_TagOverride_Operation { - if x != nil { - return x.Operation - } - return MetricsOverrides_TagOverride_UPSERT -} - -func (x *MetricsOverrides_TagOverride) GetValue() string { - if x != nil { - return x.Value - } - return "" -} - -// LogSelector provides a coarse-grained ability to configure logging behavior -// based on certain traffic metadata (such as traffic direction). LogSelector -// applies to traffic metadata which is not represented in the attribute set -// currently supported by [filters](https://istio.io/latest/docs/reference/config/telemetry/#AccessLogging-Filter). -// It allows control planes to limit the configuration sent to individual workloads. -// Finer-grained logging behavior can be further configured via `filter`. -type AccessLogging_LogSelector struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // This determines whether or not to apply the access logging configuration - // based on the direction of traffic relative to the proxied workload. - Mode WorkloadMode `protobuf:"varint,1,opt,name=mode,proto3,enum=istio.telemetry.v1.WorkloadMode" json:"mode,omitempty"` -} - -func (x *AccessLogging_LogSelector) Reset() { - *x = AccessLogging_LogSelector{} - if protoimpl.UnsafeEnabled { - mi := &file_telemetry_v1_telemetry_proto_msgTypes[15] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *AccessLogging_LogSelector) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*AccessLogging_LogSelector) ProtoMessage() {} - -func (x *AccessLogging_LogSelector) ProtoReflect() protoreflect.Message { - mi := &file_telemetry_v1_telemetry_proto_msgTypes[15] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use AccessLogging_LogSelector.ProtoReflect.Descriptor instead. -func (*AccessLogging_LogSelector) Descriptor() ([]byte, []int) { - return file_telemetry_v1_telemetry_proto_rawDescGZIP(), []int{6, 0} -} - -func (x *AccessLogging_LogSelector) GetMode() WorkloadMode { - if x != nil { - return x.Mode - } - return WorkloadMode_CLIENT_AND_SERVER -} - -// Allows specification of an access log filter. -type AccessLogging_Filter struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // CEL expression for selecting when requests/connections should be logged. - // - // Examples: - // - // - `response.code >= 400` - // - `connection.mtls && request.url_path.contains('v1beta3')` - // - `!has(request.useragent) || !(request.useragent.startsWith("Amazon-Route53-Health-Check-Service"))` - Expression string `protobuf:"bytes,1,opt,name=expression,proto3" json:"expression,omitempty"` -} - -func (x *AccessLogging_Filter) Reset() { - *x = AccessLogging_Filter{} - if protoimpl.UnsafeEnabled { - mi := &file_telemetry_v1_telemetry_proto_msgTypes[16] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *AccessLogging_Filter) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*AccessLogging_Filter) ProtoMessage() {} - -func (x *AccessLogging_Filter) ProtoReflect() protoreflect.Message { - mi := &file_telemetry_v1_telemetry_proto_msgTypes[16] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use AccessLogging_Filter.ProtoReflect.Descriptor instead. -func (*AccessLogging_Filter) Descriptor() ([]byte, []int) { - return file_telemetry_v1_telemetry_proto_rawDescGZIP(), []int{6, 1} -} - -func (x *AccessLogging_Filter) GetExpression() string { - if x != nil { - return x.Expression - } - return "" -} - -var File_telemetry_v1_telemetry_proto protoreflect.FileDescriptor - -var file_telemetry_v1_telemetry_proto_rawDesc = []byte{ - 0x0a, 0x1c, 0x74, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72, 0x79, 0x2f, 0x76, 0x31, 0x2f, 0x74, - 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, - 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72, 0x79, 0x2e, - 0x76, 0x31, 0x1a, 0x1b, 0x74, 0x79, 0x70, 0x65, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, - 0x2f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, - 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, - 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, - 0x66, 0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, - 0x66, 0x2f, 0x77, 0x72, 0x61, 0x70, 0x70, 0x65, 0x72, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x22, 0x99, 0x03, 0x0a, 0x09, 0x54, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72, 0x79, 0x12, 0x40, - 0x0a, 0x08, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x24, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x76, 0x31, - 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, - 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x52, 0x08, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, - 0x12, 0x47, 0x0a, 0x09, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x18, 0x05, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x74, 0x79, 0x70, 0x65, - 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x54, - 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x09, - 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x12, 0x49, 0x0a, 0x0a, 0x74, 0x61, 0x72, - 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, - 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, - 0x61, 0x31, 0x2e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, - 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x0a, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, - 0x52, 0x65, 0x66, 0x73, 0x12, 0x35, 0x0a, 0x07, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x18, - 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x74, 0x65, - 0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x72, 0x61, 0x63, 0x69, - 0x6e, 0x67, 0x52, 0x07, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x12, 0x35, 0x0a, 0x07, 0x6d, - 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x69, - 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72, 0x79, 0x2e, 0x76, - 0x31, 0x2e, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0x52, 0x07, 0x6d, 0x65, 0x74, 0x72, 0x69, - 0x63, 0x73, 0x12, 0x48, 0x0a, 0x0e, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x6c, 0x6f, 0x67, - 0x67, 0x69, 0x6e, 0x67, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x69, 0x73, 0x74, - 0x69, 0x6f, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72, 0x79, 0x2e, 0x76, 0x31, 0x2e, - 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x67, 0x69, 0x6e, 0x67, 0x52, 0x0d, 0x61, - 0x63, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x67, 0x69, 0x6e, 0x67, 0x22, 0xc6, 0x08, 0x0a, - 0x07, 0x54, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x12, 0x41, 0x0a, 0x05, 0x6d, 0x61, 0x74, 0x63, - 0x68, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, - 0x74, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x72, 0x61, - 0x63, 0x69, 0x6e, 0x67, 0x2e, 0x54, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x53, 0x65, 0x6c, 0x65, - 0x63, 0x74, 0x6f, 0x72, 0x52, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x3d, 0x0a, 0x09, 0x70, - 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, - 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72, 0x79, - 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x65, 0x66, 0x52, - 0x09, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x12, 0x5a, 0x0a, 0x1a, 0x72, 0x61, - 0x6e, 0x64, 0x6f, 0x6d, 0x5f, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x69, 0x6e, 0x67, 0x5f, 0x70, 0x65, - 0x72, 0x63, 0x65, 0x6e, 0x74, 0x61, 0x67, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, - 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, - 0x2e, 0x44, 0x6f, 0x75, 0x62, 0x6c, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x18, 0x72, 0x61, - 0x6e, 0x64, 0x6f, 0x6d, 0x53, 0x61, 0x6d, 0x70, 0x6c, 0x69, 0x6e, 0x67, 0x50, 0x65, 0x72, 0x63, - 0x65, 0x6e, 0x74, 0x61, 0x67, 0x65, 0x12, 0x50, 0x0a, 0x16, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, - 0x65, 0x5f, 0x73, 0x70, 0x61, 0x6e, 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x69, 0x6e, 0x67, - 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, - 0x75, 0x65, 0x52, 0x14, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x53, 0x70, 0x61, 0x6e, 0x52, - 0x65, 0x70, 0x6f, 0x72, 0x74, 0x69, 0x6e, 0x67, 0x12, 0x4c, 0x0a, 0x0b, 0x63, 0x75, 0x73, 0x74, - 0x6f, 0x6d, 0x5f, 0x74, 0x61, 0x67, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2b, 0x2e, - 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72, 0x79, 0x2e, - 0x76, 0x31, 0x2e, 0x54, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x2e, 0x43, 0x75, 0x73, 0x74, 0x6f, - 0x6d, 0x54, 0x61, 0x67, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0a, 0x63, 0x75, 0x73, 0x74, - 0x6f, 0x6d, 0x54, 0x61, 0x67, 0x73, 0x12, 0x63, 0x0a, 0x21, 0x75, 0x73, 0x65, 0x5f, 0x72, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x69, 0x64, 0x5f, 0x66, 0x6f, 0x72, 0x5f, 0x74, 0x72, 0x61, - 0x63, 0x65, 0x5f, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x69, 0x6e, 0x67, 0x18, 0x06, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x1c, 0x75, - 0x73, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x49, 0x64, 0x46, 0x6f, 0x72, 0x54, 0x72, - 0x61, 0x63, 0x65, 0x53, 0x61, 0x6d, 0x70, 0x6c, 0x69, 0x6e, 0x67, 0x1a, 0x47, 0x0a, 0x0f, 0x54, - 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x34, - 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x20, 0x2e, 0x69, - 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72, 0x79, 0x2e, 0x76, - 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x04, - 0x6d, 0x6f, 0x64, 0x65, 0x1a, 0xe6, 0x01, 0x0a, 0x09, 0x43, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x54, - 0x61, 0x67, 0x12, 0x3f, 0x0a, 0x07, 0x6c, 0x69, 0x74, 0x65, 0x72, 0x61, 0x6c, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x74, 0x65, 0x6c, 0x65, - 0x6d, 0x65, 0x74, 0x72, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, - 0x2e, 0x4c, 0x69, 0x74, 0x65, 0x72, 0x61, 0x6c, 0x48, 0x00, 0x52, 0x07, 0x6c, 0x69, 0x74, 0x65, - 0x72, 0x61, 0x6c, 0x12, 0x4b, 0x0a, 0x0b, 0x65, 0x6e, 0x76, 0x69, 0x72, 0x6f, 0x6e, 0x6d, 0x65, - 0x6e, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x72, - 0x61, 0x63, 0x69, 0x6e, 0x67, 0x2e, 0x45, 0x6e, 0x76, 0x69, 0x72, 0x6f, 0x6e, 0x6d, 0x65, 0x6e, - 0x74, 0x48, 0x00, 0x52, 0x0b, 0x65, 0x6e, 0x76, 0x69, 0x72, 0x6f, 0x6e, 0x6d, 0x65, 0x6e, 0x74, - 0x12, 0x43, 0x0a, 0x06, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x29, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x74, - 0x72, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x2e, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x48, 0x00, 0x52, 0x06, 0x68, - 0x65, 0x61, 0x64, 0x65, 0x72, 0x42, 0x06, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x1a, 0x24, 0x0a, - 0x07, 0x4c, 0x69, 0x74, 0x65, 0x72, 0x61, 0x6c, 0x12, 0x19, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, - 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x05, 0x76, 0x61, - 0x6c, 0x75, 0x65, 0x1a, 0x4b, 0x0a, 0x0b, 0x45, 0x6e, 0x76, 0x69, 0x72, 0x6f, 0x6e, 0x6d, 0x65, - 0x6e, 0x74, 0x12, 0x17, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x64, - 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x0c, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, - 0x1a, 0x4d, 0x0a, 0x0d, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x65, 0x61, 0x64, 0x65, - 0x72, 0x12, 0x17, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, - 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x64, 0x65, - 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0c, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x1a, - 0x64, 0x0a, 0x0f, 0x43, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x54, 0x61, 0x67, 0x73, 0x45, 0x6e, 0x74, - 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x03, 0x6b, 0x65, 0x79, 0x12, 0x3b, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x74, 0x65, 0x6c, 0x65, - 0x6d, 0x65, 0x74, 0x72, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, - 0x2e, 0x43, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x54, 0x61, 0x67, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, - 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x26, 0x0a, 0x0b, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, - 0x72, 0x52, 0x65, 0x66, 0x12, 0x17, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0xd6, 0x01, - 0x0a, 0x07, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0x12, 0x3d, 0x0a, 0x09, 0x70, 0x72, 0x6f, - 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x69, - 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72, 0x79, 0x2e, 0x76, - 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x65, 0x66, 0x52, 0x09, 0x70, - 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x12, 0x42, 0x0a, 0x09, 0x6f, 0x76, 0x65, 0x72, - 0x72, 0x69, 0x64, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x69, 0x73, - 0x74, 0x69, 0x6f, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72, 0x79, 0x2e, 0x76, 0x31, - 0x2e, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, - 0x73, 0x52, 0x09, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x73, 0x12, 0x48, 0x0a, 0x12, - 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x69, 0x6e, 0x67, 0x5f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, - 0x61, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x52, 0x11, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x69, 0x6e, 0x67, 0x49, 0x6e, - 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x22, 0xd1, 0x03, 0x0a, 0x0e, 0x4d, 0x65, 0x74, 0x72, 0x69, - 0x63, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x48, 0x0a, 0x06, 0x6d, 0x65, 0x74, - 0x72, 0x69, 0x63, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2e, 0x2e, 0x69, 0x73, 0x74, 0x69, - 0x6f, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x4d, - 0x65, 0x74, 0x72, 0x69, 0x63, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x2e, 0x49, 0x73, - 0x74, 0x69, 0x6f, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x48, 0x00, 0x52, 0x06, 0x6d, 0x65, 0x74, - 0x72, 0x69, 0x63, 0x12, 0x25, 0x0a, 0x0d, 0x63, 0x75, 0x73, 0x74, 0x6f, 0x6d, 0x5f, 0x6d, 0x65, - 0x74, 0x72, 0x69, 0x63, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x0c, 0x63, 0x75, - 0x73, 0x74, 0x6f, 0x6d, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x12, 0x34, 0x0a, 0x04, 0x6d, 0x6f, - 0x64, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x20, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x6f, - 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, - 0x22, 0x87, 0x02, 0x0a, 0x0b, 0x49, 0x73, 0x74, 0x69, 0x6f, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, - 0x12, 0x0f, 0x0a, 0x0b, 0x41, 0x4c, 0x4c, 0x5f, 0x4d, 0x45, 0x54, 0x52, 0x49, 0x43, 0x53, 0x10, - 0x00, 0x12, 0x11, 0x0a, 0x0d, 0x52, 0x45, 0x51, 0x55, 0x45, 0x53, 0x54, 0x5f, 0x43, 0x4f, 0x55, - 0x4e, 0x54, 0x10, 0x01, 0x12, 0x14, 0x0a, 0x10, 0x52, 0x45, 0x51, 0x55, 0x45, 0x53, 0x54, 0x5f, - 0x44, 0x55, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x10, 0x02, 0x12, 0x10, 0x0a, 0x0c, 0x52, 0x45, - 0x51, 0x55, 0x45, 0x53, 0x54, 0x5f, 0x53, 0x49, 0x5a, 0x45, 0x10, 0x03, 0x12, 0x11, 0x0a, 0x0d, - 0x52, 0x45, 0x53, 0x50, 0x4f, 0x4e, 0x53, 0x45, 0x5f, 0x53, 0x49, 0x5a, 0x45, 0x10, 0x04, 0x12, - 0x1a, 0x0a, 0x16, 0x54, 0x43, 0x50, 0x5f, 0x4f, 0x50, 0x45, 0x4e, 0x45, 0x44, 0x5f, 0x43, 0x4f, - 0x4e, 0x4e, 0x45, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x53, 0x10, 0x05, 0x12, 0x1a, 0x0a, 0x16, 0x54, - 0x43, 0x50, 0x5f, 0x43, 0x4c, 0x4f, 0x53, 0x45, 0x44, 0x5f, 0x43, 0x4f, 0x4e, 0x4e, 0x45, 0x43, - 0x54, 0x49, 0x4f, 0x4e, 0x53, 0x10, 0x06, 0x12, 0x12, 0x0a, 0x0e, 0x54, 0x43, 0x50, 0x5f, 0x53, - 0x45, 0x4e, 0x54, 0x5f, 0x42, 0x59, 0x54, 0x45, 0x53, 0x10, 0x07, 0x12, 0x16, 0x0a, 0x12, 0x54, - 0x43, 0x50, 0x5f, 0x52, 0x45, 0x43, 0x45, 0x49, 0x56, 0x45, 0x44, 0x5f, 0x42, 0x59, 0x54, 0x45, - 0x53, 0x10, 0x08, 0x12, 0x19, 0x0a, 0x15, 0x47, 0x52, 0x50, 0x43, 0x5f, 0x52, 0x45, 0x51, 0x55, - 0x45, 0x53, 0x54, 0x5f, 0x4d, 0x45, 0x53, 0x53, 0x41, 0x47, 0x45, 0x53, 0x10, 0x09, 0x12, 0x1a, - 0x0a, 0x16, 0x47, 0x52, 0x50, 0x43, 0x5f, 0x52, 0x45, 0x53, 0x50, 0x4f, 0x4e, 0x53, 0x45, 0x5f, - 0x4d, 0x45, 0x53, 0x53, 0x41, 0x47, 0x45, 0x53, 0x10, 0x0a, 0x42, 0x0e, 0x0a, 0x0c, 0x6d, 0x65, - 0x74, 0x72, 0x69, 0x63, 0x5f, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x22, 0xf9, 0x03, 0x0a, 0x10, 0x4d, - 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x73, 0x12, - 0x38, 0x0a, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, - 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72, 0x79, - 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, - 0x6f, 0x72, 0x52, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x36, 0x0a, 0x08, 0x64, 0x69, 0x73, - 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, - 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x08, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, - 0x64, 0x12, 0x5b, 0x0a, 0x0d, 0x74, 0x61, 0x67, 0x5f, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, - 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x65, - 0x74, 0x72, 0x69, 0x63, 0x73, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x73, 0x2e, 0x54, - 0x61, 0x67, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, - 0x52, 0x0c, 0x74, 0x61, 0x67, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x73, 0x1a, 0xa2, - 0x01, 0x0a, 0x0b, 0x54, 0x61, 0x67, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x12, 0x58, - 0x0a, 0x09, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x0e, 0x32, 0x3a, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x6d, 0x65, - 0x74, 0x72, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0x4f, 0x76, - 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x73, 0x2e, 0x54, 0x61, 0x67, 0x4f, 0x76, 0x65, 0x72, 0x72, - 0x69, 0x64, 0x65, 0x2e, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x6f, - 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, - 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x23, - 0x0a, 0x09, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x0a, 0x0a, 0x06, 0x55, - 0x50, 0x53, 0x45, 0x52, 0x54, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x52, 0x45, 0x4d, 0x4f, 0x56, - 0x45, 0x10, 0x01, 0x1a, 0x71, 0x0a, 0x11, 0x54, 0x61, 0x67, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, - 0x64, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x46, 0x0a, 0x05, 0x76, 0x61, - 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x69, 0x73, 0x74, 0x69, - 0x6f, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x4d, - 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x73, 0x2e, - 0x54, 0x61, 0x67, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x52, 0x05, 0x76, 0x61, 0x6c, - 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xfc, 0x02, 0x0a, 0x0d, 0x41, 0x63, 0x63, 0x65, 0x73, - 0x73, 0x4c, 0x6f, 0x67, 0x67, 0x69, 0x6e, 0x67, 0x12, 0x43, 0x0a, 0x05, 0x6d, 0x61, 0x74, 0x63, - 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, - 0x74, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x63, 0x63, - 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x67, 0x69, 0x6e, 0x67, 0x2e, 0x4c, 0x6f, 0x67, 0x53, 0x65, - 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x52, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x3d, 0x0a, - 0x09, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x1f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x74, - 0x72, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x65, - 0x66, 0x52, 0x09, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x12, 0x36, 0x0a, 0x08, - 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, - 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, - 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x08, 0x64, 0x69, 0x73, 0x61, - 0x62, 0x6c, 0x65, 0x64, 0x12, 0x40, 0x0a, 0x06, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x18, 0x03, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x74, 0x65, 0x6c, - 0x65, 0x6d, 0x65, 0x74, 0x72, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, - 0x4c, 0x6f, 0x67, 0x67, 0x69, 0x6e, 0x67, 0x2e, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x52, 0x06, - 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x1a, 0x43, 0x0a, 0x0b, 0x4c, 0x6f, 0x67, 0x53, 0x65, 0x6c, - 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x34, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0e, 0x32, 0x20, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x74, 0x65, 0x6c, 0x65, - 0x6d, 0x65, 0x74, 0x72, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, - 0x64, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x1a, 0x28, 0x0a, 0x06, 0x46, - 0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, 0x1e, 0x0a, 0x0a, 0x65, 0x78, 0x70, 0x72, 0x65, 0x73, 0x73, - 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x65, 0x78, 0x70, 0x72, 0x65, - 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x2a, 0x3d, 0x0a, 0x0c, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, - 0x64, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x15, 0x0a, 0x11, 0x43, 0x4c, 0x49, 0x45, 0x4e, 0x54, 0x5f, - 0x41, 0x4e, 0x44, 0x5f, 0x53, 0x45, 0x52, 0x56, 0x45, 0x52, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, - 0x43, 0x4c, 0x49, 0x45, 0x4e, 0x54, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x45, 0x52, 0x56, - 0x45, 0x52, 0x10, 0x02, 0x42, 0x1b, 0x5a, 0x19, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, 0x6f, - 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x74, 0x65, 0x6c, 0x65, 0x6d, 0x65, 0x74, 0x72, 0x79, 0x2f, 0x76, - 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} - -var ( - file_telemetry_v1_telemetry_proto_rawDescOnce sync.Once - file_telemetry_v1_telemetry_proto_rawDescData = file_telemetry_v1_telemetry_proto_rawDesc -) - -func file_telemetry_v1_telemetry_proto_rawDescGZIP() []byte { - file_telemetry_v1_telemetry_proto_rawDescOnce.Do(func() { - file_telemetry_v1_telemetry_proto_rawDescData = protoimpl.X.CompressGZIP(file_telemetry_v1_telemetry_proto_rawDescData) - }) - return file_telemetry_v1_telemetry_proto_rawDescData -} - -var file_telemetry_v1_telemetry_proto_enumTypes = make([]protoimpl.EnumInfo, 3) -var file_telemetry_v1_telemetry_proto_msgTypes = make([]protoimpl.MessageInfo, 17) -var file_telemetry_v1_telemetry_proto_goTypes = []interface{}{ - (WorkloadMode)(0), // 0: istio.telemetry.v1.WorkloadMode - (MetricSelector_IstioMetric)(0), // 1: istio.telemetry.v1.MetricSelector.IstioMetric - (MetricsOverrides_TagOverride_Operation)(0), // 2: istio.telemetry.v1.MetricsOverrides.TagOverride.Operation - (*Telemetry)(nil), // 3: istio.telemetry.v1.Telemetry - (*Tracing)(nil), // 4: istio.telemetry.v1.Tracing - (*ProviderRef)(nil), // 5: istio.telemetry.v1.ProviderRef - (*Metrics)(nil), // 6: istio.telemetry.v1.Metrics - (*MetricSelector)(nil), // 7: istio.telemetry.v1.MetricSelector - (*MetricsOverrides)(nil), // 8: istio.telemetry.v1.MetricsOverrides - (*AccessLogging)(nil), // 9: istio.telemetry.v1.AccessLogging - (*Tracing_TracingSelector)(nil), // 10: istio.telemetry.v1.Tracing.TracingSelector - (*Tracing_CustomTag)(nil), // 11: istio.telemetry.v1.Tracing.CustomTag - (*Tracing_Literal)(nil), // 12: istio.telemetry.v1.Tracing.Literal - (*Tracing_Environment)(nil), // 13: istio.telemetry.v1.Tracing.Environment - (*Tracing_RequestHeader)(nil), // 14: istio.telemetry.v1.Tracing.RequestHeader - nil, // 15: istio.telemetry.v1.Tracing.CustomTagsEntry - (*MetricsOverrides_TagOverride)(nil), // 16: istio.telemetry.v1.MetricsOverrides.TagOverride - nil, // 17: istio.telemetry.v1.MetricsOverrides.TagOverridesEntry - (*AccessLogging_LogSelector)(nil), // 18: istio.telemetry.v1.AccessLogging.LogSelector - (*AccessLogging_Filter)(nil), // 19: istio.telemetry.v1.AccessLogging.Filter - (*v1beta1.WorkloadSelector)(nil), // 20: istio.type.v1beta1.WorkloadSelector - (*v1beta1.PolicyTargetReference)(nil), // 21: istio.type.v1beta1.PolicyTargetReference - (*wrappers.DoubleValue)(nil), // 22: google.protobuf.DoubleValue - (*wrappers.BoolValue)(nil), // 23: google.protobuf.BoolValue - (*duration.Duration)(nil), // 24: google.protobuf.Duration -} -var file_telemetry_v1_telemetry_proto_depIdxs = []int32{ - 20, // 0: istio.telemetry.v1.Telemetry.selector:type_name -> istio.type.v1beta1.WorkloadSelector - 21, // 1: istio.telemetry.v1.Telemetry.targetRef:type_name -> istio.type.v1beta1.PolicyTargetReference - 21, // 2: istio.telemetry.v1.Telemetry.targetRefs:type_name -> istio.type.v1beta1.PolicyTargetReference - 4, // 3: istio.telemetry.v1.Telemetry.tracing:type_name -> istio.telemetry.v1.Tracing - 6, // 4: istio.telemetry.v1.Telemetry.metrics:type_name -> istio.telemetry.v1.Metrics - 9, // 5: istio.telemetry.v1.Telemetry.access_logging:type_name -> istio.telemetry.v1.AccessLogging - 10, // 6: istio.telemetry.v1.Tracing.match:type_name -> istio.telemetry.v1.Tracing.TracingSelector - 5, // 7: istio.telemetry.v1.Tracing.providers:type_name -> istio.telemetry.v1.ProviderRef - 22, // 8: istio.telemetry.v1.Tracing.random_sampling_percentage:type_name -> google.protobuf.DoubleValue - 23, // 9: istio.telemetry.v1.Tracing.disable_span_reporting:type_name -> google.protobuf.BoolValue - 15, // 10: istio.telemetry.v1.Tracing.custom_tags:type_name -> istio.telemetry.v1.Tracing.CustomTagsEntry - 23, // 11: istio.telemetry.v1.Tracing.use_request_id_for_trace_sampling:type_name -> google.protobuf.BoolValue - 5, // 12: istio.telemetry.v1.Metrics.providers:type_name -> istio.telemetry.v1.ProviderRef - 8, // 13: istio.telemetry.v1.Metrics.overrides:type_name -> istio.telemetry.v1.MetricsOverrides - 24, // 14: istio.telemetry.v1.Metrics.reporting_interval:type_name -> google.protobuf.Duration - 1, // 15: istio.telemetry.v1.MetricSelector.metric:type_name -> istio.telemetry.v1.MetricSelector.IstioMetric - 0, // 16: istio.telemetry.v1.MetricSelector.mode:type_name -> istio.telemetry.v1.WorkloadMode - 7, // 17: istio.telemetry.v1.MetricsOverrides.match:type_name -> istio.telemetry.v1.MetricSelector - 23, // 18: istio.telemetry.v1.MetricsOverrides.disabled:type_name -> google.protobuf.BoolValue - 17, // 19: istio.telemetry.v1.MetricsOverrides.tag_overrides:type_name -> istio.telemetry.v1.MetricsOverrides.TagOverridesEntry - 18, // 20: istio.telemetry.v1.AccessLogging.match:type_name -> istio.telemetry.v1.AccessLogging.LogSelector - 5, // 21: istio.telemetry.v1.AccessLogging.providers:type_name -> istio.telemetry.v1.ProviderRef - 23, // 22: istio.telemetry.v1.AccessLogging.disabled:type_name -> google.protobuf.BoolValue - 19, // 23: istio.telemetry.v1.AccessLogging.filter:type_name -> istio.telemetry.v1.AccessLogging.Filter - 0, // 24: istio.telemetry.v1.Tracing.TracingSelector.mode:type_name -> istio.telemetry.v1.WorkloadMode - 12, // 25: istio.telemetry.v1.Tracing.CustomTag.literal:type_name -> istio.telemetry.v1.Tracing.Literal - 13, // 26: istio.telemetry.v1.Tracing.CustomTag.environment:type_name -> istio.telemetry.v1.Tracing.Environment - 14, // 27: istio.telemetry.v1.Tracing.CustomTag.header:type_name -> istio.telemetry.v1.Tracing.RequestHeader - 11, // 28: istio.telemetry.v1.Tracing.CustomTagsEntry.value:type_name -> istio.telemetry.v1.Tracing.CustomTag - 2, // 29: istio.telemetry.v1.MetricsOverrides.TagOverride.operation:type_name -> istio.telemetry.v1.MetricsOverrides.TagOverride.Operation - 16, // 30: istio.telemetry.v1.MetricsOverrides.TagOverridesEntry.value:type_name -> istio.telemetry.v1.MetricsOverrides.TagOverride - 0, // 31: istio.telemetry.v1.AccessLogging.LogSelector.mode:type_name -> istio.telemetry.v1.WorkloadMode - 32, // [32:32] is the sub-list for method output_type - 32, // [32:32] is the sub-list for method input_type - 32, // [32:32] is the sub-list for extension type_name - 32, // [32:32] is the sub-list for extension extendee - 0, // [0:32] is the sub-list for field type_name -} - -func init() { file_telemetry_v1_telemetry_proto_init() } -func file_telemetry_v1_telemetry_proto_init() { - if File_telemetry_v1_telemetry_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_telemetry_v1_telemetry_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Telemetry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_telemetry_v1_telemetry_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Tracing); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_telemetry_v1_telemetry_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ProviderRef); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_telemetry_v1_telemetry_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Metrics); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_telemetry_v1_telemetry_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*MetricSelector); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_telemetry_v1_telemetry_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*MetricsOverrides); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_telemetry_v1_telemetry_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*AccessLogging); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_telemetry_v1_telemetry_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Tracing_TracingSelector); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_telemetry_v1_telemetry_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Tracing_CustomTag); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_telemetry_v1_telemetry_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Tracing_Literal); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_telemetry_v1_telemetry_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Tracing_Environment); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_telemetry_v1_telemetry_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Tracing_RequestHeader); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_telemetry_v1_telemetry_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*MetricsOverrides_TagOverride); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_telemetry_v1_telemetry_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*AccessLogging_LogSelector); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_telemetry_v1_telemetry_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*AccessLogging_Filter); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - file_telemetry_v1_telemetry_proto_msgTypes[4].OneofWrappers = []interface{}{ - (*MetricSelector_Metric)(nil), - (*MetricSelector_CustomMetric)(nil), - } - file_telemetry_v1_telemetry_proto_msgTypes[8].OneofWrappers = []interface{}{ - (*Tracing_CustomTag_Literal)(nil), - (*Tracing_CustomTag_Environment)(nil), - (*Tracing_CustomTag_Header)(nil), - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_telemetry_v1_telemetry_proto_rawDesc, - NumEnums: 3, - NumMessages: 17, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_telemetry_v1_telemetry_proto_goTypes, - DependencyIndexes: file_telemetry_v1_telemetry_proto_depIdxs, - EnumInfos: file_telemetry_v1_telemetry_proto_enumTypes, - MessageInfos: file_telemetry_v1_telemetry_proto_msgTypes, - }.Build() - File_telemetry_v1_telemetry_proto = out.File - file_telemetry_v1_telemetry_proto_rawDesc = nil - file_telemetry_v1_telemetry_proto_goTypes = nil - file_telemetry_v1_telemetry_proto_depIdxs = nil -} diff --git a/telemetry/v1/telemetry.proto b/telemetry/v1/telemetry.proto deleted file mode 100644 index 97e98f02ab6..00000000000 --- a/telemetry/v1/telemetry.proto +++ /dev/null @@ -1,695 +0,0 @@ -// Copyright Istio Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -import "type/v1beta1/selector.proto"; -import "google/api/field_behavior.proto"; -import "google/protobuf/duration.proto"; -import "google/protobuf/wrappers.proto"; - -// $schema: istio.telemetry.v1.Telemetry -// $title: Telemetry -// $description: Telemetry configuration for workloads. -// $location: https://istio.io/docs/reference/config/telemetry.html -// $aliases: [/docs/reference/config/telemetry/v1/telemetry] -// $mode: none - -// Telemetry defines how the telemetry is generated for workloads within a mesh. -// -// For mesh level configuration, put the resource in root configuration -// namespace for your Istio installation *without* a workload selector. -// -// For any namespace, including the root configuration namespace, it is only -// valid to have a single workload selector-less Telemetry resource. -// -// For resources with a workload selector, it is only valid to have one resource -// selecting any given workload. -// -// The hierarchy of Telemetry configuration is as follows: -// -// 1. Workload-specific configuration -// 2. Namespace-specific configuration -// 3. Root namespace configuration -// -// ## Examples -// -// Policy to enable random sampling for 10% of traffic: -// ```yaml -// apiVersion: telemetry.istio.io/v1 -// kind: Telemetry -// metadata: -// name: mesh-default -// namespace: istio-system -// spec: -// # no selector specified, applies to all workloads -// tracing: -// - randomSamplingPercentage: 10.00 -// ``` -// -// Policy to disable trace reporting for the `foo` workload (note: tracing -// context will still be propagated): -// ```yaml -// apiVersion: telemetry.istio.io/v1 -// kind: Telemetry -// metadata: -// name: foo-tracing -// namespace: bar -// spec: -// selector: -// matchLabels: -// service.istio.io/canonical-name: foo -// tracing: -// - disableSpanReporting: true -// ``` -// -// Policy to select the alternate zipkin provider for trace reporting: -// ```yaml -// apiVersion: telemetry.istio.io/v1 -// kind: Telemetry -// metadata: -// name: foo-tracing-alternate -// namespace: baz -// spec: -// selector: -// matchLabels: -// service.istio.io/canonical-name: foo -// tracing: -// - providers: -// - name: "zipkin-alternate" -// randomSamplingPercentage: 10.00 -// ``` -// -// Policy to tailor the zipkin provider to sample traces from Client workloads only: -// ```yaml -// apiVersion: telemetry.istio.io/v1alpha1 -// kind: Telemetry -// metadata: -// name: mesh-default -// namespace: istio-system -// spec: -// # no selector specified, applies to all workloads -// tracing: -// - match: CLIENT -// - providers: -// - name: "zipkin" -// ``` -// -// Policy to add a custom tag from a literal value: -// ```yaml -// apiVersion: telemetry.istio.io/v1 -// kind: Telemetry -// metadata: -// name: mesh-default -// namespace: istio-system -// spec: -// # no selector specified, applies to all workloads -// tracing: -// - randomSamplingPercentage: 10.00 -// customTags: -// my_new_foo_tag: -// literal: -// value: "foo" -// ``` -// -// Policy to disable server-side metrics for Prometheus for an entire mesh: -// ```yaml -// apiVersion: telemetry.istio.io/v1 -// kind: Telemetry -// metadata: -// name: mesh-default -// namespace: istio-system -// spec: -// # no selector specified, applies to all workloads -// metrics: -// - providers: -// - name: prometheus -// overrides: -// - match: -// metric: ALL_METRICS -// mode: SERVER -// disabled: true -// ``` -// -// Policy to add dimensions to all Prometheus metrics for the `foo` namespace: -// ```yaml -// apiVersion: telemetry.istio.io/v1 -// kind: Telemetry -// metadata: -// name: namespace-metrics -// namespace: foo -// spec: -// # no selector specified, applies to all workloads in the namespace -// metrics: -// - providers: -// - name: prometheus -// overrides: -// # match clause left off matches all istio metrics, client and server -// - tagOverrides: -// request_method: -// value: "request.method" -// request_host: -// value: "request.host" -// ``` -// -// Policy to remove the `response_code` dimension on some Prometheus metrics for -// the `bar.foo` workload: -// ```yaml -// apiVersion: telemetry.istio.io/v1 -// kind: Telemetry -// metadata: -// name: remove-response-code -// namespace: foo -// spec: -// selector: -// matchLabels: -// service.istio.io/canonical-name: bar -// metrics: -// - providers: -// - name: prometheus -// overrides: -// - match: -// metric: REQUEST_COUNT -// tagOverrides: -// response_code: -// operation: REMOVE -// - match: -// metric: REQUEST_DURATION -// tagOverrides: -// response_code: -// operation: REMOVE -// - match: -// metric: REQUEST_SIZE -// tagOverrides: -// response_code: -// operation: REMOVE -// - match: -// metric: RESPONSE_SIZE -// tagOverrides: -// response_code: -// operation: REMOVE -// ``` -// -// Policy to enable access logging for the entire mesh: -// ```yaml -// apiVersion: telemetry.istio.io/v1 -// kind: Telemetry -// metadata: -// name: mesh-default -// namespace: istio-system -// spec: -// # no selector specified, applies to all workloads -// accessLogging: -// - providers: -// - name: envoy -// # By default, this turns on access logging (no need to set `disabled: false`). -// # Unspecified `disabled` will be treated as `disabled: false`, except in -// # cases where a parent configuration has marked as `disabled: true`. In -// # those cases, `disabled: false` must be set explicitly to override. -// ``` -// -// Policy to disable access logging for the `foo` namespace: -// ```yaml -// apiVersion: telemetry.istio.io/v1 -// kind: Telemetry -// metadata: -// name: namespace-no-log -// namespace: foo -// spec: -// # no selector specified, applies to all workloads in the namespace -// accessLogging: -// - disabled: true -// ``` -// -package istio.telemetry.v1; - -option go_package = "istio.io/api/telemetry/v1"; - -// -// --> -// -message Telemetry { - // Optional. The selector decides where to apply the policy. - // If not set, the policy will be applied to all workloads in the - // same namespace as the policy. - // - // At most one of `selector` or `targetRefs` can be set for a given policy. - istio.type.v1beta1.WorkloadSelector selector = 1; - - // $hide_from_docs - istio.type.v1beta1.PolicyTargetReference targetRef = 5; - - // Optional. The targetRefs specifies a list of resources the policy should be - // applied to. The targeted resources specified will determine which workloads - // the policy applies to. - // - // Currently, the following resource attachment types are supported: - // * `kind: Gateway` with `group: gateway.networking.k8s.io` in the same namespace. - // * `kind: Service` with `""` in the same namespace. This type is only supported for waypoints. - // - // If not set, the policy is applied as defined by the selector. - // At most one of the selector and targetRefs can be set. - // - // NOTE: If you are using the `targetRefs` field in a multi-revision environment with Istio versions prior to 1.22, - // it is highly recommended that you pin the policy to a revision running 1.22+ via the `istio.io/rev` label. - // This is to prevent proxies connected to older control planes (that don't know about the `targetRefs` field) - // from misinterpreting the policy as namespace-wide during the upgrade process. - // - // NOTE: Waypoint proxies are required to use this field for policies to apply; `selector` policies will be ignored. - repeated istio.type.v1beta1.PolicyTargetReference targetRefs = 6; - - // Optional. Tracing configures the tracing behavior for all - // selected workloads. - repeated Tracing tracing = 2; - - // Optional. Metrics configures the metrics behavior for all - // selected workloads. - repeated Metrics metrics = 3; - - // Optional. Access logging configures the access logging behavior for all - // selected workloads. - repeated AccessLogging access_logging = 4; -} - -// Tracing configures tracing behavior for workloads within a mesh. -// It can be used to enable/disable tracing, as well as to set sampling -// rates and custom tag extraction. -// -// Tracing configuration support overrides of the fields `providers`, -// `random_sampling_percentage`, `disable_span_reporting`, and `custom_tags` at -// each level in the configuration hierarchy, with missing values filled in -// from parent resources. However, when specified, `custom_tags` will -// fully replace any values provided by parent configuration. -message Tracing { - - // TracingSelector provides a coarse-grained ability to configure tracing - // behavior based on certain traffic metadata (such as traffic direction). - message TracingSelector { - // This determines whether or not to apply the tracing configuration - // based on the direction of traffic relative to the proxied workload. - WorkloadMode mode = 1; - } - - // Allows tailoring of behavior to specific conditions. - TracingSelector match = 7; - - // Optional. Name of provider(s) to use for span reporting. If a provider is - // not specified, the [default tracing - // provider](https://istio.io/docs/reference/config/istio.mesh.v1alpha1/#MeshConfig-DefaultProviders) will be - // used. NOTE: At the moment, only a single provider can be specified in a - // given Tracing rule. - repeated ProviderRef providers = 2; - - // Controls the rate at which traffic will be selected for tracing if no - // prior sampling decision has been made. If a prior sampling decision has - // been made, that decision will be respected. However, if no sampling - // decision has been made (example: no `x-b3-sampled` tracing header was - // present in the requests), the traffic will be selected for telemetry - // generation at the percentage specified. - // - // Defaults to 0%. Valid values [0.00-100.00]. Can be specified in 0.01% - // increments. - // +kubebuilder:validation:Minimum=0 - // +kubebuilder:validation:Maximum=100 - google.protobuf.DoubleValue random_sampling_percentage = 3; - - // Controls span reporting. If set to true, no spans will be reported for - // impacted workloads. This does NOT impact context propagation or trace - // sampling behavior. - google.protobuf.BoolValue disable_span_reporting = 4; - - // CustomTag defines a tag to be added to a trace span that is based on - // an operator-supplied value. This value can either be a hard-coded value, - // a value taken from an environment variable known to the sidecar proxy, or - // from a request header. - // - // NOTE: when specified, `custom_tags` will fully replace any values provided - // by parent configuration. - message CustomTag { - oneof type { - // Literal adds the same, hard-coded value to each span. - Literal literal = 1; - // Environment adds the value of an environment variable to each span. - Environment environment = 2; - // RequestHeader adds the value of an header from the request to each - // span. - RequestHeader header = 3; - // TODO: add support for Metadata tags - } - } - - message Literal { - // The tag value to use. - // +kubebuilder:validation:MinLength=1 - string value = 1 [(google.api.field_behavior) = REQUIRED]; - } - - message Environment { - // Name of the environment variable from which to extract the tag value. - // +kubebuilder:validation:MinLength=1 - string name = 1 [(google.api.field_behavior) = REQUIRED]; - // Optional. If the environment variable is not found, this value will be - // used instead. - string default_value = 2; - } - - message RequestHeader { - // Name of the header from which to extract the tag value. - // +kubebuilder:validation:MinLength=1 - string name = 1 [(google.api.field_behavior) = REQUIRED]; - // Optional. If the header is not found, this value will be - // used instead. - string default_value = 2; - } - - // Optional. Configures additional custom tags to the generated trace spans. - map custom_tags = 5; - - // This value is true by default; Envoy decides whether or not to sample based - // on the value of the Request ID generated by Ingress in distributed tracing. - // The format of this Request ID is specific to Envoy, and if the Request ID - // generated by the proxy that receives user traffic first is not specific to - // Envoy, Envoy will break the trace because it cannot interpret the Request - // ID. By setting this value to false, we can prevent Envoy from sampling - // based on the Request ID. As a result, the trace will not be broken even if - // the Request ID is not in the Envoy format. [Trace Context - // Propagation](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/observability/tracing#trace-context-propagation) - // provides more information on Request ID handling. - // $hide_from_docs - // +cue-gen:Telemetry:releaseChannel:extended - google.protobuf.BoolValue use_request_id_for_trace_sampling = 6; -} - -// Used to bind Telemetry configuration to specific providers for -// targeted customization. -message ProviderRef { - // Required. Name of Telemetry provider in [MeshConfig](https://istio.io/latest/docs/reference/config/istio.mesh.v1alpha1/#MeshConfig-ExtensionProvider). - // +kubebuilder:validation:MinLength=1 - string name = 1 [(google.api.field_behavior) = REQUIRED]; -} - -// Metrics defines the workload-level overrides for metrics generation behavior -// within a mesh. It can be used to enable/disable metrics generation, as well -// as to customize the dimensions of the generated metrics. -message Metrics { - // Optional. Name of providers to which this configuration should apply. - // If a provider is not specified, the [default metrics - // provider](https://istio.io/docs/reference/config/istio.mesh.v1alpha1/#MeshConfig-DefaultProviders) will be - // used. - repeated ProviderRef providers = 1; - - // Optional. Ordered list of overrides to metrics generation behavior. - // - // Specified overrides will be applied in order. They will be applied on - // top of inherited overrides from other resources in the hierarchy in the - // following order: - // 1. Mesh-scoped overrides - // 2. Namespace-scoped overrides - // 3. Workload-scoped overrides - // - // Because overrides are applied in order, users are advised to order their - // overrides from least specific to most specific matches. That is, it is - // a best practice to list any universal overrides first, with tailored - // overrides following them. - repeated MetricsOverrides overrides = 2; - - // Optional. Reporting interval allows configuration of the time between calls out to for metrics reporting. - // This currently only supports TCP metrics but we may use this for long duration HTTP streams in the future. - // The default duration is `5s`. - // +cue-gen:Telemetry:releaseChannel:extended - google.protobuf.Duration reporting_interval = 3; -} - -// WorkloadMode allows selection of the role of the underlying workload in -// network traffic. A workload is considered as acting as a `SERVER` if it is -// the destination of the traffic (that is, traffic direction, from the -// perspective of the workload is *inbound*). If the workload is the source of -// the network traffic, it is considered to be in `CLIENT` mode (traffic is -// *outbound* from the workload). -enum WorkloadMode { - // Selects for scenarios when the workload is either the - // source or destination of the network traffic. - CLIENT_AND_SERVER = 0; - - // Selects for scenarios when the workload is the - // source of the network traffic. - CLIENT = 1; - - // Selects for scenarios when the workload is the - // destination of the network traffic. - SERVER = 2; -} - -// Provides a mechanism for matching metrics for the application of override -// behaviors. -message MetricSelector { - // Curated list of known metric types that is supported by Istio metric - // providers. See also: - // https://istio.io/latest/docs/reference/config/metrics/#metrics - enum IstioMetric { - // Use of this enum indicates that the override should apply to all Istio - // default metrics. - ALL_METRICS = 0; - - // Counter of requests to/from an application, generated for HTTP, HTTP/2, - // and GRPC traffic. - // - // The Prometheus provider exports this metric as: `istio_requests_total`. - // - // The Stackdriver provider exports this metric as: - // - // - `istio.io/service/server/request_count` (SERVER mode) - // - `istio.io/service/client/request_count` (CLIENT mode) - REQUEST_COUNT = 1; - - // Histogram of request durations, generated for HTTP, HTTP/2, and GRPC - // traffic. - // - // The Prometheus provider exports this metric as: - // `istio_request_duration_milliseconds`. - // - // The Stackdriver provider exports this metric as: - // - // - `istio.io/service/server/response_latencies` (SERVER mode) - // - `istio.io/service/client/roundtrip_latencies` (CLIENT mode) - REQUEST_DURATION = 2; - - // Histogram of request body sizes, generated for HTTP, HTTP/2, and GRPC - // traffic. - // - // The Prometheus provider exports this metric as: `istio_request_bytes`. - // - // The Stackdriver provider exports this metric as: - // - // - `istio.io/service/server/request_bytes` (SERVER mode) - // - `istio.io/service/client/request_bytes` (CLIENT mode) - REQUEST_SIZE = 3; - - // Histogram of response body sizes, generated for HTTP, HTTP/2, and GRPC - // traffic. - // - // The Prometheus provider exports this metric as: `istio_response_bytes`. - // - // The Stackdriver provider exports this metric as: - // - // - `istio.io/service/server/response_bytes` (SERVER mode) - // - `istio.io/service/client/response_bytes` (CLIENT mode) - RESPONSE_SIZE = 4; - - // Counter of TCP connections opened over lifetime of workload. - // - // The Prometheus provider exports this metric as: - // `istio_tcp_connections_opened_total`. - // - // The Stackdriver provider exports this metric as: - // - // - `istio.io/service/server/connection_open_count` (SERVER mode) - // - `istio.io/service/client/connection_open_count` (CLIENT mode) - TCP_OPENED_CONNECTIONS = 5; - - // Counter of TCP connections closed over lifetime of workload. - // - // The Prometheus provider exports this metric as: - // `istio_tcp_connections_closed_total`. - // - // The Stackdriver provider exports this metric as: - // - // - `istio.io/service/server/connection_close_count` (SERVER mode) - // - `istio.io/service/client/connection_close_count` (CLIENT mode) - TCP_CLOSED_CONNECTIONS = 6; - - // Counter of bytes sent during a response over a TCP connection. - // - // The Prometheus provider exports this metric as: - // `istio_tcp_sent_bytes_total`. - // - // The Stackdriver provider exports this metric as: - // - // - `istio.io/service/server/sent_bytes_count` (SERVER mode) - // - `istio.io/service/client/sent_bytes_count` (CLIENT mode) - TCP_SENT_BYTES = 7; - - // Counter of bytes received during a request over a TCP connection. - // - // The Prometheus provider exports this metric as: - // `istio_tcp_received_bytes_total`. - // - // The Stackdriver provider exports this metric as: - // - // - `istio.io/service/server/received_bytes_count` (SERVER mode) - // - `istio.io/service/client/received_bytes_count` (CLIENT mode) - TCP_RECEIVED_BYTES = 8; - - // Counter incremented for every gRPC messages sent from a client. - // - // The Prometheus provider exports this metric as: - // `istio_request_messages_total` - GRPC_REQUEST_MESSAGES = 9; - - // Counter incremented for every gRPC messages sent from a server. - // - // The Prometheus provider exports this metric as: - // `istio_response_messages_total` - GRPC_RESPONSE_MESSAGES = 10; - } - - // Controls which metric(s) are selected by the selector. - oneof metric_match { - // One of the well-known [Istio Standard Metrics](https://istio.io/latest/docs/reference/config/metrics/). - IstioMetric metric = 1; - - // Allows free-form specification of a metric. No validation of custom - // metrics is provided. - // +kubebuilder:validation:MinLength=1 - string custom_metric = 2; - } - - // Controls which mode of metrics generation is selected: `CLIENT`, `SERVER`, - // or `CLIENT_AND_SERVER`. - WorkloadMode mode = 3; -} - -// MetricsOverrides defines custom metric generation behavior for an individual -// metric or the set of all standard metrics. -message MetricsOverrides { - - // Match allows providing the scope of the override. It can be used to select - // individual metrics, as well as the workload modes (server, client, or both) - // in which the metrics will be generated. - // - // If match is not specified, the overrides will apply to *all* metrics for - // *both* modes of operation (client and server). - MetricSelector match = 1; - - // Optional. Must explicitly set this to `true` to turn off metrics reporting - // for the listed metrics. If disabled has been set to `true` in a parent - // configuration, it must explicitly be set to `false` to turn metrics - // reporting on in the workloads selected by the Telemetry resource. - google.protobuf.BoolValue disabled = 2; - - // TagOverride specifies an operation to perform on a metric dimension (also - // known as a `label`). Tags may be added, removed, or have their default - // values overridden. - // +kubebuilder:validation:XValidation:message="value must be set when operation is UPSERT",rule="((has(self.operation) ? self.operation : '') == 'UPSERT') ? self.value != '' : true" - // +kubebuilder:validation:XValidation:message="value must not be set when operation is REMOVE",rule="((has(self.operation) ? self.operation : '') == 'REMOVE') ? !has(self.value) : true" - message TagOverride { - enum Operation { - // Insert or Update the tag with the provided value expression. The - // `value` field MUST be specified if `UPSERT` is used as the operation. - UPSERT = 0; - - // Specifies that the tag should not be included in the metric when - // generated. - REMOVE = 1; - } - - // Operation controls whether or not to update/add a tag, or to remove it. - Operation operation = 1; - - // Value is only considered if the operation is `UPSERT`. - // Values are [CEL expressions](https://opensource.google/projects/cel) over - // attributes. Examples include: `string(destination.port)` and - // `request.host`. Istio exposes all standard [Envoy - // attributes](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/advanced/attributes). - // Additionally, Istio exposes node metadata as attributes. - // More information is provided in the [customization - // docs](https://istio.io/latest/docs/tasks/observability/metrics/customize-metrics/#use-expressions-for-values). - string value = 2; - } - - // Optional. Collection of tag names and tag expressions to override in the - // selected metric(s). - // The key in the map is the name of the tag. - // The value in the map is the operation to perform on the the tag. - // WARNING: some providers may not support adding/removing tags. - // See also: https://istio.io/latest/docs/reference/config/metrics/#labels - map tag_overrides = 3; -} - -// Access logging defines the workload-level overrides for access log -// generation. It can be used to select provider or enable/disable access log -// generation for a workload. -message AccessLogging { - - // LogSelector provides a coarse-grained ability to configure logging behavior - // based on certain traffic metadata (such as traffic direction). LogSelector - // applies to traffic metadata which is not represented in the attribute set - // currently supported by [filters](https://istio.io/latest/docs/reference/config/telemetry/#AccessLogging-Filter). - // It allows control planes to limit the configuration sent to individual workloads. - // Finer-grained logging behavior can be further configured via `filter`. - message LogSelector { - // This determines whether or not to apply the access logging configuration - // based on the direction of traffic relative to the proxied workload. - WorkloadMode mode = 1; - } - - // Allows tailoring of logging behavior to specific conditions. - LogSelector match = 4; - - // Optional. Name of providers to which this configuration should apply. - // If a provider is not specified, the [default logging - // provider](https://istio.io/docs/reference/config/istio.mesh.v1alpha1/#MeshConfig-DefaultProviders) will be used. - repeated ProviderRef providers = 1; - - // Controls logging. If set to true, no access logs will be generated for - // impacted workloads (for the specified providers). - // NOTE: currently default behavior will be controlled by the provider(s) - // selected above. Customization controls will be added to this API in - // future releases. - google.protobuf.BoolValue disabled = 2; - - // Allows specification of an access log filter. - message Filter { - // CEL expression for selecting when requests/connections should be logged. - // - // Examples: - // - // - `response.code >= 400` - // - `connection.mtls && request.url_path.contains('v1beta3')` - // - `!has(request.useragent) || !(request.useragent.startsWith("Amazon-Route53-Health-Check-Service"))` - string expression = 1; - } - - // Optional. If specified, this filter will be used to select specific - // requests/connections for logging. - // +cue-gen:Telemetry:releaseChannel:extended - Filter filter = 3; -} diff --git a/telemetry/v1/telemetry_alias.gen.go b/telemetry/v1/telemetry_alias.gen.go new file mode 100644 index 00000000000..5277285eeee --- /dev/null +++ b/telemetry/v1/telemetry_alias.gen.go @@ -0,0 +1,49 @@ +// Code generated by protoc-gen-alias. DO NOT EDIT. +package v1 + +import "istio.io/api/telemetry/v1alpha1" + +type Telemetry = v1alpha1.Telemetry +type Tracing = v1alpha1.Tracing +type Tracing_TracingSelector = v1alpha1.Tracing_TracingSelector +type Tracing_CustomTag = v1alpha1.Tracing_CustomTag +type Tracing_CustomTag_Literal = v1alpha1.Tracing_CustomTag_Literal +type Tracing_CustomTag_Environment = v1alpha1.Tracing_CustomTag_Environment +type Tracing_CustomTag_Header = v1alpha1.Tracing_CustomTag_Header +type Tracing_Literal = v1alpha1.Tracing_Literal +type Tracing_Environment = v1alpha1.Tracing_Environment +type Tracing_RequestHeader = v1alpha1.Tracing_RequestHeader +type ProviderRef = v1alpha1.ProviderRef +type Metrics = v1alpha1.Metrics +type MetricSelector = v1alpha1.MetricSelector +type MetricSelector_IstioMetric = v1alpha1.MetricSelector_IstioMetric + +const MetricSelector_ALL_METRICS MetricSelector_IstioMetric = v1alpha1.MetricSelector_ALL_METRICS +const MetricSelector_REQUEST_COUNT MetricSelector_IstioMetric = v1alpha1.MetricSelector_REQUEST_COUNT +const MetricSelector_REQUEST_DURATION MetricSelector_IstioMetric = v1alpha1.MetricSelector_REQUEST_DURATION +const MetricSelector_REQUEST_SIZE MetricSelector_IstioMetric = v1alpha1.MetricSelector_REQUEST_SIZE +const MetricSelector_RESPONSE_SIZE MetricSelector_IstioMetric = v1alpha1.MetricSelector_RESPONSE_SIZE +const MetricSelector_TCP_OPENED_CONNECTIONS MetricSelector_IstioMetric = v1alpha1.MetricSelector_TCP_OPENED_CONNECTIONS +const MetricSelector_TCP_CLOSED_CONNECTIONS MetricSelector_IstioMetric = v1alpha1.MetricSelector_TCP_CLOSED_CONNECTIONS +const MetricSelector_TCP_SENT_BYTES MetricSelector_IstioMetric = v1alpha1.MetricSelector_TCP_SENT_BYTES +const MetricSelector_TCP_RECEIVED_BYTES MetricSelector_IstioMetric = v1alpha1.MetricSelector_TCP_RECEIVED_BYTES +const MetricSelector_GRPC_REQUEST_MESSAGES MetricSelector_IstioMetric = v1alpha1.MetricSelector_GRPC_REQUEST_MESSAGES +const MetricSelector_GRPC_RESPONSE_MESSAGES MetricSelector_IstioMetric = v1alpha1.MetricSelector_GRPC_RESPONSE_MESSAGES + +type MetricSelector_Metric = v1alpha1.MetricSelector_Metric +type MetricSelector_CustomMetric = v1alpha1.MetricSelector_CustomMetric +type MetricsOverrides = v1alpha1.MetricsOverrides +type MetricsOverrides_TagOverride = v1alpha1.MetricsOverrides_TagOverride +type MetricsOverrides_TagOverride_Operation = v1alpha1.MetricsOverrides_TagOverride_Operation + +const MetricsOverrides_TagOverride_UPSERT MetricsOverrides_TagOverride_Operation = v1alpha1.MetricsOverrides_TagOverride_UPSERT +const MetricsOverrides_TagOverride_REMOVE MetricsOverrides_TagOverride_Operation = v1alpha1.MetricsOverrides_TagOverride_REMOVE + +type AccessLogging = v1alpha1.AccessLogging +type AccessLogging_LogSelector = v1alpha1.AccessLogging_LogSelector +type AccessLogging_Filter = v1alpha1.AccessLogging_Filter +type WorkloadMode = v1alpha1.WorkloadMode + +const WorkloadMode_CLIENT_AND_SERVER WorkloadMode = v1alpha1.WorkloadMode_CLIENT_AND_SERVER +const WorkloadMode_CLIENT WorkloadMode = v1alpha1.WorkloadMode_CLIENT +const WorkloadMode_SERVER WorkloadMode = v1alpha1.WorkloadMode_SERVER diff --git a/telemetry/v1/telemetry_deepcopy.gen.go b/telemetry/v1/telemetry_deepcopy.gen.go deleted file mode 100644 index 5aaaa54d188..00000000000 --- a/telemetry/v1/telemetry_deepcopy.gen.go +++ /dev/null @@ -1,321 +0,0 @@ -// Code generated by protoc-gen-deepcopy. DO NOT EDIT. -package v1 - -import ( - proto "google.golang.org/protobuf/proto" -) - -// DeepCopyInto supports using Telemetry within kubernetes types, where deepcopy-gen is used. -func (in *Telemetry) DeepCopyInto(out *Telemetry) { - p := proto.Clone(in).(*Telemetry) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Telemetry. Required by controller-gen. -func (in *Telemetry) DeepCopy() *Telemetry { - if in == nil { - return nil - } - out := new(Telemetry) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Telemetry. Required by controller-gen. -func (in *Telemetry) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using Tracing within kubernetes types, where deepcopy-gen is used. -func (in *Tracing) DeepCopyInto(out *Tracing) { - p := proto.Clone(in).(*Tracing) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Tracing. Required by controller-gen. -func (in *Tracing) DeepCopy() *Tracing { - if in == nil { - return nil - } - out := new(Tracing) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Tracing. Required by controller-gen. -func (in *Tracing) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using Tracing_TracingSelector within kubernetes types, where deepcopy-gen is used. -func (in *Tracing_TracingSelector) DeepCopyInto(out *Tracing_TracingSelector) { - p := proto.Clone(in).(*Tracing_TracingSelector) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Tracing_TracingSelector. Required by controller-gen. -func (in *Tracing_TracingSelector) DeepCopy() *Tracing_TracingSelector { - if in == nil { - return nil - } - out := new(Tracing_TracingSelector) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Tracing_TracingSelector. Required by controller-gen. -func (in *Tracing_TracingSelector) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using Tracing_CustomTag within kubernetes types, where deepcopy-gen is used. -func (in *Tracing_CustomTag) DeepCopyInto(out *Tracing_CustomTag) { - p := proto.Clone(in).(*Tracing_CustomTag) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Tracing_CustomTag. Required by controller-gen. -func (in *Tracing_CustomTag) DeepCopy() *Tracing_CustomTag { - if in == nil { - return nil - } - out := new(Tracing_CustomTag) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Tracing_CustomTag. Required by controller-gen. -func (in *Tracing_CustomTag) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using Tracing_Literal within kubernetes types, where deepcopy-gen is used. -func (in *Tracing_Literal) DeepCopyInto(out *Tracing_Literal) { - p := proto.Clone(in).(*Tracing_Literal) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Tracing_Literal. Required by controller-gen. -func (in *Tracing_Literal) DeepCopy() *Tracing_Literal { - if in == nil { - return nil - } - out := new(Tracing_Literal) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Tracing_Literal. Required by controller-gen. -func (in *Tracing_Literal) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using Tracing_Environment within kubernetes types, where deepcopy-gen is used. -func (in *Tracing_Environment) DeepCopyInto(out *Tracing_Environment) { - p := proto.Clone(in).(*Tracing_Environment) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Tracing_Environment. Required by controller-gen. -func (in *Tracing_Environment) DeepCopy() *Tracing_Environment { - if in == nil { - return nil - } - out := new(Tracing_Environment) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Tracing_Environment. Required by controller-gen. -func (in *Tracing_Environment) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using Tracing_RequestHeader within kubernetes types, where deepcopy-gen is used. -func (in *Tracing_RequestHeader) DeepCopyInto(out *Tracing_RequestHeader) { - p := proto.Clone(in).(*Tracing_RequestHeader) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Tracing_RequestHeader. Required by controller-gen. -func (in *Tracing_RequestHeader) DeepCopy() *Tracing_RequestHeader { - if in == nil { - return nil - } - out := new(Tracing_RequestHeader) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Tracing_RequestHeader. Required by controller-gen. -func (in *Tracing_RequestHeader) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using ProviderRef within kubernetes types, where deepcopy-gen is used. -func (in *ProviderRef) DeepCopyInto(out *ProviderRef) { - p := proto.Clone(in).(*ProviderRef) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProviderRef. Required by controller-gen. -func (in *ProviderRef) DeepCopy() *ProviderRef { - if in == nil { - return nil - } - out := new(ProviderRef) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ProviderRef. Required by controller-gen. -func (in *ProviderRef) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using Metrics within kubernetes types, where deepcopy-gen is used. -func (in *Metrics) DeepCopyInto(out *Metrics) { - p := proto.Clone(in).(*Metrics) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Metrics. Required by controller-gen. -func (in *Metrics) DeepCopy() *Metrics { - if in == nil { - return nil - } - out := new(Metrics) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Metrics. Required by controller-gen. -func (in *Metrics) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using MetricSelector within kubernetes types, where deepcopy-gen is used. -func (in *MetricSelector) DeepCopyInto(out *MetricSelector) { - p := proto.Clone(in).(*MetricSelector) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MetricSelector. Required by controller-gen. -func (in *MetricSelector) DeepCopy() *MetricSelector { - if in == nil { - return nil - } - out := new(MetricSelector) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new MetricSelector. Required by controller-gen. -func (in *MetricSelector) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using MetricsOverrides within kubernetes types, where deepcopy-gen is used. -func (in *MetricsOverrides) DeepCopyInto(out *MetricsOverrides) { - p := proto.Clone(in).(*MetricsOverrides) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MetricsOverrides. Required by controller-gen. -func (in *MetricsOverrides) DeepCopy() *MetricsOverrides { - if in == nil { - return nil - } - out := new(MetricsOverrides) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new MetricsOverrides. Required by controller-gen. -func (in *MetricsOverrides) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using MetricsOverrides_TagOverride within kubernetes types, where deepcopy-gen is used. -func (in *MetricsOverrides_TagOverride) DeepCopyInto(out *MetricsOverrides_TagOverride) { - p := proto.Clone(in).(*MetricsOverrides_TagOverride) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MetricsOverrides_TagOverride. Required by controller-gen. -func (in *MetricsOverrides_TagOverride) DeepCopy() *MetricsOverrides_TagOverride { - if in == nil { - return nil - } - out := new(MetricsOverrides_TagOverride) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new MetricsOverrides_TagOverride. Required by controller-gen. -func (in *MetricsOverrides_TagOverride) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using AccessLogging within kubernetes types, where deepcopy-gen is used. -func (in *AccessLogging) DeepCopyInto(out *AccessLogging) { - p := proto.Clone(in).(*AccessLogging) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessLogging. Required by controller-gen. -func (in *AccessLogging) DeepCopy() *AccessLogging { - if in == nil { - return nil - } - out := new(AccessLogging) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new AccessLogging. Required by controller-gen. -func (in *AccessLogging) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using AccessLogging_LogSelector within kubernetes types, where deepcopy-gen is used. -func (in *AccessLogging_LogSelector) DeepCopyInto(out *AccessLogging_LogSelector) { - p := proto.Clone(in).(*AccessLogging_LogSelector) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessLogging_LogSelector. Required by controller-gen. -func (in *AccessLogging_LogSelector) DeepCopy() *AccessLogging_LogSelector { - if in == nil { - return nil - } - out := new(AccessLogging_LogSelector) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new AccessLogging_LogSelector. Required by controller-gen. -func (in *AccessLogging_LogSelector) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using AccessLogging_Filter within kubernetes types, where deepcopy-gen is used. -func (in *AccessLogging_Filter) DeepCopyInto(out *AccessLogging_Filter) { - p := proto.Clone(in).(*AccessLogging_Filter) - *out = *p -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessLogging_Filter. Required by controller-gen. -func (in *AccessLogging_Filter) DeepCopy() *AccessLogging_Filter { - if in == nil { - return nil - } - out := new(AccessLogging_Filter) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new AccessLogging_Filter. Required by controller-gen. -func (in *AccessLogging_Filter) DeepCopyInterface() interface{} { - return in.DeepCopy() -} diff --git a/telemetry/v1/telemetry_json.gen.go b/telemetry/v1/telemetry_json.gen.go deleted file mode 100644 index 27b923c0047..00000000000 --- a/telemetry/v1/telemetry_json.gen.go +++ /dev/null @@ -1,177 +0,0 @@ -// Code generated by protoc-gen-jsonshim. DO NOT EDIT. -package v1 - -import ( - bytes "bytes" - jsonpb "github.com/golang/protobuf/jsonpb" -) - -// MarshalJSON is a custom marshaler for Telemetry -func (this *Telemetry) MarshalJSON() ([]byte, error) { - str, err := TelemetryMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for Telemetry -func (this *Telemetry) UnmarshalJSON(b []byte) error { - return TelemetryUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for Tracing -func (this *Tracing) MarshalJSON() ([]byte, error) { - str, err := TelemetryMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for Tracing -func (this *Tracing) UnmarshalJSON(b []byte) error { - return TelemetryUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for Tracing_TracingSelector -func (this *Tracing_TracingSelector) MarshalJSON() ([]byte, error) { - str, err := TelemetryMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for Tracing_TracingSelector -func (this *Tracing_TracingSelector) UnmarshalJSON(b []byte) error { - return TelemetryUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for Tracing_CustomTag -func (this *Tracing_CustomTag) MarshalJSON() ([]byte, error) { - str, err := TelemetryMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for Tracing_CustomTag -func (this *Tracing_CustomTag) UnmarshalJSON(b []byte) error { - return TelemetryUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for Tracing_Literal -func (this *Tracing_Literal) MarshalJSON() ([]byte, error) { - str, err := TelemetryMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for Tracing_Literal -func (this *Tracing_Literal) UnmarshalJSON(b []byte) error { - return TelemetryUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for Tracing_Environment -func (this *Tracing_Environment) MarshalJSON() ([]byte, error) { - str, err := TelemetryMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for Tracing_Environment -func (this *Tracing_Environment) UnmarshalJSON(b []byte) error { - return TelemetryUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for Tracing_RequestHeader -func (this *Tracing_RequestHeader) MarshalJSON() ([]byte, error) { - str, err := TelemetryMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for Tracing_RequestHeader -func (this *Tracing_RequestHeader) UnmarshalJSON(b []byte) error { - return TelemetryUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for ProviderRef -func (this *ProviderRef) MarshalJSON() ([]byte, error) { - str, err := TelemetryMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for ProviderRef -func (this *ProviderRef) UnmarshalJSON(b []byte) error { - return TelemetryUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for Metrics -func (this *Metrics) MarshalJSON() ([]byte, error) { - str, err := TelemetryMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for Metrics -func (this *Metrics) UnmarshalJSON(b []byte) error { - return TelemetryUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for MetricSelector -func (this *MetricSelector) MarshalJSON() ([]byte, error) { - str, err := TelemetryMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for MetricSelector -func (this *MetricSelector) UnmarshalJSON(b []byte) error { - return TelemetryUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for MetricsOverrides -func (this *MetricsOverrides) MarshalJSON() ([]byte, error) { - str, err := TelemetryMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for MetricsOverrides -func (this *MetricsOverrides) UnmarshalJSON(b []byte) error { - return TelemetryUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for MetricsOverrides_TagOverride -func (this *MetricsOverrides_TagOverride) MarshalJSON() ([]byte, error) { - str, err := TelemetryMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for MetricsOverrides_TagOverride -func (this *MetricsOverrides_TagOverride) UnmarshalJSON(b []byte) error { - return TelemetryUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for AccessLogging -func (this *AccessLogging) MarshalJSON() ([]byte, error) { - str, err := TelemetryMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for AccessLogging -func (this *AccessLogging) UnmarshalJSON(b []byte) error { - return TelemetryUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for AccessLogging_LogSelector -func (this *AccessLogging_LogSelector) MarshalJSON() ([]byte, error) { - str, err := TelemetryMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for AccessLogging_LogSelector -func (this *AccessLogging_LogSelector) UnmarshalJSON(b []byte) error { - return TelemetryUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -// MarshalJSON is a custom marshaler for AccessLogging_Filter -func (this *AccessLogging_Filter) MarshalJSON() ([]byte, error) { - str, err := TelemetryMarshaler.MarshalToString(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for AccessLogging_Filter -func (this *AccessLogging_Filter) UnmarshalJSON(b []byte) error { - return TelemetryUnmarshaler.Unmarshal(bytes.NewReader(b), this) -} - -var ( - TelemetryMarshaler = &jsonpb.Marshaler{} - TelemetryUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} -) diff --git a/telemetry/v1alpha1/telemetry.pb.go b/telemetry/v1alpha1/telemetry.pb.go index f936aaa7fc9..de92075a4df 100644 --- a/telemetry/v1alpha1/telemetry.pb.go +++ b/telemetry/v1alpha1/telemetry.pb.go @@ -544,9 +544,6 @@ func (MetricsOverrides_TagOverride_Operation) EnumDescriptor() ([]byte, []int) { // +genclient // +k8s:deepcopy-gen=true // --> -// type Telemetry struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache diff --git a/telemetry/v1alpha1/telemetry.proto b/telemetry/v1alpha1/telemetry.proto index ff83cef6fa1..6a6c9b29885 100644 --- a/telemetry/v1alpha1/telemetry.proto +++ b/telemetry/v1alpha1/telemetry.proto @@ -258,9 +258,6 @@ option go_package = "istio.io/api/telemetry/v1alpha1"; // +genclient // +k8s:deepcopy-gen=true // --> -// message Telemetry { // Optional. The selector decides where to apply the policy. // If not set, the policy will be applied to all workloads in the