Packages:
config.openservicemesh.io/v1alpha1
Package v1alpha1 is the v1alpha1 version of the API.
Resource Types:CertificateSpec
(Appears on:MeshConfigSpec)
CertificateSpec is the type to reperesent OSM’s certificate management configuration.
Field | Description |
---|---|
serviceCertValidityDuration string |
ServiceCertValidityDuration defines the service certificate validity duration. |
certKeyBitSize int |
CertKeyBitSize defines the certicate key bit size. |
ingressGateway IngressGatewayCertSpec |
(Optional)
IngressGateway defines the certificate specification for an ingress gateway. |
ClusterSpec
(Appears on:MultiClusterServiceSpec)
ClusterSpec is the type used to represent a remote cluster in multicluster scenarios.
Field | Description |
---|---|
address string |
Address defines the remote IP address of the gateway |
name string |
Name defines the name of the remote cluster. |
weight int |
Weight defines the load balancing weight of the remote cluster |
priority int |
Priority defines the priority of the remote cluster in locality based load balancing |
ExternalAuthzSpec
(Appears on:TrafficSpec)
ExternalAuthzSpec is a type to represent external authorization configuration.
Field | Description |
---|---|
enable bool |
Enable defines a boolean indicating if the external authorization policy is to be enabled. |
address string |
Address defines the remote address of the external authorization endpoint. |
port uint16 |
Port defines the destination port of the remote external authorization endpoint. |
statPrefix string |
StatPrefix defines a prefix for the stats sink for this external authorization policy. |
timeout string |
Timeout defines the timeout in which a response from the external authorization endpoint. is expected to execute. |
failureModeAllow bool |
FailureModeAllow defines a boolean indicating if traffic should be allowed on a failure to get a response against the external authorization endpoint. |
FeatureFlags
(Appears on:MeshConfigSpec)
FeatureFlags is a type to represent OSM’s feature flags.
Field | Description |
---|---|
enableWASMStats bool |
EnableWASMStats defines if WASM Stats are enabled. |
enableEgressPolicy bool |
EnableEgressPolicy defines if OSM’s Egress policy is enabled. |
enableMulticlusterMode bool |
EnableMulticlusterMode defines if Multicluster mode is enabled. |
enableSnapshotCacheMode bool |
EnableSnapshotCacheMode defines if XDS server starts with snapshot cache. |
enableAsyncProxyServiceMapping bool |
EnableAsyncProxyServiceMapping defines if OSM will map proxies to services asynchronously. |
enableIngressBackendPolicy bool |
EnableIngressBackendPolicy defines if OSM will use the IngressBackend API to allow ingress traffic to service mesh backends. |
enableEnvoyActiveHealthChecks bool |
EnableEnvoyActiveHealthChecks defines if OSM will Envoy active health checks between services allowed to communicate. |
enableRetryPolicy bool |
EnableRetryPolicy defines if retry policy is enabled. |
IngressGatewayCertSpec
(Appears on:CertificateSpec)
IngressGatewayCertSpec is the type to represent the certificate specification for an ingress gateway.
Field | Description |
---|---|
subjectAltNames []string |
SubjectAltNames defines the Subject Alternative Names (domain names and IP addresses) secured by the certificate. |
validityDuration string |
ValidityDuration defines the validity duration of the certificate. |
secret Kubernetes core/v1.SecretReference |
Secret defines the secret in which the certificate is stored. |
MeshConfig
MeshConfig is the type used to represent the mesh configuration.
Field | Description | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta |
(Optional)
Object’s metadata. Refer to the Kubernetes API documentation for the fields of themetadata field.
|
||||||||||
spec MeshConfigSpec |
(Optional)
Spec is the MeshConfig specification.
|
MeshConfigSpec
(Appears on:MeshConfig)
MeshConfigSpec is the spec for OSM’s configuration.
Field | Description |
---|---|
sidecar SidecarSpec |
Sidecar defines the configurations of the proxy sidecar in a mesh. |
traffic TrafficSpec |
Traffic defines the traffic management configurations for a mesh instance. |
observability ObservabilitySpec |
Observalility defines the observability configurations for a mesh instance. |
certificate CertificateSpec |
Certificate defines the certificate management configurations for a mesh instance. |
featureFlags FeatureFlags |
FeatureFlags defines the feature flags for a mesh instance. |
MultiClusterService
MultiClusterService is the type used to represent the multicluster configuration. MultiClusterService name needs to match the name of the service backing the pods in each cluster.
Field | Description | ||||||
---|---|---|---|---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta |
(Optional)
Object’s metadata. Refer to the Kubernetes API documentation for the fields of themetadata field.
|
||||||
spec MultiClusterServiceSpec |
Spec is the MultiClusterService specification.
|
MultiClusterServiceSpec
(Appears on:MultiClusterService)
MultiClusterServiceSpec is the type used to represent the multicluster service specification.
Field | Description |
---|---|
clusters []ClusterSpec |
ClusterSpec defines the configuration of other clusters |
serviceAccount string |
ServiceAccount represents the service account of the multicluster service. |
ports []PortSpec |
Ports is the list of ports exported by this service. |
ObservabilitySpec
(Appears on:MeshConfigSpec)
ObservabilitySpec is the type to represent OSM’s observability configurations.
Field | Description |
---|---|
osmLogLevel string |
OSMLogLevel defines the log level for OSM control plane logs. |
enableDebugServer bool |
EnableDebugServer defines if the debug endpoint on the OSM controller pod is enabled. |
tracing TracingSpec |
Tracing defines OSM’s tracing configuration. |
PortSpec
(Appears on:MultiClusterServiceSpec)
PortSpec contains information on service’s port.
Field | Description |
---|---|
Port uint32 |
The port that will be exposed by this service. |
Protocol string |
Protocol is The IP protocol for this port. Supports “TCP”, “UDP”, and “SCTP”. Default is TCP. |
SidecarSpec
(Appears on:MeshConfigSpec)
SidecarSpec is the type used to represent the specifications for the proxy sidecar.
Field | Description |
---|---|
enablePrivilegedInitContainer bool |
EnablePrivilegedInitContainer defines a boolean indicating whether the init container for a meshed pod should run as privileged. |
logLevel string |
LogLevel defines the logging level for the sidecar’s logs. Non developers should generally never set this value. In production environments the LogLevel should be set to error. |
envoyImage string |
EnvoyImage defines the container image used for the Envoy proxy sidecar. |
envoyWindowsImage string |
EnvoyWindowsImage defines the windows container image used for the Envoy proxy sidecar. |
initContainerImage string |
InitContainerImage defines the container image used for the init container injected to meshed pods. |
maxDataPlaneConnections int |
MaxDataPlaneConnections defines the maximum allowed data plane connections from a proxy sidecar to the OSM controller. |
configResyncInterval string |
ConfigResyncInterval defines the resync interval for regular proxy broadcast updates. |
resources Kubernetes core/v1.ResourceRequirements |
Resources defines the compute resources for the sidecar. |
TracingSpec
(Appears on:ObservabilitySpec)
TracingSpec is the type to represent OSM’s tracing configuration.
Field | Description |
---|---|
enable bool |
Enable defines a boolean indicating if the sidecars are enabled for tracing. |
port int16 |
Port defines the tracing collector’s port. |
address string |
Address defines the tracing collectio’s hostname. |
endpoint string |
Endpoint defines the API endpoint for tracing requests sent to the collector. |
TrafficSpec
(Appears on:MeshConfigSpec)
TrafficSpec is the type used to represent OSM’s traffic management configuration.
Field | Description |
---|---|
enableEgress bool |
EnableEgress defines a boolean indicating if mesh-wide Egress is enabled. |
outboundIPRangeExclusionList []string |
OutboundIPRangeExclusionList defines a global list of IP address ranges to exclude from outbound traffic interception by the sidecar proxy. |
outboundPortExclusionList []int |
OutboundPortExclusionList defines a global list of ports to exclude from outbound traffic interception by the sidecar proxy. |
inboundPortExclusionList []int |
InboundPortExclusionList defines a global list of ports to exclude from inbound traffic interception by the sidecar proxy. |
enablePermissiveTrafficPolicyMode bool |
EnablePermissiveTrafficPolicyMode defines a boolean indicating if permissive traffic policy mode is enabled mesh-wide. |
inboundExternalAuthorization ExternalAuthzSpec |
InboundExternalAuthorization defines a ruleset that, if enabled, will configure a remote external authorization endpoint for all inbound and ingress traffic in the mesh. |
Generated with gen-crd-api-reference-docs
on git commit 386d92a1
.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.