Packages:
config.openservicemesh.io/v1alpha2
Package v1alpha2 is the v1alpha2 version of the API.
CertificateSpec
(Appears on:MeshConfigSpec)
CertificateSpec is the type to reperesent OSM’s certificate management configuration.
Field | Description |
---|---|
serviceCertValidityDuration string |
ServiceCertValidityDuration defines the service certificate validity duration. |
certKeyBitSize int |
CertKeyBitSize defines the certicate key bit size. |
ingressGateway IngressGatewayCertSpec |
(Optional)
IngressGateway defines the certificate specification for an ingress gateway. |
ClusterSpec
(Appears on:MultiClusterServiceSpec)
ClusterSpec is the type used to represent a remote cluster in multicluster scenarios.
Field | Description |
---|---|
address string |
Address defines the remote IP address of the gateway |
name string |
Name defines the name of the remote cluster. |
weight int |
Weight defines the load balancing weight of the remote cluster |
priority int |
Priority defines the priority of the remote cluster in locality based load balancing |
ExternalAuthzSpec
(Appears on:TrafficSpec)
ExternalAuthzSpec is a type to represent external authorization configuration.
Field | Description |
---|---|
enable bool |
Enable defines a boolean indicating if the external authorization policy is to be enabled. |
address string |
Address defines the remote address of the external authorization endpoint. |
port uint16 |
Port defines the destination port of the remote external authorization endpoint. |
statPrefix string |
StatPrefix defines a prefix for the stats sink for this external authorization policy. |
timeout string |
Timeout defines the timeout in which a response from the external authorization endpoint. is expected to execute. |
failureModeAllow bool |
FailureModeAllow defines a boolean indicating if traffic should be allowed on a failure to get a response against the external authorization endpoint. |
FeatureFlags
(Appears on:MeshConfigSpec)
FeatureFlags is a type to represent OSM’s feature flags.
Field | Description |
---|---|
enableWASMStats bool |
EnableWASMStats defines if WASM Stats are enabled. |
enableEgressPolicy bool |
EnableEgressPolicy defines if OSM’s Egress policy is enabled. |
enableMulticlusterMode bool |
EnableMulticlusterMode defines if Multicluster mode is enabled. |
enableSnapshotCacheMode bool |
EnableSnapshotCacheMode defines if XDS server starts with snapshot cache. |
enableAsyncProxyServiceMapping bool |
EnableAsyncProxyServiceMapping defines if OSM will map proxies to services asynchronously. |
enableIngressBackendPolicy bool |
EnableIngressBackendPolicy defines if OSM will use the IngressBackend API to allow ingress traffic to service mesh backends. |
enableEnvoyActiveHealthChecks bool |
EnableEnvoyActiveHealthChecks defines if OSM will Envoy active health checks between services allowed to communicate. |
enableRetryPolicy bool |
EnableRetryPolicy defines if retry policy is enabled. |
IngressGatewayCertSpec
(Appears on:CertificateSpec)
IngressGatewayCertSpec is the type to represent the certificate specification for an ingress gateway.
Field | Description |
---|---|
subjectAltNames []string |
SubjectAltNames defines the Subject Alternative Names (domain names and IP addresses) secured by the certificate. |
validityDuration string |
ValidityDuration defines the validity duration of the certificate. |
secret Kubernetes core/v1.SecretReference |
Secret defines the secret in which the certificate is stored. |
MeshConfig
MeshConfig is the type used to represent the mesh configuration.
Field | Description | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta |
(Optional)
Object’s metadata. Refer to the Kubernetes API documentation for the fields of themetadata field.
|
||||||||||
spec MeshConfigSpec |
(Optional)
Spec is the MeshConfig specification.
|
MeshConfigSpec
(Appears on:MeshConfig)
MeshConfigSpec is the spec for OSM’s configuration.
Field | Description |
---|---|
sidecar SidecarSpec |
Sidecar defines the configurations of the proxy sidecar in a mesh. |
traffic TrafficSpec |
Traffic defines the traffic management configurations for a mesh instance. |
observability ObservabilitySpec |
Observalility defines the observability configurations for a mesh instance. |
certificate CertificateSpec |
Certificate defines the certificate management configurations for a mesh instance. |
featureFlags FeatureFlags |
FeatureFlags defines the feature flags for a mesh instance. |
MultiClusterService
MultiClusterService is the type used to represent the multicluster configuration. MultiClusterService name needs to match the name of the service backing the pods in each cluster.
Field | Description | ||||||
---|---|---|---|---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta |
(Optional)
Object’s metadata. Refer to the Kubernetes API documentation for the fields of themetadata field.
|
||||||
spec MultiClusterServiceSpec |
Spec is the MultiClusterService specification.
|
MultiClusterServiceSpec
(Appears on:MultiClusterService)
MultiClusterServiceSpec is the type used to represent the multicluster service specification.
Field | Description |
---|---|
clusters []ClusterSpec |
ClusterSpec defines the configuration of other clusters |
serviceAccount string |
ServiceAccount represents the service account of the multicluster service. |
ports []PortSpec |
Ports is the list of ports exported by this service. |
ObservabilitySpec
(Appears on:MeshConfigSpec)
ObservabilitySpec is the type to represent OSM’s observability configurations.
Field | Description |
---|---|
osmLogLevel string |
OSMLogLevel defines the log level for OSM control plane logs. |
enableDebugServer bool |
EnableDebugServer defines if the debug endpoint on the OSM controller pod is enabled. |
tracing TracingSpec |
Tracing defines OSM’s tracing configuration. |
PortSpec
(Appears on:MultiClusterServiceSpec)
PortSpec contains information on service’s port.
Field | Description |
---|---|
Port uint32 |
The port that will be exposed by this service. |
Protocol string |
Protocol is The IP protocol for this port. Supports “TCP”, “UDP”, and “SCTP”. Default is TCP. |
SidecarSpec
(Appears on:MeshConfigSpec)
SidecarSpec is the type used to represent the specifications for the proxy sidecar.
Field | Description |
---|---|
enablePrivilegedInitContainer bool |
EnablePrivilegedInitContainer defines a boolean indicating whether the init container for a meshed pod should run as privileged. |
logLevel string |
LogLevel defines the logging level for the sidecar’s logs. Non developers should generally never set this value. In production environments the LogLevel should be set to error. |
envoyImage string |
EnvoyImage defines the container image used for the Envoy proxy sidecar. |
envoyWindowsImage string |
EnvoyWindowsImage defines the windows container image used for the Envoy proxy sidecar. |
initContainerImage string |
InitContainerImage defines the container image used for the init container injected to meshed pods. |
maxDataPlaneConnections int |
MaxDataPlaneConnections defines the maximum allowed data plane connections from a proxy sidecar to the OSM controller. |
configResyncInterval string |
ConfigResyncInterval defines the resync interval for regular proxy broadcast updates. |
resources Kubernetes core/v1.ResourceRequirements |
Resources defines the compute resources for the sidecar. |
tlsMinProtocolVersion string |
TLSMinProtocolVersion defines the minimum TLS protocol version that the sidecar supports. Valid TLS protocol versions are TLS_AUTO, TLSv1_0, TLSv1_1, TLSv1_2 and TLSv1_3. |
tlsMaxProtocolVersion string |
TLSMaxProtocolVersion defines the maximum TLS protocol version that the sidecar supports. Valid TLS protocol versions are TLS_AUTO, TLSv1_0, TLSv1_1, TLSv1_2 and TLSv1_3. |
cipherSuites []string |
CipherSuites defines a list of ciphers that listener supports when negotiating TLS 1.0-1.2. This setting has no effect when negotiating TLS 1.3. For valid cipher names, see the latest OpenSSL ciphers manual page. E.g. https://www.openssl.org/docs/man1.1.1/apps/ciphers.html. |
ecdhCurves []string |
ECDHCurves defines a list of ECDH curves that TLS connection supports. If not specified, the curves are [X25519, P-256] for non-FIPS build and P-256 for builds using BoringSSL FIPS. |
TracingSpec
(Appears on:ObservabilitySpec)
TracingSpec is the type to represent OSM’s tracing configuration.
Field | Description |
---|---|
enable bool |
Enable defines a boolean indicating if the sidecars are enabled for tracing. |
port int16 |
Port defines the tracing collector’s port. |
address string |
Address defines the tracing collectio’s hostname. |
endpoint string |
Endpoint defines the API endpoint for tracing requests sent to the collector. |
TrafficSpec
(Appears on:MeshConfigSpec)
TrafficSpec is the type used to represent OSM’s traffic management configuration.
Field | Description |
---|---|
enableEgress bool |
EnableEgress defines a boolean indicating if mesh-wide Egress is enabled. |
outboundIPRangeExclusionList []string |
OutboundIPRangeExclusionList defines a global list of IP address ranges to exclude from outbound traffic interception by the sidecar proxy. |
outboundIPRangeInclusionList []string |
OutboundIPRangeInclusionList defines a global list of IP address ranges to include for outbound traffic interception by the sidecar proxy. IP addresses outside this range will be excluded from outbound traffic interception by the sidecar proxy. |
outboundPortExclusionList []int |
OutboundPortExclusionList defines a global list of ports to exclude from outbound traffic interception by the sidecar proxy. |
inboundPortExclusionList []int |
InboundPortExclusionList defines a global list of ports to exclude from inbound traffic interception by the sidecar proxy. |
enablePermissiveTrafficPolicyMode bool |
EnablePermissiveTrafficPolicyMode defines a boolean indicating if permissive traffic policy mode is enabled mesh-wide. |
inboundExternalAuthorization ExternalAuthzSpec |
InboundExternalAuthorization defines a ruleset that, if enabled, will configure a remote external authorization endpoint for all inbound and ingress traffic in the mesh. |
Generated with gen-crd-api-reference-docs
on git commit 11d0c2df
.
反馈
该内容是否有帮助?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.