You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Jul 11, 2023. It is now read-only.
Copy file name to clipboardExpand all lines: cmd/osm-bootstrap/crds/config_meshconfig.yaml
+1-245
Original file line number
Diff line number
Diff line change
@@ -31,253 +31,9 @@ spec:
31
31
singular: meshconfig
32
32
plural: meshconfigs
33
33
versions:
34
-
- name: v1alpha3
35
-
served: true
36
-
storage: true
37
-
schema:
38
-
openAPIV3Schema:
39
-
type: object
40
-
properties:
41
-
spec:
42
-
type: object
43
-
properties:
44
-
sidecar:
45
-
description: Configuration for Envoy sidecar
46
-
type: object
47
-
properties:
48
-
enablePrivilegedInitContainer:
49
-
description: Enables privileged init containers for pods in mesh. When false, init containers only have NET_ADMIN.
50
-
type: boolean
51
-
logLevel:
52
-
description: Sets the logging verbosity of Envoy proxy sidecar, only applicable to newly created pods joining the mesh.
53
-
type: string
54
-
enum:
55
-
- trace
56
-
- debug
57
-
- info
58
-
- warning
59
-
- warn
60
-
- error
61
-
- critical
62
-
- off
63
-
maxDataPlaneConnections:
64
-
description: Max allowed data plane sidecar connections
65
-
type: integer
66
-
envoyImage:
67
-
description: Image for the Envoy sidecar
68
-
type: string
69
-
envoyWindowsImage:
70
-
description: Image for the Envoy sidecar on Windows workers
71
-
type: string
72
-
initContainerImage:
73
-
description: Image for the init container
74
-
type: string
75
-
resources:
76
-
type: object
77
-
properties:
78
-
limits:
79
-
description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/"
80
-
type: object
81
-
additionalProperties: true
82
-
requests:
83
-
description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/"
84
-
type: object
85
-
additionalProperties: true
86
-
configResyncInterval:
87
-
description: Resync interval for regular proxy broadcast updates
88
-
type: string
89
-
tlsMinProtocolVersion:
90
-
description: The minimum TLS protocol version that the sidecar supports. Valid TLS protocol versions are TLS_AUTO, TLSv1_0, TLSv1_1, TLSv1_2 and TLSv1_3.
91
-
type: string
92
-
enum:
93
-
- TLS_AUTO
94
-
- TLSv1_0
95
-
- TLSv1_1
96
-
- TLSv1_2
97
-
- TLSv1_3
98
-
default: TLSv1_2
99
-
tlsMaxProtocolVersion:
100
-
description: The maximum TLS protocol version that the sidecar supports. Valid TLS protocol versions are TLS_AUTO, TLSv1_0, TLSv1_1, TLSv1_2 and TLSv1_3.
101
-
type: string
102
-
enum:
103
-
- TLS_AUTO
104
-
- TLSv1_0
105
-
- TLSv1_1
106
-
- TLSv1_2
107
-
- TLSv1_3
108
-
default: TLSv1_3
109
-
cipherSuites:
110
-
description: A list of ciphers that listener supports when negotiating TLS 1.0-1.2. This setting has no effect when negotiating TLS 1.3. For valid cipher names, see the latest OpenSSL ciphers manual page. E.g. https://www.openssl.org/docs/man1.1.1/apps/ciphers.html.
111
-
type: array
112
-
items:
113
-
type: string
114
-
ecdhCurves:
115
-
description: A list of ECDH curves that TLS connection supports. If not specified, the curves are [X25519, P-256] for non-FIPS build and P-256 for builds using BoringSSL FIPS.
116
-
type: array
117
-
items:
118
-
type: string
119
-
localProxyMode:
120
-
description: Sets the destination ip address the envoy proxy will use when connecting to the backend application. Acceptable values are [Localhost, PodIP]. The default value is Localhost
121
-
type: string
122
-
enum:
123
-
- Localhost
124
-
- PodIP
125
-
default: Localhost
126
-
traffic:
127
-
description: Configuration for traffic management
128
-
type: object
129
-
properties:
130
-
enableEgress:
131
-
description: Enables egress in the mesh
132
-
type: boolean
133
-
outboundIPRangeExclusionList:
134
-
description: Global list of IP address ranges to exclude from outbound traffic interception by the sidecar proxy.
135
-
type: array
136
-
items:
137
-
type: string
138
-
pattern: ((?:\d{1,3}\.){3}\d{1,3})\/(\d{1,2})$
139
-
outboundIPRangeInclusionList:
140
-
description: Global list of IP address ranges to include for outbound traffic interception by the sidecar proxy.
141
-
type: array
142
-
items:
143
-
type: string
144
-
pattern: ((?:\d{1,3}\.){3}\d{1,3})\/(\d{1,2})$
145
-
outboundPortExclusionList:
146
-
description: Global list of ports to exclude from outbound traffic interception by the sidecar proxy.
147
-
type: array
148
-
items:
149
-
type: integer
150
-
minimum: 1
151
-
maximum: 65535
152
-
inboundPortExclusionList:
153
-
description: Global list of ports to exclude from inbound traffic interception by the sidecar proxy.
154
-
type: array
155
-
items:
156
-
type: integer
157
-
minimum: 1
158
-
maximum: 65535
159
-
enablePermissiveTrafficPolicyMode:
160
-
description: True for allowing traffic to flow between client and service pods within the mesh without SMI traffic policies, i.e. no traffic policy enforcement in the mesh. If set to false, enables deny-all traffic policy in mesh i.e. an SMI Traffic Target is necessary for services to communicate.
161
-
type: boolean
162
-
inboundExternalAuthorization:
163
-
description: Configures external authorization for inbound and ingress connections.
164
-
type: object
165
-
properties:
166
-
enable:
167
-
description: Enables/disables the inbound external authorization policy if present.
168
-
type: boolean
169
-
address:
170
-
description: Target destination endpoint that will handle external authorization.
171
-
type: string
172
-
port:
173
-
description: Remote destination port for the external authorization endpoint.
174
-
type: integer
175
-
minimum: 1
176
-
maximum: 65535
177
-
statPrefix:
178
-
description: String prefix for inbound external authorization related metrics.
179
-
type: string
180
-
default: "inboundExtAuthz"
181
-
timeout:
182
-
description: Defines the timeout to consider for the remote endpoint to reply in time.
183
-
type: string
184
-
default: "1s"
185
-
failureModeAllow:
186
-
description: Allows specifying if traffic should succeed or fail if the external authorization endpoint fails to respond.
187
-
type: boolean
188
-
observability:
189
-
description: Configuration for observing the service mesh, including metrics, logs, tracing etc,.
190
-
type: object
191
-
properties:
192
-
osmLogLevel:
193
-
description: Allows setting OSM control plane log level at runtime
194
-
type: string
195
-
enableDebugServer:
196
-
description: Enables a debug endpoint on the osm-controller pod to list information regarding the mesh such as proxy connections, certificates, and SMI policies.
197
-
type: boolean
198
-
tracing:
199
-
description: Configuration for distributed tracing
200
-
type: object
201
-
properties:
202
-
enable:
203
-
description: Enables Jaeger tracing for the mesh.
204
-
type: boolean
205
-
port:
206
-
description: Port on which tracing is enabled.
207
-
type: integer
208
-
address:
209
-
description: Address of Jaeger tracing deployment, if tracing is enabled.
210
-
type: string
211
-
endpoint:
212
-
description: Endpoint for tracing data, if tracing is enabled.
213
-
type: string
214
-
certificate:
215
-
description: Configuration for certificate management
216
-
type: object
217
-
required:
218
-
- serviceCertValidityDuration
219
-
- certKeyBitSize
220
-
properties:
221
-
serviceCertValidityDuration:
222
-
description: Sets the service certificate validity duration, represented as a sequence of decimal numbers each with optional fraction and a unit suffix.
223
-
type: string
224
-
certKeyBitSize:
225
-
description: Sets the certificate key bit size for data plane certificates.
226
-
type: integer
227
-
ingressGateway:
228
-
description: Configuration for the ingress gateway's certificate
229
-
type: object
230
-
required:
231
-
- subjectAltNames
232
-
- validityDuration
233
-
- secret
234
-
properties:
235
-
subjectAltNames:
236
-
description: Subject Alternative Names secured by the certificate
237
-
type: array
238
-
items:
239
-
type: string
240
-
minItems: 1
241
-
validityDuration:
242
-
description: Certificate validity duration, represented as a sequence of decimal numbers each with optional fraction and a unit suffix
243
-
type: string
244
-
secret:
245
-
description: Secret reference to store the certificate in
0 commit comments