maistra.io/api/core/v2
ProxyConfig configures the default sidecar behavior for workloads.
| Name | Description | Type |
|---|---|---|
accessLogging |
AccessLogging configures access logging for proxies. |
|
adminPort |
AdminPort configures the admin port exposed by the sidecar. maps to defaultConfig.proxyAdminPort, defaults to 15000 XXX: currently not configurable in charts |
integer |
concurrency |
Concurrency configures the number of threads that should be run by the sidecar. .Values.global.proxy.concurrency, maps to defaultConfig.concurrency XXX: removed in 1.7 XXX: this is defaulted to 2 in our values.yaml, but should probably be 0 |
integer |
envoyMetricsService |
EnvoyMetricsService configures reporting of Envoy metrics to an external service. .Values.global.proxy.envoyMetricsService |
|
injection |
Injection is used to customize sidecar injection for the mesh. |
|
logging |
Logging configures logging for the sidecar. e.g. .Values.global.proxy.logLevel |
|
networking |
Networking represents network settings to be configured for the sidecars. |
|
runtime |
Runtime is used to customize runtime configuration for the sidecar container. |
maistra.io/api/core/v2
ProxyAccessLoggingConfig configures access logging for proxies. Multiple access logs can be configured.
| Name | Description | Type |
|---|---|---|
envoyService |
File configures access logging to an envoy service .Values.global.proxy.envoyAccessLogService |
|
file |
File configures access logging to the file system |
maistra.io/api/core/v2
ProxyEnvoyServiceConfig configures reporting to an external Envoy service.
| Name | Description | Type |
|---|---|---|
enabled |
Enabled specifies whether or not this feature is enabled |
boolean |
address |
Address of the service specified as host:port. .Values.global.proxy.(envoyAccessLogService |
envoyMetricsService).host .Values.global.proxy.(envoyAccessLogService |
envoyMetricsService).port |
string |
tcpKeepalive |
TCPKeepalive configures keepalive settings to use when connecting to the service. .Values.global.proxy.(envoyAccessLogService |
envoyMetricsService).tcpKeepalive |
|
tlsSettings |
TLSSettings configures TLS settings to use when connecting to the service. .Values.global.proxy.(envoyAccessLogService |
envoyMetricsService).tlsSettings |
maistra.io/api/core/v2
EnvoyServiceTCPKeepalive configures keepalive settings for the Envoy service. Provides the same interface as networking.v1alpha3.istio.io, ConnectionPoolSettings_TCPSettings_TcpKeepalive
| Name | Description | Type |
|---|---|---|
interval |
Interval represents the interval between probes. |
string |
probes |
Probes represents the number of successive probe failures after which the connection should be considered "dead." |
integer |
time |
Time represents the length of idle time that must elapse before a probe is sent. |
string |
maistra.io/api/core/v2
EnvoyServiceClientTLSSettings configures TLS settings for the Envoy service. Provides the same interface as networking.v1alpha3.istio.io, ClientTLSSettings
| Name | Description | Type |
|---|---|---|
caCertificates |
CACertificates represents the file name containing the root certificates for the CA, e.g. /etc/istio/als/root-cert.pem |
string |
clientCertificate |
ClientCertificate represents the file name containing the client certificate to show to the Envoy service, e.g. /etc/istio/als/cert-chain.pem |
string |
mode |
Mode represents the TLS mode to apply to the connection. The following values are supported: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL |
string |
privateKey |
PrivateKey represents the file name containing the private key used by the client, e.g. /etc/istio/als/key.pem |
string |
sni |
SNIHost represents the host name presented to the server during TLS handshake, e.g. als.somedomain |
string |
subjectAltNames |
SubjectAltNames represents the list of alternative names that may be used to verify the servers identity, e.g. [als.someotherdomain] |
[]string |
maistra.io/api/core/v2
ProxyFileAccessLogConfig configures details related to file access log
| Name | Description | Type |
|---|---|---|
encoding |
Encoding to use when writing access log entries. Currently, JSON or TEXT may be specified. .Values.global.proxy.accessLogEncoding |
string |
format |
Format to use when writing access log entries. .Values.global.proxy.accessLogFormat |
string |
name |
Name is the name of the file to which access log entries will be written. If Name is not specified, no log entries will be written to a file. .Values.global.proxy.accessLogFile |
string |
maistra.io/api/core/v2
ProxyInjectionConfig configures sidecar injection for the mesh.
| Name | Description | Type |
|---|---|---|
alwaysInjectSelector |
AlwaysInjectSelector allows specification of a label selector that when matched will always inject a sidecar into the pod. .Values.sidecarInjectorWebhook.alwaysInjectSelector |
|
autoInject |
AutoInject configures automatic injection of sidecar proxies .Values.global.proxy.autoInject .Values.sidecarInjectorWebhook.enableNamespacesByDefault |
boolean |
injectedAnnotations |
InjectedAnnotations allows specification of additional annotations to be added to pods that have sidecars injected in them. .Values.sidecarInjectorWebhook.injectedAnnotations |
map[string]string |
neverInjectSelector |
NeverInjectSelector allows specification of a label selector that when matched will never inject a sidecar into the pod. This takes precendence over AlwaysInjectSelector. .Values.sidecarInjectorWebhook.neverInjectSelector |
maistra.io/api/core/v2
ProxyLoggingConfig configures logging for a component
| Name | Description | Type |
|---|---|---|
componentLevels |
ComponentLevels configures log level for specific envoy components .Values.global.proxy.componentLogLevel, overridden by sidecar.istio.io/componentLogLevel map of <component>:<level> |
|
level |
Level the log level .Values.global.proxy.logLevel, overridden by sidecar.istio.io/logLevel |
maistra.io/api/core/v2
ComponentLogLevels represent various logging levels, e.g. trace, debug, etc.
Type: map[string]LogLevel
maistra.io/api/core/v2
ProxyNetworkingConfig is used to configure networking aspects of the sidecar.
| Name | Description | Type |
|---|---|---|
clusterDomain |
ClusterDomain represents the domain for the cluster, defaults to cluster.local .Values.global.proxy.clusterDomain |
string |
connectionTimeout |
maps to meshConfig.defaultConfig.connectionTimeout, defaults to 10s XXX: currently not exposed through values.yaml |
string |
dns |
DNS configures aspects of the sidecar’s usage of DNS |
|
initialization |
Initialization is used to specify how the pod’s networking through the proxy is initialized. This configures the use of CNI or an init container. |
|
maxConnectionAge |
MaxConnectionAge limits how long a sidecar can be connected to pilot. This may be used to balance load across pilot instances, at the cost of system churn. .Values.pilot.keepaliveMaxServerConnectionAge |
string |
protocol |
Protocol configures how the sidecar works with applicaiton protocols. |
|
trafficControl |
TrafficControl configures what network traffic is routed through the proxy. |
maistra.io/api/core/v2
ProxyDNSConfig is used to configure aspects of the sidecar’s DNS usage.
| Name | Description | Type |
|---|---|---|
refreshRate |
RefreshRate configures the DNS refresh rate for Envoy cluster of type STRICT_DNS This must be given it terms of seconds. For example, 300s is valid but 5m is invalid. .Values.global.proxy.dnsRefreshRate, default 300s |
string |
searchSuffixes |
SearchSuffixes are additional search suffixes to be used when resolving names. .Values.global.podDNSSearchNamespaces Custom DNS config for the pod to resolve names of services in other clusters. Use this to add additional search domains, and other settings. see https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#dns-config This does not apply to gateway pods as they typically need a different set of DNS settings than the normal application pods (e.g., in multicluster scenarios). NOTE: If using templates, follow the pattern in the commented example below. podDNSSearchNamespaces: - global - "{{ valueOrDefault .DeploymentMeta.Namespace \"default\" }}.global" |
[]string |
maistra.io/api/core/v2
ProxyNetworkInitConfig is used to configure how the pod’s networking through the proxy is initialized.
| Name | Description | Type |
|---|---|---|
initContainer |
InitContainer configures the use of a pod init container for initializing the pod’s networking. istio_cni.enabled = false, if InitContainer is used |
|
type |
Type of the network initialization implementation. |
maistra.io/api/core/v2
ProxyInitContainerConfig configures execution aspects for the init container
| Name | Description | Type |
|---|---|---|
runtime |
Runtime configures customization of the init container (e.g. resources) |
maistra.io/api/core/v2
ContainerConfig to be applied to containers in a pod, in a deployment
| Name | Description | Type |
|---|---|---|
imagePullPolicy |
||
imagePullSecrets |
||
imageRegistry |
string |
|
imageTag |
string |
|
resources |
||
env |
map[string]string |
|
imageName |
string |
maistra.io/api/core/v2
ProxyNetworkInitType represents the type of initializer to use for network initialization
Type: string
maistra.io/api/core/v2
ProxyNetworkProtocolConfig configures the sidecar’s protocol handling.
| Name | Description | Type |
|---|---|---|
autoDetect |
AutoDetect configures automatic detection of connection protocols. |
maistra.io/api/core/v2
ProxyNetworkAutoProtocolDetectionConfig configures automatic protocol detection for the proxies.
| Name | Description | Type |
|---|---|---|
inbound |
EnableInboundSniffing enables protocol sniffing on inbound traffic. .Values.pilot.enableProtocolSniffingForInbound only supported for v1.1 |
boolean |
outbound |
EnableOutboundSniffing enables protocol sniffing on outbound traffic. .Values.pilot.enableProtocolSniffingForOutbound only supported for v1.1 |
boolean |
timeout |
DetectionTimeout specifies how much time the sidecar will spend determining the protocol being used for the connection before reverting to raw TCP. .Values.global.proxy.protocolDetectionTimeout, maps to protocolDetectionTimeout |
string |
maistra.io/api/core/v2
ProxyTrafficControlConfig configures what and how traffic is routed through the sidecar.
| Name | Description | Type |
|---|---|---|
inbound |
Inbound configures what inbound traffic is routed through the sidecar traffic.sidecar.istio.io/includeInboundPorts defaults to * (all ports) |
|
outbound |
Outbound configures what outbound traffic is routed through the sidecar. |
maistra.io/api/core/v2
ProxyInboundTrafficControlConfig configures what inbound traffic is routed through the sidecar.
| Name | Description | Type |
|---|---|---|
excludedPorts |
ExcludedPorts to be routed around the sidecar. .Values.global.proxy.excludeInboundPorts, defaults to empty list, overridden by traffic.sidecar.istio.io/excludeInboundPorts |
[]integer |
includedPorts |
IncludedPorts to be routed through the sidecar. * or comma separated list of integers .Values.global.proxy.includeInboundPorts, defaults to * (all ports), overridden by traffic.sidecar.istio.io/includeInboundPorts |
[]string |
interceptionMode |
InterceptionMode specifies how traffic is directed through the sidecar. maps to meshConfig.defaultConfig.interceptionMode, overridden by sidecar.istio.io/interceptionMode XXX: currently not configurable through values.yaml |
maistra.io/api/core/v2
ProxyNetworkInterceptionMode represents the InterceptMode types.
Type: string
maistra.io/api/core/v2
ProxyOutboundTrafficControlConfig configure what outbound traffic is routed through the sidecar
| Name | Description | Type |
|---|---|---|
excludedIPRanges |
ExcludedIPRanges specifies which outbound IP ranges should not be routed through the sidecar. .Values.global.proxy.excludeIPRanges, overridden by traffic.sidecar.istio.io/excludeOutboundIPRanges * or comma separated list of CIDR |
[]string |
excludedPorts |
ExcludedPorts specifies which outbound ports should not be routed through the sidecar. .Values.global.proxy.excludeOutboundPorts, overridden by traffic.sidecar.istio.io/excludeOutboundPorts comma separated list of integers |
[]integer |
includedIPRanges |
IncludedIPRanges specifies which outbound IP ranges should be routed through the sidecar. .Values.global.proxy.includeIPRanges, overridden by traffic.sidecar.istio.io/includeOutboundIPRanges * or comma separated list of CIDR |
[]string |
policy |
Policy specifies what outbound traffic is allowed through the sidecar. .Values.global.outboundTrafficPolicy.mode |
maistra.io/api/core/v2
ProxyOutboundTrafficPolicy represents the outbound traffic policy type.
Type: string
maistra.io/api/core/v2
ProxyRuntimeConfig customizes the runtime parameters of the sidecar container.
| Name | Description | Type |
|---|---|---|
container |
Container configures the sidecar container. |
|
readiness |
Readiness configures the readiness probe behavior for the injected pod. |
maistra.io/api/core/v2
ProxyReadinessConfig configures the readiness probe for the sidecar.
| Name | Description | Type |
|---|---|---|
failureThreshold |
FailureThreshold represents the number of consecutive failures before the container is marked as not ready. .Values.global.proxy.readinessFailureThreshold, overridden by readiness.status.sidecar.istio.io/failureThreshold, defaults to 30 |
integer |
initialDelaySeconds |
InitialDelaySeconds specifies the initial delay for the readiness probe .Values.global.proxy.readinessInitialDelaySeconds, overridden by readiness.status.sidecar.istio.io/initialDelaySeconds, defaults to 1 |
integer |
periodSeconds |
PeriodSeconds specifies the period over which the probe is checked. .Values.global.proxy.readinessPeriodSeconds, overridden by readiness.status.sidecar.istio.io/periodSeconds, defaults to 2 |
integer |
rewriteApplicationProbes |
RewriteApplicationProbes specifies whether or not the injector should rewrite application container probes to be routed through the sidecar. .Values.sidecarInjectorWebhook.rewriteAppHTTPProbe, defaults to false rewrite probes for application pods to route through sidecar |
boolean |
statusPort |
StatusPort specifies the port number to be used for status. .Values.global.proxy.statusPort, overridden by status.sidecar.istio.io/port, defaults to 15020 Default port for Pilot agent health checks. A value of 0 will disable health checking. XXX: this has no affect on which port is actually used for status. |
integer |